Microsoft Azure Fundamental AZ-900 Exam Concepts, Topics, and Terms

High Availability

High Availability: Services are very rarely down. 3-5 "nines". 99.999% available

Knowledge Center

○ Large question and answer database for Azure help

Consumption-based model

○ OpEx, pay for what you use, etc ○ No up-front costs

Disaster Recovery

A complete plan to recover critical business systems and normal operations in the event of a catastrophic disaster or cyber attack. Region-pairs are a good building block here

Agility

Agility for many organizations means reacting swiftly to a changing environment. This is jumping from one task to the next, change requirements, being able to change scope and adapt to an ever moving target. When it comes to the cloud context, agility is all about the ability of an organization to rapidly develop, test, and launch software applications that drive business growth. Cloud agility ensures that businesses are empowered to priorities issues.

Security Center

Analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations based on the controls set in the security policy. The recommendations guide you through the process of configuring the needed security controls. For example, if you have workloads that do not require the Azure SQL Database Transparent Data Encryption (TDE) policy, turn off the policy at the subscription level and enable it only in the resources groups where SQL TDE is required

Elasticity

Automatically adding or removing resources due to spikes or drops in demand

Security Policy

Defines the set of controls that are recommended for resources within that specified subscription or resource group. In Security Center, you define policies according to your company's security requirements

Fault Tolerance

Having a backup plan that self-fixes if something goes wrong. I.e. moving a workload to a different Availability Zone

What are the benefits and usage of core Azure architectural components

Such a vague question lol wat

Economies of scale

The ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale. See: Sam's (buying a ton of stuff is cheaper). This is what cloud providers do with servers, they buy a ton, so they get deals and we rent those servers from them at lower prices than we could buy

Scalability

The ability to increase or decrease the resources and services used based on demand or workload at any given time. Vertical and horizontal scaling (improving servers and adding servers)

Compare and contrast the three different cloud models

The one you choose depends on your budget, and on your security, scalability, and maintenance needs

Azure File Storage

○ Is a fully managed distributed file system based on the SMB protocol and looks like a typical hard drive once mounted. ○ Can replace or supplement on-premises File servers ○ Used to share files anywhere in the world, also used to share diagnostic data or application data

"Defense in depth"

a strategy that employs a series of mechanisms to slow the advance of an attack aimed at acquiring authorized access to information

How to open a support ticket

○ Sign in to the Azure Portal ○ Select Help + Support from the left sidebar ○ Follow steps from there on

Azure Free account features

○ $200 credit to spend for the first 30 days of sign up ○ Free access to our most popular Azure products for 12 months ○ Access to more than 25 products that are always free

Azure Key Vault

○ A centralized cloud service for storing and securing sensitive information ○ Secure storage service for Encryption keys, Secrets (usernames, passwords), and Certificates (HTTPS) ○ Integrated with other Azure services (VMs, Logic Apps, Data Factory, Web Apps, etc.)

Azure Resource Manager (ARM)

○ A centralized management framework that enables administrators to create, deploy, manage, and monitor resources regardless of the user interface used (e.g., web, CLI, APIs, etc.) ○ Admins can create reusable Resource Manager templates that describe the resources (JSON templates) ○ Enables admins to apply access controls to all resources within a group via role-based access controls (RBAC) (e.g., Owner, Contributor, Reader, etc.)

Azure Advanced Threat Protection (ATP)

○ A cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization ○ Capable of detecting known malicious attacks and techniques, security issues, and risks against your network ○ Components: ○ Azure ATP Portal - web portal through which you can monitor and respond to suspicious activity ○ Azure ATP Sensor - installed directly on your domain controllers - monitors traffic ○ Azure ATP cloud service - runs on Azure infrastructure

Serverless Computing

○ A cloud-hosted execution environment that runs your code and completely abstracts the underlying hosting environment ○ You create an instance of the service and add your code; no infrastructure config or maintenance is required or allowed ○ Azure automatically scales up and down to meet the apps' demands ○ Azure Functions and Logic Apps

Understand Azure Government services

○ A dedicated cloud for enabling government agencies and their partners to transform mission-critical workloads to the cloud ○ Handles data that is subject to things like FedRAMP, NIST 800.171, ITAR, IRS 1075, DoD L4, and CJIS ○ Azure Government uses physically isolated datacenters and networks (located in U.S. only)

Content Delivery Network (CDN)

○ A distributed network of servers at Points of Presence (PoPs) locations around the world ○ Web content is replicated and cached onto multiple PoPs. This minimizes end-users latency because they access the nearest PoP. ○ Local caching offloads work from web applications, mostly static content (e.g., Javascript files, CSS files, images, etc.) ○ Over 120 PoP locations are available worldwide

Pricing calculator

○ A free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate ○ Configurable options include: region, tier, billing options, support options, programs and offers, and Azure dev/test pricing ○ Created estimates can be shared via an Excel spreadsheet or through a URL

IoT Central

○ A fully managed SaaS solution that makes it easy to connect, monitor, and manage your IoT assets at scale ○ Utilize industry-specific templates to simplify the initial setup of your IoT solution ○ Reduces management burden, operational costs, and overhead of typical IoT projects ○ No deep technical knowledge required ○ Highly secure, scalable, and reliable ○ Built on top of IoT Hub and 30+ other Azure services

Azure Event Grid

○ A fully managed serverless event routing service that uses a publish/subscribe model ○ Enables you to build applications with event-based architectures ○ Select an Azure resource to subscribe to, then give the event handler or WebHook an endpoint to send the event to ○ Supports dozens of built-in events from Azure services, like Blob Storage, IoT Hub, Resource Groups, etc. (e.g., uploading a new file to Blob Storage, stopping/starting VM, etc.)

Azure HDInsight

○ A fully managed, full-spectrum, open-source big data analytics service for enterprises (PaaS) used to analyze large amounts of streaming and historical data ○ Create clusters, process and analyze big data, and develop custom solutions using popular open-source frameworks like Hadoop, Spark, Hive, LLAP, Kafka, Storm (all Apache so far), and Microsoft Machine Learning Server

Regions

○ A geographical area on the planet containing one and sometimes multiple datacenters that are nearby and networked together with a low-latency network (< 2 milliseconds) ○ Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced ○ Users choose the regions their resources are deployed ○ Regions generally contain 3 availability zones ○ Not all Azure services are available in all regions ○ Note, some services are global (e.g., traffic manager for DNS routing) ○ Special government regions (e.g., US DoD Central) ○ Special partnered regions (e.g., China East)

Azure Cosmos DB

○ A globally distributed NoSQL (schemaless, semi-structured) multi-master database ○ Supports multiple APIs (core SQL, MongoDB, Cassandra, Gremlin, Table Storage) ○ Designed for highly responsive (real-time) apps and multi-regional apps

Application Gateway

○ A load balancer specifically designed for web traffic (HTTP) and web apps ○ Uses Azure Load Balancer at the transport level (TCP) and applies sophisticated URL-based routing rules to support several advanced scenarios ○ Supports session affinity, SSL termination, web application firewall, URL rules-based routing, and can rewrite HTTP headers

Availability Zones

○ A logical grouping of physically separate datacenters within an Azure Region that are tolerant to local failures. ○ Each AZ is made up of one or more DCs equipped with independent power, cooling, and networking ○ If one goes down, the others continue working ○ Connected through high-speed, private fiber-optic networks, 2 ms latency between DCs. ○ Not all Regions support AZs. ○ "Recommended Regions" offer three or more AZs. ○ Run your across at least three AZs to ensure high availability, even if one or two DCs fail.

Azure IoT Hub

○ A managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages (PaaS0 ○ Supports multiple messaging patterns such as device-to-cloud telemetry, file upload from devices, and request-reply methods to control your devices from the cloud ○ Helps you maintain the health of your solution by tracking device creation, device failures, and device connections ○ Highly secure, scalable, and reliable ○ SDKs for popular languages (C, C#, Java, Python, Node.js) ○ Multiple protocols (HTTPS, AMQP, MQTT)

Azure Advisor

○ A personalized cloud consultant that analyzes your resource configuration and usage telemetry and then offers actionable recommendations and best practices: + Cost (SKU sizes, idle services, reserved instances) + Security (MFA settings, vulnerability settings, etc.) + Reliability (redundancy settings, soft delete on Blobs) + Performance (SKU sizes, SDK versions, IO throttling) + Operational Excellence (service health, subscription limits, etc.)

Azure Adviser security assistance

○ A personalized cloud consultant that helps you follow best practices to optimize your Azure deployments ○ Analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources ○ Gives you proactive, actionable, and personalized best practice recommendations ○ Improves the performance, security, and availability of your resources and reduces overall spend ○ Gives recommendations with proposed actions inline

Understand Azure Germany services

○ A physically isolated instance of Microsoft Azure ○ Uses world-class security and compliance services that are critical to German data privacy regulations for all systems and applications built on its architecture ○ Operated by a data trustee ○ Provides most of the same great features that global Azure customers have

Azure Marketplace

○ A place to discover, try, and deploy third-party cloud software in Azure ○ Offers SaaS applications, VMs, solution templates, and Azure Managed apps

Azure SQL Database

○ A relational database as a service (PaaS) ○ Is a subset based on the latest stable version of the Microsoft SQL Server database engine ○ High-performance, reliable, fully-managed, and secure database ○ Migrate to Azure SQL DB using Azure Database Migration Service

Azure Subscription

○ A subscription is a set of Azure services bundled together for tracking and billing purposes. ○ Establishes a unique subscriber ID, a billing location, and a set of available resources ○ Resource access control occurs at the subscription level. ○ Organizations use Azure subscriptions to manage and govern their Azure resources. ○ Plans: free, pay-as-you-go

Archive Storage

○ A tier of storage for data that is rarely accessed and stored for at least 180 days with flexible latency requirements

Total Cost of Ownership (TCO) calculator

○ A tool to help estimate and compare the costs of running workloads in datacenter versus Azure ○ Web tool that lets you enter details about your on-premises infrastructure in four groups: + Servers - details of your current on-premises server infrastructure + Databases - details of your on-premises database infrastructure in the Source section. In the Destination section, select the corresponding Azure service you would like to use + Storage - details of your on-premises storage infrastructure + Networking - the amount of network bandwidth you currently consume in your on-premises environment ○ You can then adjust the assumptions that the TCO calculator makes, which might vary between customers. To improve accuracy, adjust the values so they match the costs of your current on-premises infrastructure ○ Then it will output a report that you can view

Resource Groups

○ A way to group and organize resources ○ "A logical container for resources deployed on Azure" ○ You group resources by type (all VM's, all DB's, etc), by app lifecycle (dev, test, and prod), by organization (finance, marketing, HR, IT, etc), etc. ○ A resource can be in only one resource group ○ Resources can be moved between resource groups. ○ Resources within a resource group can reside within a different location than the one specified in the resource group. ○ Resource groups cannot be nested.

Azure Machine Learning Studio

○ A website you can use to build, test, and deploy predictive analytics solutions on your data ○ Publishes models as web services that can be easily consumed by custom apps or BI tools like Excel and Power BI ○ Designer offers a drag-n-drop UI. No programming required

Premier (contact Microsoft for pricing)

○ All of the above, plus: ○ All Microsoft products, including substantial dependence across multiple products ○ 15 minute response time for critical business impact (with Azure Rapid Response or Azure Event Management) ○ Customer specific architectural support such as design reviews, performance tuning, configuration and implementation assistance delivered by Microsoft Azure technical specialists ○ Technical account manager-led service reviews and reporting for operations support ○ Azure Engineering-led web seminars, on-demand training ○ Designated Technical Account Manager for guidance ○ Azure Event Management (for additional fee) for launch support

Professional Direct ($1,000/month)

○ All of the above, plus: ○ Business-critical dependence scope in addition to production and test environments ○ Minimal business impact SLA of 4 hours, Moderate of 2 hours, Critical of 1 hour ○ Architectural guidance based on best practice delivered by ProDirect Delivery Manager ○ Onboarding services, service reviews, Azure Advisor consultations ○ Azure Engineering-led seminars for training

Standard ($100/month)

○ All of the above, plus: ○ Supports production workload environments instead of just trial and non-production ○ 24x7 access to Support Engineers via email and phone ○ Minimal business impact SLA of 8 hours, Moderate impact SLA 4 hours, Critical impact 1 hour

Data Lake Analytics

○ An on-demand analytics job service that simplifies big data ○ Write queries using U-SQL ○ Run big data analysis jobs that scale to massive data sets ○ Create and manage, batch, real-time, and interactive analytics jobs

Difference between authentication and authorization

○ Authentication ensures you are who you say you are ○ Authorization allows/restricts access to a resource based on who you are

Role-Based Access Control (RBAC)

○ Authorization system built on Azure Resource Manager (ARM) ○ Designed for fine-grained access management of Azure Resources ○ Role assignment is a combination of: + Role definition - list of permissions like create VM, delete SQL, assign permissions, etc. + Security Principal - user, group, service principal and managed identity and + Scope - resource, resource groups, subscription, management group ○ Hierarchical + Management Groups > Subscriptions > Resource Groups > Resources ○ Built-in and custom roles are supported

Best practices for minimizing Azure costs

○ Azure Credits: a benefit available to Visual Studio subscribers that gives you monthly credits to experiment with, develop, and test new solutions on Azure + Comes with a separate Azure subscription under your account with a monthly credit balance that renews each month while you remain an active VS member + $50/month for VS Professional and $150/month for Enterprise ○ Spending Limits: what it sounds like. Limits you can adjust so you don't spend more than anticipated on services or resources ○ Reservations - Purchased in one-year or three-year terms, with payment required for the full-term upfront. + reserved instances of VMs + reserved capacity for Azure Storage, SQL, Databricks, Cosmos, etc. + software plans, such as Red Hat, Suse Linux, etc.

Understand Zones for billing purposes

○ Billing Zones: a geographical grouping of Azure Regions specifically for billing purposes ○ Zone 1: US, Europe, Canada, UK, France ○ Zone 2: Asia Pacific, Japan, Australia, India, Korea ○ Zone 3: Brazil ○ DE Zone 1: Germany

Capital Expenditure (CapEx) and Operational Expenditure (OpEx)

○ CapEx: Spending money up front, value reduces over time ○ OpEx: Paying for a service or product as you use it. No upfront cost ○ Benefits of CapEx: Costs are fixed, easier to predict a project due to a limited budget ○ Benefits of OpEx: Demand and growth can be unpredictable, OpEx allows for quick changes Azure is agile and uses the OpEx paradigm

Azure Machine Learning

○ Cloud service enables you to: - prepare data - build and train - validate and deploy - manage, monitor, and retrain ML models ○ Notebooks using R and Python ○ Automated ML to run multiple algorithm/ parameter combinations to find the best model ○ Designed for drag-n-drop GUI, no-code development ○ Manage your storage, data, and compute resources ○ Pipelines orchestrate model training, deployment, and management tasks

Azure Information Protection (AIP)

○ Cloud-based solution that helps organizations classify and optionally protect documents and emails by applying labels ○ Labels can be applied automatically based on rules and conditions, manually, or a combination of both where users are guided by recommendations

Describe Hybrid cloud

○ Combines public and private clouds, allowing you to run your applications in the most appropriate location ○ i.e., you can host a website in the public cloud and link it to a secure database in your private cloud

Containers

○ Containers are lightweight, virtualized application environments ○ Designed to be quickly created, scaled out, and stopped dynamically. ○ Include libraries and components needed to run the applications ○ Can run multiple containerized applications on a single machine. ○ Unlike VMs, containers do NOT include an OS; instead they rely on the underlying host OS (Paas) ○ aka "Serverless Containers" b/c no

Steps to Create an Azure Policy

○ Create a policy definition - expresses what to evaluate and what action to take ○ Assign a definition to a scope of resources - policy definition that has been assigned to take place within a specific scope (can range from a full subscription down to a resource group). Inherited by all child resources ○ View policy evaluation results - policies can allow resources to be created even if they don't pass validation. If this is how it's set up, you can have it trigger an audit even where it's checked via the portal

Azure Monitor

○ Delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments ○ Helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depends on ○ CPU usage on a VM, errors from apps, Kubernetes cluster monitoring

Azure Blob Storage

○ Designed as a general purpose object storage for saving vast amounts of unstructured data (e.g., blobs = Binary Large OBjects), such as images (.JPG, .PNG), videos, text, encrypted messages, etc. Three storage tiers: + Hot - frequently accessed data + Cool - infrequently access data + Archive - rarely (if ever) accessed data (backups) ○ Ability to store up to 8 TB of data for VMs

Network Security Group (NSG)

○ Designed to filter traffic to (inbound) and from (outbound) Azure resources located in - Azure Virtual Network ○ Filtering controlled by rules ○ Ability to have multiple inbound and outbound rules ○ Rules are created by specifying: + Source/Destination (IP addresses, service tags, application security groups) + Protocol (TCP, UDP, any) + Port (or Port Ranges, ex. 3389 for RDP, 22 for SSH, 80 for HTTP, and 443 for HTTPS) + Direction (inbound or outbound) + Priority (order of evaluation)

Resource Locks

○ Designed to prevent accidental deletion and/or modification of resources ○ Two types of resource locks + Read-only - only read actions are allowed + Delete - all actions except delete are allowed ○ Only the build-in roles Owner and User Access Administrator can create and delete locks ○ Resource locks are inherited (subscriptions -> resource groups -> resources) ○ Locks cannot be applied to management groups

Use Security Center during the detect, assess, and diagnose stages

○ Detect: review the first indication of an event investigation ○ For example, you can use the Security Center dashboard to review the initial verification that a high-priority security alert was raised ○ Assess: perform the initial assessment to obtain more information about the suspicious activity ○ For example, obtain more information about the security alert ○ Diagnose: conduct a technical investigation and identify containment, mitigation, and workaround strategies ○ For example, follow the remediation steps described by Security Center in that particular security alert

Azure DDoS Protection

○ Detects malicious traffic and blocks it while allowing legitimate traffic and users through ○ Prevents additional costs in auto-scaling environments ○ Uses machine learning to analyze traffic patterns for better accuracy ○ Available in two tiers: + Basic - automatically enabled for Azure platform + Standard - additional mitigation & monitoring capabilities for Azure Virtual Network resources ○ Notified of DDoS attacks via Azure Monitor

Load Balancers

○ Efficiently distributes incoming network traffic across a group of servers (Iaas) ○ Ensures no one server is overworked ○ In the event of a server or app failure, traffic is automatically routed to another server. ○ Ensures high availability and enables "scaling out" ○ Supports TCP and UDP network protocols (non-HTTP)

Virtual Network (vNet)

○ Emulation of physical networking infrastructure (Iaas) ○ Designed for isolation, segmentation, communication, filtering, and routing between resources within Azure, the internet, and on-premise private networks. ○ Scoped to a single region; but multiple v-nets from different regions can be connected together using vNet Peering or VPN Gateway (private network/cloud). ○ Specify a range of IPs using CIDR Range ○ Can be segmented into one or more subnets ○ Subnets help organize and secure your resources in discrete sections of a network ○ Network filtering via Network Security Group (NSG) or Application Security Group (ASG)

Azure App Service

○ Enables hosting of enterprise-grade web apps (PaaS ) ○ Meets rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance ○ Supports multiple programming languages and containers (Dockerized) ○ Scales from 1 to 20/100 nodes

Platform-as-a-Service (PaaS)

○ Goal: help you create an application quickly without managing the underlying infrastructure ○ No need to install an OS, web server, or system updates ○ "A complete development and deployment environment in the cloud" ○Used for: development framework, analytics or business intelligence

Security in Azure is shared between the customer and Microsoft

○ IaaS: Still your responsibility to patch and secure the OS's and software, as well as configure your network to be secure ○ PaaS: Outsources a lot of security concerns. Azure takes care of foundational stuff, you still need to make the application secure ○ SaaS: You outsource almost everything. Code is controlled by the vendor but is configured by the customer

Azure Policy Initiatives

○ Initiatives enable you to organize and group policies. ○ Initiative definition: a set or group of policy definitions to help track your compliance state for a larger goal ○ Initiative assignment: an initiative definition assigned to a specific scope. This reduces the need to make several initiative definitions for each scope ○ e.g., you could create an initiative named 'Enable Monitoring in Azure Security Center' with a goal to monitor all the available security recommendations in your Azure Security Center

IoT Fundamentals

○ IoT devices are generally made up of a circuit board with sensors attached that connect to the internet ○ Examples: pressure sensors on a remote oil pump ○ Temperature and humidity sensors in an AC unit ○ Accelerometers in an elevator ○ Presence sensors in a room

Scale Sets

○ Lets you create and manage sets of identically configured VMs that are load-balanced. VMs are created from the same image and configuration. ○ The number of VMs can automatically increase or decrease in response to demand, or a defined schedule, or a combination of both ○ Provides high availability and elasticity (aka, autoscale) to your applications ○ Scale sets pre-provision your VM instances so that when they need to scale out, it's just a matter of starting them, rather than having to wait for Azure to actually create the VMs.

Azure Database Migration Service (DMS)

○ Makes it easier for customers to move on-premises databases or databases hosted elsewhere in the cloud to a Managed Instance. ○ Uses the Microsoft Data Migration Assistant to generate assessment reports that provide recommendations to help guide you through required changes prior to performing a migration ○ Once you assess and perform any remediation required, you're ready ○ Performs all the required steps of migration - you just change the connection string in your apps

Azure Firewall

○ Managed, cloud-based Firewall service (PaaS) ○ Can define Inbound & outbound traffic filtering rules ○ Supports FQDN (Fully Qualified Domain Name) ○ Fully integrated with Azure Monitor for logging and analytics

National Institute of Standards and Technology (NIST)

○ Microsoft is certified according to the FedRAMP standards. Office 365 is certified to the objectives specified in the NIST CSF ○ A set of standards for recommended security controls for information systems at federal agencies ○ Nine steps toward FISMA compliance

International Organization for Standardization (ISO)

○ Microsoft was the first cloud provider to have adopted the ISO/IEC 27018 code of practice, covering the processing of personal information by cloud service providers ○ They create a set of voluntary international standards. Business can choose to comply (not obligated) ○ Most common is ISO 9000, which is the umbrella for the quality management standards ○ Not required by law to comply, but ISO standards are recognized in many industries

Azure Active Directory

○ Microsoft's cloud-based identity and access management service ○ Identity mgmt includes users, groups, applications, and services ○ Access mgmt includes subscriptions, resource groups, roles, role assignments, authentication and authorization settings ○ Can sync with with on-premises AD via Sync Services (important for hybrid clouds) ○ Azure AD vs Windows AD: + Azure AD supports web-based services through the use of REST API's. Used my Microsoft cloud platforms: Azure, Office 365, Skype, OneDrive, etc. + Windows AD is for on-premises and local authentication

Describe Public cloud

○ Most common deployment model ○ You have no local hardware (e.g., servers, routers, etc.) to manage or keep up-to-date; everything runs on your cloud provider's hardware ○ The computing resources are shared with other public cloud users (e.g., two companies with their webservers running on the same physical server).

Infrastructure-as-a-Service (IaaS)

○ Most flexible category ○ Give you complete control over the hardware that runs your application (servers, VMs, storage, networks, and operating systems) ○ Instead of buying hardware, you rent it - an instance computing infrastructure that's provisioned and managed over the internet ○Used for: migrating workloads, test and development, website hosting, storage/backup/recovery

Azure Multi-Factor Authentication (MFA)

○ Process of authentication using two or more factors to prove one's identity. ○ Factor types may include: + Knowledge - "Something you know", e.g., password or pin + Possession - "Something you have", e.g., phone, token, card, or key + Physical Characteristic - "Something you are", e.g., fingerprint, voice, face, or eye iris + Location - "Somewhere you are", e.g., GPS location

Azure Service Health

○ Provides a customizable dashboard that tracks the health of your Azure services in the regions where you use them ○ Track active events like ongoing service issues, upcoming planned maintenance, or relevant health advisories ○ When events go inactive, they're in your health history for up to 90 days ○ Tracks service issues, planned maintenance, and health advisories

VPN Gateway

○ Provides a secure encrypted connection between an Azure Virtual Network and an on-premise location over the public internet ○ Cross-regional communication of Azure virtual networks typically use VNet Peering

Service Trust Portal

○ Provides a variety of third-party audit reports and other resources about Microsoft security, privacy, and compliance

Azure Disk Storage

○ Provides disks for VMs, apps, and other services to access and use as they need - similar to how they would in an on-premises scenario ○ Allows data to be persistently stored and accessed from an attached virtual hard disk ○ Each disk be managed or unmanaged ○ Both SSDs and HDDs are available.

Devices frequently used for prototyping

○ Raspberry Pi ○ MX Chip IoT Devkit from Microsoft

General Data Protection Regulation (GDPR)

○ Regulation in EU law on data protection and privacy for all individuals within the EU ○ Also addresses the export of personal data outside the EU and EEA areas

Key factors affecting costs

○ Resource Types - All Azure services (resources) have resource-specific pricing models. Typically consisting of one or more metrics. ○ Services - Azure-specific offers (Enterprise, Web Direct, CSP, etc.) have different cost and billing components like prepaid, billing cycles, discounts, etc. ○ Location - Usage costs vary between datacenters, locations, and regions. ○ Traffic - network traffic when uploading (inbound/ingress) data to Azure or downloading (outbound/egress) from Azure

Available support channels outside of support plan channels

○ See the technical documentation at docs.microsoft.com ○ Utilize the Microsoft Tech Community - a place for IT pro partners and customers to collaborate, share, & learn ○ Microsoft Tech Community Info Center is used for announcements, blog posts, AMA's with experts, and more

Service Level Agreement (SLA)

○ Service Level Agreements (SLA) are formal agreements between a service provider and a customer. ○ SLA is a promise of a service's availability (uptime & connectivity). ○ Availability is a measure of the time that a service is operational. ○ Each Azure service has its own SLA which ranges from 99% to 99.999% ○ Broken SLA means service credit return (discount) ○ Free and preview services typically don't have SLAs

Virtual Machines

○ Software emulation of physical computers ○ You specify the virtual hardware (e.g., processors, memory, storage, and networking resources) ○ And select the OS, services, and apps ○ VMs provide Infrastructure as a Service (IaaS) ○ When you need total control over an operating system and environment, VMs are an ideal choice. ○ Azure supports standard and custom images

Software-as-a-Service (SaaS)

○ Software that is centrally hosted and managed for the customer ○ One version of the app for all customers, licensed through a monthly or annual subscription ○ Examples: Office 365, Skype, Dynamics CRM User just use the software, not responsible for maintenance or management of anything

Understand options for purchasing Azure products and services

○ Three main customer types through which Azure services can be purchased: ○ Enterprise - sign an Enterprise Agreement that involves negotiations which are paid annually. Custom pricing ○ Web Direct - the prices the general public pays for Azure resources, monthly billing & pricing ○ Cloud Solution Provider - CSPs are Microsoft partner companies that a customer hires to build solutions on top of Azure

Compliance Manager

○ Tracks an organization's status with regard to regulations or standards ○ Shows compliance with things like GDPR

Dev ($29/month)

○ Trial and non-production environments ○ 24x7 access to billing and subscription support ○ Access to Azure Advisor recommendations ○ Access to personalized Service Health Dashboard and Health API ○ Business Hours access to Support Engineers via email ○ Unlimited contacts/unlimited support cases ○ Interoperability & configuration guidance and troubleshooting ○ <8 hour response time for minimal business impact incidents ○ General guidance for architecture support

Azure Policy

○ Used to define, assign, and manage standards for resources in your environment. It can prevent the creation of disallowed resources, ensure new resources have specific settings applied, and run evaluations of your existing resources to scan for non-compliance ○ You could have a policy that allows anyone to create VMs, but prevents the creation of VMs with more than 4 CPUs. Trying to update an existing VM to more than 4 cores will be denied ○ Policy Definitions define the condition (if/else) and the effect (deny, audit, append, modify, etc.) ○ Built-in and custom policies and initiatives ○ Policies allow for exclusions of scopes ○ Policies are checked during resource creation and updates and existing ones with remediation tasks

Azure Tools such as ○ Azure Portal ○ Azure PowerShell (Windows) ○ Azure CLI (Linux Bash) ○ Azure Cloud Shell (browser-based CLI) via https://shell.azure.com/

○ Various web-based UI and CLIs to access and manage Azure resources. ○ The Azure RM command line tools need to be installed to access Azure from PowerShell or the command line

Microsoft Privacy Statement

○ You can access and clear some of the data Microsoft has on you via the Microsoft privacy dashboard

Azure Security Center recommendations

○ You can reduce the chances of a significant security event by configuring a security policy, and then implementing the recommendations provided by Azure Security Center

Describe Private cloud

○ You create a cloud environment in your own datacenter (aka, on-premise) and provide access to compute resources to users in your organization ○ You are responsible for the purchase and maintenance of all hardware and software services

Trust center

○A center where you can learn: ○ Security - how all the Microsoft cloud services are secured ○ Privacy - how Microsoft ensures privacy of your Data in the Microsoft Cloud ○ Compliance - how Microsoft helps organizations comply with requirements ○ Transparency - How Microsoft believes that you control your data in the cloud and how Microsoft helps you know as much as possible about how that data is handled ○ Products and Services - See all products and services in one place ○ Service Trust Portal - Obtain copies of independent audit reports of Microsoft cloud services, risk assessments, security best practices, and related materials ○ What's New - find out what new in Microsoft Cloud Trust ○ Resources - investigate white papers, videos, and case studies on Microsoft Trusted Cloud

SLAs for specific Azure products & services

○VMs: 99.9% baseline, goes up to 99.95% with two or more instances deployed in the same availability set, and up to 99.99% if you have two or more instanced deployed across two or more Availability Zones in the same Azure Region ○ Azure AD: 99.9% ○ Azure Firewall: 99.95% ○ Cosmos DB: 99.99% baseline, can go up to 99.999% ○ Azure Functions: 99.95% ○ Logic Apps: 99.9% ○ Azure Data Lake: 99.9% ○ Azure Monitor: 99.9%