Azure Reading Quiz USE
What are Azure Monitor Workbooks?
- Automate responses to threats. For example, it can set an alert that looks for malicious IP addresses that access the network and create a workbook that does the following steps: - When the alert is triggered, open a ticket in the IT ticketing system. - Send a message to the security operations channel in Microsoft Teams or Slack to make sure the security analysts are aware of the incident. - Send all of the information in the alert to the senior network admin and to the security admin. The email message includes two user option buttons: Block or Ignore. When an admin chooses Block, the IP address is blocked in the firewall, and the user is disabled in Azure Active Directory. When an admin chooses Ignore, the alert is closed in Azure Sentinel, and the incident is closed in the IT ticketing system. The workbook continues to run after it receives a response from the admins. Workbooks can be run manually or automatically when a rule triggers an alert.
What does the Azure Service Account model look like?
- Azure Account ( Free to sign up!) - Azure Subscription ( One is created upon account creation. You can have multiple subs; useful for multiple business needs like development, marketing, etc.) - When completing learn models, you get a temporary subscription with runs in an environment called a Learn Sandbox. - Resource Groups - Azure Resources (You can have multiple per subscription)
What are Azure's implementations of Serverless Compute?
- Azure Functions: Functions can execute code in almost any modern language. - Azure Logic Apps: Logic apps are designed in a web-based designer and can execute logic triggered by Azure services without writing any code.
What are key features of Azure Virtual Desktop?
- Azure Virtual Desktop is an Azure service, so it will be familiar to Azure administrator -Azure Virtual Desktop uses Azure Monitor for monitoring and alerts. This standardization lets admins identify issues through a single interface. - options to load balance users on your VM host pools. Host pools are collections of VMs with the same configuration assigned to multiple users you can configure load balancing to occur as users sign in (breadth mode). With breadth mode, users are sequentially allocated across the host pool for your workload To save costs, you can configure your VMs for depth mode load balancing where users are fully allocated on one VM before moving to the next. Azure Virtual Desktop provides tools to automatically provision additional VMs when incoming demand exceeds a specified threshold. Azure Virtual Desktop lets you use Windows 10 Enterprise multi-session, the only Windows client-based operating system that enables multiple concurrent users on a single VM
How can you reduce costs with Azure Virtual Desktop?
- Azure Virtual Desktop is available to you at no additional cost if you have an eligible Microsoft 365 license. Just pay for the Azure resources used by Azure Virtual Desktop. - if you're an eligible Microsoft Remote Desktop Services Client Access License customer, Windows Server Remote Desktop Services desktops and apps are available at no additional cost. SAVING OPPORTUNITY: Buy one-year or three-year Azure Reserved Virtual Machine Instances to save you up to 72 percent versus pay-as-you-go pricing. You can pay for a reservation up front or monthly. Reservations provide a billing discount and don't affect the runtime state of your resources.
What are the benefits of Azure Key Vault?
- Centralized application secrets Centralizing the storage for your application secrets enables you to control their distribution, and reduces the chances that secrets are accidentally leaked. - Securely stored secrets and keys Azure uses industry-standard algorithms, key lengths, and HSMs. Access to Key Vault requires proper authentication and authorization. - Access monitoring and access control By using Key Vault, you can monitor and control access to your application secrets. - Simplified administration of application secrets Key Vault makes it easier to enroll and renew certificates from public certificate authorities (CAs). You can also scale up and replicate content within regions and use standard certificate management tools. - Integration with other Azure services You can integrate Key Vault with storage accounts, container registries, event hubs, and many more Azure services. These services can then securely reference the secrets stored in Key Vault.
10 main categories of Azure Services
- Compute -Networking -Storage -Mobile - Databases -Web -Big Data -AI -DevOPs
How does Azure Sentinel connect your data sources?
- Connect Microsoft solutions Connectors provide real-time integration for services like Microsoft Threat Protection solutions, Microsoft 365 sources (including Office 365), Azure Active Directory, and Windows Defender Firewall. - Connect other services and solutions Connectors are available for common non-Microsoft services and solutions, including AWS CloudTrail, Citrix Analytics (Security), Sophos XG Firewall, VMware Carbon Black Cloud, and Okta SSO. - Connect industry-standard data sources Azure Sentinel supports data from other sources that use the Common Event Format (CEF) messaging standard, Syslog, or REST API.
How are containers managed?
- Containers are managed through a container orchestrator, which can start, stop, and scale out application instances as needed -There are two ways to manage both Docker and Microsoft-based containers in Azure: Azure Container Instances and Azure Kubernetes Service (AKS).
How do you purchase Azure access?
- Directly from Microsoft from Azure Website - Through a Microsoft Representative - Through a Mircrosoft patner
What is the Azure Free Student Account?
- Free access to certain Azure services for 12 months. - A credit to use in the first 12 months. - Free access to certain software developer tools. The Azure free student account is an offer for students that gives $100 credit and free developer tools. Also, you can sign up without a credit card.
What is included in the Free account?
- Free access to popular Azure products for 12 months. - A credit to spend for the first 30 days. - Access to more than 25 products that are always free.
What are the benefits of Azure Dedicated Host?
- Gives you visibility into, and control over, the server infrastructure that's running your Azure VMs. - Helps address compliance requirements by deploying your workloads on an isolated server. - Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host.
What are Azure Security Center's advanced cloud defense capabilities?
- Just-in-time VM access: blocks traffic by default to specific network ports of VMs, but allows traffic for a specified time when an admin requests and approves it. - Adaptive application controls: control which applications are allowed to run on its VMs and uses machine learning to provide alerts that inform the company about unauthorized applications that are running on its VMs - Adaptive network hardening: can monitor the internet traffic patterns of the VMs, and compare those patterns with the company's current network security group (NSG) settings to make recommendations about whether the NSGs should be locked down further and provide remediation steps - File integrity monitoring: can also configure the monitoring of changes to important files on both Windows and Linux, registry settings, applications, and other aspects that might indicate a security attack
What capabilities does Azure Key Vault have?
- Manage secrets: You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets. - Manage encryption keys: You can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys that are used to encrypt your data. - Manage SSL/TLS certificates: Key Vault enables you to provision, manage, and deploy your public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for both your Azure resources and your internal resources. - Store secrets backed by hardware security modules (HSMs): These secrets and keys can be protected either by software or by FIPS 140-2 Level 2 validated HSMs.
What can Azure Security Center do?
- Monitor security settings across on-premises and cloud workloads. - Automatically apply required security settings to new resources as they come online. - Provide security recommendations that are based on your current configurations, resources, and networks. - Continuously monitor your resources and perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited. - Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources. You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run. - Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred. - Provide just-in-time access control for network ports. Doing so reduces your attack surface by ensuring that the network only allows traffic that you require at the time that you need it to. From a centralized dashboard in Azure Security Center, organizations can monitor and work on the security of their Azure resources like identities, data, apps, devices, and infrastructure.
What is micro-billing?
- Part of Serverless computing -pay only for the time their code runs. If no active function executions occur, they're not charged. For example, if the code runs once a day for two minutes, they're charged for one execution and two minutes of computing time.
What is Serverless Computing?
- Serverless computing is the abstraction of servers, infrastructure, and operating systems. - With serverless computing, Azure takes care of managing the server infrastructure and the allocation and deallocation of resources based on demand. - Infrastructure isn't your responsibility. - Scaling and performance are handled automatically. - You're billed only for the exact resources you use. - There's no need to even reserve capacity. NOTE: abstraction of servers, an event-driven scale, and micro-billing
What are Azure Kubernetes Service?
- The task of automating, managing, and interacting with a large number of containers is known as orchestration - Azure Kubernetes Service is a complete orchestration service for containers with distributed architectures and large volumes of containers.
What are the advantages of Azure Virtual Desktop?
- Users have the freedom to connect to Azure Virtual Desktop with any device over the internet. - You can make sure your session host virtual machines (VMs) run near apps and services that connect to your datacenter or the cloud. This way your users stay productive and don't encounter long load times. - User sign-in to Azure Virtual Desktop is fast because user profiles are containerized by using FSLogix - You can provide individual ownership through personal (persistent) desktops - Azure Virtual Desktop provides centralized security management for users' desktops with Azure Active Directory (Azure AD). You can enable multifactor authentication to secure user sign-ins - data and apps are separated from the local hardware, so risk of confidential data being left on a personal device is reduced. - User sessions are isolated in both single and multi-session environments - Azure Virtual Desktop also improves security by using reverse connect technology
What is the cost of Azure App Service?
- You pay for the Azure compute resources your app uses while it processes requests based on the App Service plan you choose. The App Service plan determines how much hardware is devoted to your host. For example, the plan determines whether it's dedicated or shared hardware and how much memory is reserved for it. - There's even a free tier you can use to host small, low-traffic sites.
What is Azure Virtual Desktop?
- a desktop and application virtualization service that runs on the cloud - enables your users to use a cloud-hosted version of Windows from any location - works across devices like Windows, Mac, iOS, Android, and Linux -
What's Azure Security Center?
- a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. - The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.
What is the Learn sandbox?
- a temporary subscription that's added to your Azure account that allows you to create Azure resources for the duration of a Learn module. -Learn automatically cleans up the temporary resources for you after you've completed the module. - allows you to create and test Azure resources at no cost to you.
What is Azure IoT Central?
- builds on top of IoT Hub by adding a DASHBOARD that allows you to connect, monitor, and manage your IoT devices. - visual user interface (UI) makes it easy to quickly connect new devices and watch as they begin sending telemetry or error messages - watch the overall performance across all devices in aggregate - set up alerts that send notifications when a specific device needs maintenance. - push firmware updates to the device. - provides starter templates for common scenarios across various industries, such as retail, energy, healthcare, and government - you can tailor the starter templates for the specific data that's sent from your devices, the reports you want to see, and the alerts you want to send.
What is Azure Sphere?
- creates an end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub. 3 Parts to this: - Azure Sphere micro-controller unit (MCU), which is responsible for processing the operating system and signals from attached sensors. - a customized Linux operating system (OS) that handles communication with the security service and can run the vendor's software. - Azure Sphere Security Service, also known as AS3. Its job is to make sure that the device has not been maliciously compromised. When the device attempts to connect to Azure, it first must authenticate itself, per device, which it does by using certificate-based authentication
What is Azure IoT Hub?
- managed service that's hosted in the cloud and that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages - You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution back end. - You can connect virtually any device to your IoT hub. - supports multiple messaging patterns, such as device-to-cloud telemetry, file upload from devices, and request-reply methods to control your devices from the cloud - it can route that message to other Azure services. -you can have either manual or automated remote control of connected devices, so you can instruct the device to open valves, set target temperatures, restart stuck devices, and so on. - IoT Hub monitoring helps you maintain the health of your solution by tracking events such as device creation, device failures, and device connections.
Why is cloud computing typically cheaper to use?
- pay-as-you-go pricing model which helps to: -Lower your operating costs. -Run your infrastructure more efficiently. -Scale as your business needs change.
What is a microservice architecture?
- the way by which containers are often used to create solutions -This architecture is where you break solutions into smaller, independent pieces For example, you might split a website into a container hosting your front end, another hosting your back end, and a third for storage. This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.
What does Azure offer?
-Be ready for the future: Continuous innovation from Microsoft -Build on your terms: You have choices. With a commitment to open source, and support for all languages and frameworks, you can build how you want and deploy where you want to. - Operate hybrid seamlessly: On-premises, in the cloud, and at the edge. designed for a hybrid cloud solution. -Trust your cloud: Get security from the ground up, backed by a team of experts, and proactive compliance trusted by enterprises, governments, and startups.
What are the main infrastructure decisions Azure handles with App Services?
-Deployment and management are integrated into the -platform. -Endpoints can be secured. -Sites can be scaled quickly to handle high traffic loads. -The built-in load balancing and traffic manager provide high availability.
Benefits of Azure
-Designed for resiliency and continuous availability. It maintains a presence in every Azure datacenter. -Resilient to individual datacenter failures and avoids network slowdowns by being close to users. -Updates continuously and requires no downtime for maintenance activities.
What are some examples of when you should use VMs?
-During testing and development: create different OS and application configurations then easily delete the VMs when they no longer need them -When running applications in the cloud: run certain applications in the public cloud as opposed to creating a traditional infrastructure to run them can provide substantial economic benefits. Shutting down VMs when you don't need them or quickly starting them up to meet a sudden increase in demand means you pay only for the resources you use. - When extending your datacenter to the cloud: An organization can extend the capabilities of its own on-premises network by creating a virtual network in Azure and adding VMs to that virtual network. Applications like SharePoint can then run on an Azure VM instead of running locally. This arrangement makes it easier or less expensive to deploy than in an on-premises environment. - During disaster recovery. As with running certain types of applications in the cloud and extending an on-premises network to the cloud, you can get significant cost savings by using an IaaS-based approach to disaster recovery. If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter becomes operational again.
What is Azure Marketplace?
-Helps connect users with Microsoft partners, independent software vendors, and startups that are offering their solutions and services, which are optimized to run on Azure. -Customers can find, try, purchase, and provision applications and services from hundreds of leading service providers. -All solutions and services are certified to run on Azure. -Using Azure Marketplace, you can provision end-to-end solutions quickly and reliably, hosted in your own Azure environment. At the time of writing, there are more than 8,000 listings.
What are Web apps?
-Part of Azure App Services: App Service includes full support for hosting web apps by using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can choose either Windows or Linux as the host operating system
What are API apps?
-Part of Azure App Services: Much like hosting a website, you can build REST-based web APIs by using your choice of language and framework. You get full Swagger support and the ability to package and publish your API in Azure Marketplace. The produced apps can be consumed from any HTTP- or HTTPS-based client.
What are mobile apps?
-Part of Azure App Services: Use the Mobile Apps feature of App Service to quickly build a back end for iOS and Android apps. With just a few clicks in the Azure portal, you can: --Store mobile app data in a cloud-based SQL database. -Authenticate customers against common social providers, such as MSA, Google, Twitter, and Facebook. -Send push notifications. -Execute custom back-end logic in C# or Node.js.
What are WebJobs?
-Part of Azure App Services: You can use the WebJobs feature to run a program (.exe, Java, PHP, Python, or Node.js) or script (.cmd, .bat, PowerShell, or Bash) in the same context as a web app, API app, or mobile app. They can be scheduled or run by a trigger. WebJobs are often used to run background tasks as part of your application logic.
What is abstraction of Servers?
-Part of Serverless computing Serverless computing abstracts the servers you run on. You never explicitly reserve server instances. The platform manages that for you. Each function execution can run on a different compute instance. This execution context is transparent to the code. With serverless architecture, you deploy your code, which then runs with high availability.
What is Event-driven Scale?
-Part of serverless computing Serverless computing is an excellent fit for workloads that respond to incoming events. Events include triggers by: -Timers, for example, if a function needs to run every day at 10:00 AM UTC. -HTTP, for example, API and webhook scenarios. -Queues, for example, with order processing. -And much more.
Why should I move to the cloud?
-Teams deliver new features to their users at record speeds. -Users expect an increasingly rich and immersive experience with their devices and with software.
What do you need to sign up for an account?
-phone number -a credit card (The credit card information is used for identity verification only. You won't be charged for any services until you upgrade to a paid subscription.) - Microsoft or GitHub account.
(Kind of AI) Cognitive Services (What are they?)
A closely related set of products are the cognitive services. You can use these prebuilt APIs in your applications to solve complex problems. Vision: Use image-processing algorithms to smartly identify, caption, index, and moderate your pictures and videos. Speech: Convert spoken audio into text, use voice for verification, or add speaker recognition to your app. Knowledge mapping: Map complex information and data to solve tasks such as intelligent recommendations and semantic search. Bing Search: Add Bing Search APIs to your apps and harness the ability to comb billions of webpages, images, videos, and news with a single API call. Natural Language processing: Allow your apps to process natural language with prebuilt scripts, evaluate sentiment, and learn how to recognize what users want.
What is the Azure portal?
A web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription by using a graphical user interface. You can: -Build, manage, and monitor everything from simple web apps to complex cloud deployments. -Create custom dashboards for an organized view of resources. -Configure accessibility options for an optimal experience.
AI Services (What are they?)
AI, in the context of cloud computing, is based around a broad range of services, the core of which is machine learning. Machine learning is a data science technique that allows computers to use existing data to forecast future behaviors, outcomes, and trends. Using machine learning, computers learn without being explicitly programmed. Azure Machine Learning Service: Cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud. Azure ML Studio: Collaborative visual workspace where you can build, test, and deploy machine learning solutions by using prebuilt machine learning algorithms and data-handling modules.
What does availability look like for Dedicated Hosts?
After a dedicated host is provisioned, Azure assigns it to the physical server in Microsoft's cloud datacenter. For high availability, you can provision multiple hosts in a host group, and deploy your VMs across this group. VMs on dedicated hosts can also take advantage of maintenance control. This feature enables you to control when regular maintenance updates occur, within a 35-day rolling window.
Azure Compute Service Description
An on-demand computing service for running cloud-based applications -resources such as disks, processors, memory, networking, and operating systems -resources are available on-demand and can typically be made available in minutes or even seconds -pay only for the resources you use, and only for as long as you're using them
What is Azure App Service? (PaaS)
App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. App Service supports Windows and Linux and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model. allows you to focus on the website and API logic while Azure handles the infrastructure to run and scale your web applications.
What services does Azure AD provide?
Authentication: verifying identity to access applications and resources. providing functionality such as self-service password reset, multifactor authentication, a custom list of banned passwords, and smart lockout services. Single sign-on: SSO enables you to remember only one username and one password to access multiple applications. reduces the effort needed to change or disable accounts Application management: manage your cloud and on-premises apps, Features like Application Proxy, SaaS apps, the My Apps portal (also called the access panel), and single sign-on provide a better user experience Device management: supports the registration of devices. Registration enables devices to be managed through tools like Microsoft Intune. device-based Conditional Access policies to restrict access attempts to only those coming from known devices, regardless of the requesting user account.
What kind of resources can Azure AD help secure?
Azure AD helps users access both external and internal resources. External resources might include Microsoft Office 365, the Azure portal. SaaS apps, etc Internal resources might include apps on your corporate network and intranet, along with any cloud applications developed within your organization.
What is Azure Batch (PaaS)?
Azure Batch enables large-scale parallel and high-performance computing (HPC) batch jobs with the ability to scale to tens, hundreds, or thousands of VMs. When you're ready to run a job, Batch does the following: Starts a pool of compute VMs for you. Installs applications and staging data. Runs jobs with as many tasks as you have. Identifies failures. Requeues work. Scales down the pool as work completes. You get the infrastructure and Azure will run jobs and tasks for you.
How does Azure handle sensitive information such as passwords, encryption keys, and certificates?
Azure Key Vault a centralized cloud service for storing an application's secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities.
What can Azure Sentinel do?
Azure Sentinel enables you to: - Collect cloud data at scale Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds. - Detect previously undetected threats Minimize false positives by using Microsoft's comprehensive analytics and threat intelligence. - Investigate threats with artificial intelligence Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft. - Respond to incidents rapidly Use built-in orchestration and automation of common tasks.
Web Services (what are they?)
Azure includes first-class support to build and host web apps and HTTP-based web services. The following Azure services are focused on web hosting. -Azure App Service (PaaS): Quickly create powerful cloud web-based apps. quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. You can meet rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance -Azure Notification Hubs: Send push notifications to any platform from any back end. -Azure API Management: Publish APIs to developers, partners, and employees securely and at scale. -Azure Cognitive Search: Deploy this fully managed search as a service. -Web Apps feature of Azure App Service: Create and deploy mission-critical web apps at scale. -Azure SignalR Service: Add real-time web functionalities easily.
What types of Azure subscriptions can I use?
Azure offers both free and paid subscription options to fit your needs and requirements. They are: - Free trial: provides you with 12 months of popular free services, a credit to explore any Azure service for 30 days, and more than 25 services that are always free. Your Azure services are disabled when the trial ends or when your credit expires for paid products, unless you upgrade to a paid subscription - Pay-as-you-go: lets you pay for what you use by attaching a credit or debit card to your account. Organizations can apply for volume discounts and prepaid invoicing. - Member offers: Your existing membership to certain Microsoft products and services might provide you with credits for your Azure account, and reduced rates on Azure services. For example, member offers are available to Visual Studio subscribers, Microsoft Partner Network members, Microsoft for Startups members, and Microsoft Imagine members.
Compute Services (what are they)
Azure provides a range of options for hosting applications and services: -Azure Virtual Machines (IaaS): Windows or Linux virtual machines (VMs) hosted in Azure. When you need total control over an operating system and environment, VMs are an ideal choice. This ability is helpful when you're running custom software or custom hosting configurations. -Azure Virtual Machine Scale Sets: Scaling for Windows or Linux VMs hosted in Azure. Azure compute resource that you can use to deploy and manage a set of identical VMs. With all VMs configured the same, virtual machine scale sets are designed to support true autoscale. The process can be manual, automated, or a combination of both. -Azure Kubernetes Service: Cluster management for VMs that run containerized services. Containers are lightweight, virtualized application environments. They're designed to be quickly created, scaled out, and stopped dynamically. You can run multiple instances of a containerized application on a single host machine. -Azure Service Fabric: Distributed systems platform that runs in Azure or on-premises. -Azure Batch: Managed service for parallel and high-performance computing applications. -Azure Container Instances: Containerized apps run on Azure without provisioning servers or VMs. -Azure Functions: An event-driven, serverless compute service.ideal when you're concerned only about the code running your service and not the underlying platform or infrastructure. They're commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less
Azure Storage (What are they)
Azure provides four main types of storage services -Azure Blob storage: Storage service for very large objects, such as video files or bitmaps. -Azure File storage: File shares that can be accessed and managed like a file server. -Azure Queue storage: A data store for queuing and reliably delivering messages between applications. -Azure Table storage: Table storage is a service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schemaless design. These services all share several common characteristics: - Durable and highly available with redundancy and replication. - Secure through automatic encryption and role-based access control. - Scalable with virtually unlimited storage. - Managed, handling maintenance and any critical problems for you. - Accessible from anywhere in the world over HTTP or HTTPS.
What can I do with Azure?
Azure provides more than 100 services that enable you to do everything from running your existing applications on virtual machines, to exploring new software paradigms, such as intelligent bots and mixed reality.
Database Services
Azure provides multiple database services to store a wide variety of data types and volumes. And with global connectivity, this data is available to users instantly. - Azure Cosmos DB: Globally distributed database that supports NoSQL options. -Azure SQL Database: Fully managed relational database with auto-scale, integral intelligence, and robust security. -Azure Database for MySQL: Fully managed and scalable MySQL relational database with high availability and security. -Azure Database for PostgreSQL: Fully managed and scalable PostgreSQL relational database with high availability and security. -SQL Server on Azure Virtual Machines: Service that hosts enterprise SQL Server apps in the cloud. -Azure Synapse Analytics: Fully managed data warehouse with integral security at every level of scale at no extra cost. -Azure Database Migration Service: Service that migrates databases to the cloud with no application code changes. -Azure Cache for Redis: Fully managed service caches frequently used and static data to reduce data and application latency. -Azure Database for MariaDB: Fully managed and scalable MariaDB relational database with high availability and security.
How does Azure Sentinel detect threats?
Built in analytics and Custom analytics Built in analytics use templates designed by Microsoft's team of security experts and analysts based on known threats, common attack vectors, and escalation chains for suspicious activity. These templates can be customized and search across the environment for any activity that looks suspicious. Some templates use machine learning behavioral analytics that are based on Microsoft proprietary algorithms. Custom analytics are rules that you create to search for specific criteria within your environment. You can preview the number of results that the query would generate (based on past log events) and set a schedule for the query to run. You can also set an alert threshold.
How do you view the report for the TCO Calculator?
Choose a timeframe between one and five years. the TCO Calculator generates a report that's based on the information you've entered. For each category (compute, datacenter, networking, storage, and IT labor), you can also view a side-by-side comparison of the cost breakdown of operating those workloads on-premises versus operating them on Azure.
When should Conditional Access be used?
Conditional Access is useful when you need to: - Require multifactor authentication to access an application. You can configure whether all users require multifactor authentication or only certain users, such as administrators. You can also configure whether multifactor authentication applies to access from all networks or only untrusted networks. - Require access to services only through approved client applications For example, you might want to allow users to access Office 365 services from a mobile device as long as they use approved client apps, like the Outlook mobile app. - Require users to access your application only from managed devices. A managed device is a device that meets your standards for security and compliance. - Block access from untrusted sources, such as access from unknown or unexpected locations. Conditional Access comes with a What If tool, which helps you plan and troubleshoot your Conditional Access policies.
What are containers?
Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. - you don't manage the operating system for a container - containers are lightweight and designed to be created, scaled out, and stopped dynamically. - containers are designed to allow you to respond to changes on demand -you can quickly restart in case of a crash or hardware interruption -One of the most popular container engines is Docker, which is supported by Azure
Big Data Services (What are they?)
Data comes in all formats and sizes. When we talk about big data, we're referring to large volumes of data. Open-source cluster technologies have been developed to deal with these large data sets. Azure supports a broad range of technologies and services to provide big data and analytic solutions. Azure Synapse Analytics: Run analytics at a massive scale by using a cloud-based enterprise data warehouse that takes advantage of massively parallel processing to run complex queries quickly across petabytes of data. Azure HDInsight: Process massive amounts of data with managed clusters of Hadoop clusters in the cloud. Azure Databricks: Integrate this collaborative Apache Spark-based analytics service with other big data services in Azure.
How do you define your workload for the TCO Calculator?
First, you'll enter the specifications of your on-premises infrastructure into the TCO Calculator, based on these four categories: - Servers - Databases - Storage - Networking
Functions vs. Logic Apps
Functions and Logic Apps can both create complex orchestrations. An orchestration is a collection of functions or steps, that are executed to accomplish a complex task. - With Azure Functions, you write code to complete each step - with Logic Apps, you use a GUI to define the actions and how they relate to one another.
Who uses Azure AD?
IT administrators: to control access to applications and resources based on their business requirements App developers: to provide a standards-based approach for adding functionality to applications that they build, such as adding SSO functionality to an app or enabling an app to work with a user's existing credentials. Users: manage their identities, such as password resets Online service subscribers: Microsoft 365, Microsoft Office 365, Azure, and Microsoft Dynamics CRM Online subscribers
What is an example of containers being useful?
Imagine your website back-end has reached capacity but the front end and storage aren't being stressed. You could: -Scale the back end separately to improve performance. -Decide to use a different storage service. -Replace the storage container without affecting the rest of the application.
What is Authentication?
It establishes whether the user is who they say they are. the process of establishing the identity of a person or service that wants to access a resource by challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control
What is Authorization?
It specifies what data they're allowed to access and what they can do with it. the process of establishing what level of access an authenticated person or service has
Networking Services (What are they)
Linking compute resources and providing access to applications is the key function of Azure networking. Networking functionality in Azure includes a range of options to connect the outside world to services and features in the global Azure datacenters. -Azure Virtual Network: Connects VMs to incoming virtual private network (VPN) connections. -Azure Load Balancer: Balances inbound and outbound connections to applications or service endpoints. -Azure Application Gateway: Optimizes app server farm delivery while increasing application security. -Azure VPN Gateway: Accesses Azure Virtual Networks through high-performance VPN gateways. -Azure DNS: Provides ultra-fast DNS responses and ultra-high domain availability. -Azure Content Delivery Network: Delivers high-bandwidth content to customers globally. -Azure DDoS Protection: Protects Azure-hosted applications from distributed denial of service (DDOS) attacks. -Azure Traffic Manager: Distributes network traffic across Azure regions worldwide. -Azure ExpressRoute: Connects to Azure over high-bandwidth dedicated secure connections. -Azure Network Watcher: Monitors and diagnoses network issues by using scenario-based analysis. -Azure Firewall: Implements high-security, high-availability firewall with unlimited scalability. -Azure Virtual WAN: Creates a unified wide area network (WAN) that connects local and remote sites.
What are Azure Logic Apps?
Logic apps are similar to functions. Both enable you to trigger logic based on an event. Where functions execute code, logic apps execute workflows that are designed to automate business scenarios and are built from predefined logic blocks. ideal for a business analyst role.
How does Azure AD compare to Active Directory?
Microsoft introduced Active Directory in Windows 2000 to give organizations the ability to manage multiple on-premises infrastructure components and systems by using a single identity per user. Azure AD is Microsoft's cloud-based identity and access management service. With Azure AD, you control the identity accounts, but Microsoft ensures that the service is available globally When you secure identities on-premises with Active Directory, Microsoft doesn't monitor sign-in attempts With Azure AD, Microsoft can help protect you by detecting suspicious sign-in attempts at no extra cost. For example, Azure AD can detect sign-in attempts from unexpected locations or unknown devices.
What is Azure Sentinel?
Microsoft's cloud-based SIEM system. It uses intelligent security analytics and threat analysis.
Do I need a dashboard for reporting and management for IoT Devices?
No. If you merely want to connect to your remote devices to receive telemetry and occasionally push updates, and you don't need any reporting capabilities, you might prefer to implement Azure IoT Hub by itself. Your programmers can still create a customized set of management tools and reports by using the IoT Hub RESTful API. However, if you want a pre-built customizable user interface with which you can view and control your devices remotely, you might prefer to start with IoT Central. With this solution, you can control a single device or all devices at once, and you can set up alerts for certain conditions, such as a device failure.
Is it critical to ensure that the IoT device is not compromised?
Not in every case in some cases it's more critical to ensure the integrity than others. An example would be that of an ATM in comparison to a washing machine. When security is a critical consideration in your product's design, the best product option is Azure Sphere, which provides a comprehensive end-to-end solution for IoT devices.
How can you connect AD with Azure AD?
Perhaps the most popular method is to use Azure AD Connect. Azure AD Connect synchronizes user identities between on-premises Active Directory and Azure AD. Azure AD Connect synchronizes changes between both identity systems, so you can use features like SSO, multifactor authentication, and self-service password reset under both systems. Self-service password reset prevents users from using known compromised passwords.
How can a Company respond to Security Alerts?
Security Center to get a centralized view of all of its security alerts. From there, the company can dismiss false alerts, investigate them further, remediate alerts manually, or use an automated response with a workflow automation. Workflow automation uses Azure Logic Apps and Security Center connectors. The logic app can be triggered by a threat detection alert or by a Security Center recommendation, filtered by name or by severity. You can then configure the logic app to run an action, such as sending an email, or posting a message to a Microsoft Teams channel.
How might a LARGE company detect and respond to security threats?
Security management on a large scale can benefit from a dedicated security information and event management (SIEM) system, like Azure Sentinel.
What is Azure Dedicated Host?
Some organizations must follow regulatory compliance that requires them to be the only customer using the physical machine that hosts their virtual machines. Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux. A dedicated host is mapped to a physical server in an Azure datacenter. A host group is a collection of dedicated hosts.
IoT Services (What are they?)
This ability for devices to garner and then relay information for data analysis is referred to as IoT. Many services can assist and drive end-to-end solutions for IoT on Azure. -IoT Central: Fully managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage IoT assets at scale. Azure IoT Hub: Messaging hub that provides secure communications between and monitoring of millions of IoT devices. IoT Edge: Fully managed service that allows data analysis models to be pushed directly onto IoT devices, which allows them to react quickly to state changes without needing to consult cloud-based AI models.
What are virtual machine scale sets (IaaS)?
Virtual machine scale sets let you create and manage a group of identical, load-balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads You get the computing power, but you must manage and the tasks yourself. You are just using the infrastructure and autoscaling if desired.
When are VMs an ideal choice?
When you need: -Total control over the operating system (OS). -The ability to run custom software. -To use custom hosting configurations. You still need to configure, update, and maintain the software that runs on the VM (Important)
What are Azure Functions?
When you're concerned only about the code running your service, and not the underlying platform or infrastructure, using Azure Functions is ideal. Functions are commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less. - scale automatically based on demand - only charged for the CPU time used while your function runs -When they're stateless (the default), they behave as if they're restarted every time they respond to an event -When they're stateful (called Durable Functions), a context is passed through the function to track prior activity.
DevOps Services (What are they?)
With Azure DevOps, you can create build and release pipelines that provide continuous integration, delivery, and deployment for your applications. You can integrate repositories and application tests, perform application monitoring, and work with build artifacts. You can also work with and backlog items for tracking, automate infrastructure deployment, and integrate a range of third-party tools and services such as Jenkins and Chef. Azure DevOps: Use development collaboration tools such as high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing. Formerly known as Visual Studio Team Services. Azure DevTest Labs: Quickly create on-demand Windows and Linux environments to test or demo applications directly from deployment pipelines.
Mobile Services (what are they)
With Azure, developers can create mobile back-end services for iOS, Android, and Windows apps quickly and easily. Features that used to take time and increase project risks, such as adding corporate sign-in and then connecting to on-premises resources such as SAP, Oracle, SQL Server, and SharePoint, are now simple to include. Other features of this service include: - Offline data synchronization. - Connectivity to on-premises data. - Broadcasting push notifications. - Autoscaling to match business needs.
How does the TCO Calculator work?
Working with the TCO Calculator involves three steps: - Define your workloads - Adjust assumptions - View the report
What is the cost of Azure Dedicated Hosts?
You're charged per dedicated host, independent of how many VMs you deploy to it. The host price is based on the VM family, type (hardware size), and region. Software licensing, storage, and network usage are billed separately from the host and VMs.
What's multifactor authentication?
a process where a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan. requiring two or more elements to fully authenticate. -Something the user knows This might be an email address and password. -Something the user has This might be a code that's sent to the user's mobile phone. -Something the user is This is typically some sort of biometric property, such as a fingerprint or face scan that's used on many mobile devices.
What's Conditional Access?
a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from. Conditional Access helps IT administrators: - Empower users to be productive wherever and whenever. - Protect the organization's assets. During sign-in, Conditional Access collects signals from the user, makes decisions based on those signals, and then enforces that decision by allowing or denying the access request or challenging for a multifactor authentication response.
How does Azure Sentinel investigate and respond to threats?
detects suspicious events and allows you to investigate specific alerts or incidents (a group of related alerts). With the investigation graph, the company can review information from entities directly connected to the alert, and see common exploration queries to help guide the investigation.
What's Azure AD Multi-Factor Authentication?
enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification. These services provide Azure AD Multi-Factor Authentication capabilities: - Azure Active Directory - Multifactor authentication for Office 365
What's the Total Cost of Ownership Calculator (TCO Calculator)?
helps you estimate the cost savings of operating your solution on Azure over time compared to operating in your on-premises datacenter. you'll enter the details of your on-premises workloads. Then you can review the suggested industry-average cost (which you can adjust) for related operational costs. These costs include electricity, network maintenance, and IT labor. You're then presented with a side-by-side report. Using the report, you can compare those costs with the same workloads running on Azure.
What is Azure Active Directory?
identity service that enable your users to sign in and access both Microsoft cloud applications and cloud applications that you develop supports single sign-on (SSO)
What's secure score?
measurement of an organization's security posture based on security controls, or groups of related security recommendations. Your score is based on the percentage of security controls that you satisfy. The more security controls you satisfy, the higher the score you receive. Your score improves when you remediate all of the recommendations for a single resource within a control. Secure score helps you: - Report on the current state of your organization's security posture. - Improve your security posture by providing discoverability, visibility, guidance, and control. - Compare with benchmarks and establish key performance indicators (KPIs).
What are Azure Container Instances? (PaaS)
offers the fastest and simplest way to run a container in Azure without having to manage any virtual machines or adopt any additional services. It's a platform as a service (PaaS) offering that allows you to upload your containers, which it runs for you.
What is the Resource security hygiene section of Azure Security?
see the health of its resources from a security perspective. To help prioritize remediation actions, recommendations are categorized as low, medium, and high.
What types of App Services are available?
you can host most common app service styles like: Web apps API apps WebJobs Mobile apps
Where is Conditional Access available?
you need an Azure AD Premium P1 or P2 license. If you have a Microsoft 365 Business Premium license, you also have access to Conditional Access features.
How do you adjust assumptions for the TCO Calculator?
you'll specify whether your current on-premises licenses are enrolled for Software Assurance, which can save you money by reusing those licenses on Azure. You'll also specify whether you need to replicate your storage to another Azure region for greater redundancy. To improve the accuracy of the TCO Calculator results, you can adjust the values so that they match the costs of your current on-premises infrastructure.
