Microsoft Azure

How to Create Service Principle

Creating Service Principal with a Role

Connect to AzureAD.

Connect-AzureAD

Create a new service principal and assign Contributor role to a subscription.

New-AzADServicePrincipal -DisplayName 'spforcli' -Role 'Contributor' -Scope '/subscriptions/d2ed813a-7356-11ea-bc55-0242ac130003'
Secret                : System.Security.SecureString
ServicePrincipalNames : {85c7e86a-735a-11ea-bc55-0242ac130003, http://spforcli}
ApplicationId         : 85c7e86a-735a-11ea-bc55-0242ac130003
ObjectType            : ServicePrincipal
DisplayName           : spforcli
Id                    : b6db9174-7358-11ea-bc55-0242ac130003
Type                  :

Display role assignment.

Get-AzRoleAssignment -ObjectId 'b6db9174-7358-11ea-bc55-0242ac130003'

or

 

Get-AzRoleAssignment -ServicePrincipalName 'http://spforcli'
RoleAssignmentId   : /subscriptions/d2ed813a-7356-11ea-bc55-0242ac130003/providers/Microsoft.Authorization/roleAssignments/a6b28cb6-7359-11ea-bc55-0242ac130003
Scope              : /subscriptions/d2ed813a-7356-11ea-bc55-0242ac130003
DisplayName        : spforcli
SignInName         :
RoleDefinitionName : Contributor
RoleDefinitionId   : adb9535a-7359-11ea-bc55-0242ac130003
ObjectId           : b6db9174-7358-11ea-bc55-0242ac130003
ObjectType         : ServicePrincipal
CanDelegate        : False

Assigning Additional Role

Assign additional permission.

New-AzRoleAssignment -ObjectId 'b6db9174-7358-11ea-bc55-0242ac130003' -RoleDefinitionName 'Contributor' -Scope '/subscriptions/c242b2f4-7358-11ea-bc55-0242ac130003'

Displaying and Changing Current Subscription

Get current subscription

Get-AzContext
Name                                     Account                                          SubscriptionName                                 Environment                                      TenantId
----                                     -------                                          ----------------                                 -----------                                      --------
subscription-001 (d2ed813a-7356-…        MSI@50342                                        subscription-001                          AzureCloud                                       24202dc0-735a-11ea-bc55-0242ac130003

List available subscriptions.

Get-AzSubscription
Name             Id                                   TenantId                             State
----             --                                   --------                             -----
subscription-002 c242b2f4-7358-11ea-bc55-0242ac130003 24202dc0-735a-11ea-bc55-0242ac130003 Enabled
subscription-001 d2ed813a-7356-11ea-bc55-0242ac130003 24202dc0-735a-11ea-bc55-0242ac130003 Enabled

Change subscription.

Get-AzSubscription -SubscriptionId 'c242b2f4-7358-11ea-bc55-0242ac130003' | Set-AzContext

Deleting Service Principle

Delete service principal.

Remove-AzADServicePrincipal -ObjectId 'b6db9174-7358-11ea-bc55-0242ac130003'

Logging In CLI using Service Principal

Replace <secret> with your secret that set in the App Registration.

az login --service-principal -u 'http://spforcli' -p '<secret>' --tenant '24202dc0-735a-11ea-bc55-0242ac130003'

List available subscriptions.

az account list -o table
Name                     CloudName    SubscriptionId                        State    IsDefault
-----------------------  -----------  ------------------------------------  -------  -----------
subscription-002         AzureCloud   c242b2f4-7358-11ea-bc55-0242ac130003  Enabled  False
subscription-001         AzureCloud   d2ed813a-7356-11ea-bc55-0242ac130003  Enabled  True

References

AZ-900 Azure Fundamentals

My notes from AZ-900: Azure Fundamentals course

AZ-900 Azure Fundamentals

Module 1 - Cloud Concepts

Why Cloud Services?

Cloud Computing

Key Concepts

Economy of Scale

CapEx vs. OpEx

Types of Cloud Models

Public Cloud vs. Private Cloud

  Public Cloud Private Cloud
Data center Cloud provider owned Organization-owned
Ownership Cloud service provider The organization itself
Users Multiple organizations Within the organization
Access Public Single organization
Connectivity Over the internet Usually over private network
Skill to use No deep tech skill required Require deep tech skills to setup, manage, and maintain

Hybrid Cloud

Comparisons

Public Cloud Private Cloud Hybrid Cloud

Pros

  • No CapEx
  • Agility
  • Consumption-based
  • No maintenance
  • No deep skill required

Pros

  • Complete control over resources and security
  • Compliance achievable
  • Specific scenario achievable

Pros

  • Flexibility - most flexible
  • Costs - still can take advantage from public cloud
  • Control & Security - can still put in private cloud
  • Compliance still achievable
  • Specific scenario achievable

Cons

  • Security requirement may not be met
  • Compliance may not be met
  • Ownership - cannot manage as they wish
  • Specific scenario - legacy app or h/w

Cons

  • Up-front CapEx
  • Agility
  • Maintenance
  • Skills

Cons

  • Up-front CapEx
  • Costs
  • Skills - including make both operate together
  • Ease of management - should have guidelines on what on public or private cloud

Shared Responsibility Model

image-1589630678813.png

IaaS PaaS SaaS

Characteristics

  • Most basic but most flexible
  • Rent only IT infrastructure
  • No upfront cost

Characteristics

  • Provide environment for building, testing, and deploying s/w
  • Without worrying about underlying infrastructure
  • No upfront cost

Characteristics

  • Software that centrally hosted and managed e.g. Office 365
  • Usually licensed through monthly or annual subscription
  • No upfront cost

Common usage scenarios

  • Migrating workloads - easy to migrate from on-premise
  • Test and development environment - quicker to deploy
  • Website hosting - lower cost
  • Storage, backup, and recovery - more simplified

Common usage scenarios

  • Development framework - developer can build upon
  • Analytics or Business Intelligence - analyze and mine data

Common usage scenarios

  • Office 365
  • Skype
  • Microsoft Dynamics CRM Online

Comparisons

IaaS PaaS SaaS

Pros

  • No CapEx
  • Agility
  • Consumption-based
  • Skills - no deep technical to deploy & use
  • Cloud benefits - secured and HA
  • Flexibility - control to configure, manages h/w

Pros

  • No CapEx
  • Agility
  • Consumption-based
  • Skills - no deep technical to deploy & use
  • Cloud benefits - secured and HA
  • Productivity - focus on application development

Pros

  • No CapEx
  • Agility
  • Pay-as-you-go - monthly or yearly
  • Flexibility - data accessible from anywhere

Cons

  • user manages and maintains services they provision

Cons

  • Some limitations from PaaS

Cons

  • Software limitations - no or limited customizations
AZ-900 Azure Fundamentals

Module 2 - Core Azure Services

Core Azure Architectural Components

Regions

Region Pairs

Geographies

Availability Options

Availability Set

Availability Zones

Resource Group

Azure Resource Manager

Core Azure Services and Products

Azure Compute

Compute Services

Container Services

Azure Network Services

Data Categories

Structured Data Semi-structured Data Unstructured Data
  • data that has fixed schema, all data have the same fields or properties
  • stored in DB table rows and columns
  • Rely on keys for relationship between tables
  • a.k.a. Relational Data
  • Easy to enter, query, and analyze
  • Examples:
    • Sensor data
    • Financial data
  • less organized vs. structured data
  • not stored in relational format - fields not quite fit into tables, rows, and columns
  • contains tags to organize the hierarchy of data
  • a.k.a. Non-relational or NoSQL
  • Examples:
    • Books
    • Blogs
    • HTML documents
  • no designated structure
  • can hold any kind of data (free form)
  • More prominent these days
  • Examples:
    • PDF document
    • JPG image
    • JSON file
    • Video content

Azure Storage Services

Azure Database Services

Azure Marketplace

Azure Solutions

Internet of Things

Big Data and Analytics

Artificial Intelligence

Serverless Computing

DevOps

Azure App Service

Azure Management Tools

Azure Management Tools

Azure Advisor

AZ-900 Azure Fundamentals

Module 3 - Security, Privacy, Compliance and Trust

Securing Network Connectivity

Defense in Depth

image-1589892949060.png

Azure Firewall

Azure DDoS Protection

Network Security Group (NSG)

Application Security Group

Choosing Network Security Solution

Core Azure Identity Services

Authentication and Authorization

Azure Active Directory (Azure AD)

Azure Multi-factor Authentication (MFA)

Security Tools and Features

Azure Security Center

Usage Scenarios

Key Vault

Azure Information Protection (AIP)

Azure Advanced Threat Protection (ATP)

Azure Governance Methodologies

Azure Policy

Implementing Azure Policy

Policy Initiatives

Role-Based Access Control (RBAC)

Resource Locks

Azure Blueprints

Subscription Governance

Monitoring and Reporting

Tags

Azure Monitor

Azure Service Health

Monitoring Applications and Services

Privacy, Compliance and Data Protection Standards

Compliance Terms and Requirements

Microsoft Privacy Statement

Trust Center

Service Trust Portal

Compliance Manager

Azure Government Services

Azure China 21Vianet

 

AZ-900 Azure Fundamentals

Module 4 - Azure Pricing and Support

Azure Subscription

Azure Subscriptions

Subscription Offers

Management Group

Planning and Managing Cost

Purchasing Azure Products and Services

Factors  Affecting Costs

Zones for Billing

Pricing Calculator

Total Cost of Ownership Calculator

Minimizing Costs

Azure Cost Management

Azure Support Options

Support Plan Options

Alternative Support Channels

Knowledge Center

Azure Service Level Agreement (SLAs)

Service Level Agreement (SLAs)

Composite SLAs

Application SLAs

Service Lifecycle in Azure

Public and Private Preview Features

Azure Portal Preview

General Availability (GA)

Monitoring Service and Feature Updates

How to Use AzCopy to copy file from/to Azure Storage Container

References

AZ-104 Azure Administrator Associate

My notes from learning from https://docs.microsoft.com/en-us/learn/certifications/azure-administrator

AZ-104 Azure Administrator Associate

AZ-104 Deploy and manage Azure compute resources

My notes from the learning path AZ-104 Deploy and manage Azure compute resources of Microsoft Certified: Azure Administrator Associate on Microsoft Docs

Introduction to Azure virtual machines

Size of the VM

Option Description Size Series
General purpose balanced CPU-to-memory ratio. Ideal for testing and development, small to medium databases, and low to medium traffic web servers. B, Dsv3, Dv3, DSv2, Dv2
Compute optimized high CPU-to-memory ratio. Suitable for medium traffic web servers, network appliances, batch processes, and application servers. Fsv2, Fs, F
Memory optimized high memory-to-CPU ratio. Great for relational database servers, medium to large caches, and in-memory analytics. Esv3, Ev3, M, GS, G, DSv2, Dv2
Storage optimized high disk throughput and IO. Ideal for VMs running databases. Ls
GPU heavy graphics rendering and video editing. are ideal options for model training and inferencing with deep learning. NV, NC, NCv2, NCv3, ND
High performance computes the fastest and most powerful CPU virtual machines with optional high-throughput network interfaces. H

Azure Automation Services

Azure Automation allows you to automate management tasks with ease. These services include:

Availability Set

Availability set is a logical feature used to ensure that a group of related VMs are deployed so that they aren't all subject to a single point of failure and not all upgraded at the same time during a host operating system upgrade in the datacenter.

image-1590762311883.png

Failover  Across Locations

Azure Site Recovery replicates workloads from a primary site to a secondary location with two significant business advantages:

  1. Azure as a destination for recovery, thus eliminating the cost and complexity of maintaining a secondary physical datacenter.

  2. Simple to test failovers for recovery drills without impacting production environments. 

Create a Linux virtual machine in Azure

Storage Options

There are two levels of SSD storage available:

Mapping Storage to Disks

Two virtual hard disks (VHDs) will be created for your Linux VM:

  1. The operating system disk: This is your primary drive, and it has a maximum capacity of 2048 GB. It will be labeled as /dev/sda by default.

  2. temporary disk: This provides temporary storage for the OS swap files or any apps. The disk is /dev/sdb and is formatted and mounted to /mnt.

Unmanaged vs. managed disks

Authentication Method for SSH

Generating a key pair

ssh-keygen -t rsa -b 4096

Install public key in an existing VM named myserver with a user azureuser

ssh-copy-id -i ~/.ssh/id_rsa.pub azureuser@myserver

Creating a Linux VM with the Azure Portal

Virtual Network

VM IP Addresses

Connect to a Linux virtual machine with SSH

Initialize data disks

identify the disk

dmesg | grep SCSI

initialize the disk /dev/sdc

(echo n; echo p; echo 1; echo ; echo ; echo w) | sudo fdisk /dev/sdc

write a file system to the partition

sudo mkfs -t ext4 /dev/sdc1

mount the the drive to the file system

sudo mkdir /data && sudo mount /dev/sdc1 /data

Install the Apache web server

Update the local package index

sudo apt-get update

Install Apache server

sudo apt-get install apache2 -y

Check the status if the daemon will start automatically

sudo systemctl status apache2 --no-pager

Network and security settings

Network Security Group

image-1590847748199.png

Security Rules

Configure network settings

Create a Windows virtual machine in Azure

Storage Options

Mapping storage to disks

By default, two virtual hard disks (VHDs) will be created for your Windows VM:

  1. The Operating System disk. This is your primary or C: drive and has a maximum capacity of 2048 GB.

  2. Temporary disk. This provides temporary storage for the Windows paging file or any apps. It is configured as the D: drive by default.

Create a Windows virtual machine

Use RDP to connect to Windows VMs

Connect to the VM with RDP

Install custom software

We have two approaches:

  1. First, this VM is connected to the Internet. If the software you need has a downloadable installer, you can open a web browser in the RDP session, download the software, and install it. 
  2. If your software is custom, you can copy it from your local machine over to the VM to install it.

Initialize data disks

Configure network settings

Manage VMs with the Azure CLI

Create a virtual machine

The Azure CLI includes the vm command to work with VMs. The most common subcommands include:

Sub-command Description
create Create a new virtual machine
deallocate Deallocate a virtual machine
delete Delete a virtual machine
list List the created virtual machines in your subscription
open-port Open a specific network port for inbound traffic
restart Restart a virtual machine
show Get the details for a virtual machine
start Start a stopped virtual machine
stop Stop a running virtual machine
update Update a property of a virtual machine

az vm create is used to create a virtual machine in a resource group. There are several parameters but the four parameters that must be supplied are:

 
Parameter Description
--resource-group The resource group that will own the virtual machine.
--name The name of the virtual machine - must be unique within the resource group.
--image The operating system image to use to create the VM.
--location The region to place the VM in. Typically this would be close to the consumer of the VM. In this exercise, choose a location nearby from the following list.

Here is an example:

az vm create \
  --resource-group [sandbox resource group name] \
  --location westus \
  --name SampleVM \
  --image UbuntuLTS \
  --admin-username azureuser \
  --generate-ssh-keys \
  --verbose
{
  "fqdns": "",
  "id": "/subscriptions/20f4b944-fc7a-4d38-b02c-900c8223c3a0/resourceGroups/Learn-2568d0d0-efe3-4d04-a08f-df7f009f822a/providers/Microsoft.Compute/virtualMachines/SampleVM",
  "location": "westus",
  "macAddress": "00-0D-3A-58-F8-45",
  "powerState": "VM running",
  "privateIpAddress": "10.0.0.4",
  "publicIpAddress": "40.83.165.85",
  "resourceGroup": "2568d0d0-efe3-4d04-a08f-df7f009f822a",
  "zones": ""
}

Explore other VM images

This will output the most popular images that are part of an offline list built into the Azure CLI. 

az vm image list --output table

You can get a full list by adding the --all flag to the command. it is helpful to filter the list with the --publisher--sku or –-offer options.

az vm image list --sku Wordpress --output table --all
az vm image list --publisher Microsoft --output table --all

Some images are only available in certain locations

az vm image list --location eastus --output table

you can also create and upload your own custom images to create VMs based on unique configurations

Sizing VMs properly

The available sizes change based on the region you're creating the VM in.

az vm list-sizes --location eastus --output table

You can specify size of the VM in the creation command:

az vm create \
    --resource-group [sandbox resource group name] \
    --name SampleVM2 \
    --image UbuntuLTS \
    --admin-username azureuser \
    --generate-ssh-keys \
    --verbose \
    --size "Standard_DS5_v2"

Resize an existing VM

Before a resize is requested, we must check to see if the desired size is available in the cluster our VM is part of.

az vm list-vm-resize-options \
    --resource-group [sandbox resource group name] \
    --name SampleVM \
    --output table

Resize command:

az vm resize \
    --resource-group [sandbox resource group name] \
    --name SampleVM \
    --size Standard_D2s_v3

once it's done, it will return a new JSON configuration.

Query system and runtime information about the VM

This command will return all virtual machines defined in this subscription.

az vm list --output table

you can specify json (the default), jsonc (colorized JSON), or tsv (Tab-Separated Values) as the --output type

Getting the IP address

{
    "name": "Barney",
    "age": 25
}
az vm list-ip-addresses -n SampleVM -o table

Getting VM details

az vm show --resource-group [sandbox resource group name] --name SampleVM

This will return a fairly large JSON block with all sorts of information about the VM.

Adding filters to queries with JMESPath

For example, given the object:

{
  "people": [
    {
      "name": "Fred",
      "age": 28
    },
    {
      "name": "Barney",
      "age": 25
    },
    {
      "name": "Wilma",
      "age": 27
    }
  ]
}

For example, people[1] would return:

{
    "name": "Barney",
    "age": 25
}

For example, adding the qualifier people[?age > '25'] would return:

[
  {
    "name": "Fred",
    "age": 28
  },
  {
    "name": "Wilma",
    "age": 27
  }
]

by adding a select: people[?age > '25'].[name] that returns just the names:

[
  [
    "Fred"
  ],
  [
    "Wilma"
  ]
]

Filtering our Azure CLI queries

For example, we can retrieve the admin user name:

az vm show \
    --resource-group [sandbox resource group name] \
    --name SampleVM \
    --query "osProfile.adminUsername"

to retrieve all the IDs for your network interfaces, you can use the query:

az vm show \
    --resource-group [sandbox resource group name] \
    --name SampleVM \
    --query "networkProfile.networkInterfaces[].id"

Start and stop your VM with the Azure CLI

Stopping a VM

az vm stop \
    --name SampleVM \
    --resource-group [sandbox resource group name]

We can verify it has stopped by attempting to ping the public IP address, using ssh, or through the vm get-instance-view command.

Typing the following command into Azure Cloud Shell to see the current running state of your VM:

az vm get-instance-view \
    --name SampleVM \
    --resource-group [sandbox resource group name] \
    --query "instanceView.statuses[?starts_with(code, 'PowerState/')].displayStatus" -o tsv

This command should return VM stopped as the result.

Starting a VM

az vm start \
    --name SampleVM \
    --resource-group [sandbox resource group name]

You can verify the status should return VM running.

Restarting a VM

Use the vm restart command.

Install software on your VM

Install NGINX web server

SSH to your VM and use this command:

sudo apt-get -y update && sudo apt-get -y install nginx
Retrieve our default page
curl -m 10 <PublicIPAddress>

This command will fail because the Linux virtual machine doesn't expose port 80 (http).

Use the following command to open up port 80:

az vm open-port \
    --port 80 \
    --resource-group [sandbox resource group name] \
    --name SampleVM

Run the curl command again and it should return data.

AZ-104 Azure Administrator Associate

AZ-104 Prerequisites for Azure administrators

My notes from learning path AZ-104 Prerequisites for Azure administrators of Microsoft Certified: Azure Administrator Associate on Microsoft Docs

Module 1 - Apply and monitor infrastructure standards with Azure Policy

Azure Policy

Creating a policy

  1. Create a policy definition
  2. Assign a definition to a scope of resources
  3. View policy evaluation results
Creating a policy definition

A policy definition expresses what to evaluate and what action to take. It is represented as a JSON file

Here is an example of a Compute policy:

{
  "if": {
    "allOf": [
      {
        "field": "type",
        "equals": "Microsoft.Compute/virtualMachines"
      },
      {
        "not": {
          "field": "Microsoft.Compute/virtualMachines/sku.name",
          "in": "[parameters('listOfAllowedSKUs')]"
        }
      }
    ]
  },
  "then": {
    "effect": "Deny"
  }
}

Notice the [parameters('listofAllowedSKUs')] value; this value is a replacement token that will be filled in when the policy definition is applied to a scope.

Applying Azure policy

Register the resource provider if it's not already registered.

Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights'

For example, here's a policy definition that identifies virtual machines not using managed disks.

# Get a reference to the resource group that will be the scope of the assignment
$rg = Get-AzResourceGroup -Name '<resourceGroupName>'

# Get a reference to the built-in policy definition that will be assigned
$definition = Get-AzPolicyDefinition | Where-Object { $_.Properties.DisplayName -eq 'Audit VMs that do not use managed disks' }

# Create the policy assignment with the built-in definition against your resource group
New-AzPolicyAssignment -Name 'audit-vm-manageddisks' -DisplayName 'Audit VMs without managed disks Assignment' -Scope $rg.ResourceId -PolicyDefinition $definition
Identifying non-compliant resources

The results can be seen in the Resource compliance tab of a policy assignment in the Azure portal use the command-line tools:

Get-AzPolicyState -ResourceGroupName $rg.ResourceGroupName -PolicyAssignmentName 'audit-vm-manageddisks' -Filter 'IsCompliant eq false'
Policy effects
Policy Effect What happens?
Deny The resource creation/update fails due to policy.
Disabled The policy rule is ignored (disabled). Often used for testing.
Append Adds additional parameters/fields to the requested resource e.g. tags
Audit, AuditIfNotExists Creates a warning event in the activity log but it doesn't stop the request.
DeployIfNotExists Executes a template deployment when a specific condition is met.
View policy evaluation results

Azure portal showing the policy overview screen

Removing a policy definition
Remove-AzPolicyAssignment -Name 'audit-vm-manageddisks' -Scope '/subscriptions/<subscriptionID>/resourceGroups/<resourceGroupName>'

Organize policy with initiatives

Screenshot showing Azure portal defining initiatives and definitions

Enterprise governance management

Here is an example of creating a hierarchy for governance using management groups:

Image showing Azure Management Groups as a tree graph of relationships

Another scenario where you would use management groups is to provide user access to multiple subscriptions. You can create one role-based access control (RBAC) assignment on the management group that will allow that access to all the subscriptions.

Define standard resources with Azure Blueprints

Blueprint vs. ARM templates

Blueprint vs. Azure Policy

Compliance Manager

You also have to understand how the provider manages the underlying resources you are building on.

Microsoft Privacy Statement

What personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Microsoft Trust Center

Service Trust Portal

Compliance Manager

Monitor your service health

You will want to know about any issues or performance problems they might encounter.

Azure Monitor

Data sources can range from your application, any operating system and services:

 
Data tier Description
Application monitoring data Data about the performance and functionality of the code you have written, regardless of its platform.
Guest OS monitoring data Data about the operating system on which your application is running. This could be running in Azure, another cloud, or on-premises.
Azure resource monitoring data Data about the operation of an Azure resource.
Azure subscription monitoring data Data about the operation and management of an Azure subscription, as well as data about the health and operation of Azure itself.
Azure tenant monitoring data Data about the operation of tenant-level Azure services, such as Azure Active Directory.
Diagnostic settings
Getting more data from your apps
Responding to alert conditions

Azure Service Health

Azure Service Health is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It comprises of:

Module 2 - Introduction to Azure virtual machines

Size of the VM

Option Description Size Series
General purpose balanced CPU-to-memory ratio. Ideal for testing and development, small to medium databases, and low to medium traffic web servers. B, Dsv3, Dv3, DSv2, Dv2
Compute optimized high CPU-to-memory ratio. Suitable for medium traffic web servers, network appliances, batch processes, and application servers. Fsv2, Fs, F
Memory optimized high memory-to-CPU ratio. Great for relational database servers, medium to large caches, and in-memory analytics. Esv3, Ev3, M, GS, G, DSv2, Dv2
Storage optimized high disk throughput and IO. Ideal for VMs running databases. Ls
GPU heavy graphics rendering and video editing. are ideal options for model training and inferencing with deep learning. NV, NC, NCv2, NCv3, ND
High performance computes the fastest and most powerful CPU virtual machines with optional high-throughput network interfaces. H

Azure Automation Services

Azure Automation allows you to automate management tasks with ease. These services include:

Availability Set

Availability set is a logical feature used to ensure that a group of related VMs are deployed so that they aren't all subject to a single point of failure and not all upgraded at the same time during a host operating system upgrade in the datacenter.

image-1590762311883.png

Failover  Across Locations

Azure Site Recovery replicates workloads from a primary site to a secondary location with two significant business advantages:

  1. Azure as a destination for recovery, thus eliminating the cost and complexity of maintaining a secondary physical datacenter.

  2. Simple to test failovers for recovery drills without impacting production environments. 

AZ-104 Azure Administrator Associate

Key Points: Microsoft Azure Administrator (AZ-103)

Key points consolidated from the course Exam Tips: Microsoft Azure Administrator (AZ-103) of learning path Prepare for Microsoft Azure Administrator Certification (AZ-103) on Linkedin Learning

Manage Azure Subscriptions and Resources

Manage Azure Subscriptions

Analyze Resource Utilization

Manage Resource Groups

Manage Role-Based Access Control

Implement and Manage Storage

Create and Configure Storage Accounts

Import and Export Data to Azure

Configure Azure File

Implement Azure Backup

Deploy and Manage Virtual Machines (VMs)

Create and Configure a VM for Windows and Linux

Automate Deployment of VMs

Manage an Azure VM

Manage VM Backups

Configure and Manage Virtual Networks

Create Connectivity Between Virtual Networks

Implement and Manage Virtual Networking

Configure Name Resolution

Create and Configure a Network Security Group (NSG)

Implement Azure Load Balancer

Monitor and Troubleshoot Virtual Networking

Integrate On-premise Network with an Azure Vitual Network

Manage Identities

Manage Azure Active Directory (AD)

Manage Azure AD Objects: Users, Groups, and Devices

Implement and Manage Hybrid Identities

Implement Multi-Factor Authentication (MFA)

 

AZ-104 Azure Administrator Associate

Azure Administration: Manage Subscriptions and Resources

My notes from the course Azure Administration: Manage Subscriptions and Resources of Prepare for Microsoft Azure Administrator Certification (AZ-103) learning path on Linkedin Learning

Manage Azure Subscriptions

Administrator Roles

Azure Policy

Analyze Resource Utilization and Consumption

Types of Logs

image-1592729683029.png