Al

an
R
o
d
r
ig
u
Introduction

es
 What is cloud computing

es
u
Delivery Payment model

ig
1
This is the delivery of computing Here you pay for how
services – servers , storage , 3 much you use.

r
databases, networking, software
and more

d
o
R
Be ahead of the competition
Cloud
2
Cloud computing

4
Allows for faster innovation,
an
The delivery of these flexibility and faster delivery
services is done over the of services.
Internet.
Al
 Traditional

es
Data Centers

u
ig
r
1 Less management Don’t manage Large

d
machine

o
2 Less investment Don’t need to invest
in hardware

R
Don’t need to invest in
Cloud Computing

3 Less operations
an
managing the data center

4 Focus on business You get to focus on

your business and
Al

applications
c
 Forecast

es
Cloud

u
ig

w w w . w e b s i t e . c o m
332.3

r
Worldwide end-user spending on public
cloud services forecast for 2021
billion

d
o
23.1 %
Growth in 2021

R
Cloud Computing

an
Al

https://www.gartner.com/en/newsroom/press-releases/2021-04-21-gartner-
forecasts-worldwide-public-cloud-end-user-spending-to-grow-23-percent-in-2021
c
 Microsoft Azure

es
u
Service Subscription

ig
1
Microsoft Azure provides This is used for billing
functionality that you can use in 3 purposes.

r
the form of a service.

d
o
R
Resource group
Resource
2
Cloud computing

4
This is used to logically group
an
You use the service to resources.
create a resource as part
of your account.
Al
 es
u
ig
Describe Azure architecture and

r
services - Azure compute

d
o
R
an
Al
 es
u
ig
Virtual Machine

r
d
o
R
Compute service
an
Al
 Virtual Machine service

es
u
ig
Compute
This is your compute service 1 3
Lifecycle

r
You can create the machine
on the Azure platform. Here whenever you want. You can

d
you can create compute also terminate the machine
resources on-demand. whenever required.

o
R
2 Workload
Virtual Machines

Operating System
4
an
You can choose from You can then install different
operating systems such as workloads on the machine.
Windows Server 2019 and
Al

different flavors of Linux.

 Azure

es
Virtual Machines

u
ig
r
1 Less management You don’t manage the

d
infrastructure.

o
2 Less investment You only pay for how
much you use.

R
Don’t need to invest in
Virtual Machines

3 Less operations
an
managing the data center

4 Configure You can configure various

aspects of your virtual
Al

machine
c
 Azure virtual machine deployment

es
u
ig
Virtual Public IP Network
Security OS Disk
Network Address

r
Group

d
Used to store

o
Isolated network Allows to contact Filters traffic to
On the cloud the machine from and from the the operating
system

R
the Internet machine
Virtual Machine

an
Al
c
 es
u
ig
Availability options

r
d
o
R
an
Al
 es
u
ig
• This feature helps to protect your machines against infrastructure level failures.

r
• An unplanned event wherein the underlying infrastructure fails unexpectedly. The failures could be attributed

d
to network failures , local disk failures or even rack failures

o
• Planned maintenance events , wherein Microsoft needs to make planned updates to the underlying physical
environment. In such cases , a reboot might be required on your virtual machine

R
• You can increase the availability of your application by making use of availability sets. Each virtual machine

Availability sets
an
that is assigned to the availability set is assigned a separate fault and update domain.
Al
 es
Fault domains

u
ig
r
d
You can create

o
These are used to define the group of virtual
up to
R
machines that share a common source and
network switch.
Availability sets

an
Al
 es
Update domains

u
ig
r
d
You can create

o
These are used to group virtual machines and
up to
R
physical hardware that can be rebooted at the
same time.
Availability sets

an
Al
 es
u
ig
• This features help provides better availability for your application by protecting them from datacenter failures

r
• Each Availability zone is a unique physical location in an Azure region

d
• Each zone comprises of one or more data centers that has independent power, cooling, and networking

o
• Hence the physical separation of the Availability Zones helps protect applications against data center failures

R
• Using Availability Zones, you can be guaranteed an availability of 99.99% for your virtual machines. You need

Availability zones
an
to ensure that you have 2 or more virtual machines running across multiple availability zones.
Al
 Virtual Machine types

es
u
ig
General Purpose
This provides a balanced 1 3
Memory Optimized

r
This provides a good memory-
CPU-to-memory ratio. This is to-CPU ratio. This is good for

d
great for test and database-related workloads.
development environments.

o
R
2 Storage Optimized
Virtual Machines

Compute Optimized
4
an
This has a high CPU-to- This provides high disk
memory ratio. This is good for throughput which is ideal for
medium-sized workloads like Big Data workloads.
Al

web servers.
 es
u
ig
• The Virtual machine gets allocated an OS level disk. This is a managed disk.

r
• The VM could also get a temporary disk. This is not a managed disk.

d
• The data on the temporary disk could get lost in the case of a maintenance event or if the machine is

o
redeployed.

R
• You can also add new data disks to the virtual machine.

Availability zones
an
Al
 es
u
ig
• Private IP addresses allow communication between resources in Azure.

r
• The private IP address gets allocated from the subnet that the virtual machine is hosted in.

d
• The public IP address allows Internet resources to communicate inbound into the Azure virtual machine.

o
R

Availability zones
an
Al
 es
u
ig
Azure We b App

r
d
o
R
an
Al
 es
u
ig
• This is an HTTP-based service used for hosting web applications.

r
• Here your applications can be in .NET, .NET Core, Java, Ruby, Node.js or Python.

d
• Applications can run both on Windows or Linux-based platforms.

o
• This is a platform-as-a-service where the infrastructure is managed for you.

Azure Web Apps

• App service plan defines the set of compute resources that are used to run the web application.
an
Al
 Azure App Service Plans

es
u
Isolated

ig
Free, Shared Basic, Standard
Premium

r
Here you get Here your apps run on

d
Here the dedicated Azure
dedicated Azure
infrastructure is virtual machines and
VM’s to run the
shared with other Azure virtual networks

o
applications.
customers. You only
Depending on the
get certain CPU

R
tier you can also
quotas to run per
scale out your web
day.
Azure Web Apps

applications.
an
Al
 es
u
ig
Azure F unctions

r
d
o
R
an
Al
 es
u
ig
• This service allows you to run small pieces of code as functions.

r
• Here you just develop and upload the code to an Azure Function.

d
• You only get billed for the amount of time the code is run.

o
• You can use a variety of programming languages in Azure Functions.

R
• C#, Java , JavaScript, PowerShell and Python.

Azure Functions
an
Al
 Pricing plans

es
u
If you want pre-warmed
Charged based Instances

ig
On the usage

r
d
Consumption App Service Premium
Plan

o
Keyword Here

R
Useful if you are using an
Azure Functions

Azure Web App

an
Al
 es
u
ig
Describe Azure architecture and

r
services - Networking

d
o
R
an
Al
 es
u
ig
Virtual Network

r
d
o
R
an
Al
 Virtual Network

es
u
ig
Resources
Isolated
This is an isolated network 1 3 You can then place resources

r
on Azure cloud. such as Azure virtual machines

d
within the virtual network.

o
R
Managed 2 Internet
Virtual Network

4
an
Here you don’t need to By default all resources in the
deploy an infrastructure to virtual network can
have a network in place. communicate outbound with
Al

the internet.
 es
u
ig
Security Groups

r
d
o
R
an
Al
 es
u
ig
• This is used to filter network traffic in an Azure virtual network.

r
• You define different rules as part of the Network Security Group. You have Inbound and Outbound rules.

d
• For each rule you mention the source and destination of traffic, the port and protocol.

o
R

Security Groups
an
Al
 es
u
ig
• This is used when you want to apply network filtering rules for a group of machines.

r
• Instead of mentioning the IP address of the machine, you can make the machine part of an Application

d
Security Group.

• And then you can mention the Application Security Group in the Network Security Group.

o
R

Security Groups
an
Al
Al
an
R
o
d
r
Connectivity

ig
u
es
 es
u
ig
• An Azure VPN gateway can be used to send encrypted traffic between an Azure virtual network and on-

r
premises location over the Internet.

d
• Point-to-Site VPN – This let’s you create a secure connection from the Azure virtual network to an individual
client computer.

o
• Site-to-Site VPN – This provides connectivity between an on-premises network and an Azure virtual network.

Connectivity
an
Al
 es
u
ig
Azure Load Balancer

r
d
o
R
an
Al
 es
u
ig
• This service is used to distribute the incoming network traffic across a group of backend resources of servers

r
• You can define two types of load balancers – Public or Private Load Balancers

d
• You have 2 SKUs for the Load Balancer – Standard and Basic Load Balancer

o
R

Azure Load Balancer

an
Al
 Basic Load Balancer

es
u
ig
Pricing SLA
You are not charged for There is no SLA

r
the Load Balancer

d
o
Features

R
Azure Load Balancer

an
Backend machines Support for zones
Here the machines need to There is no support for
be part of an availability set availability zones
Al

or scale set
 Standard Load Balancer

es
u
ig
Pricing SLA
There is a price per hour There is an SLA of 99.99%

r
d
o
Features

R
Azure Load Balancer

an
Backend machines Support for zones
Here the machines need to Here you get support for
be part of an availability availability zones
Al

set or scale set or they can

be individual machines
 Components of a Load Balancer

es
u
ig
Frontend Backend Health Rules

r
IP pool probes

d
o
R
Azure Load Balancer

an
Here you define an IP This contains the This helps to check the The Load Balancing
address for the load backend virtual status of the backend rules define how to
balancer machines pool distribute the incoming
traffic
Al
 es
u
ig
Describe Azure architecture and

r
services - Storage

d
o
R
an
Al
 es
u
ig
A z u r e S t o ra g e A c c o u n t s

r
d
o
R
an
Al
 es
u
ig
• This service allows you to store objects on the cloud.

r
• Here you can make use of different services – Blob, Queue, File and Table.

d
• There are also different types of storage accounts.

o
R

Azure Storage accounts

an
Al
 Storage account types

es
u
ig
Standard-general purpose v2 Premium file shares
Gives you access to Blob, 1 3 This is a premium storage

r
Queue, Table and File account for your file shares.

d
service

o
R
Azure storage accounts

Premium block blobs

2 Premium page blobs

4
an
This is premium storage This is premium storage
for your block blobs for your page blobs.
Al
 es
u
ig
• This service is optimized for storing large amounts of unstructured data.

r
• Use case examples – storing images, videos, log files, documents.

d
• In the blob service, you will create a container. This is used to organize a set of blobs.

o
• Block blobs – This is used to store text and binary data.

Azure Storage accounts

• Page blobs – This is used to store virtual hard drive files that are used as disks for your Azure virtual machines.
an
Al
 es
u
ig
• This is used for hosting file shares on the cloud.

r
• This shares can be accessed via the SMB – Server Message Blob protocol.

d
• You can mount the file shares from Windows, Linux and macOS clients.

o
R

Azure Storage accounts

an
Al
 es
u
ig
• This service is used for storing large amounts of messages.

r
• These messages can then be accessed from anywhere in the world via the HTTP or HTTPS protocol.

d
• You can store millions of messages in the queue.

o
R

Azure Storage accounts

an
Al
 es
u
ig
• This service is used for storing non-relational structured data.

r
• Its ideal for storing flexible data sets because it does not conform to any sort of schema.

d
• In the table , you store an entity which is a set of properties.

o
• A property is nothing but a name-value pair.

Azure Storage accounts

• The partition key is used to split the data across various partitions. And the row key is used to identify an item
an
within a partition.
Al
 es
u
ig
• This service can be used to transform the Windows server into a quick cache of the Azure File share.

r
• You create an Azure File Sync resource.

d
• You also need to deploy the Azure File Sync agent to the Windows server.

o
R

Azure Storage accounts

an
Al
 Access tiers

es
u
ig
Hot Cool Archive

r
d
o
R
Azure Storage accounts

This is optimized for This is optimized for data

an
This is optimized for
data that is accessed that is infrequently
storing data that is
frequently. accessed and stored for
rarely accessed and
at least 30 days.
stored for at least 180
Al

days.
 es
u
ig
• The Archive access tier is good for long-term backups.

r
• You can set the access tier at the Storage account level to Hot or Cool.

d
• At the object level, you can also set the Archive access tier.

o
R

Azure Storage accounts

an
Al
 Data Redundancy

es
u
Zone-redundant

ig
Locally redundant Geo-redundant Geo-zone-
storage storage storage redundant
storage

r
Here data is copied Here data is copied Here data is copied
synchronously three synchronously synchronously three Here data is copied

d
times within a single across three Azure times within a single synchronously
physical location in availability zones in physical location in the across three Azure

o
the primary region the primary region primary region using availability zones in
LRS. It then copies the primary region
using ZRS. It then

R
your data
Azure Storage accounts

asynchronously to a copies your data

single physical location asynchronously to a
an
in the secondary single physical
region location in the
secondary region
Al
 es
u
ig
Describe Azure architecture and

r
services - Databases

d
o
R
an
Al
 es
u
ig
Azure SQL database

r
d
o
R
an
Al
 Your own server

es
u
ig
Full control Security
You have full control You get to control all of

r
over the underlying the security aspects
database engine

d
o
Advantages

R
Azure SQL Database

an
Any version Integration
You can use any You can install custom
database version tools for integration
Al

purposes
 Your own server - Downside

es
u
ig
Management Backups
You have to manage the You need to implement

r
underlying infrastructure backups

d
o
Downside

R
Azure SQL Database

an
High Availability Patching
You need to manage You need to install
high availability updates
Al
 es
u
ig
• DTU – Database Transaction Units.

r
• This is a blended measure of CPU, Memory and Input/Output.

d
• There are different pricing tiers when it comes to the DTU model.

o
R

Azure SQL Database

an
Al
 es
u
ig
r
d
o
R

Azure SQL Database

an
Al

Reference - https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-dtu
 es
u
ig
• vCore-based purchasing model.

r
• Here you can independently scale compute and storage.

d
• You can make use of the hybrid benefit model. Here you can save on costs if you have existing SQL Server

o
licenses.

Azure SQL Database

an
Al
 es
u
ig
• This is a deployment model that provides native integration with the Azure virtual network service.

r
• It provides near 100% compatibility with the latest SQL Server features.

d
• Here again the infrastructure is managed for you.

o
• Companies can also easily migrate their existing on-premises databases to the Managed Instance.

Azure SQL Database

an
Al
 es
u
ig
• MySQL is an open-source relational database management system.

r
• You can store your data in the form of tables.

d
• You can query for data using the Structured Query Language (SQL).

o
• Azure Database for MySQL is a fully managed database service.

R
• Here the underlying platform is managed by the service itself.
an

Azure for MySQL

• Here you also get high availability, backups and patching as well.
Al
 es
u
ig
• PostgreSQL is a free and open-source relational database management system.

r
• It has support for transactions that follow the ACID concepts – Atomicity, Consistency, Isolation and Durability.

d
• It also has support for views, foreign keys, triggers and stored procedures.

o
• Azure Database for PostgreSQL is a fully managed database service.

R
• Here the underlying platform is managed by the service itself.

Azure for PostgreSQL

an
• Here you also get high availability, backups and patching as well.
Al
 es
u
ig
This is an enterprise analytics service.

r
This helps you to host your data warehouses and also helps you get insights on the data being hosted.

d
You can use Spark technologies for your Big data needs.

o
You can also use pipelines for your data integration needs.

Azure Synapse
an
Al
 es
u
ig
This is a platform which has a set of tools that can be used for building, deploying, sharing and maintaining

r
enterprise-grade data solutions.

d
You can use Azure Databricks to process, store, clean and analyze your data.

o
You have interactive notebooks, data ingestion , compute management.

Azure Databricks
an
Al
 es
u
ig
This is a fully managed NoSQL database.

r
The database provides fast response time and is highly scalable.

d
Here the underlying infrastructure is completely managed by Azure.

o
Commonly used for web, mobile, gaming and IoT applications that need to handle massive amounts of data.

Azure Cosmos DB
an
Al
 Cosmos DB API

es
u
ig
Core SQL MongoDB Cassandra Gremlin Table
API API API

r
API API

d
o
R
Azure Cosmos DB

an
If you need to query If you need to host a If you need to host a If you need to host a If you need to store
for items using MongoDB compatible Cassandra compatible graph-based database data in the form of
Structured query database database tables
language
Al
 es
u
ig
Describe cloud concepts

r
d
o
R
an
Al
 es
u
ig
Economies of Scale

r
d
o
R
Understanding
an
Al
 Economies of Scale

es
u
ig
Basics
This is the ability to carry 1 3
Benefit

r
This becomes a benefit to the
out tasks more efficiently customer wherein the

d
or at a lower-cost per discounts can be passed to the
unit when operating at a customer.

o
large scale.

R
2
Economies of Scale

Discount Service cost

4
an
When the demand If the number of customers
increases, cloud providers increase the chances of
can then get hardware at services costs can go down.
Al

discount prices.
 Capital Expenditure

es
This is when you pay money upfront

u
ig
Server Storage Software Datacenter
Costs Costs Licenses costs

r
d
o
R
Economies of scale

an
Al
c
 Operational Expenditure

es
Ongoing money spent on services

u
ig
Human Software Datacenter
Resources Maintenance Support Costs - Cooling

r
d
o
R
Economies of scale

an
Al
c
 es
u
ig
C loud Se r v ice Mode ls

r
d
o
R
an
Al
 es
u
• An example is the Azure virtual machine service.

ig
• Here you don’t need to manage the underlying infrastructure.

r
• The physical servers and storage is managed for you.

d
• This helps remove the capital expense and reduces ongoing cost.

o
• The Virtual Machine also has an SLA. To achieve that SLA for any on-premise server would require a lot of

R
work.

Cloud Service Model

• Infrastructure cloud services also allow you to scale based on demand
an
Al
 es
u
• An example is the Azure SQL Database service or the Azure Web App service.

ig
• Here you don’t need to manage the infrastructure or even the underlying operating system and platform

r
components.

d
• You can just start hosting your data or your web application.

o
• Reduces deployment time.

R
• You can use an array of database technologies available in the case of Azure.

Cloud Service Model

• All of these services use a Pay-as-you-go model.
an
Al
 es
u
• An example is Microsoft Office 365.

ig
• Here you don’t need to manage the infrastructure or even the underlying operating system, platform

r
components or even the software.

d
• Here you just start directly using the software.

o
• You can access your application data from anywhere.

R
• You don’t have the headache of managing anything.

Cloud Service Model

an
Al
 es
u
ig
C loud Mode l type s

r
d
o
R
an
Al
 es
u
ig
• These are services that are offered over the public internet

r
• It’s available to anybody who wants to use them. Users then pay based on service they use.

d
• Here all the servers and storage is managed by the cloud provider.

o
R

Cloud Model types

an
Al
 Public Cloud Advantages

es
u
Investment Reachability

ig
No need for a capital
1 3
Cloud providers such as

r
investment – You normally Azure have data centers
don’t pay any money upfront located at different regions

d
to use a cloud service. Most across the world.
of the services are based on a

o
pay-as-you-go model

R
Management 2 Ease of use
Cloud Model types

4
an
You don’t need to manage the You can quickly provision
underlying physical resources on the cloud. It
infrastructure. Hence on-going allows you to get up and
maintenance costs are also running in no time.
Al

reduced.
 es
u
ig
• These are set of services that are normally only used by users of a business or organization.

r
• The private cloud could be hosted either on the company’s on-premise environment. Or it could be provided

d
by a third-party service provider.

o
R

Cloud Model types

an
Al
 Private Cloud Advantages

es
u
ig
Control
The business has complete 1 3
Data
The data held in the

r
control over the environment. environment is in

d
complete control by the
business.

o
R
Security 2 Flexibility
Cloud Model types

4
an
They can implement their You can implement
own security protocols at various technologies and
every layer to secure the not bound to any
environment. platform.
Al
 es
u
ig
• This is a combination of both the public and private cloud.

r
• It allows data and applications to be shared across both cloud environments.

d
o
R

Cloud Model types

an
Al
 Hybrid Cloud Advantages

es
u
Current Investment Data

ig
Businesses can still leverage
their existing on-premise 1 3
They can keep data

r
which needs to be
environment. This is secured by their

d
important if they have standards in their on-
already made a substantial premise environment.

o
investment in getting their
environment in place.

R
Extension 2 Migration
Cloud Model types

4
an
They can extend their They can move
infrastructure to the workloads to the cloud
cloud without making a gradually.
further investment.
Al
 es
u
ig
Describe Azure architecture

r
and services - Other services

d
o
R
an
Al
 es
u
ig
A z u r e Tra f f i c M a n a g e r

r
d
o
R
an
Al
 es
u
ig
• This is a DNS-based traffic load balancer.

r
• Here you can direct traffic to endpoints based on different routing methods.

d
• Priority Routing method – Here the routing will go to the secondary endpoint if the primary endpoint is not

o
available.

R
• Weighted Routing method – Here the requests can be routed to the endpoints based on different weights.

Azure Traffic Manager

an
Al
 es
u
ig
Azure Content Delivery Network

r
d
o
R
an
Al
 es
u
ig
• This service helps to deliver content efficiently to end-users across the world.

r
• It makes use of edge servers across the world to deliver content to users.

d
• You can place the Azure CDN profile in front of your web endpoint.

o
R

Azure Content Delivery

an
Al
Al
an
R
o
d
r
ig
Azure DevOps

u
es
 es
u
ig
• Azure Boards – This has support for planning and tracking your work items.

r
• Azure Repos – This is used as a version control system to version control source code.

d
• Azure Pipelines – This provides continuous integration and delivery pipelines.

o
• Azure Test Plans – Here you can carry out manual testing via the use of testing tools.

R
• Azure Artifacts – Here you can share packages – Maven ,npm, NuGet

Azure DevOps
an
Al
 es
u
ig
• You can build a conversational agent with the use of the Bot service.

r
• You can easily build bot applications with the use of the Bot SDK.

d
• You can also build virtual agents with the use of Power Virtual Agents.

o
R

Azure Bot
an
Al
 es
u
ig
• This helps you to use virtual machines and platform-as-a-service environments in the form of labs.

r
• You can use pre-configured bases and also add artifacts when creating VMs.

d
• You can make use of Lab policies to track and control lab usage and costs.

o
R

Azure DevTest Labs

an
Al
 es
u
ig
• This helps to build Artificial Intelligence-based applications.

r
• You have different categories when it comes to the services – Vision, Speech, Language and Decision.

d
• You have several deployment options that include Azure Functions, App service, Logic Apps.

o
R

Azure Cognitive Services

an
Al
 es
u
ig
• This helps to build workflows. You don’t need to have coding experience to build the workflow.

r
• Trigger – A workflow can start based on a trigger.

d
• Action – This is a step that can be executed in the workflow.

o
R

Azure Logic Apps

an
Al
 es
u
ig
• This is a cloud service that can be used by data scientists and engineers to build machine learning products.

r
• You can train and deploy machine learning models.

d
• You can use the Machine Learning Studio to work with various aspects related to Machine Learning.

o
R

Azure Machine Learning

an
Al
 es
u
ig
• This is a cloud service that can be used for storing and accessing secrets.

r
• The secrets can be your API keys, passwords, certificates or cryptographic keys.

d
o
R

Azure Key Vault

an
Al
 es
u
ig
• This service is used to run large-scale parallel and high-performance computing batch jobs.

r
• Azure Batch can manage the compute machines used for running the jobs.

d
• You can use Azure Storage accounts for storage of the input , output files and the applications.

o
R

Azure Batch
an
Al
 es
u
ig
Describe Azure architecture and

r
services - Identity and Access

d
o
R
an
Al
 es
u
ig
Azure Active Directory

r
d
o
R
an
Al
 Azure Active Directory

es
u
ig
Identity Azure and Microsoft 365

This is a cloud-based 1 3 This identity provider works

r
for both Azure and
identity and access
Microsoft 365.

d
management service.

o
R
Azure Active Directory

Access
2 Security

4
an
You can authenticate You have different
users and grant access to security features
resources. available.
Al
 es
u
ig
• Azure Active Directory Free – Here you get user and group management, basic reports.

r
• Azure Active Directory Premium P1 – Dynamic groups, more hybrid capabilities.

d
• Azure Active Directory Premium P2 – Azure AD Identity Protection, Privileged Identity Management.

o
R

Azure Active Directory

an
Al
 es
u
ig
• The use of MFA - Multi-Factor Authentication to provide an extra layer of security when it comes to

r
authentication.

• It’s a good practice to enable MFA for your privileged users.

d
o
R

Azure Active Directory

an
Al
Al
an
R
o
d
r
ig
Conditional

u
es
 Azure AD Conditional Access

es
u
Conditions
Access

ig
Here you can define conditions
1
Based on the condition you
based on which you want to give
3 can decide whether the

r
access to users for a resource. user should be allowed
access , blocked access or

d
they require the user of
MFA.

o
Enforced
Signals

R
These rules are enforced
You can make use of
different signals for the 2 after the first-factor

4
an
authentication is complete.
conditions – User and their
location, device they are
Security

logging from, the

Al

Application , real-time risk.

c
Al
an
R
Microsoft

o
d
r
ig
u
es
 Microsoft Defender for Cloud

es
u
Purpose
Recommendations

ig
This is a Cloud Security Posture and
1
You get recommendations
Cloud Workload Protection
3 on how to improve the

r
Platform. You can monitor Azure security of your resources.
resources, Amazon Web services

d
resources and on-premises
resource.

o
Threats
Secure Score

R
It can also detect and
It continually assesses the
security posture of your 2 resolve threats to resources

4
an
and services.
resources. It generates a
secure score based on the
Security

assessment.
Al
c
 es
u
ig
• This provides managed domain services on Azure.

r
• Here you don’t need to manage the domain controllers.

d
• You get features such as domain join, group policies etc.

o
R

Azure Active Directory

an
Al
 es
u
ig
Microsoft Sentinel

r
d
o
R
an
Al
 es
u
ig
• This is a cloud service that provides a solution for SEIM ( Security Information Event Management) and SOAR (

r
Security Orchestration Automated Response)

d
• This provides a solution that helps in the following

• Collection of data – Here you can collect data across all users, devices, applications and your infrastructure.

o
The infrastructure could be located on-premise and on the cloud.

R
• It helps to detect undetected threats.

Microsoft Sentinel
an
Al
 es
u
ig
• It helps to hunt for suspicious activities at scale.

r
• It helps to respond to incident rapidly.

d
• Once you start using Microsoft Sentinel, you can start collecting data using a variety of connectors.

o
• You have connectors for a variety of Microsoft products and other third-party products as well.

R
• You can then use in-built workbooks to get more insights on the collected data.

Microsoft Sentinel
an
Al
 Microsoft Sentinel

es
u
ig
r
d
Visibility Analytics Hunting Incidents Automation

o
32K

R
Microsoft Sentinel

an
Microsoft Sentinel
Al
 es
u
ig
• This is a fully-managed firewall security service.

r
• This service can be used to protect your workloads running within an Azure virtual network.

d
• Here you don’t manage the underlying infrastructure and you get high availability for the service.

o
R

Azure Firewall
an
Al
 es
u
ig
• Verify Identity – Here you also implement security for your identities – Multi-Factor Authentication. Because

r
there are so many cases of Identity theft.

d
• Verify devices – Make sure to enroll devices, users log in from trusted devices.

• Verify access – Access to privileged resources.

o
R
an

Zero Trust
Al
 es
u
ig
Describe Azure management

r
and governance

d
o
R
an
Al
 es
u
ig
Management Groups

r
d
o
R
an
Al
 es
u
ig
• You have the ability to organize subscriptions into management groups.

r
• You can then manage access and policies at the management group level.

d
• By default there is a root management group that is known as the Tenant root group.

Azure Management Groups

R
an
Al
Al
an
R
o
d
r
Azure Policy

ig
u
es
 es
u
ig
• This service can be used to assess the compliance of your resources.

r
• You can use the in-built policy definitions or even create your own policy definitions.

d
• You also have the option to remediate non-compliant resources.

o
R
an

Azure Policy
Al
 es
u
ig
Azure Resource locks

r
d
o
R
an
Al
 es
u
ig
• Locking resources can help ensure users don’t accidently delete or modify resources.

r
• There are two types of locks

d
• CanNotDelete - authorized users can still read and modify a resource, but they can't delete the resource.

o
• ReadOnly - authorized users can read a resource, but they can't delete or update the resource.

R
an

Resource locks
Al
 es
u
ig
Azure Blueprints

r
d
o
R
an
Al
 Azure Blueprints

es
u
Role assignments Resource groups

If you need specific roles
to be assigned.
ig
1 3
If you need certain resource
groups to be in place.

r
d
o
ARM templates

R
Policy assignments
Azure Blueprints

If there are resources

This is if you need 2 that need to be
4
an
specific policies to be deployed.
applied.
Al
c
 es
u
ig
• Definition – Here you define the Blueprint itself. The Blueprint needs to be saved to either a management

r
group or a subscription.

• When you save the Blueprint to a management group, the Blueprint can be assigned to any subscription which

d
is part of the management group.

o
• To save the Blueprint definition, you need to have Contributor access to either the management group or the

R
subscription.

Azure Blueprints
an
Al
 es
u
ig
• Publishing – Once the Blueprint is defined, you can publish it. Here you can assign a version number for the

r
Blueprint.

• Assignment – Here the Blueprint is then assigned to a subscription.

d
• You can protect resources deployed via the Blueprint resource locks.

o
• Here even if there is a user with the Owner role, still the user will not be able to remove the lock.

R
• You can only remove the lock by unassigning the blueprint.

Azure Blueprints
an
Al
 es
u
ig
Different tools

r
d
o
R
an
Al
 es
u
ig
• Azure PowerShell – This can be used to managing and administering Azure-based resources.

r
• Azure CLI – This a cross-platform command-line tool that can be used to manage and administer Azure-based

d
resources.

o
• ARM templates – Here you can define your resources as code.

R
• You can then deploy the code file to Azure Resource Manager.
an

Tools
Al
 es
u
ig
Azure Advisor

r
d
o
R
an
Al
 es
u
ig
• Here you get recommendations based on resources deployed as part of your Azure subscription.

r
• Reliability – How to improve the reliability of your resources.

d
• Security – Helps in detection of threats and vulnerabilities.

o
• Performance – Improve the performance of your applications.

R
• Cost – Reduce the overall expenses incurred as part of your Azure account.
an
• Operational Excellence – Get better operational efficiency for your resources.

Azure Advisor
Al
Al
an
Azure

R
o
d
r
ig
u
es
 es
u
ig
• Here you get metrics for the underlying resources deployed as part of your Azure subscription.

r
• You can also collect log data with the help of a Log Analytics workspace.

d
• You can define Azure Monitor alerts to send an alert if a specific condition is being reached for your Azure

o
resources.

R
an

Azure Monitor
Al
Al
an
R
o
d
Application

r
ig
u
es
 Application Insights

es
u
Monitoring Applications

ig
This works for applications
This provides the feature of
hosted in Azure, on-premises

r
application performance
environments, or other cloud
management and monitoring
platforms.
of live web applications.

d
Aspects Application Integration

o
Here you can see aspects such Insights It has Integration with the
Visual Studio IDE.

R
as detecting performance
issues or any other issues.
Application Insights

an
Support Users

There is support for .NET, You can also see how users
Node.js, Java and Python. interact with your application.
Al
c