A

access control

with Azure Conditional Access, 220–221

RBAC (role-based access control), 223–227

resource locks, 232–235

ACI (Azure Container Instances), 56–58

action groups, 168–169

actions, 123, 168–169

Active Directory. See Azure Active Directory

agility of cloud services, 4–6

AI (artificial intelligence), 107–110

AKS (Azure Kubernetes Service), 58–59

alerts in Azure Monitor, 165–169

analytics. See data analytics

Apache Spark, 97

API types, 67–68

App Service. See Azure App Service

application failures, 3

Application Insights, 3

architectural components, 26–42

ARM (Azure Resource Manager), 38–42

availability zones, 28–31

management groups, 37–38

regions, 26–28

resource groups, 31–33

subscriptions, 33–37

ARM (Azure Resource Manager), 38–42

Azure portal and, 140

benefits of, 41

RBAC (role-based access control) and, 226

ARM API, 39

ARM templates, 31, 33, 40–41, 74, 237

artifacts, 133, 135, 237

Artifical General Intelligence (strong AI), 107

Artifical Narrow Intelligence (weak AI), 107

artificial intelligence (AI), 107–110

assignments with Azure Conditional Access, 220

authentication, 214

Azure Active Directory, 214–220

MFA (multifactor authentication), 221–223

RBAC (role-based access control), 223–227

authorization, 214

Azure Active Directory, 214–220

Azure Conditional Access, 220–221

RBAC (role-based access control), 223–227

Auto-Scale, 6

availability

of cloud services, 2–4. See also fault tolerance

with ExpressRoute, 64

availability sets, 30, 48–51

availability zones, 28–31

Azure

architectural components, 26–42

ARM (Azure Resource Manager), 38–42

availability zones, 28–31

management groups, 37–38

regions, 26–28

resource groups, 31–33

subscriptions, 33–37

core solutions, 82–139

Azure Bot Service, 112–114

Azure Databricks, 100–107

Azure DevOps, 130–133

Azure DevTest Labs, 133–139

Azure Functions, 115–122

Azure Machine Learning, 110–111

Azure Sphere, 95–96

Azure Synapse, 96–98

Cognitive Services, 111–112

Event Grid, 129–130

HDInsight, 98–100

IoT Central, 87–95

IoT Hub, 82–87

Logic Apps, 123–128

serverless computing, 114–115

cost management, 253–264

Azure Cost Management, 261–264

factors affecting costs, 254–255

pricing calculator, 256–257

total cost of ownership calculator, 258–261

governance features, 227–242

Azure Blueprints, 237–242

Azure Policy, 228–232

resource locks, 232–235

tags, 236

identity services, 213–227

authentication and authorization, 214

Azure Active Directory, 214–220

Azure Conditional Access, 220–221

MFA (multifactor authentication), 221–223

RBAC (role-based access control), 223–227

management tools, 139–172

Azure Advisor, 159–161

Azure CLI, 150–152

Azure Cloud Shell, 152–156

Azure mobile app, 156–159

Azure Monitor, 161–169

Azure portal, 140–147

Azure PowerShell, 148–150

Azure Service Health, 170–172

network security, 194–209

Azure Firewall, 200–207

DDoS Protection, 207–209

defense in depth, 194–195

NSGs (Network Security Groups), 195–200

privacy and compliance resources, 242–248

Azure soveriegn regions, 247–248

Cloud Adoption Framework for Azure, 244

Microsoft privacy statement, 243–244

STP (Service Trust Portal), 245–247

Trust Center, 244

security features, 179–194

Azure Security Center, 180–184

Azure Sentinel, 188–194

Key Vault, 184–188

service lifecycle, 269–271

SLAs (service-level agreements), 264–269

workload products, 42–75

ACI (Azure Container Instances), 56–58

AKS (Azure Kubernetes Service), 58–59

Azure App Service, 52–55

Azure Database for MySQL, 72

Azure Database for PostgreSQL, 72

Azure Files, 65–66

Azure Marketplace, 72–75

Azure SQL Database, 68–71

container (blob) storage, 64

Cosmos DB, 66–68

disk storage, 64–65

ExpressRoute, 63–64

storage tiers, 66

virtual networks (VNets), 61–63

VMs (virtual machines), 42–52

Windows Virtual Desktop, 60–61

Azure Active Directory, 142, 214–220

Azure AD B2B, 216, 219

Azure AD B2C, 219

Azure Advisor, 159–161

Azure App Service, 13, 52–55

plans, 52–54

web apps, 54–55

Azure Artifacts, 131, 133

Azure Bastion, 203

Azure blog, 29

Azure Blueprints, 237–242

Azure Boards, 131, 132

Azure Bot Service, 112–114

Azure China, 248

Azure CLI, 150–152

Azure Cloud Shell, 141, 152–156

Azure Conditional Access, 220–221

Azure Container Instances (ACI), 56–58

Azure Cost Management, 261–264

Azure Data Lake Storage, 98

Azure Database for MySQL, 72

Azure Database for PostgreSQL, 72

Azure Database Migration Service (DMS), 71

Azure Databricks, 100–107

Azure DevOps, 130–133

Azure DevTest Labs, 133–139

Azure File Sync, 66

Azure Files, 65–66

Azure Firewall, 200–207

Azure Functions, 115–122

Azure Germany, 248

Azure Government, 247–248

Azure Kubernetes Service (AKS), 58–59

Azure Log Analytics, 189

Azure Machine Learning, 110–111

Azure Marketplace, 72–75

Azure mobile app, 156–159

Azure Monitor, 161–169

Azure Pipelines, 131, 133

Azure Policy, 228–232

Azure portal, 140–147

Azure PowerShell, 148–150

Azure Repos, 131, 132–133

Azure Resource Manager. See ARM (Azure Resource Manager)

Azure Security Center, 180–184

Azure Sentinel, 188–194

Azure Service Health, 170–172

Azure Sphere, 95–96

Azure SQL Database, 68–71

Azure Stack, 20

Azure Status page, 30

Azure Storage

Azure Files and, 65

container (blob) storage, 64

Azure Synapse, 96–98

Azure Synapse Studio, 98

Azure Test Plans, 131, 133

B

BCDR (Business Continuity and Disaster Recovery) plans, 7

beta offerings, 269–270

big data, 97

billing zones, 255

blob storage, 64

blueprints, 237–242

Bot Service. See Azure Bot Service

C

C2D (cloud-to-device) messaging, 84

“castle approach” (defense in depth), 194–195

channels in Azure Bot Service, 114

chat services with Azure Bot Service, 112–114

Clarke, Arthur C.107

Cloud Adoption Framework for Azure, 244

cloud computing, defined, 17

cloud model, 8, 16

hybrid cloud, 19–20

private cloud, 18–19

public cloud, 17–18

cloud services

benefits of, 1–8

economic benefits, 7–8

fault tolerance, disaster recovery, 6–7

high availability, 2–4

scalability, elasticity, agility, 4–6

service type comparison, 15–16

shared responsibility model, 9

Cloud Shell, 141, 152–156

cloud-to-device (C2D) messaging, 84

Cloudyn, 262

clusters

in Azure Databricks, 102

in Azure Synapse, 97

in HDInsight, 98–100

Cognitive Services, 111–112

column NoSQL database systems, 67

commands

in Azure CLI, 150–152

in Azure Cloud Shell, 152–156

in PowerShell Az module, 149–150

community cloud model, 16

compliance, 242–248

Azure soveriegn regions, 247–248

Cloud Adoption Framework for Azure, 244

disaster recovery and, 7

Microsoft privacy statement, 243–244

STP (Service Trust Portal), 245–247

Trust Center, 244

Compliance Manager, 245–247

composite SLAs, 268–269

compute nodes, 97

Computer Vision, 112

Conditional Access, 220–221

connectors, 123, 189–192

consumption-based model, 8

containers

in AKS, 58–59

blob storage, 64

explained, 56

running, 56–58

core solutions, 82–139

Azure Bot Service, 112–114

Azure Databricks, 100–107

Azure DevOps, 130–133

Azure DevTest Labs, 133–139

Azure Functions, 115–122

Azure Machine Learning, 110–111

Azure Sphere, 95–96

Azure Synapse, 96–98

Cognitive Services, 111–112

Event Grid, 129–130

HDInsight, 98–100

IoT Central, 87–95

IoT Hub, 82–87

Logic Apps, 123–128

serverless computing, 114–115

Cosmos DB, 66–68

cost management, 253–264

Azure Cost Management, 261–264

factors affecting costs, 254–255

pricing calculator, 256–257

total cost of ownership calculator, 258–261

costs. See also pricing tiers

Azure App Service, 52–54

factors affecting, 254–255

viewing, 33, 35

VM billing, 48

custom images, 51, 136–137

D

D2C (device-to-cloud) messaging, 84

dashboard (in portal)

creating new, 146–147

customizing, 146

data analytics

with Azure Synapse, 96–98

with HDInsight, 99

Data Box, 64

data lakes, 98

data modeling, 100

Data Movement Service (DMS), 97

data warehouses, 98

database API types, 67–68

Database Migration Service (DMS), 71

Database Transaction Unit (DTU), 70

Databricks, 100–107

Databricks ML Model Export, 107

Databricks Runtime ML (Databricks Runtime for Machine Learning), 105–106

datacenters, 27–28

datasets in Azure Databricks, 104

DDoS (distributed denial of service) attacks, 207–209

DDoS Protection, 207–209

decision APIs, 112

declarative syntax, 40

defense in depth, 194–195

deleting resources, 33

desktop virtualization with Windows Virtual Desktop, 60–61

device groups in IoT Central, 93–95

Device Provisioning Service (DPS), 85

device twins, 84

device-to-cloud (D2C) messaging, 84

DevTest Labs, 133–139

Direct Line, 114

directory roles, 214

disaster recovery, 6–7

in availability zones, 28–29

in regions, 27–28

disk encryption keys, 187–188

disk storage, 64–65

distributed denial of service (DDoS) attacks, 207–209

DMS (Data Movement Service), 97

DMS (Database Migration Service), 71

Docker, 13, 56

document NoSQL database systems, 67

DoD Impact Level 5 Provisional Authorization, 248

DPS (Device Provisioning Service), 85

DTU (Database Transaction Unit), 70

E

economic benefits of cloud services, 7–8

edge devices, 63

effects in Azure Policy, 232

elastic pools, 70–71

elasticity of cloud services, 4–6

encryption with Key Vault, 184–188

Event Grid, 129–130

ExpressRoute, 63–64

F

fault domains, 48–49

fault tolerance, 6–7

FIPS (Federal Information Processing Standard) 140, 185

firewalls, 200–207

flow record for NSGs, 199

formulas, 136–138

Function Apps, 115–119, 127

functions

creating, 120–121

defined, 118

G

GDPR (General Data Protection Regulation), 243

general availability, 269, 271

geographies, 26, 27

governance, 227–242

Azure Blueprints, 237–242

Azure Policy, 228–232

resource locks, 232–235

tags, 236

graph NoSQL database systems, 67

guest users, 216

H

Hadoop, 98

HBase, 98

HDInsight, 98–100

high availability

of cloud services, 2–4. See also fault tolerance

with ExpressRoute, 64

horizontal scaling, 5

HSMs (hardware security modules), 184–185

HttpTrigger functions, 122

hub-and-spoke configuration for firewalls, 201–202

hybrid cloud model, 16, 19–20

I

IaaS (Infrastructure-as-a-Service), 9–11, 15

identities, 214

identity services, 213–227

authentication and authorization, 214

Azure Active Directory, 214–220

Azure Conditional Access, 220–221

MFA (multifactor authentication), 221–223

RBAC (role-based access control), 223–227

images, 56

inbound rules for NSGs, 197–199

Infrastructure-as-a-Service (IaaS), 9–11, 15

initiatives, 229

installing

PowerShell Az module, 148

PowerShell on Linux or macOS, 148

Interactive Query, 98

Internet, public cloud model and, 17

invoices, viewing, 35

IoT (Internet of Things)

Azure Sphere, 95–96

IoT Central, 87–95

IoT Hub, 82–87

IoT Central, 87–95

IoT Hub, 82–87

IP addresses, public, 62

ISO 27001 standard, 243

J

JIT (just-in-time) access, 181–184

jobs in IoT Central, 94

jumpboxes, 201

K

Kafka, 98

Key Vault, 184–188

keyboard shortcuts in Azure Databricks, 104

key-value NoSQL database systems, 67

Kubernetes, 58–59

L

language APIs, 112

lifecycle of services, 269–271

limits on subscriptions, 34

locks, 232–235

Log Analytics, 189

Logic Apps, 123–128, 193

M

machine learning

in Azure Databricks, 100–107

with Azure Machine Learning, 110–111

with Cognitive Services, 111–112

explained, 108–110

Machine Learning Studio, 110

managed disks, 65

managed identities, 215, 223

managed instances, 71

management groups, 37–38

management tools, 139–172

Azure Advisor, 159–161

Azure CLI, 150–152

Azure Cloud Shell, 152–156

Azure mobile app, 156–159

Azure Monitor, 161–169

Azure portal, 140–147

Azure PowerShell, 148–150

Azure Service Health, 170–172

Markdown, 103

meters, 254

MFA (multifactor authentication), 221–223

Microsoft privacy statement, 243–244

Microsoft Remote Desktop, 158

Microsoft Threat Intelligence, 181

MLeap, 106

mobile app (Azure), 156–159

moving resources, 33

MSEE (Microsoft Enterprise Edge routers), 63–64

multifactor authentication (MFA), 221–223

multitenant environment, 17

MySQL, 72

N

natural-language understanding, 108

network bandwidth pricing, 255

network outages, 2–3

network security, 194–209

Azure Firewall, 200–207

DDoS Protection, 207–209

defense in depth, 194–195

NSGs (Network Security Groups), 195–200

Network Security Groups (NSGs), 63, 195–200

NIST 800–53 standard, 243

NoSQL databases, 66–67

notebooks in Azure Databricks, 103–104

O

OAUTH hardware tokens, 223

on-premises model, 7

outbound rules for NSGs, 199

output bindings, 122

P

PaaS (Platform-as-a-Service), 11–14, 15

planned maintenance, 48

planning

with Azure Blueprints, 237–242

for cost management, 253–264

Azure Cost Management, 261–264

factors affecting costs, 254–255

pricing calculator, 256–257

total cost of ownership calculator, 258–261

plans in Azure App Service, 52–54

Platform-as-a-Service (PaaS), 11–14, 15

Playbooks, 193

policies

in Azure DevTest Labs, 139

in Azure Policy, 228–232

portal (Azure), 140–147

PostgreSQL, 72

Power Automate, 123

power outages, 4

power supplies for datacenters, 27–28

PowerShell, installing on Linux or macOS, 148

PowerShell Az module, 148–150

preview offerings, 269–270

previewing web apps in Azure Cloud Shell, 154–155

pricing calculator, 256–257

pricing tiers. See also cost management; costs

Azure Active Directory, 219–220

for Azure Security Center, 180

DDoS Protection, 208–209

for IoT Hub, 86–87

network bandwidth, 255

privacy, 242–248

Azure soveriegn regions, 247–248

Cloud Adoption Framework for Azure, 244

Microsoft privacy statement, 243–244

STP (Service Trust Portal), 245–247

Trust Center, 244

private cloud model, 16, 18–19

private previews, 269–270

productionalizing machine-learning pipeline, 106

“Profiles of the Future” (Clarke), 107

proxies, 118

public cloud model, 16, 17–18

public IP addresses, 62

public previews, 270

purchasing models for single database, 70

R

R Server, 98

RBAC (role-based access control), 223–227

regional pairs, 27

regions

availability zones, 28–31

explained, 26–28

factors affecting costs, 254

zones for, 255

relational databases, 66

Azure SQL Database, 68–71

MySQL, 72

PostgreSQL, 72

SQL Server, 68

reliant system problems, 4

remote access to IaaS VMs, 10

resource groups, 31–33

resource locks, 232–235

resource providers, 39

resources. See also ARM (Azure Resource Manager)

costs, viewing, 33, 35

deleting, 33

moving, 33

opening in portal, 144

tags, 236

viewing, 142

role assignments, 224–226

role-based access control (RBAC), 223–227

roles, 224

in IoT Central, 91

route tables for firewalls, 203–206

rules

in Azure Policy, 228–232

for firewalls, 205–207

in IoT Central, 93

for NSGs, 195–200

S

SaaS (Software-as-a-Service), 14, 15

scalability of cloud services, 4–6

fault tolerance versus, 6

scale sets, 51–52

scope, 224

security, 179–194

Azure Security Center, 180–184

Azure Sentinel, 188–194

with Azure Sphere, 95–96

identity services

authentication and authorization, 214

Azure Active Directory, 214–220

Azure Conditional Access, 220–221

MFA (multifactor authentication), 221–223

RBAC (role-based access control), 223–227

Key Vault, 184–188

network security, 194–209

Azure Firewall, 200–207

DDoS Protection, 207–209

defense in depth, 194–195

NSGs (Network Security Groups), 195–200

resource locks, 232–235

Trust Center, 244

security principals, 223, 227

Sentinel, 188–194

serverless computing, 114–115

service dependencies, 41

service lifecycle, 269–271

service principals, 215, 218, 227

service tags for NSGs, 199–200

Service Trust Portal (STP), 245–247

service-level agreements (SLAs), 2, 264–269

“Seven Properties of Highly Secured Devices” (Microsoft white paper), 95

shared responsibility model, 9, 243

SIEM (Security Information and Event Management), 188

signing in to PowerShell Az module, 148–149

simulated devices in IoT Central, 90

single databases, 70

single sign-on (SSO), 218

single-tenant environment, 18

SLAs (service-level agreements), 2, 264–269

slots, 118

SOAR (Security Orchestration, Automation, and Response), 188

Software-as-a-Service (SaaS), 14, 15

Spark, 98

speech APIs, 112

spoke networks, 201

SQL Data Warehouse, 97

SQL Server, 68

SSO (single sign-on), 218

stateful firewalls, 201

storage tiers, 66

Storm, 98

STP (Service Trust Portal), 245–247

strong AI, 107

subscription IDs, 37

subscriptions, 33–37

creating, 36–37, 43

limits on, 34

management groups, 37–38

setting active, 149

types of, 37

Synapse SQL, 97

system outages, 3–4

T

tags, 236

TCO (total cost of ownership) calculator, 258–261

testing with Azure DevTest Labs, 133–139

threat intelligence in Azure Firewall, 207

tiers. See pricing tiers

triggers, 121–122, 123

Trust Center, 244

U

unexpected downtime, 48

unmanaged disks, 65

unplanned maintenance, 48

update domains, 49

user principals, 227

V

vCore (virtual core), 70

vertical scaling, 5

Video Indexer, 112

viewing

costs, 33, 35

invoices, 35

resources, 142

tags, 236

virtual networks (VNets), 61–63

virtual private networks (VPNs), 63

Visual Studio, 39

VMs (virtual machines), 3–4, 42–52

availability sets, 48–51

in Azure DevTest Labs, 133–139

billing, 48

connecting via Azure mobile app, 158

creating, 43–45

deploying, 45–46

disk encryption keys, 187–188

disk storage, 64–65

downtime, 48

JIT access, 181–184

scale sets, 51–52

VNets (virtual networks), 61–63

VPNs (virtual private networks), 63

W

weak AI, 107

web apps

in Azure App Service, 54–55

previewing in Azure Cloud Shell, 154–155

webhooks, 122

Windows 10 Multi-User, 61

Windows Active Directory, 214

Windows Virtual Desktop (WVD), 60–61

workflows in Logic Apps, 123, 128

workload products, 42–75

ACI (Azure Container Instances), 56–58

AKS (Azure Kubernetes Service), 58–59

Azure App Service, 52–55

Azure Database for MySQL, 72

Azure Database for PostgreSQL, 72

Azure Files, 65–66

Azure Marketplace, 72–75

Azure SQL Database, 68–71

container (blob) storage, 64

Cosmos DB, 66–68

disk storage, 64–65

ExpressRoute, 63–64

storage tiers, 66

virtual networks (VNets), 61–63

VMs (virtual machines), 42–52

Windows Virtual Desktop, 60–61

Z

zonal services, 30

zone redundant services, 31

zones, regions in, 255