Professional Documents
Culture Documents
Managing Resources Policies and Resource Groups
Managing Resources Policies and Resource Groups
Managing Storage:
An Azure Storage account is an entity you create that is used to store Azure Storage
data objects such as blobs, files, queues, tables, and disks. Data in an Azure Storage
account is durable and highly available, secure, massively scalable, and accessible
from anywhere in the world over HTTP or HTTPS.
The storage firewall allows you to limit access to specific IP addresses or an IP
address range. It applies to all storage account services (blobs, tables, queues, and
files). The storage firewall includes an option to allow access from trusted Microsoft
services. These services include Azure Backup, Azure Site Recovery, and Azure
Networking. When creating a storage firewall, you must use public Internet IP
address space. You cannot use IPs in the private IP address space.
virtual network service endpoints for your Azure Storage accounts allows you to
remove access from the public Internet and only allow traffic from a virtual network
for improved security.
Blobs. storing arbitrary data objects such as text or binary data.
Tables. NoSQL-style store for storing structured data. Unlike a relational
database
Queues. Provides reliable message queueing between application
components.
Files. file shares that can be used by Azure VMs or on-premises servers.
Disks. storage volume for Azure VM which can be attached as a virtual hard
disk.
Access tiers Azure Blob Storage supports three access tiers: Hot, Cool, and Archive.
Shared Access Signature (SAS) Token SAS is a secure way to grant limited access to
the resources in your storage account to the external world (clients, apps), without
compromising your account keys
Managing access keys in Azure Key Vault It is important to protect the storage
account access keys because they provide full access to the storage account. Azure
Key Vault helps safeguard cryptographic keys and secrets used by cloud applications
and services, such as authentication keys, storage account keys, data encryption
keys, and certificate private keys.
Owner
Contributor
Reader
User Access Administrator
We can assign these roles to management groups, subscriptions, resource groups, apps, and
also individual users. A maximum of 2000 roles can be allocated to each subscription.
Azure Active Directory Tenant Subscriptions Resource Groups Resources
In the Active Directory when creating the roles, there are 3 roles.
User (Viewer)
Global Admin (Full control on everything)
Limited Admin (different type of admins like Auth admin, App admin, exchange
admin etc)
Cost Centre and Tagging: (We use the word limits in the name of Quotas)
There are service (AD, app service etc) specific limits using the Azure Resource Manager.
Resource: A manageable item which is available in azure (VM, Storage, network etc)
Resource Group: A container in azure that contains multiple resources in it.
Resource Provider: A service that supplies Azure Resources
Resource manager Template: A Json file that defines the resources to deploy in a RG
or a subscription
Tags: Metadata for organising and categorising cloud-based resources. We can use tags in
Resource management, Automation and Accounting. Azure supports 15 tags per RG.
We can place the tags while creating the resources / to an existing resource. But tags are
supported for resourced deployed using the resource manager deployment model only.
Subscription Policies: Policies can use ARM and Resource groups or Azure service
management which is called classic deployment model.
Azure Advisor: It is a personalized cloud consultant that helps you follow best practices to
optimize your Azure deployments. It analyses your resource configuration and usage
telemetry and then recommends solutions that can help you improve the cost effectiveness,
performance, Reliability (formerly called High availability), and security of your Azure
resources.
The Advisor dashboard displays personalized recommendations for all your subscriptions.
You can apply filters to display recommendations for specific subscriptions and resource
types. The recommendations are divided into five categories:
Reliability (formerly called High Availability): To ensure and improve the continuity of your
business-critical applications.
Security: To detect threats and vulnerabilities that might lead to security breaches.
Performance: To improve the speed of your applications.
Cost: To optimize and reduce your overall Azure spending
Operational Excellence: To help you achieve process and workflow efficiency, resource
manageability and deployment best practices.
AD Roles:
Create users and groups
Manage user and group properties
Manage device settings
Perform bulk user updates
Manage guest accounts
Configure Azure AD Join
Configure self-service password reset
Manage Subscription and Governance:
Configure Azure Policies
Configure resource locks
Apply and manage tags on resources
Create and manage resource groups
Manage Azure Subscriptions
Configure management groups
Configure cost management