Microsoft Azure Study Guide
“We’re building Azure as the world’s computer”
- Satya Nadella, Chairman and CEO, Microsoft
Azure Fundamentals Bootcamp
Who is this boocamp for?
Azure Fundamentals are for students who are beginning to start to learn Azure services. This bootcamp contains these labs.
⏩ Lab 1: Create a Virtual Machine in the Portal
⏩ Lab 2: Create a Web App
⏩ Lab 3: Deploy Azure Container Instances
⏩ Lab 4: Create a Virtual Network
⏩ Lab 5: Create Blob Storage
⏩ Lab 6: Create a SQL Database
⏩ Lab 7: Implement an Azure IoT Hub
⏩ Lab 8: Implement Azure Functions
⏩ Lab 9: Create a VM with a Template
⏩ Lab 10: Create a VM with PowerShell
⏩ Lab 11: Create a VM with the CLI
⏩ Lab 12: Implement Azure Key Vault
⏩ Lab 13: Secure Network Traffic
⏩ Lab 14: Manage Access with RBAC
⏩ Lab 15: Manage Resource Locks
⏩ Lab 16: Implement Resource Tagging
⏩ Lab 17: Create an Azure Policy
⏩ Lab 18: Explore the Trust Center
⏩ Lab 19: Use the Azure Pricing Calculator
⏩ Lab 20: Use the Azure TCO Calculator
⏩ Lab 21: Open a Support Request
Video demo walkthrough | Azure Fundamentals HOL
Azure Migrate
What is Azure Migrate?
Azure Migrate provides a simplified migration, modernization, and optimization service for Azure. All pre-migration steps such as discovery, assessments, and right-sizing of on-premises resources are included for infrastructure, data, and applications. Azure Migrate’s extensible framework allows for integration of third-party tools, thus expanding the scope of supported use-cases.
Video demo walkthrough | Azure Migrate Hands-on Lab
Azure Migrate hub included these tools
-
Discover and assess servers including SQL and web apps
Discover and assess on-premises servers running on VMware, Hyper-V, and physical servers in preparation for migration to Azure.
-
Migrate servers
Migrate VMware VMs, Hyper-V VMs, physical servers, other virtualized servers, and public cloud VMs to Azure.
-
Assess SQL Server databases for migration to Azure SQL Database, Azure SQL Managed Instance, or Azure VMs running SQL Server.
Data Migration Assistant is a stand-alone tool to assess SQL Servers. It helps pinpoint potential problems blocking migration. It identifies unsupported features, new features that can benefit you after migration, and the right path for database migration.
-
Migrate on-premises databases to Azure VMs running SQL Server, Azure SQL Database, or SQL Managed Instances
-
Assess servers
-
Assess on-premises web apps and migrate them to Azure.
Azure App Service Migration Assistant is a standalone tool to assess on-premises websites for migration to Azure App Service.
Use Migration Assistant to migrate .NET and PHP web apps to Azure.
-
Migrate offline data.
Use Azure Data Box products to move large amounts of offline data to Azure.
Whats provided in Azure Migrate?
Unified migration platform: A single portal to start, run, and track your migration to Azure.
Range of tools: A range of tools for assessment and migration. Azure Migrate tools include Azure Migrate: Discovery and assessment and Migration and modernization. Azure Migrate also integrates with other Azure services and tools, and with independent software vendor (ISV) offerings.
Assessment, migration, and modernization: In the Azure Migrate hub, you can assess, migrate, and modernize:
Servers, databases and web apps: Assess on-premises servers including web apps and SQL Server instances and migrate them to Azure.
Databases: Assess on-premises SQL Server instances and databases to migrate them to an SQL Server on an Azure VM or an Azure SQL Managed Instance or to an Azure SQL Database.
Web applications: Assess on-premises web applications and migrate them to Azure App Service and Azure Kubernetes Service.
Virtual desktops: Assess your on-premises virtual desktop infrastructure (VDI) and migrate it to Azure Virtual Desktop.
Data: Migrate large amounts of data to Azure quickly and cost-effectively using Azure Data Box products.
Azure Fundamentals | AZ-900
AZ-900 Microsoft Certified: Azure Fundamentals
As a candidate for this certification, you’re a technology professional who wants to demonstrate foundational knowledge of cloud concepts in general and Microsoft Azure in particular. This certification is a common starting point in a journey towards a career in Azure.
You can describe Azure architectural components and Azure services, such as:
Compute
Networking
Storage
You can also describe features and tools to secure, govern, and administer Azure.
You should have skills and experience working with an area of IT, such as:
Infrastructure management
Database management
Software development
You may be eligible for ACE college credit if you pass this certification exam. See ACE college credit for certification exams for details.
Azure Fundamentals Certification Course
What are the skills measured?
Describe cloud concepts
Describe Azure architecture and services
Describe Azure management and governance
Azure Fundamentals Exam Sample Q&A
Azure Virtual Desktop
What is Azure Virtual Desktop?
Azure Virtual Desktop is a desktop and app virtualization service that runs on Azure. Here's some of the key highlights:
Deliver a full Windows experience with Windows 11, Windows 10, or Windows Server. Use single-session to assign devices to a single user, or use multi-session for scalability.
Offer full desktops or use RemoteApp to deliver individual apps.
Present Microsoft 365 Apps for enterprise and optimize it to run in multi-user virtual scenarios.
Install your line-of-business or custom apps you can run from anywhere, including apps in the formats Win32, MSIX, and Appx.
Deliver Software-as-a-service (SaaS) for external usage.
Replace existing Remote Desktop Services (RDS) deployments.
Manage desktops and apps from different Windows and Windows Server operating systems with a unified management experience.
Host desktops and apps on-premises in a hybrid configuration with Azure Stack HCI.
Video demo walkthrough | Azure Virtual Desktop HOL
Azure Administrator | AZ-104
AZ-104 | Azure Administrator Associate
As a candidate for this certification, you should have subject matter expertise in implementing, managing, and monitoring an organization’s Azure environment, including:
Virtual networks
Storage
Compute
Identity
Security
Governance
You should be familiar with:
Operating systems
Networking
Servers
Virtualization
Azure Administrator Certification Course
What are the skills measured?
Manage Azure identities and governance
Implement and manage storage
Deploy and manage Azure compute resources
Implement and manage virtual networking
Monitor and maintain Azure resources
Azure Administrator Exam Sample Q&A
Microsoft Sentinel
What is Microsoft Sentinel?
Microsoft Sentinel is a scalable, cloud-native solution that provides:
Security information and event management (SIEM)
Security orchestration, automation, and response (SOAR)
Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.
.
Microsoft Sentinel inherits the Azure Monitor tamper-proofing and immutability practices. While Azure Monitor is an append-only data platform, it includes provisions to delete data for compliance purposes.
Video demo walkthrough | Microsoft Sentinel HOL
Azure Networking Bootcamp | AZ-700
Who is this boocamp for?
Azure Networking bootcamp are for students who are beginning to start to learn Azure Networking services. This bootcamp contains these labs.
⏩ Lab 1: Azure VNET Peering & Gateway
⏩ Lab 2: Azure Hybrid Networking
⏩ Lab 3: Azure ExpressRoute
⏩ Lab 4: Azure Load balancing
⏩ Lab 5: Azure Traffic Manager
⏩ Lab 6: Azure Application Gateway
⏩ Lab 7: Azure Front Door
⏩ Lab 8: Azure DDoS Protection
⏩ Lab 9: Azure Firewall
⏩ Lab 10: Azure Virtual Network Service Endpoints
⏩ Lab 11: Monitor Azure Networking
Video demo walkthrough | Azure Networking HOL
Azure Firewall
What is Azure Firewall?
Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection. To learn what's east-west and north-south traffic, see East-west and north-south traffic.
Pricing and SLA
For Azure Firewall pricing information, see Azure Firewall pricing.
For Azure Firewall SLA information, see Azure Firewall SLA.
To compare the all Firewall SKU features, see Choose the right Azure Firewall SKU to meet your needs.
Azure Firewall is offered in three SKUs: Standard, Premium, and Basic.
Video demo walkthrough | Azure Firewall HOL
Azure VNet Peering
What is Virtual network peering?
Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft's private network only.
⏩ Lab 1: Task 1: Create virtual networks and subnets
⏩ Task 2: Configure DNS settings in Azure
⏩ Task 3: Connect two Networks using Global VNet Peering
Azure supports the following types of peering:
Virtual network peering: Connecting virtual networks within the same Azure region.
Global virtual network peering: Connecting virtual networks across Azure regions.
Video demo walkthrough | Azure VNet Peering HOL
Azure ExpressRoute
What is Azure ExpressRoute?
ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365.
Connectivity to Microsoft cloud services
ExpressRoute connections enable access to the following services:
Microsoft Azure services
Microsoft 365 services
For a detailed list of services supported over ExpressRoute, visit the ExpressRoute FAQ page.
In the context of ExpressRoute, the Microsoft Edge describes the edge routers on the Microsoft side of the ExpressRoute circuit. This is the ExpressRoute circuit's point of entry into Microsoft's network.
Video demo walkthrough | Azure ExpressRoute HOL
Azure Boards
What is Azure Boards?
Azure Boards is a web-based service that enables teams to plan, track, and discuss work across the entire development process, while it supports agile methodologies. Azure Boards provides a customizable platform for managing work items, allowing teams to collaborate effectively and streamline their workflow.
With Azure Boards, you gain the advantage of full integration with the Azure DevOps platform. Azure DevOps is designed to provide end-to-end traceability, tracking work from requirements to deployment. Gain insight at each step of decision making and software deployment. Some of the traceability tasks supported include:
Create a branch from a requirement
Create a pull request of updated branch
Validate the pull request using a build pipeline
Create and run inline tests on requirements
Merge the pull request into the main, default branch
Deploy changes into production with deployment status to Azure Boards
Monitor and report on requirements traceability
Video demo walkthrough | Azure Boards HOL
Azure Repos
What is Azure Repos?
Azure Repos is a set of version control tools that you can use to manage your code. Whether your software project is large or small, using version control as soon as possible is a good idea.
Version control systems are software that helps you track changes you make in your code over time. As you edit your code, you tell the version control system to take a snapshot of your files. The version control system saves that snapshot permanently so you can recall it later if you need it. Use version control to save your work and coordinate code changes across your team.
Even if you're a single developer, version control helps you stay organized as you fix bugs and develop new features. Version control keeps a history of your development so that you can review and even roll back to any version of your code with ease.
Azure Repos provides two types of version control:
Git: distributed version control
Team Foundation Version Control (TFVC): centralized version control
Video demo walkthrough | Azure Repos HOL
Azure Developer | AZ-204
AZ-204 | Azure Developer Associate
As a candidate for this certification, you’re responsible for participating in all phases of development, including requirements gathering, design, development, deployment, security, maintenance, performance tuning, and monitoring.
You should be proficient in Azure:
SDK
Data storage options
Data connections
APIs
App authentication and authorization
Compute and container deployment
Debugging
As a candidate, you should have at least two years of professional development experience and experience with Azure. You should be:
Able to program in an Azure-supported language.
Proficient using Azure CLI, Azure PowerShell, and other tools.
Azure Developer Certification Course
What are the skills measured?
Develop Azure compute solutions
Develop for Azure storage
Implement Azure security
Monitor, troubleshoot, and optimize Azure solutions
Connect to and consume Azure services and third-party services
Azure Developer Exam Sample Q&A
Azure Hybrid Networking
What is Azure VPN Gateway?
A VPN gateway is a type of virtual network gateway that sends encrypted traffic between an Azure virtual network and an on-premises location. The encrypted traffic goes over the public Internet.
This architecture is suitable for hybrid applications where the traffic between on-premises hardware and the cloud is likely to be light, or you're willing to trade slightly extended latency for the flexibility and processing power of the cloud.
Benefits
Simple to configure.
High aggregate bandwidth available; up to 10 Gbps depending on the VPN Gateway SKU.
Challenges
Requires an on-premises VPN device.
Although Microsoft guarantees 99.9% availability for each VPN Gateway, this SLA only covers the VPN gateway, and not your network connection to the gateway.
Video demo walkthrough | Azure Hybrid Networking HOL
Azure Load Balancer
What is Azure Load Balancer?
Load balancing refers to efficiently distributing incoming network traffic across a group of backend servers or resources.
Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model. It's the single point of contact for clients. Load balancer distributes inbound flows that arrive at the load balancer's front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a Virtual Machine Scale Set.
A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance internet traffic to your VMs.
An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a virtual network. A load balancer frontend can be accessed from an on-premises network in a hybrid scenario.
Video demo walkthrough | Azure Load Balancer HOL
Azure Traffic Manager
What is Azure Traffic Manager?
Azure Traffic Manager is a DNS-based traffic load balancer. This service allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness.
Traffic Manager uses DNS to direct client requests to the appropriate service endpoint based on a traffic-routing method. Traffic manager also provides health monitoring for every endpoint. The endpoint can be any Internet-facing service hosted inside or outside of Azure. Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
For more information about Traffic Manager, see:
Video demo walkthrough | Azure Traffic Manager HOL
Azure Application Gateway
What is Azure Application Gateway?
Azure Application Gateway is a web traffic (OSI layer 7) load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
Application Gateway features:
Video demo walkthrough | Application Gateway HOL
Azure Front Door
What is Azure Front Door?
Azure Front Door is Microsoft’s modern cloud Content Delivery Network (CDN) that provides fast, reliable, and secure access between your users and your applications’ static and dynamic web content across the globe. Azure Front Door delivers your content using Microsoft’s global edge network with hundreds of global and local points of presence (PoPs) distributed around the world close to both your enterprise and consumer end users.
Key Benefits
Global delivery scale using Microsoft’s network
Scale out and improve performance of your applications and content using Microsoft’s global Cloud CDN and WAN.
Leverage over 118 edge locations across 100 metro cities connected to Azure using a private enterprise-grade WAN and improve latency for apps by up to 3 times.
Accelerate application performance by using Front Door’s anycast network and split TCP connections.
Terminate SSL offload at the edge and use integrated certificate management.
Natively support end-to-end IPv6 connectivity and the HTTP/2 protocol.
Video demo walkthrough | Azure Front Door HOL
Azure DDoS Protection
What is Azure DDoS Protection?
Azure DDoS Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes.
DDoS Network Protection
Azure DDoS Network Protection, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. It's automatically tuned to help protect your specific Azure resources in a virtual network. For more information about enabling DDoS Network Protection, see Quickstart: Create and configure Azure DDoS Network Protection using the Azure portal.
DDoS IP Protection
DDoS IP Protection is a pay-per-protected IP model. DDoS IP Protection contains the same core engineering features as DDoS Network Protection, but will differ in the following value-added services: DDoS rapid response support, cost protection, and discounts on WAF. For more information about enabling DDoS IP Protection, see Quickstart: Create and configure Azure DDoS IP Protection using Azure PowerShell.
Video demo walkthrough | Azure DDoS Protection HOL
Azure Service Endpoints
What is Azure Service Endpoints?
Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.
Generally available
Azure Storage (Microsoft.Storage): Generally available in all Azure regions.
Azure Storage cross-region service endpoints (Microsoft.Storage.Global): Generally available in all Azure regions.
Azure SQL Database (Microsoft.Sql): Generally available in all Azure regions.
Azure Synapse Analytics (Microsoft.Sql): Generally available in all Azure regions for dedicated SQL pools (formerly SQL DW).
Azure Database for PostgreSQL server (Microsoft.Sql): Generally available in Azure regions where database service is available.
Azure Database for MySQL server (Microsoft.Sql): Generally available in Azure regions where database service is available.
Azure Database for MariaDB (Microsoft.Sql): Generally available in Azure regions where database service is available.
Azure Cosmos DB (Microsoft.AzureCosmosDB): Generally available in all Azure regions.
Azure Key Vault (Microsoft.KeyVault): Generally available in all Azure regions.
Azure Service Bus (Microsoft.ServiceBus): Generally available in all Azure regions.
Azure Event Hubs (Microsoft.EventHub): Generally available in all Azure regions.
Azure App Service (Microsoft.Web): Generally available in all Azure regions where App service is available.
Azure Cognitive Services (Microsoft.CognitiveServices): Generally available in all Azure regions where Azure AI services are available.
Video demo walkthrough | Azure Service Endpoints HOL
Azure Load Balancer Monitoring
What is Monitoring Load Balancer?
Load Balancer uses Azure Monitor. If you're unfamiliar with the features of Azure Monitor common to all Azure services that use it, read Monitoring Azure resources with Azure Monitor.
Load balancer insights
Some services in Azure have a special focused prebuilt monitoring dashboard in the Azure portal that provides a starting point for monitoring your service. These special dashboards are called "insights".
Load Balancer insights provide:
Functional dependency view
Metrics dashboard
Overview tab
Frontend and Backend Availability tab
Data Throughput tab
Flow Distribution
Connection Monitors
Metric Definitions
For more information on Load Balancer insights, see Using Insights to monitor and configure your Azure Load Balancer
Video demo walkthrough | Load Blancer Monitoring HOL
