1.

Introduction to Azure
Azure Global Infrastructure

●​ Region: A geographical area (like East US, West Europe) containing at least one
datacenter.​

●​ Availability Zone: Physically separate locations within a region, each with independent
power, cooling, and networking — ensures high availability (HA).​

●​ Paired Regions: Each Azure region is paired with another within the same geography to
support disaster recovery (e.g., East US ↔ West US).​

Component Description

Region Logical data center location

Availability Zone Independent data centers within a region

Paired Region Geo-redundant setup for business

continuity

Use Case: Deploying a web app in multiple zones ensures zero downtime even if a zone fails.

Tenants, Subscriptions, Management Groups

●​ Tenant: The Azure AD instance. Represents an organization.​

●​ Subscription: Unit of billing and resource access. One tenant can have many
subscriptions.​

●​ Management Group: Container for managing access, policies, and compliance across
multiple subscriptions.​

Element Scope Example

Tenant Identity boundary utdemo.onmicrosoft.com

Subscription Billing boundary Pay-As-You-Go

 Management Policy boundary Group multiple subscriptions under a single policy
Group

Resource Groups

●​ Logical containers for Azure resources (VMs, DBs, Functions).​

●​ Used to manage, deploy, and monitor services as a group.​

●​ Supports role-based access control (RBAC) at the group level.​

# Create a Resource Group

az group create --name demo-rg --location eastus

Best Practice: Group related resources by lifecycle (dev/test/prod) for better manageability.

Azure Free Tier Overview

●​ 12 Months Free: Includes limited free usage of VMs, SQL DB, Blob Storage.​

●​ Always Free: 25+ services including Azure Functions, Cosmos DB (1 GB), App
Services (F1), etc.​

Category Example Limits

Compute B1S VM 750 hours/month

Storage Blob Storage 5 GB LRS

DB SQL DB 250 GB

Networking Bandwidth 15 GB/month

2. Compute Services
Virtual Machines (VMs)

●​ IaaS offering. Full control of OS, storage, and networking.​

●​ Supports Windows & Linux.​

●​ Use Availability Sets, Scale Sets, and Managed Disks for HA and scalability.​

# Create VM (Linux)
az vm create \
--name demoVM \
--resource-group demo-rg \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys

Best Practice: Use Azure Reserved Instances (RIs) for cost savings (up to 72%).

Azure App Services

●​ PaaS for hosting web apps, RESTful APIs, mobile backends.​

●​ Auto-scaling, custom domains, SSL, CI/CD ready.​

# Create App Service Plan + Web App

az appservice plan create --name myPlan --resource-group demo-rg --sku B1
az webapp create --name myWebApp --plan myPlan --resource-group demo-rg

Use Case: Ideal for developers who don’t want to manage infrastructure.

Azure Functions (Serverless)

 ●​ Event-driven, stateless compute (like AWS Lambda).​

●​ Charged per execution & runtime (consumption plan or premium plan).​

Triggers:

●​ HTTP (API)​

●​ Timer (cron jobs)​

●​ Blob/File Change​

●​ Queue/Service Bus​

# Example: Python Azure Function (Timer Trigger)

def main(mytimer: func.TimerRequest) -> None:
logging.info('Function ran at %s', datetime.utcnow())

Azure Container Instances (ACI)

●​ Lightweight container execution without managing VMs or orchestrators.​

●​ Ideal for short-lived, burstable workloads.​

az container create \
--name demo-container \
--image mcr.microsoft.com/azuredocs/aci-helloworld \
--resource-group demo-rg \
--dns-name-label demo-container \
--ports 80

Use Case: Rapidly spin up isolated containers for testing, batch jobs.
Azure Kubernetes Service (AKS)

●​ Fully managed Kubernetes cluster.​

●​ Integrated with AAD, Monitoring, CI/CD, Helm, Ingress.​

az aks create \
--resource-group demo-rg \
--name demo-aks \
--node-count 2 \
--enable-addons monitoring \
--generate-ssh-keys

Best Practice: Use Azure CNI for advanced networking and Managed Identity for secure
resource access.

Azure Virtual Desktop (AVD)

●​ Delivers Windows desktops and apps remotely via Azure.​

●​ Useful for remote teams, secure access, legacy software delivery.​

Components:

●​ Host pools (VMs running desktops)​

●​ Application groups (Remote apps)​

●​ Workspaces (access portal for users)​

Use Case: Centralized Windows experience across locations and devices.

3. Storage Services
Azure Blob Storage

●​ Object storage for unstructured data (images, backups, logs).​

●​ Tiers:​

○​ Hot: Frequent access, higher cost​

○​ Cool: Infrequent access, cheaper storage​

○​ Archive: Rare access, very low-cost, longer retrieval time​

az storage account create --name mystorageacct --resource-group demo-rg

--sku Standard_LRS
az storage container create --name mycontainer --account-name
mystorageacct

Use Case: Store and serve images for a web application.

Azure Files

●​ Fully managed SMB file shares in the cloud.​

●​ Mountable from Windows, Linux, macOS.​

●​ Supports snapshot backups, access via private endpoint.​

az storage share create --name myshare --account-name mystorageacct

Use Case: Lift-and-shift legacy applications requiring file share dependencies.

Disk Storage

●​ Used for Azure VMs.​

Type Performance Use Case

Standard HDD Low-cost Backup or infrequent use

Standard SSD Balanced Web servers

Premium SSD High IOPS Production workloads

Ultra Disk Extreme IOPS Databases (SQL,

NoSQL)

Disks are encrypted with Azure-managed or customer-managed keys.

Azure Data Lake Storage (ADLS)

●​ Optimized for big data analytics.​

●​ Supports HDFS, massive throughput, and hierarchical namespace.​

●​ Two generations:​

○​ Gen1 (legacy)​

○​ Gen2 (recommended, built on Blob Storage)​

Use Case: Store data for processing with Azure Synapse, Databricks, or HDInsight.

Import/Export

●​ For massive data transfers via hard drives.​

●​ Azure provides encryption and tracking.​

 ●​ Offline alternative to network upload/download.​

Azure Backup

●​ Agent-based backup for VMs, SQL, and files.​

●​ Supports long-term retention, incremental backups, and point-in-time restore.​

az backup vault create --resource-group demo-rg --name myBackupVault

--location eastus

Archive Storage

●​ Ultra-low-cost, long-term archival.​

●​ Must rehydrate (restore) data before access.​

●​ Retrieval time: hours (compared to Hot/Cool's seconds/minutes).​

4. Networking
Virtual Networks (VNets)

●​ Logical isolation of resources.​

●​ Subnets divide VNets for control and security.​

●​ Each VNet can have custom IP ranges, DNS, route tables.​

az network vnet create --name myVNet --resource-group demo-rg

--subnet-name mySubnet
Best Practice: Use Network Security Groups and private IPs to isolate sensitive services.

NSGs & ASGs

●​ Network Security Groups (NSGs):​

○​ Control inbound/outbound traffic via rules.​

○​ Attach to NICs or subnets.​

●​ Application Security Groups (ASGs):​

○​ Group VMs by application name for simplified rule management.​

az network nsg create --name myNSG --resource-group demo-rg

Azure Load Balancer

●​ L4 (TCP/UDP) load balancer.​

●​ Distributes traffic among VMs.​

●​ Types:​

○​ Public Load Balancer: Exposes services to the internet​

○​ Internal Load Balancer: For private services within a VNet​

Azure Front Door

●​ Global HTTP/HTTPS load balancer (L7).​

●​ Provides:​
 ○​ SSL offloading​

○​ Caching​

○​ Global routing​

○​ Web Application Firewall (WAF)​

Use Case: Serve static + dynamic web apps with low latency worldwide.

Azure Traffic Manager

●​ DNS-based traffic routing.​

●​ Routes to the nearest/fastest region based on:​

○​ Performance​

○​ Geographic​

○​ Weighted​

○​ Priority​

ExpressRoute

●​ Dedicated, private connection from on-premises to Azure.​

●​ Bypasses the public internet, ensuring low latency and high security.​

Use Case: Secure enterprise connection for finance, healthcare, etc.

VPN Gateway

●​ IPsec/IKE VPN tunnel between on-prem and Azure.​

 Type Description

Site-to-Site (S2S) Connect on-prem networks to

Azure

Point-to-Site (P2S) Individual device → Azure network

VNet-to-VNet Connect two Azure VNets

VNet Peering

●​ Connect two VNets for resource communication.​

●​ Intra-region or cross-region​

●​ Low latency, high bandwidth​

az network vnet peering create --name peer1 --resource-group demo-rg \

--vnet-name vnetA --remote-vnet vnetB --allow-vnet-access

5. Databases
Azure SQL Database

●​ PaaS relational database.​

●​ Built-in backup, scalability, patching, and high availability.​

●​ Modes:​

○​ Single Database (isolated)​

○​ Elastic Pool (shared resources across DBs)​

○​ Serverless (auto-pause/resume)​
 ●​ T-SQL compatible.​

az sql server create --name myserver --resource-group demo-rg \

--location eastus --admin-user myadmin --admin-password MyP@ssword!

Azure SQL Managed Instance

●​ Lift-and-shift solution for SQL Server.​

●​ Near 100% compatibility with on-prem SQL Server.​

●​ Offers VNET isolation, instance-level features, and automatic patching.​

Use Case: Migrate enterprise databases with minimal changes.

Azure Cosmos DB

●​ Globally distributed NoSQL database.​

●​ Multiple APIs:​

○​ Core (SQL) for JSON docs​

○​ MongoDB, Cassandra, Gremlin, Table​

●​ 99.999% availability, <10ms latency.​

●​ Multi-master write, auto-sharding, partitioning.​

az cosmosdb create --name mycosmos --resource-group demo-rg --kind MongoDB

Azure Database for MySQL / PostgreSQL

 ●​ Managed open-source DB as a service.​

●​ Two deployment models:​

○​ Flexible Server: Control over updates, maintenance, VNET integration​

○​ Single Server: Simpler, limited control​

Use Case: Web apps, Django, Laravel, etc.

Azure Table Storage

●​ NoSQL key-value store for large semi-structured data.​

●​ Low-cost, schema-less.​

●​ Use cases: audit logs, metadata, IoT data.​

az storage table create --name AuditLogs --account-name mystorageacct

Azure Cache for Redis

●​ In-memory data store for caching, session storage, real-time analytics.​

●​ Supports pub/sub, Lua scripting, Redis modules.​

●​ Integration with VNET, TLS encryption, and active geo-replication.​

az redis create --name mycache --resource-group demo-rg --sku Basic

--vm-size C1

Use Case: Speed up backend API responses.

6. Identity & Access Management
Azure Active Directory (AAD)

●​ Microsoft's cloud identity provider.​

●​ Supports SSO, MFA, device registration, OAuth/OIDC/SAML.​

●​ Backbone of all Azure role and policy enforcement.​

Use Case: Unified login for Office 365, Azure Portal, and third-party apps.

Users, Groups, Roles

●​ Users: Can be created manually or synced from on-prem AD.​

●​ Groups: Used for policy assignment and access control.​

●​ Roles: Define permissions. Used with RBAC.​

Role-Based Access Control (RBAC)

●​ Granular permission system.​

●​ Scope: Management Group → Subscription → Resource Group → Resource.​

●​ Common roles:​

○​ Owner​

○​ Contributor​

○​ Reader​

○​ Custom roles​
az role assignment create --assignee [email protected] --role Contributor
--resource-group demo-rg

Conditional Access

●​ Enforce access policies based on:​

○​ User location​

○​ Device compliance​

○​ Risk level​

●​ Used with MFA, block legacy auth, require app protection policies.​

Multi-Factor Authentication (MFA)

●​ Add second layer of security (OTP, biometrics, authenticator app).​

●​ Configurable per user, per group, or via conditional access.​

Managed Identities

●​ Provide Azure services (like VMs, Functions) with an identity to access other Azure
resources securely.​

●​ No need to manage secrets or credentials.​

Types:

●​ System-assigned: Tied to the lifecycle of the resource.​

●​ User-assigned: Created and shared across multiple services.​

az identity create --name myIdentity --resource-group demo-rg

Azure AD B2C (Business-to-Consumer)

●​ Identity platform for customer-facing apps.​

●​ Supports:​

○​ Social logins (Google, Facebook)​

○​ Custom UI​

○​ Self-service registration​

Use Case: External users of web/mobile apps.

Azure AD B2B (Business-to-Business)

●​ External collaborators (partners, contractors) access your resources securely.​

●​ Guest users are managed just like internal users but with limited scope.

7. Monitoring & Logging

Azure Monitor

●​ Centralized platform to collect, analyze, and act on telemetry from cloud and on-prem
resources.​

●​ Supports metrics, logs, diagnostic settings, and custom dashboards.​

●​ Used to observe performance and proactively respond to issues.​

az monitor metrics list --resource
/subscriptions/<sub-id>/resourceGroups/<rg>/providers/Microsoft.Compute/vi
rtualMachines/myVM

Application Insights

●​ APM (Application Performance Monitoring) service.​

●​ Monitors web apps for:​

○​ Request rates, response times​

○​ Failures​

○​ Dependency tracking​

○​ Exception traces​

●​ Languages supported: .NET, Node.js, Python, Java.​

az monitor app-insights component create --app demo-app --location eastus

--resource-group demo-rg

Log Analytics

●​ Query engine for analyzing logs across all Azure services.​

●​ Uses Kusto Query Language (KQL).​

●​ Pulls data from Azure Monitor and Application Insights into Log Analytics Workspace.​

Example:

Heartbeat
| summarize LastSeen=max(TimeGenerated) by Computer
Alerts and Metrics

●​ Alerts can be triggered based on:​

○​ Static threshold (e.g., CPU > 80%)​

○​ Dynamic threshold (machine learning-based)​

○​ Log queries​

●​ Alert actions: email, webhook, Azure Functions, Logic Apps.​

az monitor metrics alert create --name "HighCPU" --resource-group demo-rg

\
--scopes <vm-resource-id> --condition "avg Percentage CPU > 80"

Network Watcher

●​ Helps monitor, diagnose, view metrics, and enable logging for network resources.​

●​ Tools:​

○​ Connection Monitor​

○​ IP Flow Verify​

○​ NSG Flow Logs​

○​ Packet Capture​

○​ Topology Viewer​

az network watcher configure --locations eastus --enabled true

--resource-group demo-rg
8. Developer Tools
Azure DevOps

●​ Complete CI/CD toolchain and agile planning suite.​

●​ Components:​

○​ Repos: Git repositories with branch policies​

○​ Pipelines: Build, test, deploy automation​

○​ Boards: Agile tracking with Kanban/Scrum​

○​ Test Plans, Artifacts​

Example YAML for pipeline:

trigger:
- main

pool:
vmImage: 'ubuntu-latest'

steps:
- script: echo Hello World
displayName: 'Run a one-line script'

GitHub Actions for Azure

●​ Integrates GitHub repos with Azure for seamless CI/CD.​

●​ Use prebuilt Azure Login, Web App Deploy, and Container Actions.​

jobs:
deploy:
runs-on: ubuntu-latest
steps:
 - uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

Azure CLI & PowerShell

Azure CLI

●​ Command-line tool for managing Azure resources.​

●​ Works cross-platform (Linux, macOS, Windows).​

az vm create --name myVM --image UbuntuLTS --generate-ssh-keys

Azure PowerShell

●​ Works best for automation in Windows environments.​

●​ Integrates with Azure Resource Manager.​

New-AzVM -Name myVM -ResourceGroupName demo-rg -Location eastus

Visual Studio Code Extensions

●​ Extensions for:​

○​ Azure Functions​

○​ App Service​

○​ ARM/Bicep Tools​

○​ Azure CLI​
 ○​ Cosmos DB​

●​ Built-in integration with Azure Resource Explorer and Cloud Shell.​

Azure Resource Manager (ARM) Templates

●​ JSON-based infrastructure-as-code (IaC).​

●​ Used for deploying Azure resources declaratively.​

●​ Supports parameterization, dependencies, and conditional logic.​

{
"$schema": "...",
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2022-09-01",
"name": "[parameters('storageAccountName')]",
"location": "[resourceGroup().location]",
"sku": {
"name": "Standard_LRS"
},
"kind": "StorageV2",
"properties": {}
}
]
}

Bicep

●​ Domain-specific language for ARM templates.​

●​ Cleaner, simpler syntax and modular reuse.​

 ●​ Compiles into ARM JSON.​

resource storage 'Microsoft.Storage/storageAccounts@2022-09-01' = {

name: 'mystorageacct'
location: resourceGroup().location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
}

9. Management & Governance

Azure Policy

●​ Enables enforcement of rules and effects on Azure resources to ensure compliance.​

●​ Can audit, deny, append, or deploy additional settings.​

●​ Example: Prevent creation of public IPs.​

{
"if": {
"field":
"Microsoft.Network/publicIPAddresses/publicIPAllocationMethod",
"equals": "Static"
},
"then": {
"effect": "deny"
}
}

●​ Supports initiative definitions (policy sets).​

Azure Blueprints

●​ Package of policies, role assignments, ARM templates, and resource groups.​

●​ Used for governed deployments across multiple subscriptions or environments.​

●​ Great for enterprise-scale landing zones.​

Example use:

●​ Ensure every new subscription has a standard networking setup, RBAC roles,
policies, and resource groups.​

Cost Management + Billing

●​ Track usage and costs across subscriptions.​

●​ Set budgets, alerts, and anomaly detection.​

●​ Analyze cost trends by resource group, service, location.​

Key features:

●​ Cost Analysis (visual breakdown)​

●​ Budgets & Alerts​

●​ Forecasting & Recommendations​

Azure Lighthouse

●​ Provides cross-tenant management for managed service providers or large

enterprises.​
 ●​ Enables delegated resource access across tenants without switching accounts.​

Example:

●​ A partner manages multiple clients' Azure environments securely and centrally using
Lighthouse.​

Resource Locks & Tags

Locks:

●​ Prevent accidental deletion or modification.​

●​ Two types:​

○​ CanNotDelete​

○​ ReadOnly​

az lock create --name "PreventDelete" --lock-type CanNotDelete

--resource-group demo-rg

Tags:

●​ Key-value pairs to organize resources (cost center, owner, environment).​

az tag create --resource-id /subscriptions/<id>/resourceGroups/demo-rg

--tags Department=Finance

10. Machine Learning & AI

Azure Machine Learning Studio

●​ A cloud-based ML platform for building, training, deploying, and managing models.​

 ●​ Supports:​

○​ Drag-and-drop (low-code)​

○​ SDK-based pipelines (Python)​

○​ Model versioning & monitoring​

●​ Integration with:​

○​ GitHub, MLflow, ONNX, Azure DevOps​

Basic Python SDK example:

from azureml.core import Workspace

ws = Workspace.from_config()

Cognitive Services

Azure offers pre-trained AI APIs under 4 categories:

Vision

●​ OCR, Face Detection, Image Analysis, Spatial Analysis​

Speech

●​ Speech-to-Text, Text-to-Speech, Speaker Recognition​

Language

●​ Sentiment Analysis, Named Entity Recognition, Language Detection​

Decision

●​ Personalizer, Anomaly Detector, Content Moderator​

All accessible via REST APIs or SDKs.

az cognitiveservices account create \

 --name my-cogsvc --resource-group demo-rg \
--kind CognitiveServices --sku S0 \
--location eastus

Azure Bot Service

●​ Framework to build, test, deploy intelligent bots.​

●​ Integrates with:​

○​ Microsoft Teams​

○​ Facebook Messenger​

○​ Slack​

○​ Webchat​

●​ Combines Bot Framework SDK + Azure Bot Service.​

Architecture:​
Bot → Bot Framework → Cognitive Services (LUIS, QnA Maker) → Channels

OpenAI on Azure

●​ Provides access to GPT models (like ChatGPT, GPT-4) via REST API.​

●​ Enterprise-grade integration with data security and privacy controls.​

●​ Common use cases:​

○​ Customer service automation​

○​ Natural language insights​

○​ Text summarization​
Example:

import openai
openai.api_base = "https://<your-resource-name>.openai.azure.com/"
openai.api_key = "<your-key>"

response = openai.ChatCompletion.create(
engine="gpt-35-turbo",
messages=[{"role": "user", "content": "Explain Azure Functions"}]
)

11. Security Services

Microsoft Defender for Cloud

●​ A cloud-native security posture management (CSPM) and workload protection

platform (CWPP).​

●​ Helps identify misconfigurations and recommends security hardening steps.​

●​ Key Capabilities:​

○​ Secure Score​

○​ Just-in-Time VM Access​

○​ Threat Detection for IaaS, PaaS, containers​

Defender for Cloud integrates with Microsoft Sentinel and Microsoft Defender for
Endpoint.

Azure Security Center (now part of Defender for Cloud)

 ●​ Provides unified security management.​

●​ Monitors security across:​

○​ VMs, App Services, Databases, Key Vaults, AKS, etc.​

●​ Features:​

○​ Compliance tracking (e.g., ISO 27001, CIS)​

○​ Adaptive application controls​

○​ File integrity monitoring​

Azure Key Vault

●​ Securely store and manage secrets, keys, and certificates.​

●​ Used to safeguard:​

○​ Connection strings, passwords, API keys​

○​ SSL/TLS certificates​

○​ Encryption keys (used with disk encryption or Azure Storage)​

Usage Example (Azure CLI):

az keyvault create --name myKeyVault --resource-group demo-rg

az keyvault secret set --vault-name myKeyVault --name DBPassword --value
"P@ssw0rd!"

Key Vault supports:

●​ Integration with Azure Functions, App Service, and DevOps pipelines.​

Azure DDoS Protection

●​ Provides automatic detection and mitigation of DDoS attacks.​

●​ Two tiers:​

○​ Basic: Free and enabled by default.​

○​ Standard: Advanced mitigation for large-scale attacks, telemetry, and alerts.​

Features:

●​ Works with VNet and public IPs​

●​ Generates detailed attack analytics​

●​ Can be integrated with Azure Monitor and Log Analytics​

Microsoft Sentinel (SIEM & SOAR)

●​ Cloud-native Security Information and Event Management (SIEM) system.​

●​ Collects data from:​

○​ Azure, AWS, on-prem logs, O365, Defender, third-party firewalls​

●​ Uses AI and analytics to detect threats in real-time.​

●​ Provides:​

○​ Workbooks (dashboards)​

○​ Notebooks (Jupyter for investigation)​

○​ Playbooks (automated responses via Logic Apps)​

Example use case:

Automatically isolate a VM when a brute-force attack is detected.

12. Cost Management
Pricing Calculator

●​ Estimate the cost of Azure services before deployment.​

●​ Allows selection of:​

○​ Region​

○​ Tier (Standard, Premium)​

○​ Usage parameters​

●​ URL: https://azure.microsoft.com/en-us/pricing/calculator/​

Azure Budgets

●​ Helps track resource spend against defined limits.​

●​ Set thresholds to trigger alerts when nearing the budget.​

Example:

●​ Notify team when 75% of the monthly budget for App Services is reached.​

Cost Analysis

●​ Visual tool for cost breakdown by:​

○​ Resource group​

○​ Service​
 ○​ Tags​

○​ Time​

●​ Identify cost spikes, anomalies, and trends.​

●​ Available via Azure Portal > Cost Management + Billing.​

Reservations & Hybrid Benefit

Reservations

●​ Prepay for 1-year or 3-year terms to save up to 72%.​

●​ Applies to:​

○​ VMs​

○​ SQL DB​

○​ App Service Environment​

○​ Cosmos DB​

Azure Hybrid Benefit

●​ Bring your existing on-prem Windows Server or SQL Server licenses to Azure.​

●​ Significantly reduces VM and SQL costs.​

13. CLI & SDKs

Azure CLI
Azure CLI is a cross-platform tool to manage Azure resources directly from the command line.

Key Features:

●​ Scripting and automation​

●​ Resource management (VMs, storage, databases, networking, identity)​

●​ Supports JSON output, table formatting, filtering (--query, JMESPath)​

Example Commands:

# Login to Azure
az login

# Create a resource group

az group create --name myRG --location eastus

# Create a storage account

az storage account create --name mystorageacct --resource-group myRG
--location eastus --sku Standard_LRS

Common Commands:

●​ az vm, az webapp, az aks, az storage, az keyvault, az role, az policy​

●​ Use --help for usage details (e.g., az vm create --help)​

PowerShell Cmdlets for Azure

●​ Ideal for Windows admins or automation via Windows environments.​

Install module:​
​
Install-Module -Name Az -AllowClobber -Scope CurrentUser
 ●​

Examples:​
​
# Connect to Azure
Connect-AzAccount

# Create a resource group

New-AzResourceGroup -Name myRG -Location "East US"

# List all VMs

Get-AzVM

●​

SDKs for Developers

Azure provides comprehensive SDKs to integrate cloud resources into your apps.

Azure SDK for Python (azure-*)

Install packages via pip:

pip install azure-identity azure-mgmt-resource azure-storage-blob

Example (Blob Storage Upload):

from azure.storage.blob import BlobServiceClient

conn_str = "<connection_string>"
client = BlobServiceClient.from_connection_string(conn_str)
container = client.get_container_client("data")
container.upload_blob("test.txt", b"Hello Azure!")

Azure SDK for JavaScript / Node.js

Install via npm:

npm install @azure/identity @azure/storage-blob

Blob upload example:

const { BlobServiceClient } = require("@azure/storage-blob");

const blobServiceClient =
BlobServiceClient.fromConnectionString("<conn-string>");
const containerClient = blobServiceClient.getContainerClient("data");
await containerClient.uploadBlockBlob("file.txt", "Hello", 5);

Azure SDK for .NET

Install via NuGet:

Install-Package Azure.Identity
Install-Package Azure.Storage.Blobs

Use with C# apps to interact with Azure resources.

Azure SDK for Java

Available via Maven:

<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-storage-blob</artifactId>
<version>12.14.0</version>
</dependency>

Use for Spring Boot microservices, integrations, etc.

14. Architecture & Best Practices

Microsoft Cloud Adoption Framework
A comprehensive guide to help organizations:

●​ Strategize, plan, and execute Azure migrations.​

●​ Six stages: Strategy → Plan → Ready → Adopt → Govern → Manage​

●​ Offers tooling, templates, and checklists for each step.​

Use case:

Plan a secure migration of legacy VMs to Azure with governance and identity
guardrails.

Azure Well-Architected Framework

Focuses on 5 core pillars:

Pillar Focus Area

Cost Optimization Right-sizing, Reserved Instances, Auto-scaling

Operational Excellence Monitoring, CI/CD, alerts, logging

Performance Scaling services dynamically, caching

Efficiency

Reliability Backups, HA, DR, failover strategies

Security Identity, encryption, secure network architecture

Reference Architectures

Microsoft provides ready-made solution blueprints for:

●​ Web apps with autoscale and HA​

●​ Microservices on AKS with ingress + monitoring​

●​ Event-driven serverless apps (Functions + Event Grid)​

●​ Hybrid networking (VPN/ExpressRoute + VNet)​

 ●​ CI/CD pipelines (Azure DevOps + ARM templates)​

Link: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/

Multi-Region, High Availability (HA), and Disaster Recovery (DR)

Best Practices:

●​ Use paired regions for built-in DR and compliance​

●​ Design apps to failover across Availability Zones​

●​ Use Traffic Manager / Front Door for geo-routing​

●​ Enable geo-redundancy in storage and databases​

Example:

Deploy a 3-tier app across East US and Central US, with Front Door routing traffic
and Cosmos DB in multi-region write mode.