AZ-900 Slides - 5th May

AZ-900 Exam Changes – 5th May 2022
The English language version of this exam was updated on January 25, 2022.
Before 5th May 2022 From 5th May 2022

➢ Describe cloud concepts (20-25%) ➢ Describe cloud concepts (25–30%)
➢ Describe core Azure services (15-20%) ➢ Describe Azure architecture and services (35–40%)
➢ Describe core solutions and management tools on Azure (10-15%) ➢ Describe Azure management and governance (30–35%)
➢ Describe general security and network security features (10-15%)
➢ Describe identity, governance, privacy, and compliance features (15-20%)
➢ Describe Azure cost management and Service Level Agreements (10-

15%)
AZ-900
Microsoft Azure Fundamentals
❖ 60+ Azure Services covered (600+ Azure Services)
❖ Approach:
✓ PPT/ concepts/ scenarios/ problems/ challenges/ solutions
✓ Learn by doing – lots of demos
❖ Course Goal:
✓ Prepare you for AZ-900 certification
✓ Prepare you to have a solid foundation of Azure Cloud Computing
❖ Study plan [2-5 days]
✓ Avoid Demos
✓ Just go through lessons, quizzes, summary and practice test
❖ Study plan [5-10 days] – Recommended
✓ Take full course, all lessons, demos, quizzes, summary and practice
tests.
✓ By the end of course you will get good confidence on Azure cloud.
❖ Intended Audience
✓ Anyone who wants to clear AZ-900 Certification
✓ Anyone who wants to start learning Azure Cloud
✓ Moving from other public cloud vendors.
❖ Prerequisite
✓ No other certification, or prior knowledge required.
❖ What includes?
✓ 15+ hrs. of content, 100% syllabus covered
✓ Practice test, quizzes, my notes, Imp links etc.
✓ PPT, Demo resources and other study material
✓ Full lifetime access
✓ Certificate of course completion
✓ 30-days Money-Back Guarantee

AZ- 900 Exam Info
Everything you need to know
❖ Exam Name: AZ-900: Microsoft Azure Fundamentals
❖ Exam official page:

❖ https://docs.microsoft.com/en-us/learn/certifications/exams/az-900
❖ Cost: 99 USD (India: ₹3696 INR - Price based on the country in which the exam is proctored)
❖ Level: Foundational (not an easy exam for newbies, lot to remember)

❖ We’ll start from scratch and will cover everything you need to know to clear exam
❖ Exam duration:
❖ Seat duration: 65 minutes
❖ Exam duration: 45 minutes
❖ Exam Sandbox -https://aka.ms/examdemo
❖ No of Questions: 40-60 questions
❖ Question types:
Exam Info ❖ Multiple choice, and Multiple response
❖ Drop down
❖ Drag & Drop
❖ Passing Score: 700/1000 (No negative marking)
❖ Language: English, Japanese, Chinese (Simplified), Korean, Spanish, German, French,

Indonesian (Indonesia), Arabic (Saudi Arabia), Chinese (Traditional), Italian, Portuguese (Brazil),
Russian
❖ Retirement date: none

Question types
➢ Based on Service functional knowledge

➢ What is this service used for?
➢ What service will you choose to execute a given functionality?
➢ No demo, code, or any tricky questions
➢ However, a distractor could be given as an option.
➢ 600 services are impractical to cover, and of course impossible for you
to remember.
➢ If you haven’t learnt about service in this course, most likely it is a
distractor and the wrong option.
➢ Be confident, if you take this course seriously you can easily get 900+ marks.
Exam Info
Udemy Tips
❖ Adjust your speed
❖ Transcript/Caption
❖ Video Quality
❖ Rating/Reviews is very important
❖ Udemy platform related issues - Please contact them directly

Udemy Tips
❖ Udemy account
❖ Billing
❖ Site issues
❖ Mobile app issues
❖ Certificate of completion
❖ Please contact Udemy support directly.

Getting Started with Cloud
➢ Why we need Cloud?
➢ What is Cloud Computing?
Learning Objectives ➢ Create Azure FREE Subscription
➢ Azure Portal overview
➢ Delete Resources and Set budget

Why we need?
Cloud Computing
Why we need Cloud Computing?
Datacenter in the past
X Core X Core X Core X Core X Core X Core

X GB Ram X GB Ram X GB Ram X GB Ram X GB Ram X GB Ram
X GB HDD X GB HDD X GB HDD X GB HDD X GB HDD X GB HDD
41 % Utilization 12 % Utilization 25 % Utilization 8 % Utilization 24 % Utilization 21 % Utilization

Virtualization
Virtual Machine Virtual Machine Virtual Machine
⮚ High upfront cost Application Application Application
⮚ Monthly expense even if not using

Operating System Operating System Operating System
⮚ Difficult to Scaling
Hardware (CPU, Memory, Disk) Hardware (CPU, Memory, Disk) Hardware (CPU, Memory, Disk)
⮚ Maintenance
Hypervisor
Hardware (CPU, Memory, Disk)
Virtualization
Introduction Cloud Computing
⮚ Pay only what you use ⮚ Pay only what you use
⮚ No plant maintenance ⮚ No Maintenance
⮚ Scaling ⮚ Scaling – Expand storage or compute

power
Cloud Computing
What is Cloud Computing
⮚ Cloud computing means Internet based Computing
⮚ Renting IT Resources
⮚ So, In simple terms, Cloud computing is on-demand

resources delivered to you over the internet.
⮚ Cloud Providers – Microsoft, AWS, Google
⮚ Example – Gmail, Netflix, Dropbox
⮚ Same resources shared by multiple clients
Cloud Infrastructure: Shared Resources

Create Azure Free Account
Azure Portal overview
Azure Portal
⮚ Web-based, graphical user interface (GUI) for controlling Microsoft Azure
⮚ Unified console that provides an alternative to command-line tools.
⮚ Build, manage, and monitor everything from simple web apps to complex cloud deployments.
⮚ Create custom dashboards for an organized view of resources.
⮚ Azure Marketplace helps connect users with Microsoft partners, independent software vendors, and startups that are
offering their solutions and services, which are optimized to run on Azure.
⮚ Continuous availability
⮚ Load from closest location
⮚ Continuously maintained behind the scene and requires no downtime.
22
Portal
23
Create Sample Service -
Storage
Set Budget
Set Budget and Delete Resources
⮚ FREE Subscription
⮚ Azure won't charge you for your free subscription.
⮚ Your FREE subscription and services are disabled once your credit runs out.
⮚ You must upgrade to continue using Azure services.
⮚ Paid subscription - VERY IMPORTANT
⮚ DELETE RESOURCES AFTER YOUR USE/DEMO

⮚ EVEN IF I DON’T TO TELL YOU AFTER DEMO
⮚ Set Alert - notify you when your spending reaches or exceeds the amount defined in the alert condition of the budget.
26
➢ Azure Advisor
▪ Provides recommendations to optimize your Azure deployments
▪ Reliability, security, performance, cost, operational excellence
Learning Outcome
➢ Azure Monitor
▪ Collect, Analyze, Visualize and take actions based on matric and logging data
➢ Azure Service Health
▪ keeps you informed about the current and upcoming issues at Azure side.
▪ Global view - status.azure.com
▪ Service Health - personalized view

Cloud fundamental concepts
➢ In this module, you will learn that how cloud computing will save your company time and money by migrating from your existing, on-premises,
physical hardware, to a cloud solution.
➢ You’ll also learn about the fundamental concepts of cloud computing, how Azure implements these concepts,
➢ High availability, Fault tolerance and Disaster recovery
➢ Scalability, Elasticity, and Agility
➢ CapEx vs OpEx
Learning Objectives
➢ Economic benefits of the cloud
➢ Consumption-based model
➢ Computing Models
➢ Categories of cloud services - SaaS vs PaaS vs IaaS
➢ Deployment Models
➢ Types of Cloud Computing - Public, Private and Hybrid
➢ Cloud Pricing Model

High availability, Fault tolerance and
Disaster recovery
Cloud Computing
Common Goal: HA, FT, DR
⮚ Goal: User continue to access application, even when things go wrong.
⮚ Common reasons for loss of availability
⮚ Network outage
⮚ Application failure
⮚ System outage
⮚ Power outage
⮚ Catastrophic disaster (Earthquakes, tsunamis, flood, tornado, etc.)

HA vs FT vs DR
Disaster Recovery
High Availability and Fault Tolerance
⮚ Protect against data center, server, network and storage subsystem failures to keep your business running without downtime.
⮚ Highly available systems are reliable in the sense that they continue operating even when critical components fail.
⮚ They are also resilient, meaning that they can simply handle failure without service disruption or data loss, and seamlessly recover from
such failure.
⮚ Azure provide high availability features such as redundancy, load balancing, auto-scaling and provisioning across Availability Zones (AZ),
representing isolated parts of an Azure data center.
High Availability
Service Level Agreement (SLA) guarantees a certain level of availability as a percentage

Scalability, Elasticity, and Agility
Benefits of using the cloud
Scalability
⮚ Resources cost money
▪ Charged for diskspace, CPU, memory, bandwidth
▪ Minimize cost by minimizing resources used
⮚ Resource needs change quickly

▪ Resource demand can fluctuate based on
o Particular day
o Time of day
o Increase in popularity
⮚ Scalable architectures provide the ability to grow your environment when this is needed (increase in number of
users, traffic throughput)
▪ Example: Workload increased as business expanded over a period of time
▪ Two types of Scalability:
o Vertical Scalability
o Horizontal Scalability
Vertical Scalability
Bachelor Master PhD POSTDOC

No experience Some experience Good experience Lot of experience
⮚ Increasing a capacity of current server: A larger hard drive, A faster CPU, More RAM, CPU, I/O, or networking capabilities
⮚ Has Limits
Horizontal Scalability
Bachelor
Bachelors
⮚ Deploying multiple instances of application/database

⮚ Increases availability
⮚ Horizontal Scaling needs additional infrastructure: Load Balancers, auto scaling group etc.
Scalability vs Elasticity
⮚ Scalable architectures provide the ability to grow your environment when this is needed (increase in number of users, traffic
throughput)
⮚ Example: Workload increased as business expanded over a period of time
⮚ Two types of Scalability:
⮚ Vertical Scalability
⮚ Horizontal Scalability
⮚ Elasticity: Ability to automatically expand or compressed the infrastructural resources on a sudden-up and down in the
requirement so that the workload can be managed efficiently.
⮚ Example: workload increases during festive season like Christmas.
Elasticity Scalability
⮚ Elasticity is used just to meet the sudden up and ⮚ Scalability is used to meet the static increase in the
down in the workload for a small period of time. workload.
⮚ Elasticity is used to meet dynamic changes, where ⮚ Scalability is always used to address the increase in
the resources need can increase or decrease. workload in an organization.
⮚ It is a short term planning and adopted just to deal ⮚ Scalability is a long term planning and adopted just
with an unexpected increase in demand or seasonal to deal with an expected increase in demand.
demands.
Agility
Agility: Rapidly deploy and configure cloud resources as your app's needs change.
• Speed and flexibility of scaling in the cloud
39
CapEx vs OpEx
Capital Expenditure (CapEx) vs Operational Expenditure (OpEx)
CapEx vs OpEx
Capital Expenditure (CapEx) Operational Expenditure (OpEx)
⮚ Upfront cost ⮚ Pay-as-you-go pricing
⮚ Spending money ahead on physical infrastructure and ⮚ There is no up-front cost, as you pay for a service or product as
then deducting that cost over time from your tax bill. you use it.
⮚ Example: Deploying your own data center ⮚ Pros: Demand and growth may be unexpected and exceed
⮚ Server, Storage , Network , Backup and archive , estimates, posing a capex issue.
Disaster recovery, Datacenter infrastructure

⮚ Example: Cloud Services
⮚ Summary: CapEx requires significant up-front financial

⮚ Summary: OpEx is a consumption-based model, so company is
costs, as well as ongoing maintenance and support

only responsible for the cost of the computing resources that it
expenditures.
uses.
41
Benefits of the cloud computing
New Startup
➢ Launching a new professional social network
➢ At launch, the focus will be on the United States.
➢ If the launch is a success, the company intends to expand globally.

Traditional Data Center Challenges
➢ Large up-front investment
➢ Forecast Infrastructure needs
➢ Took 5 months to setup there server
➢ Suddenly become popular

▪ lot of users, experiencing latency
▪ Scaling will need further few months of effort
▪ Security and Compliance burden
➢ Less Load during off season

▪ Now, difficult to scale down
▪ Maintenance cost still going on
➢ Plan to Expand Globally

▪ Same challenges again
44
Cloud Computing Benfits
Advantages of Cloud Computing
Traditional Data Center Challenges
➢ Trade capital expense for variable expense
➢ Large up-front investment
▪ No Initial investment
➢ Forecast Infrastructure needs ▪ Pay only for how much you use – do not own hardware
➢ Took 5 months to setup there server ➢ Stop guessing capacity

▪ You can access as much or as little capacity as you need,
➢ Suddenly become popular
and scale up or down in minutes.
▪ lot of users, experiencing latency
▪ Scaling will need further few months of effort ➢ Increase speed and agility
▪ Security and Compliance burden ▪ New IT resources are only a click away
▪ Reduce resource deployment time from weeks to
➢ Less Load during off season
minutes.
▪ Now, difficult to scale down
▪ Maintenance cost still going on ➢ Benefit from massive economies of scale
▪ AWS can aggregate usage from hundreds of thousands
➢ Plan to Expand Globally
of customers, they can lower pay-per-use prices.
➢ Same challenges again
➢ Stop spending money running and maintaining data centers
➢ Go global in minutes: In just a few clicks, you can easily deploy

your application to multiple regions worldwide.
45
Consumption-based model
pay-as-you-go model
Consumption-based model vs fixed cost model
⮚ Cloud pricing model in which clients are only pay for the resources they utilize.
⮚ There are no upfront fees.
⮚ No need to buy and maintain expensive infrastructure
⮚ Pay just for what you need.
⮚ When you don’t need, don’t have to pay
47
Computing Models
Categories of cloud services - SaaS vs PaaS vs IaaS
SaaS vs PaaS vs LaaS
Shared responsibility Model
Who owns the workload responsibility?
Shared responsibility in the cloud
Workload responsibilities vary depending on whether the workload is hosted on SaaS, PaaS, IaaS or on-premises datacenter
https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
Deployment Models
Types of Cloud Computing - Public, Private and Hybrid
Cloud Deployment Models
VS. VS.
Hybrid Cloud
Private Cloud
Public Cloud
Public Cloud Private Cloud Hybrid Cloud
⮚ Cloud resources are those that are owned ⮚ Cloud services that are utilized by a
⮚ Combination of public and private
and managed by a third-party cloud particular organization and are not
cloud with automation and
service provider and are provided through accessible to the general public.
orchestration between the two
the Internet. ⮚ Advantages
⮚ Advantages: Use your own equipment
⮚ Advantages ⮚ No Legal obligation
to meet security, compliance, or
⮚ No Maintenance ⮚ Control
legacy scenarios
⮚ Near unlimited scalability ⮚ Strict security and compliance
⮚ Disadvantages
⮚ High reliability ⮚ Disadvantages
⮚ Expensive
⮚ Disadvantages ⮚ Infrastructure cost
⮚ Complicated
⮚ Less control ⮚ Difficult to elasticity
⮚ IT Skills ⮚ Use case scenario
⮚ Use case scenario
⮚ Medical data can’t expose to
⮚ Deploy website quickly ⮚ Use case scenario
public.
⮚ Focus on development ⮚ Government policy requires
⮚ Application runs on old
specific data to be kept in-
hardware.
country
Cloud Pricing Models
Factors that affect cost
Traditional Data Center Cost Cloud Computing Cost
➢ Upfront Hardware cost ➢ Can we save money?
➢ Building, electricity, cooling, Internet ➢ Yes, but It’s not straight forward
➢ Employees to maintain infrastructure ➢ Bill could depends on multiple metrics for each service
➢ Software/Application licenses ➢ Example: “Storage Service” pricing depends on:

➢ Volume of data stored per month.
➢ And so on…
➢ Quantity and types of operations performed
➢ Data transfer costs.
➢ Data redundancy/backups
➢ Example “VM” Pricing depends on:

➢ Overall CPU time
➢ Time spent with a public IP address
➢ Incoming (ingress) and outgoing (egress) network traffic in and
out of the VM
➢ Disk size and amount of disk read and disk write operations
60
➢ Virtual Network
➢ Azure Policy
➢ Azure Active Directory
➢ Azure Migrate
Always FREE ➢ Azure Open Datasets
➢ Azure Lighthouse
➢ Azure Private Link
➢ Azure Data Catalog
➢ Azure Service Fabric
61
➢ Charge based on time you use a particular service
➢ Other imp parameters like performance tiers and other configurations
➢ Examples:
➢ Virtual Machine
Pay: Time ➢ App Services
➢ SQL Database
➢ Load Balancer
62
➢ Database Storage
Pay: GB ➢ Storage Service
➢ Network traffic (between regions)
63
➢ Charges based on number of operation
Pay: Operations ➢ Example: Cost per million operation
➢ Storage services (read, write or delete operations)
➢ Cosmos DB
64
➢ Serverless offerings
Pay: Execution ➢ Charges only when you use, per execution
➢ Azure Function
➢ Serverless Database
➢ Logic Apps
65
➢ Example: Azure Active Directory Premium tier
Pay: Other metrics ▪ Charge based on number of user licenses
66
➢ Regions/Locations
➢ How you purchase service
➢ Through an Enterprise Agreement
Other Parameters ➢ Directly from the web
➢ Through a Cloud Solution Provider
➢ Support options
➢ Programs and offers
➢ And so on….
67
Benefits of Cloud Computing
High availability: Provide a continuous user experience with no apparent downtime
Scalability: Apps in the cloud can scale vertically and horizontally:

• Vertically expand a virtual machine's computing capability by adding RAM or CPUs.
• Horizontal scaling improves computing capacity by increasing instances of resources, such as VMs.
Elasticity: Cloud-based applications may be configured to use autoscaling, ensuring they always have enough resources.
Agility: Rapidly deploy and configure cloud resources as your app's needs change.
Geo-distribution: Global geo-distribution of applications and data ensures that consumers get the optimum performance in their area.
Disaster recovery: Cloud-based backup services, data replication, and geo-distribution allow you to deploy applications with assurance that
your data will be secure in the event of a disaster.
68
➢ High availability, Fault tolerance and Disaster recovery
➢ Scalability, Elasticity, and Agility
➢ CapEx vs OpEx
➢ Capital Expenditure (CapEx) - Upfront cost
➢ Operational Expenditure (OpEx) - Pay-as-you-go pricing
➢ Economic benefits of the cloud
Learning Outcome ➢ Consumption-based model
➢ Computing Models - Categories of cloud services
➢ Software as a service (SaaS)
➢ Platform as a service (PaaS)
➢ Infrastructure as a service (IaaS)
➢ Deployment Models
➢ Types of Cloud Computing - Public, Private and Hybrid
➢ Cloud Pricing Model

Azure Architectural Components
➢ In this module, you'll learn about several of the components that are necessary to successfully deploy resources on Azure.
➢ Data Centers, Regions, Region pairs
➢ Availability Zones
Learning Objectives
➢ Resource Groups
➢ Azure Resource Manager (ARM)
➢ Subscription
➢ Management Groups
Azure Global Infrastructure
Data Centers, Regions, Region pairs
Regions
⮚ Region, which is a physical location
around the world where we cluster data
centers.
⮚ Azure has more global regions than any

other cloud provider.
⮚ Better scalability and redundancy
⮚ Preserve data residency

⮚ Low Latency
⮚ Global Footprint
⮚ High Availability
⮚ How to choose region?

⮚ Compliance
⮚ Proximity
⮚ Available services
⮚ Pricing
Azure region pairs
⮚ Each Azure region is always paired with another region within the same
geography
⮚ Data centers are usually 300+ miles apart
⮚ Automatic replication and failover for some azure services.
⮚ Additional advantages of region pairs:

⮚ If an extensive Azure outage occurs, one region out of every pair
is prioritized to make sure at least one is restored as quickly as
possible for applications hosted in that region pair.
⮚ Planned Azure updates are rolled out to paired regions one
region at a time to minimize downtime and risk of application
outage.
⮚ Data continues to reside within the same geography as its pair.
Azure Global Infrastructure
Availability Zones
Regions
Availability Zones
⮚ Region represents a separate geographic area.
⮚ Availability zone is a set of discrete data centers.
⮚ Availability zone is set up to be an isolation

boundary. If one zone goes down, the other
continues working.
⮚ Each availability zone has independent power,

cooling and networking.
⮚ Availability zones are connected via high

bandwidth, ultra-low latency networking
High-speed, private ⮚ AZs are physically separated by several

fiber-optic networks kilometers, while being within 100 km (60 miles)
of one each.
⮚ All AZ traffic is encrypted.
⮚ Not every region has support for availability

zones.
Resource Groups
Logical container for resources
Organizing structure for resources
⮚ Resources: Resources are instances of services that
you create, like virtual machines, storage, or SQL
databases.
⮚ Resource groups: Resources are combined into

resource groups, which act as a logical container into
which Azure resources like web apps, databases, and
storage accounts are deployed and managed.
⮚ Subscriptions: A subscription groups together user

accounts and the resources that have been created by
those user accounts. For each subscription, there are
limits or quotas on the amount of resources that you
can create and use. Organizations can use
subscriptions to manage costs and the resources that
are created by users, teams, or projects.
⮚ Management groups: These groups help you manage

access, policy, and compliance for multiple
subscriptions. All subscriptions in a management group
automatically inherit the conditions applied to the
management group.
Resource Groups
⮚ Resources: are anything you create in an Azure subscription like VMs, Azure Application Gateway instances, and Azure Cosmos DB
instances.
⮚ Resource group is a logical container which help manage and organize your Azure resources.
⮚ For example similar usage, type, or location
⮚ Each resource can exist in only one resource group.
⮚ You can move a resource from one resource group to another group.
⮚ Resource groups can't be nested.
⮚ The resources in a resource group can be located in different regions than the resource group.
⮚ Resource group created at location – to store metadata.
⮚ A resource group can be used to scope access control for administrative actions. To manage a resource group, you can assign Azure
Policies, Azure roles, or resource locks.
⮚ You can apply locks to a resource group or subscription to prevent deletion or make contained resources read-only. You can
also apply locks directly to a resource.
⮚ You can apply tags to a resource group. The resources in the resource group don't inherit those tags.
⮚ Life cycle: When you delete a resource group, all resources in the resource group are also deleted.
⮚ To create a resource group, you can use the portal, PowerShell, Azure CLI, or an ARM template.
Azure Resource Manager
Deployment and management service for Azure
Azure Resource Manager (ARM)
⮚ Atomate resource deployments (create, update, and delete) using

templates.
⮚ ARM template is a JSON file that defines what you want to deploy to Azure.
⮚ Integrates with Azure portal, PowerShell, CLI, and REST API to perform
deployment and management tasks.
⮚ Easy way to deploy multiple resource instances or reliably redeploy

resources.
⮚ ARM template can be used to deploy the resources consistently and

repeatedly.
⮚ Define the dependencies between resources so they're deployed in the

correct order.
Subscription
How you are billed for resource usage
Subscriptions
⮚ Using Azure requires an Azure subscription.
⮚ An Azure subscription is a logical unit of Azure services that links to an Azure account. It also allows you to provision resources.
⮚ A subscription provides you with authenticated and authorized access to Azure products and services.
⮚ Azure generates separate billing reports and invoices for each subscription
⮚ Two types of subscription boundaries
⮚ Billing boundary
⮚ Access control boundary
⮚ You can create separate subscription based on:
⮚ Environment: development and testing, security, or to isolate data for compliance reasons
⮚ Organizational structures: IT, HR, Admin and so on
⮚ Billing: manage and track costs based on your needs, for example – Production, Test and Dev
⮚ Different types of Subscription:
⮚ FREE: An email address and a credit card are required to sign up for a free trial subscription that provides $200 credit for the first 30
days and 12 months of restricted access.
⮚ Pay-Per-Use: Charges monthly based on Cloud resource use.
⮚ Enterprise: A single Enterprise agreement is established for large subscription purchases, including savings for new licenses and
Software Assurance.
⮚ Student: This membership includes $100 for 12 months and may be activated without a credit card.
Ref: https://docs.microsoft.com/en-us/learn/modules/azure-architecture-fundamentals/management-groups-subscriptions
Management Groups
Organize multiple subscriptions as a single management entity
Management groups
⮚ Management groups let you organize multiple subscriptions as a

single management entity to facilitate easier management.
⮚ You can create managements groups in a hierarchical structure

with the top level of the hierarchy at the tenant level and
containing all subscriptions in that tenant.
⮚ Any conditions applied to a management group apply to all

subscriptions contained in that management group object.
⮚ Each management group and subscription can support only one

parent.
⮚ Each management group can have many children.
⮚ The root management group can't be moved or deleted, unlike

other management groups.
Azure Sovereign Regions
➢ Different from Public Cloud
➢ Specific regions of azure that were created to meet high security and other regulatory and compliance requirements for specific markets
➢ Azure Government (Only for US government)
➢ Azure China
Azure Government
⮚ Specially Designed for US government
⮚ Azure Government is operated directly by Microsoft.
⮚ Separate Instance (https://portal.azure.us)
⮚ Portal experience is same
⮚ Physically Isolated Datacenters
⮚ Authorized personal only can access services and infrastructure
⮚ Azure Government customers that are eligible to use Azure

Government cloud are:
⮚ US federal state
⮚ State or local government agencies or their partners
⮚ Azure Government is not available for public use.

Azure China
⮚ Azure China is designed for organizations doing business in China that need to meet
Chinese regulations.
⮚ Microsoft is not physically running services in China
⮚ Azure China is controlled by a Chinese data trustee (21Vianet).
⮚ Azure China is a physically isolated
⮚ Separate instance (https://portal.azure.cn)
⮚ All data and related systems physically reside in China.

➢ Data Centers, Regions, Region pairs
▪ Regions - physical location around the world where we cluster data centers.
▪ Availability zone is a set of discrete data centers
▪ Each availability zone has independent power, cooling and networking.
➢ Resource Groups
Learning Outcome ▪ Resource group is a logical container which help manage and organize your Azure resources.
▪ ARM template is a JSON file that defines what you want to deploy to Azure.
➢ Subscription
▪ Azure subscription is a logical unit of Azure services that links to an Azure account
➢ Management Groups
▪ Organize multiple subscriptions as a single management entity to facilitate easier

management.
Azure Compute Services
➢ In Azure, you can create compute resources, configure them to do the work that's needed, and pay for only what you use
➢ What is Compute?
➢ Azure Virtual Machine
➢ Demo: Deploy and resize VMs
➢ Deploy Website on VM
➢ Load Balancer
Learning Objectives ➢
➢
Deploy VMs at Availability Zones
Deploy VMs at Availability sets
➢ Virtual Machines Scale Sets
➢ Azure App Service
➢ Containers
➢ ACI vs AKS
➢ Virtual Machine vs Containers
➢ Azure Container Registry
➢ Azure Virtual Desktop (Windows Virtual Desktop)

COMPUTE
What is Compute?
What is Compute?
93
❖ Azure Virtual Machines
❖ Azure App Service
❖ Azure Container Instances

Compute Services
❖ Azure Kubernetes Service
❖ Azure Functions
❖ Azure Virtual Desktop

Azure Virtual Machine
Provides highly flexible/scalable, cost effective, and quick computing capacity in the Azure Cloud
Apps
⮚ With Azure Virtual Machine service, you can create and use VMs in the cloud.
⮚ Infrastructure-as-a-Service (IaaS)
On-premises Physical Server

⮚ Full control over machine just like your physical computer
In Azure Cloud ⮚ Operating System (OS): Linux or Windows
⮚ Size of VM – CPU, RAM, disk/storage and so on
⮚ Network configurations: Virtual network, Subsets
⮚ Firewall rules: security group
⮚ The ability to run custom software.

⮚ To use custom hosting configurations.
⮚ Must maintain and patch VM

⮚ Need to configure, update, and maintain the software that runs on the VM.
⮚ Imp options to choose while creating VM:
⮚ Type of image – OS and software
⮚ Size of VM – CPU/RAM/Storage
⮚ Availability options
⮚ Use Cases:
⮚ During testing and development.
⮚ Application might need to handle fluctuations in demand
⮚ shutting down VMs when you don't need them
⮚ During disaster recovery.
⮚ Move to the cloud with VMs

Deploy Website on VM
Load Balancer
Deliver high availability and network performance to your apps
Load Balancer
▪ Distribute traffic to your backend virtual machines
▪ Provides high availability for your application.
▪ Two types of load balancer: Public and Private
▪ Components:
▪ Frontend IP: define IP address for the load balancer
▪ Backend pool: this contains the virtual machines
▪ Health probes: monitor health of resources in backend pool
▪ Rules: How to distribute the incoming traffic.

Availability Zones
High availability for your mission-critical applications and data
Availability Zones
▪ Each Availability Zone has a distinct power

source, network, and cooling.
▪ If one zone is compromised, then replicated

apps and data are instantly available in another
zone.
▪ It’s your responsibility to sync applications

between different VMs.
High-speed, private
fiber-optic networks
Availability sets
Provides High availability and Business continuity for applications
Availability Sets
▪ Availability Sets make use of two key concepts - Fault Domains, and Update
Domains.
▪ Update domains define the group of virtual machines that are going to be
patched/maintained/rebooted at same time.
▪ Fault domains define the group of virtual machines that share a common
power source and network switch.
▪ It saves from rackwide failure, or a rackwide maintenance window that can

take down all VMs hosted on this single point of failure.
▪ Availability sets are free to use! You only pay for the virtual machines being
created.
▪ It does not protect your application from operating system or application-

specific failures, it does limit the impact of potential physical hardware
failures, network outages, or power interruptions.
Virtual Machines Scale Sets
Manage and scale up to thousands of Linux and Windows VMs
Virtual Machines Scale Sets
▪ Create and manage a group of load balanced VMs.
▪ Allows your application to automatically scale as resource demand changes

▪ The number of VM instances can automatically increase or decrease in response to
demand or a defined schedule.
▪ All VM instances are created from the same base OS image and configuration.
▪ VM size, disk configuration, and application installs should match across all VMs.
▪ Provides high availability and application resiliency

▪ Can use availability zones or availability sets
▪ There is no cost for the scale set itself, you only pay for each VM instance that you create.
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview
Azure App Service
enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs
Azure App Service
⮚ Enables you to host and manage your web applications
⮚ Platform as a service (PaaS) environment

⮚ Focus on the business value and logic
⮚ Azure handles the infrastructure
⮚ Automatic scaling and high availability
⮚ Programming language of your choice
⮚ Supports Windows and Linux
⮚ Automated deployments from GitHub or Azure DevOps
⮚ Pay only for compute resources your app uses

⮚ App Service plan determines how much hardware is devoted to
your application
Types of app services
⮚ Web apps
⮚ Full support for hosting websites and web applications
⮚ Language: ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python.
⮚ Operating System: Windows or Linux
⮚ Web apps for containers can host your existing container images.
⮚ API apps
⮚ Build REST-based web APIs
⮚ Choice of language and framework
⮚ Can be consumed from any HTTP- or HTTPS-based client.
⮚ WebJobs
⮚ Run a program (.exe, Java, PHP, Python, or Node.js)
⮚ Run a script (.cmd, .bat, PowerShell, or Bash)
⮚ Can be scheduled or run by a trigger
⮚ Often used to run background tasks as part of your application logic.
⮚ Mobile apps
⮚ Quickly build a back end for iOS and Android apps
⮚ Store mobile app data in a cloud-based SQL database.
⮚ Authenticate customers against common social providers, such as MSA, Google, Twitter, and Facebook.
⮚ Send push notifications.
⮚ Execute custom back-end logic in C# or Node.js.
Containers
Wrap up an application into its own isolated package
Containers
⮚ Problem Statement 1: I can’t share project with others because of dependencies on OS, framework, libraries and so on.
⮚ Problem Statement 2: Need different machines to run three different Python-based applications that use of a different version of
Python
⮚ Solution: The simple solution is to create a container of your project in which you mention all the dependencies to run the project.
Thus your project can be run universally on any computer having container runtime installed.
⮚ Containers are a way to wrap up an application into its own isolated package.
⮚ In a nut shell, Container is the modern era solution for transferring your projects to friends, family, colleagues, clients etc without
worrying about their system configuration to run the project.
⮚ Imp Features:
⮚ Portability: Deploy to diff environment
⮚ Consistency: will behave same each time
⮚ No maintenance related to infrastructure Apps
⮚ Deployment and maintenance are efficient DLLs/ Libs
⮚ Auto scaling
Container
ACI vs AKS
Azure Container Instances (ACI) vs Azure Kubernetes Services
Hosting Options for Containers
Local Workstation On-premises Servers VMs in Azure
Azure Container Instances (ACI) Azure Kubernetes Services (AKS) Azure App Services
ACI vs AKS
⮚ ACI is a service that lets you deploy containers on Azure without having to
maintain or patch the environment.
⮚ Basic web applications, DevTest scenarios, and batch processing are all
supported by ACI.
⮚ When you just need to run a few containers, it's a perfect option.
⮚ Limited scalability and low availability
⮚ Managed environment
Azure Container Instances (ACI)
⮚ Only pay for containers
⮚ Deployment is easy.
⮚ Alternatively, For more complex container designs where you require additional control
over the health and performance of your containers, you may utilize Azure Kubernetes
Service (AKS).
⮚ You can coordinate the deployment, update, and management operations for all of your
containers using AKS.
⮚ If you need to operate tens, hundreds, or even thousands of containers, the AKS Open
source project could be a good fit.
⮚ It's one tool in a class of tools called container orchestrators

Azure Kubernetes Services (AKS)
⮚ Azure's container management system
⮚ Scale your application to meet demands by adding and removing
container instances
⮚ Monitor the deployed containers and resolving any issues that
may come
⮚ Groups of containers are called Pods
⮚ Virtual machines are called Nodes
⮚ Azure Container Registry pull

Virtual Machine vs Containers
Virtual Machine vs Containers
⮚ Virtual machine contains a full copy of an operating system
⮚ Virtual machine virtualizes the underlying hardware, meaning the CPU, memory, and storage
⮚ Containers, on the other hand, virtualize the operating system.
⮚ Containers smaller in size than a virtual machine and quicker to spin up because you're only waiting for the app to launch, not the
operating system.
Docker & Azure Container Registry
Docker is an open source containerization platform
Azure Container Registry
⮚ An image is a read-only template with instructions on how to create the container.
⮚ Container is the runnable instance of the image.
⮚ A container registry is a service that stores and distributes container images.
⮚ Docker Hub is a public container registry on the web that serves as a general catalog of images.
⮚ Azure offers a similar service called Azure Container Registry, which gives customers complete control over their images, integrated authentication
with Azure AD, and more.
Container Registry
Image Base Image
Docker Hub
Azure Container Registry

What is Docker?
⮚ A Docker container is a standard that describes the format of containers and provides a runtime for Docker containers.
⮚ Docker is an open source project that automates the deployment of containers that can run in the cloud or on-premises.
⮚ Docker is also a company that promotes and evolves the technology, and they work in collaboration with cloud vendors like Microsoft.
⮚ The result from adopting docker, or container, is that application can be deployed or undeployed faster, start and stop faster, change to
another “image” faster, process and do many things faster.
⮚ Apps run the same, regardless of where they’re run
⮚ Any machine
⮚ No compatibility issues
⮚ Predictable behavior
⮚ Works with any language, any OS, any technology

Azure Virtual Desktop
desktop and app virtualization service in Azure.
⮚ Some challenges
⮚ IT management overhead
⮚ Security management
⮚ Solution
⮚ Separates local hardware from your operating

systems, data and apps from
⮚ Separate the compute environment from user

devices so that the risk of confidential
information being left on a personal device is
Image Reference: https://www.ezeep.com/custom-url-wvd-html5-client/
greatly reduced.
⮚ Connect with any device over the internet

⮚ Provide:
⮚ Full desktops to users or
⮚ Direct access to an app running on a virtual machine.
⮚ Enables your users to use a cloud-hosted version of Windows from any location.
⮚ Fully managed solution in the cloud
⮚ Connect from any device:

⮚ Windows
⮚ Mac
⮚ iOS
⮚ Android
⮚ HTML5 Browser
⮚ Similar to Remote Desktop Services (RDS)

Remote Desktop Services
Key features of Azure Virtual Desktop
⮚ Supports Windows 10 multi-session
⮚ Host pools can allocate users to sets of VMs,

⮚ Configure size of VM and number of Users
⮚ Breadth mode – Best performance, allocate sequentially
⮚ Depth mode – save cost, fully allocated on one VM before moving to the next
⮚ Automatically add VMs when demand reaches a threshold.
⮚ Scale the VMs up and down
⮚ Use Azure Marketplace prebuilt VM images or provide your own custom images.
⮚ Unique and secure experience for user
⮚ Feels like they're working on their local computer.
⮚ Supported operating systems:

⮚ Windows Server 2019
⮚ Windows Server 2016
⮚ Windows Server 2012 R2
⮚ Windows 10 Enterprise
⮚ Windows 7 Enterprise
⮚ Save cost
⮚ Bring your own licenses
⮚ Buy reserved instance
Why should you use Azure Virtual Desktop?
⮚ Low Latency
⮚ Run host virtual machines (VMs) near apps and services that
connect to your datacenter
⮚ Fast user sign-in

⮚ user profiles are containerized by using FSLogix.
⮚ Secure
⮚ Authentication using Azure AD
⮚ Azure Multi-factor Authentication
⮚ Role-based access controls (RBACs) to users
⮚ No confidential data on personal device.
⮚ User sessions are isolated in both single and multi-session
environments.
➢ What is Compute?
➢ Azure Virtual Machine – IaaS, configure OS, CPU, RAM storage and so on
➢ Demo: Deploy and resize VMs
➢ Deploy Website on VM
➢ Load Balancer
➢ Distribute traffic to your backend virtual machines
➢ Each Availability Zone has a distinct power source, network, and cooling.
Learning Outcome
➢ Availability sets
➢ Fault Domains, and Update Domains.
➢ Virtual Machines Scale Sets
➢ Create and manage a group of load balanced VMs.
➢ Azure App Service
➢ Enables you to host and manage your web applications
➢ Containers
➢ Containers are a way to wrap up an application into its own isolated package
➢ Azure Container Instances (ACI) vs Azure Kubernetes Services
➢ Virtual Machine vs Containers
➢ Azure Container Registry
➢ Azure Virtual Desktop (Windows Virtual Desktop)

Azure Serverless Technologies
➢ In this module, you'll learn about two serverless computing solutions on Azure: Azure Functions and Azure Logic Apps.
➢ You'll learn what they are, how they differ, and when you should choose one over the other.
➢ What is Serverless technology
Learning Objectives
➢ Advantages of Serverless technology
➢ Azure Functions
➢ Azure Logic Apps

Azure Function
Serverless computing
⮚ Serverless computing is the idea that servers, infrastructure, or operating systems are behind the scene and for users they do not
exist.
⮚ Infrastructure isn't your responsibility.
⮚ Scaling and performance are automatically taken care of.

⮚ Azure takes care of the servers and how resources are allocated and deallocated.
⮚ Micro-billing: Pay only for the time their code runs.

⮚ For example, if the code runs once a day for two minutes, they're charged for one execution and two minutes of computing
time.
⮚ There isn't even a need to reserve capacity.
⮚ Event-driven: Excellent fit for workloads that respond to incoming events. Events include triggers by:
⮚ Timers, for example, if a function needs to run every day at 10:00 AM UTC.
⮚ HTTP, for example, API and webhook scenarios.
⮚ Queues, for example, with order processing.
⮚ And much more.
⮚ Azure has two implementations of serverless compute:

⮚ Azure Functions: Functions can execute code in almost any modern language.
⮚ Azure Logic Apps: Logic apps are designed in a web-based designer and can execute logic triggered by Azure services
without writing any code.
Azure Function
Azure Functions provide a serverless compute experience.
Azure Functions
⮚ It is a serverless platform
⮚ Execute your code when needed
⮚ Event-driven solution - execution of your code is triggered by a specific type of event.
⮚ Pay only for the time spent running your code.
⮚ No worry about configuration or management of the underlying physical and application

infrastructure.
⮚ Azure Functions can be triggered by various event types, including HTTP requests.
⮚ Functions scale automatically based on demand
⮚ Functions can be either stateless or stateful.
⮚ Resilience: If one of your functions fails, it has no effect on other functions.
⮚ User Case:
⮚ Process file uploads - Run code when a file is uploaded or changed in blob storage
⮚ Build a web API - Implement an endpoint for your web applications using the HTTP
trigger
⮚ Respond to database changes - Run custom logic when a document is created or
updated in Cosmos DB
Logic Apps
Quickly build powerful integration solutions
Logic Apps
⮚ Designed to automate business scenarios
⮚ logic apps execute workflows

⮚ Workflow includes actions like data conversions and flow controls, such as conditional statements, switch statements, loops,
and branching.
⮚ Design using visual designer on the Azure portal or in Visual Studio
⮚ Built from predefined logic blocks.
⮚ More than 200 different connectors and processing blocks to interact with different services.
⮚ Starts with a trigger

➢ What is Serverless technology
▪ Serverless computing is the idea that servers, infrastructure, or operating systems

are behind the scene and for users they do not exist.
▪ Infrastructure isn't your responsibility
➢ Advantages of Serverless technology
Scaling and performance are automatically taken care of
Learning Outcome
▪
▪ Micro-billing: Pay only for the time their code runs.
▪ There isn't even a need to reserve capacity.
▪ Event-driven
➢ Azure Functions
▪ Execute your code when needed
➢ Azure Logic Apps
▪ Designed to automate business scenarios

Azure networking services
➢ In this module, you'll learn about the different Azure networking options and the scenarios in which each is appropriate.
➢ Virtual Network (VNet) and Subnets
➢ VPN Gateway and Vnet Peering
➢ Load Balancer and Application Gateway
Learning Objectives ➢ Content Delivery Network (CDN)
➢ ExpressRoute
➢ ExpressRoute vs VPN Gateway
➢ Azure DNS
➢ Public and Private Endpoints

Virtual Network (VNet) and Subnets
Provision private networks, optionally connect to on-premises datacenters
Need for Azure Virtual Network
⮚ In a corporate on-premises data center network:
⮚ Nobody on the internet see the data exchange between the

application and the database?
⮚ Nobody on the internet can directly connect to your

database
⮚ You must first establish a connection to your corporate

network before gaining access to your apps or databases.
⮚ Corporate networks offer a secure internal network that

safeguards your resources, data, and communications from Corporate on-premises network
unauthorized access.
⮚ How can you build your own private cloud network?
⮚ Azure Virtual Network

Azure Virtual Network
⮚ Your own isolated network in Azure.
⮚ Region can have multiple VNets but each VNet belong to same Region
⮚ Within a VNet, network traffic is isolated (not visible) from network traffic in all other Azure VNet.
⮚ You maintain complete control over all traffic entering and leaving a VNet.
⮚ IP Address is a address of resource which ensures the traffic gets to the right server on the internet
⮚ Every resource gets its own unique IP Address on that Vnet within the address space.
⮚ Scaling – You can add more VNets or more addresses on existing VNet.
VNet VNet
VNet CIDR Range:
10.0.0.0/16
Need for VNet Subnets
⮚ Each kind of resource has distinct access requirements.
⮚ Elastic Load Balancers that are publicly available are accessible through the internet (public resources)
⮚ Databases and App Server instances should be inaccessible from the internet.
⮚ Only apps running inside your VNet should be able to access them (private resources).
⮚ How do you partition public and private resources inside a VNet?
VNet VNet
VNet CIDR Range:
10.0.0.0/16
VNet Subnets
⮚ Organize and group resources on subnets
⮚ Separate public and private resources into distinct subnets
⮚ Resources in a public subnet CAN be accessed from internet
⮚ Resources in a private subnet CANNOT be accessed from internet, but resources in a public subnet can connect with resources in a
private subnet.
⮚ We can use network security groups to secure individual subnets
VNet Peering
⮚ Connect VNets from same or different regions (Global VNet

peering)
⮚ Allows for secure communication between VNets that are

linked.
⮚ Low Latency: Resources between diff VNets are connected

using high bandwidth connections.
⮚ Assemble them as though they were members of the same

network
⮚ Must not have CIDRs that overlap (IP address range)

VPN Gateway and Vnet Peering
Connecting your infrastructure to the cloud
VPN (Virtual private network)
Tunnel
west-coast office east-coast office
⮚ Connect two or more trusted private networks to one another over securely an untrusted network (typically the public internet).
⮚ Traffic is encrypted while traveling over the untrusted network to prevent eavesdropping or other attacks.
VPN gateways
VPN Gateway Tunnel
Azure Virtual Network On-Premises
⮚ Can connect Azure virtual network with On-premises network
⮚ All transferred data is encrypted in a private tunnel as it crosses the internet.
⮚ Azure VPN Gateway instances are deployed in Azure Virtual Network

⮚ Site-to-Site connection - Connect on-premises datacenters to virtual networks
⮚ Point-to-Site connection - Connect individual devices to virtual network
⮚ Multi-site connection – Connect more than one on-premises network to virtual network
⮚ Network-to-Network connection - Connect virtual networks to other virtual networks
⮚ We can also use “Network peering”
Network Connections
Network Peering
East US VNet
West US VNet
VPN Gateway Tunnel VPN Gateway

East US VNet West US VNet
VPN Gateway vs Vnet Peering
⮚ Vnet Peering
⮚ Connect VNets from same or different regions (Global VNet peering)
⮚ Allows for secure communication between VNets that are linked.
⮚ Low Latency: Resources between diff VNets are connected using high bandwidth connections.
⮚ Which is best for you?
⮚ VNet Peering provides a low latency, high bandwidth connection useful in scenarios such as cross-region data replication and
database failover scenarios. Since traffic is completely private and remains on the Microsoft backbone, customers with strict data
policies prefer to use VNet Peering as public internet is not involved. Since there is no gateway in the path, there are no extra hops,
ensuring low latency connections.
⮚ VPN Gateways provide a limited bandwidth connection and is useful in scenarios where encryption is needed, but bandwidth
restrictions are tolerable. In these scenarios, customers are also not as latency-sensitive.
Application Gateway
Provides HTTP based load balancing.
Load Balancer
HTTP Request
Load Balancer
Uses IP address / port
Backend Pool
Application Gateway
⮚ Application Gateway provides HTTP based

load balancing.
⮚ Routing rules based on HTTP request

parameters:
HTTP Request
⮚ URI path (web address)
Image Server Pool
⮚ Host headers (request data)
⮚ Can be easily integrated with Azure Cloud

Services Application Gateway
⮚ Provides auto-scaling, end-to-end
encryption, zone redundancy and multi-site
hosting
Video Server Pool

Content Delivery Network (CDN)
Ensure secure, reliable content delivery with global reach
https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
⮚ To reduce latency, CDNs cache content on edge servers near end users.
⮚ Benefits:
⮚ More responsive apps, particularly those that need many round-trips to load content.
⮚ Large scalability to manage sudden high demands, like a product launch.
⮚ User requests and content are served directly from edge servers, reducing traffic to the origin server.
ExpressRoute
Fast, reliable, and private connection to Azure
ExpressRoute
• Data travel over the Internet

• Data is Encrypted
• Slow connection, Latency, use for light traffic
ExpressRoute
• Use a private, dedicated connection

• Data do not go over the public Internet
• Data is not Encrypted
• Low Latency, faster connection, for high traffic
ExpressRoute
ExpressRoute
⮚ Create private connections between Azure datacenters and infrastructure on your on-premises
⮚ Offer more reliability, faster speeds, and lower latencies
⮚ The setup and configuration for ExpressRoute is more complex, and will require collaboration with the connectivity provider.
⮚ Large-scale, mission-critical workloads requiring scalability and resilience are suitable for this architecture.
ExpressRoute vs VPN Gateway
⮚ ExpressRoute:
⮚ Suitable for requirement for a high speeds, low-latency connection and high level of
availability/resiliency.
⮚ Suitable for mission critical workload.
⮚ Access to all Azure services.
⮚ Doesn’t suit smaller satellite offices that have a lower connectivity requirement.
⮚ VPN Gateway:
⮚ Suitable for prototyping, development, test, labs, and small production workloads.
⮚ Suitable for the small organization.
⮚ VPN isn’t designed to handle high data volumes.

Azure DNS
Host your DNS domain in Azure
Azure DNS
Microsoft.com
4. HTTP Response
3. HTTP Request
Web Browser
Server
10.5.10.6
2. IP Address:
10.5.10.6
1. Where is Microsoft.com
Source: Microsoft Docs

Azure DNS
⮚ Hosting service for DNS domains that provides name resolution by using
Microsoft Azure infrastructure.
⮚ Domains can be hosted in Azure DNS for record management.
⮚ Billing = no of DNS zones + number of DNS queries received
⮚ Advantages:
⮚ DNS domains in Azure DNS are hosted on Azure's global network of DNS
name servers.
⮚ Each DNS query is answered by the closest available DNS server to
provide fast performance and high availability for your domain.
⮚ Can be managed using Portal, PowerShell or CLI

Virtual Network service endpoints
provides secure and direct connectivity to Azure services
Service Endpoints
Private IP Storage
⮚ Provides secure and direct connectivity to Azure services
⮚ Use optimized route over the Azure backbone network.
⮚ You can access Azure service to only your virtual networks.
⮚ Service Endpoints enables private IP addresses in the VNet to reach
the endpoint of an Azure service without needing a public IP address
on the VNet.

Demo: Service Endpoints
⮚ Prerequisite: Storage account & Azure storage explorer concepts
Storage

Private endpoint
⮚ A private endpoint is a network interface that uses a private IP address from your virtual network.
⮚ This network interface connects you privately and securely to a service that's powered by Azure Private Link.

Service Endpoint vs Private endpoint
⮚ Access
⮚ Service endpoint — It will continue to be a publicly routable IP address.
⮚ Private endpoint — It is a private IP in the address space of the virtual network where the private endpoint is configured.
⮚ Both are made to let you control who connects to your service. Without going over the internet, traffic between your
virtual network and the service is routed through the Microsoft backbone network.
⮚ Data protection
⮚ Service Endpoint — For exfiltration protection, traffic must pass through an NVA/Firewall.
⮚ Private Link — It has a built-in data protection system.
⮚ Complexity
⮚ Service Endpoint — It's a lot easier to implement, and it reduces the complexity of your architecture design significantly.
⮚ Private Link — Another resource must be managed.
⮚ Cost
⮚ Service Endpoint — Using VNet service endpoints comes at no extra cost.
⮚ Private Link — Depending on total ingress and egress traffic as well as the link's runtime, costs can quickly escalate.
⮚ Availability
⮚ Both services are not available for all resources/services.

➢ Virtual Network
▪ Corporate networks offer a secure internal network that safeguards your resources, data, and communications
from unauthorized access.
➢ Virtual Network (VNet)
▪ Your own isolated network in Azure.
➢ Subnets
▪ Organize and group resources on subnets
▪ Public and Private Subnets
➢ VPN Gateway
Learning Outcome ▪
▪
Can connect Azure virtual network with On-premises network
Use Tunnel, data encrypted
➢ Vnet Peering
▪ low latency, high bandwidth connection between different network
➢ Load Balancer and Application Gateway
▪ Application Gateway provides HTTP based load balancing.
➢ Content Delivery Network (CDN)
▪ To reduce latency, CDNs cache content on edge servers near end users.
➢ ExpressRoute
▪ Create private connections between Azure datacenters and infrastructure on your on-premises
➢ ExpressRoute vs VPN Gateway

➢ Azure DNS
▪ Hosting service for DNS domains that provides name resolution by using Microsoft Azure
infrastructure.
➢ Public and Private Endpoints
▪ Provides secure and direct connectivity to Azure services
Learning Outcome
Azure Storage Services
➢ In this module, you'll learn about the different Azure storage options and the scenarios in which each is appropriate.
➢ Azure Storage Service
➢ Azure Table Storage
➢ Azure Queue Storage
Learning Objectives ➢ Azure File Storage
➢ Azure Blob Storage
➢ Azure Storage Data Redundancy
➢ Storage Access Tiers
➢ Disk Storage
Azure Storage Services
➢ In this module, you'll learn about the different Azure storage options and the scenarios in which each is appropriate.
➢ Azure Storage Explorer
➢ Azure Import and Export Service
➢ File Sync
Learning Objectives ➢ AzCopy
➢ Azure Migrate
➢ Azure Data Box

Azure Storage Service
Fast, reliable, and private connection to Azure
Azure Storage Service
⮚ Diff types of data and requirements
⮚ Relational, non-relational/No-SQL, datasheets, images, videos, backups
⮚ Storage, access, security, availability, latency, processing, backup
⮚ Diff types of Data Service
⮚ Azure Blobs: Text and binary data
⮚ Azure Files: Managed file shares (SMB Protocol)
⮚ Azure Queues: Messaging
⮚ Azure Tables: NoSQL store
⮚ Features
⮚ Durable and highly available – redundancy across datacenters or regions
⮚ Secure – all data encrypted by default
⮚ Scalable – massively scalable
⮚ Managed - Azure handles hardware maintenance, updates, and critical issues for you.
⮚ Accessible - accessible from anywhere in the world over HTTP or HTTPS.
⮚ Clients libraries are available in all languages
⮚ Support scripting in PowerShell or Azure CLI

Azure Storage Data Redundancy
Protect your data from hardware failures, network or power outage, and natural disasters
Azure Data Redundancy
⮚ Protect your data from hardware failures, network or power outages, and massive natural disasters.
⮚ Even in the event of a failure, redundancy ensures your storage account's availability and durability.
⮚ Tradeoffs between lower costs and higher availability
⮚ Redundancy in the primary region

⮚ Locally redundant storage (LRS) – Three synchronous copies in same data center
⮚ Zone-redundant storage (ZRS) – Three synchronous copies in three availability zones (AZs)
⮚ Redundancy in a secondary region

⮚ Geo-redundant storage (GRS) – LRS + Asynchronous copy to secondary region ()
⮚ Geo-zone-redundant storage (GZRS)
⮚ With GRS or GZRS, the data in the secondary region isn't available for read or write access unless there is a failover to the
secondary region.
⮚ For read access to the secondary region, configure your storage account to use
⮚ Read-access geo-redundant storage (RA-GRS)
⮚ Read-access geo-zone-redundant storage (RA-GZRS).
Azure Storage Redundancy
⮚ Locally redundant storage (LRS) – Three synchronous copies in same data center
⮚ Zone-redundant storage (ZRS) – Three synchronous copies in three availability zones (AZs)
⮚ Geo-redundant storage (GRS) - LRS + Asynchronous copy to secondary region (three more copies using LRS) – Read only access
⮚ Read-access geo-redundant storage (RA-GRS) – Read Access on GRS
⮚ Geo-zone-redundant storage (GZRS) – ZRS + Asynchronous copy to secondary region (three more copies using LRS) – Read only access
⮚ Read-access geo-zone-redundant storage (RA-GZRS) – Read Access on GZRS
Azure Blob Storage
Binary Large Object
Blob Storage
⮚ Blob - Binary Large Object

⮚ Any type or format
⮚ Text, Images, audio, video, excel, backup files
⮚ Use cases:
⮚ Storing files for shared access
⮚ Video and audio streaming
⮚ Storing data for analysis (Data Lake Gen2)
⮚ Writing to the log file
⮚ Storing data for disaster recovery, backup, and archiving
⮚ Flat structure
⮚ Provides a unique namespace in Azure for your data.

⮚ http://mystorageaccount.blob.core.windows.net
Three types of Blob Storage
⮚ Block Blobs:
⮚ For large objects that doesn't use random read and write operations, files that are
read from beginning to end
⮚ Such as media files or image files for websites.
⮚ Page Blobs:
⮚ Optimized for random read and write operations.
⮚ Provide durable disks for Azure Virtual Machines (Azure VMs)
⮚ Append Blobs:
⮚ Optimized for append operations. e. g. Logs
⮚ When you modify an append blob, blocks are added to the end of the blob only
⮚ Updating or deleting of existing blocks is not supported
⮚ For example, you might write all of your trace logging to the same append blob for
an application running on multiple VMs
Storage Access Tiers
Organize your data based on attributes like frequency of access and planned retention period.
⮚ Data stored in the cloud can be different based on how it's generated, processed, and accessed over its lifetime.
⮚ Pricing
Hot
⮚ The volume of data stored/month
⮚ Types of operations performed
⮚ Number of operations performed
⮚ Data transfer cost, if any
⮚ The selected data redundancy option

Cool
⮚ Organize your data based on attributes like frequency of access and planned retention period.
⮚ Blob access tiers
⮚ Hot access tier
⮚ Cool access tier

Archive
⮚ Archive access tier
⮚ Hot
⮚ Frequently accessed data
⮚ Example - images for your website
⮚ Low latency
⮚ Higher access cost
⮚ Cool
⮚ Infrequent accessed data
⮚ Example - invoices for your customers Hot Cool Archive
⮚ High latency
⮚ Lower cost
⮚ Stored for at least 30 days
⮚ Archive
Fast Access Slow Access
⮚ Rarely accessed data Higher Cost Lower Cost
⮚ Example - long-term backups
⮚ Highest access times and access cost
⮚ Latency in hours
⮚ Stored for at least 180 days
⮚ Use Case: Business policy mandated Data Archiving, long term retention like healthcare data
Azure Table Storage
A NoSQL key-value store
Azure Table Storage
⮚ NoSQL key-value Storage
⮚ Items are referred to as rows, and fields are known as columns
⮚ All rows in a table must have a key
⮚ No concept of relationships, stored procedures, secondary indexes, or foreign keys
⮚ Data will usually be denormalized
⮚ To help ensure fast access, Azure Table Storage splits a table into partitions
⮚ Support very large volume of Data
⮚ Consider Cosmos DB for new development
⮚ Advantages
⮚ It's simpler to scale
⮚ A table can hold semi-structured data
⮚ No complex relationships
⮚ Data insertion and retrieval is fast
⮚ Good to use for:

⮚ Storing TBs of structured data capable of serving web scale applications
⮚ Storing datasets that don't require complex joins, foreign keys, or stored procedures, and
that can be denormalized for fast access.
⮚ Capturing event logging and performance monitoring data.
Azure Queue Storage
Message queuing service to store large numbers of messages.
Azure Queue Storage
⮚ Store large numbers of messages.
⮚ Access messages via authenticated calls using HTTP or HTTPS.
⮚ May contain millions of messages, up to the total capacity limit of a storage account.
⮚ Queues are commonly used to create a backlog of work to process asynchronously.

Azure File Storage
Simple, secure, and serverless enterprise-grade cloud file shares
Azure File Storage
On-Premises
On-Premises
On-premises shared storage
Challenges
⮚ Limited Amount of Storage
⮚ Maintenance (hardware and OS)
⮚ Schedule Backups
⮚ Security
⮚ Difficult to share files across Datacenters
Azure
Azure File Storage
⮚ Enables you to create files shares in the cloud, and access these file shares from anywhere with an
internet connection
On-Premises
⮚ Mounted concurrently by cloud or on-premises deployments.
⮚ Accessible from Windows, Linux, and macOS clients.
⮚ Accessible Server Message Block (SMB) protocol or Network File System (NFS) protocol
⮚ Azure Files ensures the data is encrypted at rest, and the SMB protocol ensures the data is encrypted in
transit.
⮚ Use Cases
⮚ Replace or supplement on-premises file servers
⮚ Share application settings
⮚ Dev/Test/Debug
⮚ Key Benefits
⮚ Shared access: Replace on-premises file shares with Azure file shares without application
compatibility issues
⮚ Fully managed: Azure will manage hardware or an OS
⮚ Resiliency: you don’t have to deal with local power and network issues.
Disk Storage
High-performance, highly durable block storage for Azure Virtual Machines
Azure Disk Storage
⮚ VM uses disks as a place to store an operating system, applications, and data in Azure.
⮚ One virtual machine can have one OS disk and multiple Data disk but one data disk can only be link with one VM.
⮚ Both the OS disk and the data disk are virtual hard disks (VHDs) stored in an Azure storage account.
⮚ The VHDs used in Azure is .vhd files stored as page blobs in a standard or premium storage account in Azure.
⮚ Unmanaged disks: We can create a storage account and specify it when we create the disk.
⮚ Not recommended, previous unmanaged disks should migrate to managed disk
⮚ Managed disk
⮚ Azure creates and manages storage accounts in the background.
⮚ We don't have to worry about scalability issues.
⮚ Azure creates and manages the disk for us based on the size and performance tier we specify.
⮚ Managed Disk types:

⮚ Standard HDD: Backup, non-critical, infrequent access
⮚ Standard SSD: lightly used production applications or dev/test environments
⮚ Premium SSD disks: Super fast and high performance, very low latency, recommended for production and performance sensitive workloads
⮚ Ultra disks (SSD): for most demanding IO-intensive workloads such as SAP HANA, top tier databases (for example, SQL, Oracle), and other
transaction-heavy workloads
Import and export service
⮚ Move small amount of data – Internet
⮚ AzCopy
⮚ Azure Storage Explorer
⮚ Move large amount of data (TBs) between on-premises and Azure storage securely.
⮚ Scenarios
▪ Migrating data to the cloud On-Premises Servers Azure Storage
▪ Backup
▪ Data recovery
⮚ Issues
▪ Network is slow
▪ Getting more network bandwidth is cost-prohibitive
➢ Solution
➢ Ship disk drive physically
➢ Disk drive – you can use your own or ones provided by Microsoft.
➢ Own - Solid-state drives (SSDs) or Hard disk drives (HDDs)
➢ Microsoft – Azure Data Box
➢ Import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
➢ Export large amounts of data from Azure Blob storage to disk drives and ship to your on-premises sites.
Azure File Sync
⮚ Replication occurs between Windows servers in your data centers and Azure.
⮚ Provide local caching for your users. You can have as many caches as you want.
⮚ By default, all files are tied to Azure Files, but with Cloud Tiering enabled, only frequently accessed files are cached locally on the server.
⮚ You can access your data locally using SMB, NFS, or FTPS on Windows Server.
⮚ Advantages
⮚ Lift and shift
⮚ Backup and Disaster Recovery
⮚ File Archiving
Source: https://docs.microsoft.com/
Azure File Sync Implementation
Defines the sync
topology for a set of
files.
Storage Sync Services (Azure File Sync) Endpoints within a
(same region as storage account) sync group are kept in
sync with each other.
Sync Group
Azure File Share
Cloud Server Server

Endpoint Endpoint Endpoint
Allows Windows
Server to sync with an A server endpoint
Azure file share. represents a specific
location on a
registered server,
A cloud endpoint is an such as a folder on
Azure file share that is a server volume.
part of a sync group.
Azure File Sync agent Azure File Sync agent Server Endpoint:
Azure file share can be C:\FolderA
a member of only one
sync group.
Azure Window Server Azure Window Server
Server Endpoint: Server Endpoint:

C:\FolderA C:\FolderB
AzCopy
⮚ Command-line utility
⮚ Available to download and install on Windows, Linux, and Mac AzCopy
⮚ Use it to copy data to/from Microsoft Azure Blob and File storage On-Premises Servers Azure File/Blob
Storage
⮚ you can copy data between a file system and a storage account, or between storage accounts.
⮚ AzCopy is preinstalled in Azure Cloud Shell, so you can use it there if you can't run it locally. AzCopy
⮚ Simple commands
⮚ List of available commands: azcopy –help
⮚ Basic syntax for AzCopy commands: azcopy copy [source] [destination] [flags]
Azure File/Blob
⮚ azcopy copy "C:\local\path" "https://account.blob.core.windows.net/mycontainer1/?sv=2018-03- Storage
28&ss=bjqt&srt=sco&sp=rwddgcup&se=2019-05-01T05:01:17Z&st=2019-04-
30T21:01:17Z&spr=https&sig=MGCXiyEzbtttkr3ewJIh2AR8KrghSy1DGM9ovN734bQF4%3D" --recursive=true
⮚ Authentication options
Azure Migrate
Discover, assess, right-size, and migrate your on-premises virtual machines (VMs) to Azure
Azure Migrate
⮚ Centralized hub to assess and migrate on-premises servers, infrastructure,

applications, and data to Azure.
⮚ Provides:
⮚ Unified migration platform
⮚ Range of tools
⮚ Assessment and migration
⮚ Databases –> Azure SQL Database or Managed Instance
⮚ Web Applications -> Azure App Service On-premises Azure Cloud
⮚ Virtual Desktops -> Azure Virtual Desktop
⮚ Servers, databases, and web apps -> Azure VM or VMware
⮚ Data -> Azure Data Box
Azure Data Box
⮚ Microsoft provides you a piece of hardware in three different sizes developed
specifically for import and export tasks.
⮚ You can order the Data Box device via the Azure portal to import or export data from
Azure.
⮚ Ideally suited to transfer data sizes larger than 40 TBs
⮚ Scenarios: Onetime migration, Initial bulk transfer, Disaster recovery, Migrate back to
on-premises or to another cloud service provider
➢ Azure Storage Service
▪ Features – Durable, Secure, Scalable, Managed and Accessible
➢ Azure Storage Data Redundancy
▪ Even in the event of a failure, redundancy ensures your storage account's availability and durability.
▪ Locally redundant storage (LRS), Zone-redundant storage (ZRS, Geo-redundant storage (GRS) , Read-access
geo-redundant storage (RA-GRS) , Geo-zone-redundant storage (GZRS), Read-access geo-zone-redundant
storage (RA-GZRS)
➢ Types of Storage
▪ Azure Blob Storage - Binary Large Object
Learning Outcome ▪
o Block, Page and Append
Azure Table Storage - NoSQL key-value Storage
▪ Azure Queue Storage - Store large numbers of messages.
▪ Azure File Storage - Enables you to create files shares in the cloud, and access these file shares from anywhere
with an internet connection
➢ Storage Access Tiers
▪ Hot, Cool and Archive
➢ Disk Storage
▪ VM uses disks as a place to store an operating system, applications, and data in Azure.
▪ Standard HDD, Standard SSD, Premium SSD and Ultra SSD

➢ Azure Storage Explorer
▪ Free tool to conveniently manage your Azure cloud storage resources from your desktop
➢ Azure Import and Export Service
▪ Move large amount of data (TBs) between on-premises and Azure storage securely.
➢ File Sync
Learning Outcome
▪ Replication occurs between Windows servers in your data centers and Azure.
➢ AzCopy
▪ Use it to copy data to/from Microsoft Azure Blob and File storage
➢ Azure Migrate
▪ Centralized hub to assess and migrate on-premises servers, infrastructure, applications, and data to Azure.
➢ Azure Data Box
▪ Microsoft provides you a piece of hardware in three different sizes developed specifically for import and export
tasks.
Identity Service
➢ On-premises system and data security – Network and Physical access
➢ In new “work from anywhere” environment, securing Identity is new priority
➢ Authentication vs Authorization
➢ Azure Active Directory
▪ Windows Server AD vs Azure AD
Learning Objectives ➢ Azure B2B – External or Guest Users
➢ Azure AD Free vs Premium Licensing
➢ Azure AD Groups
➢ Azure AD Roles
➢ Azure AD Roles vs RBAC Roles

Identity Service
➢ Single Sign on (SSO)
➢ Multi-Factor authentication
➢ Conditional Access
➢ Password-less authentication
➢ Role Based Access Control (RBAC)
Learning Objectives ➢ Zero Trust Principles
➢ Defense in Depth
➢ Microsoft Defender for Cloud (Azure Security Center)

Authentication vs Authorization
Verifying identity vs verifying access
Authentication and Authorization
⮚ Authentication is a process for verifying identity.
⮚ It answers the question “Is this person who they claim to be?”
⮚ Authorization gives the user permission to access specific resources.
⮚ It answers the question “What is this authenticated person allowed to do?”
⮚ Uses have to use credentials to prove their identity
⮚ Once authenticated, authorization defines what kinds of applications, resources,

and data that user can access.
Source: Microsoft
Authentication and Authorization Techniques
⮚ Authentication techniques
⮚ Password-based authentication
⮚ Password-less authentication (Example: send OTP on mobile/email)
⮚ Multi-factor authentication (OTP, Security Question, Password)
⮚ Single Sign-on
⮚ Social Authentication
⮚ Authorization Techniques
⮚ Role-based access control
⮚ JSON web token

Source: Microsoft
⮚ SAML
⮚ OpenID authorization
⮚ OAuth
Azure Active Directory
Microsoft's cloud-based identity and access management service
User
Identity and access management service
⮚ Helps your employees sign in and access resources
⮚ User information such as name, Id, email, password and address is stored in Azure AD by organizations.
⮚ Identity: user or applications (require authentication via secret keys or certificates).
⮚ Every day, Azure AD manages over 1.2 billion identities, according to Microsoft.
⮚ Tenant
⮚ Represents an organization
⮚ Tenant is automatically created when your organization signs up for a Microsoft cloud service subscription.
⮚ The term Tenant means a single instance of Azure AD representing a single organization.
⮚ The terms Tenant and Directory are often used interchangeably.
Windows Server AD (AD DS) vs Azure AD
⮚ Windows Server AD: Provides an identity and access management service

that's managed by your own organization in on-premises environment.
⮚ Azure Active Directory: cloud-based service
⮚ Communication Protocols: Azure AD is HTTP/HTTPS based, it does not use

Kerberos authentication.
⮚ Authentication - SAML, WS-Federation, and OpenID Connect
⮚ Authorization - OAuth
⮚ Azure AD Connect synchronizes user identities between on-

premises Active Directory and Azure AD.
⮚ Azure AD provides extra features
User Accounts
⮚ Cloud Identities
⮚ Users exists only in Azure AD
⮚ Local/your AAD or external AAD
⮚ Guest Identities (External Identities)
⮚ B2B collaboration
⮚ Directory-synchronized (Hybrid identities)
Azure Active Directory Azure Active Directory

Company/tenant A Company/tenant B
Azure B2B – External Users
Azure AD Roles vs RBAC Roles
User
Azure AD administrator roles RBAC Roles

⮚ Manage access to Azure Active Directory resources. ➢ Manage access to Azure resources.
⮚ Scope is at the tenant level. ➢ Scope can be specified at multiple levels (management group,
⮚ Examples: subscription, resource group, resource).
➢ Creating users/Groups/Roles ➢ Create Database
➢ Managing Password ➢ Create/manage/delete VM and other resources
➢ Billing/Payment Info
Single sign-on (SSO)
⮚ Problem statement - Why we need it?
⮚ Users had to create individual identity and password for each application
⮚ Difficult to remember credentials, and it’s unsecure
⮚ When a user leaves an organization, finding all those identities and

disabling them can be difficult.
⮚ Single sign-on allows users to sign in once and access multiple resources and
applications from multiple providers.
⮚ With SSO, you need to remember only one ID and one password.
⮚ As users change roles or leave an organization, access is tied to a single identity

and so it is easy to manage.
Source: Microsoft
Multifactor authentication
⮚ Two processes that enable secure authentication: Azure AD Multi-Factor Authentication and Conditional Access.
⮚ Multifactor authentication provides additional security for your identities by requiring two or more elements to fully authenticate.
⮚ Something the user knows: This might be an email address and password.
⮚ Something the user has: This might be a code that's sent to the user's mobile phone.
⮚ Something the user is: This is typically some sort of biometric property, such as a fingerprint or face scan that's used on
many mobile devices.
⮚ Recommended for administrative accounts

Conditional Access
⮚ Azure Active Directory uses Conditional Access to grant (or deny) resource access based on identity signals.
⮚ Who the user is (Administrator or normal user)
⮚ Where the user is (usual or unexpected location?)
⮚ What device the user is requesting access from (is this a new device?)
⮚ Based on signals AAD can decide to allow, deny, or require MFA access.
⮚ Multi-authentication only if sign-in signals are unusual (like unexpected location)
⮚ Need an Azure AD Premium P1 or P2 license
Source: Microsoft
Conditional access use cases?
⮚ Require multifactor authentication to use an app.
⮚ You can specify whether all users, or just administrators, require multifactor authentication.
⮚ Choose whether multifactor authentication is required for all networks or just untrusted ones.
⮚ Require service access only via approved client apps.
⮚ For example, allow users to access Office 365 services from a mobile device only if they use approved client apps, like the Outlook
mobile app.
⮚ Require users to access your application only from managed devices.
⮚ A managed device meets your security and compliance requirements.
⮚ Block untrusted access from unknown or unexpected locations.
Source: Microsoft
Passwordless authentication
⮚ 89% of data breaches involve weak,

default, or stolen passwords.
⮚ MFA
▪ Better than passwords
▪ Ease-of-use challenges
⮚ Passwordless
⮚ End users no longer need to

create, store or remember
passwords.
⮚ Sign in with one look or tap.
⮚ Passwordless Options
▪ Windows hello for business
▪ Microsoft Authenticator
▪ FIDO2 Security Key
Source: Microsoft
Windows hello for business
⮚ Ideal for information workers that have their own

designated Windows PC
⮚ Biometric sign-in
⮚ Facial recognition
⮚ Fingerprint recognition
⮚ 4 digit PIN
Source: Microsoft
Microsoft Authenticator
⮚ For mobile devices.
⮚ Get a push notification and verify identity

with a biometric or PIN.
Source: Microsoft
FIDO2
⮚ Fast Identity Online (FIDO2)
⮚ Standards-based passwordless authentication
⮚ WebAuthN and CTAP standards are final
⮚ For access to public or shared devices.
⮚ Replace passwords with a security key using

multifactor authentication.
⮚ FIDO2 security keys are typically USB devices, but

could also use Bluetooth or NFC.
Source: Microsoft
Azure RBAC
Role-based access control
Role-based access control
⮚ Azure RBAC is system that allows control over who has access to which
Azure resources, and what those people can do with those resources.
⮚ Consists of three elements
⮚ Who has access to Azure resources?
⮚ Security principal - An identity that gets the permissions.

It could be a user, group, or a service principal.
⮚ What they can do with those resources?
⮚ Role definition - A collection of permissions.
⮚ What is the Scope of access?
⮚ A way to constrain where those permissions are

applicable.
⮚ You can assign multiple Azure roles to a user account
⮚ You can create your own custom Azure roles to assign custom
permissions
⮚ You can assign roles using the Azure portal, Azure CLI, Azure
PowerShell, Azure SDKs, or REST APIs.
Zero Trust principles
Why Zero Trust
➢ Mobile access
➢ Cloud migration
➢ Risk mitigation
225
Guiding Principles of Zero Trust
➢ Verify explicitly
➢ Use least privileged access
➢ Assume breach
226
Verify explicitly
➢ Always authenticate
➢ Authorize based on all available data points

▪ User identity
▪ Location
▪ Device health
▪ Service
▪ Data classification
227
Use least privileged access
➢ Limit user access using

▪ Just-in-time and just-enough-access (JIT/JEA)
▪ Risk-based adaptive policies
▪ Data protection
228
Assume breach
➢ Minimize blast radius for breaches and prevent lateral movement

by segmenting access by
▪ Network
▪ User
▪ Devices
▪ App awareness
➢ Verify all sessions are encrypted end to end
➢ Use analytics to
▪ Get visibility
▪ Drive threat detection
▪ Improve defenses
229
Defense in depth
Protect information and prevent it from being stolen by those who aren't authorized to access it.
Defense in depth
⮚ A defense-in-depth technique employs many mechanisms to stop an attack aimed at gaining

unauthorized data access.
⮚ Each layer provides protection, so If one layer is penetrated, a following layer is already in place to
prevent further exposure.
⮚ Physical security: Microsoft own and is responsible to manages physical security. Only authorized
personnel have access to different areas of data centers.
⮚ Identity & Access: The identity and access layer is all about ensuring that identities are secure, access is
granted only to what's needed, and sign-in events and changes are logged.
⮚ Control access to infrastructure and change control.
⮚ Use single sign-on (SSO) and multifactor authentication.
⮚ Network perimeter - it's about protecting from network-based attacks against your resources.
Identifying these attacks, eliminating their impact, and alerting you when they happen are important
ways to keep your network secure.
⮚ Example - Use DDoS protection to filter large-scale attacks before they can affect the
availability of a system for users.
Source: Microsoft
Defense in depth
⮚ Network - the focus is on limiting the network connectivity across all your resources to allow only
what's required.
⮚ Limit communication between resources.
⮚ Deny by default.
⮚ Restrict inbound internet access and limit outbound access where appropriate.
⮚ Implement secure connectivity to on-premises networks.
⮚ Compute - Malware, unpatched systems, and improperly secured systems open your environment to
attacks.
⮚ Secure access to virtual machines.
⮚ Implement endpoint protection on devices and keep systems patched and current.
⮚ Application - Integrating security into the application development lifecycle helps reduce the number
of vulnerabilities introduced in code.
⮚ Ensure that applications are secure and free of vulnerabilities.
⮚ Store sensitive application secrets in a secure storage medium.
Source: Microsoft
Defense in depth
⮚ Data - In almost all cases, attackers are after data.
⮚ Regulatory requirements dictate the controls and processes that must be in place to ensure
the confidentiality, integrity, and availability of the data.
⮚ Confidentiality - The principle of least privilege means only allowing access to information to
those who need it to do their jobs properly.
⮚ Integrity: Prevent unauthorized changes to information:
⮚ At rest: when it's stored.
⮚ In transit: when it's being transferred from one place to another, including from a
local computer to the cloud.
⮚ Availability: Ensure that services are functioning and can be accessed only by authorized
users.
Source: Microsoft
Microsoft Defender for Cloud
Protect your multicloud and hybrid environments
⮚ Microsoft Defender for Cloud is a set of security tools.
⮚ Ensure that all of company systems meet a minimum level of security and that its information is protected from attacks.
⮚ Monitoring service that provides visibility of your security posture across all of your services
⮚ Azure, non-Azure (AWS, GCP), and on-premises (Hybrid)

Secure score - A single score so that you can
⮚ Cloud security posture management (CSPM) and cloud workload protection (CWP) solution tell, at a glance, your current security
situation: the higher the score, the lower the
⮚ Identifies and fixes security flaws in your cloud configuration identified risk level.
Hybrid computing Recommendation on

Secure Score how to improve
score, also provide
“fix” button for
automated
implementation.
Non-Azure Cloud Recommendations
Defend: detect
Azure Resources
Microsoft Defender threats and send
for Cloud Alerts alerts (email)
(PaaS and IaaS)
⮚ Security Center can:
⮚ Automatically apply required security settings to new resources as they come online.
⮚ Provide security recommendations that are based on your current configurations, resources, and networks.
⮚ identify potential vulnerabilities before those vulnerabilities can be exploited.
⮚ Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources.
⮚ Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred.
⮚ Provide just-in-time access control for network ports.
⮚ Azure Security Center is available in two versions:
⮚ Free - Azure Defender OFF
⮚ Included in all Azure services, provides continuous assessments, security score, and actionable security recommendations.
⮚ Paid – Azure Defender ON
⮚ This tier provides a full suite of security-related services, including continuous monitoring, hybrid security, threat detection
alerts, vulnerability scanning, JIT (just in time) access control for VM, and more.
Source: Microsoft
⮚ Authentication vs Authorization
▪ Is this person who they claim to be?”
▪ What is this authenticated person allowed to do
⮚ Azure Active Directory
▪ Identity and Access Management Service
▪ Pricing: Free, Paid (P1 and P2)
⮚ Windows Server AD vs Azure AD
Learning Outcome ⮚
▪ Azure AD Connect to sync
Azure B2B – External Users
⮚ Azure AD Roles vs RBAC Roles
▪ AD Roles -> Manage access to Azure Active Directory resources
▪ RBAC Roles -> Manage access to Azure resources.
⮚ Single sign-on (SSO)
▪ Allows users to sign in once and access multiple resources and applications from
multiple providers
➢ Multifactor authentication
➢ Someone the user knows, has or Is

⮚ Conditional Access
▪ Access to grant (or deny) resource access based on identity signals
▪ Need an Azure AD Premium P1 or P2 license
➢ Passwordless authentication
▪ Windows hello for business
▪ Microsoft Authenticator
Learning Outcome ▪ FIDO2 Security Key
➢ Zero Trust Principles
➢ RBAC Roles
➢ Defense in depth
➢ Microsoft Defender for Cloud
▪ Monitoring service that provides visibility of your security posture across all of your
services
▪ Azure, non-Azure (AWS, GCP), and on-premises (Hybrid)

➢ Cost Affecting Factors
➢ Pricing calculator
Learning Objectives ➢ Cost Reduction Methods - Recommended practices to minimize cost.
➢ Total Cost of Ownership Calculator
➢ Cost Management and Billing tool/service

Cost Affecting Factors
⮚ Types of Azure Subscription
⮚ Free Trial
⮚ Pay-as-you-go
⮚ Member offers – you get credit and reduced rate
⮚ Visual Studio subscribers
⮚ Microsoft Partner Network members
⮚ Microsoft for Startups members
⮚ Microsoft Imagine members
⮚ Azure Services purchase options
⮚ Through an Enterprise Agreement
⮚ Directly from the Azure portal website and pay standard prices
⮚ Azure Marketplace - third-party vendors
⮚ Through a Cloud Solution Provider (CSP)

⮚ Resource type
⮚ Example: Storage type (block blob storage, table storage, performance tier, access tier)
⮚ Usage meters
⮚ Microsoft generates meter at the time of resource provision, this meter generates usage record
⮚ Single VM: CPU time + Public IP address + network traffic (incoming, outgoing) + disk size + disk operations (read, write)
⮚ Functions: No of execution + memory/sec
⮚ Storage: Storage x tier + Operations
⮚ Logic App: Actions
⮚ Resource Group: FREE
⮚ Resource usage
⮚ Example – deallocate VM when not in use, save compute cost but storage will still cost.
⮚ Location
⮚ Low data center operating cost can reduce your cost
⮚ But high network bandwidth can increase cost
⮚ Bandwidth - data moving in and out of Azure datacenters

Cost Reduction Methods
⮚ Reservations
⮚ Reserve resources for 1 year or 3 years in advance.
⮚ Azure Reservations can save you up to 72 percent as compared to
pay-as-you-go prices.
⮚ Save on licensing costs
⮚ Choose cost-effective operating systems
⮚ Hybrid Benefits
⮚ letting you use your on-premises Software Assurance-
enabled Windows Server and SQL Server licenses on Azure.
⮚ You pay only for the VMs' infrastructure cost

⮚ Spot VM
⮚ Spot pricing provides access to Azure compute resources at deep

discounts when unused Azure capacity is available.
⮚ If Azure needs the capacity back, spot VMs can be evicted with a 30-
second notice.
⮚ You can set the maximum price that you agree to pay.
⮚ Your VMs are automatically evicted when the current spot price is higher
than the maximum price you agree to pay or if Azure no longer has
compute capacity available .
⮚ Best for interruptible workloads (batch processing, dev/test

environments, non-critical tasks etc.)
⮚ Azure Service Advisor
⮚ Resize underutilized virtual machines
⮚ Deallocate virtual machines during off hours
⮚ Delete unused resources
⮚ Migrate from IaaS to PaaS services
⮚ Choose Low cost Location and Reservation

Total Cost of Ownership (TCO) Calculator
On-premises
Upfront Cost
Capital Expenditure (CapEx)
• Hardware costs
• Software costs Azure Cloud
• Electricity costs • Pay-As-You-Go
• Virtualization costs • Operational Expenditure (OpEx)
• Data center costs

• Networking costs
• Database costs Estimate the cost savings you can realize by
• Data warehouse costs migrating your workloads to Azure
Azure Cost Management and Billing
Manage your cloud spending with confidence
Cost Management
⮚ This is a built-in service that gives you a breakdown of the usage and cost of your Azure
resources.
⮚ This allows you to see what is costing you money and how it compares against your budget.
⮚ You use Cost Management + Billing features to:
⮚ Conduct billing administrative tasks such as paying your bill
⮚ Manage billing access to costs
⮚ Download cost and usage data that was used to generate your monthly invoice
⮚ Proactively apply data analysis to your costs
⮚ Set spending thresholds
⮚ Identify opportunities for workload changes that can optimize your spending
Source: Microsoft
⮚ Cost Affecting Factors
⮚ Types of Azure Subscription
⮚ Azure Services purchase options (Direct, Third-party vendors, CSP, Enterprise agreement)
⮚ Resource type
⮚ Usage meters
⮚ Resource usage
⮚ Location
⮚ Bandwidth
⮚ Pricing Calculator - estimate the monthly cost of running your cloud workloads.
Learning Outcome ⮚ Cost Reduction Methods

⮚ Reservations
⮚ Save on licensing cost
⮚ Spot VM
⮚ Service Advisor
⮚ Delete unused resources
⮚ Migrate from IaaS to PaaS
⮚ Location
⮚ Total Cost of Ownership Calculator - compare your current datacenter costs to running the
same workloads on Azure.
⮚ Cost Management
⮚ What is costing you money and how it compares against your budget
Governance
➢ The term governance refers to the process of establishing and enforcing rules and policies.
➢ A good governance strategy helps you maintain control over the cloud applications and resources you manage.
➢ Azure Role-based access control (RBAC)
➢ Resource Lock
Learning Objectives ➢ Tags
➢ Azure Policy
➢ Azure Blueprints
➢ Cloud Adoption Framework

Azure Tags
name-value pairs that help to organize the Azure resources
Azure Tags
⮚ Azure tags are the name-value pairs that help to organize the Azure resources in the Azure portal.
⮚ Azure Tags are simply labels that you can attach to your Azure resources.
⮚ You can use tags to easily group and classify resources and assets in Azure.
⮚ For example, explore of the costs generated by resources having the same tag applied.
⮚ Tagging is a primary way to understand the data in any cost or billing reporting.
⮚ Resources don’t inherit any Azure tags applied at the Resource Group level.
⮚ It’s a fundamental part of any well-manage environment. It’s also the first step in establishing proper governance of any
environment.
⮚ Azure Policy can be used to enforce tagging rules and conventions.
⮚ For example, you can require that certain tags be added to new resources as they are provisioned.
Azure Policy
Achieve real-time cloud compliance at scale with consistent resource governance
Azure POlicy
⮚ Azure Policy can help you control or restrict or audit your resources.
⮚ Enforce rules on Azure resources configurations to make sure they remain compliant with corporate standards.
⮚ You can apply individual policy or group of policy (initiatives).
⮚ Two imp tasks
⮚ Prevent noncompliant resources from being created
⮚ Highlights existing resources that aren't compliant with the policies.
⮚ Examples:
⮚ Allows only a certain SKU size for the virtual machines (VMs) to be provisioned.
⮚ Mandatory tags to be created while provisioning resources
⮚ MFA should be enabled on accounts with write permissions on your subscription
⮚ Assign policy within a specific scope (management group, a single subscription, or a resource group.)
⮚ Policy assignments are inherited by all child resources within that scope
⮚ You can exclude specific child resources you need to be exempt from the policy assignment
⮚ You can review the noncompliant policy results and take any action that's needed.
Azure Blueprints
Enabling quick, repeatable creation of governed environments
Azure Blueprints
Chair Blueprint
A blueprint is a set of instructions, a pattern, or a design for creating anything.

Azure Blueprints
⮚ Create and deploy a replaceable set of Azure resources that meet specific requirements and standards.
⮚ It can be easier to make new environments that are always in line with the company's rules.
⮚ They can do this much faster than if they had to start from scratch each time.
Azure Blueprints
⮚ You can make it easier to set up large-scale Azure deployments by putting together environment artifacts in a single blueprint
definition.
⮚ Each component in the blueprint definition is known as an artifact.
⮚ Role assignments
⮚ Policy assignments
⮚ Azure Resource Manager templates
⮚ Resource groups
⮚ Fast and without manual error
⮚ Blueprint is assigned at the subscription level
⮚ You can also fine-tune control and management through versioning.

⮚ Role-based access control
▪ Who has access to which Azure resources
▪ Security Principle, Roles and Scope
⮚ Resource Locks
▪ Help prevent accidental delete or update of your Azure resources.
⮚ Tags
▪ Name-value pairs, group and classify resources
Learning Outcome ⮚ Azure Policy
▪ Control or restrict or audit your resources
⮚ Azure Blueprints
▪ Large-scale Azure deployments across subscriptions by putting together environment

artifacts in a single blueprint definition.
⮚ Cloud Adoption Framework
▪ Set of tools, best practices, guidelines and documentation to help companies with
their migration journey
Management Tools
➢ Administrators, developers, and managers may interface with the cloud environment utilizing Azure management tools to
do things like:
➢ Several dozens or hundreds of resources may be deployed at once.
➢ Individual services may be programmatically configured.
➢ Azure Portal
Learning Objectives ➢ Azure PowerShell, CLI, Cloud Shell
➢ Azure Mobile App
➢ Azure Arc
Azure Portal
One stop shop – Single portal, single login for all your Azure assets
Azure Portal
⮚ Web-based user interface to almost all Azure features.
⮚ See all your services, create new ones, configure them, and see reports
⮚ Single login for all user assets
When Portal is preferred?
⮚ Occasionally management and administrative tasks can be performed via the Azure portal.
⮚ A visual interface for reporting makes sense if you're just learning Azure and only need to set up and manage resources
occasionally.
When Portal is not preferred?
⮚ The routine setup, teardown, and maintenance of a single resource or multiple connected resources.
⮚ Use scripts - Powershell or CLI

Azure PowerShell, CLI, Cloud Shell
command-line tools that enable you to create and manage Azure resources.
PowerShell vs CLI vs Cloud Shell
⮚ PowerShell can execute commands called Cmdlets
⮚ Commands call the Azure Rest API
⮚ Can perform every possible management task in Azure
⮚ Cmdlets can be executed independently or combined into a script file PowerShell

⮚ Script makes the process repeatable and automatable
⮚ The routine setup, teardown, and maintenance of a single resource or multiple connected resources.
⮚ Available for Windows, Linux, and Mac
⮚ PowerShell can work with other platform as well

CLI
PowerShell vs CLI
⮚ Primary difference is the syntax
⮚ Windows administrators can prefer PowerShell.
⮚ Linux administrators can prefer Azure CLI, similar to Bash scripting.

Azure Cloud Shell
⮚ An interactive shell that runs in the browser for free (Access from Azure Portal)
⮚ Pre-installed and configured Azure tools like interpreters or modules.
⮚ Language support for Node.js, .Net and python
⮚ Supports both PowerShell and CLI (bash)
⮚ Dedicated storage to persist between sessions
⮚ Integrated file editor

When PowerShell or CLI are not preferred?
⮚ The deployment of an entire infrastructure, which might contain dozens or hundreds of resources, from imperative code.
⮚ A validation step ensures that all resources can be created in the proper order based on dependencies, in parallel, and idempotent.
⮚ ARM template – Azure Resource Manager

Azure Resource Manager (ARM)
Deployment and management service for Azure
Source: Microsoft
⮚ Deployment and management service for Azure
⮚ All Azure resource activities are routed via ARM.
⮚ Describe the resources in a declarative JSON format
⮚ ARM template is verified before any code is executed to ensure that the resources will be created and connected correctly
⮚ Automatic Rollback in case of failure
⮚ The template then orchestrates the creation of those resources in parallel
⮚ Templates can even execute PowerShell and Bash scripts before or after the resource has been set up
⮚ Creates all dependencies in the correct order
⮚ Save previous scripts for version control
⮚ ARM templates define your application's infrastructure requirements for a repeatable deployment that is done in a consistent manner
⮚ Why not PowerShell or CLI?
⮚ No validation step in these tools
⮚ If a script encounters an error, the dependency resources can't be rolled back easily
⮚ Deployments happen serially
⮚ You have to figure out dependencies
Source: Microsoft
Azure Mobile App
Stay connected to your Azure resources—anytime, anywhere.
Azure Mobile App
⮚ Access via an iOS or Android phone or tablet
⮚ Why Mobile App?
⮚ Best choice when a laptop isn't readily available and you need to view and triage issues immediately
⮚ lets employees be away from work and still perform essential, one-off management and administrative tasks.
⮚ What Mobile App can do?
⮚ Monitor the health and status of your Azure resources such as virtual machines (VMs) and web apps.
⮚ Check for alerts, quickly diagnose and fix issues, and restart a web app or virtual machine (VM).
⮚ Run the Azure CLI or Azure PowerShell commands to manage your Azure resources.
Source: Microsoft
Azure Arc
Secure, develop, and operate infrastructure, apps, and Azure services anywhere.
Azure Arc

Azure Arc
⮚ Challenge
⮚ Difficult to control and manage environment across data centers, multiple clouds, and edge.
⮚ Each environment and cloud has its own set of management tools
⮚ Azure Arc
⮚ Provide centralized and unified way to manage all diff platforms
⮚ Manage, automate, optimize and secure other platforms
⮚ Project your existing non-Azure and/or on-premises resources into ARM.
⮚ Manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure.
⮚ Use familiar Azure services and management capabilities, regardless of where they live.
⮚ Currently manage below resources
⮚ Servers – Windows and Linux physical servers and VMs hosted outside Azure
⮚ Kubernetes clusters
⮚ Azure data services
⮚ SQL Server
⮚ Virtual Machines

➢ Azure Portal
▪ Web-based user interface to almost all Azure features.
➢ Azure PowerShell, CLI, Cloud Shell
Learning Outcome
▪ Command-line tools that enable you to create and manage Azure resources.Azure
Resource Manager (ARM)
▪ CloudShell: An interactive shell that runs in the browser for free (Access from Azure
Portal)
➢ Azure Resource Manager
▪ Deployment and management service for Azure
➢ Azure Mobile App
▪ Access via an iOS or Android phone or tablet
➢ Azure Arc
▪ Provide centralized and unified way to manage all diff platforms

Monitoring
➢ Microsoft can help you react quickly to outages, research intermittent issues, optimize your usage, and be proactive in
handling future planned downtime.
➢ Azure Advisor
Learning Objectives ➢ Azure Monitor

Azure Advisor
Your free, personalized guide to Azure best practices
Azure Advisor
Source: Microsoft
Azure Advisor
Source: Microsoft
Azure Advisor
Source: Microsoft
Azure Advisor
Source: Microsoft
Azure Advisor
⮚ Provides recommendations to optimize your Azure deployments
⮚ These recommendations are proactive, actionable, and personalized
⮚ Step-by-step instructions and quick fixes
⮚ Cloud score to analyze workload architecture
⮚ Notifications of new and available recommendations
⮚ Azure Advisor integrates with Microsoft Defender for Cloud (Azure Security Center) to help to prevent, detect, and
respond to threats to Azure resources.
⮚ Recommendations are related to:
⮚ Reliability: Ensures and improves the availability of your mission-critical applications.
⮚ Security: Detect threats and vulnerabilities that might lead to security breaches.
⮚ Performance: Improve the speed of your applications.
⮚ Cost: Optimize and reduce your overall Azure spending.
⮚ Operational Excellence: Help you achieve process and workflow efficiency, resource manageability, and
deployment best practices.
Source: Microsoft
Azure Monitor
Full observability into your applications, infrastructure, and network
Azure Monitor
⮚ Collect, Analyze, Visualize and take actions based on matric and logging data
⮚ Collect data from Cloud and On-premises infrastructure
Source: Microsoft
Azure Service Health
Personalized alerts and guidance for Azure service issues
Azure Service Health
⮚ keeps you informed about the current and upcoming issues at Azure side.
⮚ You can set up Service Health alerts – notify you about service issues, planned maintenance, or other changes.
⮚ Azure Service Health is a combination of three separate smaller services.
1. Azure status provides global view of the health of all Azure services across all Azure regions
⮚ status.azure.com
2. Service health is a personalized view of the health of the Azure services and regions you're using.
1. Service issues - Problems in the Azure services that affect you right now.
▪ It also provides the solution from the Azure development team.
2. Planned maintenance - Upcoming maintenance that can affect the availability of your services in the future.
▪ Reports of some solution on how you could achieve less impact on this downtime
3. Health advisories - Changes in Azure services that require your attention.
▪ Examples include deprecation of Azure features or upgrade requirements (e.g upgrade to a supported PHP framework).
4. Security advisories - Security related notifications or violations that may affect the availability of your Azure services.
3. Resource health provides information about the health of your individual cloud resources such as a specific virtual machine instance.
Source: Microsoft
➢ Azure Advisor
▪ Provides recommendations to optimize your Azure deployments
▪ Reliability, security, performance, cost, operational excellence
Learning Outcome
➢ Azure Monitor
▪ Collect, Analyze, Visualize and take actions based on matric and logging data
▪ keeps you informed about the current and upcoming issues at Azure side.
▪ Global view - status.azure.com
▪ Service Health - personalized view

I would be very
grateful. If you can,
please leave a review.

AZ-900 Slides - 5th May

Uploaded by

Copyright:

Available Formats

You might also like

AZ-900 Slides - 5th May

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AZ-900 Slides - 5th May

Uploaded by

Copyright:

Available Formats

AZ-900 Exam Changes – 5th May 2022

Before 5th May 2022 From 5th May 2022

➢ Describe general security and network security features (10-15%)

➢ Describe identity, governance, privacy, and compliance features (15-20%)

➢ Describe Azure cost management and Service Level Agreements (10-

✓ PPT/ concepts/ scenarios/ problems/ challenges/ solutions

✓ Learn by doing – lots of demos

✓ Prepare you for AZ-900 certification

✓ Prepare you to have a solid foundation of Azure Cloud Computing

❖ Study plan [2-5 days]

✓ Just go through lessons, quizzes, summary and practice test

❖ Study plan [5-10 days] – Recommended

✓ Anyone who wants to clear AZ-900 Certification

✓ Anyone who wants to start learning Azure Cloud

✓ Moving from other public cloud vendors.

✓ No other certification, or prior knowledge required.

✓ 15+ hrs. of content, 100% syllabus covered

✓ Practice test, quizzes, my notes, Imp links etc.

✓ PPT, Demo resources and other study material

✓ Full lifetime access

✓ Certificate of course completion

✓ 30-days Money-Back Guarantee

❖ Exam official page:

❖ Level: Foundational (not an easy exam for newbies, lot to remember)

❖ No of Questions: 40-60 questions

❖ Passing Score: 700/1000 (No negative marking)

❖ Language: English, Japanese, Chinese (Simplified), Korean, Spanish, German, French,

❖ Retirement date: none

➢ Based on Service functional knowledge

❖ Rating/Reviews is very important

❖ Udemy platform related issues - Please contact them directly

❖ Mobile app issues

❖ Please contact Udemy support directly.

➢ Why we need Cloud?

➢ What is Cloud Computing?

Learning Objectives ➢ Create Azure FREE Subscription

➢ Azure Portal overview

➢ Delete Resources and Set budget

X Core X Core X Core X Core X Core X Core

41 % Utilization 12 % Utilization 25 % Utilization 8 % Utilization 24 % Utilization 21 % Utilization

Virtual Machine Virtual Machine Virtual Machine

⮚ High upfront cost Application Application Application

⮚ Monthly expense even if not using

Hardware (CPU, Memory, Disk)

⮚ No plant maintenance ⮚ No Maintenance

⮚ Scaling ⮚ Scaling – Expand storage or compute

⮚ Cloud computing means Internet based Computing

⮚ So, In simple terms, Cloud computing is on-demand

⮚ Cloud Providers – Microsoft, AWS, Google

⮚ Example – Gmail, Netflix, Dropbox

⮚ Same resources shared by multiple clients

Cloud Infrastructure: Shared Resources

⮚ Web-based, graphical user interface (GUI) for controlling Microsoft Azure

⮚ Unified console that provides an alternative to command-line tools.

⮚ Create custom dashboards for an organized view of resources.

⮚ Load from closest location

⮚ Continuously maintained behind the scene and requires no downtime.

⮚ Azure won't charge you for your free subscription.