Microsoft Azure is Microsoft's comprehensive cloud computing platform that offers a vast array of services for building,
deploying, and managing applications and services.
Think of it as a global network of data centers managed by Microsoft, from which individuals,
companies, and governments can access computing resources over the internet.
Azure is used for a multitude of purposes, from hosting websites and mobile apps to running complex data analytics,
machine learning workloads, and Internet of Things (IoT) solutions.
Enables you to build and host web apps, background jobs, mobile back-ends,
and RESTful APIs in the programming language of your choice without managing infrastructure.
It offers automatic scaling and high availability. App Service supports Windows and Linux.
It enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model.
Azure App Service is a robust hosting option that you can use to host your apps in Azure.
Azure App Service lets you focus on building and maintaining your app, and Azure focuses on keeping the environment up and running.
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends.
It supports multiple languages, including .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python.
Web apps, API apps, WebJobs, Mobile apps.
The built-in load balancing and traffic manager provide high availability.
Deployment and management are integrated into the platform.
Sites can be scaled quickly to handle high traffic loads.
Endpoints can be secured.
App Service includes full support for hosting web apps by using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python.
You can choose either Windows or Linux as the host operating system.
Much like hosting a website, you can build REST-based web APIs by using your choice of language and framework.
You get full Swagger support and the ability to package and publish your API in Azure Marketplace.
The produced apps can be consumed from any HTTP- or HTTPS-based client.
Feature to run a program [.exe, Java, PHP, Python, or Node.js] or script [.cmd, .bat, PowerShell, or Bash]
in the same context as a web app, API app, or mobile app.
They can be scheduled or run by a trigger.
WebJobs are often used to run background tasks as part of your application logic.
Feature of App Service to quickly build a back end for iOS and Android apps. With just a few actions in the Azure portal, you can:
Authenticate customers against common social providers, such as MSA, Google, Twitter, and Facebook.
Store mobile app data in a cloud-based SQL database.
Execute custom back-end logic in C# or Node.js.
Send push notifications.
On the mobile app side, there's SDK support for native iOS and Android, Xamarin, and React native apps.
Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host,
you can run multiple containers on a single physical or virtual host.
Unlike virtual machines, you don't manage the operating system for a container.
Virtual machines appear to be an instance of an operating system that you can connect to and manage.
Containers are lightweight and designed to be created, scaled out, and stopped dynamically.
It's possible to create and deploy virtual machines as application demand increases, but containers are a lighter weight, more agile method.
Containers are designed to allow you to respond to changes on demand.
With containers, you can quickly restart if there's a crash or hardware interruption. One of the most popular container engines is Docker.
Containers are often used to create solutions by using a microservice architecture.
This architecture is where you break solutions into smaller, independent pieces.
For example, you might split a website into a container hosting your front end, another hosting your back end, and a third for storage.
This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.
Offer the fastest and simplest way to run a container in Azure, without having to manage any virtual machines or adopt any additional services.
Azure Container Instances are a platform as a service [PaaS] offering.
Azure Container Instances allow you to upload your containers and then the service will run the containers for you.
Similar in many ways to a container instance. They allow you to get up and running right away, they remove the container management piece, and they're a PaaS offering.
Container Apps have extra benefits such as the ability to incorporate load balancing and scaling. These other functions allow you to be more elastic in your design.
Container orchestration service. An orchestration service manages the lifecycle of containers.
When you're deploying a fleet of containers, AKS can make fleet management simpler and more efficient.
VMs provide infrastructure as a service [IaaS] in the form of a virtualized server and can be used in many ways.
Just like a physical computer, you can customize all of the software running on your VM. VMs are an ideal choice when you need:
Total control over the operating system [OS].
To use custom hosting configurations.
The ability to run custom software.
Allow you to centrally manage, configure, and update a large number of VMs in minutes.
The number of VM instances can automatically increase or decrease in response to demand, or you can set it to scale based on a defined schedule.
Virtual machine scale sets also automatically deploy a load balancer to make sure that your resources are being used efficiently.
With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads.
Another tool to help you build a more resilient, highly available environment.
Availability sets are designed to ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure.
Availability sets do this by grouping VMs in two ways: update domain and fault domain.
Update Domain:
The update domain groups VMs that can be rebooted at the same time.
This allows you to apply updates while knowing that only one update domain grouping will be offline at a time.
All of the machines in one update domain will be updated.
An update group going through the update process is given a 30-minute time to recover before maintenance on the next update domain starts.
Fault Domain:
The fault domain groups your VMs by common power source and network switch.
By default, an availability set will split your VMs across up to three fault domains.
This helps protect against a physical power or networking failure by having VMs in different fault domains [thus being connected to different power and networking resources].
Desktop and application virtualization service that runs on the cloud.
It enables you to use a cloud-hosted version of Windows from any location.
Azure Virtual Desktop works across devices and operating systems,
and works with apps that you can use to access remote desktops or most modern browsers.
Enables multiple concurrent users on a single VM.
Azure virtual networks and virtual subnets enable Azure resources, such as VMs, web apps, and databases,
to communicate with each other, with users on the internet, and with your on-premises client computers.
You can think of an Azure network as an extension of your on-premises network with resources that link other Azure resources.
Azure virtual networks provide the following key networking capabilities:
Communicate with on-premises resources
Communicate between Azure resources
Isolation and segmentation
Connect virtual networks
Internet communications
Filter network traffic
Route network traffic
Azure virtual networking supports both public and private endpoints to enable communication between external or internal resources with other internal resources.
Private endpoints exist within a virtual network and have a private IP address from within the address space of that virtual network.
Public endpoints have a public IP address and can be accessed from anywhere in the world.
Azure virtual network allows you to create multiple isolated virtual networks.
When you set up a virtual network, you define a private IP address space by using either public or private IP address ranges.
The IP range only exists within the virtual network and isn't internet routable.
You can divide that IP address space into subnets and allocate part of the defined address space to each named subnet.
Azure virtual networks enable you to link resources together in your on-premises environment and within your Azure subscription.
In effect, you can create a network that spans both your local and cloud environments.
There are three mechanisms for you to achieve this connectivity:
Point-to-site virtual private network connections are from a computer outside your organization back into your corporate network.
In this case, the client computer initiates an encrypted VPN connection to connect to the Azure virtual network.
Site-to-site virtual private networks link your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network.
In effect, the devices in Azure can appear as being on the local network.
The connection is encrypted and works over the internet.
Azure ExpressRoute provides a dedicated private connectivity to Azure that doesn't travel over the internet.
ExpressRoute is useful for environments where you need greater bandwidth and even higher levels of security.
Web-based, unified console that provides an alternative to command-line tools.
With the Azure portal, you can manage your Azure subscription by using a graphical user interface. You can:
Build, manage, and monitor everything from simple web apps to complex cloud deployments.
Create custom dashboards for an organized view of resources.
Configure accessibility options for an optimal experience.
Browser-based shell tool that allows you to create, configure, and manage Azure resources using a shell.
Azure Cloud Shell support both Azure PowerShell and the Azure Command Line Interface (CLI), which is a Bash shell.
Has several features that make it a unique offering to support you in managing Azure. Some of those features are:
You choose the shell you’re most familiar with, Azure Cloud Shell supports both Azure PowerShell and the Azure CLI [which uses Bash].
It is authenticated to your Azure credentials, so when you log in it inherently knows who you are and what permissions you have.
It is a browser-based shell experience, with no local installation or configuration required.
Shell with which developers, DevOps, and IT professionals can run commands called command-lets (cmdlets).
These commands call the Azure REST API to perform management tasks in Azure.
Cmdlets can be run independently to handle one-off changes, or they may be combined to help orchestrate complex actions such as:
The routine setup, teardown, and maintenance of a single resource or multiple connected resources.
The deployment of an entire infrastructure, which might contain dozens or hundreds of resources, from imperative code.
Capturing the commands in a script makes the process repeatable and automatable.
In addition to be available via Azure Cloud Shell, you can install and configure Azure PowerShell on Windows, Linux, and Mac platforms.
Functionally equivalent to Azure PowerShell, with the primary difference being the syntax of commands.
While Azure PowerShell uses PowerShell commands, the Azure CLI uses Bash commands.
The Azure CLI provides the same benefits of handling discrete tasks or orchestrating complex operations through code.
It’s also installable on Windows, Linux, and Mac platforms, as well as through Azure Cloud Shell.
Due to the similarities in capabilities and access between Azure PowerShell and the Bash based Azure CLI, it mainly comes down to which language you’re most familiar with.
Enables you to create, assign, and manage policies that control or audit your resources.
These policies enforce different rules across your resource configurations so that those configurations stay compliant with corporate standards.
Enables you to define both individual policies and groups of related policies, known as initiatives.
Evaluates your resources and highlights resources that aren't compliant with the policies you've created, can also prevent noncompliant resources from being created.
Can be set at each level, enabling you to set policies on a specific resource, resource group, subscription, and so on (Azure Policies are inherited).
Provides a management layer that enables you to create, update, and delete resources in your Azure account.
Anytime you do anything with your Azure resources, ARM is involved.
Azure Resource Manager (ARM) benefits:
Manage your infrastructure through declarative templates rather than scripts.
A Resource Manager template is a JSON file that defines what you want to deploy to Azure.
Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
Re-deploy your solution throughout the development life-cycle and have confidence your resources are deployed in a consistent state.
Define the dependencies between resources, so they're deployed in the correct order.
Apply access control to all services because RBAC is natively integrated into the management platform.
Apply tags to resources to logically organize all the resources in your subscription.
Clarify your organization's billing by viewing costs for a group of resources that share the same tag.
Infrastructure as code - concept where you manage your infrastructure as lines of code.
At an introductory level, it's things like using Azure Cloud Shell, Azure PowerShell, or the Azure CLI to manage and configure your resources.
As you get more comfortable in the cloud, you can use the infrastructure as code concept to manage entire deployments using repeatable templates and configurations.
ARM templates and Bicep are two examples of using infrastructure as code with the Azure Resource Manager to maintain your environment.
ARM templates - you can describe the resources you want to use in a declarative JSON format.
With an ARM template, the deployment code is verified before any code is run.
This ensures that the resources will be created and connected correctly.
The template then orchestrates the creation of those resources in parallel.
Ultimately, the developer, DevOps professional, or IT professional needs only to define the desired state and configuration of each resource in the ARM template, and the template does the rest.
Templates can even execute PowerShell and Bash scripts before or after the resource has been set up.
Benefits of using ARM templates:
Declarative syntax - ARM templates allow you to create and deploy an entire Azure infrastructure declaratively.
Declarative syntax means you declare what you want to deploy but don’t need to write the actual programming commands and sequence to deploy the resources.
Repeatable results - Repeatedly deploy your infrastructure throughout the development lifecycle and have confidence your resources are deployed in a consistent manner.
You can use the same ARM template to deploy multiple dev/test environments, knowing that all the environments are the same.
Orchestration - You don't have to worry about the complexities of ordering operations. Azure Resource Manager orchestrates the deployment of interdependent resources, so they're created in the correct order.
When possible, Azure Resource Manager deploys resources in parallel, so your deployments finish faster than serial deployments.
You deploy the template through one command, rather than through multiple imperative commands.
Modular files - You can break your templates into smaller, reusable components and link them together at deployment time.
You can also nest one template inside another template.
For example, you could create a template for a VM stack, and then nest that template inside of templates that deploy entire environments, and that VM stack will consistently be deployed in each of the environment templates.
Extensibility - With deployment scripts, you can add PowerShell or Bash scripts to your templates.
The deployment scripts extend your ability to set up resources during deployment.
A script can be included in the template or stored in an external source and referenced in the template.
Deployment scripts give you the ability to complete your end-to-end environment setup in a single ARM template.
Bicep - Language that uses declarative syntax to deploy Azure resources.
A Bicep file defines the infrastructure and configuration.
Then, ARM deploys that environment based on your Bicep file.
While similar to an ARM template, which is written in JSON, Bicep files tend to use a simpler, more concise style.
Some benefits of Bicep are:
Support for all resource types and API versions - Bicep immediately supports all preview and GA versions for Azure services.
As soon as a resource provider introduces new resource types and API versions, you can use them in your Bicep file.
You don't have to wait for tools to be updated before using the new services.
Simple syntax - When compared to the equivalent JSON template, Bicep files are more concise and easier to read.
Bicep requires no previous knowledge of programming languages.
Bicep syntax is declarative and specifies which resources and resource properties you want to deploy.
Repeatable results - Repeatedly deploy your infrastructure throughout the development lifecycle and have confidence your resources are deployed in a consistent manner.
Bicep files are idempotent, which means you can deploy the same file many times and get the same resource types in the same state.
You can develop one file that represents the desired state, rather than developing lots of separate files to represent updates.
Orchestration - You don't have to worry about the complexities of ordering operations.
Resource Manager orchestrates the deployment of interdependent resources so they're created in the correct order.
When possible, Resource Manager deploys resources in parallel so your deployments finish faster than serial deployments.
You deploy the file through one command, rather than through multiple imperative commands.
Modularity - You can break your Bicep code into manageable parts by using modules.
The module deploys a set of related resources. Modules enable you to reuse code and simplify development.
Add the module to a Bicep file anytime you need to deploy those resources.
Evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.
When you're in the Azure portal, the Advisor dashboard displays personalized recommendations for all your subscriptions.
You can use filters to select recommendations for specific subscriptions, resource groups, or services.
The recommendations are divided into five categories:
Reliability - is used to ensure and improve the continuity of your business-critical applications.
Security - is used to detect threats and vulnerabilities that might lead to security breaches.
Performance - is used to improve the speed of your applications.
Operational Excellence - is used to help you achieve process and workflow efficiency, resource manageability, and deployment best practices.
Cost - is used to optimize and reduce your overall Azure spending.
Helps you keep track of Azure resource, both your specifically deployed resources and the overall status of Azure.
Azure service health does this by combining three different Azure services:
Azure Status - is a broad picture of the status of Azure globally. Azure status informs you of service outages in Azure on the Azure Status page.
The page is a global view of the health of all Azure services across all Azure regions.
It’s a good reference for incidents with widespread impact.
Service Health - provides a narrower view of Azure services and regions.
It focuses on the Azure services and regions you're using.
This is the best place to look for service impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Service Health experience knows which services and resources you currently use.
You can even set up Service Health alerts to notify you when service issues, planned maintenance, or other changes may affect the Azure services and regions you use.
Resource Health - is a tailored view of your actual Azure resources.
It provides information about the health of your individual cloud resources, such as a specific virtual machine instance.
Using Azure Monitor, you can also configure alerts to notify you of availability changes to your cloud resources.
Platform for collecting data on your resources, analyzing that data, visualizing the information, and even acting on the results.
Azure Monitor can monitor Azure resources, your on-premises resources, and even multi-cloud resources like virtual machines hosted with a different cloud provider.
Write and run log queries on the data gathered by Azure Monitor.
Log Analytics is a robust tool that supports both simple, complex queries, and data analysis.
You can write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze the records.
You can write an advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend.
Whether you work with the results of your queries interactively or use them with other Azure Monitor features such as log query alerts or workbooks, Log Analytics is the tool that you're going to use to write and test those queries.
Automated way to stay informed when Azure Monitor detects a threshold being crossed.
You set the alert conditions, the notification actions, and then Azure Monitor Alerts notifies when an alert is triggered.
Depending on your configuration, Azure Monitor Alerts can also attempt corrective action.
Event-driven, serverless compute option that doesn’t require maintaining virtual machines or containers.
If you build an app using VMs or containers, those resources have to be “running” in order for your app to function.
With Azure Functions, an event wakes the function, alleviating the need to keep resources provisioned when there are no events.
Benefits of Azure Functions:
Functions are commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.
Functions scale automatically based on demand, so they may be a good choice when demand is variable.
Azure Functions runs your code when it's triggered and automatically deallocates resources when the function is finished.
In this model, you're only charged for the CPU time used while your function runs.
Functions can be either stateless or stateful. When they're stateless (the default), they behave as if they're restarted every time they respond to an event.
When they're stateful (called Durable Functions), a context is passed through the function to track prior activity.
Functions are a key component of serverless computing.
They're also a general compute platform for running any type of code.
If the needs of the developer's app change, you can deploy the project in an environment that isn't serverless.
This flexibility allows you to manage scaling, run on virtual networks, and even completely isolate the functions.
Capable of monitoring applications that are running in Azure, on-premises, or in a different cloud environment.
There are two ways to configure Application Insights to help monitor your application.
You can either install an SDK in your application, or you can use the Application Insights agent.
The Application Insights agent is supported in C#.NET, VB.NET, Java, JavaScript, Node.js, and Python.
Once Application Insights is up and running, you can use it to monitor a broad array of information, such as:
Request rates, response times, and failure rates.
Dependency rates, response times, and failure rates, to show whether external services are slowing down performance.
Page views and load performance reported by users' browsers.
AJAX calls from web pages, including rates, response times, and failure rates.
User and session counts.
Performance counters from Windows or Linux server machines, such as CPU, memory, and network usage.
Prevents resources from being accidentally deleted or changed.
Resource locks prevent resources from being deleted or updated, depending on the type of lock.
Resource locks can be applied to individual resources, resource groups, or even an entire subscription.
Resource locks are inherited, meaning that if you place a resource lock on a resource group, all of the resources within the resource group will also have the resource lock applied.
There are two types of resource locks, one that prevents users from deleting and one that prevents users from changing or deleting a resource:
Delete means authorized users can still read and modify a resource, but they can't delete the resource.
ReadOnly means authorized users can read a resource, but they can't delete or update the resource.
Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
You can manage resource locks from the Azure portal, PowerShell, the Azure CLI, or from an Azure Resource Manager template.
To modify a locked resource, you must first remove the lock.
After you remove the lock, you can apply any action you have permissions to perform.
Resource locks apply regardless of RBAC permissions.
Even if you're an owner of the resource, you must still remove the lock before you can perform the blocked activity.
Provides access to various content, tools, and other resources about Microsoft security, privacy, and compliance practices.
You can access the Service Trust Portal at: https://servicetrust.microsoft.com/
The categories on the main menu are:
Service Trust Portal - provides a quick access hyperlink to return to the Service Trust Portal home page.
My Library - lets you save (or pin) documents to quickly access them on your My Library page.
You can also set up to receive notifications when documents in your My Library are updated.
All Documents - is a single landing place for documents on the service trust portal.
From All Documents, you can pin documents to have them show up in your My Library.