Section 1 Intro
Check what is new in MS
Create a budget for subscriptions, amount and notification when limit is hit. (newbudget)
Course is frequently updated, check it.
Learning paths on MS Learn:
Azure Code Samples
Official Azure Documentation
Official Microsoft Azure YouTube Channel
Official Microsoft Developer YouTube Channel
Download the Azure SDK’s for PowerShell and CLI
Official Github Repository for PowerShell Scripts
Azure REST API Browser
Microsoft Labs and Workshops – Practice is the key to success
Azure Citadel – Labs and Workshops
Microsoft Cloud Workshop – More labs and workshops
GitHub AZ-104 from Microsoft Training
Section 2 Azure concepts
very much, too much, take it bit by bit.
VM, vnet and storage (is the basics and foundation)
VM (RDP, availability sets, load balancer, etc)
A VM is generally considered Infrastructure-as-a-Service, as you retain responsibility for patching and managing the Virtual Machine Operating System.
VM abstraction on top
Batch, scale set, AKS, Fabric
App Service or web app (container app) (different then VM) PaaS (a.k.a. platform as a service), Microsoft offers a complete platform on which clients can roll out their applications.
No maintenance of the servers or operating systems is required. After all, Microsoft also offers the operating system (Windows Server, Linux, etc.) as a service.
No RDP, fully manged servers, have access to applications you can install:
.Net, Python etc. (developer friendly service, CI/CD , VSC, scaling, deployment slots )
Storage and data service
Cosmos, global scale (NOSQL, mongodb, documentdb etc)
Az db Mysql, PSql, MariaDb
Az cache Redis
stor.acc up to 5 PB
Blob, q, tables, files
Levels of replication (local, global)
Tires (hot, cool, archive)
Managed and unmanaged
Az SQL db (same as on prem)
Az SQL db managed instance (in between, managed instance by MS)
SQL Server on vm
Synapse analytics (data warehouse)
Networking service and micro services
Fabric, apps on vm
Functions, small code
Logic apps, logiical steps, if else
API management, in front of an API, throttle it, rules etc.
AKS containers as micro services
4 main categories
vnet, virtual wan (office to office), express route (private net and fast), vpn, dns (private public), peering (multiple network together, send traffic through)
Bastion, like RDP but more secure
NSG (access control), private link (make public private), DDos prot, FW, WAF (web application FW (recognize common attacks)), vnet endpoints
CDN, front door, traffic manger (hack of DNS to distribute traffic around), application gateway and load balancer
Network watcher, express route monitor, monitor, vnet tap
But there are 100’s of services in Azure, relax, pick what is interesting.
Section 3 Powershell and CLI
Script, source control, reduce errors, form of documentation.
Azure cloud shell (store scripts in home folder) or standalone powershell with AZ lib installed
Need to know both powershell and cli
(Leave lots of time for the labs)
14 Predictable naming system cli
az vm list
az vm create
az vm delete
az keyvault list, create, delete
az network vnet list, create, delete
az network vnet subnet list, create, delete
Predictabel naming system ps
Get latest version v7 is recommended
v5 is windows spesific
Bash cli is the equivaleint on linux
Azure cli also avaliable for windows, OSX and Linux
PS is ObjectOriented
Can just use the cloud shell (is cross platform), it has the modules, choose ps or cli
PS Module was AzureRM, now it is AZ, can not have both.
Install-Module -Name Az - AllowClobber # update module Install-Module -Name Az - AllowClobber -Force # if errors, force it, no update command, reinstall it with force Connect-AzConnect
Install Powershell 7 latest
Install Az module
16 Install PS
Scroll, leave default
Open PS7 as admin
Install-Module -Name Az – AllowClobber -Force
17 Switching subscriptions
Section 4 Manage resource groups
18 Resource groups and locks
Locks, allow to place lock to prevent accidents.
CanNotDelete (Delete) or ReadOnly (Read-only).
Readonly, means authorized users can read a resource,
but they can’t delete or update the resource, or even stop a virtual machine.
Delete, means authorized users can still read and modify a resource,
but they can’t delete the resource.
19 Resource group policy
Rg, policy tab, assignments, assign policy.
Can assign tags to rg and allowed locations and more.
Allowed locations, parameters, can select a limit of regions where resources can be created in.
Several policy definitions, with custom and built in types.
Audit VMs that do not use managed disks
Audit Windows VMs with a pending reboot
20 Move resources
Select the resources and move to another rg or sub.
21 Lab Policy, Lab 02b – Manage Governance via Azure Policy
- Task 1: Create and assign tags via the Azure portal
- They were added to the rg, so all resources that is already created did not get the tags, i.e a stor.acc
- Task 2: Enforce tagging via an Azure policy, search for policy
- Now we try to create a stor.acc without tags, and it fails since we need: Require Role tag with Infra value
- Delete the above policy
- Task 3: Apply tagging via an Azure policy
- Create a new policy, Inherit a tag from the resource group if missing
Create a new stor.acc from the rg, do not add tags, now it passes.
Once the new storage account is provisioned, click Go to resource button and, on the Overview blade of the newly created storage account, note that the tag Role with the value Infra has been automatically assigned to the resource.
Section 5: Manage subscriptions and governance
- Account, person / program (manged identity)
- Tenant, organization, represented with public domain (example.onmicrosoft.con). A dedicated instance of Azure AD.
- Subscription, billing agreement (free, pay-as-, enterprise etc)
- Resource, entity managed by Azure.
- RG, organizing resources in subscription, folder structure, resources must belong to only one rg.
Add user to subscription, IAM
Cost management and billing service, where does the many go, do analysis and look at history.
Good to use tag, can filter on tags
- Enforce standard
- Built in (allowed locations, resource types, SKUs, apply tag)
- Possibility as shown above to add policy to rg
- Can also create own policy json object
Everything you do in the portal you can do in shell (ps1 or .sh)
27 Lab About policy
Section 6: Monitor resources by using Azure Monitor
Section 7: Create and configure storage accounts
Section 8: Import and export data to Azure
Section 9: Configure Azure files
Section 10: Implement backup and recovery
Section 11: Azure Virtual Machines
Section 12: Windows and Linux VMs
Section 13: Manage Azure VM
Section 14: Manage VM Backups
Section 15: Azure App Services
Section 16: Azure Kubernetes Services (AKS)
Section 17: Manage Virtual Networking
Section 18: Implement and manage virtual networking
Section 19: Configure name resolution
Section 20: Secure access to virtual networks
Section 21: Manage Azure Active Directory
Section 22: Manage Azure AD objects
Section 23: Implement multi-factor
Section 24: Manage role-based access control (RBAC)
Section 25: Configure load balancing
Section 26: Monitor and troubleshoot virtual networking
Section 27: Wrap Up