Azure Fundamentals:

AZ-900 Certification

Kevin Brown
MCT (Microsoft Certified Trainer) since 2000,
Azure Security Engineer,
Azure Solutions Architect,
Azure Administrator,
MCSE,
CISSP
Candidates

Who is this course for?

 Azure beginners

 Want to learn more about Azure

 Want to become Azure certified

Azure Fundamentals Outline: Module 1

Cloud Concepts
 Benefits of Cloud Services

 Types of Cloud models

 Types of Cloud Services

Azure Fundamentals Outline: Module 2

Core Azure Services

 Core Azure Architectural components

 Core Azure Services and Products

 Azure Solutions

 Azure management tools

Azure Fundamentals Outline: Module 3

Security, Privacy, Compliance and Trust

 Securing network connectivity in Azure

 Core Azure Identity services

 Security tools and features

 Azure governance methodologies

 Monitoring and Reporting in Azure

 Privacy, Compliance and Data Protection standards in Azure

Azure Fundamentals Outline: Module 4

Azure Pricing and Support

 Azure subscriptions

 Planning and managing costs

 Support options available with Azure

 Azure Service Level Agreements (SLAs)

 Service lifecycle in Azure

 Module 1:
Cloud Concepts
Cloud Concepts: Learning Objectives

After completing these topics, you will be able to:

 Describe and understand cloud services and their benefits

 Understand key terms you will encounter when working with

cloud services

 Understand public, private, and hybrid cloud models

 Understand Infrastructure-as-a-Service (IaaS)

 Understand Platform-as-a-Service (PaaS)

 Understand Software-as-a-Service (SaaS)

 Module 1:
Cloud Concepts
Lesson 1: Why Cloud
Services?
Why use Cloud Services

Benefits of cloud services

High availability
 Scalability
Agility
 Fault tolerance
 Disaster recovery
Why use Cloud Services

Benefits of cloud services

• High Availability (HA): This refers to a system's ability to minimize

downtime and ensure continuous operation. In Azure, this can be
achieved through features like redundant virtual machines, load
balancing, and automatic failover. Even if one component fails,
your application or service remains available.

Imagine you run a bakery with two ovens. If one oven malfunctions,
you can still bake using the other, keeping your business running
with minimal disruption. In Azure, this translates to having backup
systems in place, so if one server has an issue, your application or
service keeps functioning.
Why use Cloud Services

Benefits of cloud services

• Scalability: This describes the ability to easily adjust resources (like

processing power, storage) up or down based on demand. Azure
offers both vertical scaling (adding resources to an existing
machine) and horizontal scaling (adding more machines) for
optimal performance and cost-efficiency.

Think of a clothing store during the holidays. You might bring in

extra staff (scale up) to handle the increased customer flow. Then,
after the holidays, you can reduce staff (scale down) to normal
levels.
Why use Cloud Services

Benefits of cloud services

• Agility: This refers to the speed and flexibility of deploying and

managing resources in the cloud. Azure's self-service model and
automation tools allow for quicker development, testing, and
deployment of applications. This agility helps businesses adapt to
changing needs and market demands.

Remember that school project due tomorrow night? Azure's agility is

like being able to write, edit, and format your paper quickly and
efficiently.
Why use Cloud Services

Benefits of cloud services

• Fault Tolerance: This is a subset of High Availability, focusing on a

system's ability to withstand component failures without impacting
service. For instance, Azure virtual machines running on redundant
hardware can tolerate hardware failure by automatically switching
to a healthy machine.

Ever fly on a plane that had an engine failure? A fault-tolerant

system is like having a twin engine plane that can fly with only one
engine.
Why use Cloud Services

Benefits of cloud services

• Disaster Recovery (DR): This is a broader strategy for recovering

from larger outages or disasters that might entirely disable a data
center. Azure offers tools like Azure Site Recovery to replicate data
and applications to a secondary location for quick restoration in
case of a major disruption.

A fire damages your bakery. Disaster recovery is like having a backup

of your recipes and ingredients stored at a friend's bakery. You can
have those recipes and ingredients sent to a new bakery. With
Azure's DR tools, you can replicate your data and applications to a
separate location, allowing for quick restoration if a major disruption
occurs at your primary location.
Why use Cloud Services

On-premise

• Domain Controllers
• Email Servers
• Application Server
• File Servers
• Web Servers
• SharePoint

VPN

Clients Remote Users

Why use Cloud Services

On-premise Cloud

• Domain Controllers
• Email Servers
• Application Server
• File Servers
• Web Servers
• SharePoint

Clients Remote Users

Why use Cloud Services

Benefits of cloud services

High availability. The ability to keep services up and running for long
periods of time, with very little downtime, depending on the service in
question.

Scalability. The ability to add or remove additional resources.

Elasticity. The ability to automatically or dynamically increase or decrease

resources as needed. Elastic resources match the current needs, and
resources are added or removed automatically to meet future needs. A
distinction between scalability and elasticity is that elasticity is done
automatically
Why use Cloud Services

Benefits of cloud services

Agility. The ability to scale quickly. Cloud services can allocate and
deallocate resources quickly, on-demand.

Fault tolerance. The ability to remain up and running even in the event of
a component or service no longer functioning. Typically, redundancy is
built into cloud services architecture so if one component fails, a backup
component takes its place.

Disaster recovery. The ability to recover from an event which has taken
down a cloud service.
Why use Cloud Services

Benefits of cloud services

High availability
 Scalability
 Elasticity
 Agility
 Fault tolerance
 Disaster recovery
What is Cloud Computing?

 Rather than building and operating dedicated

infrastructure to provide IT services, Cloud Computing
services are shared resources offered and maintained by
a third party to multiple IT “tenants” or organizations

Benefits:
 Faster acquisition and deployment of computing
resources
 Lower capital equipment expenditures
Economies of scale

 The concept of economies of scale is the ability to do things

less expensively, but more efficiently when operating at a
larger scale in comparison to operating at a smaller scale
 Cloud providers such as Microsoft, Google, and Amazon Web
Services (AWS) are very large businesses, and thus can
leverage the benefits of economies of scale and then pass
those benefits on to their customers
Capital Expense compared to Operational Expense

Capital Expenditure (CapEx) is the spending of money on physical

infrastructure up front, and then deducting that expense from your
tax bill over time. CapEx is an upfront cost which has a value that
reduces over time.

Operational Expenditure (OpEx) is spending money on services or

products and being billed for them immediately. You can deduct this
expense from your tax bill in the same year. There is no upfront cost,
you pay for a service or product as you use it.
Consumption based model

 Only pay for resources that are consumed

 Lower costs
 Additional resources on demand
 Module 1:
Cloud Concepts
Lesson 2: Types of cloud
models
Public Cloud

A public cloud is owned by a cloud services provider (also known

Public cloud
as a hosting provider). It provides resources and services to
multiple organizations and users who connect to the cloud service
via a secure network connection, typically over the internet
Private Cloud

A private cloud is owned and operated by the organization that

Public cloud
uses the resources from that cloud. They create a cloud
environment in their own datacenter and provide self-service
access to compute resources to users within their organization.
The organization remains the owner, entirely responsible for the
operation of the services they provide.
Hybrid Cloud

Public cloud
hybrid cloud combines both public and private clouds, allowing
you to run your applications in the most appropriate location
Comparing Cloud Models
Public cloud:
 No CapEx. You don’t have to buy a new server to scale up.
 Agility. Applications can be made accessible quickly, and
deprovisioned whenever needed.
 Consumption-based model. Organizations pay only for what
they use, and operate under an OpEx model.

Private cloud:
 CapEx. Organization owns all infrastructure components
Control. Organizations have complete control over resources.
 Security. Organizations have complete control over security.

Hybrid cloud:
 Public cloud
Flexibility. The most flexible scenario. With a hybrid cloud
setup, an organization can determine whether to run their
applications in a private cloud or in a public cloud.
 Compliance. Organizations maintain the ability to comply with
strict security, compliance, or legal requirements as needed.
 Module 1:
Cloud Concepts
Lesson 3: Types of cloud
services
IaaS (Infrastructure-as-a-Service)

PaaS

PaaS provides an environment

for building, testing, and
Hosted Development Operating systems Servers and deploying
Networkingsoftware Data center
applications/apps tools, database storage applications. The goal
firewalls/security of PaaS
physical
management, is to help create an application
plant/building
business analytics as quickly as possible without
having to focus on managing
the underlying infrastructure.
IaaS is the most basic category of cloud computing services. With
IaaS, you rent IT infrastructure servers, and virtual machines (VMs),
storage, networks, and operating systems from a cloud provider on
a pay-as-you-go basis. It's an instant computing infrastructure,
provisioned and managed over the internet.
All services, compute virtual machines, storage
PaaS (Platform-as-a-Service)

PaaS

PaaS provides an environment

for building, testing, and
deploying software
Hosted Development Operating systems Servers and Networking The goal
applications. Data center
of PaaS
applications/apps tools, database storage isfirewalls/security physical
to help create an application
management, as quickly as possibleplant/building
without
business analytics having to focus on managing
the underlying infrastructure.
PaaS provides an environment for building, testing, and deploying
software applications. The goal of PaaS is to help create an
application as quickly as possible without having to focus on
managing the underlying infrastructure.
SaaS (Software-as-a-Service)

PaaS

PaaS provides an environment

for building, testing, and
Hosted Development Operating systems Servers and Networking
deploying software Data center
applications/apps tools, database storage firewalls/security
applications. physical
The goal of PaaS
management, plant/building
is to help create an application
business analytics as quickly as possible without
having to focus on managing
the underlying infrastructure.
SaaS is software that is centrally hosted and managed for the end
customer. It allows users to connect to and use cloud-based apps
over the internet. Common examples are email, calendars, and
office tools such as Microsoft Office 365.
Comparing cloud service types

IaaS: Flexibility. IaaS is the most flexible cloud service as you have control to
configure and manage the hardware running your application.

PaaS: Productivity. Users can focus on application development only, as all

platform management is handled by the cloud provider. Working with
distributed teams as services is easier, as the platform is accessed over the
internet and can be made globally available more easily.

SaaS: Pay-as-you-go pricing model. Users pay for the software they use on a
subscription model, typically monthly or yearly, regardless of how much they
use the software.
 Module 2:
Core Azure Services
Core Azure Services: Learning Objectives

After completing these topics, you will be able to:

 Understand and describe core Azure architectural

components

 Understand and describe core Azure services and products

 Understand and describe Azure solutions

 Understand and describe Azure management tools

 Module 2:
Core Azure Services
Lesson 1: Core Azure
architectural components
Azure Regions

Where in the world is Azure located?

 Azure is made up of datacenters located around the globe.
These datacenters are organized and made available to end
users by country/region

 Related to datacenters, a region is a geographical area on

the planet containing at least one, but potentially multiple
datacenters that are in close proximity and networked
together with a low-latency network
Azure Regions

http://azure.microsoft.com/regions

Special Azure regions:

 Azure also has some special regions that you might want to use when
building out your applications for compliance or legal purposes. Special
regions are:
 Azure Government
 Azure Germany
 Azure China 21Vianet

Region pairs:
 Each Azure region is paired with another region within the same
geography (such as US, Europe, or Asia). This approach allows for the
replication of resources (such as virtual machine (VM) storage) across a
geography that helps reduce the likelihood of interruptions due to events
such as natural disasters, power outages, or physical network outages
affecting both regions at once.
Azure Regions

Types of Azure regions

Special Azure regions:
 Azure also has some special regions that you might want to use when
building out your applications for compliance or legal purposes. Special
regions are:
 Azure Government
 Azure Germany
 Azure China 21Vianet

Region pairs:
 Each Azure region is paired with another region within the same
geography (such as US, Europe, or Asia). This approach allows for the
replication of resources (such as virtual machine (VM) storage) across a
geography that helps reduce the likelihood of interruptions due to events
such as natural disasters, power outages, or physical network outages
affecting both regions at once.
Azure Region Pairs
Geographies

What are Azure geographies?

A geography is a discrete market typically containing two or more
regions that preserves data residency and compliance boundaries

 Geographies allow customers with specific data-residency and

compliance needs to keep their data and applications close

 Geographies are broken up into Americas, Europe, Asia Pacific,

Middle East, and Africa
Geographies- Americas
United States Azure Government Canada Brazil

US DoD Central, US DoD

Central US, East US 2, East
East, US Gov Arizona, US
US, North Central US,
Gov Iowa, US Gov Texas, Canada Central, Canada
Regions South Central US, West US Brazil South
US Gov Virginia, US Sec East
2, West Central US, West
East1, US Sec West1
US

Data stored at rest in US.

Data residency / A sovereign offering -
Data stored at rest in US Stored at rest in Canada Data replication to US
Sovereignty2 physically isolated instance
of Microsoft Azure.

Continuous commitment to
the highest breadth and
International, regional, and International, regional, and International, regional, and
Compliance3 depth of US government-
industry-specific industry-specific industry-specific
specific or US DoD-specific
compliance standards

US government entities and

Available to All All All
their partners only
Geographies- Europe

France United Kingdom Germany Switzerland Norway

North Europe,
Germany Central,
West Europe, Switzerland
France Central, UK South, UK Germany Norway West1,
Regions Germany North1, North1,
France South West Northeast Norway East1
Germany West Switzerland West1
Central1

A sovereign
offering – a
physically and
logically separate
Data residency / Stored at rest in Stored at rest in Stored at rest in Stored at rest in Stored at rest in
instance of Azure
Sovereignty2 Europe France UK Switzerland Norway
services with
dedicated network
between Germany
datacenters

Designed to meet
the strictest EU
International, International, International,
data protection,
Compliance3 regional, and regional, and regional, and Coming soon Coming soon
under control of
industry-specific industry-specific industry-specific
German Data
Trustee

France Central: All

France South:
Customers and
Reserved for
partners in
France Central
Available to All All EU/European Free All Coming soon
customers
Trade Association
requiring in-
(EFTA) only
country disaster
recovery
Geographies- Asia Pacific

Asia Pacific Australia China India Japan Korea

Australia Central, China East, China

East Asia, Southeast Australia Central 2, North, China East 2, Central India, South Japan East, Japan Korea Central, Korea
Regions
Asia Australia East, China North 2 India, West India West South
Australia Southeast

A sovereign offering
Data residency / Stored at rest in Asia Stored at rest in – independent, Stored at rest in Stored at rest in
Stored at rest in India
Sovereignty Pacific region Australia dedicated network Japan Korea
within China

International,
Local and industry- Local and industry- Local and industry-
Compliance regional, and China-specific Coming soon
specific specific specific
industry-specific

All
Australia Central and
Central 2 are
Organizations with a
designed for
Available to All business presence in All All All
Australian and New
China
Zealand government
organizations and
partners
Geographies- Middle East and Africa

Africa United Arab Emirates

South Africa North, South Africa West UAE Central, UAE North
Regions

Data residency / Sovereignty Stored at rest in South Africa Stored at rest in UAE

Compliance International, regional, and industry-specific International, regional, and industry-specific

South Africa North: All

UAE North: All
South Africa West: Reserved for South Africa
Available to UAE Central: Reserved for UAE North customers
North customers requiring in-country disaster
requiring in-country disaster recovery
recovery
Azure Product Availability

What products are available in my region?

 Not all Azure services are available in all regions

 For the most current availability to go:

https://azure.microsoft.com/global-infrastructure/services/?products=all
Availability Zones

What are availability zones?

 Availability
zones are physically separate locations within an
Azure region.

 Each availability zone is made up of one or more datacenters

equipped with independent power, cooling, and networking.

 Availability Zones are set up to be an isolation boundary.

 If one availability zone goes down, the other continues

working.
Availability Zones
Availability Sets
What are availability sets?
 Availability sets are a way to help ensure applications remain online if a high-
impact maintenance event is required, or a hardware failure occurs

Availability sets are made up of update domains and fault domains:

Update domains. When a maintenance event occurs (such as a performance
update or critical security patch applied), the update is sequenced through
update domains.
Fault domains. Fault domains provide for the physical separation of a
workload across different hardware in the Datacenter.
Resource Groups

What are resource groups?

 A resource group is a unit of management for resources in Azure.

 Think of a resource group as a container that allows you to aggregate and

manage all the resources required for an application in a single manageable unit

 Metering and billing

 Policies
 Monitoring and alerts
 Quotas
 Access control
Azure Resource Manager

What is Azure Resource Manager?

 Azure Resource Manager is a management layer in which resource

groups and all the resources within it are created, configured, managed,
and deleted

 With Azure Resource Manager, you can:

 Deploy application resources

 Organize resources

 Control access and resources

 Module 2:
Core Azure Services
Lesson 2: Core Azure
services and products
Azure Compute Services

Azure compute is an on-demand computing service for running cloud-

based applications. It provides computing resources such as disks,
processors, memory, networking and operating systems.

• Resources are available on-demand and can

typically be made available in minutes or even
seconds. You pay only for the resources you use
and only for as long as you're using them
Azure compute services - virtual machine services

VMs are software emulations of physical computers.

Examples of Azure services for virtual machines include:

Azure VMs. Infrastructure as a service (IaaS) to create and use

VMs in the cloud

VM Scale sets are a group of identically configured VMs

App services. platform as a service (PaaS) offering to build,

deploy, and scale enterprise-grade web, mobile, and API apps

Functions. Creates infrastructure based on an event

Azure Dedicated Hosts

Azure Dedicated Host is a service that provides physical servers -

able to host one or more virtual machines - dedicated to one Azure
subscription. Dedicated hosts are the same physical servers used in
Microsoft’s data centers. You can provision dedicated hosts within a
region, availability zone, and fault domain. Then, you can place VMs
directly into your provisioned hosts, in whatever configuration best
meets your needs.
Azure compute services - container services

Containers are a virtualization environment. However, unlike virtual

Azure
machines,compute
they do not services – container
include an operating servicesare meant
system. Containers
to be lightweight, and are designed to be created, scaled out, and stopped
dynamically. Examples of Azure services for containers include:

Azure Container Instances. A PaaS offering that allows you

to upload your containers, which it then will run for you

Azure Kubernetes Service. A container

orchestrator service for managing large numbers
of containers
Azure network services

Networking
Azure on Azure
network allows you to connect cloud
services
and on-premises infrastructure and services.

Azure Virtual Network. An IaaS service to create and use VMs in

the cloud
Azure Load Balancer. Designed for automatic scaling of identical
VMs
VPN Gateway. A PaaS offering to build, deploy, and scale
enterprise-grade web, mobile, and API apps

Azure Application Gateway. Manage web traffic to applications

Content Delivery Network. Delivers web content to users

vNet Example
Azure network services

Azure network services

VNet Peering
Azure network services

Networking
Azure on Azure
network allows you to connect cloud
services
and on-premises infrastructure and services.

VNet Peering

ExpressRoute

VPN Gateway. A PaaS offering to build, deploy, and scale

enterprise-grade web, mobile, and API apps

Azure Application Gateway. Manage web traffic to applications

Content Delivery Network. Delivers web content to users

Management Groups

Important facts about management groups

Azure
 10,000network services
management groups can be supported in a single directory.
 A management group tree can support up to six levels of depth.
 This limit doesn't include the Root level or the subscription level.
 Each management group and subscription can only support one
parent.
 Each management group can have many children.
 All subscriptions and management groups are within a single
hierarchy in each directory.
Management Groups

Important facts about management groups

Azure
 10,000network services
management groups can be supported in a single directory.
 A management group tree can support up to six levels of depth.
 This limit doesn't include the Root level or the subscription level.
 Each management group and subscription can only support one
parent.
 Each management group can have many children.
 All subscriptions and management groups are within a single
hierarchy in each directory.
Azure Tagging

You apply tags to your Azure resources, resource groups, and

subscriptions to logically organize them.
Each tag consists of a name and a value pair. For example, you can
apply the name "Environment" and the value "Production" to all the
resources in production
Azure Storage Services- Data Categories

Structured data
 Datathat adheres to a schema, so all of the data has the same fields
or properties. Structured data can be stored in a database table with
rows and columns. Financial data is an example.

Semi-structured data
 Data is less organized than structured data, and is not stored in a
relational format, meaning the fields do not neatly fit into tables,
rows, and columns. Referred to as non-relational or NoSQL data

Unstructured data
 Data that has no designated structure to it. This also means that
there are no restrictions on the kinds of data it can contain. For
example, a blob can hold a PDF document, a JPG image, a JSON file,
or video content
Azure Storage Services- Azure Services

Azure
Azure storage
Storage isservices
a service–that
Azure
you services
can use to store files,
messages, tables, and other types of information.

Blob storage. No restrictions on the kinds of data

it can hold. Blobs are highly scalable
Disk storage. Provides disks for virtual machines,
applications, and other services
File storage. Azure Files offers fully-managed file
shares in the cloud

Archive storage. Storage facility for data that is rarely accessed

Azure Database Services

Azure database services are fully-managed PaaS database services that

free up valuable time you’d otherwise spend managing your database

Azure Cosmos DB. A globally-distributed database service that

enables you to elastically and independently scale throughput
and storage

Azure SQL Database. A relational database as a service (DaaS)

based on the latest stable version of the Microsoft SQL Server
database engine

Azure Database Migration. A fully-managed service designed

to enable seamless migrations from multiple database sources
to Azure data platforms with minimal downtime
Azure Marketplace

 Azure Marketplace is a service on Azure that helps connect

end users with Microsoft partners, independent software
vendors (ISVs), and start-ups that are offering their solutions
and services, which are optimized to run on Azure

 Azure Marketplace allows customers—mostly IT professionals

and cloud developers—to find, try, purchase, and provision
applications and services from hundreds of leading service
providers, all certified to run on Azure. At the time of writing,
this includes over 8,000 listings
Azure Virtual Desktop

Azure Virtual Desktop (AVD), previously known as Windows

Virtual Desktop (WVD), is a cloud-based service from Microsoft
that allows you to deliver virtual desktops and applications to
users anywhere with an internet connection. It utilizes Microsoft
Azure's cloud infrastructure to provide a scalable and secure
platform for remote desktop services.
Azure Virtual Desktop

• Host Pool: A host pool is a collection of virtual machines (VMs) in Azure

that are configured to function as session hosts for remote desktop
services. These VMs all use the same base image to ensure a consistent
user experience.
• An Application Group in AVD is a logical grouping of applications
(RemoteApp) or a desktop that you publish for users to access remotely.
These applications or desktops reside on the VMs within the host pool.
• Workspace: A workspace is a logical grouping of application groups
within Azure Virtual Desktop. Users assigned to a workspace can access
the remote desktop applications and desktops published from the
application groups associated with that workspace.
Azure Virtual Desktop

• Here's a breakdown of the key features and functionalities of

Azure Virtual Desktop:
• Desktop and Application Delivery: AVD enables you to deploy
virtual desktops and applications that users can access
remotely using various devices like laptops, tablets, and even
thin clients. This provides a familiar Windows desktop
experience or access to specific applications, regardless of the
user's physical location or device.
• Scalability: AVD offers a significant advantage in scalability. You
can easily scale your virtual desktop infrastructure up or down
based on your user needs. This eliminates the need to manage
physical desktops and allows you to provision resources
dynamically.
Azure Virtual Desktop

• Cost Optimization: By leveraging Azure's cloud infrastructure,

you can potentially optimize costs compared to traditional on-
premises desktop deployments. You only pay for the resources
you use, eliminating the upfront costs of physical hardware and
ongoing maintenance expenses.
• Security: AVD benefits from Azure's robust security features.
You can leverage multi-factor authentication, manage user
access controls, and implement security best practices to
protect your virtual desktops and applications from
unauthorized access.
Azure Virtual Desktop

• Centralized Management: AVD provides a centralized platform

for managing your virtual desktops and applications. You can
manage user assignments, application deployments, and
desktop configurations from a single console, simplifying
administration and reducing complexity.
Azure Virtual Desktop

• Multiple User Sessions: AVD supports two main desktop

session types:
• Single-session: This assigns a dedicated virtual machine to
a single user, offering a personal desktop experience with
guaranteed resources.
• Multi-session: This allows multiple users to share a pool of
virtual machines, making it a more cost-effective option for
less resource-intensive tasks.
Azure Virtual Desktop

• Platform Agnostic: Users can access their virtual desktops and

applications from various devices running Windows, macOS,
Android, iOS, and even through HTML5 web browsers. This
provides flexibility and allows users to work from any location
with a suitable internet connection.
Azure Virtual Desktop

Azure Virtual Desktop offers a compelling solution for

organizations looking to:
• Enable secure remote work access for their employees.
• Deliver applications and desktops to users on various devices.
• Benefit from cloud-based scalability and cost optimization.
• Leverage a centralized management platform for their virtual
desktop infrastructure.
 Module 2:
Core Azure Services
Lesson 3: Azure
solutions
Internet of Things

The internet allows any item that's online-capable to access

valuable information. This ability for devices to garner and
then relay information for data analysis is referred to as the
Internet of Things (IoT)

Microsoft IoT Central. A fully-managed global IoT software

as a service (SaaS) solution that makes it easy to connect,
monitor, and manage your IoT assets at scale

Azure IoT Hub. A managed service hosted in the cloud that

acts as a central message hub for bidirectional
communication between your IoT application and the
devices it manages
Big data and analytics

Big data refers to large volumes of data that become increasingly

hard to make sense of, or consequently make decisions about. Some
big data and analytic services in Azure include:

Azure SQL Data Warehouse: A cloud-based Enterprise Data

Warehouse that leverages massively parallel processing (mpp)
to run complex queries quickly across petabytes of data

Azure HDInsight: A fully-managed, open-source analytics

service for enterprises. It is a cloud service that makes it easier,
faster, and more cost-effective to process massive amounts of
data

Azure Data Lake Analytics: An on-demand analytics job service

that simplifies big data. Instead of deploying, configuring, and
tuning hardware, you write queries to transform your data and
extract valuable insights.
Azure Synapse Analytics

Data Ingestion
Data Warehousing
Big Data Analytics
Artificial Intelligence

Artificial Intelligence (AI), in the context of cloud computing, is based

around a broad range of services, the core of which is machine learning.
Machine learning is a data science technique that allows computers to use
existing data to forecast future behaviors, outcomes, and trends. Using
machine learning, computers learn without being explicitly programmed.
Some AI services in Azure include:

Azure Machine Learning service. Provides a cloud-based

environment used to develop, train, test, deploy, manage, and
track machine learning models

Azure Machine Learning Studio. A collaborative, drag-and-drop

visual workspace where you can build, test, and deploy machine
learning solutions without needing to write code
Serverless computing

Serverless computing is a cloud-hosted execution environment that runs

your code but abstracts the underlying hosting environment. Some serverless
services in Azure include:

Azure Functions. Concerned with the code running your service

and not the underlying platform or infrastructure. Creates
infrastructure based on an event.

Azure Logic Apps. A cloud service that helps you automate and
orchestrate tasks, business processes, and workflows when you
need to integrate apps, data, systems, and services across
enterprises or organizations.

Azure Event Grid. A fully-managed, intelligent event routing service

that uses a publish-subscribe model for uniform event
consumption.
DevOps

DevOps allows you to create, build, and release

applications. It brings together people, processes, and
technology

Azure DevOps Services: provides development collaboration

tools and cloud-based load testing

Azure DevTest Labs: Allows you to quickly create environments

in Azure while minimizing waste and controlling cost
 Module 2:
Core Azure Services
Lesson 4: Azure
Management solutions
Azure management tools

You can configure and manage Azure using a broad range of tools and
platforms. Some of these tools are:
 Azure Portal. A website accessed via a web browser at:
https://portal.azure.com or https://portal.azure.com/app/download

 Azure PowerShell. A command shell scripting language available for

Windows, MacOS and Linux

 Azure Command-Line Interface (Azure CLI). A cross-platform

command-line scripting program for Windows, Linux, or MacOS
operating systems: https://aka.ms/InstallAzureCLIwindows

 Azure Cloud Shell. A browser-based scripting environment in your

portal.
Azure Advisor

Azure Advisor is a free service built into Azure that provides

recommendations on high availability, security, performance, and cost.
Advisor analyzes your deployed services and looks for ways to improve
your environment across those four areas

 With Azure Advisor, you can:

 Get proactive, actionable, and personalized best practices
recommendations
 Improve the performance, security, and high availability of
your resources as you identify opportunities to reduce
your overall Azure costs
 Get recommendations with proposed actions
 Module 3:
Security, Privacy,
Compliance and Trust
Security, Privacy, Compliance and Trust : iLearning
Objectives
After completing these topics, you will be able to:

 Understand how to secure network connectivity in Microsoft Azure

 Understand core Azure identity services

 Understand security tools and features

 Understand Azure governance methodologies

 Understand and describe monitoring and reporting in Azure

 Understand privacy, compliance, and data protection standards in Azure
 Module 3:
Security, Privacy,
Compliance and Trust
Lesson 1: Securing network
connectivity in Azure
Azure Firewall

A firewall is a service that grants server access based on the

Azure Firewall
originating IP address of each request

 Azure Firewall is a managed, cloud-based network security service

that protects your Azure Virtual Network resources. It is a fully stateful
firewall as a service with built-in high availability and unrestricted
cloud scalability

 Azure Firewall includes many features, including:

Built-in high availability
Unrestricted cloud scalability
Inbound and outbound filtering rules
Azure Monitor logging
Azure DDoS Protection

Azure DDoS protection

Distributed denial of
service (DDoS) attacks attempt to
overwhelm and exhaust an application’s resources, making the
application slow or unresponsive to legitimate users

 Azure DDoS Protection service protects your Azure applications

by scrubbing traffic at the Azure network edge before it can
impact your service's availability

 Azure DDoS Protection provides the following service tiers:

 Basic. The Basic service tier is automatically enabled as part of
the Azure platform.
 Standard. The Standard service tier provides additional
mitigation capabilities that are tuned specifically to Microsoft
Azure Virtual Network resources.
Network Security Groups

 Network Security Groups (NSGs) allow you to filter network

traffic to and from Azure resources in an Azure virtual
network. An NSG can contain multiple inbound and outbound
security rules that enable you to filter traffic to and from
resources by source and destination IP address, port, and
protocol

 Network securityrule properties:

 A network security group can contain as many rules as
you want within Azure subscription limits.

 When you create a network security group, Azure creates

a series of default rules to provide a baseline level of
security. You cannot remove the default rules, but you can
override them by creating new rules with higher
priorities.
Azure Network Security Solutions

Choosing Azure
network
security
solutions

Defense in Depth
A layered approach that
provides multiple levels of
protection so that if an
attacker gets through one
layer there are further
protections in place. A
common security concept
that is applied to computing
systems is defense in depth,
which is essentially a layered
approach to providing
security.
Azure Network Security Layers

Choosing Azure network security solutions -

layers
 Perimeter layer. The network perimeter layer is about protecting
organizations from network-based attacks against your resources.
Some options are to use Azure DDoS Protection and Azure Firewall

 Networking layer. At this layer, the focus is on limiting network

connectivity across all your resources and only allowing what is
required. Some options are set to deny by default, restrict inbound
internet access, and limit outbound
 Module 3: Security,
Privacy, Compliance
and Trust
Lesson 2: Core Azure
identity services
Authentication and authorization

Two fundamental concepts that should be understood when

talking about identity and access are authentication and
authorization:

• Authentication is the process of establishing the identity of a

person or service looking to access a resource. Requires
credentials. It establishes if they are who they say they are

• Authorization is the process of establishing what level of

access an authenticated person has. It specifies what data
they're allowed to access and what they can do with it.
Azure Active Directory

 Azure Active Directory (Azure AD) is a Microsoft cloud-based

identity and access management service. Azure AD helps
employees of an organization sign in and access resources

 AzureAD provides services such as:

 Authentication
 Single sign-on (SSO)
 Application management
Azure Multi-Factor Authentication

 Azure Multi-Factor Authentication (MFA) provides additional

security for your identities by requiring two or more elements for
full authentication. These elements fall into three categories:

 Something you know: This could be a password or the answer to

a security question
 Something you possess: This might be a mobile app that receives
a notification, or a token-generating device
 Something you are: This is typically some sort of biometric
property, such as a fingerprint or face scan used on many mobile
devices.
 Module 3:
Security, Privacy,
Compliance and Trust
Lesson 3: Security tools
and features
Azure Security Center

 Azure Security Center is a monitoring service that provides threat

protection across all of your services both in Azure, and on-premises.
 Azure Security Center can:
 Provide security recommendations based on your
configurations, resources, and networks.
 Monitor security settings across on-premises and cloud
workloads, and automatically apply required security to new
services as they come online.
Azure Security Center- Secure Score

 Azure Security Center is a monitoring service that provides threat

protection across all of your services both in Azure, and on-premises.
 Azure Security Center can:
 Provide security recommendations based on your
configurations, resources, and networks.
 Monitor security settings across on-premises and cloud
workloads, and automatically apply required security to new
services as they come online.
Azure Key Vault

 Azure Key Vault is a centralized cloud service that you use for
storing application secrets. Key Vault helps you control your
applications' secrets by keeping them in a single, central location
and providing secure access, permissions control, and access
logging.

 KeyVault usage scenarios:

 Secrets management
 Key management
 Certificate management
 Store secrets backed by hardware security modules (HSMs)
Azure Information Protection

 Microsoft Azure Information Protection is a cloud-based

solution that helps organizations classify and help protect its
documents and emails by applying labels. Labels can be
applied:
 Automatically by administrators who define rules and
conditions
 Manually by users
 A combination of the two, where users are given
recommendations
 Usage scenario:
 A user saves a Microsoft Word document containing a
Social Security Number.
 A custom tooltip displays recommending that the file be
labelled Confidential\All Employees, which is the label that
the administrator has configured.
 This label classifies the document and protects it.
Azure Information Protection
Azure Advanced Threat Protection

 Azure Advanced Threat Protection (Azure ATP) is a cloud-based security

solution that identifies, detects, and helps you investigate advanced
threats, compromised identities, and malicious insider actions directed at
your organization

 AzureATP consists of the following components:

 Azure ATP portal. Azure ATP has it's own portal through which you
monitor and respond to suspicious activity
 Azure ATP sensor: Azure ATP sensors are installed directly on your
domain controllers.
 Azure ATP cloud service. Azure ATP cloud service runs on Azure
infrastructure.
 Module 3:
Security, Privacy,
Compliance and Trust
Lesson 4: Azure
governance methodologies
Azure Policy

 Azure Policy is a service in Azure that you use to create, assign,

and, manage policies that enforce different rules and effects
over your resources, so those resources stay compliant with
your corporate standards and service-level agreements (SLAs).

 With Azure Policy, provides the following:

 Azure Policy uses policies and initiatives to run evaluations of

your resources and scans for those not compliant with the
policies you have created.

 Azure Policy comes with a number of built-in policy and

initiative definitions that you can use, under categories such
as Storage, Networking , Compute, Security Center, and
Monitoring.
Role-based access control

Role-based access control (RBAC) provides fine-grained access

management for Azure resources:
 Grant users only the rights they need to perform their jobs
 Provided at no additional cost to all Azure subscribers

Examples of when you might use RBAC include when you want to:
 Allow one user to manage VMs in a subscription, and another user
to manage virtual networks, and another user manage storage.
 Allow a database administrator ( group to manage Microsoft SQL
Server databases in a subscription.
 Allow a user to manage all resources in a resource group, such as
VMs, websites, and subnets.
Locks

Locks help you prevent accidental deletion or modification of your

Azure resources. You manage these locks from within the Azure
portal.

You may need to lock a subscription, resource group, or resource to

prevent other users in your organization from accidentally deleting
or modifying critical resources. You can set the lock level to:

CanNotDelete. Authorized users can still read and modify a resource,

but they can't delete the resource.

 ReadOnly. Authorized users can read a resource, but they can't

delete or update the resource. Applying this lock is similar to
restricting all authorized users to the permissions granted by the
Reader role.
Azure Advisor security assistance

 Azure Advisor provides security recommendation by integrating with Azure

Security Center
 View the security recommendations on the Security tab of the Advisor
dashboard
 Click deeper into the Security Center recommendations to improve and
enhance your security governance
Azure Blueprints

 Azure Blueprints enable cloud architects to define a repeatable

set of Azure resources that implement and adhere to an
organization's standards, patterns, and requirements.

 Usage Scenarios:
Use Azure Blueprints’ artifacts and tools to help with auditing,
traceability, and compliance with your deployments

 Use with Azure DevOps scenarios, where blueprints are

associated with specific build artifacts and release pipelines,
and require more rigorous tracking.
 Module 3:
Security, Privacy,
Compliance and Trust
Lesson 5: Monitoring and
reporting in Azure
Azure Monitor

Azure Monitor increases availability and performance of

applications by collecting information from cloud and on-
premises environments

As soon as you create an Azure subscription and start adding

resources, Azure Monitor starts collecting data:
 Activity Logs. Record when resources are created or modified.
 Metrics tell. Show how the resource is performing and the
resources that it's consuming
Azure Service health

Azure Service Health is a suite of experiences that provide

guidance and support when issues with Azure services
occur, providing notifications to help you understand the
impact of issues, and provide updates as the issue is being
resolved.

 Azure Service Health is composed of:

 Azure Status. Provides a global view of the health state of
Azure services

 Service Health. A dashboard that tracks the state of Azure

services in the regions where you use them

 Azure Resource Health: Diagnose and obtain support when an

Azure service issue affects your resources.
 Module 3:
Security, Privacy,
Compliance and Trust
Lesson 6: Privacy, compliance
and data protection
standards in Azure
Compliance Terms and Requirements

Microsoft provides the most comprehensive set of compliance offerings

(including certifications and attestations) of any cloud service provider.
Some compliance offering include:

CJIS (Criminal Justice HIPAA (Health Insurance

Information Services ) Portability and Accountability
Act)
CSA STAR Certification ISO/IEC 27018
General Data Protection National Institute of Standards
Regulation (GDPR) and Technology (NIST)

You can view all the Microsoft compliance offerings at

https://www.microsoft.com/trustcenter/compliance/complianceofferings
Microsoft privacy statement

 Explainswhat personal data Microsoft processes, how Microsoft

processes it, and for what purposes.
 Appliesto the interactions Microsoft has with users and Microsoft
products such as Microsoft services, websites, apps, software, servers,
and devices.
 Isintended to provide openness and honesty about how Microsoft deals
with personal data in its products and services.

For more information, review the privacy statement at:

https://privacy.microsoft.com/privacystatement
Trust Center

 TrustCenter is a website resource containing information and details

about how Microsoft implements and supports security, privacy,
compliance, and transparency in all our cloud products and services

 The Trust Center site provides:

 In-depth information about security, privacy, compliance offerings,
policies, features, and practices across Microsoft cloud products.
 Recommended resources in the form of a curated list of the most
applicable and widely-used resources for each topic.
 Information specific to key organizational roles, including business
managers, tenant admins or data security teams, risk assessment
and privacy officers, and legal compliance teams.

https://www.microsoft.com/trust-center/product-overview
Service Trust Portal

The Service Trust Portal (STP) is the Microsoft public site for publishing
audit reports and other compliance-related information related to
Microsoft’s cloud services.
It also hosts the Compliance Manager service.
 STP is a companion feature to the Trust Center, and allows you to:
 Access audit reports across Microsoft cloud services on a single
page.
 Access compliance guides to help you understand how can you
use Microsoft cloud service features to manage compliance with
various regulations.
 Access trust documents to help you understand how Microsoft
cloud services help protect your data.

https://servicetrust.microsoft.com/
Compliance Manager

 Compliance Manager is a workflow-based risk assessment in

the Trust Portal that enables you to track, assign, and verify
your organization's regulatory compliance activities

 It
provide details related to Microsoft professional services and
Microsoft cloud services such as Microsoft Office 365,
Microsoft Dynamics 365, and Azure.
Azure

 Azure Government services

 Azure Germany services
 Azure China 21Vianet
 Module 4:
Azure Pricing and Support
Azure Pricing and Support: Learning Objectives

After completing these topics, you will be able to:

 Understand and describe Microsoft Azure subscriptions and management

groups

 Recognize ways to plan and manage Azure costs

 Identify Azure support options

 Understand and describe features of Azure service-level agreements (SLAs)

 Understand and describe the service lifecycle in Azure

 Module 4:
Azure Pricing and Support
Lesson 1: Azure
Subscriptions
Azure subscriptions

 An Azure subscription provides you with authenticated and authorized

access to Azure products and services, and allows you to provision
resources on Azure. It is a logical unit of Azure services that links to an
Azure account.

 Azure offers free and paid subscription options to suit different needs
and requirements. An account can have one subscription or multiple
subscriptions that have different billing models, and to which you
apply different access-management policies.
Subscription uses and options

 You can use Azure subscriptions to define boundaries around Azure

products, services, and resources

 Two types of subscription boundaries that you can use:

 Billing boundary. This subscription type determines how an Azure
account is billed for using Azure. You can create multiple
subscriptions for different types of billing requirements
 Access control boundary. Azure will apply access management
policies at the subscription level, and you can create separate
subscriptions to reflect different organizational structures

Several other subscription types to choose from include the Free

account, and Pay-As-You-Go
Management groups

Management groups
 Azure Management
groups are containers for
managing access, policies,
and compliance across
multiple Azure
subscriptions

 Management groups
allow you to order your
Azure resources
hierarchically into
collections, which provide
a further level of
classification beyond
subscriptions.
 Module 4:
Azure Pricing and Support
Lesson 2: Planning and
managing costs
Purchasing Azure products and services

Three main customer types on which the available purchasing

options for Azure products and services are contingent are:
 Enterprise. Enterprise customers sign an Enterprise Agreement with
Azure that commits them to spending a negotiated amount on
Azure services, which they typically pay annually.
 Web direct. Web direct customers sign up for Azure through the
Azure website: https://azure.microsoft.com
 Cloudsolution providers (CSPs) typically are Microsoft partner
companies that a customer hires to build solutions on top of Azure.
Payment and billing for Azure usage occurs through the customer's
CSP.
Azure free account

 An Azure free account

provides subscribers with
a $200 Azure credit that
they can use for paid
Azure products during a
30-day trial period.

 Once you use that $200

credit or reach your trial's
end, Azure suspends your
account unless you sign
up for a paid account.
Factors affecting costs

Three factors affect costs:

 Resource Type: Costs are resource-specific, so the usage that a

meter tracks and the number of meters associated with a
resource depend on the resource type

Services: Azure usage rates and billing periods can differ

between Enterprise, Web Direct, and CSP customers

Location: The Azure infrastructure is globally distributed, and

usage costs might vary between locations that offer particular
Azure products, services, and resources.
Zones for Billing Purposes

Bandwidth refers to data moving in and out of Azure datacenters.

Some inbound data transfers are free, such as data going into Azure
datacenters. For outbound data transfers—such as data going out of
Azure datacenters—pricing is based on Zones.

 A zone isa geographical grouping

of Azure Regions for billing
purposes. Zones are:
 Zone 1. Includes West US, East
US, West Europe, and others.
 Zone 2 . Includes Australia
Central, Japan West, Central
India, and others.
 Zone 3. Includes Brazil South only.
 DE Zone 1. Includes Germany
Central and Germany Northeast.
Pricing calculator

 Azure provides a detailed estimate of the costs associated with your

selections and configurations
Total cost of ownership (TCO) calculator

 A tool thatyou use to estimate cost savings you can realize by

migrating to Azure
 A report compares the costs of on-premises infrastructures with the
costs of using Azure products and services to host infrastructure in the
cloud
Azure Cost Management

 Reporting. Generate reports

Azure Cost Management is an
Azure product that provides a set  Budgets. Monitor resource
of tools for monitoring, allocating, demand trends, consumption
and optimizing Azure costs rates, and cost patterns
 Alerting.Get alerts based on your
cost and usage budgets
 Recommendations. Receive
recommendations to eliminate
idle resources and to optimize
provisioned Azure resources
 Module 4:
Azure Pricing and Support
Lesson 3: Support options
available with Azure
Support plan options

Every Azure subscription includes:

 Free access to billing and subscription support
 Azure products and services documentation
 Online self-help documentation
 Community support forums

 Paid Azure support plans:

 Developer. For Azure use in trial and nonproduction
environments
 Standard. Appropriate for Azure use in production environments
 Professional Direct. Appropriate for organizations with business-
critical dependence on Azure
 Premier. Ideal for organizations with substantial dependence on
Microsoft products, including Azure.
Opening a support ticket

 Request assistance for an Azure issue from the Azure support

team
 To open a support ticket:
 Sign in to the Azure portal.
 Choose Help + support from the left navigation menu.
 From the Help + Support blade, select New support
request, fill in the required details, and then click Create to
submit the support request.
 You can also Monitor a support request in the Help + support
blade
Alternative support channels

Other support channels available outside of the Azure official support

plans:
 Azure community support:
https://azure.microsoft.com/support/community/

 stack overflow:
https://stackoverflow.com/questions/tagged/azure/

 Azure Feedback Forums at Microsoft Azure general feedback:

https://feedback.azure.com/forums/34192--general-feedback

 Twitter. Tweet @AzureSupport to get answers and support

Knowledge Center

 Azure
Knowledge Center is a searchable database that contains
Knowledge Center
support questions and answers from a community of Azure experts,
developers, customers, and users

 Browse through all answers within the Azure Knowledge Center by

entering keyword search terms into the text-entry field and further
refine your search results by selecting products or tags from the
dropdown lists

 See Azure Knowledge Center for more information:

https://azure.microsoft.com/resources/knowledge-center/
 Module 4:
Azure Pricing and Support
Lesson 4: Azure SLAs
Service Level Agreements (SLAs)

SLAs document the specific terms that define Azure

performance standards
 SLAs define Microsoft’s commitment
to an Azure service or product
 Individual
SLAs are available for each
Azure product and service
 SLAs also define what happens if a
service or product fails to meet the
designated availability commitments
 For more information about specific Azure SLAs for individual products
and services, see Service Level Agreements:
https://azure.microsoft.com/support/legal/sla/summary/
Composite SLAs

At the time of this writing, an App Service web app that writes to
Azure SQL Database has the following SLAs:
 App Service Web Apps is 99.95 percent
 SQL Database is 99.99 percent

 Question: What is the maximum

downtime you would expect for
this application?
 Answer: The composite SLA for this
application is 99.95% × 99.99% =
99.94%.
 This is lower than the individual SLAs. However, you can construct SLAs
to improve overall application SLA.
SLA Downtime

Improving application
The following table SLAs
lists the potential
SLA levels over different durations - continued
cumulative downtime for various

SLA Downtime per Downtime per Downtime per

week month year
99% 1.68 hours 7.2 hours 3.65 days
99.9% 10.1 minutes 43.2 minutes 8.76 hours
99.95% 5 minutes 21.6 minutes 4.38 hours
99.99% 1.01 minutes 4.32 minutes 52.56 minutes
99.999% 6 seconds 25.9 seconds 5.26 minutes
 Module 4:
Azure Pricing and Support
Lesson 5: Service lifecycle in
Azure
General, Public and private preview features

 Microsoft offer previews of Azure features for evaluation purposes

With Azure previews, you can test beta and other pre-release features,
products, services, software, and regions

Generalavailability is no longer in preview and is available to all Azure

customers

 Two types of Azure preview modes:

 Private Preview. An Azure feature is available to certain Azure
customers for evaluation purposes
 Public Preview. An Azure feature is available to all Azure customers
for evaluation purposes
How to access preview features

Review a list of preview features that are available for evaluation at Azure
Preview Features
https://azure.microsoft.com/updates/?status=inpreview

Portal Preview features:

Typical portal preview features provide performance, navigation, and
accessibility improvements to the Azure portal interface
Monitoring feature updates

 Information about the latest updates to Azure products, services,

and features, and product roadmaps, and announcements are
available at Azure updates: https://azure.microsoft.com/updates/

 Azure updates page:

 View details about all Azure updates
 See which updates are in general availability, preview, or
development
 Subscribe to Azure update notifications
Azure Databricks

Azure Databricks, an Apache Spark-based analytics platform with one-click setup, streamlined
workflows, and an interactive workspace for collaboration between data scientists, engineers, and
business analysts.
Azure Databricks

Information about the latest updates to Azure products, services, and

features, and product roadmaps, and announcements are available at
Azure updates: https://azure.microsoft.com/updates/
Azure Databricks
Azure CLI and PowerShell

Azure CLI
 Download and Install the AzureCLI.MSI file to your local computer

PowerShell:
Install the Azure PowerShell module on your local computer