AZURE TRAINING

IAAS NOTES

MAHESH MALLARAPU
IGROW TECHONOLOGIES
82, Maruthi Nagar Main Rd, Old Madiwala, Chikka Madivala,
1st Stage, BTM Layout, Bengaluru, Karnataka 560068, India
9738566679 / [email protected]
Contents
Azure Network Topologies ............................................................................................................................ 2
Azure Virtual Network................................................................................................................................... 3
Azure Virtual Machines ................................................................................................................................. 4
Azure VM sku’s .............................................................................................................................................. 6
Azure VM networking ................................................................................................................................... 7
Azure Bastion ................................................................................................................................................ 9
Azure Virtual Machine Scale Sets (VMSS) ................................................................................................... 10
Fault Domains and Update Domains .......................................................................................................... 11
Azure Backup and Azure Recovery Services Vault ...................................................................................... 12
Azure backup policies.................................................................................................................................. 14
Azure Site Recovery..................................................................................................................................... 16
Azure Active Directory (AAD) ...................................................................................................................... 17
Azure Storage .............................................................................................................................................. 19
Azure Storage sku’s ..................................................................................................................................... 20
Azure Storage Networking .......................................................................................................................... 22
Azure load balancer .................................................................................................................................... 24
Azure Load balancer sku’s ........................................................................................................................... 25
Azure Application Gateway sku’s ................................................................................................................ 26
Azure Firewall.............................................................................................................................................. 27
Azure Firewall sku’s ..................................................................................................................................... 29
Azure Private End Point ............................................................................................................................... 30
Azure Network Topologies
In Azure, there are several network topologies that you can implement depending on your
requirements for connectivity, redundancy, and security. Some common topologies include:
1. Hub and Spoke Topology: This is a centralized network architecture where a central
"hub" virtual network is connected to multiple "spoke" virtual networks. Resources
within each spoke can communicate with resources in other spokes via the hub. This
topology is useful for centralizing network management and implementing shared
services or security policies.
2. Flat Network Topology: In this topology, all resources are connected to a single virtual
network without any segmentation into subnets or spokes. This is the simplest network
topology but may not be suitable No index entries found.for larger deployments where
segmentation and isolation are required for security or organizational reasons.
3. Multi-Tier Application Topology: This topology segregates resources into multiple tiers
(e.g., web, application, database) within the same virtual network or across multiple
virtual networks. Each tier may have its own subnet and security groups, allowing for
isolation and control over traffic flow between tiers.
4. Hybrid Network Topology: This involves connecting on-premises networks to Azure
virtual networks, either through VPN or ExpressRoute connections. This topology allows
for seamless integration of on-premises resources with cloud resources, enabling hybrid
cloud deployments.
5. Transit Network Topology: In this topology, a dedicated transit virtual network is used to
route traffic between multiple virtual networks. This approach can simplify network
connectivity and reduce the number of VPN or ExpressRoute connections required in a
hub-and-spoke architecture.
6. Microsegmentation Topology: This topology involves dividing a virtual network into
smaller segments or subnets based on workload characteristics, application
requirements, or security policies. Each segment may have its own security groups and
policies, allowing for fine-grained control over network traffic.
7. Geographically Redundant Topology: This involves deploying resources across multiple
Azure regions to achieve high availability and disaster recovery. Traffic can be routed to
the closest region using Azure Traffic Manager or Azure Front Door, and resources can be
replicated across regions using Azure Site Recovery or other replication mechanisms.
These are just a few examples of network topologies that can be implemented in Azure. The
optimal topology for your deployment will depend on factors such as your application
architecture, performance requirements, security policies, and budget constraints.
Azure Virtual Network
Azure Virtual Network (VNet) is a fundamental building block of Azure networking. It enables
you to create your isolated network in the Azure cloud, similar to how you would set up a
traditional network in your on-premises data center. Azure VNets allow you to securely connect
Azure resources, such as virtual machines (VMs), to each other, to the internet, and to on-
premises networks.
Key features and components of Azure Virtual Network include:
1. Subnets: You can divide a VNet into multiple subnets to organize and segregate your
resources. Subnets can be used to group similar resources together and enforce network
security boundaries.
2. Address Space: Each VNet is associated with an IP address space, which defines the
range of IP addresses that can be assigned to resources within the VNet. You can choose
private IP address ranges according to your requirements.
3. Network Security Groups (NSGs): NSGs are stateful packet filters that allow you to
control inbound and outbound traffic to network interfaces (NICs), VMs, and subnets.
You can define rules to permit or deny traffic based on source and destination IP
addresses, ports, and protocols.
4. Virtual Network Peering: This feature enables connecting VNets within the same Azure
region securely. Once peered, resources in the peered VNets can communicate with
each other, leveraging the Azure backbone network.
5. VPN Gateway: Azure VPN Gateway allows you to establish secure, encrypted
connections between your Azure VNets and on-premises networks or other VNets across
the internet. It supports site-to-site VPN and point-to-site VPN connectivity.
6. ExpressRoute: ExpressRoute provides dedicated private connectivity between your on-
premises network and Azure data centers, bypassing the public internet. It offers higher
reliability, lower latency, and higher security compared to VPN connections.
7. Azure Bastion: Azure Bastion is a fully managed PaaS service that provides secure and
seamless RDP and SSH access to VMs directly from the Azure portal over SSL. It
eliminates the need to expose VMs to the public internet.
8. Local Network gateway: A Local Network Gateway (LNG) in Azure represents the on-
premises location or network site. It acts as the counterpart to the Azure Virtual
Network Gateway, enabling secure communication between your on-premises network
and Azure resources via VPN or ExpressRoute connections. To create a Local Network
 Gateway in Azure, you typically need to provide details such as the public IP address of
your on-premises VPN device and the address space of your on-premises network.

Azure Virtual Machines

Azure Virtual Machines (VMs) are one of the primary compute resources offered
by Microsoft Azure. They provide scalable computing power in the cloud and
allow you to run a wide range of workloads, including applications, websites,
databases, and more. Here are some key features and aspects of Azure Virtual
Machines:
1. Operating System Support:
Azure VMs support a variety of operating systems, including Windows Server,
various distributions of Linux (such as Ubuntu, CentOS, Red Hat Enterprise Linux,
and SUSE Linux Enterprise Server), as well as specialized OS images like SQL
Server, Oracle Linux, and more.
2. Scalability:
Azure VMs can be scaled vertically by resizing the VM to a larger size with more
CPU, memory, and disk space, or horizontally by deploying multiple VM instances
behind a load balancer using Azure Virtual Machine Scale Sets.
3. Customization:
You can customize Azure VMs by selecting the appropriate size, storage
configuration, networking options, and extensions to meet your specific
workload requirements. Azure Marketplace offers a wide range of pre-configured
VM images and solutions that you can deploy with just a few clicks.
4. High Availability:
Azure VMs can be configured for high availability by deploying them in
availability sets or availability zones. Availability sets ensure that VM instances
are distributed across multiple fault domains and update domains within a data
center to minimize downtime during maintenance events. Availability zones
provide redundancy by distributing VM instances across multiple data centers
within an Azure region.
5. Storage Options:
Azure VMs can use different types of storage for operating system disks (OS
disks) and data disks, including Azure Managed Disks, which offer simplified
 management, scalability, and reliability. You can also attach Azure Blob storage or
Azure File shares to VMs for additional storage capacity.
6. Networking:
Azure VMs are deployed within Azure Virtual Networks (VNets), which allow you
to define private IP address spaces, subnets, and network security groups (NSGs)
for controlling inbound and outbound traffic. You can also establish virtual
private network (VPN) connections or Azure ExpressRoute circuits to connect
Azure VMs to on-premises networks securely.
7. Integration:
Azure VMs seamlessly integrate with other Azure services such as Azure Load
Balancer, Azure Application Gateway, Azure Traffic Manager, Azure Backup, Azure
Monitor, Azure Security Center, and more, enabling you to build comprehensive
solutions for various scenarios.
8. Billing Model:
Azure VMs are billed on a pay-as-you-go model, where you are charged based on
the VM size, region, uptime, and any additional resources or services associated
with the VM. Azure offers various pricing options, including reserved instances
and spot instances, to optimize costs for long-running workloads.
Azure Virtual Machines provide a flexible and scalable platform for hosting your
applications and services in the cloud, offering reliability, performance, and cost-
effectiveness for a wide range of use cases.
Azure VM harddisks
Hard disks are used for storing the operating system, applications, and data
associated with the virtual machine (VM). There are primarily two types of disks
used in Azure VMs.
1. OS Disk:
 The OS disk contains the operating system files and boot files required for the
VM to start and run. Every Azure VM has at least one OS disk attached to it. OS
disks can be either managed disks or unmanaged disks.
 Managed Disks: Managed disks are the recommended option for storing OS disks
in Azure. They offer several advantages over unmanaged disks, including
simplified management, better reliability, built-in backups, and support for
features such as disk snapshots and encryption.
  Unmanaged Disks: Unmanaged disks are stored as page blobs in Azure Storage
accounts. You are responsible for managing the storage accounts and the
associated disks. While unmanaged disks provide more granular control over
storage configurations, they require more manual management compared to
managed disks.
2. Data Disks:
 Data disks are additional disks attached to the VM for storing application data,
databases, files, or any other type of data required by the workload running on
the VM. Data disks can also be managed disks or unmanaged disks.
 You can attach multiple data disks to a VM, depending on the VM size and
performance requirements of your application. Data disks can be resized,
attached, detached, and managed independently of the VM.
 With managed disks, you can choose between Standard HDD, Standard SSD, and
Premium SSD disk types based on your performance and cost requirements.
Premium SSDs offer higher IOPS and lower latency compared to Standard HDD
and Standard SSD disks, making them suitable for I/O-intensive workloads.
Azure managed disks abstract the underlying storage infrastructure and provide a
simplified and scalable solution for managing disks associated with Azure VMs.
They offer built-in redundancy, automatic backups, and integration with other
Azure services such as Azure Backup and Azure Site Recovery.
When provisioning Azure VMs, you have the flexibility to choose the appropriate
disk types, sizes, and configurations based on your workload requirements,
performance considerations, and budget constraints. It's essential to understand
the differences between OS disks and data disks and select the appropriate disk
types to optimize the performance and reliability of your Azure VMs.

Azure VM sku’s
In Azure, SKU (Stock Keeping Unit) refers to a specific version or configuration of
a service or resource. For Azure Virtual Machines (VMs), the SKU determines the
VM's size, hardware configuration, performance characteristics, and pricing. Each
SKU represents a different combination of CPU, memory, disk, and network
resources.
Azure VM SKUs are categorized into several families based on their
characteristics and intended use cases. Some common VM families include:
 1. General Purpose: General-purpose VMs offer a balanced ratio of CPU to memory and are
suitable for a wide range of workloads, including development and testing, small to
medium databases, and low to moderate traffic web servers.
2. Compute Optimized: Compute-optimized VMs prioritize CPU performance over memory
and are ideal for CPU-intensive workloads such as batch processing, gaming servers, and
application servers that require high computational power.
3. Memory Optimized: Memory-optimized VMs provide a higher ratio of memory to CPU
and are designed for memory-intensive workloads such as big data analytics, in-memory
databases, caching, and enterprise applications with large memory requirements.
4. Storage Optimized: Storage-optimized VMs are optimized for high disk throughput and
provide local SSD storage for data-intensive workloads such as large databases, data
warehousing, and data analytics.
5. GPU: GPU-enabled VMs are equipped with graphical processing units (GPUs) and are
suitable for graphics-intensive workloads, machine learning, artificial intelligence (AI),
video rendering, and other GPU-accelerated applications.
6. High Performance Compute (HPC): HPC VMs offer high CPU and memory performance
for compute-intensive scientific and engineering simulations, financial modeling, and
other HPC workloads.
Each Azure VM SKU is identified by a combination of series, size, and tier. For
example, the SKU "Standard_DS2_v2" refers to a Standard series VM with a DS
size and v2 tier.

Azure VM networking
Azure VM (Virtual Machine) Network refers to the networking configuration and capabilities
associated with virtual machines deployed in Microsoft Azure. Azure VMs require network
connectivity to communicate with other resources within Azure, such as other VMs, Azure
services, and the internet. Here are some key aspects of Azure VM networking:
1. Virtual Network (VNet):
 Azure VMs are typically deployed within a Virtual Network (VNet), which serves
as an isolated and customizable network environment in Azure.
 VNets provide segmentation, isolation, and control over network traffic between
Azure resources, allowing you to define subnets, IP address ranges, and network
security policies.
  Azure VNets support both IPv4 and IPv6 addressing schemes and allow you to
establish peering connections or VPN gateways for connecting VNets across
different regions or with on-premises networks.
2. Network Interfaces:
 Each Azure VM is associated with one or more network interfaces (NICs), which
connect the VM to the underlying VNet and enable network communication.
 Network interfaces can have public IP addresses for internet access or private IP
addresses for internal communication within the VNet.
 Azure VMs can have multiple network interfaces for scenarios such as network
virtual appliances (NVAs), load balancing, or multi-tier application architectures.
3. IP Addressing:
 Azure VMs can have both public IP addresses and private IP addresses assigned
to their network interfaces.
 Public IP addresses allow VMs to communicate with the internet and can be
dynamic or static (reserved).
 Private IP addresses are used for internal communication within the VNet and
are assigned from the subnet's IP address range.
4. Network Security Groups (NSGs):
 Network Security Groups are stateful firewall-like security policies that allow you
to control inbound and outbound traffic to Azure VMs.
 NSGs are applied at the subnet or network interface level and enable you to
define rules based on source/destination IP addresses, ports, and protocols.
 NSGs provide granular control over network traffic and help enforce security
policies to protect Azure VMs from unauthorized access or attacks.
5. Load Balancing:
 Azure offers load balancing services such as Azure Load Balancer and Azure
Application Gateway for distributing incoming network traffic across multiple VM
instances.
 Load balancers improve the availability, scalability, and reliability of applications
by evenly distributing traffic and detecting unhealthy endpoints for failover.
6. Traffic Routing:
  Azure VMs can communicate with other Azure resources and external networks
using various routing mechanisms, including user-defined routes (UDRs), Azure
route tables, and Azure Firewall.
 Routing configurations define how network traffic is routed between Azure
resources, VNets, subnets, and on-premises networks.
Azure VM networking provides the foundation for building and deploying applications in the
cloud, allowing you to establish secure and scalable network architectures for diverse workloads
and use cases. Understanding Azure VM network configuration options and best practices is
essential for designing resilient and efficient cloud solutions.

Azure Bastion

Azure Bastion is a fully managed Platform as a Service (PaaS) offering from Microsoft Azure that
provides secure and seamless RDP and SSH access to virtual machines (VMs) deployed in Azure
without exposing them to the public internet. Azure Bastion acts as a jump server or bastion
host within your Azure Virtual Network (VNet), enabling secure remote access to VMs over
Remote Desktop Protocol (RDP) and Secure Shell (SSH) protocols. Here are some key aspects of
Azure Bastion:
1. Secure Remote Access:
 Azure Bastion provides secure and private access to Azure VMs directly from the
Azure portal using RDP or SSH, without the need for a public IP address or VPN
connection.
 Bastion sessions are encrypted using Transport Layer Security (TLS), ensuring
data confidentiality and integrity during transmission.
2. Managed Service:
 Azure Bastion is a fully managed service that eliminates the need to deploy and
manage jump hosts or bastion servers manually.
 Microsoft handles the infrastructure provisioning, maintenance, security
updates, and scaling of Azure Bastion, reducing administrative overhead and
operational complexity.
3. Integration with Azure Portal:
 Azure Bastion is tightly integrated with the Azure portal, providing a seamless
user experience for accessing VMs securely.
  You can initiate RDP or SSH sessions to Azure VMs directly from the Azure portal
with a single click, eliminating the need for separate remote desktop or SSH
clients.
4. Private Connectivity:
 Azure Bastion is deployed within your Azure Virtual Network (VNet) and does not
require public IP addresses or inbound network security group (NSG) rules on
VMs.
 Access to VMs is routed through Azure Bastion over the Azure backbone
network, ensuring private connectivity and reducing exposure to external
threats.
Note : Azure bastion requires a /27 subnet (minimum of 32 IP addresses) for deployment.

Azure Virtual Machine Scale Sets (VMSS)

Azure Virtual Machine Scale Sets (VMSS) is a service provided by Microsoft Azure that
allows you to deploy and manage a group of identical virtual machines (VMs) for large-scale
services. VMSS provides high availability, scalability, and ease of management for applications
with varying loads. Here are some key features and aspects of Azure Virtual Machine Scale Sets:
1. Scalability:
VMSS automatically scales the number of VM instances based on demand,
allowing your application to handle varying workloads efficiently. You can define
scaling policies based on metrics such as CPU utilization, memory utilization, or
custom metrics.
2. High Availability:
VMSS distributes VM instances across multiple fault domains and update
domains within an Azure region to ensure high availability and fault tolerance. If
any VM instance fails or needs maintenance, VMSS automatically redistributes
the workload to healthy instances.
3. Load Balancing:
VMSS integrates with Azure Load Balancer to distribute incoming traffic evenly
across VM instances within the scale set. This ensures that each VM instance
receives a balanced share of traffic and improves application performance and
reliability.
 4. Customization:
You can customize VMSS instances by specifying the VM size, OS image, disk
configuration, network settings, and extensions. VMSS supports both Windows
and Linux virtual machines, allowing you to choose the appropriate operating
system for your application.
5. Managed Disks:
VMSS supports Azure Managed Disks, which provide simplified management,
better reliability, and built-in backups compared to unmanaged disks. Managed
Disks handle storage replication, encryption, and redundancy automatically,
reducing the administrative overhead of managing storage accounts.
6. Automatic Updates:
VMSS can automatically apply OS updates and security patches to VM instances
using Azure Update Management or custom scripts. This ensures that VM
instances are up-to-date with the latest patches and fixes, reducing security
vulnerabilities and downtime.
7. Integration with Azure Services:
VMSS integrates with other Azure services such as Azure Monitor, Azure Security
Center, Azure Backup, and Azure Automation for monitoring, security, backup,
and management tasks. This allows you to leverage the full capabilities of the
Azure ecosystem to manage and monitor your VMSS deployments.
8. Cost Optimization:
VMSS offers cost optimization features such as autoscaling, which automatically
adjusts the number of VM instances based on demand, and low-priority VM
instances, which provide discounted pricing for non-production workloads.

Fault Domains and Update Domains

In Azure, Fault Domains and Update Domains are concepts related to ensuring high
availability and fault tolerance for applications and services deployed on Azure infrastructure.
These concepts are crucial for designing resilient architectures and minimizing downtime during
planned maintenance or unforeseen failures.
1. Fault Domains:
  A Fault Domain is a logical group of hardware resources within an Azure data
center that share a common power source and network switch. Fault Domains
are designed to ensure that if there is a hardware failure (e.g., server failure,
network switch failure), only a subset of resources is affected, minimizing the
impact on the overall availability of the application.
 Azure ensures that VM instances and other resources deployed within the same
Availability Set or Virtual Machine Scale Set are distributed across different Fault
Domains. This ensures that VM instances are not all located on the same physical
hardware, reducing the risk of downtime due to hardware failures.
 For example, if you deploy VM instances in an Availability Set with three Fault
Domains, Azure will distribute the VM instances across three different sets of
hardware within the data center, ensuring that a failure in one Fault Domain does
not affect the availability of the entire application.
2. Update Domains:
 An Update Domain is a logical group of VM instances within an Azure data center
that are updated and rebooted together during planned maintenance events.
Update Domains are used to ensure that only a subset of VM instances is taken
offline at any given time for updates, minimizing downtime and maintaining
application availability.
 When you deploy VM instances in an Availability Set or Virtual Machine Scale
Set, Azure automatically assigns each VM instance to a specific Update Domain.
During planned maintenance events, Azure updates and reboots VM instances in
each Update Domain sequentially, ensuring that VM instances in different
Update Domains remain available to handle incoming requests.
 By default, Azure divides VM instances into five Update Domains, but you can
specify a different number of Update Domains based on your availability
requirements.
By leveraging Fault Domains and Update Domains, you can design resilient and highly available
architectures in Azure that are capable of withstanding hardware failures and planned
maintenance events with minimal downtime. It's essential to understand these concepts and
incorporate them into your Azure deployment strategies to ensure the availability and reliability
of your applications and services.

Azure Backup and Azure Recovery Services Vault

Azure Backup and Azure Recovery Services Vault are related services provided by Microsoft
Azure, both aimed at protecting and recovering data and applications in the cloud. However,
they serve different purposes and offer distinct features:
1. Azure Backup:
 Azure Backup is a service that provides data protection and backup solutions for
Azure resources as well as on-premises data and workloads. It allows you to back
up files, folders, virtual machines, databases, and other data sources to Azure
Storage.
 Key features of Azure Backup include:
 Backup of Azure Virtual Machines: Azure Backup provides backup and
restore capabilities for Azure VMs, allowing you to protect VM data and
configurations.
 Backup of On-Premises Workloads: Azure Backup supports backup of on-
premises servers, applications, and data to Azure, enabling hybrid cloud
backup solutions.
 Granular Recovery: Azure Backup enables granular recovery of individual
files, folders, applications, and databases from backup copies stored in
Azure.
 Long-Term Retention: Azure Backup supports long-term retention of
backup data, allowing you to retain data for extended periods based on
retention policies.
 Integration with Azure Services: Azure Backup integrates with other Azure
services such as Azure Virtual Machines, Azure SQL Database, Azure File
Shares, and Azure Blob Storage for seamless backup and recovery.
2. Azure Recovery Services Vault:
 Azure Recovery Services Vault is a storage resource in Azure that serves as a
container for backup data and recovery points created by Azure Backup and
other Azure disaster recovery solutions.
 Key features of Azure Recovery Services Vault include:
 Centralized Management: Recovery Services Vault provides a centralized
location for managing backup policies, retention policies, and recovery
points across multiple Azure services and resources.
  Data Protection: Recovery Services Vault stores backup data and recovery
points securely in Azure Storage, providing redundancy, encryption, and
durability for backup data.
 Disaster Recovery: In addition to backup, Recovery Services Vault
supports disaster recovery solutions such as Azure Site Recovery, which
allows you to replicate and failover virtual machines and applications to
Azure or another location for business continuity and disaster recovery.
 Monitoring and Reporting: Recovery Services Vault provides monitoring,
reporting, and alerting capabilities to track backup jobs, verify data
integrity, and ensure compliance with backup and recovery policies.
In summary, Azure Backup is a backup-as-a-service offering that provides data protection and
backup solutions for Azure and on-premises workloads, while Azure Recovery Services Vault is a
storage resource used to store backup data and recovery points created by Azure Backup and
other disaster recovery solutions. Together, they provide comprehensive data protection,
backup, and disaster recovery capabilities for Azure customers.

Azure backup policies

Azure Backup Policies are configurations that define the schedule, retention, and other settings
for backing up Azure resources such as virtual machines, Azure Files, SQL databases, and more.
These policies help automate the backup process and ensure that data is protected according to
organizational requirements. Here are the key components of Azure Backup Policies:
1. Backup Schedule:
 Azure Backup Policies specify the frequency and timing of backups. You can
define daily, weekly, or custom backup schedules based on your backup
requirements.
 Backup schedules determine how often backups are taken for each protected
resource, ensuring that data is backed up at regular intervals to meet recovery
point objectives (RPOs).
2. Retention Policy:
 Retention settings define how long backup copies are retained in the backup
vault before they are automatically deleted. Azure Backup Policies allow you to
configure retention policies based on daily, weekly, monthly, and yearly retention
periods.
 Retention policies ensure that backup data is retained for the required duration
to meet compliance, regulatory, and business continuity requirements.
 3. Backup Frequency:
 Azure Backup Policies allow you to specify the backup frequency for different
types of resources. You can configure different backup frequencies based on the
criticality and change rate of each resource.
 For example, you might configure frequent backups for mission-critical VMs or
databases with high transaction volumes and less frequent backups for less
critical data.
4. Backup Type:
 Azure Backup supports full backups and incremental backups. Full backups
capture the entire dataset, while incremental backups capture only the changes
made since the last backup.
 Backup policies allow you to specify whether to take full backups or incremental
backups based on your backup strategy and data protection requirements.
5. Backup Retention Range:
 Azure Backup Policies define the retention range for backup data, indicating how
far back in time you can restore data from backup copies.
 Retention ranges ensure that backup data is available for recovery within the
specified timeframe, allowing you to recover data from recent backups or
historical backups as needed.
6. Backup Window:
 Backup policies may include a backup window, which specifies the time period
during which backups are scheduled to minimize impact on production
workloads.
 Backup windows help ensure that backups are taken during off-peak hours or
times of low activity to avoid performance degradation or disruption to business
operations.
Azure Backup Policies provide a centralized and consistent way to manage backup
configurations across multiple Azure resources, simplifying backup management and ensuring
data protection across your cloud environment. By defining backup policies, organizations can
automate backup operations, enforce backup best practices, and maintain compliance with data
protection requirements.
Azure Site Recovery
Azure Site Recovery (ASR) is a cloud-based disaster recovery service provided by Microsoft
Azure that helps protect and recover virtual machines (VMs) and physical servers in the event of
a disaster or outage. ASR enables organizations to replicate workloads from on-premises
datacenters, other clouds, or Azure regions to Azure, providing business continuity and disaster
recovery capabilities. Here are some key aspects of Azure Site Recovery:
1. Replication and Orchestration:
 Azure Site Recovery allows you to replicate VMs and physical servers from your
primary site (source) to a secondary site (target) in Azure.
 Replication is asynchronous and continuous, ensuring that changes to protected
workloads are replicated to the target site in near real-time.
 ASR provides automated orchestration and failover capabilities, allowing you to
orchestrate failover and failback processes for entire applications or groups of
VMs with minimal downtime.
2. Supported Workloads:
 Azure Site Recovery supports a wide range of workloads, including VMware
virtual machines, Hyper-V virtual machines, physical servers running Windows or
Linux operating systems, and Azure virtual machines.
 You can protect and replicate both Windows and Linux-based workloads,
ensuring that critical applications and data are available during planned or
unplanned outages.
3. Multi-VM Consistency:
 ASR ensures multi-VM consistency by coordinating the replication and failover of
interconnected VMs and application dependencies.
 You can group related VMs into application recovery plans, define dependencies
between VMs, and orchestrate the failover of entire applications to maintain
consistency and integrity during recovery operations.
4. Recovery Point Objective (RPO) and Recovery Time Objective (RTO):
 Azure Site Recovery allows you to define recovery point objectives (RPOs) and
recovery time objectives (RTOs) for each protected workload.
 RPO defines the maximum acceptable data loss in the event of a disaster, while
RTO defines the maximum acceptable downtime for recovering applications and
services.
  ASR helps you meet RPO and RTO targets by providing continuous replication,
automated failover, and fast recovery capabilities.
5. Integration with Azure Services:
 ASR integrates seamlessly with other Azure services such as Azure Backup, Azure
Monitor, Azure Virtual Machines, Azure Virtual Network, and Azure Active
Directory for comprehensive disaster recovery and business continuity solutions.
 You can leverage Azure automation, monitoring, and management tools to
streamline disaster recovery operations and ensure compliance with service-level
agreements (SLAs).
6. Testing and Disaster Recovery Drills:
 Azure Site Recovery provides non-disruptive disaster recovery testing
capabilities, allowing you to perform recovery drills and validate recovery plans
without impacting production workloads.
 You can simulate failover scenarios, test application recovery, and verify RPO and
RTO objectives to ensure readiness for real-world disasters.

Azure Active Directory (AAD)

Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management
service. It provides a set of capabilities for managing user identities and access to applications
and resources in the cloud and on-premises. Here are some key features and aspects of Azure
Active Directory:
1. Identity Management:
 Azure AD serves as a comprehensive identity management solution, allowing
organizations to manage user identities, groups, and devices centrally.
 It supports various identity types, including cloud-only identities, synchronized
identities (hybrid identity), and federated identities.
2. Single Sign-On (SSO):
 Azure AD enables users to sign in once with their corporate credentials and
access multiple cloud applications without needing to sign in again.
 It supports federated authentication standards such as SAML, OAuth, and
OpenID Connect, allowing seamless integration with thousands of SaaS
applications.
3. Conditional Access:
 Conditional Access policies in Azure AD enable organizations to enforce granular
access controls based on various conditions, including user identity, device
compliance, location, and risk level.
 Conditional Access helps improve security posture by ensuring that users meet
specific criteria before accessing resources.
4. Multi-Factor Authentication (MFA):
 Azure AD provides built-in support for multi-factor authentication, requiring
users to verify their identity using additional authentication factors such as
phone calls, text messages, or mobile app notifications.
 MFA helps enhance security by adding an extra layer of protection against
unauthorized access, especially for sensitive applications and data.
5. Identity Protection:
 Azure AD Identity Protection uses machine learning algorithms to detect and
respond to potential security threats such as suspicious sign-in attempts, leaked
credentials, and risky user behavior.
 It provides risk-based conditional access policies and automated remediation
actions to mitigate security risks.
6. Application Management:
 Azure AD offers application management capabilities, allowing organizations to
register and manage both Azure AD-integrated applications and third-party
applications.
 It supports application provisioning, single sign-on, access control, and usage
monitoring for cloud and on-premises applications.
7. Identity Governance:
 Azure AD includes features for identity governance and lifecycle management,
such as access reviews, entitlement management, and privileged identity
management (PIM).
 These features help organizations maintain compliance, enforce access controls,
and manage privileged access to critical resources.
8. Integration with Microsoft 365 and Azure Services:
  Azure AD seamlessly integrates with Microsoft 365 services such as Office 365,
SharePoint, Teams, and Dynamics 365, providing a unified identity platform for
accessing Microsoft cloud services.
 It also integrates with Azure services, enabling secure access to resources such as
Azure Virtual Machines, Azure SQL Database, and Azure App Service.
Azure Active Directory is a fundamental component of the Microsoft cloud ecosystem, providing
identity and access management capabilities that are essential for securing modern cloud
environments and enabling digital transformation initiatives.

Azure Storage
Azure Storage is a cloud-based storage solution provided by Microsoft Azure, offering scalable,
durable, and highly available storage for various types of data, including files, blobs, tables, and
queues. It is designed to support a wide range of use cases, from simple file storage to complex
big data analytics and media streaming applications. Here are some key features and aspects of
Azure Storage:
1. Storage Services:
 Azure Blob Storage: Blob storage is optimized for storing large amounts of
unstructured data, such as images, videos, documents, logs, and backups. It
supports block blobs, append blobs, and page blobs for different storage
scenarios.
 Azure Files: Azure Files provides fully managed file shares in the cloud, allowing
you to mount file shares as network drives for Windows, Linux, and macOS
systems or access files using REST APIs.
 Azure Queues: Azure Queues offer reliable messaging for asynchronous
communication between application components, enabling decoupled and
scalable architectures.
 Azure Tables: Azure Tables provide NoSQL storage for structured data, allowing
you to store and query large datasets with high availability and low latency.
2. Scalability:
 Azure Storage is designed to scale seamlessly to meet the growing storage
demands of applications and workloads. It offers virtually unlimited storage
capacity, allowing you to store petabytes of data in a single storage account.
  You can scale storage capacity and performance independently by adjusting
storage account settings, such as performance tiers, redundancy options, and
access tiers.
3. Durability and Availability:
 Azure Storage provides high durability and availability by replicating data across
multiple storage nodes and data centers within the same region.
 Redundancy options such as locally redundant storage (LRS), zone-redundant
storage (ZRS), geo-redundant storage (GRS), and geo-zone-redundant storage
(GZRS) offer varying levels of data redundancy and fault tolerance.
4. Security:
 Azure Storage offers robust security features to protect data at rest and in transit,
including encryption, access controls, Azure Active Directory integration, role-
based access control (RBAC), and network security policies.
 Advanced security features such as Azure Key Vault integration, customer-
managed keys, and Azure Private Link enhance data protection and compliance.
5. Data Management:
 Azure Storage provides tools and services for managing data lifecycle, versioning,
retention, and compliance requirements.
 Features such as Blob Lifecycle Management, Blob Versioning, Blob Soft Delete,
and Azure Data Lake Storage (ADLS) integration enable efficient data
management and governance.
6. Integration:
 Azure Storage integrates seamlessly with other Azure services such as Azure
Virtual Machines, Azure Data Factory, Azure Databricks, Azure Functions, Azure
Synapse Analytics, and Azure Kubernetes Service (AKS), enabling a wide range of
data-driven workflows and applications.
Azure Storage is a foundational service in the Azure ecosystem, offering reliable and scalable
storage solutions for modern cloud applications, data lakes, analytics, and archival storage
needs. It provides the flexibility and scalability required to support diverse workloads and use
cases, from small-scale applications to enterprise-scale deployments.

Azure Storage sku’s

Azure Storage SKUs (Stock Keeping Units) represent different performance and pricing tiers for
Azure Storage services, allowing you to select the appropriate storage option based on your
performance, availability, and cost requirements. Here are some common Azure Storage SKUs:
1. Blob Storage:
 Standard: Offers reliable and cost-effective storage for unstructured data such as
documents, images, videos, and backups. Standard Blob Storage is suitable for
general-purpose storage needs with moderate performance requirements.
 Premium: Provides higher performance, lower latency, and higher throughput
compared to Standard Blob Storage. Premium Blob Storage is optimized for
latency-sensitive workloads and applications requiring high-performance storage.
2. File Storage:
 Standard: Offers fully managed file shares in the cloud, accessible via the Server
Message Block (SMB) protocol. Standard File Storage provides shared file storage
for applications and users, supporting standard file operations and protocols.
 Premium: Provides higher performance and lower latency compared to Standard
File Storage. Premium File Storage is designed for applications requiring high-
performance file access, such as databases, analytics, and virtual machine
workloads.
3. Queue Storage:
 Standard: Provides reliable messaging services for asynchronous communication
between application components. Standard Queue Storage is suitable for
building scalable and decoupled cloud applications with message queuing
capabilities.
4. Table Storage:
 Standard: Offers NoSQL storage for semi-structured data, such as logs, telemetry,
and metadata. Standard Table Storage provides scalable and cost-effective
storage for applications requiring simple query capabilities and high availability.
5. Disk Storage (Managed Disks):
 Standard HDD: Offers low-cost, magnetic disk-based storage for virtual machine
disks. Standard HDD Managed Disks provide economical storage for workloads
with low I/O requirements.
 Standard SSD: Provides balanced performance and cost for virtual machine disks.
Standard SSD Managed Disks offer better performance than HDD disks at a
slightly higher cost.
 Premium SSD: Offers high-performance, solid-state disk-based storage for virtual
machine disks. Premium SSD Managed Disks provide low-latency, high-
throughput storage for I/O-intensive workloads.
 6. Data Lake Storage:
 Gen1: Provides scalable and secure data lake storage for big data analytics and
data lake applications. Data Lake Storage Gen1 offers features such as
hierarchical namespace, POSIX permissions, and integrated analytics.
 Gen2: Combines the capabilities of Azure Blob Storage and Azure Data Lake
Storage Gen1 into a unified storage solution. Data Lake Storage Gen2 provides
scalable, secure, and cost-effective storage for big data analytics, machine
learning, and data lake workloads.

Azure Storage Networking

Azure Storage Networking refers to the network connectivity and communication mechanisms
used to access and manage Azure Storage services such as Blob Storage, File Storage, Queue
Storage, and Table Storage. Azure provides various networking features and capabilities to
ensure secure, reliable, and efficient connectivity to Azure Storage resources. Here are some key
aspects of Azure Storage networking:
1. Virtual Network (VNet) Integration:
 Azure Storage accounts can be integrated with Azure Virtual Networks (VNets) to
enable private access from resources within the same VNet.
 VNet Integration allows Azure VMs, Azure Kubernetes Service (AKS) clusters,
Azure App Service environments, and other resources to securely access Azure
Storage over the Azure backbone network, without exposure to the public
internet.
2. Service Endpoints:
 Azure Storage supports service endpoints, which extend the reach of VNets to
Azure Storage services, including Blob Storage, Queue Storage, Table Storage,
and Azure Data Lake Storage (ADLS).
 Service endpoints provide secure and optimized connectivity between VNets and
Azure Storage by allowing traffic to flow directly from the VNet to the storage
service over the Microsoft backbone network, bypassing the public internet.
3. Private Endpoints:
 Private Endpoints for Azure Storage enable secure access to storage accounts
from VNets using private IP addresses.
  Private Endpoints create a private link between the VNet and the storage
account, ensuring that data remains within the Azure network and eliminating
exposure to the public internet.
 Private Endpoints are beneficial for scenarios requiring enhanced security and
compliance, such as data sovereignty requirements or regulatory restrictions on
public internet access.
4. Firewall and Network Security Groups (NSGs):
 Azure Storage accounts can be secured using network security groups (NSGs) and
Azure Firewall to control inbound and outbound traffic based on
source/destination IP addresses, ports, and protocols.
 NSGs allow you to define network security rules to restrict access to Azure
Storage accounts based on specific criteria, helping enforce security policies and
mitigate potential threats.
5. VNet Service Endpoints for Azure Storage:
 Azure Storage supports VNet service endpoints, which allow you to access Azure
Storage services securely from within a VNet without traversing the public
internet.
 VNet service endpoints enable secure and efficient communication between
VNets and Azure Storage services, enhancing network security and reducing
latency for data access operations.
6. Cross-Region Connectivity:
 Azure ExpressRoute and Azure Virtual Network peering provide options for
establishing secure, low-latency connectivity between VNets in different Azure
regions.
 Cross-region connectivity enables distributed applications to access Azure
Storage resources located in different regions while maintaining network
performance and reliability.
Azure Storage networking features help organizations establish secure, private, and efficient
connectivity to Azure Storage services, enabling secure data storage, backup, archival, and data
analytics workflows in the cloud. By leveraging Azure networking capabilities, organizations can
enhance data security, compliance, and performance while optimizing network costs and
resources.
Azure load balancer
Azure Load Balancer is a Layer 4 (TCP, UDP) load balancer service provided by Microsoft Azure
that distributes incoming network traffic across multiple virtual machines (VMs), virtual
machine scale sets, or Azure services based on configured rules and health probes. It helps
improve the availability, scalability, and reliability of applications and services by evenly
distributing incoming requests and detecting unhealthy endpoints to route traffic away from
them. Here are some key features and aspects of Azure Load Balancer:
1. Types of Load Balancers:
 Azure offers several types of load balancers to cater to different workload
requirements:
 Azure Public Load Balancer: Distributes incoming traffic across VM
instances in Azure Virtual Networks (VNets) and public IP addresses. It is
commonly used for internet-facing applications.
 Azure Internal Load Balancer: Routes traffic between VM instances inside
an Azure VNet or between VNets. It is suitable for internal-facing
applications and microservices.
 Azure Application Gateway: Provides Layer 7 (HTTP, HTTPS) load
balancing and application delivery features such as SSL termination, URL-
based routing, session affinity, and web application firewall (WAF)
capabilities.
2. Traffic Distribution:
 Azure Load Balancer distributes incoming traffic across multiple backend VM
instances or services based on configured load balancing rules and algorithms,
such as round-robin or least connections.
 It supports both inbound and outbound load balancing, allowing you to balance
traffic coming into and leaving your Azure environment.
3. Health Probes:
 Azure Load Balancer continuously monitors the health of backend VM instances
or services using health probes. Health probes periodically check the availability
and responsiveness of endpoints by sending requests and evaluating responses.
 Unhealthy endpoints are automatically detected, and traffic is routed away from
them to ensure high availability and reliability of the application.
4. Session Affinity:
  Azure Load Balancer supports session affinity (also known as sticky sessions or
client IP affinity) to maintain session persistence for client requests. It ensures
that subsequent requests from the same client are directed to the same backend
endpoint, providing a consistent user experience for stateful applications.
5. Integration with Azure Services:
 Azure Load Balancer integrates seamlessly with other Azure services such as
Azure Virtual Machines, Virtual Machine Scale Sets, Azure Kubernetes Service
(AKS), Azure Application Gateway, and Azure Firewall, enabling scalable and
highly available architectures for various workloads.
6. Security and Network Policies:
 Azure Load Balancer provides network security features such as network address
translation (NAT), inbound and outbound network address translation (NAT),
distributed denial-of-service (DDoS) protection, and integration with Azure
Firewall for advanced network security and policy enforcement.
Azure Load Balancer is a critical component of Azure networking, enabling high availability,
scalability, and reliability for applications and services deployed in Azure. It plays a crucial role in
distributing traffic efficiently across backend resources and ensuring seamless user experiences
for cloud-based applications.

Azure Load balancer sku’s

1. Basic Tier:
 The Basic Tier of Azure Load Balancer is designed for simple, low-cost load
balancing scenarios. It supports basic Layer 4 (TCP and UDP) load balancing
without many advanced features.
 Basic Load Balancer is typically used for small-scale deployments or non-
production workloads where advanced features are not required.
2. Standard Tier:
 The Standard Tier of Azure Load Balancer provides more advanced load
balancing features and capabilities compared to the Basic Tier.
 Standard Load Balancer supports both Layer 4 (TCP and UDP) and Layer 7 (HTTP
and HTTPS) load balancing, allowing you to balance traffic based on application-
specific requirements.
  It offers additional features such as multiple VIP (Virtual IP) addresses, outbound
connections, health probes, session persistence, and integration with Azure
Monitor and Azure Firewall.
When you create an Azure Load Balancer, you can choose between the Basic Tier and Standard
Tier based on your workload requirements and the level of functionality you need. The pricing
for Azure Load Balancer is based on factors such as the number of rules, data processed, and
number of frontend and backend endpoints.
It's important to note that while Azure Load Balancer does not have specific SKUs, it does offer
different tiers with varying levels of functionality and pricing to meet different workload
requirements.

Azure Application Gateway sku’s

Azure Application Gateway, similar to Azure Load Balancer, offers different SKUs or tiers to cater
to various requirements and workloads. The SKUs determine the capabilities, performance, and
pricing of the Application Gateway service. As of my last update, Azure Application Gateway
offers the following SKUs:
1. Standard v2:
 The Standard v2 SKU is the latest version of Azure Application Gateway, offering
enhanced features and performance compared to the Standard v1 SKU.
 It provides Layer 7 (HTTP/HTTPS) load balancing, SSL termination, URL-based
routing, session affinity, and web application firewall (WAF) capabilities.
 The Standard v2 SKU offers autoscaling, improved performance, and enhanced
security features compared to the Standard v1 SKU.
2. WAF v2:
 The Web Application Firewall (WAF) v2 SKU is based on the Standard v2 SKU but
includes additional web application firewall capabilities for enhanced security.
 It provides protection against common web application vulnerabilities such as
SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
 The WAF v2 SKU includes OWASP (Open Web Application Security Project) rule
sets and custom rule sets for fine-grained control over web traffic filtering and
security policies.
3. Autoscaling:
  Azure Application Gateway supports autoscaling in both the Standard v2 and
WAF v2 SKUs, allowing the service to automatically adjust its capacity based on
traffic demand.
 Autoscaling helps ensure optimal performance and resource utilization while
minimizing costs by scaling out or in based on predefined metrics and thresholds.
When selecting an Azure Application Gateway SKU, consider factors such as your application
requirements, performance needs, security considerations, and budget constraints. The
Standard v2 SKU is suitable for general-purpose HTTP/HTTPS load balancing and application
delivery needs, while the WAF v2 SKU is recommended for applications that require enhanced
security features and protection against web application vulnerabilities.
It's worth noting that Azure Application Gateway also offers capabilities such as SSL offloading,
URL-based routing, session affinity, health probes, and integration with Azure services such as
Azure Monitor and Azure Security Center to provide comprehensive application delivery and
security solutions for cloud-based applications.

Azure Firewall
Azure Firewall is a cloud-based network security service provided by Microsoft Azure that helps
protect your Azure Virtual Network resources from unauthorized access and threats. It acts as a
centralized, managed firewall solution for securing outbound and inbound traffic to and from
your Azure resources, including virtual machines, virtual networks, and Azure services. Here are
some key features and aspects of Azure Firewall:
1. Network Security:
 Azure Firewall provides stateful firewalling capabilities to filter and inspect both
inbound and outbound traffic based on source and destination IP addresses, port
numbers, and protocols.
 It supports application-level filtering for traffic based on fully qualified domain
names (FQDNs), allowing you to control access to specific websites, services, or
applications.
2. Centralized Management:
 Azure Firewall offers centralized management and configuration through the
Azure portal, Azure Resource Manager (ARM) templates, Azure PowerShell,
Azure CLI, and Azure Management APIs.
  You can define and manage firewall rules, network rules, threat intelligence-
based filtering, and logging settings centrally across multiple Azure subscriptions
and virtual networks.
3. Integration with Azure Services:
 Azure Firewall integrates seamlessly with other Azure networking services such
as Azure Virtual Network (VNet), Azure Monitor, Azure Security Center, Azure Log
Analytics, and Azure Active Directory (AD) for advanced monitoring, logging, and
security insights.
 It can be deployed alongside Azure Virtual Network appliances such as Azure
Application Gateway, Azure Load Balancer, and Azure VPN Gateway to provide
comprehensive network security and traffic management solutions.
4. High Availability and Scalability:
 Azure Firewall is designed for high availability and scalability, with built-in
redundancy and automatic failover across multiple Azure regions.
 You can scale Azure Firewall instances horizontally to handle increased network
throughput and traffic volume by adjusting the number of instances and sizing
them according to your performance requirements.
5. Threat Intelligence:
 Azure Firewall leverages threat intelligence feeds from Microsoft and third-party
sources to provide advanced threat detection and prevention capabilities.
 It can dynamically block known malicious IP addresses, domains, and URLs to
protect your network resources from cyber threats and attacks in real-time.
6. Logging and Monitoring:
 Azure Firewall logs detailed network traffic information, including allowed and
denied traffic, security rules, and threat intelligence events.
 You can stream firewall logs to Azure Monitor, Azure Storage, Azure Event Hubs,
or third-party SIEM (Security Information and Event Management) solutions for
real-time monitoring, analysis, and threat detection.
Azure Firewall is a critical component of Azure network security, providing advanced protection,
visibility, and control over network traffic in cloud environments. It helps organizations enforce
security policies, comply with regulatory requirements, and mitigate cybersecurity risks
effectively.
Azure Firewall sku’s
1. Standard SKU:
 The Standard SKU of Azure Firewall provides essential firewall capabilities for
securing your network traffic in Azure.
 It offers stateful packet inspection, network address translation (NAT), and
application-level filtering (Layer 7) for inbound and outbound traffic.
 The Standard SKU supports high availability with active-standby deployment
mode across multiple Azure regions for increased reliability and fault tolerance.
 Standard Firewall rules are applied to all traffic passing through the firewall,
allowing you to define filtering criteria based on IP addresses, ports, protocols,
and FQDNs (Fully Qualified Domain Names).
2. Premium SKU:
 The Premium SKU of Azure Firewall includes all the features of the Standard SKU
and adds additional capabilities for advanced network security and threat
protection.
 It includes features such as intrusion detection and prevention system (IDPS), TLS
inspection, web category filtering, and URL filtering for enhanced security and
compliance.
 The Premium SKU offers integration with Azure Sentinel for centralized security
monitoring, threat detection, and incident response.
 Premium Firewall rules allow you to define more granular filtering policies based
on application categories, URL categories, and threat intelligence feeds.
3. Firewall Policy SKU:
 The Firewall Policy SKU is not a standalone SKU but rather a management SKU
that allows you to centrally manage and enforce firewall policies across multiple
Azure Firewalls.
 Firewall policies define the configuration settings, rules, and security policies
applied to Azure Firewall instances within a given Azure region or across multiple
regions.
 With Firewall Policy SKU, you can create and manage reusable firewall policies,
enforce consistent security controls, and simplify firewall management at scale.
When selecting an Azure Firewall SKU, consider factors such as your security requirements,
performance needs, compliance obligations, and budget constraints. The Standard SKU provides
basic firewall capabilities suitable for most scenarios, while the Premium SKU offers advanced
security features and threat protection for more demanding environments.
It's essential to review the feature set and pricing details of each SKU to determine the most
appropriate option for your specific use case and organizational requirements. Additionally,
consider factors such as network throughput, latency, and scalability when planning your Azure
Firewall deployment.

Azure Private End Point

Azure Private Endpoint is a network interface that connects you privately and securely to a
service powered by Azure Private Link. It uses a private IP address from your VNet, effectively
bringing the service into your VNet. Here are some key points about Azure Private Endpoint:
1. Private Connectivity:
 Azure Private Endpoint enables private connectivity to Azure PaaS services, Azure
Blob Storage, Azure Data Lake Storage Gen2, Azure SQL Database, Azure Cosmos
DB, Azure Key Vault, and more, over the Azure backbone network.
 With Private Endpoint, the traffic between your VNet and the service traverses
over the Microsoft backbone network, thus eliminating exposure from the public
internet.
2. Private Link Integration:
 Azure Private Endpoint is closely integrated with Azure Private Link, which allows
you to access Azure PaaS services privately from your VNet.
 Azure Private Link enables you to access services via their private IP address,
removing the need for public IP addresses or internet access.
3. Secure and Isolated Access:
 Azure Private Endpoint provides secure and isolated access to Azure services by
mapping a private IP address from your VNet to the service.
 Traffic between the service and your VNet traverses over the Azure backbone
network, ensuring privacy and security.
4. Integration with Azure Virtual Network:
 Azure Private Endpoint is deployed within your Azure Virtual Network (VNet),
and it obtains an IP address from the subnet where it's deployed.
 Private Endpoint can be deployed in the same region as the resource it's
connecting to or in a peered VNet within the same region.
 5. Granular Network Security:
 Azure Private Endpoint integrates with Azure Network Security Groups (NSGs),
allowing you to apply granular network security rules to control traffic to and
from the service.
 You can restrict access to the service to specific subnets or IP ranges using NSGs.
6. DNS Configuration:
 When you create a Private Endpoint, Azure automatically creates DNS entries in
your VNet's DNS zone, mapping the service's FQDN to the private IP address of
the Private Endpoint.
 This allows you to access the service using its FQDN, and DNS resolution occurs
within your VNet.
7. Service Provider Support:
 Many Azure services support Azure Private Link and, by extension, Azure Private
Endpoint.
 You can check the documentation for the specific Azure service to see if Private
Link support is available.
In summary, Azure Private Endpoint provides a secure and private connection to Azure services,
enabling you to access them privately from your Azure Virtual Network without exposing them
to the public internet. It enhances security, compliance, and privacy by ensuring that traffic
remains within the Microsoft Azure network infrastructure.