Microsoft Azure: From Basics to Expert Proficiency

Microsoft Azure

From Basics to Expert Proficiency

Copyright © 2024 by HiTeX Press

All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.

Contents

1 Introduction to Microsoft Azure

1.1 What is Cloud Computing?

1.2 Introduction to Microsoft Azure

1.3 Azure Global Infrastructure

1.4 Key Azure Concepts and Terminology

1.5 Azure Free Account and Pricing Tiers

1.6 Overview of Azure Services

1.7 Getting Started with the Azure Portal

1.8 Basic Azure CLI Commands

1.9 Creating Your First Azure Resource

1.10 Introduction to Azure Marketplace

2 Azure Architecture and Services

2.1 Understanding Azure Regions and Availability Zones

2.2 Introduction to Azure Resource Manager

2.3 Core Azure Architectural Components

2.4 Virtual Machines and Compute Services

2.5 Azure App Services

2.6 Azure Kubernetes Service (AKS)

2.7 Serverless Computing with Azure Functions

2.8 Introduction to Azure Containers

2.9 Azure Database Services

2.10 Azure AI and Machine Learning Services

2.11 Hybrid and Multi-cloud Solutions with Azure Arc

2.12 Overview of Azure IoT Services

3 Deploying and Managing Azure Resources

3.1 Azure Resource Manager (ARM) Templates

3.2 Deploying Resources with Azure Portal

3.3 Using Azure CLI for Resource Management

3.4 Managing Resources with PowerShell

3.5 Introduction to Azure Bicep

3.6 Resource Tracking and Tagging

3.7 Role-Based Access Control (RBAC) for Resource Management

3.8 Deploying and Managing Virtual Machines

3.9 Scaling Azure Applications

3.10 Introduction to Azure DevTest Labs

3.11 Using Azure Policy for Resource Governance

3.12 Managing Costs and Budgets in Azure

4 Azure Networking

4.1 Introduction to Azure Virtual Networks (VNet)

4.2 Subnetting in Azure

4.3 Network Security Groups (NSG) and Application Security Groups (ASG)

4.4 Azure VPN Gateway and Site-to-Site Connectivity

4.5 Azure ExpressRoute

4.6 Azure Load Balancer

4.7 Azure Application Gateway and Web Application Firewall

4.8 Azure DNS

4.9 Azure Traffic Manager

4.10 Azure Front Door

4.11 Configuring Azure Firewall

4.12 Monitoring and Troubleshooting Network Performance

5 Azure Storage Solutions

5.1 Introduction to Azure Storage

5.2 Azure Blob Storage

5.3 Azure File Storage

5.4 Azure Disk Storage

5.5 Azure Queue Storage

5.6 Azure Table Storage

5.7 Managing Storage Accounts

5.8 Scalability and Performance in Azure Storage

5.9 Access Control and Security in Azure Storage

5.10 Azure Storage Explorer

5.11 Introduction to Azure Data Lake

5.12 Monitoring and Troubleshooting Azure Storage

6 Azure Security and Compliance

6.1 Overview of Azure Security

6.2 Azure Security Center

6.3 Azure Key Vault

6.4 Azure Active Directory (Azure AD) Security

6.5 Network Security in Azure

6.6 Azure Policy and Blueprints

6.7 Compliance in Azure

6.8 Data Encryption in Azure

6.9 Azure Sentinel

6.10 Identity Protection and Privileged Identity Management

6.11 Securing Applications in Azure

6.12 Monitoring and Auditing Security in Azure

7 Azure Identity and Access Management

7.1 Introduction to Identity and Access Management

7.2 Overview of Azure Active Directory (Azure AD)

7.3 Managing Users and Groups in Azure AD

7.4 Azure AD Multi-Factor Authentication

7.5 Azure AD Conditional Access

7.6 Azure AD Connect and Hybrid Identity

7.7 Azure Role-Based Access Control (RBAC)

7.8 Azure Managed Identities

7.9 Azure AD B2C and B2B

7.10 Securing Applications with Azure AD

7.11 Monitoring and Reporting in Azure AD

7.12 Identity Governance and Policies

8 Azure DevOps and Application Lifecycle Management

8.1 Introduction to DevOps

8.2 Overview of Azure DevOps Services

8.3 Setting Up Azure Repos

8.4 Continuous Integration with Azure Pipelines

8.5 Continuous Deployment with Azure Pipelines

8.6 Managing Artifacts with Azure Artifacts

8.7 Infrastructure as Code with Azure DevOps

8.8 Testing and Quality Assurance in Azure DevOps

8.9 Agile Planning and Tracking with Azure Boards

8.10 Implementing CI/CD Best Practices

8.11 Deploying Applications to Azure Kubernetes Service (AKS)

8.12 Monitoring and Feedback in Azure DevOps

9 Monitoring and Optimizing Azure

9.1 Introduction to Monitoring in Azure

9.2 Getting Started with Azure Monitor

9.3 Azure Logs and Metrics

9.4 Application Insights

9.5 Network Monitoring with Azure Network Watcher

9.6 Security Monitoring with Azure Sentinel

9.7 Cost Management and Optimization

9.8 Performance Tuning and Optimization

9.9 Autoscaling Applications in Azure

9.10 Using Azure Advisor for Best Practices

9.11 Alerting and Notifications

9.12 Implementing Monitoring and Logging Best Practices

10 Case Studies and Best Practices

10.1 Introduction to Case Studies

10.2 Case Study: Migrating a Legacy Application to Azure

10.3 Case Study: Implementing a CI/CD Pipeline with Azure DevOps

10.4 Case Study: Scaling a Web Application with Azure App Services

10.5 Case Study: Securing Data with Azure Key Vault

10.6 Best Practices for Cost Management and Optimization

10.7 Best Practices for Security and Compliance

10.8 Best Practices for High Availability and Disaster Recovery

10.9 Best Practices for Scaling and Performance

10.10 Best Practices for DevOps and Agile Development

10.11 Lessons Learned from Real-world Azure Implementations

10.12 Future Trends and Innovations in Azure

Introduction

Cloud computing has fundamentally transformed the way businesses and individuals approach computing infrastructure. Among the numerous cloud service providers, Microsoft Azure stands out with its comprehensive suite of cloud services that cater to a wide range of requirements, from computing and storage to networking and artificial intelligence.

Microsoft Azure, launched in 2010, has continually evolved to become one of the leading cloud platforms available today. It offers an extensive set of services that can empower organizations to build, deploy, and manage applications through Microsoft’s global network of data centers. The platform not only supports a variety of tools and frameworks, but it is also designed to facilitate flexibility, scalability, and innovation.

This book, Microsoft Azure: From Basics to Expert Proficiency, aims to provide a detailed guide to understanding and mastering Azure. It is structured to help readers build a solid foundation in Azure, develop advanced skills, and adopt best practices for effective cloud management. Each chapter is dedicated to a specific aspect of Azure, ensuring that readers can progressively enhance their knowledge and expertise.

We begin with an introductory chapter that covers the essential concepts of cloud computing and provides an overview of Microsoft Azure. Following this, we delve into the architecture and services offered by Azure, giving you insights into how you can leverage Azure regions, availability zones, and various architectural components to build resilient applications.

Subsequent chapters guide you through the deployment and management of Azure resources, providing practical advice and step-by-step instructions for using Azure’s tools and services. Networking is another critical aspect covered in detail, discussing how to create and configure virtual networks, security groups, and other networking essentials.

Storage solutions in Azure are explored in depth, giving an understanding of different storage options and their appropriate use cases. Security and compliance are paramount concerns for any organization, and this book dedicates a chapter to these topics, explaining how to secure your data, comply with various regulations, and leverage Azure’s built-in security features.

Identity and access management is another vital area, with a chapter devoted to Azure Active Directory, role-based access control, and other identity management features. This book also covers Azure DevOps and application lifecycle management, demonstrating how to implement CI/CD pipelines, manage artifacts, and ensure quality in your development process.

Monitoring and optimizing your Azure environment is crucial for maintaining performance and cost-efficiency. We provide detailed information on using Azure Monitor, Application Insights, and other tools to track and optimize your resources.

Lastly, we present real-world case studies and best practices that highlight successful Azure implementations and provide practical lessons learned from the field.

By the end of this book, readers will have a comprehensive understanding of Microsoft Azure and its capabilities. Whether you are an IT professional, a developer, or someone looking to expand your cloud computing knowledge, this book will equip you with the skills and knowledge necessary to excel in the Azure ecosystem.

Chapter 1

Introduction to Microsoft Azure

Cloud computing has revolutionized IT infrastructure, offering scalable, on-demand resources over the internet. Microsoft Azure is one of the leading cloud platforms, providing an extensive range of services that include computing, networking, databases, analytics, and artificial intelligence. This chapter introduces the fundamental concepts of cloud computing, explores Azure’s global infrastructure, explains essential Azure terminology, and guides readers through setting up a free account and navigating the Azure Portal. Key services and basic command line tools are also covered, enabling readers to create and manage their first Azure resources effectively.

1.1

What is Cloud Computing?

Cloud computing is the delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the internet (the cloud) to offer faster innovation, flexible resources, and economies of scale. These services are typically offered on a pay-as-you-go basis, helping organizations lower their operating costs, run their infrastructure more efficiently, and scale as their business needs change.

Key Characteristics of Cloud Computing:

On-Demand Self-Service: Users can provision computing capabilities, such as server time and network storage, as needed automatically without requiring human intervention with each service provider.

Broad Network Access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).

Resource Pooling: The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter).

Rapid Elasticity: Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.

Measured Service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

Service Models of Cloud Computing:

Infrastructure as a Service (IaaS): This is the most basic category of cloud computing services. With IaaS, you rent IT infrastructure—servers and virtual machines (VMs), storage, networks, and operating systems—from a cloud provider on a pay-as-you-go basis. Examples include Amazon Web Services (AWS) EC2, Microsoft Azure Virtual Machines, and Google Cloud Engine.

Platform as a Service (PaaS): Platform as a service refers to cloud computing services that supply an on-demand environment for developing, testing, delivering, and managing software applications. PaaS is designed to make it easier for developers to create web or mobile apps without worrying about setting up or managing the underlying infrastructure of servers, storage, network, and databases needed for development. Examples include Microsoft Azure App Services, Google App Engine, and AWS Elastic Beanstalk.

Software as a Service (SaaS): SaaS enables delivery of software applications over the internet, on-demand, and typically on a subscription basis. With SaaS, cloud providers host and manage the software application and underlying infrastructure, and handle any maintenance, such as software upgrades and security patching. Users connect to the application over the internet, usually with a web browser on their phone, tablet, or PC. Examples include Microsoft Office 365, Google Workspace (formerly G Suite), and Salesforce.

Deployment Models of Cloud Computing:

Public Cloud: Public clouds are owned and operated by third-party cloud service providers, which deliver their computing resources, like servers and storage, over the Internet. Microsoft Azure is an example of a public cloud. With a public cloud, all hardware, software, and other supporting infrastructure are owned and managed by the cloud provider. You access these services and manage your account using a web browser.

Private Cloud: A private cloud refers to cloud computing resources used exclusively by a single business or organization. A private cloud can be physically located on the company’s on-site datacenter. Some companies also pay third-party service providers to host their private cloud. A private cloud is one in which the services and infrastructure are maintained on a private network.

Hybrid Cloud: Hybrid clouds combine public and private clouds, bound together by technology that allows data and applications to be shared between them. By allowing data and applications to move between private and public clouds, a hybrid cloud gives your business greater flexibility, more deployment options, and helps optimize your existing infrastructure, security, and compliance.

Benefits of Cloud Computing:

Cost Efficiency: Eliminates the capital expense of buying hardware and software and setting up and running on-site datacenters.

Speed: Most cloud computing services are provided self-service and on demand, so even vast amounts of computing resources can be provisioned in minutes.

Global Scale: The benefits include the ability to scale elastically. In cloud speak, that means delivering the right amount of IT resources—for example, more or less computing power, storage, bandwidth—right when it is needed and from the right geographic location.

Productivity: On-site datacenters typically require a lot of racking and stacking—hardware setup, software patching, and other time-consuming IT management chores. Cloud computing removes the need for many of these tasks, so IT teams can spend time on achieving more important business goals.

Performance: The major cloud services run on a worldwide network of secure datacenters, which are upgraded to the latest generation of fast and efficient computing hardware. This offers several benefits over a single corporate datacenter, including reduced network latency for applications and greater economies of scale.

Security: Many cloud providers offer a set of policies, technologies, and controls that strengthen your security posture overall, helping protect your data, apps, and infrastructure from potential threats.

1.2

Introduction to Microsoft Azure

Microsoft Azure, commonly referred to as Azure, is a comprehensive and ever-expanding set of cloud services that enables organizations to build, deploy, and manage applications through Microsoft’s global network of data centers. Azure offers a myriad of services ranging from basic virtual machines (VMs) to sophisticated tools for artificial intelligence (AI), Internet of Things (IoT), and advanced analytics.

Azure’s architecture is built around a variety of components that are designed to provide scalable, reliable, and secure cloud computing solutions. The platform’s core functionalities can be grouped into several categories:

1. Compute: Azure provides multiple computing options, including VMs, container orchestration with Kubernetes, and PaaS (Platform as a Service) elements like Azure App Services. VMs in Azure allow you to deploy Windows or Linux operating systems and scale vertically or horizontally as needed. Azure Kubernetes Service (AKS) simplifies deployment, management, and operations of Kubernetes. App Services enable you to build and host web apps, mobile backends, and RESTful APIs, with auto-scaling and high availability.

2. Storage: Azure offers scalable, redundant, and secure storage options. Core storage services include Blob Storage for unstructured data, File Storage for managed file shares, and Disk Storage for VM disks. Azure Storage is designed to be massively scalable and high-performing for a variety of data persistence needs.

3. Networking: To connect and secure your resources, Azure provides comprehensive networking capabilities. Azure Virtual Network (VNet) allows you to establish private networks within the Azure environment, similar to on-premises networks. Azure Load Balancer maximizes the availability and reliability of applications by distributing network traffic. Azure VPN Gateway and Azure ExpressRoute facilitate secure and scalable communication between on-premises infrastructure and Azure datacenters.

4. Databases: Azure supports several database technologies, including Azure SQL Database, Cosmos DB, and managed instances of popular databases like MySQL and PostgreSQL. Azure SQL Database is a fully managed relational database with built-in intelligence that learns and adapts with the usage pattern. Cosmos DB is a globally distributed, multi-model database service with low latency and high availability.

5. Analytics: Azure provides a range of services for data analytics and business intelligence, such as Azure Synapse Analytics, Azure Databricks, and Azure HDInsight. These tools allow for the processing and analysis of vast amounts of data, enabling advanced insights and data-driven decision-making. Azure Machine Learning, part of the analytics offerings, empowers data scientists to build, train, and deploy machine learning models at scale.

6. AI and Cognitive Services: Azure facilitates the integration of advanced AI functionalities with services like Azure Cognitive Services, Azure Bot Service, and Azure Machine Learning. Azure Cognitive Services offers pre-built APIs for vision, speech, language, knowledge, and search capabilities, enabling the development of intelligent applications.

7. Identity and Security: Authentication and security are critical in any cloud environment. Azure Active Directory (Azure AD) is a cloud-based identity and access management service that helps employees sign in and access resources. Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC) enhance security by ensuring that the right users have appropriate access to resources.

Understanding the underlying infrastructure and services is crucial for effectively leveraging Azure. A critical component of Azure’s global architecture is its datacenter regions. Each region is a set of datacenters deployed within a latency-defined perimeter, interconnected through a dedicated regional low-latency network. Azure operates in over 60 regions globally, each providing multiple availability zones to ensure high availability.

Azure’s platform is designed to be both developer-friendly and enterprise-ready. It supports a wide variety of programming languages, frameworks, and tools, streamlining the development and deployment processes for both new and existing applications. Developers can use their preferred tools such as Visual Studio, Visual Studio Code, or integrated development environments (IDEs) with Azure integrations to build applications.

To interact with Azure, users have multiple interfaces at their disposal:

- Azure Portal: A web-based, unified console for managing Azure resources. It provides a graphical interface to create, configure, and manage Azure services and monitor resource health and performance.

- Azure CLI: A command-line tool for managing Azure resources. It enables automation and scripting of repetitive tasks, making it useful for DevOps practices.

- Azure PowerShell: A set of cmdlets for managing Azure resources directly from the Windows PowerShell or PowerShell Core. It is particularly beneficial for those who are already familiar with PowerShell scripting.

- Azure REST API: Allows integration of Azure services with external applications, providing fine-grained programmatic control over Azure resources.

Understanding the concept of Resource Groups is essential for efficient Azure management. A resource group is a container that holds related resources for an Azure solution. You typically place resources sharing the same lifecycle, permissions, and policies in a resource group to simplify resource management. The Azure Resource Manager (ARM) is the deployment and management service for Azure, which provides a consistent management layer for creating, updating, and deleting resources within your Azure subscription.

Azure implements a robust access and authentication framework through Role-Based Access Control (RBAC). RBAC allows you to segregate duties within your team and grant only the amount of access necessary for users to perform their jobs. By default, Azure includes several predefined roles such as Owner, Contributor, Reader, and User Access Administrator, which can be assigned to users, groups, and service principals.

Microsoft Azure stands as a leading cloud platform that provides a broad spectrum of services tailored to diverse business needs. Its global infrastructure, comprehensive service offerings, and versatile tools make it an essential component for modern IT environments. Through an understanding of its core capabilities and integration mechanisms, organizations can harness the full potential of Azure to build resilient, scalable, and innovative solutions.

1.3

Azure Global Infrastructure

The global infrastructure of Microsoft Azure is meticulously designed to provide high availability, reliability, and scalability for a diverse range of cloud services. This infrastructure comprises datacenters, regions, availability zones, and geo-redundant storage, among other components. Understanding these elements is crucial for efficiently leveraging Azure’s capabilities and ensuring optimal performance and resilience for applications.

Azure regions are geographically distinct locations where Microsoft has established multiple datacenters. As of the latest data, Azure operates over 60 regions worldwide, more than any other cloud provider. Each region is strategically positioned to support compliance, residency requirements, and to minimize latency by serving customers from a geographically proximate location.

The concept of Azure regions can be further dissected into several critical aspects:

Datacenters: Each Azure region consists of one or more datacenters, which are highly secured buildings equipped with sophisticated power, cooling, and networking facilities. These datacenters are interconnected through a private high-speed fiber network, ensuring seamless data transfer and replication.

Paired Regions: Azure regions are typically paired within the same geography, which allows for disaster recovery and data residency. For example, if a service or data needs to be replicated within the United States, it may be paired between the Eastern US and Western US regions. This pairing helps organizations meet compliance and data sovereignty requirements while offering business continuity during major incidents.

Availability Zones: Within some regions, Azure provides Availability Zones, which are physically separate locations within the region. Each Availability Zone is an independent failure domain, with its own power, cooling, and networking infrastructure. Deploying applications across different Availability Zones can enhance resilience against localized failures.

A visual representation of Azure’s global infrastructure can be found in the Azure portal, where an interactive map showcases all active regions, paired regions, and datacenter locations. Azure also provides public roadmaps indicating upcoming datacenter launches, helping organizations plan their deployment strategies.

Another cornerstone of Azure’s infrastructure is the global network that interconnects datacenters and regions. This network spans over 165,000 miles of fiber, providing a backbone for high-speed data transfer and low-latency communication across the globe. It is engineered to handle the robust demands of services like Azure Storage, Azure SQL Database, and high-volume networking services. The network’s architecture supports redundancy and fault tolerance, ensuring constant availability even during maintenance or unexpected outages.

Azure’s commitment to data residency and compliance is reflected in its infrastructure offerings. Data processed in an Azure region is not automatically moved outside that region without explicit direction from the customer. This assurance supports various compliance needs, such as GDPR in Europe, which mandates stringent data protection and privacy standards.

Resiliency is another fundamental attribute of Azure’s global infrastructure. Azure employs various failure recovery strategies, such as data replication and service redundancy across Availability Zones and regions. In the event of a failure in one zone or region, applications can failover to another zone or region with minimal disruption. This resiliency is particularly critical for enterprise applications requiring high uptime and business continuity.

Azure also offers a range of geo-redundant storage options to enhance data durability and availability. For instance, the Geo-Redundant Storage (GRS) and Read-Access Geo-Redundant Storage (RA-GRS) options replicate data across primary and secondary regions, ensuring that data remains accessible even in the case of a regional outage. The following snippet provides an example of configuring geo-redundant storage using Azure CLI:

#

Create

a

resource

group

az

group

create

--

name

myResourceGroup

--

location

eastus

#

Create

a

storage

account

with

geo

-

redundant

storage

az

storage

account

create

--

name

mystorageaccount

\

--

resource

-

group

myResourceGroup

\

--

location

eastus

\

--

sku

Standard_GRS

Additionally, content delivery is optimized through Azure’s extensive Content Delivery Network (CDN), which uses a distributed set of nodes across multiple regions to cache content closer to end-users. This infrastructure reduces latency and accelerates the delivery of web applications, media, and large files.

Finally, Azure’s global infrastructure supports a variety of network services, including Virtual Networks (VNet), ExpressRoute, and Azure Front Door. These services provide secure, high-performance networking solutions that enable hybrid cloud and edge computing capabilities. ExpressRoute, for example, allows private connections between Azure datacenters and on-premises infrastructure, bypassing the public internet to offer enhanced security and reliability.

Understanding Azure’s robust and expansive global infrastructure empowers organizations to architect solutions that optimize performance, ensure compliance, and achieve high availability. The strategic deployment of resources across Azure’s regions, leveraging Availability Zones and geo-redundant storage, can significantly improve application resilience and response times. Ensuring the correct configuration of these components is a fundamental step in maximizing the benefits of Microsoft’s cloud platform.

1.4

Key Azure Concepts and Terminology

Understanding Microsoft Azure’s key concepts and terminology is essential for navigating and leveraging its services effectively. This section outlines fundamental Azure terms, helping to build a strong foundational knowledge.

Azure provides a comprehensive suite of services, and it is essential to familiarize yourself with the nomenclature used within the platform. Below are some primary concepts:

Azure Subscription: An Azure subscription is a logical unit of Azure services linked to an Azure account. It is used to manage and track costs, as well as allocate resources and services. Each subscription has unique service and usage limits; multiple subscriptions can be used within an Azure account for different purposes, such as separating development and production environments.

Azure Region: An Azure region is a set of data centers deployed within a specific geographical area and connected via a low-latency network. Each region is designed to provide high availability and that customer’s proximity to their services is optimized, reducing latency. Azure regions enable users to deploy resources close to their customers, ensuring efficiency and compliance with legal and regulatory requirements.

Resource Group: A resource group is a container that holds related resources for an Azure solution. It serves as a logical grouping mechanism to manage, deploy, monitor, and control access to resources. By using resource groups, users can simplify the organization of resources and manage them collectively according to their lifecycle.

Azure Resource Manager (ARM): The Azure Resource Manager is the deployment and management service for Azure. It provides a consistent management layer that enables you to create, update, and delete resources in your Azure account. ARM uses templates for deployment and maintains a unified structure for resources, facilitating the management of permissions, costs, and compliance.

Virtual Machine (VM): A Virtual Machine in Azure is an emulation of a computer system that provides the functionality of a physical computer. It includes an operating system and hardware configurations, deploying applications in various environments such as development, testing, and production. Users can choose from a wide selection of pre-configured VM images or create custom configurations.

Azure Virtual Network (VNet): An Azure Virtual Network is a representation of your own network in the cloud. It provides isolation, segmentation, and secure connections, allowing you to connect different resources securely and control traffic flow. VNets can be segmented into subnets to organize and secure resources effectively.

Storage Account: An Azure Storage Account provides a unique namespace to store and access data objects such as blobs, queues, files, and tables in Azure Storage. It supports scalable and durable storage solutions for various data types and sizes, ensuring high availability and redundancy.

Compute: Azure Compute provides the infrastructure required to run applications and services, including VMs, containers, and serverless computing. It supports scalable and resilient computing resources that can be adapted to meet fluctuating demands and high availability requirements.

Azure Active Directory (Azure AD): Azure Active Directory is a cloud-based identity and access management service. It provides authentication and authorization capabilities for users, applications, and services, enhancing security through single sign-on (SSO), multi-factor authentication (MFA), and conditional access policies.

Azure Policy: Azure Policy is a service in Azure that you can use to create, assign, and manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with corporate standards and service level agreements. By using Azure Policy, you ensure consistency and enhance governance across your Azure environment.

Azure Monitor: Azure Monitor collects and analyzes telemetry data from both Azure and on-premises environments. It provides comprehensive monitoring capabilities to ensure applications’ performance, availability, and reliability. Azure Monitor supports alerting, visualization through dashboards, and integration with other Azure services for a proactive approach to system maintenance.

Azure DevOps: Azure DevOps offers developer services to support teams in planning work, collaborating on code development, and building and deploying applications. It includes features such as Azure Pipelines, Azure Repos, Azure Boards, Azure Test Plans, and Azure Artifacts to provide an end-to-end DevOps toolchain.

Azure Marketplace: The Azure Marketplace is an online store offering thousands of certified, open-source, and community software applications and services. It allows users to discover, purchase, and deploy solutions that integrate seamlessly with Azure’s infrastructure and services.

Below is an example of listing resources under a specific Azure Subscription using Azure CLI:

az

resource

list

--

subscription

<

Subscription_Id

>

Executing this command produces a list of resources similar to the following format, displayed in JSON:

[     {         id: /subscriptions//resourceGroups//providers/Microsoft.Compute/virtualMachines/,         name: ,         type: Microsoft.Compute/virtualMachines,         location: eastus,         resourceGroup:     },     ... ]

This provides a clear view of how resources are organized and managed within Azure, enhancing your ability to navigate the platform efficiently.

Understanding these key concepts and terminology allows for effective utilization of Azure’s offerings and makes the process of managing cloud resources more intuitive and structured.

1.5

Azure Free Account and Pricing Tiers

Microsoft Azure offers various pricing tiers and free account options to help users start leveraging cloud services without an immediate financial commitment. Establishing a solid understanding of these pricing models and the benefits of a free account is instrumental in making informed decisions when planning and implementing Azure-based projects.

Azure provides a free tier account designed for new users to explore and experiment with its services at no cost for the first 12 months. This free tier includes certain limits, beyond which usage fees may apply. Additionally, Azure offers credits to students and professionals, enabling augmented learning and development experiences.

Azure Free Account

The Azure free account grants new users access to a range of services with no initial costs, encompassing a selection of Azure’s most popular services. This account is beneficial for evaluating and testing different functionalities of Azure.

Twelve Months of Free Services: Users receive access to popular products for 12 months. These include:

Azure Virtual Machines (Linux/Windows): Users can utilize up to 750 hours of B1S Standard tier VM per month.

SQL Database: 250 GB of SQL Database storage is available per month.

Azure Blob Storage: 5 GB LRS (Locally Redundant Storage) Hot Blob is provided.

Azure Cosmos DB: 400 RU/s provisioned throughput with 5 GB storage.

Azure Bandwidth: 15 GB bandwidth egress per month.

Always Free Services: Certain services remain free beyond the initial 12-month period, as long as consumption remains within the defined limits:

Azure App Service (Linux/Windows): 10 web, mobile, or API apps.

Azure Functions: 1,000,000 requests per month.

Azure Event Grid: 100,000 operations per month.

$200 Credit: Azure offers a $200 credit for the first 30 days to explore and use any service not covered or exceeding the limitations of the free tier.

To sign up, users need a Microsoft account and must provide credit card information for identity verification purposes. However, no charges are incurred unless users explicitly upgrade to a paid subscription or exceed the free tier limits.

Azure Pricing Tiers

Understanding Azure’s pricing structure is critical for optimizing both cost management and resources. Azure’s pricing model is predominantly pay-as-you-go, allowing users to pay only for what they use. This model is supplemented by various cost management and optimization tools, such as Azure Cost Management and Billing.

Pay-As-You-Go:

Users pay for services on-demand, as they consume resources. This model provides flexibility and scalability, adjusting costs according to the specific usage patterns of the services.

Pricing is calculated on a per-second or per-minute basis, depending on the service.

Example: Virtual Machines are charged per second based on the VM’s size, region, operating system, and other factors.

Reserved Instances (RI):

Customers can significantly reduce costs by committing to one-year or three-year reservations for various services, including virtual machines and SQL databases.

This approach lets users lock in savings up to 72

Spot Instances:

For workloads that can tolerate interruptions, spot instances offer unused compute capacity at