E-book Series

The Developer’s
Guide to Azure
Published May 2019
 May The Developer’s 2
2019 Guide to Azure

03 / 40 / 82 /
Introduction Chapter 3: Securing Chapter 6: Where
your application and how to deploy
We’re here to help
your Azure services
How can Azure help secure

05 / your app?
Encryption
How can Azure deploy your
services?
Chapter 1: Getting Azure Security Center Infrastructure as Code
started with Azure Logging and monitoring Azure Blueprints
Containers in Azure

51 /
What can Azure do for you? Azure Stack
Where to host your Where to deploy,
application and when?
Chapter 4: Adding
Azure App Service Features
intelligence to
Azure Functions
Azure Logic Apps your application 89 /
Azure Batch
Containers How can Azure integrate AI
Chapter 7: Share your
What to use, and when? into your app? code, track work, and ship
Making your application Azure Search software
more performant Cognitive Services
Azure Front Door Azure Bot Service How can Azure help you plan
Azure Content Delivery Azure Machine Learning smarter, collaborate better, and ship
Network Studio your apps faster?
Azure Redis Cache Developer tooling for AI Azure Boards
AI and mixed reality Azure Repos

22 /
Using events and messages in Azure Pipelines
your application Azure Test Plans
Azure Artifacts
Chapter 2: Connecting
your app with data 72 /
What can Azure do for Chapter 5: Connect your
98 /
your data? business with IoT Chapter 8: Azure in Action
Where to store your data
Azure Cosmos DB How can Azure connect, secure, Walk-through: Azure portal
Azure SQL Database manage, monitor, and control your Walk-through: Developing a web
Azure databases for MySQL, devices in the cloud? app and database
PostgreSQL, and MariaDB Azure IoT Hub Walk-through: Extending apps
Azure Storage Azure IoT Central Walk-through: Ready for production
Azure data analytics Azure IoT solution accelerators
Azure IoT Edge
119 /
solutions
Walkthrough: Publish an on- Azure Digital Twins
premises website to Azure with a Azure Sphere
SQL database Learn more about Azure IoT Chapter 9: Summary
What to use, and when? and resources

Keep Learning with Azure

About the authors
 February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 3
2018 adipiscing
2019 elit Guide to Azure

The
This guide is designed for developers and
architects who are starting their journey into
Microsoft Azure. In this guide, we’ll take you
through the ins and outs of Microsoft Azure.

Developer’s
You’ll learn how to get started and which
services you can use for the scenarios you
might have.

Guide to From creating websites, databases, and

desktop and mobile applications to integrating
the latest technologies into your app, Azure

Azure
does the heavy lifting for you. Azure services
are designed to work together so you can build
complete solutions that last the lifetime of
your app.
 May The Developer’s 4
2019 Guide to Azure

We’re here to help

You can also get help through
other channels, such as:

Documentation and guides that give you an

We can assist you in a variety of ways overview of everything in Azure and provide deep
insights through the documentation of
to suit your needs.
each feature.

With our support plans, you’ll get access to Azure Service License Agreements (SLAs), which can
technical support teams, guidance for cloud design, inform you about our uptime guarantees and
and assistance with migration planning. You can downtime credit policies.
even acquire a support plan that guarantees a
@AzureSupport on Twitter, which is operated by
response from the technical support teams within
skillful Azure engineers who respond quickly to
15 minutes.
issues that you tweet to them.

Stack Overflow, which provides answers to Azure

questions and includes many active posts by
members of the Azure engineering teams.

Azure Community Support, which provides a

place for discussion with the Azure community
and contains answers to community questions.

Azure Advisor, which automatically makes

personalized recommendations for your Azure
resources, including what you need to do to be
more secure, have higher availability, increase
performance, and reduce costs.

Azure Service Health, which gives you a

personalized view of the health of your
Azure services.
 February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 5
2018 adipiscing
2019 elit Guide to Azure

01 /
Mus ma dolor Duntiaspel is vel estotatem qui qui sitatio
nsedit, ea sere volor molupta dolut officto

duciuscit, odit blaut omnimenem fugitas et omnihil

lestibea veliquia conem estiae quidi aut

volupis as volo facearchilit quidelia peri conserrum, qui

utaquiasit utaquiae reperum re et fugitibus

eos et libusci re porepedit faciminciae lant et dolorpos et

volum se doloreh endigenis pratibus quis

duntem commo in natem.

es nit etur sit Sedicil labores citatem natem sedit autet

volorit, quos ut lameniatur? Um enimagnis

Getting
You’ve made the decision to build applications
dolum earum minctur simillab is arum quatinverro
on Azure, and now you want to get started.
te destibus, tem adis eum rehenia si
You don’t need to do much—just sign up for an
omnimusam
Azure free veniincludes
account. This nossita.credits to explore

started
paid Azure services and over 25 services you can
use for free forever.

with
Simply choose which tools, applications, and
frameworks you want to use, and then start running
your apps on Azure.

Azure
 May The Developer’s 6
2019 Guide to Azure

What can Azure

do for you?
Whether you’re a professional developer or
write code for fun, developing with Azure puts the
latest cloud technology and best-in-class developer
tools at your fingertips and makes it easy to build
for the cloud in your preferred language.
With Azure, you can get your work done faster,
take your skills to the next level, and imagine and
build tomorrow’s applications.

Multiply your impact with:

• A cloud platform

• Developer tools

• Management services

Integrated tightly together, these form a true

ecosystem that enables you to create amazing
applications and seamless digital experiences that
run on any device.

Take advantage of the incredible and always

growing capabilities of Azure. Let’s dive in and see
what you can do.
 May The Developer’s 7
2019 Guide to Azure

Where to host Azure App Service comprises

the following:

your application Web Apps: As one of the most widely used Azure
services, Web Apps can host your web applications
or APIs. A web app is basically an abstraction of a
web server, like Internet Information Services (IIS)
Azure offers services designed to provide what or Tomcat, used to host HTTP-driven applications.
you need to deliver and scale every application. Web Apps can host applications written in .NET,
When you use Azure services to run your Node.js, Python, Java, or GO, and you can use
application, you get scalability, high availability, available extensions to run even more languages.
a fully managed platform, and database services.
Azure also offers the following options
// Try it out: Create an ASP.NET
for running your application. Core web app in Azure

Azure App Service

Mobile Apps: Provide a back end for your mobile

You can host your applications in a fully managed applications with Mobile Apps. When you host

application platform loved by enterprise an API in Mobile Apps, your mobile applications

developers: Azure App Service. Azure App Service connect with it through the cross-platform

is a collection of hosting and orchestrating services client SDK. This is available for iOS, Android, and

that share features and capabilities. All services in Windows. Mobile Apps provides features like offline

App Service have the capability, for example, to sync and push notifications to help you create a

secure an application using Azure Active Directory modern, performant, and secure mobile experience.

and can use custom domains.

 May The Developer’s 8
2019 Guide to Azure

Azure App
You can even use Azure’s Testing in Production
feature to route a percentage of traffic from your

Service features
production app to a deployment slot. For example,
if you shunt 10 percent of your users to the new
version of your app in the deployment slot, you can
see whether the new features are functioning as
expected and whether users are using them.
Azure App Service is one of the key services in
Azure that you can use to host your applications. When you’re satisfied with how the new version of
Each of these services brings unique capabilities to your app is performing in the deployment slot, you
the table, but they all share some common features: can carry out a “swap,” which exchanges the app in
the deployment slot with that in your production
Scaling slot. You can also swap from a development slot to a
staging slot, and then to the production slot. Before
Azure App Service runs on App Service plans, doing this, the swap operation verifies that the new
which are abstractions from virtual machines (VMs). version of your website is warmed up and ready
One or more VMs run your Azure App Service, but to go. When this has been confirmed, the swap
since Azure takes care of them, it’s not necessary for operation switches the slots, and your users now see
you to know which ones. You can, however, scale the new version of the app—with no downtime. You
the resources that run your Azure App Service. can also swap back and revert the deployment of
the new version.
You can either choose a higher pricing tier (ranging
from free to premium) or increase the number of You use deployment slots within environments,
application instances that are running. It’s even such as development, test, or production. You don’t
possible to have even have Azure App Service use deployment slots as environments, because
automatically scale the number of instances for you, they all reside in the same App Service plan.
based on a schedule or metrics like CPU, memory,
or HTTP queue length. Those should be separated for security, scaling,
billing, and performance. You can swap deployment
Deployment slots slots manually through the Azure command-line
interface (CLI) and through the Azure Management
After deploying a new version of your application API. This allows tools like Azure DevOps to perform
to a deployment slot, you can test whether it swap operations during a release.
works as expected and then move it into your
production slot.
 May The Developer’s 9
2019 Guide to Azure

Continuous Deployment Custom domains and Azure

App Service certificates
To publish your application to App Service, you
can use services such as Jenkins, Octopus Deploy, When you spin up an app in Azure App
and more. You also can use the Continuous Service, it exposes a URL—for example, https://
Deployment (CD) feature from Azure DevOps in myazurewebsite.azurewebsites.net. Most likely, you
App Service. This makes it possible for you to create will want to use your own custom domain, which
a build-test-release pipeline right in App Service. you do by mapping that domain name to App
Services. Here’s how to do that.
The process does the following:
Additionally, you can ensure that your application
1. Retrieves the latest source code from the is served over HTTPS by using a Secure Sockets
repository that you indicate Layer (SSL) certificate. Just bring your own
certificate or buy one directly from the Azure
2. Builds the code according to a template that
portal. When you buy an SSL certificate from
you pick (ASP.NET, Node.js, and so on)
the Azure portal, you buy an Azure App Service
3. Deploys the app in a staging environment and certificate. You can configure this to be used by
load-tests it your custom domain bindings.

4. Deploys the app to production after approval

// Try it out: Purchase and
(you can indicate whether you want to use a
configure an SSL certificate
deployment slot) in this walk-through

Connect to on-premises resources App Service Environment

You can connect external resources like data stores In a multitier web application, you often have a
to your App Services. These resources don’t need database or services used by your app in Web Apps.
to be located in Azure; they can be anywhere, Ideally, you want these services to be exposed only
such as on-premises or in your own datacenter. to the app and not to the internet. Given that it
Depending on your requirements, you can connect provides the entry point for your users, however,
to services on-premises through many mechanisms, the app itself is often internet-facing.
such as Azure Hybrid Connections, Azure Virtual
To isolate these support services from the internet,
Networks, and Azure ExpressRoute.
you can use Azure Virtual Network.
 May The Developer’s 10
2019 Guide to Azure

This service wraps your support services and The debugger lets you see exactly what went wrong
connects them to your app in Web Apps so that the without impacting the traffic of your production
support services are exposed only to the app, not to application. The Snapshot Debugger can help you
the internet. dramatically reduce the time it takes to resolve
issues that occur in production environments.
This article describes this service in more detail and
Additionally, you can use Visual Studio to set snap
shows you how to use it.
points to debug step by step.
Sometimes, you want even more control. Maybe
you want your app to be wrapped in a Virtual Automatic OS and .NET
Network in order to control access to it. Framework patching

Perhaps you want it to be called by another app in Because you’re using a fully managed platform, you
Web Apps and be a part of your back end. don’t manage your own infrastructure at all and
benefit from automatic operating system (OS) and
For this scenario, you can use an Azure App Service framework patching.
Environment. This affords you a very high scale and
gives you control over isolation and network access. Virtual machines

Snapshot Debugger for .NET Hosting your application in a VM in Azure Virtual

Machines provides you with a lot of control over
Debugging apps can be difficult, especially if the how you host your application. However, you’re
app is running on production. With Snapshot responsible for maintaining the environment,
Debugger you can take a snapshot of your in- including patching the OS and keeping antivirus
production apps when code that you’re interested programs up to date.
in executes.
You can use a VM to test the latest preview version
of Visual Studio without getting your development
machine “dirty.”
 May The Developer’s 11
2019 Guide to Azure

Azure
An application that uses Functions activates
a function every time a new image file is

Functions
uploaded to Azure Blob storage. The function
then resizes the image and writes it to another
Blob storage account.

Data from the Blob that triggered the function is

With Azure Functions, you can write the code you passed into the function as the myBlob parameter,
need for a solution without worrying about building which includes the Blob URL. Use the outputBlob
a full application or the infrastructure to run it. A output binding parameter to specify to which Blob
function is a unit of code logic that’s triggered by an to write the result. There’s no need to write the
HTTP request, an event in another Azure service, or plumbing for connecting to Blob storage; you just
based on a schedule. configure it.

Input and output bindings connect your function

// Try it out: Create your
code to other services, like Azure Storage, Azure first Azure function using
Cosmos DB, Azure Service Bus, and even third-party the Azure portal
services like Twilio and SendGrid. Using Functions,
you can build small pieces of functionality quickly
and host them in an elastic environment that
automatically manages scaling.

With Azure Functions, it’s possible to pay only

for functions that run, rather than having to keep
compute instances running all month. This is also
called serverless because it only requires you to
create your application—you don’t have to deal
with any servers or even scaling of servers.

You can write Azure Functions in .NET, JavaScript,

Java, and a growing list of languages.
 May The Developer’s 12
2019 Guide to Azure

Azure
The following is an example of a workflow in
Logic Apps:

Logic Apps 1. The Logic App is activated when an

email containing a shipping order arrives
in Office 365.

You can orchestrate business logic with 2. Using the data in the email, the Logic App
Logic Apps by automating a business process checks on the availability of the ordered item
or integrating with software as a service (SaaS) in SQL Server.
applications. Just like in Azure Functions, Logic
Apps can be activated by an outside source, for 3. Using Twilio, the Logic App sends a text
instance, a new message. Weaving together API message to the customer’s phone indicating
calls to connectors, you can create a (possibly that the order was received and the item has
complex) workflow that can involve resources both been shipped.
in the cloud and on-premises.

// Try it out: Get started with

Logic Apps has many available connectors
Azure Logic Apps
to APIs that can connect to Azure SQL Database,
Salesforce, SAP, and so on.

You can also expose your own APIs or Azure

Functions as connectors to use in a Logic App,
making it possible for you to easily perform actions
against external systems in your workflow or have
your Logic App be activated by one of them.

Just like Azure Functions, Logic Apps are serverless

and scaled automatically, and you pay for them only
when they’re running.
 May The Developer’s 13
2019 Guide to Azure

Azure Batch
If you need to run large-scale batch or high-
performance computing (HPC) applications on
VMs, you can use Azure Batch. Batch creates and
manages a collection of thousands of VMs, installs
the applications you want to run, and schedules
jobs on the VMs. You don’t need to deploy and
manage individual VMs or server clusters; Batch
schedules, manages, and auto-scales your jobs so
you use only the VMs you need.

Batch is a free service, so you only pay for the

underlying resources consumed, like VMs,
storage, and networking.

Batch is well suited to run parallel workloads

at scale, such as financial risk models, media
transcoding, VFX and 3D image rendering,
engineering simulations, and many other
compute-intensive applications. Use Batch to
scale out an application or script that you already
run on workstations or an on-premises cluster,
or develop SaaS solutions that use Batch as a
compute platform.

// Try it out: Get started on

Azure Batch with these
step-by-step tutorials
 May The Developer’s 14
2019 Guide to Azure

Containers
your clusters, not for the masters. As a managed
Kubernetes service, AKS provides automated
Kubernetes version upgrades and patching, easy
cluster scaling, a self-healing hosted control plane
(masters), and cost savings, since you only pay for
While much more lightweight, containers are
running agent pool nodes.
similar to VMs, and you can start and stop them in
a few seconds. Containers also offer tremendous
With Azure handling the management of the nodes
portability, which makes them ideal for developing
in your AKS cluster, there are many tasks that you
an app locally on your machine and then hosting it
don’t have to perform manually, such as cluster
in the cloud, in test, and later in production.
upgrades. Because Azure handles these critical
maintenance tasks for you, AKS does not provide
You can even run containers on-premises or in
direct access (such as with SSH) to the cluster.
other clouds—the environment that you use
on your development machine travels with your
container, so your app always runs in the // More info: Learn how to use
Azure Kubernetes Service
same ecosystem.

Scale and orchestrate containers with Host containers with Azure

Azure Kubernetes Service Container Instances

Azure Kubernetes Service (AKS) makes it simple to You can host your container using Azure Container
create, configure, and manage a cluster of VMs that Instances (ACI). ACI provides fast, isolated compute
are preconfigured to run containers. This means to meet traffic that comes in spikes, without the
you can use your existing skills to manage and need to manage servers. For example, Azure
deploy applications that run in containers on Azure. Container Service (ACS) can use the Virtual
Kubelet to provision pods inside ACI that start in
AKS reduces the complexity and operational seconds. This enables ACS to run with just enough
overhead of managing a Kubernetes cluster by capacity for an average workload. As you run
offloading much of that responsibility to Azure. As out of capacity in your ACS cluster, you can scale
a hosted Kubernetes service, Azure handles critical out additional pods in ACI without any additional
tasks like health monitoring and maintenance. In servers to manage. The ACI service is billed
addition, you pay only for the agent nodes within per second, per virtual CPU, per gigabyte, or
by memory.

// More info: Learn more about

Azure Container Instances
 May The Developer’s 15
2019 Guide to Azure

Host containers in Azure App Azure Service Fabric

Service Web App for Containers
Another way to run applications in Azure is with
Web App for Containers helps you easily deploy Azure Service Fabric. This is actually the service
and run containerized web apps at scale. that runs many of the Azure services inside
Just pull container images from Docker Hub or Microsoft, like Azure SQL Database and Azure App
a private Azure Container Registry, and Web App Service. Run your applications in Azure Service
for Containers will deploy the containerized app Fabric to achieve high availability, run at massive
with your preferred dependencies to production scale, and perform rolling upgrades.
in seconds. The platform automatically takes care
of OS patching, capacity provisioning, and load You can use Azure Service Fabric to run .NET
balancing. You can run Docker containers (Linux) microservice-based applications—solutions
and Windows containers on Web App that consist of many small services that talk to
for Containers. each other and are employed by user interfaces
and other components. Service Fabric is ideal
Azure Container Registry for solutions like these because it orchestrates
application components together and runs them
Once you’ve created a container image to run your in a highly available and performant manner.
application in, you can store that container in Azure
Container Registry (ACR). This is a highly available Azure Service Fabric is unique in that you can run
and secure storage service, specifically built to store it anywhere. Install Service Fabric on your local
container images. This is great for storing your development computer, on-premises, or in any
private Docker images. cloud—including Azure. You can also use Azure
Service Fabric Mesh to run containers on a Service
You can also use ACR for your existing container Fabric cluster that Microsoft manages for you as a
development and deployment pipelines. Use ACR service. This opens up a lot of possibilities.
Build to build container images in Azure.
You can either build on demand or fully automate It’s easy to deploy applications to Azure Service
builds with source code commit and base image Fabric and manage them with your favorite tools,
update build triggers. like Visual Studio and Azure DevOps Services. In
addition, Service Fabric recently became
open source.
 May The Developer’s 16
2019 Guide to Azure

What to use,
Some of the services that run your application in
Azure can work together in a solution, while others

and when?
are more suited to different purposes.

While this can make it difficult to pick the right

services, Table 1-1 will help identify which services in
Azure are right for your situation.

Table 1-1
Web Apps*

Containers*
Web App for

Mobile Apps*

Functions*

Logic Apps*

Machines*
Virtual

Service*
Kubernetes

Service Fabric*

Instances*
Container

Batch*
Monolithic and
N-Tier applications ● ●** ● ●

Mobile app
back end ● ●**

Microservice
architecture ● ● ●
applications

Business process
orchestration ● ●
and work flows

Compute
intensive jobs ●

Run your app

anywhere
(including ● ● ● ●
on-premises)

* Services with an asterisk have a free tier that you can use to get
started at no cost.

** For lifting and shifting existing applications to Azure.

 May The Developer’s 17
2019 Guide to Azure

Making your
Azure Traffic Manager scales across regions,
helping to reduce latency and provide users

application more
a performant experience, regardless of where
they are. Traffic Manager is an intelligent routing
mechanism that you put in front of your Web

performant Apps applications. Web Apps acts as endpoints,|

which Azure Traffic Manager monitors for health
and performance.

After your application is up and running in When users access your application, Traffic
Azure, you want it to be as performant as possible. Manager routes them to the Web Apps application
Azure provides a range of services that can help that is most performant in their proximity.
you with that.
Including Traffic Manager in your architecture
Azure Traffic Manager is a great way to improve the performance of
your application.
Many modern applications have users all over
the world. Providing a performant experience for
everyone is challenging, to say the least. The most
obvious problem you need to deal with is latency,
the time it takes for a signal or a request to travel
to a user. The farther away users are from your
application, the more latency they experience.
 May The Developer’s 18
2019 Guide to Azure

Azure
Azure Front Door can help. This service can
route traffic from users to the most performant

Front Door
application endpoint for them to improve
performance. Azure Front Door can route to
endpoints that are available while avoiding
endpoints that are down.

Your users might be spread out over the world and Azure Traffic Manager does this as well, but in a
at times might be traveling. This can make it difficult different manner than Azure Front Door. Azure
to make sure they have a performant experience Front Door works at OSI layer 7 or the
and that your application is available and secure, HTTP/HTTPS layer, while Azure Traffic Manager
regardless of location. works with DNS. In other words, Azure Front
Door works on the application level and Azure
Traffic Manager works on the network level. This
is a fundamental difference that determines the
capabilities of the services.

Because of this difference, Azure Front Door

does a lot more than route users to available
and performant endpoints.

Azure Front Door allows you to author custom

web application firewall (WAF) rules for access
control to protect your HTTP/HTTPS workload from
exploitation based on client IP addresses, country
code, and HTTP parameters.

Additionally, Front Door enables you to create rate

limiting rules to battle malicious bot traffic. These
are just some of the unique capabilities of Azure
Front Door.
 May The Developer’s 19
2019 Guide to Azure

Other capabilities of Front Door include:

• URL-based routing • SSL termination

This allows you to route requests With this, you can secure your traffic end to
for different URLs to different back end pools end, from the browser to the application in the
(applications that receive traffic, like Web Apps). back end pool.
For instance, http://www.contoso.com/users/*
• Session affinity
goes to one pool, and http://www.contoso.
When you want users to be sent
com/products/* goes to another.
to the same endpoint every time, session
• URL rewrite affinity is useful. This is important in cases
This enables you to customize the URL that you where session state is saved locally on the
pass on to the back end pool. back end for a user session.

If you need help choosing between

Azure Front Door and Traffic Manager,
consider this guidance:

Azure Traffic Manager Azure Front Door

You only need routing (performance- or geography-based)

and high availability
●

You need SSL termination (also called SSL offloading) ●

You need application layer features like URL rewriting

and WAF
●
 May The Developer’s 20
2019 Guide to Azure

Azure Content
Not only is this easy to do, it also improves
the performance of your application in the

Delivery Network
following ways:

• Offloads serving content from your

application. Since it is now served by Content
Delivery Network, it frees up processing cycles
One of the Azure services that can help you make for your application.
your application faster is Azure Content Delivery
Network. You upload your static files—videos, • Brings static content physically closer
images, JavaScript, CSS, and even static HTML to your users by distributing it to PoPs all
files—to a data store, such as Azure Blob storage, over the world.
and then couple Azure Content Delivery Network
to that. You can benefit from Content Delivery Network
in web applications as well as in mobile and
Content Delivery Network will then take
desktop applications. One way to use Content
those static files and replicate them to hundreds of
Delivery Network is to serve videos for a mobile
points of presence (PoP) all over the world. All you
app. Since videos can be large, you don’t want to
need to do in your app is change the reference to
store them on the mobile device—and neither do
the static files to a different URL.
your users. Using Content Delivery Network, the
For example, the reference previously might have videos are served from the PoP. Since it is close to
been ~/images/image.png, and it would now be the user, this also improves performance.
https://example.azureedge.com/image.png.
// Try it out: Get started with
Azure Content Delivery Network
 May The Developer’s 21
2019 Guide to Azure

Azure Redis Cache

Azure provides Cache-as-a-Service with Redis
Cache. This is based on the open-source Redis
project and is now backed by industry-leading
SLAs. It is highly performant and has advanced
options like clustering and geo-replication.
Every modern application works with data. When
you retrieve data from a data store like a database,
this typically involves scanning multiple tables or // Try it out: Get started with
Azure Redis Cache
documents in some distant server, weaving the
results together, and then sending the result to the
requesting device. This, of course, takes time and Further reading
can frustrate and annoy your users.
If you want to learn more about using Azure
To eliminate some of these “roundtrips,” you can Kubernetes Service, Azure Container Instances,
cache data that doesn’t change often. This way, and other Azure services to create distributed
instead of querying the database every time, you applications, download and read the following
could retrieve some of the data from a cache, like free e-books:
Azure Redis Cache. The benefit of the cache is that
it stores data in a simple format, such as key-value.
// Containerize Your Apps
You don’t need to run a complex query to get this
with Docker and Kubernetes
data—you just need to know the key to retrieve
the value.

// Designing Distributed Systems

This can improve the performance
of your application dramatically.
Here’s how this workflow operates:

1. The app needs some data and attempts

to retrieve it from the cache.

2. If the data is not there, get it from the database

and store the data in the cache.

3. The next time the app is looks for that piece of

data, it will find it in the cache, saving a trip to
the database.
 February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 22
2018 adipiscing
2019 elit Guide to Azure

02 /
Mus ma dolor Duntiaspel is vel estotatem qui qui sitatio
nsedit, ea sere volor molupta dolut officto

duciuscit, odit blaut omnimenem fugitas et omnihil

lestibea veliquia conem estiae quidi aut

volupis as volo facearchilit quidelia peri conserrum, qui

utaquiasit utaquiae reperum re et fugitibus

eos et libusci re porepedit faciminciae lant et dolorpos et

volum se doloreh endigenis pratibus quis

duntem commo in natem.

es nit etur sit Sedicil labores citatem natem sedit autet

volorit, quos ut lameniatur? Um enimagnis

Connecting
dolum earum minctur simillab is arum quatinverro
te destibus, tem adis eum rehenia si
omnimusam veni nossita.

your app
with data
 May The Developer’s 23
2019 Guide to Azure

What can Azure do

for your data?
Wherever your data is, Azure will help you unlock its
potential. Support rapid growth and save more time
for innovation with a portfolio of secure, enterprise-
grade database services that support open-source
database engines.

Azure database services are fully managed,

freeing up valuable time so you can focus on new
ways to delight your users and unlock opportunities
rather than spending that time managing your
database. Enterprise-grade performance with
built-in high availability means you can scale quickly
and reach global distribution without worrying
about costly downtime.

Developers can take advantage of industry-leading

innovations, such as built-in security with automatic
monitoring and threat detection, automatic tuning
for improved performance, and turnkey global
distribution. On top of all of this, your investment is
protected by financially backed SLAs.

Whatever you build, we’ll help you get it to market

quickly, distribute it widely, and manage it easily
and confidently.

Let’s dive in.

 May The Developer’s 24
2019 Guide to Azure

Where to store
your data

Azure provides many types of data stores that can All services have a free tier that you can use
help you maintain and retrieve data in any scenario. to get started.
Table 2-1 presents the storage options available
in Azure.
// Note: You can use almost all
storage options mentioned in
this section as activators and
bindings for Azure Functions.

Let’s take a closer look at each storage option.

Table 2-1
DB*
Azure Cosmos

Warehouse*
SQL Database*

MySQL*

PostgreSQL*

MariaDB*

Blob*

Table*

Queue*

File*

Disk*

Data Lake Store*

SQL Data
Relational data ● ● ● ● ● ●

Unstructured data ● ● ●

Semi-structured data ● ●

Queue messages ●

Files on disk ●

High-performance files on disk ●

Store large data ● ● ● ● ● ●

Store small data ● ● ● ● ● ● ● ● ● ●

Geographic data replication ● ● ● ● ● ● ● ● ● ●

Tunable data consistency ●

* Services with an asterisk have a free tier that you can use to get started at no cost.
 May The Developer’s 25
2019 Guide to Azure

Azure Cosmos DB
In addition to all these features, Azure Cosmos DB
offers different APIs with which you can store and
retrieve data, including SQL, JavaScript, Gremlin,
MongoDB, Azure Table Storage, and Apache
Cassandra. Different APIs handle data in different
Azure Cosmos DB is a new kind of ways. You can use documents as data as well as
database made for the cloud. Its key unstructured tables, graphs, and blobs. You use the
features include: API that fits your needs, and Azure Cosmos DB takes
care of the rest.
• A 99.99 percent SLA (99.999% for read
operations) that includes low latencies (less than
You benefit from cloud-grade performance,
10 ms on reads and less than 15 ms on writes)
scalability, and reliability while using the
programming model you’re already accustomed to.
• Geo-replication, which replicates data to other
geographical regions in real time.
// Try it out: Get started with
Azure Cosmos DB
• Tunable data consistency levels so you can
enable a truly globally distributed data system.
You can choose from a spectrum of data
consistency models, including strong consistency,
session consistency, and eventual consistency.

• Traffic Manager, which sends users to the service

endpoint to which they are closest.

• Limitless global scale, so you pay only for the

throughput and storage that you need.

• Automatic indexing of data, which removes the

need to maintain or tune the database.
 May The Developer’s 26
2019 Guide to Azure

Azure SQL
• Auditing, which provides a complete
audit trail of all the actions that happen

Database
to the data

• Automatic database tuning, which monitors

the performance of your database and tunes
it automatically
If you want to use tables with columns and rows to
store data, Azure SQL Database is a great choice. SQL Database offers several service tiers
A relational database system similar to on-premises that are geared toward specific scenarios.
Microsoft SQL Server, SQL Database runs in the
cloud—so it’s fully managed, performant, scalable, • General purpose/standard: This tier offers
automatically backed up, and includes many budget-oriented, balanced, and scalable
advanced features. compute and storage options. Fully managed,
with performance comparable to Azure SQL
With SQL Database, you can do almost everything VMs, this tier is the best option for most
that you can do with on-premises SQL Server. In business workloads.
fact, new SQL Server features are incorporated first
• Business Critical/Premium: This tier offers
in Azure SQL Database and later in on-premises
the highest resilience to failures using several
SQL Server.
isolated replicas. With consistently high IO, it
includes a built-in availability group for high
You can use SQL Database with your favorite tools,
availability. This is the best option for critical
including SQL Server Management Studio and the
Online Transactional Processing (OLTP) (normal
Entity Framework. Databases in SQL Database are
CRUD operations) business applications with
extremely reliable and robust and offer an SLA that
consistently high IO requirements.
guarantees 99.99 percent uptime.
• Hyperscale: This tier offers very large database
Here are some of the more advanced features in (VLDB) support without the headaches. With
SQL Database: a built-for-the-cloud architecture of highly
scalable storage and a multilayer cache
• Geo-replication, which replicates data to other optimized for very large and demanding
geographical regions in real time workloads, it provides low latency and high
throughput regardless of the size of data
• Dynamic data masking, which masks sensitive
operations. This is the best tier for very large
data for certain users at runtime
and demanding workloads with highly scalable
storage and read-scale requirements.
 May The Developer’s 27
2019 Guide to Azure

Azure databases
Azure provides MySQL, PostgreSQL, and MariaDB
databases as managed databases, which means

for MySQL,
that you just spin them up and don’t have to worry
about any of the underlying infrastructure. Just like
Azure SQL Database and Azure Cosmos DB, these

PostgreSQL, databases are universally available, scalable, highly

secure, and fully managed.

and MariaDB Each of these databases is suited for slightly

different use cases, but in general their functionality
overlaps a lot. You would use Azure databases for
MySQL, PostgreSQL, and MariaDB when you’ve
already been using one of their on-premises
versions and want the advantage of having it run
fully managed in the cloud.
 May The Developer’s 28
2019 Guide to Azure

Azure Storage Host static websites on Azure Storage

Another exciting feature of Azure Storage is static

website hosting. This static websites feature only
uses Blob storage as its datastore, and you can use
Azure Storage is one of the oldest, most it to host a static website on Azure Storage. All you
reliable, and most performant services in have to do for your website to run is upload the files
Azure. Azure Storage offers five types of of your static website to Blob storage and indicate
storage that all benefit from the following which file is the default document (like index.html)
shared features: and which one is the error document (like 404.
html). Your website will run quickly for very little
• Geo-redundancy, which replicates data to cost—in fact, you only pay for the storage you use,
different datacenters so you can recover it if a and the static website feature doesn’t cost anything
disaster causes an individual datacenter to fail extra. Additionally, when you use geo-redundancy

• Encryption of data at runtime (which is enabled by default), your website will be

up and running even if your primary
• Custom domains datacenter fails.

The five Azure Storage types are Blob, Table, Queue, Blob storage
File, and Disk (Figure 2-1).
Azure Blob storage stores large, unstructured
data—literally, blobs of data. This data can be
video, image, audio, text, or even virtual hard drive
(VHD) files for VMs.

Queue
There are three types of blobs: Page, Append,
Blob Table
Unstructured Semi-structured Queue and Block Blobs. Page Blobs are optimized for
Large Flexible scheme Reliable
MSMQ
random read and write operations, and are perfect
Page/Block Small messages
for storing a VHD. Block Blobs are optimized for
efficiently uploading large amounts of data.

File Disk
File share Premium High I/O
SMB VM Disks

Figure 2-1
 May The Developer’s 29
2019 Guide to Azure

These are perfect for storing large video files that File storage
don’t change often. Append Blobs are optimized for
append operations, such as storing operation logs You can use Azure File storage as a drive to share
that can’t be updated or deleted. files from. It uses the Server Message Block (SMB)
protocol, meaning you can use it with Windows and
// Try it out: Get started with Linux and access it from either the cloud or on-
Azure Blob storage
premises systems. Like the other services in Azure
Storage, File storage is scalable and inexpensive.
Table storage
// Try it out: Get started with
Azure Table storage is an inexpensive, extremely Azure File storage
fast NoSQL key-value store you can use to store
data in flexible tables. A table can contain one row Disk storage
describing an order and another row describing
customer information. You don’t need to define a Azure Disk storage is similar to File storage but
data schema, making Table storage very flexible. is specifically meant for high I/O performance.
It’s perfect for use as a drive in a VM that needs
// Try it out: Get started with high performance to run SQL Server, for instance.
Azure Table storage
Disk storage is available only in the premium
pricing tier of Azure Storage.
Queue storage
Azure Data Lake Store
Azure Queue storage is an unusual type of storage.
While it’s used to store small messages of data,
The previous data stores were meant for regular
its main purpose is to serve as a queue. You put
application use or for use with VMs. The Azure
messages on the queue and other processes pick
Data Lake Store, on the other hand, is storage for
them up. This pattern decouples the message
big data applications. You can use it to store large
sender from the message processor, resulting in
amounts of data in its native format—structured,
performance and reliability benefits. Azure Queue
unstructured, or anything in between. The point of
storage is found in previous versions of Windows.
the Data Lake Store is to hold your raw data so you
can analyze it or transform and move it.
// Try it out: Get started with
Azure Queue storage
 May The Developer’s 30
2019 Guide to Azure

The following are the main characteristics of in predefined schemas and query it by using the
Azure Data Lake Store: familiar SQL Server dialect.

• Unlimited storage capacity. A single file can be Because SQL Data Warehouse runs in Azure, there
larger than one petabyte in size—200 times are many advanced features available to you. One
larger than other cloud providers offer. of these features is automatic threat detection,
which uses machine learning to understand the
• Scalable performance to accommodate massively patterns of your workload and serve as an alarm
parallel analytics. system to alert you of a potential breach.

• Data can be stored in any format, without An effective time to use SQL Data Warehouse is
a schema. when you know which reports you want to show
to users and what the data schema for these
This is a very different approach from the reports is. You can then create schemas in SQL Data
traditional data warehouse, in which you Warehouse and populate it with data so users can
define data schemas upfront. navigate through the data.

You can store all of the data that you get from // Try it out: Create an Azure SQL
Internet of Things (IoT) devices collecting Data Warehouse
temperature data, for example, in Data Lake
Storage. You can leave the data in the store and
then filter through it to create a view of the data
per hour or per week. Storing the data in Data Lake
Storage is inexpensive, so you can keep years of
data there at a very low cost.

// Try it out: Get started with

Azure Data Lake Store using
the Azure portal

Azure SQL Data Warehouse

When you need a traditional data warehousing

solution that is completely managed, scalable in
size, and performant and secure, Azure SQL Data
Warehouse can provide the solution. Store data
 May The Developer’s 31
2019 Guide to Azure

Azure data
When you move data, you can also filter it before
you send it to an end destination, clean it up, or

analytics
transform it with an activity in the pipeline like
the Apache Spark activity. In addition, Azure
Data Factory allows you to schedule and monitor

solutions pipelines as well as lift and shift your SQL Server

Integration Services (SSIS) packages to the cloud.

// Try it out: Create a data factory

Almost as important as storing data is analyzing using the Azure portal
it to get insights. Azure provides many services
for data analytics scenarios, enabling you to get Azure Analysis Services
valuable and actionable insights from your data—
no matter how large or small or complex it is. With Azure Analysis Services, you can create a
semantic model of your data that users can access
Azure Data Factory directly with visualization tools like Power BI. Built
on the SQL Server Analysis Services tools that run
Moving and transforming data is not a trivial on-premises with SQL Server, the service now runs
task, but Azure Data Factory can help you to managed in the cloud. This means that the service is
do just that. Within Data Factory, you can create scalable and that data is stored redundantly—and
a comprehensive pipeline that performs your when you aren’t using it, you can pause the service
complete extraction, transformation, and loading to minimize costs.
(ETL) process.

With Azure Analysis Services, you can provide

Data Factory can reliably move data from on- modeled data directly to users in a very performant
premises to the cloud, within the cloud, or to way. Users can query millions of records in seconds
on-premises—it doesn’t matter where your data because the model lives completely in memory and
sources are. Data Factory also provides many is periodically refreshed.
connectors that you can use to easily connect to
your data source, like SQL Server, Azure Cosmos DB, You can get data into the semantic model from
Oracle, and many more. anywhere, including from data sources in the cloud
and on-premises. You can use Azure Blob storage,
 May The Developer’s 32
2019 Guide to Azure

Azure SQL Database, Azure SQL Data Warehouse, Azure Stream Analytics
and many other services as data sources for the
model. You can also use data sources like on- You can use the Azure Stream Analytics service
premises Active Directory, Access databases, and to analyze, query, and filter real-time streaming
Oracle databases. data. For example, when you receive a stream of
temperature data from an IoT device, it tells you
// Try it out: Create an Azure how warm it is outside. It might provide the same
Analysis Services server using temperature every second for an hour until the
the Azure portal temperature changes, but you are only interested in
the changes. Azure Stream Analytics can query the
Azure Data Lake Analytics data in real time and store only the differential data
in an Azure SQL Database.
Another Azure service for performing data analytics
tasks is Azure Data Lake Analytics. With this Stream Analytics can get its data from many
service, you can analyze, process, and transform services, including Azure Blob storage, Azure Event
potentially massive amounts of data from Azure Hubs, and Azure IoT Hub. You can analyze the data
Storage and Azure Data Lake Store. by using a simple SQL-like language or custom
code. After querying and filtering the stream of
Azure Data Lake Analytics allows you to create and data, Stream Analytics can output the result to
submit jobs that query data, analyze it, or transform many Azure services, including Azure SQL Database,
it. You can write these jobs in U-SQL, which is a SQL- Azure Storage, and Azure Event Hubs.
like language, and extend U-SQL with Microsoft R
and Python. // Try it out: Create a Stream
Analytics job using the
You pay for the jobs that you submit and run, and Azure portal
the service scales automatically depending on the
power that the jobs need. Azure Data Lake Analytics Azure Time Series Insights
is typically used for long-running analytics jobs
against massive amounts of data. You can use Azure Time Series Insights to get quick
insights on large amounts of typically IoT-type data.
// Try it out: Create your first This service gets data from Azure Event Hubs, IoT
U-SQL script through the Hub, and your own reference inputs, and it retains
Azure portal that data for a specified amount of time.
 May The Developer’s 33
2019 Guide to Azure

With Azure Time Series Insights, users can query Azure Data Lake Store. Databricks also works with
and analyze data through a visualization tool as data from Azure SQL Data Warehouse, Azure SQL
soon as it comes in. Time Series Insights not only Database, and Azure Cosmos DB. Additionally, you
analyzes data, but also ingests and holds it for a can plug Databricks into Power BI to create and
while. This is like Azure Analysis Services, where show powerful dashboards.
data lives in-memory in a model for users to query.
The key differences are that Time Series Insights // Try it out: Run a Spark job on
is optimized for IoT and time-based data, and it Azure Databricks using the
contains its own data visualization tool. Azure portal

// Try it out: Explore a Time Series Azure HDInsight

Insights demo environment from
your browser Azure HDInsight is a platform within Azure that
you can use to run open-source data analytics
Azure Databricks services. You can also use it to run specialized
clusters of your favorite open-source data analytics
Azure Databricks allows you to run a managed and tools. The advantage of running these tools in
scalable Databricks cluster in the cloud. Databricks Azure HDInsight is that they’re managed, which
provides a unified analytics platform with a host means you don’t have to maintain VMs or patch
of tools and capabilities. Within Databricks, you operating systems. Plus, they can scale and easily
can run optimized versions of Apache Spark to do connect to one another, other Azure services, and
advanced data analytics. on-premises data sources and services.

In addition to Spark-based analytics, Databricks Most of the specialized open-source data analytics
provides interactive notebooks and integrated cluster types in Azure HDInsight use Azure Blob
workflows and workspaces you can use to storage or Azure Data Lake Store to access or
collaborate with the entire data team, including store data, as these services work with the
data scientists, data engineers, and business Hadoop File System.
analysts—all of whom have access to specialized
tools for their specific needs. You can run potentially massive specialized
clusters of different types, such as an Apache
Databricks is fully integrated with Azure Active Hadoop cluster. This enables you to process and
Directory, which gives you the ability to implement analyze data with Hadoop tools like Hive, Pig,
granular security. With Databricks, you can perform and Oozie.
Spark-based data analytics on data that comes
from many places, including Azure Storage and
 May The Developer’s 34
2019 Guide to Azure

You can also spin up an Apache HBase cluster, Kafka, which is a publish-subscribe messaging
which provides a very fast NoSQL database. The system used to build applications with
data actually lives within Azure Storage or an queueing mechanisms.
Azure Data Lake, but HBase provides an abstraction
layer on top, which has its own functionality and There are more cluster types, as well as tools that
unique performance. you can use within clusters. You can perform
almost any data analytics and processing task with
You can create an Apache Storm cluster, which a combination of these clusters, and they all run
is geared toward analyzing data streams, just managed in the cloud. Table 2-2 can help you pick
like Azure Stream Analytics. In addition, you can the right Azure services for analyzing your data.
have an Apache Spark cluster, which provides a
framework for processing and analyzing massive // Try it out: Extract, transform,
amounts of data. HDInsight can also run a cluster and load data using Apache Hive
for Microsoft Machine Learning Server (previously on Azure HDInsight
Microsoft R server).

This allows you to run R-based jobs to analyze data.

Finally, you can create a cluster that runs Apache

Table 2-2
Data Factory*

Analysis Services*

Data Lake Analytics*

Stream Analytics*

Time Series Insights*

Azure Databricks*

Azure HDInsight*

Move data from store to store ●

Transform data ● ● ● ● ● ● ●

Query and filter streaming data ● ● ●

Provide in-memory semantic model for users ● ● ●

Allow users to query data and
create dashboards ●

Analyze data for later use ● ● ●

* Services with an asterisk have a free tier that you can use to get started at no cost.
 May The Developer’s 35
2019 Guide to Azure

Walk-through: Before you begin, you will need:

Publish an on-
• Microsoft Visual Studio 2017 or later

• An Azure free account in order to follow

premises website •
this demo script

Tailwind Traders Rewards source code

to Azure with a
SQL database
Walk through: Migrating a .NET app to Azure without
code change

When your application has outgrown your local

infrastructure, you need to look at other options of
meeting demands without burdening your teams.

The Azure cloud offers a variety of platforms and

service offerings to host applications. To start, you’ll
use Azure App Service to host the application
without any changes to the existing code
 May The Developer’s 36
2019 Guide to Azure

1. Launch Visual Studio 2019. You”ll immediately

notice the simplified ‘open’ experience.

Launch Visual Studio

2. Click the Clone or checkout code option

and enter the Tailwind Traders Rewards
repository URL (https://github.com/Microsoft/
TailwindTraders-Rewards.git) in the Code
repository location.

Click Clone. Under Solutions and folders,

click Tailwind.Traders.Rewards.sln to open
the solution.

Rewards clone

3. Right-click the project Tailwind.Traders.Rewards.

Web and choose Publish. This is the same
Publish dialog box that you can use to deploy
onto IIS6 in your local infrastructure.

Using this Publish dialog, you’ll deploy the

application to the Azure cloud platform.

Publish app
 May The Developer’s 37
2019 Guide to Azure

4. Choose App Service as the Publish target.

Under the Azure App Service window, choose
Create New and click Publish.

Publish options

5. In the next window, enter your Azure

subscription information, choose the App
Service, and either choose existing options for
Resource Group, Hosting Plan, and Application
Insights or create new ones.

Click the Create a SQL database option on the

right side and create a new server and database
within the resulting windows.

Finally, click Create to create a publish profile.

Alternatively, you can create the Azure SQL Create profile
database directly on the Azure portal.

Create profile
 May The Developer’s 38
2019 Guide to Azure

6. Click Configure in the Publish window to

check the database connection strings. The
database connection strings can be populated
by selecting the ellipsis button and entering
the SQL database details. On clicking Publish,
the web config file will be updated with this
database string, which is pointing to a
SQL database.

When the application is debugged locally, it’s

the local Internet Information Services (IIS) and
the local SQL server that will act, but when the
Database connection strings
app is published this will be swapped with the
created Azure services.

7. Click Publish to deploy the application to

Azure App Service and the back end to the
SQL database.

Publish app
 May The Developer’s 39
2019 Guide to Azure

8. Once the app is published, you’ll see the status as

Publish Succeeded, and the web app is opened
in the browser. The website will now show data
from the SQL database.

Publish Succeeded

Web app

Further reading

If you want to learn more about data and data

analytics in Azure, you can download and read the
following free e-books:

// Guide to NoSQL with Azure

Cosmos DB

// Azure for Architects

// Migrating .NET Apps to Azure

 February Lorem
May
May ipsum dolor sit
The
The
amet,
Developer’s
Developer’s
consectetur 40
2018 adipiscing
2019
2019 elit Guide
Guide to
to Azure
Azure

03 /
Mus ma dolor Duntiaspel is vel estotatem qui qui sitatio
nsedit, ea sere volor molupta dolut officto

duciuscit, odit blaut omnimenem fugitas et omnihil

lestibea veliquia conem estiae quidi aut

volupis as volo facearchilit quidelia peri conserrum, qui

utaquiasit utaquiae reperum re et fugitibus

eos et libusci re porepedit faciminciae lant et dolorpos et

volum se doloreh endigenis pratibus quis

duntem commo in natem.

es nit etur sit Sedicil labores citatem natem sedit autet

volorit, quos ut lameniatur? Um enimagnis

Securing
dolum earum minctur simillab is arum quatinverro
te destibus, tem adis eum rehenia si
omnimusam veni nossita.

your
application
 May The Developer’s 41
2019 Guide to Azure

How can
Azure help
secure your app?
Have you ever had a security incident with one of
your applications? You might have had one without
even knowing it. With Azure, you can protect
data, apps, and infrastructure with built-in security
services that include security intelligence to help
identify rapidly evolving threats early—so you can
respond quickly.

Azure can also help you implement a layered,

in-depth defense strategy across identity, data,
hosts, and networks. With services like the Azure
Security Center, you can get an overview of your
security status and recommendations for how to
improve security.

Most importantly, you’ll be notified as soon as there

might be a security incident—so you’ll always know
if there’s a threat. This way, you can take immediate
steps to secure your assets. In this chapter, we’ll dive
in to some of them.

Azure Active Directory

An important part of your application’s security

is authenticating users before they can use it—but
authentication is not an easy thing to implement.
You need to store user identities and credentials
 May The Developer’s 42
2019 Guide to Azure

somewhere, implement password management, These secrets can include the credentials in a
create a secure authentication handshake, and connection string. Your application would get the
so on. connection string from Key Vault instead of from
the configuration system. This way, administrators
Azure Active Directory (Azure AD) provides all can control the secrets, and developers never need
of these things and more out of the box. You store to deal with them. Key Vault also stores SSL and
your user identities in Azure AD and have users other certificates used to secure the traffic to and
authenticate against it, redirecting them to your from your applications over HTTPS.
application only after they’re authenticated.
Azure AD takes care of password management,
Azure Sentinel
including resolving common scenarios like
forgotten passwords.
To get a good overview of the security status of
your organization and all of its users, applications,
Since Azure AD is used by millions of applications
services, and data, you can use a security
every day—including the Azure portal, Outlook.
information and event manager (SIEM) platform.
com, and Office 365—it’s able to more readily
Azure now offers an AI-powered SIEM in the form
detect and act on malicious behavior. For instance,
of Azure Sentinel.
if a user were to sign in to an application from
a location in Europe and then one minute later
Use Azure Sentinel to collect data from your
sign in from Australia, Azure AD would flag this as
organization, including data about users,
malicious behavior and ask the user for additional
applications, servers, and infrastructure assets
credentials through multifactor authentication.
like firewalls and devices running in the cloud and
on-premises. It’s easy to collect data from your
Azure Key Vault organization with the built-in connectors. As data
is being collected, Azure Sentinel detects security
As part of your security architecture, you need a
threats and minimizes false positives with its smart
secure place to store and manage certificates, keys,
machine learning algorithms.
and other secrets. Azure Key Vault provides this
capability. With Key Vault, you can store the secrets
When there’s a threat, you’ll be alerted and
that your applications use in one central location.
can investigate it with AI, utilizing decades of
cybersecurity work at Microsoft. You can respond
// Try it out: Get started with to incidents with Azure Sentinel’s built-in workflow
Azure Key Vault
orchestration and task automation.

// Get started by onboarding

Azure Sentinel
 May The Developer’s 43
2019 Guide to Azure

Azure API Management Azure AD Application Proxy

APIs should be secure. This is true for APIs Azure AD Application Proxy provides single
you create yourself as well as those from third-party sign-on (SSO) and secure remote access for web
vendors. To assist in making your APIs secure, applications hosted on-premises. Apps you’d likely
you can use Azure API Management. This is want to publish include SharePoint sites, Outlook
basically a proxy you put in front of APIs that adds Web Access, or other line-of-business (LOB) web
features like caching, throttling, and authentication applications. These on-premises web apps integrate
or authorization. with Azure AD, the same identity and control
platform used by Office 365. End users can access
With API Management, you secure an API by your on-premises applications the same way they
requiring users to create a subscription to it. This access Office 365 and other SaaS apps integrated
way, applications need to authenticate before they with Azure AD.
can use your API. You can use various authentication
methods like access tokens, basic authentication, Managed Identities for Azure resources
and certificates. Additionally, you can track who’s
calling your API and block unwanted callers. How do you keep credentials out of your code
completely? You can start by using Azure Key Vault,
Much more than security but where do you store the credentials to connect
to Key Vault? Managed Identities for Azure
While security is critical, Azure API Management resources provides a solution.
offers other capabilities that can help streamline
your development and testing workflow, such as You can use Managed Identities for a lot of services
test data response mocking, publishing multiple in Azure, including Azure App Service. You simply
API versions, introducing non-breaking changes enable Managed Identity with a button to inject
safely with revisions, and giving developers access credentials into your application at runtime, and
to your API’s auto-generated documentation, then use those credentials to access other services
catalog, and code samples. like Azure Key Vault. All authentication between
services is done on the infrastructure level, meaning

// Try it out: Get started with your application doesn’t have to deal with it and can
Azure API Management just use other services.

// Try it out: How to use

Managed Identities for Azure
resources in App Service and
Azure Functions
 May The Developer’s 44
2019 Guide to Azure

Encryption
• SQL Transparent Data Encryption (TDE) encrypts
SQL Server, Azure SQL Database, and Azure SQL
Data Warehouse data files. Data and log files are
encrypted using industry-standard encryption
algorithms. Pages in a database are encrypted
Default encryption of data
before they’re written to disk and decrypted
when they’re read.
By default, your data is encrypted in Azure when
stored in Azure SQL Database, Azure SQL Data
• SQL Always Encrypted encrypts data within
Warehouse, Azure Database for MySQL, Azure
client applications prior to storing it in Azure SQL
Database for PostgreSQL, Azure Storage, Azure
Database. It allows delegation of on-premises
Cosmos DB, or Azure Data Lake Store. All this
database administration to third parties, and
encryption works automatically, and you don’t need
maintains separation between those who own
to configure anything when you use it.
and can view the data and those who manage it
but should not access it.
To help meet your security and compliance
requirements, you can use the following features
• Azure Cosmos DB requires no action from you—
to encrypt data at rest:
user data stored in Azure Cosmos DB in non-
volatile storage (solid-state drives) is encrypted by
• Azure Disk Encryption encrypts Windows and
default, and there are no controls to turn it on
Linux infrastructure as a service (IaaS) VM boot
or off.
and data volumes using customer-managed keys.

• Azure Storage Service Encryption automatically

encrypts data prior to persisting in Azure Storage,
and then automatically decrypts the data when
you retrieve it.

• Azure client-side encryption supports

encrypting data within client applications before
uploading to Azure Storage or other endpoints,
and then decrypting data when downloading it
to the client.
 May The Developer’s 45
2019 Guide to Azure

Azure Security
You don’t have to do anything to enable the Basic
tier—it’s automatically enabled for every customer

Center
as part of the Azure platform. This service protects
your applications against the most common DDoS
attacks by performing real-time monitoring and
mitigation, and it provides the same defenses used
by Microsoft Online Services (MOS).
Azure Security Center provides unified security
management and advanced threat protection The Standard tier provides additional mitigation
across hybrid cloud workloads. It offers centralized capabilities that are tuned specifically to Azure
policy controls to limit exposure to threats and Virtual Network resources. It’s simple to enable,
rapidly find and fix vulnerabilities. and you don’t have to change your applications—
everything is done at the network level. Plus, with
In addition, Security Center supports integration the Standard tier you can customize the Basic tier
with third-party solutions and can be customized protection with your own policies that focus on your
with automation and programming capabilities. specific use cases and applications.
You can use Security Center to analyze the security
state of your compute resources, virtual networks, // More info: Read more about
storage and data services, and applications. Azure DDoS protection

Continuous assessment helps you discover potential Azure VPN Gateway

security issues, such as systems with missing
security updates or exposed network ports. A list One of the many options for connecting Azure to
of prioritized findings and recommendations can your on-premises network is Azure VPN Gateway.
trigger alerts or other guided remediation. This lets you set up an encrypted Site-to-Site (S2S)
VPN connection between an Azure virtual network
Azure DDoS protection and your on-premises network.

You’ve heard about it on the news, and you Because the traffic is encrypted, it’s secure—even
certainly don’t want it to happen to your enterprise: when it travels over the public internet. VPN
an application is targeted by a Distributed Denial Gateway can send encrypted traffic between Azure
of Service (DDoS) attack. These types of attacks virtual networks over the Microsoft network.
are becoming more common and can overwhelm You can also create encrypted Point-to-Site (P2S)
your application to the point that no one can use connections from your computer to Azure. This way,
it anymore. The Azure DDoS protection service you have your own private, secured connection to
offers protection from DDoS attacks through a free Azure even when you’re on the road.
tier (Basic) and a paid tier (Standard).
 May The Developer’s 46
2019 Guide to Azure

// Get started by creating an Azure

Azure Network Watcher
VPN Gateway with PowerShell
Azure Network Watcher is a regional service that
enables you to monitor and diagnose conditions at
Azure Application Gateway the network level in, to, and from Azure.

Azure Application Gateway is a dedicated virtual Its many diagnostic and visualization tools can help
appliance that provides an application delivery you understand and gain deeper insights into your
controller (ADC) as a service. It offers various Layer 7 network in Azure.
load balancing capabilities for your application, and
allows customers to optimize web farm productivity Examples include:
by offloading CPU-intensive SSL termination to the
application gateway. The gateway also provides • Topology: Provides a network-level view showing
other Layer 7 routing capabilities, including round- the various interconnections and associations
robin distribution of incoming traffic, cookie-based between network resources in a resource group.
session affinity, URL path-based routing, and the
ability to host multiple websites behind a single • Variable packet capture: Captures packet data in
application gateway. and out of a VM. Advanced filtering options and
fine-tuned controls, such as the ability to set time
Azure Web Application Firewall and size limitations, provide versatility. The packet
data can be stored in a blob store or on the local
You need to secure your application against
disk in .cap format.
many threats, including SQL injection, Cross-site
scripting (XSS), and others defined in the Open
• IP flow verify: Checks if a packet is allowed or
Web Application Security Project (OWASP). A WAF
denied based on 5-tuple flow information and
from Azure can lend a hand with that. A feature
packet parameters (destination IP, source IP,
of the Azure Application Gateway service, a WAF
destination port, source port, and protocol). If the
provides real-time protection of your application.
packet is denied by a security group, the rule and
It detects malicious attacks, as defined in the
group that denied the packet are returned.
OWASP core rule set, and blocks those attacks
from reaching your application. It also reports on
attempted or ongoing attacks so that you can see
active threats to your application, providing an
extra layer of security.
 May The Developer’s 47
2019 Guide to Azure

Network security groups Cross-premises VPNs

A network security group (NSG) holds a list of Azure supports two types of cross-premises VPN
security rules that allow or deny network traffic to connections: P2S VPN and S2S VPN. A P2S VPN
resources connected to Azure Virtual Networks. connection lets you create a secure connection
NSGs can be associated to subnets, individual VMs to your virtual network from an individual client
(classic-style VMs), or individual network interface computer. This type of connection is established
controllers (NICs) attached to VMs (Resource from the client computer, which is useful for
Manager–style VMs). When an NSG is associated to telecommuters who want to connect to Azure
a subnet, the rules apply to all resources connected Virtual Networks from a remote location. A P2S
to the subnet. You can restrict traffic even further by VPN is also useful when you have only a few
also associating an NSG to a VM or NIC. clients that need to connect to a virtual network.
In contrast, an S2S VPN connection is used to
Azure DNS Private Zones connect your on-premises network to an Azure
virtual network over an IPsec/IKE (IKEv1 or IKEv2)
The DNS is responsible for translating (or resolving) VPN tunnel. This type of connection requires a VPN
a service name to its IP address. Azure DNS is device located on-premises that has an externally
a hosting service for DNS domains, providing facing public IP address.
name resolution using the Azure infrastructure. In
addition to internet-facing DNS domains, Azure // More info: Read more about P2S
DNS now supports private DNS domains as a and S2S VPNs
preview feature with Azure DNS Private Zones.
Security benefits from private DNS zones include
the ability to create a split DNS infrastructure.
This enables you to create private and public DNS
zones with the same names without exposing
internal names. In addition, the use of DNS Private
Zones removes the need to introduce custom
DNS solutions that could increase the overall
attack surface with independent updating and
management requirements.

// More info: Read more about

DNS Private Zones
 May The Developer’s 48
2019 Guide to Azure

Azure ExpressRoute

Azure ExpressRoute lets you extend your on-

premises networks into the Microsoft cloud
over a secure private connection facilitated by
a connectivity provider without traversing the
internet. With ExpressRoute, you can establish
connections to Microsoft cloud services, such as
Azure, Office 365, and Dynamics 365.

Azure Load Balancer

You can use load balancers to increase the

availability of applications. Azure supports both
external and internal load balancers, which can be
used in a public or internal configuration.

In addition, you can configure load balancers

to support high availability (HA) ports where an
HA ports rule is a variant of a load balancing rule
configured on the internal Standard Load Balancer.
You can provide a single rule to load balance all TCP
and UDP flows arriving on all ports of an internal
load balancer.

// More info: Read about Load

Balancer and HA ports rules
 May The Developer’s 49
2019 Guide to Azure

Logging and Azure NSG flow logs

monitoring
A feature of Network Watcher, Azure NSG flow
logs allow you to view information about ingress
and egress IP traffic through an NSG. Flow logs can
be analyzed to gain information and insights into
network traffic and security as well as performance
Azure Log Analytics issues related to traffic.

Azure Log Analytics helps you collect and analyze While flow logs target NSGs, they are not displayed
data generated by resources in your cloud and in the same way as other logs and are stored only
on-premises environments. It provides real-time within a storage account.
insights by using integrated search and custom
dashboards to analyze millions of records across Azure Monitor Application Insights
all your workloads and servers regardless of their
physical location. Azure Monitor Application Insights is an
extensible application performance management
Azure Monitor (APM) service for web developers on multiple
platforms. It includes powerful analytics tools to
Azure Monitor enables basic monitoring for Azure help you diagnose issues and understand what
services by collecting metrics, activity logs, and users do with your app. It works for applications on
diagnostic logs. The metrics collected provide a variety of platforms hosted on-premises or in the
performance statistics for different resources, cloud, including .NET, Node.js, and J2EE.
including the OS associated with a VM.

The activity log will show you when new resources

are created or modified. You can view this data with
one of the explorers in the Azure portal and send it
to Log Analytics for trending and detailed analysis,
or you can create alert rules that will proactively
notify you of critical issues.
 May The Developer’s 50
2019 Guide to Azure

Application Insights integrates with your DevOps Azure security technical and
process and has connection points to a variety of architectural documentation
development tools. It can monitor and analyze
telemetry from mobile apps by integrating with Azure maintains a large library of security technical
Visual Studio App Center. documentation that supplements security
information with individual services. White papers,
Azure Security and Compliance Blueprint best practices documents, and checklists are
included on the Azure Security Information page.
The Azure Security and Compliance Blueprint -
HIPAA/HITRUST Health Data and AI provides Also covered are core public cloud security topics
tools and guidance to help deploy a platform as in diverse areas, including network security,
a service (PaaS) environment for compliance with storage security, compute security, identity and
the Health Insurance Portability and Accountability access management, logging and auditing, cloud
Act (HIPAA) and Health Information Trust workload protection, PaaS security, and more.
Alliance (HITRUST).

// More info: Read more about the

This PaaS offering supports ingesting, storing, Azure Security Information page
analyzing, and interacting with personal and non-
personal medical records in a secure, multitier
Further reading
cloud environment deployed as an end-to-end
solution. The blueprint showcases a common
Learn more about Azure security in the following
reference architecture that could be applied to
free e-books:
use cases beyond healthcare, and is designed to
simplify adoption of Azure.
// Enterprise Cloud Strategy

// More info: Read more about

// Azure for Architects
the Azure Security and
Compliance Blueprint
 February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 51
2018 adipiscing
2019 elit Guide to Azure

04 /
Mus ma dolor Duntiaspel is vel estotatem qui qui sitatio
nsedit, ea sere volor molupta dolut officto

duciuscit, odit blaut omnimenem fugitas et omnihil

lestibea veliquia conem estiae quidi aut

volupis as volo facearchilit quidelia peri conserrum, qui

utaquiasit utaquiae reperum re et fugitibus

eos et libusci re porepedit faciminciae lant et dolorpos et

volum se doloreh endigenis pratibus quis

duntem commo in natem.

es nit etur sit Sedicil labores citatem natem sedit autet

volorit, quos ut lameniatur? Um enimagnis

Adding
dolum earum minctur simillab is arum quatinverro
te destibus, tem adis eum rehenia si
omnimusam veni nossita.

intelligence
to your
application
 May The Developer’s 52
2019 Guide to Azure

How can Azure

integrate AI into
your app?
AI can give your application an edge over the
competition. Just imagine what you can build—
apps that translate speech in real time as you’re
speaking, or an app that helps you identify parts of
a motor in a mixed-reality training. The possibilities
are endless. But building an AI-powered app seems
difficult. How do you create an algorithm that can
understand speech, for instance?

Fortunately, you don’t have to do everything

yourself. Azure is here to help. It provides many AI
services that you can just plug into your application,
like the Speech Translation service (a service in
Azure Cognitive Services) that translates speech in
real time.

Using a service like this, you’re able to just consume

AI. But you can also build your own machine
learning algorithms with services like Azure
Machine Learning Studio and Azure Machine
Learning service.
 May The Developer’s 53
2019 Guide to Azure

What to use,
and when?
Before diving into the options for AI in Azure, let’s
look at Table 4-1, which summarizes which services
are available and their capabilities.

Table 4-1

Rendering*
Azure Search*

Services*
Azure Cognitive

Azure Bot Service*

Learning Studio*
Azure Machine

Learning*
Azure Machine

Anchors*
Azure Spatial

Azure Remote
Move data from store to store ●

Transform data ● ● ● ● ● ● ●

Query and filter streaming data ● ● ●

Provide in-memory semantic model for users ● ● ●

Users can query data and create dashboards ●

Analyze data for later use ● ● ●

* Services with an asterisk have a free tier that you can use to get started at no cost.
 May The Developer’s 54
2019 Guide to Azure

Azure Search
• User experience features like sorting and
paging search results, intelligent filtering, and
providing search suggestions.

• Cognitive Search, which is an AI-first approach

Azure Search is a common feature, yet it has to understanding. Cognitive Search is powered
traditionally been difficult to implement. Azure by Azure Search with built-in Cognitive
Search provides a lot of the plumbing to do Services. It pulls data from almost any source
searches. You just spin up an Azure Search instance, and applies a set of composable cognitive
create an index that helps you search, and fill it with skills that extract knowledge. This knowledge is
data. This means, for example, that you could easily then organized and stored in an index, enabling
implement Azure Search to help users search your new experiences for exploring the data using
product catalog in an e-commerce application. Azure Search.

There are many options for tweaking Azure

Cognitive Search is used by oil and gas companies,
Search and great features to make searching
whose teams of geologists and other specialists
easier for your users, such as:
need to understand seismic and geologic data.
These teams often have decades of PDFs with
• Geo-search, which lets users explore data
pictures of samples along with handwritten field
based on the proximity of a search result to a
notes. The teams need to connect places, domain
physical location.
experts, and events and then navigate all this
• Language analyzers from Apache Lucene as information to make key decisions.
well as natural language processing (NLP)
from Microsoft, available in 56 languages, Cognitive Search uses Cognitive Services to
which intelligently handle linguistics, including analyze all this data, extract information, and
verb tense, gender, irregular plural nouns, correlate it—all without the need to write
word decompounding, and word breaking for complicated image recognition or Optical
languages with no spaces. Character Recognition (OCR) software.

• Monitoring and reporting, which provide

information on what was searched for and how // Try it out: Create your first
Azure Search index in the portal
fast and successful the search was.
 May The Developer’s 55
2019 Guide to Azure

Cognitive
Each category in the table contains multiple
services that you can use by calling an API.

Services
Some categories contain custom services, like
Custom Vision, Language Understanding, and Bing
Custom Search. These custom services provide
preconfigured machine learning algorithms,
just like the other services, and they also enable
Cognitive Services provides machine learning you to use your own data to train the model. In
algorithms, created by Microsoft, and data as addition to these services, you can use the services
a service. For most services, Microsoft has also in the Cognitive Services Labs. The labs contain
provided the data to train those algorithms. experimental services that Microsoft is trying out
For some services, you can use your own custom to see if they fit well with customer use cases. One
data to train the algorithms. such experimental service is Project Gesture, which
enables you to detect gestures like the wave of a
Cognitive Services provides an exceptionally easy hand and weave them into your user experience.
way to incorporate machine learning and AI into
your application—by simply calling APIs. Let’s take a closer look at some of
the Cognitive Services.
Table 4-2 shows which APIs are currently available.
Note that the list keeps growing.
// Try it out: Explore
Cognitive Services
All services have a free tier that you can
use to get started.

Table 4-2

Vision Speech Language Knowledge Search

Computer Vision Speech to Text Text Analytics QnA Maker Bing Web Search
Face Text to Speech Translator Text Bing Visual Search
Video Indexer Speech Translation Bing Spell Check Bing Entity Search
Content Moderator Speaker Recognition Content Moderator Bing News Search
Custom Vision Language Bing Custom Search
Understanding Bing Image Search
Bing Autosuggest
Bing Video Search
Bing Local Business
Search

* All services have a free tier that you can use to get started.
 May The Developer’s 56
2019 Guide to Azure

Language Understanding how to train the model. In this example, you would
tag an image with “cumulus” or “stratus.”
Use the Language Understanding (LUIS)
service to understand what users are saying to Once you’ve uploaded enough images, you can
you on social media, in chatbots, or in speech- train your model. The more images you upload
enabled applications. For example, you can book with tags and the more training you do, the more
flights or schedule meetings. accurate your model will be.

To use the Language Understanding service, give Once you have a model that performs well, you can
it examples of what you want it to understand, like start using it by making calls to the Custom Vision
“Book a flight to Seattle” or “Schedule a meeting API and feeding it new images. When you upload
at 1pm with Bob,” and tell it which words you’re a new image, the service tells you if it recognizes it
looking for. In these examples, you might be based on the images already uploaded.
looking for the destination of the flight (Seattle) and Figure 4-1 shows an example of what the API
the time and person for the meeting (1pm and Bob). endpoint looks like.

After the Language Understanding service creates

a machine learning model based on the examples
that you put in, it can extract information from
natural language that users put in.

// Try it out: Create a new app in

the LUIS portal

Custom Vision

With the Custom Vision service, you can detect

Figure 4-1
information in images based on your own
training data. Custom Vision works similarly to
Using the Custom Vision service to detect
other Cognitive Services in that it comes with a
information based on your own model is impressive
predefined machine learning algorithm. All you
enough, but Custom Vision can do even more. The
have to do is feed the service with your data.
model you create when you train the Custom Vision
service with your data can be deployed to the
Let’s say you want to create a model that can detect
“intelligent edge.” This means the model and API
types of rain clouds in the sky, such as cumulus and
can run somewhere other than the cloud, like on
stratus. To create this model, you upload images
an on-premises server in a Docker container or on
of different types of clouds to the Custom Vision
another device, such as your phone.
portal and give them tags, which tells the service
This offers great flexibility because you don’t need
 May The Developer’s 57
2019 Guide to Azure

an active internet connection to use the capabilities • Performs sentiment analysis, which identifies
of the Custom Vision service; you can also run when something positive, negative, or
it locally, which provides great performance. In neutral is said or displayed.
addition, the model you run on the edge isn’t very
large—only approximately tens of megabytes— As the breadth of these functionalities shows,
because you deploy only the model and API, not Video Indexer combines many Cognitive Services,
the training data. like Speech to Text and Speaker Recognition.
Cumulatively, these services provide powerful
capabilities that make content more discoverable,
// Try it out: Create your own
Custom Vision project accessible, and valuable.

You can upload media files to Video Indexer using

Video Indexer
the Video Indexer portal or the API. Figure 4-2
shows the results of an Azure Friday video that was
The Video Indexer service analyzes the video and
uploaded to the Video Indexer service.
audio files you upload to it. This Cognitive Service
is also a part of the Media Analytics suite of Azure
Media Services. It provides a predefined machine
learning algorithm and you provide the data.

In addition to many others, Video Indexer has the

following capabilities:

Figure 4-2
• Creates a transcript of the text in a video.
You can refine the transcript manually and As shown in the figure, Video Indexer created a
train Video Indexer to recognize industry transcript of the audio in the video. The transcript
terms like “DevOps.” can be edited and even translated into other
languages. You can also see that Video Indexer
• Tracks faces and identifies who is in a video
recognized text on the slide behind the speakers
and at what points. Video Indexer has the same
and marked it as “OCR.” You can skip to that text by
capability for audio, for which it recognizes who
clicking it. Video Indexer provides this functionality
is speaking and when.
for individual applications by embedding the
• Recognizes visual text in a video, like Cognitive Insights widget.
text on a slide, and makes that part of
the transcript. // Try it out: Upload your first
video to Video Indexer
 May The Developer’s 58
2019 Guide to Azure

QnA Maker Bing Autosuggest

The QnA Maker Cognitive Service offers an easy Bing Autosuggest provides search suggestions
way to create a conversational layer over existing while you type. This enables you to give your users
data, like the frequently asked questions (FAQ) a search experience similar to using Bing or Google,
pages, support websites, and product manuals. in which search results are automated
QnA Maker helps you analyze and extract the or completed.
information and convert it into question-and-
answer pairings that can be easily managed. Provide the search text character by character to
Simply put, QnA Maker allows you to build apps Bing Autosuggest, and it quickly returns search
that can provide information to your users in a suggestions in JSON format.
conversational manner.
For instance, when you input the query text
With QnA Maker, it’s possible to create and manage “What should I search for,” the service returns the
knowledge bases using the easy-to-use QnA Maker following JSON (see page 59 for larger figure):
Portal or using REST APIs. We have simplified the
bot creation process by allowing you to easily create
a bot from your knowledge base—without the
need for any code or settings changes. See more
details here: Create a QnA bot. Of course, you can
also use QnA Maker to create a bot using the Azure
Bot Service and augment your QnA bot by adding
the Language Understanding Service. To add
personality, you can add chit-chat to your bot, and
answer commonly asked small talk scenarios out of
the box.

You pay only for the hosting of QnA Maker, not for
how many times the resulting service gets queried
by users. This contains all the suggestions. The original search
query is contained in the top of the results.

// Try it out: Create your QnA Maker

knowledge-based service // Try it out: Get an API key and
try out Bing Autosuggest for free
 May The Developer’s 59
2019 Guide to Azure

{
“_type”: “Suggestions”,
“instrumentation”: null,
“queryContext”: {
“originalQuery”: “what should I search for”
},
“suggestionGroups”: [
{
“name”: “Web”,
“searchSuggestions”: [
{
“url”: “https://www.bing.com/search?q=what+should+i+search+for&FORM=USBAPI”,
“urlPingSuffix”: null,
“displayText”: “what should i search for”,
“query”: “what should i search for”,
“searchKind”: “WebSearch”
},
{
“url”: “https://www.bing.com/search?q=what+should+i+search+for+on+bing&
FORM=USBAPI”,
“urlPingSuffix”: null,
“displayText”: “what should i search for on bing”,
“query”: “what should i search for on bing”,
“searchKind”: “WebSearch”
},
{
“url”: “https://www.bing.com/search?q=what+should+i+search+for+on+the+internet&
FORM=USBAPI”,
“urlPingSuffix”: null,
“displayText”: “what should i search for on the internet”,
“query”: “what should i search for on the internet”,
“searchKind”: “WebSearch”
},
{
“url”: “https://www.bing.com/search?q=what+should+i+search+for+today&
FORM=USBAPI”,
“urlPingSuffix”: null,
“displayText”: “what should i search for today”,
“query”: “what should i search for today”,
“searchKind”: “WebSearch”
},
{
“url”: “https://www.bing.com/search?q=what+should+i+search+for+in+dna+raw+data&
FORM=USBAPI”,
“urlPingSuffix”: null,
“displayText”: “what should i search for in dna raw data”,
“query”: “what should i search for in dna raw data”,
“searchKind”: “WebSearch”
}
]
}
]
}
 May The Developer’s 60
2019 Guide to Azure

Azure Bot
Azure Bot Service makes it easy to create a bot
and provides the following support:

Service • Provides a way to host and manage bots you’ve

built using the Microsoft Bot Framework, with
a comprehensive open-source SDK and tools
for bot development.
Creating a bot—an application that automatically
and autonomously interacts with users—is no trivial • Integrates natively with Cognitive Services.
task. You need to keep track of the context of your
• Helps you connect your bot to where your
interaction with each user and be ready to respond
customers are, with connectors to channels
to a multitude of possible interaction parameters.
like Facebook, Slack, Microsoft Teams, Line,
Telegram, and more.
The Azure Bot Service enables you to build
intelligent, enterprise-grade bots and experiences • Offers all the benefits of a managed service in
that can extend your brand and keep you in control Azure, including massive scale and built-in CD,
of your data. Begin with a simple Q&A bot or build and you pay only for what you use.
a sophisticated virtual assistant. Use comprehensive
An example of a bot you can build with Azure
open-source SDK and tools to easily connect your
Bot Service is one that provides users with answers
bot across popular channels and devices. Give your
to their most frequently asked questions.
bot the ability to speak, listen, and understand your
users with native integration to Cognitive Services.
You can use this with the QnA Maker Cognitive
Service. The interface of the bot can be a chat box
on your website. You could also build your own
branded virtual assistant using the virtual assistant
solution accelerator.

// Try it out: Get started

with chatbots using Azure
Bot Service
 May The Developer’s 61
2019 Guide to Azure

Azure Machine
Learning Studio
Figure 4-3
You can add intelligence to your applications with
services from Azure such as Cognitive Services. The machine learning process works as follows:
These are based on machine learning algorithms
that Microsoft created to use as a service. However, • Data contains patterns. You probably know
there are other ways to use machine learning about some of the patterns, like user ordering
in your applications. First, let’s talk about what habits. It’s also likely that there are many
machine learning is. patterns in data with which you’re unfamiliar.

What is machine learning? • The machine learning algorithm is the

intelligent piece of software that can find
Machine learning is often thought to mean the patterns in data. This algorithm can be one you
same thing as AI, but they aren’t actually the create using techniques like deep learning or
same. AI involves machines that can perform tasks supervised learning.
characteristic of human intelligence. AI can also
• Finding patterns in data using a machine
be implemented by using machine learning, in
learning algorithm is called “training a machine
addition to other techniques.
learning model.” The training results in a
machine learning model. This contains the
Machine learning itself is a field of computer science
learnings of the machine learning algorithm.
that gives computers the ability to learn without
being explicitly programmed. Machine learning • Applications use the model by feeding it new
can be achieved by using one or multiple algorithm data and working with the results. New data is
technologies, like neural networks, deep learning, analyzed according to the patterns found in the
and Bayesian networks. data. For example, when you train a machine
learning model to recognize dogs in images,
So what’s involved in machine learning? it should identify a dog in an image that it has
Figure 4-3 shows the basic workflow for using never seen before.
machine learning.
The crucial part of this process is that it is iterative.
The machine learning model is constantly improved
by training it with new data and adjusting the
algorithm or helping it identify correct results from
wrong ones.
 May The Developer’s 62
2019 Guide to Azure

Using Azure Machine Learning Studio

to create models

You can use Azure Machine Learning Studio to

create your own custom machine learning models
and expose them through web services so that your
applications can use them.

Machine Learning Studio is a service in Azure with

Figure 4-4
which you can visually create machine learning
projects and experiments, couple datasets, create
notebooks, and expose models with web services. Figure 4-4 shows an experiment in Machine

The studio itself is a portal that you can use from Learning Studio, with the workflow to be executed

your web browser and that enables you to create to train a model as well as the categories of

algorithms using a drag-and-drop approach. predefined steps that can be used in the workflow.

In the studio, you can start from scratch or with When you’ve built your experiments and used them

one of the many experiments that are in the gallery, on your data to create a machine learning model,

including one for predicting length of stays in you can publish them as web services. When your

hospitals and another for anomaly detection in real- applications use the web services, they

time data streams. Use these experiments as the can send data to your model and receive your

basis for a machine learning model or to learn how model’s predictions.

these cases can be solved.

// Try it out: Sign up to use
A machine learning experiment in Machine Azure Machine Learning Studio

Learning Studio consists of multiple steps

that manipulate data and execute machine Azure Machine Learning service
learning algorithms on it. Use predefined steps
available in the studio to compose a machine You can use Azure Machine Learning service to
learning algorithm. create data analytics algorithms with open-source
tools like Python and the Azure CLI. Just like with
 May The Developer’s 63
2019 Guide to Azure

Machine Learning Studio, you can create whatever Azure Machine Learning service works with many
algorithm you want, providing flexibility for a Azure services that can help create, train, and
variety of scenarios, like predictive analytics, data run your algorithm. You can, for instance, create
recommendations, and data classification. your algorithm in Jupyter Notebook, train it using
Azure Databricks, and deploy it on a Kubernetes
With Azure Machine Learning service, you create container cluster in Azure Kubernetes Service.
custom machine learning algorithms from scratch.
This is different from the Machine Learning // Get started with Azure
Studio, where you visually create an algorithm by Machine Learning service
connecting predefined pieces of a machine learning by using the Azure portal
algorithm. Azure Machine Learning service fully
supports open-source technologies like Google
TensorFlow, PyTorch, and scikit-learn.

Azure Machine Learning service is a complete

service that offers start-to-finish capabilities.
You can create your algorithm, prepare your
data, train the algorithm on it, test and deploy
the algorithm, and track and manage it when
it’s running.
 May The Developer’s 64
2019 Guide to Azure

Developer AI Toolkit for Azure IoT Edge

tooling for AI
Using machine learning models locally on devices
(the intelligent edge) delivers a powerful advantage:
it enables you to use the local processing power
of the device without relying on an internet
connection or incurring the latency of a web service
Visual Studio Tools for AI call to get your results.

Visual Studio Tools for AI is a free Visual Studio Described earlier in the Cognitive Services section,
extension. Use it to access a range of AI services the Custom Vision service already supports
and frameworks, including the Microsoft Cognitive running on the edge. You can expect more services
Toolkit (CNTK), TensorFlow, Keras, and Caffe2. to run on the edge in the future.

Visual Studio Tools for AI allows you to To run machine learning models on the edge, you
create machine learning algorithms similarly need tooling to help you deploy the models and
to Azure Machine Learning Studio. You can use web services. The AI Toolkit for Azure IoT Edge
languages like Python, C, C++, and C# or leverage helps with this tooling by enabling you to package
one of the many samples in the machine learning machine learning models in Azure IoT Edge–
experiments gallery. compatible Docker containers and to expose those
models as REST APIs.
With Visual Studio Tools for AI, you can create
machine learning elements from Visual Studio The AI Toolkit for Azure IoT Edge contains examples
and take advantage of the power of Visual Studio for getting started and is fully open source and
to debug machine learning algorithms and train available on GitHub.
machine learning models. From Visual Studio,
you can create training jobs that can scale out
to many VMs in Azure. You can also monitor
training performance and then generate a web
service to use the machine learning model in your
applications. You can do all this without ever leaving
Visual Studio.

// Try it out: Download the Visual

Studio Tools for AI extension
 May The Developer’s 65
2019 Guide to Azure

AI and
For example, people entering a hospital often
have difficulty getting to where they need to go.

mixed reality
With Azure Spatial Anchors, the hospital can
create a mobile app that shows digital information
in the physical hospital to guide people to various
locations. Within the app on their iOS device,
people can use the directional arrows on the
Your applications are no longer limited to a 2D hospital’s physical information boards to get to
environment. The world is now your app canvas, their destinations.
backed by spatial intelligence from things like IoT
sensors, mixed reality, and computer vision. With Another way Azure Spatial Anchors is being used
Azure mixed-reality services, you can bring data to is in a training application for nurses. Pearson
life in 3D when and where your users need it. Education has enabled nursing students and
professors to practice diagnosing and treating
Azure Spatial Anchors patients in 3D before the pressure of a real case.
Students and professors may use HoloLens
In the world of mixed reality, you can integrate devices or mobile phones and tablets running iOS
digital information within the context of your or Android.
physical environment, like a hologram of your
favorite game characters on your kitchen counter. Azure Spatial Anchors enables you to share digital
With Azure Spatial Anchors, you can place digital information and holograms that are positioned in
content in a physical location and share that with the physical world. It works with apps built on Unity,
users using your choice of devices and platforms. ARKit, ARCore, and Universal Windows Platform
(UWP) and can be used with a HoloLens device,
iOS-based devices supporting ARKit, and Android-
based devices supporting ARCore.
 May The Developer’s 66
2019 Guide to Azure

With Azure Spatial Anchors, you can easily secure But this loss of detail sacrifices information needed
your spatial data and give users access through to make the right decision in many situations. With
Azure Active Directory. You can also integrate Azure Remote Rendering, 3D models are rendered
storage, AI, analytics, and IoT services into your in the cloud and streamed to devices in real time—
spatial application. with no compromise on visual quality.

// Get started by sharing Azure This enables you to keep the original quality of
Spatial Anchors across sessions the model and interact with the content on edge
and devices devices like headsets and mobile phones with every
detail intact.
Azure Remote Rendering

When you use 3D models in scenarios like

design reviews and medical procedure plans,
you need them to be as detailed as possible.
Every detail matters.

Many businesses use complex 3D models

containing hundreds of millions of polygons,
and edge devices with low or medium graphics-
processing power are not capable of rendering
them. Traditionally, developers have tried to address
this problem using a technique called “decimation.”
This makes the model simpler by removing
polygons so it can display on those devices.
 May The Developer’s 67
2019 Guide to Azure

Using events
One way to solve this problem is to use a queue to
decouple the web application from the web service.

and messages in
The web application receives the order and writes
it in a message on a Service Bus queue. Then the
web application informs the user that the order is

your application being processed. The web service takes messages

from the queue, one by one, and processes them.
When the web service has processed an order, it
sends an email notification to the user that the item
Modern, globally distributed applications often has been ordered.
must deal with large amounts of messages coming
in, so they need to be designed with decoupling By decoupling the systems, the web application
and scaling in mind. Azure provides several services can work at a different speed from the web
to help with event ingestion and analysis as well as service, and both can be scaled individually to
messaging patterns. These services are also vital for the application’s needs.
creating intelligent applications that leverage AI.
A Service Bus queue is a simple mechanism.
Azure Service Bus Multiple applications can put messages on the
queue, but a queue message can be processed
The core of messaging in Azure is the Azure by only one application at a time. There are some
Service Bus. Service Bus encompasses a collection clever features to work with messages on the
of services that you use for messaging patterns. queue, like duplicate detection and a dead-letter
The most important services are Azure Service Bus subqueue to which messages are moved when they
queues and topics. fail to be processed correctly.

// Get started with Azure Service

Bus queues

Azure Service Bus queues

Azure Service Bus queues decouple systems

from one another. For example, a web application
receives orders from users and needs to invoke a
web service to process the orders. The web service
will take too long to process the orders, perhaps up
to five minutes.
 May The Developer’s 68
2019 Guide to Azure

Azure Service Bus topics Table 4-3

Azure Service Bus Azure Queue storage

Just like Service Bus queues, Azure Service Bus
queues
topics are a form of application decoupling.
Message lifetime Message lifetime
>7 days <7 days
Here’s the difference between them:

Guaranteed (first in– Queue size

• With a queue, multiple applications write first out) ordered >80 GB
messages to the queue, but only one
Duplicate detection Transaction logs
application at a time can process a message.
Message size ≤1 MB Message size ≤64 KB
• With a topic, multiple applications write
messages to the topic, and multiple applications
can process a message at the same time.
Azure Event Hubs
Applications can create a subscription on the
Azure Event Hubs can help enterprises capture
topic that indicates what type of messages they’re
massive amounts of data to analyze it or transform
interested in. Just like queues, topics have features
and move it for later use.
like duplicate detection and a dead-letter subqueue
to which messages are moved when they fail to be
Event Hubs is designed for massive data ingestion.
processed correctly.
It effortlessly handles millions of messages per
second. It retains messages for up to seven days
Comparing Service Bus queues and
or indefinitely by writing messages to a data store
Azure Queue storage
using the Event Hubs Capture feature.

Service Bus queues and Azure Queue storage

You can use Event Hubs to filter data with queries as
basically do the same thing, but there are
it comes in and output it to a data store like Azure
differences, as shown in Table 4-3.
Cosmos DB. You can even replay messages.

// Try it out: Get started sending

messages to Azure Event Hubs
 May The Developer’s 69
2019 Guide to Azure

Azure IoT Hub Azure Event Grid

Just like Event Hubs, Azure IoT Hub is built for Azure Event Grid offers a different type of
massive data ingestion. It’s specifically geared messaging—a fully managed publish and subscribe
toward handling the enormous volume of data service that hooks into almost every service
messages from devices on the Internet of Things, in Azure as well as into custom publishers and
like smart thermostats and sensors in cars. subscribers.

It has many of the same properties as Event Hubs, This is different from working with the Service Bus
like the ability to retain messages for up to seven queues and topics, for which you’d need to poll
days and replay them. the queue or topic for new messages. Event Grid
automatically pushes messages to subscribers,
What makes IoT Hub unique is that it can send making it a real-time, reactive event service.
messages to devices. It has the ability to manage
your complete IoT infrastructure—you can use it Services in and outside of Azure publish events
to register devices, report their state, manage them when a new blob is added, for example, or when
by securing and restarting them, and send data a new user is added to an Azure subscription.
to them. Azure Event Grid detects these events and makes
them available to event handlers and services that
// Try it out: Connect your device subscribe to the events, as shown in Figure 4-5.
to your IoT hub
Event handlers can be Azure Functions or Azure
Logics Apps, which can then act on the data in
the event.

Event Publishers Topics Event Subscriptions Event Handlers

Blob Storage
Azure Functions
Resource Groups
Logic App
Azure Subscriptions
Azure Automation
Event Hubs
WebHooks
Custom Topics

Figure 4-5
 May The Developer’s 70
2019 Guide to Azure

Another important aspect of Event Grid is that Azure SignalR Service

it is serverless. This means that, like Azure Logic
Apps and Azure Functions, Event Grid scales You can use Azure SignalR Service to add
automatically and doesn’t need an instance of it to real-time web functionality to your applications.
be deployed. You just configure it and use it, and The service is based on ASP.NET Core SignalR and
you pay only when it’s used. is offered as a standalone, fully managed service
in Azure.
You can use Azure Event Grid if you want an email
notification every time a user is added to or deleted SignalR can update connected applications in
from your mailing list in Mailchimp. Azure Event real time over HTTP, without the need for the
Grid is used to activate an app in Azure Logic applications to poll for updates or submit new
Apps and configured to listen to changes to the HTTP requests. This enables you to create seamless
Mailchimp mailing list. Azure Event Grid then web experiences that update information on the
signals Logic Apps to send an email containing the fly. For example, an auction application might
name of a user who has been added or deleted and use SignalR to refresh the latest bid as soon as it
the action that was performed. happens, without completely refreshing the page or
constantly polling for information.
// Try it out: Monitor virtual
machine changes with Azure Hosting a SignalR server yourself is not a trivial
Event Grid and Logic Apps task, and it can be difficult to scale and secure
properly. When you use the fully managed
Azure SignalR Service, setup is easy, and security,
availability, performance, and scalability are all
managed for you.

// Try it out: Create a chat room

with SignalR
 May The Developer’s 71
2019 Guide to Azure

What to use, and when? Further reading

Azure provides myriad options to perform You can learn more about using
messaging and to decouple applications. Which one Azure AI services in your application
should you use, and when? Table 4-4 summarizes in this free e-book:
the differences to help you choose.
// A Developer’s Guide
to Building AI Apps

Table 4-4
Service*
SignalR

Event Grid*

Event Hubs*

IoT Hub*

Topics*

queues*
Service Bus

storage*
Azure Queue
Event ingestion ● ● ●
Device management ●
Messaging ● ● ● ● ● ● ●
Multiple consumers ● ● ● ● ●
Multiple senders ● ● ● ● ● ● ●
Use for decoupling ● ● ● ● ●
Use for publish/subscribe ● ●

Max message size 64 KB 64 KB 256 KB 256 KB 1 MB 1 MB 64 KB

* Services with an asterisk have a free tier that you can use to get started at no cost.
 February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 72
2018 adipiscing
2019 elit Guide to Azure

05 /
Mus ma dolor Duntiaspel is vel estotatem qui qui sitatio
nsedit, ea sere volor molupta dolut officto

duciuscit, odit blaut omnimenem fugitas et omnihil

lestibea veliquia conem estiae quidi aut

volupis as volo facearchilit quidelia peri conserrum, qui

utaquiasit utaquiae reperum re et fugitibus

eos et libusci re porepedit faciminciae lant et dolorpos et

volum se doloreh endigenis pratibus quis

duntem commo in natem.

es nit etur sit Sedicil labores citatem natem sedit autet

volorit, quos ut lameniatur? Um enimagnis

Connect
dolum earum minctur simillab is arum quatinverro
te destibus, tem adis eum rehenia si
omnimusam veni nossita.

your
business
with IoT
 May The Developer’s 73
2019 Guide to Azure

How can Azure connect,

secure, manage, monitor,
and control your devices
in the cloud?
One of the most exciting things that you get
to do as a developer is impact the real world.
You can do that with devices like robots, sensors,
and microcontrollers. When you create applications
with these devices, you can do things like predict
when a machine needs maintenance before it
actually requires repairs or even create a self-
driving car.

Working with devices to impact the real world

can be difficult if you develop all the software
yourself. Fortunately, Azure provides solutions
that can help make this a lot easier. You can, for
instance, use Azure IoT Hub to securely ingest
messages from sensors and perform device
management, like sending messages to devices
and resetting them. When you’re building anything
with a microcontroller (single-chip computers)
in it, consider using Azure Sphere, which is a
combination of hardware, OS, and cloud services
with security built into the silicon.

Let’s go through the services in Azure that can help

you build amazing IoT applications.
 May The Developer’s 74
2019 Guide to Azure

Azure IoT Hub

IoT Hub is powerful because it allows you to
manage devices in various ways, like sending them a
message to reboot themselves or running a startup
script. This makes IoT Hub the central service that
enables a robust IoT application in Azure. To help
At the core of Azure IoT is Azure IoT Hub, an open
provision devices at scale, Azure provides the IoT
and flexible cloud PaaS that connects, monitors,
Hub Device Provisioning Service.
and manages devices in a secure and scalable
manner. We discussed Azure IoT Hub in an earlier
This service enables zero-touch, just-in-time
chapter, but there’s more to learn about it in the
provisioning to the appropriate IoT hub without
context of IoT.
intervention, allowing you to provision devices
in a secure and scalable manner. The service can
You already know that you can use IoT Hub to
help you with many device provisioning scenarios,
ingest massive amounts of messages that typically
including connecting devices to an IoT hub and
come from IoT devices, like messages that contain
running their initial setup scripts, load balancing
data from temperature sensors. What’s more, IoT
devices across multiple hubs, and reprovisioning
Hub is unique because it not only receives messages
based on a change in the device.
but also sends commands back to devices. It
establishes two-way communication with devices
IoT Hub can also connect devices that can run
and even lets you execute code on devices.
workloads developed in the cloud, including those
that run the Azure IoT Edge runtime and modules.
Once a device is connected to IoT Hub, the hub has
a record of its identity. This enables IoT Hub to send
messages and monitor the device; it also allows IoT
Hub to secure the device and the communications
between them. Devices are required to authenticate
to IoT Hub using several industry best-practice
security protocols, like X.509 certificates and SAS
token-based authentication. You can manage the
security of each connected device and revoke
privileges if you no longer want a particular device
to be connected.

When devices send messages to Azure IoT Hub,

you can either store the messages or route them to
another service for analysis or action. It’s possible,
 May The Developer’s 75
2019 Guide to Azure

for instance, to route incoming messages using to interact with IoT Hub. Importantly, the company
IoT Hub message routing that offers simplicity, now has control over the security of its devices and
reliability, and scalability without the complexity of can detect their status and reset them as needed.
building custom routing solutions. In addition, the company routes the data from its
GPS dongles through Azure Stream Analytics, so
Another option for integrating IoT events into only the data of GPS changes is kept. This reduces
Azure services or business applications is to use the data burden because the dongles send their
Azure Event Grid, a fully managed event routing location every second.
solution that uses a publish-subscribe model. IoT
Hub and Event Grid work together to integrate IoT Using Azure IoT Hub enabled this company to scale
Hub events into Azure and non-Azure services in and mature its business by providing first-class
near-real time. security and device management. It also opened
new opportunities to do more with devices than the
You can also create bi-directional communication company ever thought possible.
tunnels using device streams. Azure IoT Hub device
streams facilitate the creation of secure bidirectional
TCP tunnels for a variety of cloud-to-device Azure IoT Central
communication scenarios.
Azure IoT Central is a hosted IoT solutions platform
Example: Azure IoT Hub that enables you to create rich IoT applications just
by navigating through wizards.

A company that provides insights into the

movement and usage of trucks is scaling out its There’s no need to perform any coding or in-depth

business. Previously, the company tracked its assets configuration—IoT Central does all that for you,

by using custom code on a native phone app, which provisioning and configuring everything you need,

called a custom web service, and by polling GPS including Azure IoT Hub.

dongles attached to the trucks. This solution was

challenging to maintain because it was difficult You get the same capabilities as if you had created

to provision new assets with new devices, and the the solution from scratch, but without the need for

company needed to enroll a new customer that had years of programming experience. If you do want

more than 2,000 assets. more control over certain areas, you can always go
deeper and tweak the solution to your needs.

Now the company uses Azure IoT Hub for device

management and communication. It can use the
IoT Hub Device Provisioning Service to onboard
the 2,000 new devices and hook them up to a
specific IoT hub for that customer. The phone app
now uses Node.js and the Azure IoT Device SDK
 May The Developer’s 76
2019 Guide to Azure

Azure IoT
solution
accelerators
Azure I oT solution accelerators are a great place
to start building your IoT solution. Figure 5-1

These comprehensive, customizable templates

for common IoT scenarios do everything from Connect and monitor your devices with remote
monitoring and securing devices to providing a monitoring. Get better visibility into your devices,
user interface. They also help connect existing and assets, and sensors, wherever they’re located.
new devices. Figure 5-1 shows an example of a Collect and analyze real-time device data using
solution template. a preconfigured remote monitoring solution
accelerator that triggers automatic alerts and
actions on everything from remote diagnostics to
maintenance requests.

There are many more IoT solution accelerators, like

those that improve industrial efficiencies with a
connected factory, increase equipment reliability
with predictive maintenance, and develop and test
an IoT solution with device simulation.
 May The Developer’s 77
2019 Guide to Azure

Azure IoT Edge

These three components work together on
devices and in the cloud to run your workloads at
the intelligent edge.

It’s possible run many Azure services at the edge to

In modern IoT applications, data processing can
help with certain scenarios—and the list of available
occur in the cloud or on the device side. Device-side
services keeps growing. Table 5-1 lists just some
processing is referred to as “edge computing.”
of them.

You would use edge computing when you don’t

Table 5-1
want to or can’t rely on your connection to the
cloud, when you want to improve your application
Use this on Azure
performance by eliminating roundtrips to the cloud, If you want to
IoT Edge
or when you can’t communicate with the cloud
Build and deploy AI
from the device because of security, privacy, or models
Machine learning
regulatory reasons.
Customize computer
vision models for your Custom Vision Service
For scenarios such as these, use Azure IoT Edge. use case
Azure IoT Edge is managed from IoT Hub, enabling
you to move parts of your workload to the edge. Process real-time
Stream Analytics
streaming data
This reduces time spent by devices sending
messages to the cloud and allows offline scenarios Process events using
Functions
serverless code
as well as faster reactions to status changes.
Deploy a SQL Server
SQL Server databases
Azure IoT Edge is composed of the following database to the edge
components:
Comply with Industry
OPC Unified
4.0 interoperability
Architecture
• IoT Edge modules are containers that run standards
Azure services, third-party services, or your
own code. They’re deployed to IoT Edge devices Build custom logic Custom module

and execute locally on those devices.

• The IoT Edge runtime runs on each IoT Edge Once you start using Azure IoT Edge, you’ll be able

device and manages the modules deployed to to create fast applications that run machine learning

each device. algorithms locally and provide instant feedback on

their findings.
• IoT Hub exposes specific interfaces to remotely
monitor and manage IoT Edge devices available
through the Azure portal, the Azure CLI, or
the SDKs.
 May The Developer’s 78
2019 Guide to Azure

Azure they’re moving, you get a much better picture of

what the temperature data means. You can model

Digital Twins
the physical environment in which your IoT devices
reside with Azure Digital Twins. This service enables
you to create a graph of data that includes places,
people, and things—for instance, an office building
that contains a room with people and sensors.
In the world of IoT, you might work with many
IoT devices and sensors that function in connection With Azure Digital Twins, you can provide context
to people and objects. To really understand to data from various sources and relate them to
the data that IoT devices capture, you need to each other—for instance, the temperature and
understand the physical environment in which humidity data from sensors in the same room. This
the devices operate. allows you to query data in the context of a space
rather than from individual sensors.
For instance, if you have a temperature sensor, the
temperature data by itself doesn’t tell you that Azure Digital Twins also lets you to manage
much. However, when you know which room the permissions to data and devices in the context of
sensor is in, how large the room is, which other the physical world. You can use Azure AD to specify
devices are in the room and what data they capture, that certain users are able to access data only from
and how many people are in the room and how a certain physical location.

// Get started by finding

available rooms using Azure
Digital Twins.
 May The Developer’s 79
2019 Guide to Azure

Azure Sphere
However, it’s complex and challenging to secure
devices with embedded microcontrollers, as
evidenced by the many security incidents with
connected devices over the last years.

More and more devices contain microcontrollers

Azure Sphere provides a solution for securing
(single-chip computers) to make them smarter.
microcontroller-based devices. The Azure Sphere
This enables scenarios such as a washing machine
platform consists of a secure microcontroller
sending a routine maintenance notification to
chip, OS, and set of cloud services that connect to
the owner.
the microcontroller and update it as it runs. This
combination provides the basis for a connected,
secure world.

You can use the Visual Studio development tools to

develop applications that run on Azure Sphere. This
opens up the world of microcontroller development
to a much larger group of developers.

// Read more about Azure Sphere

 May The Developer’s 80
2019 Guide to Azure

Learn more
Azure IoT solutions are easy to use, and there are
many related resources, including:

about Azure IoT • Azure IoT School: This free online academy
provides comprehensive training for Azure IoT,
with a variety of courses ranging from beginner
to advanced.

• Building IoT Solutions with Azure:

This guided online learning experience takes
you through all the major Azure IoT concepts at
your own pace.

• Azure IoT application page: This resource

provides an overview of Azure IoT and
examples of how it can be used.

• Azure IoT solution accelerators: Use these

templates to get started with Azure IoT.

• Azure IoT Hub: This resource provides an

overview of Azure IoT Hub and examples of
how it can be used.

• Azure IoT Edge: This resource provides an

overview of Azure IoT Edge and an example of
how it can be used.

• Azure IoT technical videos: Learn more about

IoT on Channel 9.
 May The Developer’s 81
2019 Guide to Azure

What to use, Further reading

and when?
Learn more about using Azure for your IoT solution
in the following free e-books:

// Developer’s Guide to IoT

Now that you’ve read about the available Azure IoT

services, how do you know which service to use for // Designed to Disrupt
your scenario? Table 5-2 shows when you should
use each IoT option in Azure.

Table 5-2

Azure IoT
Azure IoT Azure IoT
Azure IoT Hub Solution
Central Edge
accelerators

Create an IoT solution with a lot of

control and by doing custom coding ●

Create an IoT solution without worrying about code

and management of Azure services ●

Create an IoT solution for a common scenario with

minimal configuration and coding ●

Run AI workloads locally on IoT devices ●* ●

All services have a free tier you can use to get started.

*Azure IoT Hub is required to manage Azure IoT Edge deployments and devices.
 February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 82
2018 adipiscing
2019 elit Guide to Azure

06 /
Mus ma dolor Duntiaspel is vel estotatem qui qui sitatio
nsedit, ea sere volor molupta dolut officto

duciuscit, odit blaut omnimenem fugitas et omnihil

lestibea veliquia conem estiae quidi aut

volupis as volo facearchilit quidelia peri conserrum, qui

utaquiasit utaquiae reperum re et fugitibus

eos et libusci re porepedit faciminciae lant et dolorpos et

volum se doloreh endigenis pratibus quis

duntem commo in natem.

es nit etur sit Sedicil labores citatem natem sedit autet

volorit, quos ut lameniatur? Um enimagnis

Where
dolum earum minctur simillab is arum quatinverro
te destibus, tem adis eum rehenia si
omnimusam veni nossita.

and how
to deploy
your Azure
services
 May The Developer’s 83
2019 Guide to Azure

How can
Azure deploy
your services?
Azure has an option for every type of organization,
including those who need Azure to be in their
own datacenter. You can deploy your applications
either in the public Azure cloud or on-premises in
Azure Stack choose how portable your applications
should be.

It’s also possible to develop apps in containers to

deploy them in containers to deploy them on-
premises or in another cloud, or by using Azure
Resource Manager templates to script your
complete infrastructure as code.

Let’s explore these options in more detail.

 May The Developer’s 84
2019 Guide to Azure

Infrastructure
It’s easy to create Azure Resource Manager
templates in Visual Studio and Visual Studio Code

as Code
using Azure Resource Group project templates.
You can also generate Azure Resource Manager
templates from the Azure portal by clicking the
Automation Script button, which is available on the
menu bar of every resource in the Azure portal.
Infrastructure as Code (IaC) captures environment This creates the Azure Resource Manager template
definitions as declarative code, such as JSON for the given resource and even generates code
documents, for automated provisioning and for building the resource using the Azure CLI,
configuration. All Azure services introduced in PowerShell, .NET, and others.
this guide are based on Azure Resource Manager,
which you can use to document your environment After you have an Azure Resource Manager
as IaC thanks to Azure Resource Manager template, you can deploy it to Azure by using
templates. These templates are JSON files that PowerShell, the Azure CLI, or Visual Studio.
describe what you want to deploy and what the Or you can automate its deployment
parameters are. in a continuous deployment (CD) pipeline using
Azure DevOps.

A great example of deploying resources to the

cloud using Azure Resource Manager is the
Deploy to Azure button found in many
GitHub repositories,

In addition to using Resource Manager for IaC,

you can bring your existing skills and tools such
as Ansible, Chef, and Terraform to provision and
manage Azure infrastructure directly.
 May The Developer’s 85
2019 Guide to Azure

Azure Blueprints
It’s easy to use Azure Resource Manager templates,
resource groups, user identities, and access rights
and policies to design and create a complete
infrastructure. But how do you keep all of these
things together? And how do you keep track of
which environments each piece of infrastructure has
been deployed to and which version of the artifact
is deployed now?

Organize all your infrastructure artifacts with

Azure Blueprints. Azure Blueprints provides a
mechanism that allows you to create and update
artifacts, assign them to environments, and define
versions. You can store and manage these artifacts
as well as manage their versions and relate them
to environments.

This will help you organize your infrastructure

and create a context for Azure Resource Manager
templates, user identities, resource groups,
and policies.

// Get started by defining and

assigning an Azure Blueprint
in the Azure portal.
 May The Developer’s 86
2019 Guide to Azure

Containers in Azure
“Containerization” is one of those technology exact same container configuration, so you know
buzzwords flying around in the news. But that the infrastructure is the same for everybody
containers are more than just buzz—they’re as it is in production. With containers, the age-old
actually very useful for running your applications. developer’s fallback statement—“works on my
A container is basically a lightweight VM that starts machine”—now means that it will also work
and stops much faster than a traditional VM and is in production.
therefore more useful for development, testing, and
running applications in production. There are many technologies for running
containers, including Docker. Azure can run and
The major benefit of containers is that an individual manage containers with Azure Container Instances
container is always the same. You run a container and Azure Kubernetes Service. You can also run
locally when you develop your app, and then use containers in Web App for Containers and in Azure
the same container configuration in the cloud Batch. Table 6-1 shows which service you might
and everywhere else. Your entire team uses the choose for various scenarios when using containers.

Table 6-1

Azure Kubernetes Azure Container Web App for Containers on

Service Instances Containers Azure Batch

For production deployments of complex

systems (with a container orchestrator) ●

For running simple configurations

(possibly without orchestrator) ● ●
For long-running workloads on
containers ● ●
For short-running workloads on
containers ● ●
For orchestrating a system
based on containers ●

Orchestrating with open-source

orchestrators Kubernetes ●

Orchestrating with built-in orchestrator

Using App Service features

like deployment slots ●
 May The Developer’s 87
2019 Guide to Azure

Azure Stack
You can run things like Azure App Service and
Virtual Machines on Azure Stack. Everything is
exactly the same as in the public cloud, except
that you’re running it on-premises. If you decide
to move to the public cloud, you can simply push
If you need your applications and data to remain
services from Azure Stack to Azure.
on-premises but still want to benefit from the
power that Azure has to offer, Azure Stack is the
Example: Azure Stack
product for you. Unique in the industry, Azure Stack
is an extension of Azure that you host in your own
To help with cruise tasks, a company that offers
environment. Essentially, it’s Azure in a box.
luxury cruise ship holidays has built various
software, including a cabin management
You use Azure Stack in the same way you use Azure,
application and a passenger management
with the same Azure portal experience and the
application. The entire cruise ship relies on these
same APIs which you can use with the Azure CLI,
applications. In the past, the applications were
PowerShell, or your favorite IDE.
running on servers carried aboard the cruise ships.
The company was forced to do it this way because
the cruise ships didn’t have a connection to the
internet for the whole journey.

The company found that running its applications

on-premises was cumbersome, as it had to
maintain VMs and operating systems and deal with
significant availability problems.

The company now runs its applications on Azure

Stack, which runs aboard the cruise ships. Azure
Stack provides the same services as Azure, so
application deployment and management
became much easier. The company also uses
Azure App Service to run its applications, which
allows it to focus on the applications rather than
on maintaining VMs and operating systems. Even
better, users enjoy the higher availability that’s part
of Azure, and therefore, part of Azure Stack.
 May The Developer’s 88
2019 Guide to Azure

Where to deploy,
and when?
If you want to deploy IaaS-based services (in If you want to deploy PaaS-based services (where
which you control the OS), consider these options: you have less control, but the platform does the
heavy lifting), consider these options:
• On-premises or anywhere else (like your local
PC or another cloud), you can use: • On-premises or anywhere else (like your local
PC or another cloud), you can use:
• Azure Stack (where you deploy services
like VMs) • Azure Stack (as you can deploy PaaS
services like App Service in Azure Stack)
• Any of the Azure container services (as
containers can run anywhere) • In the public Azure cloud, you can use:

• In the public Azure cloud, you can use: • Any Azure PaaS service that
you script as a Resource
• Containers (as containers also run in any of
Manager template
the Azure container services)

Further reading

Learn more about deploying your applications to

Azure and reducing costs in these free e-books:

// Cloud Migration Essentials

// Making the Most of the

Cloud Everywhere

// Effective DevOps

// Azure for Architects

 February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 89
2018 adipiscing
2019 elit Guide to Azure

07 /
Mus ma dolor Duntiaspel is vel estotatem qui qui sitatio
nsedit, ea sere volor molupta dolut officto

duciuscit, odit blaut omnimenem fugitas et omnihil

lestibea veliquia conem estiae quidi aut

volupis as volo facearchilit quidelia peri conserrum, qui

utaquiasit utaquiae reperum re et fugitibus

eos et libusci re porepedit faciminciae lant et dolorpos et

volum se doloreh endigenis pratibus quis

duntem commo in natem.

es nit etur sit Sedicil labores citatem natem sedit autet

volorit, quos ut lameniatur? Um enimagnis

Share your
dolum earum minctur simillab is arum quatinverro
te destibus, tem adis eum rehenia si
omnimusam veni nossita.

code, track
work, and ship
software
 May The Developer’s 90
2019 Guide to Azure

How can
• Azure Pipelines
Use Azure Pipelines to create build

Azure help you

and release pipelines that automate builds
and deployments.

plan smarter, • Azure Test Plans

Use Azure Test Plans to improve your overall

collaborate
code quality with manual and exploratory
testing services for your apps.

better, and ship • Azure Artifacts

Use Azure Artifacts to share code packages

your apps faster?

(like npm, NuGet, and Maven packages)
across your organization.

Let’s explore the Azure DevOps

services in more detail.
You’ve spent weekends or nights deploying new
versions of your applications. If so, you’ve probably
also spent a lot of time trying to fix the bugs that
keep users away from that new version. There’s a
better way.

Azure DevOps is a set of solutions that can help

automate your builds and deployments and
automatically test your code and apps
before launch.

To help you build, deploy, test, and track your

code and applications, Azure DevOps includes:

• Azure Boards
Use Azure Boards to plan, track, and discuss
work across teams.

• Azure Repos
Use Azure Repos to collaborate on code
development with free Git public and private
repositories, pull requests, and code review.
 May The Developer’s 91
2019 Guide to Azure

Azure Boards
The whole planning system is optimized for working
in an agile way. It even includes Kanban boards for
managing your work your work (Figure 7-1).

Everything can be customized to work best for your

Planning your work and tracking your progress are
teams, whether using scrum, another agile method,
important tasks—and Azure Boards can help you
or the Capability Maturity Model Integration
complete them.
(CMMI) process. You can create and manage tasks,
features, user stories, bugs, requirements, issues,
change requests, and more.

Try customizing your boards and creating charts

(like burndown charts or task lists) that show the
information you need. You can query work items
and progress, and then use these to customize your
boards, charts, and lists. From there, share them
Figure 7-1 or pin them on your Azure DevOps dashboard for
everyone to see.

In Azure Boards, you can create a complete backlog

of work items (like user stories) and plan them in // Try it out: Start using Azure
sprints so your team can work iteratively to finish Boards to track issues, tasks,
and epics
the tasks.
 May The Developer’s 92
2019 Guide to Azure

Azure Repos Azure Repos uses standard Git. This means that you
can use it with any Git tool and IDE, including Visual
Studio and Visual Studio Code as well as Git for
Windows, Mac, Eclipse, and IntelliJ.

Version control is essential for working together

When you follow the Git workflow, you usually
and ensuring that your most important asset—
begin by creating your own branch of the code to,
your code—is safely stored. Azure Repos is a set
for instance, add a feature. Once you finish this, you
of version control tools for storing your code and
commit your code to create a pull request for that
sharing it with your team. This is useful both for
branch and submit it to the server. Users can
teams and individual developers. Version control
see, review, test, and discuss this pull request. Once
keeps a history of your development so you can
it’s good enough to be pulled into the main branch,
review or even roll back to any version of your code.
the request is accepted, and your development
branch can be deleted.
Choose from the following two systems of version
control when using Azure Repos:
With Azure Repos, you have a rich toolset to
support the Git workflow. You can link work items
Git
like user stories or bugs to pull requests so you
know what each change is about. You can have
This is a widely used version control system among
discussions about committed code and even
developers and is also the basis for GitHub. Git
comment on changes within the code. Azure Repos
is a distributed version control system, meaning
also enables voting on changes in the code, so a
the complete source code (all versions of all files)
change only gets accepted once everyone on the
is on your machine—which makes it easy to work
team agrees to it.
offline. With Git, the source of truth is essentially
on everyone’s machine and is synchronized when
Azure Repos offers free and unlimited private
developers push their code to the Git server (in this
Git repositories.
case, Azure Repos).

// Get started by learning

how to code with Git
 May The Developer’s 93
2019 Guide to Azure

Team Foundation Version Control With TFVC on Azure Repos, everyone can download
the versions of code branches you create on the
Team Foundation Version Control (TFVC) is a server. Azure Repos also provides a rich toolset that
centralized version control system that ensures allows you to attach work items to code changes.
one source of truth is always kept on the server. It’s also possible to request and perform code
Developers usually have only one version of each reviews, so your team can discuss changes and
file on their machine, which makes it more difficult recommend updates before they’re merged into
to work offline. the main branch.

With TFVC, you can choose to work with the // Try it out: Start developing
following workspaces: and sharing your code in TFVC
using Visual Studio

Server workspaces: Developers publicly check

out files from the server so that only they can
make changes to that file. Once they are done,
they can check the changes back in and other
developers can check out the file to make
changes. This eliminates the need to merge
changes and removes the possibility
of code conflicts.

Local workspaces: Using these, developers

each have the latest version of the files on
their machine and can change each of them.
Once they are done making changes, they
check in the changes to the server and
resolve conflicts as necessary.
 May The Developer’s 94
2019 Guide to Azure

Azure Pipelines
integration tools like Jenkins or Spinnaker, you can
easily bring your existing builds and pipelines to
Azure and take advantage of dynamic agent plug-
ins to reduce infrastructure requirements and costs.

Once your code is in a repository like Azure Repos,

you can start to automate your build and release
processes with Azure Pipelines.

Azure Pipelines provides a lot of value in a small

amount of time. It enables continuous integration
(CI) for compiling and testing code when changes
come in, as well as continuous deployment (CD)
for deploying apps after changes are compiled Figure 7-2: Azure Pipelines: build pipeline

and tested successfully. We encourage every

organization to explore CI and CD, as these There are two ways of working with Azure Pipelines.
processes improve code quality and reduce You can create pipelines using the visual designer
deployment efforts. in the Azure DevOps portal, or you can use the
more advanced YAML-based approach. In this
Azure Pipelines can help with CI and CD by offering approach, you create a YAML code file, which
build and deployment pipelines. Each contains contains all the steps of the pipeline, and commit
steps to compile and test your code and deploy it that to source control.
to one or more environments. The beauty of Azure
Pipelines is that it works with any type of code, no The easiest way to get started is to use the visual
matter where you store it—from C# on Azure Repos designer. Let’s take a look at an example of a build
to Java on BitBucket and anything else. and release pipeline:

Azure Pipelines works very well with Azure services Build pipeline: The build pipeline (or CI pipeline) in
to deploy your application in an Azure web app, Figure 7-2 shows a list of tasks that will be executed
for instance. It also works with any service that when this pipeline runs. The pipeline is configured
runs in any other environment, such as Google to run as soon as new changes are committed to
Cloud, Amazon, or even on-premises in your own Azure Repos. It will take the code in Azure Repos
datacenter. If you’re already using continuous (which is a Node.js app), build a Docker container
 May The Developer’s 95
2019 Guide to Azure

image from it, and push that to Azure Container

Registry. From there, Helm can use it to compile
the image into a package that can be deployed on
Azure Kubernetes Service.

Note that you can configure which hosts run your

pipelines for you. On the right side of the image,
Figure 7-3
you can see that this particular pipeline will run on
a hosted pool of Ubuntu machines. There are also
Linux and Windows hosts available, and even a as the production environment). This means you
hosted MacOS that you can use to build your iOS can automate everything and leave the decision to
apps. This is just one example of a build pipeline. release into production up to a manager based on
It’s possible to create one for every imaginable test results for previous steps in the pipeline.
application. You can also integrate tests,
including unit tests and static code tests, into Make your pipelines as simple or complex as you
the build pipeline. want. Ideally, you want to automate as much as
you can, from the creation and destruction of your
Release pipeline: The release pipeline (or CD infrastructure to the deployment and testing of
pipeline) executes as soon as the build pipeline your application. Pipeline tasks are available for
runs successfully, though you can also configure it almost everything, and you can access more tasks
to be triggered manually. The release pipeline in as extensions to Azure DevOps in the Visual
Figure 7-3 contains nine tasks that first create an Studio marketplace.
Azure Kubernetes Service cluster and then deploy
the Helm package that was produced in the build // Get started with Azure
pipeline to the cluster. Pipelines by creating your
first pipeline
Figure 7-3 shows the steps in the development
stage. Stages are like environments. You can
configure a stage for your development, test, and
production environments and so on. You can also
configure things like predeployment approvals,
which require someone to approve the release of
an application into a specific environment (such
 May The Developer’s 96
2019 Guide to Azure

Azure Test Plans

To improve the quality of your applications, use
Azure Test Plans to define test plans and then
create and execute manual and exploratory tests. Figure 7-4

Azure Test Plans provide the tooling to author tests,

execute them, record feedback, and track
From the context of the test, the tester can also
the test results.
create a bug that needs to be solved.

In Azure Test Plans, start by creating a test plan.

To ensure stakeholders’ expectations are in line
This contains multiple test suites and test cases.
with your plan, Azure Test Plans also enable you to
A test case can be an exploratory test, in which
request feedback for work items like user stories.
the application is explored to see if it works as
This enables stakeholders to take a look at what you
expected; a guided manual test, in which test steps
propose and provide feedback in the form of text,
and expected outcomes are described in detail; or
attachments, video, or voice.
an automated test. You can even record test steps
by recording clicks in an application and letting
Perhaps most importantly, Azure Test Plans provide
Azure Test Plans automate those clicks into a test.
dashboards and charts on the progress and status
You can also incorporate stress and load tests into
of the tests in your project. You can use these to
your build and release pipelines. Test cases are
see what the quality of your application is and how
work items, just like user stories and tasks, and can
it progresses over time. This can help you identify
therefore be scheduled within an iteration.
features that aren’t ready to be deployed.

Once you’ve created a test (Figure 7-4), a tester

// Get started with Azure Test
can run it. In a manual test, for example, the tester
Plans by creating manual
uses the test tool to run through the test steps and test cases
record findings, including the screen, the tester’s
voice, screenshots, and attachments. The tester
passes or fails each step of the test.
 May The Developer’s 97
2019 Guide to Azure

Azure Artifacts
Follow these simple steps to use Azure Artifacts:

1. Create an Azure Artifacts feed.

2. Publish your package to the feed.

Because packages offer functionality that you don’t
3. Consume the feed in your favorite IDE,
have to build yourself, you probably use a lot of
such as Visual Studio.
them in your applications. And you likely access
them from just as many sources: NuGet, npm,
Maven, and more. But what if your team creates // Try it now: Get started
packages that you want to only use internally? with Python packages in
Azure Artifacts
Where do you host them securely, and how do
you share them? Azure Artifacts provides this
capability. Azure Artifacts is a package feed that
Further reading
allows you to host packages that you create and
secure them for your organization.
If you want to improve the quality of your
software and learn more about automating your
You can host all sorts of packages on Azure
build and release processes, download and read
Artifacts, including NuGet, npm, Maven, Python,
these free e-books:
and Universal Packages. You can even use the
Azure Artifacts feed to store packages from public
// Effective DevOps
sources, like nuget.org and npmjs.com. When you
store packages from public sources on your feed,
// Continuous Delivery in Java
you’ll be able to keep using them even if they’re no
longer available on the public feed. This is especially
// Azure for Architects
useful for mission-critical packages.
 February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 98
2018 adipiscing
2019 elit Guide to Azure

08 /
Mus ma dolor Duntiaspel is vel estotatem qui qui sitatio
nsedit, ea sere volor molupta dolut officto

duciuscit, odit blaut omnimenem fugitas et omnihil

lestibea veliquia conem estiae quidi aut

volupis as volo facearchilit quidelia peri conserrum, qui

utaquiasit utaquiae reperum re et fugitibus

eos et libusci re porepedit faciminciae lant et dolorpos et

volum se doloreh endigenis pratibus quis

duntem commo in natem.

es nit etur sit Sedicil labores citatem natem sedit autet

volorit, quos ut lameniatur? Um enimagnis

Azure
dolum earum minctur simillab is arum quatinverro
te destibus, tem adis eum rehenia si
omnimusam veni nossita.

in action
 May The Developer’s 99
2019 Guide to Azure

Walk-through #1:
The Application Insights service tiles show
information like active alerts, live data coming in,

The Azure portal

active users in the past 24 hours, and availability.
You can customize a tile’s size and information
as well as the appearance of charts by adjusting

experience timelines and displaying data in different formats,

such as lines or bars. You can also pin tiles directly to
your dashboards so that they’re the first thing you
see when you enter the portal (Figure 8-2). You can,
One of the most important Azure tools is the for instance, pin tiles from the service metrics you
central hub—the Azure portal. Most things you can use to create a monitoring dashboard to share with
do in the Azure portal can also be done through the your team or display on a physical monitor.
Azure API, the Azure CLI, and Azure PowerShell.

The Azure portal is a dashboard with tiles. It’s easy

to create and customize dashboards, and then share
them with team members.

Figure 8-2
Tiles in the Azure portal

Tiles, shown in Figure 8-1, display information for Adding services

a service or act as a shortcut to a service. They
appear throughout the portal in the pages of all You can find and add services in the Azure portal in
the services. They’re a useful way to get a quick several ways.
overview of how a service is doing.
To create new services, select the plus sign in the
upper-left corner of the portal window. This opens
the search box for the marketplace, where you’ll
find everything from web apps to Linux servers, as
Figure 8-1 shown in Figure 8-3.
 May The Developer’s 100
2019 Guide to Azure

Figure 8-3 Figure 8-5

When you find the service you want from the search down. You can also select which ones you want to
results, as shown in Figure 8-4, a wizard takes you see by expanding the favorites menu and selecting
through configuring and deploying it. the star symbol next to those categories.
.
Understanding blades

Pages in Azure are also called blades, and you can

pin them to your dashboards. When you open a
web app, you first see the Overview blade, as shown
in Figure 8-6.

This blade provides tools to stop, start, and restart

Figure 8-4
the web app and display tiles showing its metrics,
such as number of requests and errors. When you
You can use the search box at the top of the portal choose another menu item, a new blade opens.
to search through all your resources and go directly Blades always open in context. For example, if you
to them (Figure 8-5). The favorites menu is in the open the Deployment Slots blade and select Create
pane on the left side of the portal. New Deployment Slot, a new blade appears to the
right of the Deployment Slots blade, preserving the
This menu displays the resource categories, such as context you’re in.
Azure App Service, represented by their icons. You
can rearrange the icons by dragging them up and
 May The Developer’s 101
2019 Guide to Azure

as see what the resources in the group cost. It’s

common practice to bundle related services in a
resource group so that they’re easier to secure.

1. In the Azure portal, in the upper-left corner,

select Create A New Service.

2. In the search box, type Windows Server

virtual machine.
Figure 8-6
3. Click Windows Server 2016 Datacenter.

4. Click Create. The Create Virtual Machine

Creating a new VM
Wizard opens.

Let’s use the Azure portal to create a new VM. Once 5. Choose a name for the VM.
we’ve done so, we’ll shut it down and remove it so
that you don’t continue to pay for it. 6. Choose the disk type. SSD provides a faster VM
but is more expensive. For this walk-through,

A word about resource groups choose SSD.

7. Type a username.
The VM will be deployed in a resource group, a
logical container that holds resources. All Azure 8. Select Password for the authentication type.
resources reside inside resource groups. You can
9. Type a password and confirm.
manage the security of a resource group as well
10. In the Resource Group box, type a new name.
 May The Developer’s 102
2019 Guide to Azure

11. Choose the location of the VM, and 14. Review the summary, agree to the terms, and
then click OK. then click Create.

12. Choose the VM size. There are many sizing It usually takes just a few minutes for the VM to
options for VMs. VM performance determines be deployed. When you navigate to the VM in the
the cost. Use the wizard to select how many Azure portal, you can configure it further and log in
cores and how much memory you want, and using Remote Desktop Protocol (RDP).
choose options based on that. In addition, there
are other features that come with size options,
such as:

• Type of hard drive (SSD or normal HDD).

• The amount of max input/output Figure 8-7

operations per second (IOPS). This
determines the performance of the VM To log in to the VM using RDP, click Connect in the
in a significant way, especially if your VM’s Overview blade in the Azure portal (Figure
applications read and write extensively 8-7). This triggers a download of the RDP file you
from and to the hard drive. can use to connect to the VM.

• The amount of data drives that can be

Cleaning up the walk-through resources
installed in the VM.

• The ability to perform load balancing. When you’re finished with the VM, shut it down
and remove it by deleting the resource group
• The graphics card installed in the VM.
that we created when we generated the VM. This
This is useful if you need to execute
contains the VM and all other resources that are
substantial graphics rendering or a
automatically created. Once the resource group is
heavy computational workload.
deleted, you no longer pay for any of the resources
13. After you select the size, you can configure that you’ve used in this walk-through.
additional settings like the virtual network, IP
address, and extensions on the machine. For
now, leave everything as is and select OK.
 May The Developer’s 103
2019 Guide to Azure

Walk-through #2: Creating a web app and database using

the Azure portal

Developing a web To host the .NET Core application, we’ll create a new
web app in the Azure portal.

app and database 1. In the Azure portal, select Create

on Azure A New Service.

2. Search for Web App. The Web App blade

opens. Select Create. The Web App Create
blade opens.
In this walk-through, we’ll deploy a simple .NET
Core application that connects with SQL database. 3. Type a name for the web app.
Then, we’ll host it in Web Apps.
4. Create a new resource group by giving
it a name.
To follow along, you’ll need Git v2 or higher, .NET
Core, and Visual Studio Code installed on your 5. Leave the OS selection as Windows.
device. We’ll also use a sample ASP.NET Core MVC
6. Select or create an App Service Plan,
application to manage a to-do list.
and then select Create.

Services like Web Apps run on Azure App Service

Plans. App Service Plans are an abstraction of
resources and features, like CPU and memory, and
are represented in pricing tiers.

App Service Plans are also bound to a specific

geographic region that you choose. You can, for
instance, run your Web Apps application in an App
Service Plan of pricing tier S1, which has 1 core and
1.75 GB RAM, as shown in Figure 8-8.

Figure 8-8
 May The Developer’s 104
2019 Guide to Azure

You can run as many App Services on an App 7. Select a pricing tier. For development and test
Service Plan as you want, but note that you need to purposes, the Basic tier is sufficient.
share resources among all the App Services.
8. Click Create. The database will now be created.

To host the database, we’ll create a SQL database. 9. Navigate to the SQL database and click Show
This works the same as a local SQL Server database Database Connection String.
and now runs fully managed in Azure.
10. Make note of the connection string because
1. In the Azure portal, click Create A New Service. you’ll need it later in this tutorial.

2. Search for SQL Database and click it to open Running the .NET Core app locally
the SQL Database blade. Click Create. The
Create SQL Database blade opens. Let’s run the app locally before we run it in Azure.
The app can run locally because by default, it uses
3. Type a database name.
a SQLite database, which is a self-contained SQL
4. Select the resource group that you created for database engine.
the web app.
1. Open a command prompt and navigate to a
5. Leave the source as Blank database.
directory you want to use as your source code
6. Click Server to create a new SQL directory for this project.
database server.
2. Run the following commands to get the source
a. Type a name for the server. code and navigate to the project folder:

b. Type the server admin login. This is the

git clone https://github.com/azure-samples/
username for the server. dotnetcore-sqldb-tutorial

c. Type the password that you’ll use to log on cd dotnetcore-sqldb-tutorial

to the server.

d. Confirm the password. 3. The project uses Entity Framework Core to

populate its database. To ensure the database
e. Choose a location. Choose the same is up to date and to run the application locally,
location that you selected for the App execute the following commands:
Service Plan.

f. Click Select to submit the new server dotnet restore

configuration. dotnet ef database update

dotnet run
 May The Developer’s 105
2019 Guide to Azure

4. The app should now be running, and the URL to Connecting the local web app to the
the app (such as http://localhost:5000) should database running in Azure
be in the output in the command window
You now have a working application running
5. Navigate to that URL in a browser. This will load
locally. Before we deploy it to Azure, we’ll change
the application, which will look like that shown
the source code so that it can connect to the
in Figure 8-9. Now you can create new to-do
SQL database.
items by selecting the Create New link.

6. Close the application by closing the command 1. In your local source code repository, find the
window or pressing Ctrl+C. Startup.cs file and locate the following code:

servicesAddDbContext<MyDatabaseContext>
(options => options.UseSqlite
(“Data Source=localdatabase.db”));

2. Replace the code with the following code,

which will connect to the Azure SQL database:

// Use SQL Database if in Azure, otherwise,

use SQLite

if(Environment.
GetEnvironmentVariable(“ASPNETCORE_
ENVIRONMENT”) == “Production”)

services.
AddDbContext<MyDatabaseContext>(options =>
Figure 8-9
options.UseSqlServer(Configuration.
GetConnectionString(“MyDbConnection”)));
else

services.
AddDbContext<MyDatabaseContext>(options =>

options.UseSqlite(“Data
Source=localdatabase.db”));

// Automatically perform database migration

services.BuildServiceProvider().
GetService<MyDatabaseContext>().Database.
Migrate();
 May The Developer’s 106
2019 Guide to Azure

This code looks at the environment in which it’s 6. Create a new connection string named
running and changes its database connection MyDbConnection. The value should be
based on that information. When running in the the connection string to the SQL database
production environment (Azure, in this case), (including username and password) you saved
the code will get the connection string for the earlier when you created the database.
database from the MyDbConnection variable,
7. Click Save. The application settings in the
which we’ll configure in Azure.
Azure portal should look like those shown in
Figure 8-10.
The code also runs the Database.Migrate()
method, which executes the Entity
Framework Core migrations that
we previously ran manually.

3. Save your changes and run the following

commands to commit the changes to your local Figure 8-10
Git repository:
Deploying the web app to Azure
git add .
We’ll use Git to push the application to Azure.
git commit -m “connect to SQLDB in Azure”
To connect the local Git repository to Azure, you
must have a deployment user configured on the
Now we’ll configure the connection string server (Azure Web App) to authenticate your
variable in Azure. deployment. The deployment user is account
level and is different from your Azure subscription
4. In the Azure portal, navigate to the web app
account. You need to configure this deployment
that we created earlier.
user only once.
5. Navigate to Application settings.
1. In the Azure portal, navigate to the Azure
Cloud Shell by selecting the button in the top
bar that looks like this:
 May The Developer’s 107
2019 Guide to Azure

2. The Azure Cloud Shell enables you to use 6. Once the remote target is added to the Git
the Azure CLI in the cloud and manages repository, you can push your code to it by
authentication. When the Cloud Shell is fully running the following command. You’ll need
loaded, run the following command to create to enter credentials to be able to push code to
the deployment user. Replace the <username> Azure. Use the username and password you
and <password> values with ones you create. used to create the deployment user.
Make note of the username and password
because you’ll need them later. git push azure master

az webapp deployment user set --user-name Pushing the source code to Azure might take
<username> --password <password>
a few minutes the first time. Once complete,
navigate to the URL of your Azure web app,
3. The command results in a JSON output. If you which will look like this: http://<app_ name>.
receive a ‘Conflict’. Details: 409 error message, azurewebsites.net
change the username. If you receive a ‘Bad
7. Add some to-do items in the application to test
Request’. Details: 400 error message, create a
its connection to the database.
stronger password.
Now you have a working application
Now we’ll push the source code from the local
running in Azure.
Git repository to the Azure web app.

4. Open the command prompt on your

local machine.

5. Add an Azure remote to your local Git

repository by using the remote Git URL:

a. Replace <username> with the username

you used to create the deployment user.

b. Replace <app_name> with the name of the

Azure web app.

c. Use the URL to run the following command:

git remote add azure <deploymentLocalGitUrl>

 May The Developer’s 108
2019 Guide to Azure

Walk-through #3:
We’ll set this up using the Logic Apps feature
of Microsoft Azure App Service and the

Extending
Language Understanding Intelligent Service
(LUIS), as follows:

applications with • The .NET Core app writes the to-do item in the
SQL database.

Logic Apps and • The logic app is triggered by every new row
created in the database.

Cognitive Services • The logic app takes the to-do item text
and passes it to the Language
Understanding service.
A powerful feature of our application is its ability
• The Language Understanding service analyzes
to analyze the content of to-do items and then
the text and creates a calendar item in your
automatically create calendar appointments for
Office 365 calendar if the text contains a date
tasks that include a specific date.
and time.

For example, if a user creates a to-do item We don’t have to change our application to add this
with the text “family dinner next Friday at 7:00 PM,” functionality. Logic Apps and Cognitive Services
the application will create a calendar item for that are additional services that simply analyze the data
specific Friday at 7:00 PM with the subject that’s already there.
“family dinner.”
Let’s get started.
 May The Developer’s 109
2019 Guide to Azure

Creating the Language 10. Click Create new app.

Understanding service
11. Type a name.

We’ll first create the Language Understanding 12. Click Done.

service so that we can use it later in our logic app.
We’ll keep our model for this example simple—we We’re now in the Language Understanding portal
won’t build it out, so it’ll be ready for every variation and can build a language model. We want the
users might need for a date in a to-do item. You can Language Understanding service to understand the
add to the model yourself instead of using the one phrase “family dinner next Friday at 7 PM.” To do
we create. that, we’ll first add some entities, which are items in
the text the service will recognize.
1. In the Azure portal, select Create A
1. Click Entities.
New Service.
2. Click Manage Prebuilt Entities.
2. Search for Language Understanding and select
it in the search results to open the Language 3. Select Datetimev2 and keyPhrase.
Understanding blade. Select Create. The
Create Language Understanding blade opens. 4. Click Done. We now have two entities that will
recognize text for us.
3. Type a name.
5. Click Intents.
4. Select a pricing tier (any will do for this
walk-through). 6. Click Create new Intent.

5. Create a new resource group 7. Type a name like “Add to-do calendar item,”

called datedetection. which is the intent we want to detect in the text.

6. Click Create. 8. Click Done.

7. Navigate to the Language Understanding

service once it’s created.

8. By default, the service opens to the Quick

Start blade. From here, select Language
Understanding Portal.

9. If needed, sign in using Sign In at the

top-right corner.
 May The Developer’s 110
2019 Guide to Azure

Now you can enter utterances. These are sample 15. The model is now published to production.
texts that represent the intent we want to detect. Scroll down to Resources and Keys and make
note of the key string you’ll find there because
9. Enter “family dinner next Friday at 7 PM” to
we’ll need it for our logic app.
represent the intent of adding a to-do item to
the calendar.
Creating the logic app
10. Because we’ve already added two entities,
The logic app we create will be triggered by the
the text in the utterance is analyzed and
new rows of to-do items written in SQL Database.
recognized as these entities, as shown in Figure
It will then take the value of each to-do item and
8-11. The text “family dinner” is recognized as
send it to the Language Understanding service to
a keyPhrase. The text “next Friday at 7 PM” is
be analyzed. If the Language Understanding service
recognized as datetimev2.
finds a date in the item, it will create a new calendar
11. Let’s use this model to train the service and event in your Office 365 account.
publish it. Select Train in the upper-right corner
Let’s create the logic app:
of the screen.
1. In the Azure portal, click Create A New Service.
keyPhrase datetimev2
2. Search for Logic App and click it in the search
Figure 8-11 results to open the Logic App blade. Click
Create. The Create Logic App blade opens.
• This performs machine learning training
and builds a machine learning model based 3. Type a name.
on what we’ve just entered.
4. Select the resource group that you created for
• To test if the service works as expected, the Language Understanding service.
type “family dinner next Friday at 7 PM” in
5. Choose a location.
the Test window next to the Train button.
6. Click Create.
12. Now that we have a working service, we need
to publish this model to production. Click 7. When the logic app is created, you’ll see a quick
Publish in the menu (next to the Train button) start page that asks if you want to start the
to bring up the Publish page. logic app from a template (Figure 8-12). Choose
Blank Logic App.
13. Leave the slot as Production.

14. Click Publish.

 May The Developer’s 111
2019 Guide to Azure

5. Click Create. This creates the connection and

saves it in your Azure subscription. You can
reuse this connection in other logic apps.

6. Select the table that we want to monitor—the

To-do table.

7. Select an interval and a frequency. Some logic

app triggers need to poll to be triggered,
whereas others have their information pushed
Figure 8-12
to them.

We now need to create a trigger for the logic app. Now the logic app will be triggered every time we

1. Search for SQL. enter a new to-do item.

2. Select the When an item is created task. This Next, we’ll add another action for the logic app.
will ask for the connection to the SQL database
(Figure 8-13). 1. Click the plus sign under the SQL task, and then
select Add an action to add the next action
(Figure 8-14).

Figure 8-13

3. In this case, the correct SQL Server is already Figure 8-14

selected because there’s only one. You might
have to select the appropriate server. 2. Search for LUIS, which will bring up the
Language Understanding service. Select the
4. Enter a name for the connection, and then
LUIS Get prediction action. It will ask for a
type the username and password of the SQL
connection to a Language Understanding
database that we created earlier.
service.
 May The Developer’s 112
2019 Guide to Azure

3. Type a name for the connection. 16. Select the App ID as we did earlier.

4. Paste in the connection key you saved when we 17. Select builtin.datetimev2 for the desired entity.
published the Language Understanding model.
18. Select the LUIS Prediction object for the
5. Click Create. luisPredictionObject field.

6. Select the App ID that you created in the 19. Below this action, add another one for
Language Understanding portal. Get entity by type.

7. Select the description from the SQL task as the 20. Select the App ID.
input for the Utterance field.
21. Select builtin.keyPhrase for the desired entity.
8. Select the Add to-do calendar item for the
22. Select the LUIS Prediction object for the
desired intent. This will output whether the task
luisPredictionObject field.
contains a date.
23. Create a new action while still in the if true
9. Click the plus sign, and then click Add a
box. Search for Office 365 and then select the
condition. We’ll test whether the text contains a
Create Event V2 action. This can create an
date by checking if the desired intent was true.
event in your Office 365 calendar.
If the text does contain a date, we’ll create a
calendar event. If it doesn’t, we won’t 24. Note that this requires a connection to
do anything. Office 365. Click add new connection and
log in with your Office 365 credentials. The
10. In the condition, select the Is Desired Intent
logic app will keep your connection in your
value from the Language Understanding task
Azure subscription.
for the value.
25. Select the calendar to create the event.
11. Leave the is equal to statement as is.
26. In the End Time and Start Time fields, select
12. Add true in the value textbox.
the Entity Value from the action where you
13. The condition appears in both the if true filter the datetimev2 entity.
and if false boxes. In the if true box, create a
27. In the Subject field, select the Entity Value from
new action.
the action where you filter the keyPhrase entity.
14. Search for LUIS as we did earlier.
28. Save the logic app flow. The if yes box should
15. Select the Get entity by type action. This is a look similar to that shown in Figure 8-15.
Language Understanding action that extracts
29. Navigate to the to-do app URL, which
an entity based on its type from the Language
is the URL of your web app from the
Understanding results.
previous walk-through.
 May The Developer’s 113
2019 Guide to Azure

30. Create a new to-do item with the text “family

dinner next Friday at 7 PM.” This should create
an event in your calendar.

In addition to checking your calendar, you can

see how the logic app ran by reviewing the Runs
History. You can access the Runs History when you
open the logic app from the Azure portal. From the
Runs History, you can resubmit the value to run it
again through the logic app.

This example shows you can extend an application

with Azure services just through configuration,
without changing the code.

We’ve kept this example simple so it’s easy to follow

in this walk-through. In a real-world scenario, the
Language Understanding model should be more
Figure 8-15 robust to be able to understand more utterances.
In addition, you could have the logic app trigger on
edits of to-do items, not only on their creation.
 May The Developer’s 114
2019 Guide to Azure

Walk-through
#4: Ready for
production Figure 8-16

5. Use the URL that appears on the screen to set a

With your application running, you can now use remote destination for the local Git repository.
Azure to make it more robust and easier to update. You can do this in the command window.

6. Use the cd command to change to the directory

Setting up continuous
of the application source code.
delivery with GitHub
7. Run the following command:
So far, we’ve been pushing code from our local
Git repository to Azure. This is fine if you work git remote add github https://github.com/
alone, but if you work on a team, you’ll need bmaluijb/test.git

another type of source control, like Azure DevOps

Repos or GitHub.
8. Run the following command to push the code
We’ll use GitHub to push our code and then link to GitHub:
that to our web app so changes are deployed
automatically in a continuous delivery pipeline.
git push github

Let’s get started.

With that, the code is in GitHub, and you can share
1. Log in from https://github.com/new to create it with your team.
a new repository in GitHub.

2. Type a name for the repository.

3. Leave the other settings as they are (public

repository, don’t create a README).

4. Create the repository, which should look similar

to that shown in Figure 8-16.
 May The Developer’s 115
2019 Guide to Azure

Let’s now set up continuous delivery using the

Deployment Options feature of Web Apps through
the Azure portal. Note that we can also use the
Continuous feature in Web Apps directly, but that
requires an Azure DevOps Services account. Figure 8-17

1. In the Azure portal, go to the web app that

Setting up staging environments
hosts the .NET Core to-do app.
Using Azure App Service Web Apps, you can set
2. On the menu bar, click Deployment Options.
up a staging slot to test new versions of your
3. It’s possible that this is already configured application through deployment slots. Deployment
for the local Git repository. If this is the case, slots are App Services with which you can test your
click Disconnect. code before you promote it to the next slot.

4. In Choose Source, select GitHub. There are deployment slots for staging, load
testing, and production, which is always the original
5. In the Authorization section, authorize Azure
App Service—in our example, the .NET Core web
to use GitHub by selecting Authorize and
app. In fact, you can have as many deployment slots
granting permission.
as you want without incurring additional costs.
6. In the Choose Project section, choose the
The deployment slots all run in the same App
GitHub repository that you just created.
Service Plan, which is what you pay for. Keep in
7. Leave the branch set to master. mind that having additional deployment slots in an
App Service Plan will consume resources like CPU
8. Click OK.
and memory.
9. Return to the Deployment Options menu. You
You create new deployment slots from the
can now see that GitHub is connected. From
Deployment Slots menu item in the web app.
this point, whenever you push a new version
You need to run the web app in the standard or
of source code to GitHub, it will be built and
premium pricing tier because the free plan doesn’t
deployed to the web app automatically. This
come with any deployment slots.
is shown in Figure 8-17, which illustrates the
Deployment Options blade. You can also force
this process by clicking Sync.
 May The Developer’s 116
2019 Guide to Azure

In each deployment slot you create, you can 8. Disconnect the CD connection in the
configure the deployment options as we did earlier original .NET Core web app. This way, when
to deploy code automatically. You can even work you push new code, it’s delivered only into the
on different source code branches for different staging slot.
environments and automatically deploy specific
9. In the .NET Core app, change some text in the
branches to specific deployment slots.
Index.cshtml file in the Views/Home folder.
Additionally, you can test your final version in
10. Commit it to Git and push it to GitHub, just like
a deployment slot and then swap it with the
when you deployed the .NET Core app.
version in the production slot. This warms up
the application before it swaps, resulting in a The new version is now in the staging slot and
deployment with no downtime. not in the original web app, which we call the
production slot. You can verify this by navigating to
Let’s see how to create a deployment
the URL of the .NET Core web app and to the URL of
slot and swap to it.
the staging slot, which you can find in the Overview
1. In the Azure portal, go to the web app that blade of the slot.
hosts the .NET Core app.
Now let’s put the new version into production.
2. On the menu bar, click Deployment Slots.
1. In the Azure portal, go to the .NET
The Deployment Slots blade opens.
Core web app.
3. Click the plus sign to create a new
2. On the menu bar, select Deployment Slots to
deployment slot.
open the Deployment Slots blade.
4. Type a name for the slot, for example, “staging.”
3. Click Swap to open the Swap blade. Leave all
5. Choose the .NET Core web app as the settings as they are.
configuration source. This copies the
4. Click OK to initiate the swap.
application settings to the new slot.
Once the swap is complete, the new version of the
6. Click OK to create the slot, which is similar to
.NET Core web app is in production. You can test it
the original web app.
by navigating to the URL of the Node.js web app.
7. Set up CD for the slot, just as you did for the Using deployment slots in this way is beneficial
web app. because you can test the new version before it goes
into production and then deploy it to production
with no downtime.
 May The Developer’s 117
2019 Guide to Azure

Using diagnostic logs Now you need to configure your application to

send data to Application Insights.
An efficient way to monitor an app is by using
6. In the Visual Studio Code menu, select Project
diagnostic logs to see live diagnostic logging from
> Add Application Insights Telemetry…
the web app. You can even pipe the logs into the
console window. To do this, run the following 7. This opens the Application Insights wizard. Log
command in the Azure Cloud Shell: in with your Azure account.

8. Select an Application Insights pricing plan.

az webapp log tail --name <app_name>
--resource-group <myResourceGroup> 9. Click Register. This automatically adds
everything you need to the .NET Core project
and creates the Application Insights resource
You’ll see logging when you use the application in
in Azure.
the web app to generate some traffic.
10. Build the project and push the changes
Setting up monitoring and alerts to GitHub so they’re deployed to the web
app. When the deployment is complete, the
Azure Monitor Application Insights provides application will send data to
another powerful way to track applications. This Application Insights.
monitoring tool provides information about your
application, such as how many visitors used it, how By default, Application Insights performs smart
many exceptions occurred, and where in the code detection. This feature detects when something is
they happened. Unlike diagnostic logs, Application wrong—such as a sudden increase in failed requests
Insights requires a nominal fee. or when the application is unusually slow—and
alerts you. You can also create your own custom
Let’s set up Application Insights.
events for all sorts of metrics and conditions in the
1. Go to the Azure portal and then to the web app Alerts menu of Application Insights, as shown in
that hosts the .NET Core app. Figure 8-18.

2. On the menu bar, click Application Insights.

3. Select Create New Resource.

Figure 8-18
4. Type a name and select a location for the
Application Insights instance.

5. Click OK. Application Insights will be deployed

and start to collect data for the application.
 May The Developer’s 118
2019 Guide to Azure

11. To check if Application Insights is working Adding Secure Sockets Layer

properly, go to the Azure portal, find the
When an app is ready for production, you need
Application Insights resource, and select it.
to confirm that it’s secure. Besides authentication
You’ll see the overview, which shows basic
and authorization, serving the web application
metrics like server response time, page view
over HTTPS is one of the most important security
load time, and number of server requests and
measures you can take. This is because without
failed requests. You should see some data,
HTTPS, intruders could see the traffic among your
indicating that Application Insights is working.
resources and use this information for malicious
purposes like signing in to your application.
Scaling the web app Additionally, HTTPS is a requirement for leading-
edge features like service workers.
When you have many users, you need Web Apps to
scale up to accommodate increased traffic. When Serving traffic to your web app over Secure
it’s not busy, you need it to scale back to save costs. Sockets Layer (SSL) is possible by importing an SSL
You can do this with the Automatic Scaling feature certificate into Web Apps and binding it to one of
of App Service. You need to run Web Apps in the your custom domain names. You can either import
standard or premium pricing tier to use this feature. your own SSL certificate or purchase one through
Azure App Service Certificates. This service
Web Apps has a menu item called Scale Out, as
makes it easy to buy and validate certificates. After
shown in Figure 8-19. You can use this to scale out
importing the certificate, couple it to one of the
manually or automatically. Scaling out means you
domain name bindings of your web app. You can
add more instances of your application to handle
do all this from the SSL Certificates menu in the
the load.
web app.

Notifying users about new versions

Your business will benefit from making users aware

of new production releases. By extending the
continuous integration/continuous delivery (CI/CD)
process in Azure builds, you can use a Logic Apps
workflow to manage social media communication,
Figure 8-19 like sending out tweets or publishing posts with
release notes.
 February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 119
2018 adipiscing
2019 elit Guide to Azure

09 /
Mus ma dolor Duntiaspel is vel estotatem qui qui sitatio
nsedit, ea sere volor molupta dolut officto

duciuscit, odit blaut omnimenem fugitas et omnihil

lestibea veliquia conem estiae quidi aut

volupis as volo facearchilit quidelia peri conserrum, qui

utaquiasit utaquiae reperum re et fugitibus

eos et libusci re porepedit faciminciae lant et dolorpos et

volum se doloreh endigenis pratibus quis

duntem commo in natem.

es nit etur sit Sedicil labores citatem natem sedit autet

volorit, quos ut lameniatur? Um enimagnis

Summary
In this guide, we introduced the
dolum earum minctur simillab is arum quatinverro
power that Azure can bring to your
te destibus, tem adis eum rehenia si
applications. Using Azure, you can do
omnimusam veni
incredible nossita.
things with your apps—

and
employ facial and speech recognition,
manage your IoT devices in the cloud,
scale as much as you want—and pay

resources
only for what you use.

You’ve learned that Azure has services

for almost every scenario, so it can help
you no matter which programming
language you use or what platform
you write applications for. We hope
you continue to consult this e-book to
become better acquainted with the vast
range of Azure services and determine
which ones best fit your needs.

Thanks to the wealth of prebuilt

solutions in Azure, the days of having to
write complicated plumbing are over.
Free yourself up to work on the things
that matter to you by taking advantage
of all that Azure offers.
 May The Developer’s 120
2019 Guide to Azure

Keep learning
with Azure
With your Azure free account, you get all of
this—and you won’t be charged until you
choose to upgrade:

• 12 months of popular free services.

• $200 credit to explore any Azure service

for 30 days.

• 25+ services always free.

• Get started with Azure: Watch these short

tutorials on how to use Azure and start
building projects right away. You can also join
our weekly webinar, which provides demos
of Azure basics and provides ongoing access
to experts.

• Microsoft Learn: Learn new skills and discover

the power of Microsoft products with step-
by-step guidance. Start your journey today by
exploring our learning paths and modules.

• Azure Friday, Take a look at Azure Services and

features with the Microsoft engineering team.

• Azure.Source: Keep current on what’s

happening in Azure, including news and
updates, what’s now in preview, and what’s
generally available.

• Azure Tips and Tricks: Browse a collection

of useful ideas to help you become more
productive with Azure.
 May The Developer’s 121
2019 Guide to Azure

Free resources extravaganza • Developers Guide to IoT: E-book that

provides an overview of Azure IoT services
In addition to this guide, there are many other and gets you started.
free resources about Azure, including:
• Azure for Architects: Comprehensive guide for
• Learn Azure in a Month of Lunches: Practical Azure architects.
way to learn Azure from scratch over a month
of lunches. • Developer’s Guide to Building AI Applications:
Practical guide for creating your first intelligent
• Azure Serverless Computing Cookbook: bot with AI.
E-book about everything serverless in Azure.
• Designed to Disrupt: Inspiration and guidance
• Designing Distributed Systems: E-book on on how transformational changes are possible
building containerized applications, with and how to achieve them.
hands-on labs on Azure Kubernetes Service.
• Practical Microsoft Azure IaaS: Tips and best
• Containerize Your Apps with Docker practices on how to migrate on-premises
and Kubernetes: Practical guide for moving systems to the cloud with Azure.
applications to the cloud with Docker
and Kubernetes. • Enterprise Cloud Strategy: Proven methods
for moving your enterprise to a cloud
• Guide to NoSQL with Azure Cosmos DB: computing strategy.
E-book on building responsive, mission-critical
apps with Azure Cosmos DB. • Cloud Migration Essentials: E-book on how
to simplify your path to the cloud while
• Effective DevOps: Practical guide for improving minimizing risk and impact to your business.
collaboration across teams, promoting efficient
use of tools, and using the concepts of DevOps. • Making the Most of the Cloud
Everywhere: E-book that focuses on unified
development and modernization practices in
hybrid environments.

http://www.azure.com/free
 May The Developer’s 122
2019 Guide to Azure

About the
authors

Michael and Barry are passionate about Azure and Michael Crump works at Barry Luijbregts is an
Microsoft on the Azure independent software
encourage you to reach out to them on Twitter for platform and is a coder, architect and developer with
questions regarding this book. blogger, and international a passion for the cloud and
speaker on various cloud authors courses for Pluralsight.
development topics. He’s
passionate about helping You can reach Barry on Twitter
developers understand the @AzureBarry and through
benefits of the cloud in a no- his website at https://www.
nonsense way. azurebarry.com/.

You can reach Michael on

Twitter @mbcrump, follow
his blog at https://www.
michaelcrump.net/, or catch up
on a recent post in the Azure
Tips and Tricks series.

PUBLISHED BY Microsoft Press, A division of Microsoft Corporation

One Microsoft Way, Redmond, Washington 98052-6399

Copyright © 2019 by Microsoft Corporation. All rights reserved. No part of

the contents of this book may be reproduced or transmitted in any form or by
any means without the written permission of the publisher.

Microsoft Press books are available through booksellers and distributors worldwide.
If you need support related to this book, email Microsoft Press Support at mspinput@
microsoft.com. Please tell us what you think of this book by taking this survey.

This book is provided “as-is” and expresses the author’s views and opinions. The
views, opinions and information expressed in this book, including URL and other
Internet website references, may change without notice. Some examples depicted
herein are provided for illustration only and are fictitious. No real association or
connection is intended or should be inferred.

Microsoft and the trademarks listed at www.microsoft.com on the “Trademarks”

webpage are trademarks of the Microsoft group of companies. All other marks are
property of their respective owners.
February Lorem
May ipsum dolor sit
Theamet,
Developer’s
consectetur 123
2018 adipiscing
2019 elit Guide to Azure