s

ue
ig
Design Monitoring

dr
Ro
an
Al
Al
an
Logging

Ro
dr
ig
ue
s
 Azure Monitor Agent

s
ue
Collection Multihoming

ig
Collects data from the guest The Windows and Linux machines can
operating system of Azure and send send data to multiple Log Analytics

dr
them onto Azure Monitor. workspaces at a time.

Other services Single agent

Ro
You can also send the data to Logging
Use a single agent to achieve all of this.
other services like Microsoft
Defender and Microsoft Sentinel.
an
Data ingestion Security
You can filter rules and There is enhanced security via
Logging

create transformations on the use of Azure AD and

Al

the data being ingested. Managed Identity tokens.

D
 s
Data Collection Rules

ue
ig
This defines the data collection process in Azure Monitor.

dr
Here you can decide what data needs to be collected, how to transform the data and then

Ro
send the data onto the destination.

The data collection rule will install the Azure Monitor agent on the machine.
an
Logging

Al
D
Al
an
Ro
Application

dr
ig
ue
s
 Application Insights

s
ue
Monitoring Applications

ig
This works for applications
This provides the feature of
hosted in Azure, on-premises
application performance
environments, or other cloud

dr
management and monitoring
platforms.
of live web applications.

Ro
Aspects Application Integration

Here you can see aspects such Insights It has Integration with the
Visual Studio IDE.
as detecting performance
issues or any other issues.
Application Insights

an
Support Users

There is support for .NET, You can also see how users
interact with your application.
Al
Node.js, Java and Python.
c
 s
ue
ig
How does it work

You can install a small instrumentation package (SDK) for your application. Or use the Application Insights agent.

dr
You can instrument web applications, background components and JavaScript in web pages.

Ro
The telemetry data sent by Application Insights has very little impact on the performance of your application.

Application Insights
an
Al
 s
ue
ig
Microsoft Se ntine l

dr
Ro
Threat protection
an
Al
 s
ue
ig
This is a cloud service that provides a solution for SEIM ( Security Information Event Management) and SOAR (
Security Orchestration Automated Response)

dr
This provides a solution that helps in the following

Ro
Collection of data – Here you can collect data across all users, devices, applications and your infrastructure. The
infrastructure could be located on-premise and on the cloud.

It helps to detect undetected threats.

Microsoft Sentinel
an
Al
 s
ue
ig
It helps to hunt for suspicious activities at scale.

It helps to respond to incident rapidly.

dr
Once you start using Microsoft Sentinel, you can start collecting data using a variety of connectors.

Ro
You have connectors for a variety of Microsoft products and other third-party products as well.

You can then use in-built workbooks to get more insights on the collected data.

Microsoft Sentinel
an
Al
 Microsoft Sentinel

s
ue
ig
dr
Visibility Analytics Hunting Incidents Automation

Ro
32K
Microsoft Sentinel

an
Microsoft Sentinel
Al
 s
ue
ig
Resource tags

dr
Ro
an
Al
 Resource Tags

s
ue
Costing

ig
Basics
This is used to add metadata
1 3 Tags can offer another way

dr
to your resources. when it comes to filtering on
costs.

Ro 2
Application Inheritance
an
4
Resource tags

Tags can be applied to If a tag is applied at a

resources, resource groups resource group level, it is
and subscriptions. not applied to the resources
Al

in the resource group.

 s
ue
ig
Design Identity and Security

dr
Ro
an
Al
Al
an
Ro
Identity

dr
ig
ue
s
 Identity

s
ue
ig
Has the ability to automatically detect

dr
and remediate identity-based risks

Ro
Uses its own threat intelligence to
understand identity-based risks

Identity Protection
an
LEARN NOW
Al

c
 The different risks

s
ue
Sign-in
Leaked credentials User-risk Malware
risk

ig
This detects if the users' Here the user’s device could
credentials have been leaked be infected with a malware

dr
Sign-in Sign-in
Anonymous IP Address risk Password spray
risk

Ro
Anonymous IP address – The Risks Someone is trying out
user is not signing in from a different passwords
typical IP address
Identity Protection

Sign-in
an
Sign-in Unfamiliar sign-in properties
Atypical travel risk risk

Here sign-ins are happening Not the typical behavior the

user sign ins
Al
from different geographic
locations
c
 s
ue
ig
Azure Blueprints

dr
Ro
an
Al
 Azure Blueprints

s
ue
Resource groups – If you

ig
1
Role assignments – If you need certain resource
need specific roles to be
assigned.
3 groups to be in place.

dr
Ro
Azure Blueprints

Azure Resource Manager

Policy assignments – This is 2 templates – If there are
an
if you need specific policies
to be applied.
4 resources that need to be
deployed.
Al
c
 s
ue
ig
Definition – Here you define the Blueprint itself. The Blueprint needs to be saved to either a management group
or a subscription.

dr
When you save the Blueprint to a management group, the Blueprint can be assigned to any subscription which is

Ro
part of the management group.

To save the Blueprint definition, you need to have Contributor access to either the management group or the
subscription.

Azure Blueprints
an
Al
 s
ue
ig
Publishing – Once the Blueprint is defined, you can publish it. Here you can assign a version number for the
Blueprint.

dr
Assignment – Here the Blueprint is then assigned to a subscription.

Ro
You can protect resources deployed via the Blueprint resource locks.

Here even if there is a user with the Owner role, still the user will not be able to remove the lock.

You can only remove the lock by unassigning the blueprint.

Azure Blueprints
an
Al
 s
ue
ig
Design Data Storage

dr
Ro
an
Al
 s
ue
ig
SQL Server on Azure

dr
Ro
an
Al
 s
ue
ig
You can use the Infrastructure as a service facility wherein you deploy Microsoft SQL Server on an Azure Virtual
machine.

dr
This will give you complete administrative access over the virtual machine.

Ro
Here you can also use the pay-as-you-go model when using SQL server on an Azure virtual machine.

This provides an easy option for migrating your on-premise SQL Server workloads.

Deploying SQL Server

Here you can install the version of SQL Server that you require.
an
And then migrate the data onto the instance on the Azure virtual machine.
Al
 s
ue
ig
Then you have the Platform as a service wherein you can use the Azure SQL database service.

dr
Here the underlying compute infrastructure is managed by Azure.

Here you also get an SLA of 99.995%.

Ro
With Azure SQL database server, you can choose from a variety of pricing tiers.

Deploying SQL Server

Here you can also make use of features such as Automated backup, Automated tuning, simplified patching etc.
an
Al
 s
ue
ig
Azure SQL Managed Instance – This is an ideal option also for migrating existing SQL Server workloads onto
Azure.

dr
SQL Managed Instance has near 100% compatibility with the latest SQL Server (Enterprise Edition) database

Ro
engine.

You can also get native Virtual Network Integration.

Deploying SQL Server

You can also use the Hybrid benefits to use your own licenses to save on costs.
an
Al
 s
ue
ig
Dynamic Data Masking

dr
Ro
an
Al
 Dynamic Data Masking

s
ue
Exposure Email

ig
Here you can limit the Here first letter of the email address is
exposure of data. exposed. And the domain name of the

dr
email address is replaced with XXX.com.

Rule Custom text

Ro
You can create rules to Masking
Here you decide which characters
mask the data. an to expose for a field.

Credit Card masking rule Random number

This is used to mask the Here you can generate a
Security

column that contain credit random number for the field.

Al

card details. Here only the

last four digits of the field
D

are exposed.
 s
ue
ig
Always Encrypted

dr
Ro
an
Al
 s
ue
ig
The Always Encrypted Feature can be used to encrypt data at rest and in motion.

You can encrypt multiple columns located in different tables.

dr
You can encrypt multiple columns located in the same table.

Ro
You can just encrypt one specific column.

Always Encrypted
an
Al
 s
ue
ig
You have 2 types of encryption

Deterministic encryption – Here the same encrypted value is generated for any given plain text value. This is less

dr
secure. But it allows for point lookups , equality joins, grouping and indexing on encrypted columns.

Ro
Randomized encryption – This is the most secure encryption method. But it prevents the searching, grouping ,
indexing and joining on encrypted columns.

Always Encrypted
an
Al
 s
ue
ig
We can enable the Always Encrypted feature using SQL Server Management Studio.

There are 2 keys that get created when the Always Encrypted feature is enabled for a database.

dr
Column master key – This is an encryption key that needs to be stored in an external data store. Here you can

Ro
store the key in a Windows certificate store or in the Azure key vault service.

Column Encryption key – This is generated from the column master key and is used to encrypt the actual column.

Always Encrypted
an
The user who is implementing the Always Encrypted feature needs to have the following permissions for keys –
create, get, list, sign, verify, wrapKey, unwrapKey
Al
 s
ue
ig
Mapping Data Flows

dr
Ro
an
Al
 s
Mapping Data Flows

ue
ig
This feature helps to visualize the data transformations in Azure Data Factory.

dr
You can write the required transformation logic without actually writing any code.

Ro
The data flows run on Apache Spark clusters. Azure Data Factory will manage the transformations in the
an
data flow.
Data services

Al
D
 s
Mapping Data Flows

ue
ig
Debug Mode – You can actually see the results of the data flow while designing the flow.

dr
In the debug mode session, the data flow will run interactively on the Spark cluster.

Ro
In the debug mode, you will be charged on an hourly basis for the active cluster.
an
Data services

Al
D
 s
ue
ig
Design Business Continuity

dr
Ro
an
Al
 s
ue
ig
Blob data protection

dr
Ro
an
Al
 s
ue
ig
Blob soft delete – This helps to protect the individual blob from accidental deletes.

Here the deleted data is kept in the system for a defined duration of time.

dr
You can then restore a deleted object.

Ro
You can specify a retention period between 1 and 365 days.

You also have the soft delete for containers to protect the entire container from accidental deletion.
an

Azure Blob
Al
 s
ue
ig
Versioning – This can be used to maintain the previous version of a blob.

When a blob is modified a new version ID is created for the blob.

dr
Blob snapsthots – This is a read-only version of a blob taken at a particular point in time.

Ro
an

Azure Blob
Al
 s
ue
ig
Design Infrastructure

dr
Ro
an
Al
 s
ue
ig
Migrating solutions – Start a base wherein you start deciding on the compute infrastructure.

dr
We already covered a lot when it comes to compute infrastructure.

Initially review Azure VM’s vs Azure Web Apps and then look at the Azure Batch Service.

Ro
Then we will look at Container-based services – Azure Container Instances, Container Registry, Azure Kubernetes.

Azure File Sync when it comes to bringing files in Azure File shares closer to your on-premises users.

Design Infrastructure
an
Al
 s
ue
ig
Networking perspective – Review on Virtual Network Peering, VPN connectivity, VirtualWAN.

dr
Internal Azure Load Balancer for SQL Server hosted on Azure VM’s.

Review on the Azure Application Gateway.

Ro
Look at other routing tools – Azure Traffic Manager and Azure Front Door.

Design Infrastructure
an
Al
 s
ue
ig
Development Services – Review on Azure Event Hubs.

dr
Look at Azure Functions, Azure Service Bus, Azure Logic Apps, Azure Event Grid.

Implementation scenarios – Azure Service Bus, Azure Functions, Azure CosmosDB.

Ro
See how to make use of Azure API Management Instance.

Design Infrastructure
an
Al
 s
ue
ig
Azure DevOps services – Continuous Integration and Continuous Deployment.

dr
Azure Boards – Epics, Stories and Tasks.

Azure Repos – Git-based repositories.

Ro
Azure Pipelines – Build and Release pipelines.

How to integrate ARM templates in pipelines

Design Infrastructure
an
Al
 s
ue
ig
Migration Patterns – How to migrate applications.

dr
Data transfer options.

Database Migration Service.

Ro
Exploring the Azure Migrate tool.

Design Infrastructure
an
Al
Al
an
Ro
Copying data

dr
ig
ue
s
 Azure Import/Export Service

s
ue
Disk Drives
Copying Data

ig
This is used for copying large
amounts of data to Azure
1 3
Here you make use of Disk
Drives. You can use your own

dr
Disk drives or use the ones
Blob storage and Azure Files.
provided by Microsoft.

Ro
Jobs
Transfer data
2 You basically create a job via
Copying data

an
You can also transfer data
4
the Azure Portal. This will be
from Azure Blob storage to used for transferring data to
your on-premises a storage account.
environment.
Al
 Azure
Data Box

s
ue
1 Data transfer Helps to send terabytes of data

ig
in and out of Azure.

dr
You don’t need to use your
2 No Internet
Internet connection to transfer the

Ro
data.

Ideal when you want to transfer data

3 Scenario
sizes that are larger than 40 TB.
an
Copying data

4 Device You order the Data Box device via the

Al

Azure Portal.
c
 s
ue
ig
dr
Network Watcher Service

Ro
an
Al
 Network Watcher service

s
ue
IP Flow Verify
Connection Monitor

ig
Check the network
connectivity between
1 3
This can be used to check if a
packet is allowed or denied to or

dr
from a virtual machine. If a
machines. These can be in
packet is being denied by a
Azure or on your on-
security group, you can see

Ro
premises environments.
which rule is denying the packet.
Network Watcher Service

Connection troubleshoot
Next hop
2 Check the connection from a
an
Here you can see the next
4
virtual machine to a virtual
route for a packet of data. machine, fully qualified
This helps you understand domain name, URI or IPv4
whether the packet is being address.
Al

routed to the correct

destination.
 Network Watcher service

s
ue
NSG Diagnostic NSG Flow Logs

ig
Provides detailed
information that helps to
1 3
Helps to provide visibility into
user and application activity in

dr
cloud networks.
understand and debug the
security configuration of the

Ro
network.
Network Watcher Service

Traffic Analytics
2
an
This helps to log information
about the IP traffic that is
flowing through an NSG.
4
Al
 s
ue
ig
Azure Migrate

dr
Ro
an
Al
 s
ue
ig
• You can use this tool to assess and migrate assets such as Servers, databases and web applications.

• You can also assess the on-premises virtual desktop infrastructure and migrate it to Azure Virtual Desktop.

dr
• You have tools such as Azure Migrate: Discovery and assessment, Data Migration assistant, Azure Database

Ro
Migration service, Web app migration assistant.

an

Azure Migrate
Al
 Azure Migrate tools

s
ue
Azure Database Migration

ig
1
Azure Migrate: Discovery Service – Migrate on-premises
and assessment – On-
premises servers running
3 databases to Azure VM’s with

dr
SQL, Azure SQL database,
Hyper-V and VMware. Managed Instances.

Ro
Azure Migrate

Web app migration

Data Migration Assistant – Assess 2 assistance – Assess and
an
SQL Server databases for migration
to Azure SQL database, Azure VM’s
4 migrate web apps to Azure.

and SQL Managed Instance.

Al
c
 s
ue
ig
Azure Migrate: Discovery and assessment tool

• You can assess whether you're on-premises servers, SQL servers and web applications are ready to be

dr
migrated to Azure.

Ro
• You can also get an estimation when it comes to the size of the Azure VMs and the Azure SQL databases
required to host your workloads.
an

Azure Migrate
Al