3 TODO Udemy AZ-104 Microsoft Azure Administrator Exam Certification (Scott Duffy)

Posted on by espenk

07.01.2021

https://www.udemy.com/course/70533-azure/

Section 1 Intro
Check what is new in MS
Create a budget for subscriptions, amount and notification when limit is hit. (newbudget)

Course is frequently updated, check it.


Microsoft resources
Learning paths on MS Learn:

https://docs.microsoft.com/en-us/learn/certifications/exams/az-104#two-ways-to-prepare

MS Learn

https://docs.microsoft.com/en-us/learn/browse/?roles=administrator&products=azure

Azure Code Samples

https://azure.microsoft.com/en-us/resources/samples/?sort=0

Official Azure Documentation

https://docs.microsoft.com/en-us/azure/

Official Microsoft Azure YouTube Channel

https://www.youtube.com/user/windowsazure

Official Microsoft Developer YouTube Channel

https://www.youtube.com/channel/UCsMica-v34Irf9KVTh6xx-g

Download the Azure SDK’s for PowerShell and CLI

https://azure.microsoft.com/en-us/downloads/

Official Github Repository for PowerShell Scripts

https://github.com/Azure/azure-powershell

Azure REST API Browser

https://docs.microsoft.com/en-us/rest/api/?view=Azure

Microsoft Labs and Workshops – Practice is the key to success

Azure Citadel – Labs and Workshops

https://azurecitadel.com/

Microsoft Cloud Workshop – More labs and workshops

https://microsoftcloudworkshop.com/

GitHub AZ-104 from Microsoft Training

https://microsoftlearning.github.io/AZ-104-MicrosoftAzureAdministrator/

Section 2 Azure concepts
very much, too much, take it bit by bit.
Core services
VM, vnet and storage (is the basics and foundation)

VM (RDP, availability sets, load balancer, etc)
A VM is generally considered Infrastructure-as-a-Service, as you retain responsibility for patching and managing the Virtual Machine Operating System.
VM abstraction on top
Batch, scale set, AKS, Fabric

App Service or web app (container app) (different then VM) PaaS (a.k.a. platform as a service), Microsoft offers a complete platform on which clients can roll out their applications.
No maintenance of the servers or operating systems is required. After all, Microsoft also offers the operating system (Windows Server, Linux, etc.) as a service.
No RDP, fully manged servers, have access to applications you can install:
.Net, Python etc. (developer friendly service, CI/CD , VSC, scaling, deployment slots )

Storage and data service
Cosmos, global scale (NOSQL, mongodb, documentdb etc)
Az db Mysql, PSql, MariaDb
Az cache Redis

Storage
stor.acc up to 5 PB
Blob, q, tables, files
Levels of replication (local, global)
Tires (hot, cool, archive)
Managed and unmanaged

Data service
Az SQL db (same as on prem)
Az SQL db managed instance (in between, managed instance by MS)
SQL Server on vm
Synapse analytics (data warehouse)

Networking service and micro services

Microservices
Fabric, apps on vm
Functions, small code
Logic apps, logiical steps, if else
API management, in front of an API, throttle it, rules etc.
AKS containers as micro services

Networking

4 main categories
Connectivity
vnet, virtual wan (office to office), express route (private net and fast), vpn, dns (private public), peering (multiple network together, send traffic through)
Bastion, like RDP but more secure

Security
NSG (access control), private link (make public private), DDos prot, FW, WAF (web application FW (recognize common attacks)), vnet endpoints

Delivery
CDN, front door, traffic manger (hack of DNS to distribute traffic around), application gateway and load balancer

Monitoring
Network watcher, express route monitor, monitor, vnet tap

But there are 100’s of services in Azure, relax, pick what is interesting.

Section 3 Powershell and CLI

13 Automation
Script, source control, reduce errors, form of documentation.
Azure cloud shell (store scripts in home folder) or standalone powershell with AZ lib installed
Need to know both powershell and cli
(Leave lots of time for the labs)

14 Predictable naming system cli

az vm list
az vm create
az vm delete
az keyvault list, create, delete
az network vnet list, create, delete
az network vnet subnet list, create, delete

Predictabel naming system ps

Get-AzVm
New-AzVM
Remove-AzVm
Get-AzKeyVault
New-AzKeyVault
Remove-AzKeyVault
Get-AzVirtualNetwork
New-AzVirtualNetwork
Remove-AzVirtualNetwork

15 Powershell
Get latest version v7 is recommended
v5 is windows spesific
Bash cli is the equivaleint on linux
Azure cli also avaliable for windows, OSX and Linux
PS is ObjectOriented

Can just use the cloud shell (is cross platform), it has the modules, choose ps or cli

PS Module was AzureRM, now it is AZ, can not have both.

Install-Module -Name Az - AllowClobber
# update module
Install-Module -Name Az - AllowClobber -Force
# if errors, force it, no update command, reinstall it with force
Connect-AzConnect

Lab:
Install Powershell 7 latest
Install Az module

16 Install PS

https://github.com/PowerShell/PowerShell

Scroll, leave default
PowerShell-7.1.0-win-x64.msi
Open PS7 as admin

Install-Module -Name Az – AllowClobber -Force

17 Switching subscriptions

Section 4 Manage resource groups

18 Resource groups and locks

Locks, allow to place lock to prevent accidents.
Lock type
CanNotDelete (Delete) or ReadOnly (Read-only).

Readonly, means authorized users can read a resource,
but they can’t delete or update the resource, or even stop a virtual machine.


Delete, means authorized users can still read and modify a resource,
but they can’t delete the resource.


19 Resource group policy

Rg, policy tab, assignments, assign policy.
Can assign tags to rg and allowed locations and more.
Allowed locations, parameters, can select a limit of regions where resources can be created in.

Several policy definitions, with custom and built in types.

Built in

Audit VMs that do not use managed disks
Audit Windows VMs with a pending reboot


20 Move resources

Select the resources and move to another rg or sub.


21 Lab Policy, Lab 02b – Manage Governance via Azure Policy

https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator/blob/master/Instructions/Labs/LAB_02b-Manage_Governance_via_Azure_Policy.md

  • Task 1: Create and assign tags via the Azure portal
  • They were added to the rg, so all resources that is already created did not get the tags, i.e a stor.acc
  • Task 2: Enforce tagging via an Azure policy, search for policy
  • Now we try to create a stor.acc without tags, and it fails since we need: Require Role tag with Infra value
  • Delete the above policy
  • Task 3: Apply tagging via an Azure policy
  • Create a new policy, Inherit a tag from the resource group if missing

Create a new stor.acc from the rg, do not add tags, now it passes.

Once the new storage account is provisioned, click Go to resource button and, on the Overview blade of the newly created storage account, note that the tag Role with the value Infra has been automatically assigned to the resource.

Section 5: Manage subscriptions and governance


Section 6: Monitor resources by using Azure Monitor


Section 7: Create and configure storage accounts
Section 8: Import and export data to Azure
Section 9: Configure Azure files
Section 10: Implement backup and recovery
Section 11: Azure Virtual Machines
Section 12: Windows and Linux VMs
Section 13: Manage Azure VM
Section 14: Manage VM Backups
Section 15: Azure App Services
Section 16: Azure Kubernetes Services (AKS)
Section 17: Manage Virtual Networking
Section 18: Implement and manage virtual networking
Section 19: Configure name resolution
Section 20: Secure access to virtual networks
Section 21: Manage Azure Active Directory
Section 22: Manage Azure AD objects
Section 23: Implement multi-factor
Section 24: Manage role-based access control (RBAC)
Section 25: Configure load balancing
Section 26: Monitor and troubleshoot virtual networking
Section 27: Wrap Up