access control
with Azure Conditional Access, 220–221
RBAC (role-based access control), 223–227
ACI (Azure Container Instances), 56–58
Active Directory. See Azure Active Directory
agility of cloud services, 4–6
AI (artificial intelligence), 107–110
AKS (Azure Kubernetes Service), 58–59
alerts in Azure Monitor, 165–169
analytics. See data analytics
Apache Spark, 97
App Service. See Azure App Service
application failures, 3
Application Insights, 3
architectural components, 26–42
ARM (Azure Resource Manager), 38–42
ARM (Azure Resource Manager), 38–42
Azure portal and, 140
benefits of, 41
RBAC (role-based access control) and, 226
ARM API, 39
ARM templates, 31, 33, 40–41, 74, 237
Artifical General Intelligence (strong AI), 107
Artifical Narrow Intelligence (weak AI), 107
artificial intelligence (AI), 107–110
assignments with Azure Conditional Access, 220
authentication, 214
Azure Active Directory, 214–220
MFA (multifactor authentication), 221–223
RBAC (role-based access control), 223–227
authorization, 214
Azure Active Directory, 214–220
Azure Conditional Access, 220–221
RBAC (role-based access control), 223–227
Auto-Scale, 6
availability
of cloud services, 2–4. See also fault tolerance
with ExpressRoute, 64
Azure
architectural components, 26–42
ARM (Azure Resource Manager), 38–42
Azure Machine Learning, 110–111
Azure Cost Management, 261–264
factors affecting costs, 254–255
total cost of ownership calculator, 258–261
tags, 236
authentication and authorization, 214
Azure Active Directory, 214–220
Azure Conditional Access, 220–221
MFA (multifactor authentication), 221–223
RBAC (role-based access control), 223–227
NSGs (Network Security Groups), 195–200
privacy and compliance resources, 242–248
Azure soveriegn regions, 247–248
Cloud Adoption Framework for Azure, 244
Microsoft privacy statement, 243–244
STP (Service Trust Portal), 245–247
Trust Center, 244
Azure Security Center, 180–184
SLAs (service-level agreements), 264–269
ACI (Azure Container Instances), 56–58
AKS (Azure Kubernetes Service), 58–59
Azure Database for MySQL, 72
Azure Database for PostgreSQL, 72
container (blob) storage, 64
storage tiers, 66
virtual networks (VNets), 61–63
Windows Virtual Desktop, 60–61
Azure Active Directory, 142, 214–220
Azure AD B2C, 219
Azure Bastion, 203
Azure blog, 29
Azure China, 248
Azure Cloud Shell, 141, 152–156
Azure Conditional Access, 220–221
Azure Container Instances (ACI), 56–58
Azure Cost Management, 261–264
Azure Data Lake Storage, 98
Azure Database for MySQL, 72
Azure Database for PostgreSQL, 72
Azure Database Migration Service (DMS), 71
Azure File Sync, 66
Azure Germany, 248
Azure Kubernetes Service (AKS), 58–59
Azure Log Analytics, 189
Azure Machine Learning, 110–111
Azure Resource Manager. See ARM (Azure Resource Manager)
Azure Security Center, 180–184
Azure Stack, 20
Azure Status page, 30
Azure Storage
Azure Files and, 65
container (blob) storage, 64
Azure Synapse Studio, 98
BCDR (Business Continuity and Disaster Recovery) plans, 7
big data, 97
billing zones, 255
blob storage, 64
Bot Service. See Azure Bot Service
C2D (cloud-to-device) messaging, 84
“castle approach” (defense in depth), 194–195
channels in Azure Bot Service, 114
chat services with Azure Bot Service, 112–114
Clarke, Arthur C.107
Cloud Adoption Framework for Azure, 244
cloud computing, defined, 17
cloud services
fault tolerance, disaster recovery, 6–7
scalability, elasticity, agility, 4–6
service type comparison, 15–16
shared responsibility model, 9
cloud-to-device (C2D) messaging, 84
Cloudyn, 262
clusters
in Azure Databricks, 102
in Azure Synapse, 97
column NoSQL database systems, 67
commands
in PowerShell Az module, 149–150
community cloud model, 16
Azure soveriegn regions, 247–248
Cloud Adoption Framework for Azure, 244
disaster recovery and, 7
Microsoft privacy statement, 243–244
STP (Service Trust Portal), 245–247
Trust Center, 244
compute nodes, 97
Computer Vision, 112
consumption-based model, 8
containers
blob storage, 64
explained, 56
Azure Machine Learning, 110–111
Azure Cost Management, 261–264
factors affecting costs, 254–255
total cost of ownership calculator, 258–261
costs. See also pricing tiers
VM billing, 48
D2C (device-to-cloud) messaging, 84
dashboard (in portal)
customizing, 146
data analytics
with HDInsight, 99
Data Box, 64
data lakes, 98
data modeling, 100
Data Movement Service (DMS), 97
data warehouses, 98
Database Migration Service (DMS), 71
Database Transaction Unit (DTU), 70
Databricks ML Model Export, 107
Databricks Runtime ML (Databricks Runtime for Machine Learning), 105–106
datasets in Azure Databricks, 104
DDoS (distributed denial of service) attacks, 207–209
decision APIs, 112
declarative syntax, 40
deleting resources, 33
desktop virtualization with Windows Virtual Desktop, 60–61
device groups in IoT Central, 93–95
Device Provisioning Service (DPS), 85
device twins, 84
device-to-cloud (D2C) messaging, 84
Direct Line, 114
directory roles, 214
distributed denial of service (DDoS) attacks, 207–209
DMS (Data Movement Service), 97
DMS (Database Migration Service), 71
document NoSQL database systems, 67
DoD Impact Level 5 Provisional Authorization, 248
DPS (Device Provisioning Service), 85
DTU (Database Transaction Unit), 70
economic benefits of cloud services, 7–8
edge devices, 63
effects in Azure Policy, 232
elasticity of cloud services, 4–6
FIPS (Federal Information Processing Standard) 140, 185
flow record for NSGs, 199
functions
defined, 118
GDPR (General Data Protection Regulation), 243
general availability, 269, 271
tags, 236
graph NoSQL database systems, 67
guest users, 216
Hadoop, 98
HBase, 98
high availability
of cloud services, 2–4. See also fault tolerance
with ExpressRoute, 64
horizontal scaling, 5
HSMs (hardware security modules), 184–185
HttpTrigger functions, 122
IaaS (Infrastructure-as-a-Service), 9–11, 15
identities, 214
authentication and authorization, 214
Azure Active Directory, 214–220
Azure Conditional Access, 220–221
MFA (multifactor authentication), 221–223
RBAC (role-based access control), 223–227
images, 56
inbound rules for NSGs, 197–199
Infrastructure-as-a-Service (IaaS), 9–11, 15
initiatives, 229
installing
PowerShell Az module, 148
PowerShell on Linux or macOS, 148
Interactive Query, 98
Internet, public cloud model and, 17
invoices, viewing, 35
IoT (Internet of Things)
IP addresses, public, 62
ISO 27001 standard, 243
JIT (just-in-time) access, 181–184
jobs in IoT Central, 94
jumpboxes, 201
Kafka, 98
keyboard shortcuts in Azure Databricks, 104
key-value NoSQL database systems, 67
language APIs, 112
lifecycle of services, 269–271
limits on subscriptions, 34
Log Analytics, 189
machine learning
with Azure Machine Learning, 110–111
with Cognitive Services, 111–112
Machine Learning Studio, 110
managed disks, 65
managed instances, 71
Markdown, 103
meters, 254
MFA (multifactor authentication), 221–223
Microsoft privacy statement, 243–244
Microsoft Remote Desktop, 158
Microsoft Threat Intelligence, 181
MLeap, 106
moving resources, 33
MSEE (Microsoft Enterprise Edge routers), 63–64
multifactor authentication (MFA), 221–223
multitenant environment, 17
MySQL, 72
natural-language understanding, 108
network bandwidth pricing, 255
NSGs (Network Security Groups), 195–200
OAUTH hardware tokens, 223
on-premises model, 7
outbound rules for NSGs, 199
output bindings, 122
PaaS (Platform-as-a-Service), 11–14, 15
planned maintenance, 48
planning
with Azure Blueprints, 237–242
Azure Cost Management, 261–264
factors affecting costs, 254–255
total cost of ownership calculator, 258–261
plans in Azure App Service, 52–54
Platform-as-a-Service (PaaS), 11–14, 15
Playbooks, 193
policies
in Azure DevTest Labs, 139
PostgreSQL, 72
Power Automate, 123
power outages, 4
power supplies for datacenters, 27–28
PowerShell, installing on Linux or macOS, 148
previewing web apps in Azure Cloud Shell, 154–155
pricing tiers. See also cost management; costs
Azure Active Directory, 219–220
for Azure Security Center, 180
network bandwidth, 255
Azure soveriegn regions, 247–248
Cloud Adoption Framework for Azure, 244
Microsoft privacy statement, 243–244
STP (Service Trust Portal), 245–247
Trust Center, 244
private cloud model, 16, 18–19
productionalizing machine-learning pipeline, 106
“Profiles of the Future” (Clarke), 107
proxies, 118
public IP addresses, 62
public previews, 270
purchasing models for single database, 70
R Server, 98
RBAC (role-based access control), 223–227
regional pairs, 27
regions
factors affecting costs, 254
zones for, 255
relational databases, 66
MySQL, 72
PostgreSQL, 72
SQL Server, 68
reliant system problems, 4
remote access to IaaS VMs, 10
resource providers, 39
resources. See also ARM (Azure Resource Manager)
deleting, 33
moving, 33
opening in portal, 144
tags, 236
viewing, 142
role-based access control (RBAC), 223–227
roles, 224
in IoT Central, 91
route tables for firewalls, 203–206
rules
in IoT Central, 93
SaaS (Software-as-a-Service), 14, 15
scalability of cloud services, 4–6
fault tolerance versus, 6
scope, 224
Azure Security Center, 180–184
identity services
authentication and authorization, 214
Azure Active Directory, 214–220
Azure Conditional Access, 220–221
MFA (multifactor authentication), 221–223
RBAC (role-based access control), 223–227
NSGs (Network Security Groups), 195–200
Trust Center, 244
service dependencies, 41
service principals, 215, 218, 227
service tags for NSGs, 199–200
Service Trust Portal (STP), 245–247
service-level agreements (SLAs), 2, 264–269
“Seven Properties of Highly Secured Devices” (Microsoft white paper), 95
shared responsibility model, 9, 243
SIEM (Security Information and Event Management), 188
signing in to PowerShell Az module, 148–149
simulated devices in IoT Central, 90
single databases, 70
single sign-on (SSO), 218
single-tenant environment, 18
SLAs (service-level agreements), 2, 264–269
slots, 118
SOAR (Security Orchestration, Automation, and Response), 188
Software-as-a-Service (SaaS), 14, 15
Spark, 98
speech APIs, 112
spoke networks, 201
SQL Data Warehouse, 97
SQL Server, 68
SSO (single sign-on), 218
stateful firewalls, 201
storage tiers, 66
Storm, 98
STP (Service Trust Portal), 245–247
strong AI, 107
subscription IDs, 37
limits on, 34
setting active, 149
types of, 37
Synapse SQL, 97
tags, 236
TCO (total cost of ownership) calculator, 258–261
testing with Azure DevTest Labs, 133–139
threat intelligence in Azure Firewall, 207
tiers. See pricing tiers
Trust Center, 244
unexpected downtime, 48
unmanaged disks, 65
unplanned maintenance, 48
update domains, 49
user principals, 227
vCore (virtual core), 70
vertical scaling, 5
Video Indexer, 112
viewing
invoices, 35
resources, 142
tags, 236
virtual networks (VNets), 61–63
virtual private networks (VPNs), 63
Visual Studio, 39
VMs (virtual machines), 3–4, 42–52
in Azure DevTest Labs, 133–139
billing, 48
connecting via Azure mobile app, 158
downtime, 48
VNets (virtual networks), 61–63
VPNs (virtual private networks), 63
weak AI, 107
web apps
previewing in Azure Cloud Shell, 154–155
webhooks, 122
Windows 10 Multi-User, 61
Windows Active Directory, 214
Windows Virtual Desktop (WVD), 60–61
workflows in Logic Apps, 123, 128
ACI (Azure Container Instances), 56–58
AKS (Azure Kubernetes Service), 58–59
Azure Database for MySQL, 72
Azure Database for PostgreSQL, 72
container (blob) storage, 64
storage tiers, 66
zonal services, 30
zone redundant services, 31
zones, regions in, 255
13.59.199.250