Azure Fundamental Exam
Understand the use cases and benefits of Azure Monitor and Azure Service Health
?????
Determine if Azure is compliant for a business need
???????
Describe Azure Cost Management
?????????
High Availability
High Availability: Services are very rarely down. 3-5 "nines". 99.999% available
Disaster Recovery
A complete plan to recover critical business systems and normal operations in the event of a catastrophic disaster or cyber attack. Region-pairs are a good building block here
Describe the benefits and outcomes of using Azure solutions
Another super vague questions
Elasticity
Automatically adding or removing resources due to spikes or drops in demand
Fault Tolerance
Having a backup plan that self-fixes if something goes wrong. I.e. moving a workload to a different Availability Zone
App Grid
Maybe they meant Event Grid?
Describe the benefits and usage of core Azure architectural components
Such a vague question lol wat
Understand the principles of economies of scale
The ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale. See: Sam's (buying a ton of stuff is cheaper). This is what cloud providers do with servers, they buy a ton, so they get deals and we rent those servers from them at lower prices than we could buy
Scalability
The ability to increase or decrease the resources and services used based on demand or workload at any given time. Vertical and horizontal scaling (improving servers and adding servers)
Compare and contrast the three different cloud models
The one you choose depends on your budget, and on your security, scalability, and maintenance needs
"Defense in depth"
a strategy that employs a series of mechanisms to slow the advance of an attack aimed at acquiring authorized access to information
Security Policy
defines the set of controls that are recommended for resources within that specified subscription or resource group. In Security Center, you define policies according to your company's security requirements
Understand options around Azure Free account
○ $200 credit to spend for the first 30 days of sign up ○ Free access to our most popular Azure products for 12 months ○ Access to more than 25 products that are always free
Describe Key Vault
○ A centralized cloud service for storing application secrets ○ Referred to as a secret store
Describe Azure Advanced Threat Protection (ATP)
○ A cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization ○ Capable of detecting known malicious attacks and techniques, security issues, and risks against your network ○ Components: ○ Azure ATP Portal - web portal through which you can monitor and respond to suspicious activity ○ Azure ATP Sensor - installed directly on your domain controllers - monitors traffic ○ Azure ATP cloud service - runs on Azure infrastructure
Serverless Computing
○ A cloud-hosted execution environment that runs your code but completely abstracts the underlying hosting environment ○ You create an instance of the service and add your code; no infrastructure config or maintenance is required or allowed ○ Azure Functions and Logic Apps are the key pieces here
Understand Azure Government services
○ A dedicated cloud for enabling government agencies and their partners to transform mission-critical workloads to the cloud ○ Handles data that is subject to things like FedRAMP, NIST 800.171, ITAR, IRS 1075, DoD L4, and CJIS ○ Azure Government uses physically isolated datacenters and networks (located in U.S. only)
Understand the Pricing calculator
○ A free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate ○ Configurable options include: region, tier, billing options, support options, programs and offers, and Azure dev/test pricing ○ Created estimates can be shared via an Excel spreadsheet or through a URL
IoT Central
○ A fully managed SaaS solution that makes it easy to connect, monitor, and manage your IoT assets at scale ○ Simplifies the initial setup of your IoT solution and reduces the management burden, operational costs, and overhead of a typical IoT project
Describe Regions
○ A geographical area on the planet containing at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network ○ Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced ○ Users can choose the region their resource is deployed into (we typically use South Central region in Bartlesville) ○ Benefits users because your resources are physically closer to them - less latency
Cosmos DB
○ A globally distributed database service ○ Supports schema-less data that lets you build highly responsive and always-on applications to support constantly changing data ○ Used to store data that is updated and maintained by users around the world
Application Gateway
○ A load balancer specifically designed for web apps ○ Uses Azure Load Balancer at the transport level (TCP) and applies sophisticated URL-based routing rules to support several advanced scenarios ○ Uses cookie affinity, SSL termination, web application firewall, URL rule-based routes, and can rewrite HTTP headers
IoT Hub
○ A managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages ○ Supports communications both from the device to the cloud and from the cloud to the device ○ Supports multiple messaging patterns such as device-to-cloud telemetry, file upload from devices, and request-reply methods to control your devices from the cloud ○ Helps you maintain the health of your solution by tracking device creation, device failures, and device connections
Describe Azure Firewall
○ A managed, cloud-based, network security service that protects your Azure Virtual Network resources ○ Firewall as a Service w/ built in high availability and unrestricted cloud scalability Provides inbound protection for non-HTTP/S protocols
Describe Azure Resource Manager
○ A management framework that allows administrators to deploy, manage, and monitor Azure resources ○ Handles tasks in groups, rather than single operation maintenance ○ Admins can create reusable Resource Manager templates that describe the resources that comprise an application ○ Allows admins to apply access controls to all services in a resource group with role-based access control (RBAC)
Describe Azure Adviser security assistance
○ A personalized cloud consultant that helps you follow best practices to optimize your Azure deployments ○ Analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources ○ Gives you proactive, actionable, and personalized best practice recommendations ○ Improves the performance, security, and availability of your resources and reduces overall spend ○ Gives recommendations with proposed actions inline
Understand Azure Advisor
○ A personalized cloud consultant that helps you follow best practices to optimize your Azure deployments ○ Analyzes your resource configuration and usage telemetry, then recommends solutions to help improve the performance, security, and high availability of your resources while looking for opportunities to reduce your overall Azure spend
Understand Azure Germany services
○ A physically isolated instance of Microsoft Azure ○ Uses world-class security and compliance services that are critical to German data privacy regulations for all systems and applications built on its architecture ○ Operated by a data trustee ○ Provides most of the same great features that global Azure customers have
Describe the Azure Marketplace and its usage scenarios
○ A place to discovery, try, and deploy third party cloud software in Azure ○ Offers SaaS applications, VMs, solution templates, and Azure Managed apps
Azure SQL Database
○ A relational database as a service (DaaS) based on the latest stable version of the Microsoft SQL Server database engine ○ Migrate to Azure SQL DB using Azure Database Migration Service ○ Used to store things like personal information, certification details, training transcripts, student study materials, etc
Archive Storage
○ A tier of storage for data that is rarely accessed and stored for at least 180 days with flexible latency requirements
Understand the Total Cost of Ownership (TCO) calculator
○ A tool to predict your cost savings by moving to the cloud ○ Web tool that lets you enter details about your on-premises infrastructure in four groups: ○ Servers - details of your current on-premises server infrastructure ○ Databases - details of your on-premises database infrastructure in the Source section. In the Destination section, select the corresponding Azure service you would like to use ○ Storage - details of your on-premises storage infrastructure ○ Networking - the amount of network bandwidth you currently consume in your on-premises environment ○ You can then adjust the assumptions that the TCO calculator makes, which might vary between customers. To improve accuracy, adjust the values so they match the costs of your current on-premises infrastructure ○ Then it will output a report that you can view
Containers
○ A virtualization environment for running applications ○ Do not include an OS ○ Include libraries and components needed to run the application ○ References the OS of the host environment that runs the container (whatever VM or server that container is running on)
Describe an Azure Subscription
○ A way to bill Azure resources ○ Every resource must be deployed with only one subscription ○ Establish a set of resources available to a user ○ Establishes a unique subscriber ID, a billing location, and a set of available resources ○ Plans: free, pay-as-you-go
Describe Resource Groups
○ A way to organize your resources ○ "A logical container for resources deployed on Azure" ○ Examples include organizing resources by type (having a resource group for all VM's, all virtual networks, all db's, etc), by environment (dev, test, and prod), by organization (finance, marketing, HR, IT, etc), and more
Understand Azure tools such as Azure CLI, PowerShell, and the Azure Portal
○ All ways to access Azure. The Azure RM command line tools need to be installed to access Azure from PowerShell or the command line
Describe Network Security Group (NSG)
○ Allow you to filter network traffic to and from Azure resources in an Azure virtual network ○ Can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol ○ Provide a list of allowed and denied communication to and from network interfaces and subnets, and are fully customizable
Event Grid
○ Allows you to easily build applications with event-based architectures ○ Select an Azure resource to subscribe to, then give the event handler or WebHook an endpoint to send the event to ○ Connects things like Azure Functions, Logic Apps, Azure Automation, etc TO things like Blob Storage, the IoT Hub, Resource Groups, etc
Data Lake Analytics
○ An on-demand analytics job service that simplifies big data ○ Write queries using U-SQL ○ Run big data analysis jobs that scale to massive data sets ○ Create and manage, batch, real-time, and interactive analytics jobs
Understand the difference between authentication and authorization
○ Authentication ensures you are who you say you are ○ Authorization allows/restricts access to a resource based on who you are
Understand best practices for minimizing Azure costs such as performing cost analysis, creating spending limits and quotas, and using tags to identify cost owners; use Azure reservations; use Azure Adviser recommendations
○ Azure Credits: a benefit available to Visual Studio subscribers that gives you monthly credits to experiment with, develop, and test new solutions on Azure ○ Comes with a separate Azure subscription under your account with a monthly credit balance that renews each month while you remain an active VS member ○ $50/month for VS Professional and $150/month for Enterprise ○ Spending Limits: what it sounds like. Limits you can adjust so you don't spend more than anticipated on services or resources ○ Tags can be set on every resource to identify the cost owner ○ Reserved Instances/Reservations: used primarily for VM workloads that are static and predictable ○ Purchased in one-year or three-year terms, with payment required for the full term up front ○ Most useful for VM workloads that run 24x7x365
Understand Zones for billing purposes
○ Billing Zones: a geographical grouping of Azure Regions specifically for billing purposes ○ Zone 1: US, Europe, Canada, UK, France ○ Zone 2: Asia Pacific, Japan, Australia, India, Korea ○ Zone 3: Brazil ○ DE Zone 1: Germany
Understand the differences between Capital Expenditure (CapEx) and Operational Expenditure (OpEx)
○ CapEx: Spending money up front, value reduces over time ○ OpEx: Paying for a service or product as you use it. No upfront cost ○ Benefits of CapEx: Costs are fixed, easier to predict a project due to a limited budget ○ Benefits of OpEx: Demand and growth can be unpredictable, OpEx allows for quick changes Azure is agile and uses the OpEx paradigm
Describe Azure Information Protection (AIP)
○ Cloud-based solution that helps organizations classify and optionally protect documents and emails by applying labels ○ Labels can be applied automatically based on rules and conditions, manually, or a combination of both where users are guided by recommendations
Azure SQL Data Warehouse
○ Combines SQL relational databases with massively parallel processing ○ Allows users to quickly run complex queries across petabytes of data ○ Key component of a big data solution ○ Best for infrequently accessed data apparently?
Describe Hybrid cloud
○ Combines public and private clouds, allowing you to run your applications in the most appropriate location ○ I.e. you can host a website in the public cloud and link it to a secure database in your private cloud ○ Advantages: Can keep systems running and accessible that use out-of-date hardware or OS's; flexibility with where you run your software; get economies of scale benefits from the public side, security from the private side ○ Disadvantages: More complicated to set up and manage; potentially more expensive since it involved some CapEx cost up front
CDN
○ Content Delivery Network ○ A distributed network of servers that can efficiently deliver web content to users ○ A way to get content to users in their local region to minimize latency ○ Cache content at strategically placed physical nodes across the world and provide better performance to end users
Steps to Create Azure Policies
○ Create a policy definition - expresses what to evaluate and what action to take ○ Assign a definition to a scope of resources - policy definition that has been assigned to take place within a specific scope (can range from a full subscription down to a resource group). Inherited by all child resources ○ View policy evaluation results - policies can allow resources to be created even if they don't pass validation. If this is how it's set up, you can have it trigger an audit even where it's checked via the portal
Describe Azure Monitor
○ Delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments ○ Helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depends on ○ CPU usage on a VM, errors from apps, kubernetes cluster monitoring
Use Security Center during the detect, assess, and diagnose stages
○ Detect: review the first indication of an event investigation ○ For example, you can use the Security Center dashboard to review the initial verification that a high-priority security alert was raised ○ Assess: perform the initial assessment to obtain more information about the suspicious activity ○ For example, obtain more information about the security alert ○ Diagnose: conduct a technical investigation and identify containment, mitigation, and workaround strategies ○ For example, follow the remediation steps described by Security Center in that particular security alert
Load Balancers
○ Efficiently distribute incoming network traffic across a group of servers ○ Acts as a 'traffic cop' routing requests across all servers capable of fulfilling those requests in a manner that maximizes speed and capacity utilization, and ensures no one server is overworked
Understand the uses and options with Azure subscriptions
○ Every resource must be tied to a subscription
File Storage
○ Fully managed file shares in the cloud accessible via Server Message Block (SMB) protocol ○ Used to share files anywhere in the world, also used to share diagnostic data or application data
Describe Platform-as-a-Service (PaaS)
○ Goal: help you create an application quickly without managing the underlying infrastructure ○ No need to install an OS, web server, or system updates ○ "A complete development and deployment environment in the cloud" ○Used for: development framework, analytics or business intelligence
Describe Serverless computing and Azure products that are available for serverless computing such as Azure Functions, Logic Apps and App grid I've made Azure Functions and Logic Apps, so I know these
○ I've made Azure Functions and Logic Apps, so I know these
Security in Azure is shared between the customer and Microsoft
○ IaaS: Still your responsibility to patch and secure the OS's and software, as well as configure your network to be secure ○ PaaS: Outsources a lot of security concerns. Azure takes care of foundational stuff, you still need to make the application secure ○ SaaS: You outsource almost everything. Code is controlled by the vendor but is configured by the customer
Describe Initiatives
○ Initiatives organize policies. If you have a lot of policies, you'll want to create initiatives ○ Initiative definition: a set or group of policy definitions to help track your compliance state for a larger goal ○ Initiative assignment: an initiative definition assigned to a specific scope. This reduces the need to make several initiative definitions for each scope ○ I.e. you could create an initiative named 'Enable Monitoring in Azure Security Center' with a goal to monitor all the available security recommendations in your Azure Security Center
IoT Fundamentals
○ IoT devices are generally made up of a circuit board with sensors attached that connect to the internet ○ Examples: pressure sensors on a remote oil pump ○ Temperature and humidity sensors in an AC unit ○ Accelerometers in an elevator ○ Presence sensors in a room
Virtual Machine Scale Sets
○ Lets you create and manage a group of identical, ○ load balanced VMs ○ Number of VM instances can automatically increase or decrease in response to demand or a defined schedule ○ Provides high availability to your applications Allows you to centrally manage, configure, and update a large number of VMs at once
Describe Azure DDoS Protection
○ Leverages the scale and elasticity of Microsoft's global network to bring DDoS mitigation capacity to every Azure region ○ Scrubs traffic at the Azure network edge before it can impact your service's availability Notified of attacks using Azure Monitor metrics
NIST: National Institute of Standards and Technology
○ Microsoft is certified according to the FedRAMP standards. Office 365 is certified to the objectives specified in the NIST CSF ○ A set of standards for recommended security controls for information systems at federal agencies ○ Nine steps toward FISMA compliance
ISO: International Organization for Standardization
○ Microsoft was the first cloud provider to have adopted the ISO/IEC 27018 code of practice, covering the processing of personal information by cloud service providers ○ They create a set of voluntary international standards. Business can choose to comply (not obligated) ○ Most common is ISO 9000, which is the umbrella for the quality management standards ○ Not required by law to comply, but ISO standards are recognized in many industries
Describe Azure Active Directory
○ Microsoft's cloud-based identity and access management service ○ Helps your employees sign in and access resources in: ○ External resources like Office365, the Azure portal, other SaaS apps ○ Internal resources like corporate apps on your network, and any cloud apps developed by your own organization ○ Difference between Windows AD and Azure AD: ○ Azure AD supports web-based services through the use of REST API's, uses completely different protocols and code bases to achieve this than Windows AD ○ Windows AD is for on-premises and local authentication
Describe Public cloud
○ Most common deployment model ○ You have no local hardware to manage or keep up-to-date; everything runs on your cloud provider's hardware ○ You can save additional costs by sharing computing resources with other cloud users ○ Advantages: High scalability/agility, pay-as-you- go pricing, not responsible for maintenance or updates of hardware, minimal technical knowledge to set up and use ○ Disadvantages: There may be specific security requirements that public cloud can't meet, may be government policies or legal requirements that public can't meet, you have a legacy app that public cloud can't maintain
Describe Infrastructure-as-a-Service (IaaS)
○ Most flexible category ○ Give you complete control over the hardware that runs your application (servers, VMs, storage, networks, and operating systems) ○ Instead of buying hardware, you rent it - an instance computing infrastructure that's provisioned and managed over the internet ○Used for: migrating workloads, test and development, website hosting, storage/backup/recovery
Azure App Service
○ PaaS that allows for hosting enterprise-grade web apps ○ Meets rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance
Describe Availability Zones
○ Physically separate datacenters within a Region ○ Each AZ is made up of one or more datacenters equipped with independent power, cooling, and networking ○ If one goes down, the others continue working ○ Connected through high-speed, private fiber- optic networks ○ Not every region supports AZ's
Describe Locks
○ Prevents other users in your organization from accidentally deleting or modifying critical resources ○ Locks can be set to CanNotDelete or ReadOnly (Delete and Read-Only in the portal) - ReadOnly is the strictest
Describe Azure Service Health
○ Provides a customizable dashboard that tracks the health of your Azure services in the regions where you use them ○ Track active events like ongoing service issues, upcoming planned maintenance, or relevant health advisories ○ When events go inactive, they're in your health history for up to 90 days ○ Tracks service issues, planned maintenance, and health advisories
VPN Gateway
○ Provides a secure connection between an Azure Virtual Network and an on-premise location over the internet
Describe the Service Trust Portal
○ Provides a variety of third-party audit reports and other resources about Microsoft security, privacy, and compliance
Disk Storage
○ Provides disks for VMs, apps, and other services to access and use as they need - similar to how they would in an on-premises scenario ○ Allows data to be persistently stored and accessed from an attached virtual hard disk ○ Can be managed and configured by the user SSDs and HDDs both available
Devices frequently used for prototyping
○ Raspberry Pi ○ MX Chip IoT Devkit from Microsoft
GDPR: General Data Protection Regulation
○ Regulation in EU law on data protection and privacy for all individuals within the EU ○ Also addresses the export of personal data outside the EU and EEA areas
Describe Azure Multi-Factor Authentication
○ Requires two of the following: something you know, something you have, something you are ○ Examples: ○Azure AD Premium Licenses ○ Azure MFA Service (cloud) ○ Requires no on-premise infrastructure and can be used with your federated or cloud-only users ○Azure MFA Server (on-premises) ○Allows your org to manage infrastructure elements ○ Multi-Factor Authentication for Office 365 ○ A subset of Azure Multi-Factor Authentication are available as part of the O365 subscription ○ Azure AD Global Administrators ○ Same as above but for protecting global administrator accounts
Describe Role-Based Access Control (RBAC)
○ Roles are sets of permissions, like 'read-only' or 'contributor', that users can be granted to access an Azure service ○ Identities are mapped to roles directly or through group membership. Separating security principals, access permissions, and resources provides simple access management and fine-grained control. Admins are able to ensure the minimum necessary permissions are granted ○ Role can be granted at the individual service instance level, but they also flow down the Azure Resource Manager hierarchy (management group -> subscription -> resource group -> resource
Virtual Machines
○ Software emulation of physical computers ○ Includes a virtual processor, memory, storage, and networking resources ○ Host an OS, and you're able to install and run software on it
Describe Software-as-a-Service (SaaS)
○ Software that is centrally hosted and managed for the customer ○ One version of the app for all customers, licensed through a monthly or annual subscription ○ Examples: Office 365, Skype, Dynamics CRM User just use the software, not responsible for maintenance or management of anything
Understand options for purchasing Azure products and services
○ Three main customer types through which Azure services can be purchased: ○ Enterprise - sign an Enterprise Agreement that involves negotiations which are paid annually. Custom pricing ○ Web Direct - the prices the general public pays for Azure resources, monthly billing & pricing ○Cloud Solution Provider - CSPs are Microsoft partner companies that a customer hires to build solutions on top of Azure
HDInsight
○ Tool to analyze streaming or historical data ○ Create clusters, process and analyze big data, and develop custom solutions using popular open-source frameworks like Hadoop, Spark, Hive, LLAP, Kafka, Storm (all Apache so far), and Microsoft Machine Learning Server ○ A fully managed, full-spectrum, open-source analytics service for enterprises ○ A cloud service that makes it easy, fast, and cost-effective to process massive amounts of data
Describe Compliance Manager
○ Tracks an organization's status with regard to regulations or standards ○ Shows compliance with things like GDPR
Dev ($29/month)
○ Trial and non-production environments ○ 24x7 access to billing and subscription support ○ Access to Azure Advisor recommendations ○ Access to personalized Service Health Dashboard and Health API ○ Business Hours access to Support Engineers via email ○ Unlimited contacts/unlimited support cases ○ Interoperability & configuration guidance and troubleshooting ○ <8 hour response time for minimal business impact incidents ○ General guidance for architecture support
Blob Storage
○ Unstructured - no restrictions on the kinds of data it can hold ○ Highly scalable, and apps works with blobs the same way they'd work with files on a disk i.e. reading and writing data ○ Can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection ○ Not limited to common file formats. Could contain gigabytes of binary data, encrypted messages, or custom formatted data for an app ○ Used to stream large video or audio files directly to the user's browser. Also used to store data for backup, disaster recovery, and archiving ○ Ability to store up to 8 TB of data for VMs
Understand the factors affecting costs such as resource types, services, locations, ingress and egress traffic
○ Usage meters - a VM might have 10 meters tracking its usage. Compute hours, data in/out, blob read/writes, etc ○ Resource Types ○ Costs are resource-specific, so the usage that a meter tracks and the number of meters associated with a resource depend on the type of resource it is ○ The usage that a meter tracks correlates to a number of billable units - these are charged each billing period ○ Services ○ Usage rates and billing periods can differ between Enterprise, Web Direct, and Cloud Solution Provider customers. Some include usage allowances, which affect cost ○ Different billing structures apply to first-party products and services and third-party products and services ○ Location ○ Usage costs vary between datacenters and locations that offer particular Azure products, services, and resources based on popularity, demand, and local infrastructure costs ○ Ingress/Egress Traffic ○Usually, inbound data transfers are free (data going into Azure). Outbound data transfers (data going out of Azure datacenters) is based on Billing Zones
Describe Azure Policies
○ Used to define, assign, and manage standards for resources in your environment. It can prevent the creation of disallowed resources, ensure new resources have specific settings applied, and run evaluations of your existing resources to scan for non-compliance ○ You could have a policy that allows anyone to create VMs, but prevents the creation of any VM with more than 4 CPUs ○ Trying to update an existing VM to more than 4 cores will be checked against that policy and won't be allowed ○ Azure Policy can integrate with Azure DevOps, by applying any continuous integration and delivery pipeline policies that affect the pre-deployment and post-deployment of your applications
Azure Database Migration Service
○ Uses the Microsoft Data Migration Assistant to generate assessment reports that provide recommendations to help guide you through required changes prior to performing a migration ○ Once you assess and perform any remediation required, you're ready ○ Performs all the required steps of migration - you just change the connection string in your apps
Understand the Microsoft Privacy Statement
○ You can access and clear some of the data Microsoft has on you via the Microsoft privacy dashboard
Use Security Center recommendations to enhance security
○ You can reduce the chances of a significant security event by configuring a security policy, and then implementing the recommendations provided by Azure Security Center
Describe Private cloud
○ You create a cloud environment in your own datacenter and provide self-service access to compute resources to users in your organization ○ This creates a simulation of a public cloud to your users, but you remain completely responsible for the purchase and maintenance of the hardware and software services you provide ○ Advantages: control over configuration, maintenance, and security; private clouds can meet strict security, compliance, or legal requirements ○Disadvantages: upfront CapEx costs b/c you purchase the hardware for startup and maintenance; less agility b/c to scale you must buy, install, and setup new hardware; more IT skill required
Azure Machine Learning Service
○ a cloud service you use to train, deploy, automate, and manage machine learning models ○ Provides a cloud-based environment you can use to prep data, train, test, deploy, and track machine learning models ○ Supports Python stuff like PyTorch, TensorFlow, and scikit-learn
Azure Machine Learning Studio
○ a collaborative, drag-and-drop tool you can use to build, test, and deploy predictive analytics solutions on your data ○ Publishes models as web services that can be easily consumed by custom apps or BI tools like Excel and Power BI ○ No programming required
Virtual Network
○ a logically isolated network on Azure Allows Azure resources to securely communicate with each other, the internet, and on-premise networks ○ Scoped to a single region; but multiple v-nets from different regions can be connected together using virtual network peering ○ Can be segmented into one or more subnets ○ Subnets help you organize and secure your resources in discrete sections
Security Center
○ analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations based on the controls set in the security policy. The recommendations guide you through the process of configuring the needed security controls. For example, if you have workloads that do not require the Azure SQL Database Transparent Data Encryption (TDE) policy, turn off the policy at the subscription level and enable it only in the resources groups where SQL TDE is required
Describe the Trust center
○A center where you can learn: ○ Security - how all the Microsoft cloud services are secured ○ Privacy - how Microsoft ensures privacy of your Data in the Microsoft Cloud ○ Compliance - how Microsoft helps organizations comply with requirements ○ Transparency - How Microsoft believes that you control your data in the cloud and how Microsoft helps you know as much as possible about how that data is handled ○ Products and Services - See all products and services in one place ○ Service Trust Portal - Obtain copies of independent audit reports of Microsoft cloud services, risk assessments, security best practices, and related materials ○ What's New - find out what new in Microsoft Cloud Trust ○ Resources - investigate white papers, videos, and case studies on Microsoft Trusted Cloud
Understand the consumption-based model
○OpEx, pay for what you use, etc ○No up-front costs