Security, Compliance, and Identity Fundamentals for Azure

What is Azure Active Directory?

AAD is Microsoft’s cloud-based identity and access management service.  It is used by organizations to enable their employees, guests, and others to sign in and access the resources they need. There are two such as:

  • Internal resources, such as apps on your corporate network and intranet, and cloud apps developed by your own organization.
  • External services, such as Microsoft Office 365, the Azure portal, and any SaaS applications used by your organization.

Azure AD also allows organizations to securely enable the use of personal devices, such as mobiles and tablets, and enable collaboration with business partners and customers.

Azure AD is available in four editions such as Free, Office 365 Apps, Premium P1, and Premium P2.

Azure Active Directory Free – The free version allows you to administer users and create groups, synchronize with on-premises Active Directory, create basic reports, configure self-service password changes for cloud users, and enable single sign-on across Azure, Microsoft 365, and many popular SaaS apps.

Office 365 Apps – The Office 365 Apps edition allows you to do everything included in the free version, plus self-service password reset for cloud users, and device write-back, which offers two-way synchronization between on-premises directories and Azure AD.

Azure Active Directory Premium P1 – The Premium P1 edition includes all the features in the free and Office 365 apps editions.

Azure Active Directory Premium P2 – The Premium P2 offers all the Premium P1 features, and Azure Active Directory Identity Protection to help provide risk-based Conditional Access to your apps and critical company data.

Four pillars of an identity infrastructure


If you want to more about it, then just drop an email to or contact the undersigned.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website:| Tumblr: | Medium:| Facebook:| Linkedin: | WordPress:

Azure vs AWS (Battle for the No.1 Spot)…!!

AWS vs Azure

Day in day out we talk about the cloud and the services provided by them. The market today is led by AWS followed by Azure and catching up are GCP (Google Cloud Platform).

There are around 160+ services provided by AWS and counts are adding up whereas in Azure the services are lesser than AWS but are also getting added up with time.

Let’s have a sneek peek at some of the important services by these market leaders:

AWS EC2 Vs Azure VM

AWS EC2 Instance Vs Azure VM Scale Sets

AWS S3 Vs Azure Blob Storage

AWS Lambda/Fargate Vs Azure Functions

AWS Beanstalk Vs Azure App Service

AWS SQS Vs Azure Queue Storage

AWS ELB (Elastic Load Balancer) Vs Azure Load Balancer

AWS VPN Vs Azure Virtual Network

AWS DynamoDB Vs Azure Cosmos DB

AWS Shield Vs Azure DDoS


AWS Red Shift Vs Azure Synapse Analytics

AWS Rekognition/Lex/Polly/Transcribe Vs Azure Cognitive Service

For more information on the above AWS services, click here

For more information on the above Azure services, click here

We at DocTooLss are certified by AWS & Azure certificates and day in & day out make ourselves well versed with the AWS & Azure ongoing cloud services.

We can even assist our clients in understanding the cloud & the services provided by them, so no need to go anywhere or pay a huge amount of money on online big educational institutions. Just drop an email to or contact the undersigned .


About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website:| Tumblr: | Medium:| Facebook:| Linkedin: | WordPress:

Let’s Dig Down in AWS…!!

EC2 by AWS

As we know that there are many services which are offered by AWS , lets pick few and try to understand their usage and utility it has for us:

AWS EC 2 (Virtual Servers on Cloud)

  • EC2 stands for Elastic Compute Cloud
  • It is one of the most famous offerings by AWS
  • It is a IaaS platform
  • It is basically renting of VMs
  • Storing data on Virtual Drives (EBS , ELB) and Distributing load across machines
  • Scaling of service using an auto-scaling group (ASG)

There are wide variety of Amazon EC2 Instance types comprise varying combinations of CPU, memory, storage, and networking capacity that gives you the flexibility to choose the appropriate mix of resources for your applications.

Each instance type includes one or more instance sizes, allow you to scale your resources either up or down and in or out to the requirements of your target workload.

Types of EC2 Instance Types

  • General Purpose
  • Memory Optimized
  • Compute Optimized
  • Accelerated Computing
  • Storage Optimized
InstancevCPU*CPU Credits / hourMem (GiB) StorageNetwork Performance
t2.micro161EBS-OnlyLow to Moderate
t2.small1122EBS-OnlyLow to Moderate
t2.medium2244EBS-OnlyLow to Moderate
t2.large2368EBS-OnlyLow to Moderate

T2 instances – General Purpose Instance

Source: AWS Website , for more information, click here

EC2 Purchase Options

  • On-Demand Instance
  • Reserved Instance, Convertible Instance and Scheduled Reserve Instance
  • Spot Instance
  • Dedicated Hosts and Dedicated Instance

For more information on these, contact the undersigned

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website:| Tumblr: | Medium:| Facebook:| Linkedin:

What is EC2 Image Builder?

EC2 Image Builder is a fully managed AWS service that makes it easier to automate the creation, management, and deployment of customized, secure, and up-to-date “golden” server images that are pre-installed and pre-configured with software and settings to meet specific IT standards.

The guided steps by EC2 Image Builder:

  • Provide starting artifacts
  • Add and remove software
  • Customize settings and scripts
  • Run selected tests
  • Distribute images to AWS Regions

Features of EC2 Image Builder

  1. Increase productivity and reduce operations for building compliant and up-to-date images
  2. Increase service uptime
  3. Raise the security bar for deployments
  4. Centralized enforcement and lineage tracking
  5. Simplified sharing of images across AWS accounts

For more information on these devices, click here

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website:| Tumblr: | Medium:| Facebook:| Linkedin:

What is CASB?

CASB stands for Cloud Access Security Breaker, which is a software tool that acts as a barrier between on-premises and a cloud provider’s infrastructure which can be a Azure, AWS , Google Cloud , IBM cloud etc.

The technology is needed to secure cloud services which are being adopted at a large pace by different organization’s. CASB vendors understand that for the protection of cloud services is different since the data is yours but stored in a systems that belong to someone else.

The benefits provided by CASB are:

  • Efficiently govern cloud data.
  • Ensure compliance.
  • Guard against threats.

There are different vendors of CASB such as Bitglass, Microsoft , Mcaffee, Symantec , Cisco , Forcepoint etc. More information about the vendors – click here.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: | Website:| Tumblr: | Medium:| Facebook:  | Linkedin:

What are the emerging Technologies Road Map for the year 2019-21..?

With the emerging outbreaks of the pandemic COVID19 the world has come to a standstill. Due to this, there has been a disconnect between cybersecurity executive and their organization’s security analysts.

There was a study done by the research giants Gartner who in consultation with the leaders have come up with the Road Map for the year 2019-21.

If we see the road map and concentrate on Cloud and CyberSecurity technologies:


As we go down the map we realize the four phases “Monitoring”, “In Planning” , In Pilot and “In Deployment” .

We at DocToolss have often talked about Endpoint Detection and Response (EDR) , Virtualized Firewalls. The terms which we will be further talking about in our future blogs would be Statis Application Security Testing (SAST), Threat Intelligence Services, Network Sandboxing, User and Entry Behaviour Analytics, Signature Endpoint Detection or Protection and Database Audit and Protection etc.

If we further drive deep in the Road map curves, we will find out about cloud technology though we haven’t talked about it much in our past blogs but will plan to do it in our future blogs.

Cloud Technology

As we go down the map we realize the four phases “Monitoring”, “In Planning” , In Pilot and “In Deployment” .

The PaaS technology which has been categorized under “In Deployment” phase has already been talked about in our past blogs, you can click here to know more.

Further technologies terms would be explained in our future blogs, or if there is anything which you want us to explain or to drive in, we will always be happy to hear from you.

The inputs for this blogs has been taken from Gartner website, for more information on this, click here.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: | Website:| Tumblr: | Medium:| Facebook:  | Linkedin:

What is Vulnerability Management?

Vulnerability management (VM) which is a program that consists of a variety of technologies that identify, evaluates, treats, and reports on security vulnerabilities in a system. There are tools that are used to identify Cyber Exposure risks across an entire organization, and aligns them with your operational goals and objectives.

In cyberseuirty terms there are some important good to know what vulnerabilities, threats, and exploits mean:

  • Cybersecurity Vulnerabilities. A vulnerability is a potential weakness in a security architecture that opens an organization or individual to cyberattacks.
  • Cybersecurity Threats. “Cybersecurity threat” refers to a combination of tools and methods involved in a cyberattack. These threats are not inherent to the network. Instead, they leverage vulnerabilities on the network.
  • Cybersecurity Exploits. Exploits are those when a cybersecurity threat is applied to a vulnerability to conduct some form of malicious activity. Impacts of these exploits may vary by threat and vulnerability type.

LifeCycle of VM

Find below the phases of the Vulnerability Management Lifecycle:

PHASE 1 – The Cloud Platform that provides multiple technologies, including scanner appliances, agents, sensors, and connectors to help you detect and discover both on-premise and cloud-based host assets.

PHASE 2 – The scanners, agents, sensors, and connectors work together to identify host assets throughout your entire enterprise architecture.

PHASE 3 – The primary objective of the assessment phase is to find vulnerabilities on the host assets in your VM subscription.

PHASE 4 – Regardless of the data collection techniques you use, all findings are securely stored in the Cloud Platform, where reporting tools and features allow you to identify the vulnerabilities that pose the greatest risk to your organization, and share these findings with your patch and operational teams.

PHASE 5 – The remediation tools and features built-in to the VM application, will help you to prioritize detected vulnerabilities and identify the vulnerabilities that have been successfully mitigated.

PHASE 6 – Verify any vulnerabilities that have been patched or fixed. This task is performed automatically every time a scanner appliance, agent or sensor provides new assessment data to the Cloud Platform.

Note: The above information on VM lifecycle has been taken from Qualys Training sites, for more information , please click here.

To know more about VM or its best practices please connect with us below.

We make Technology Eazy via Docs

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: | Website:| Tumblr: | Medium:| Facebook:  | Linkedin:

Let’s understand Microsoft Azure?

Azure from the family of Microsoft

Azure the cloud platform introduced by the software giants Microsoft. Azure the latest cloud platform among the others famous cloud platforms such as AWS (Amazon Web Services) and Google Cloud. Azure was launched a decade ago in the market.

Azure provides a wide variety of services to its users that can be used without purchasing and provisioning your own hardware. Azure provides solution and rapid development to its resources that may not be possible in an on-premises environment. To people who are new to understand the word on-premise meaning services available on your desktop not on the cloud.

Azure provides a variety of services in its kitty such as compute, storage, network, and application services that allow users to focus on building great solutions without the need to worry about how the physical infrastructure is assembled.

Rulers of Cloud

What are the building blocks of Azure?

Azure App Service and Web Apps that consist of Web Apps, Logic Apps, Mobile Apps, API Apps, and Function Apps.

Azure Services includes many services in its cloud computing platform such as:

Compute services – This includes the Azure Virtual Machines—both Linux and Windows, Cloud Services, App Services (Web Apps, Mobile Apps, Logic Apps, API Apps, and Function Apps), RemoteApp, Service Fabric, and the Azure Container Service.

Data services – This includes Microsoft Azure Storage (comprised of the Blob, Queue, Table, and Azure Files services), Azure SQL Database, DocumentDB, StorSimple, and the Redis Cache.

Application services – This includes services that you can use to help build and operate your applications, such as Azure Active Directory (Azure AD), Service Bus for connecting distributed systems, HDInsight for processing big data, Azure Scheduler, and Azure Media Services.

Network services – This includes Virtual Networks, ExpressRoute, Azure DNS, Azure Traffic Manager, and the Azure Content Delivery Network.

These are the following cloud offerings classified in three categories :

  • SaaS
  • PaaS
  • IaaS

For more information on the above cloud offerings, please check our earlier blog “Similarities between Cloud Computing and Pizza“.

We will keep adding more information to our blogs time to time in the meantime if you need to contact us for any business services, please contact below or click here to check our website for any services.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: | Website: | Facebook:

Cyber Crime on a Roll, CyberSecurity still catching up..!!

Cyber Attack

Not a week ago that we don’t hear about a breach or identify theft, there are security devices such as Firewalls, Switches, Routers, NIDS/NIPS, VPN concentrator, SIEM, DLP, NAC, SSL/TLS accelerator, Proxy, Load Balancers, Wireless Access points, bridges , Mail/Media Gateway , Hardware Security Modules which are used to either block the threats or delay it.


Routers are used to connect the networks and operate at Layer 3 of the OSI model. A router stores information about network destinations. A border router is an outside connection of a LAN to an external WAN.

 Router Security

Access Control Lists (ACL): It is used to filter packets by source address, a destination address, protocol, or port.

Zones: Segmenting networks based on functionality or security.

Antispoofing: By creating access lists which can block access to private IP addresses and localhost ranges from the internet.


It connects devices with a computer network, by using packet switching to receive, process and forward data to the destination. It works on Layer 2/Layer 3 of the OSI model.

Packet-forwarding decisions are based on MAC (Media Access Control) 

Switch Security 

VLANs: Segment networks and limit broadcast traffic.

Port Security – Enable/Disable, individual switches ports based on MAC address.

  • It Provides Loop prevention
  • It ProvidesFlood Guard


It is a boundary device between internal and external networks 

It’s a device that acts on behalf of others and provides security, logging, and caching

  • Proxy Server – Blocks known malicious websites
  • Forward Proxy – Retrieves data on behalf of a client
  • Reverse Proxy – Protects access to a server on the internal network 
  • Transparent Proxy/inline/forged proxy/aka intercepting – A caching server that redirects client’s requests without modifying them to reduce bandwidth usage. 


What are FireWallSs?

These are the Network security system which monitors the incoming and outgoing network traffic based on predetermined security rules. 

For more information on Technologies/best practices.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: | Website: | Facebook:

Website Built with

Up ↑

Create your website with
Get started