Index

A

access control, Azure SQL Database, 302

access keys

managing, 3536

rotating, 36

access policies, creating, 177178

access tiers, 32

blobs, 3132

accounts. See also user accounts

Cosmos DB, 277, 278279

ACI (Azure Container Instances), 22, 264

ACR (Azure Container Registry), 262

creating resources for container images, 262264

ACS (Azure Container Service). See AKS (Azure Kubernetes Service)

action groups, creating, 2627

Activity Log, 5

ADE (Azure Disk Encryption), 5356

advanced threat protection, Azure SQL Database, 303304

AKS (Azure Kubernetes Service), 22

configuring, 266

creating a cluster with Azure CLI, 266267

policy services, 231232

alerts

creating, 2829

viewing, 29

APIs

Cosmos DB, 281282

Cassandra, 283284

Gremlin, 284

MongoDB, 283

SQL, 282283

Table, 283

selecting, 286

APM (Application Performance Management), Application Insights, 2021

application gateways, 188189

Azure Load Balancer, 195

back-end pools, 197

configuring, 195197

health probes, 198

rules, 198199

front-end configuration, 190191

load balancing, 191192

URL path-based routing, 192195

Application Insights, 2021

availability, 21

failures, 21

Application Map, 20

application registration, 183186

creating a client secret, 186187

archive tier, Azure Storage, 32

ARM (Azure Resource Manager) templates, 6364

and Azure Blueprint, 235

blank, 67

deploying from, 7073

expressions, 6970

modifying, 6668

parameters, 6768

saving a deployment as, 6466

VHD (virtual disk), 7374

ASGs (Application Security Groups), 211, 214

assigning members, 215

creating, 214215

assessment tools, server migration, 132133

assigning

members to ASGs (Application Security Groups), 215

policies, 229230

roles, 240241

auditing, Azure SQL Database, 304305

authentication

application registration, 183186

managed identity, 181183

multi-factor, 9395, 131

bypass options, 9798

configuring verification methods, 100101

trusted IPs, 9899

storage accounts, 4246

two-step verification, 93, 97

auto-failover groups, 311314

automation runbook, creating, 7579

autoscaling, 62

availability sets, 5659

availability zones, 5960

Azure Active Directory Log, 5

Azure AD (Active Directory), 86, 176

adding custom domains, 8788

application registration, 183186

creating a client secret, 186187

conditional access, 108111

configuring user accounts for MFA, 9395

Connect Health, 125127

fraud alerts, 9697

guest accounts

adding, 101102

managing, 102105

Identity Protection, 106108

implementing self-service password reset, 8991

managed identity, 181183

managing multiple directories, 8889

seamless SSO, 123125

storage accounts, authentication, 4246

tiers, 8687

Azure AD Connect

identity synchronization options, 118119

installing and configuring, 112118

Azure Advisor, recommendations, 910

Azure App Service, 249

ACI (Azure Container Instances), creating, 264

deployment slots, 254

creating, 254255

enabling managed identity, 182183

VNet integration, 253254

web apps, 250

for containers, 251252

creating, 250251

Azure Bastion, 215216

configuring, 216

connecting to a server, 217218

Azure Blueprint, 232

and ARM templates, 235

configuring, 232234

CosmosDB backend, 232

Azure CLI

commands for managing containers, 266

creating an AKS cluster, 266267

documentation, 273

Azure Cosmos DB, 276277

accounts, 277

configurations, 287288

creating, 278279

APIs, 281282

Cassandra, 283284

Gremlin, 284

MongoDB, 283

selecting, 286

SQL, 282283

Table, 283

data consistency options, 279280

setting up replicas, 287

Azure Cost Management, 15

budgets, 16

spending, 16

reports, 17

Azure Data Box, offline migration, 146149

Azure Dedicated Hosts, 63

Azure Firewall, 199

configuring on a virtual network, 199200

rules, 201203

service tags, 202203

threat intelligence, 203

Azure Front Door, 204

configuring, 204205

WAF policies, 206208

Azure Functions, 168, 257

function apps, creating, 168170, 258259

functions, 257258

creating, 259260

Azure Key Vault, 176

access policy, creating, 177178

accessing an endpoint, 181

creating resources, 176177

cryptographic operations, 179

key management operations, 179

privileged key operations, 179180

Soft Delete, 177

Azure Load Balancer, 195

back-end pools, 197

configuring, 195197

health probes, 198

rules, 198199

Azure Logic Apps, 255

creating a logic app, 255256

logic apps

creating an email action, 257

creating an RSS trigger, 256257

Azure Migrate, 132

assessment tools, 132133

Server Assessment tool, 133138

SQL database assessment and migration, 141144, 145146

virtual desktop infrastructure migration, 146

Azure Monitor

action groups, creating, 2627

alerts

creating, 2829

viewing, 29

baselining, 89

for containers, 1222

Insights, 18

Log Analytics workspace, creating, 1819

monitoring performance capacity, 1011

visualizing diagnostics data, 1213

Azure Monitor Log, 10

Azure Network Watcher, 14

topology, monitoring, 1415

Azure Policy, 228229

assigning a policy, 229230

Azure portal

exporting templates, 6466

template library, 7475

Azure Security Center, 3

free tier, 3

Log Analytics Agent, 3, 10

standard tier, 3

core features, 34

Azure Sentinel, 4

Azure Service Bus, 174

message queue, 175

service bus namespace, 174

Azure Service Health, 1314

Azure Site Recovery, 132, 153

migrating to Azure, 163

on-premises components, configuring, 155159, 160

recovery plan configuration, 161162

replicating data to Azure, 160161

resources, creating, 153154

test failover, 162

cleanup, 163

Azure SQL Database, 289, 318319

backups, 294

manual, 297

BCDR (business continuity and disaster recovery), 310

creating, 291294

flavors, 289

high availability, 309310, 311

configuring an auto-failover group, 311314

geo-replication strategy, 311

models, 310

LTR (long-term backup retention) backups, 294296

creating, 296

restoring, 296297

Managed Instance, 305306

creating, 306308

specifying connection type, 307309

publishing, 314321

data migration, 315318

DMA (Database Migration Assistant), 314, 315

DMS (Database Migration Service), 314321

methods, 314

online migration, 318319

phases, 314

purchasing models, 290

read scale-out, 299

scaling, 297300

security, 299300

access control, 302

advanced threat protection, 303304

auditing, 304305

configuring server-level firewall rules, 300302

data protection and encryption, 302303

defense-in-depth strategy, 299

Azure Storage, 30

access keys, managing, 3536

account failover, implementing, 48

Azure files, configuring, 3234

blobs

access tiers, 3132

storage, 3435

core services, 3031, 32

disks, 31, 51

encryption, 5356

roles, 5152

queues, 31

replication, 4647

storage accounts

authentication, 4246

configuring network access, 3638

private endpoints, 39

SAS (shared access signature), 3942

types, 31

tables, 31

Azure Table storage, 270271

configuring table storage data access, 274276

and Cosmos DB Table API, 276

creating a storage service, 273274

data model, 271272

documentation, 273

partition key, 272

row key, 272

SAS (shared access signature), 274275

stored access policy, 275276

Timestamp property, 272

Azure Traffic Manager, 208. See also NSGs (Network Security Groups)

adding endpoints, 209210

configuring, 208209

configuring traffic monitoring, 210211

real user measurements, 211

traffic view, 211

Azure Update Management, 149150

configuring, 150151

Azure VMs

diagnostics extension, 78

high availability, 56

availability sets, 5659

availability zones, 5960

JIT (just-in-time) access, 4

B

Backup and Site Recovery, 154155

backups

managing on Azure SQL Database, 294

manual, 297

baselining, 89

BEK (BitLocker encryption key), 55

blobs, 30

access tiers, 3132

storage, 3435

budgets, creating, 16

C

Cassandra API, 283284

client secret, creating, 186187

cmdlets, 33, 35

Get-AzStorageBlobContent, 43

New-AzWebApp, 252

Set-AzDiagnosticSetting, 7

column-family databases, 270

conditional access, 108111

Configuration as Code, 64

configuring

ADE (Azure Disk Encryption), 5356

AKS (Azure Kubernetes Service), 266

Azure AD Connect, 112118

Azure Bastion, 216

Azure Blueprint, 232234

Azure files, 3334

Azure Firewall

rules, 201203

service tags, 202203

threat intelligence, 203

Azure Front Door, 204205

WAF policies, 206208

Azure Load Balancer, 195197

back-end pools, 197

health probes, 198

rules, 198199

Azure Site Recovery, on-premises components, 155159, 160

Azure Table storage, storage data access, 274276

Azure Traffic Manager

endpoints, 209210

real user measurements, 211

traffic monitoring, 210211

traffic view, 211

Azure Update Management, 150151

guest accounts, 101105

Log Analytics workspace, 1819

NoSQL databases, storage account tables, 270

recovery plan, 161162

resources, diagnostic settings, 57

scale sets, 6061

autoscaling, 62

storage accounts

network access, 3638

SAS (shared access signature), 3942

VM storage, 5053

VPNs

ExpressRoute, 225226, 227228

site-to-site, 221222

Connect Health, 125127

Connection Monitor, 15

consistency options, Cosmos DB, 279280

container images

building a storage resource, 262264

creating, 261262

containers, 261

blobs, 3435

commands for managing, 266

creating a web app, 251252

metrics, 22

monitoring, 1222

cookie-based affinity, 191192

cool tier, Azure Storage, 32

Cosmos DB, 276277

accounts, 277

configurations, 287288

creating, 278279

APIs, 281282

Cassandra, 283284

Gremlin, 284

MongoDB, 283

selecting, 286

SQL, 282283

Table, 283

data consistency options, 279280

disaster recovery, 281

setting up replicas, 287

Table API, 276

Cost Management, 15

budgets, 16

reports, 17

spending, 16

creating

ACI (Azure Container Instance), 264

action groups, 2627

ASGs (Application Security Groups), 214215

automation runbook, 7579

Azure SQL Database, 291294

Azure Table storage service, 273274

budgets, 16

container images, 261262

Cosmos DB account, 278279

deployment slots, 254255

function apps, 168170, 258259

functions, 259260

General-purpose V2 account, 31

Log Analytics workspace, 1819

logic apps, 164166, 255256

email action, 257

RSS trigger, 256257

LTR (long-term backup retention) backups, 296

migration projects, 132

resources, 153154

Azure Key Vault, 176177

storage resource for container images, 262264

web apps, 250252

custom domains, adding, 8788

D

databases. See also Azure SQL Database; NoSQL databases; SQL databases

column-family, 270

Cosmos DB, 276277

dirty reads, 279

document, 270

graph, 270

key-value, 269270

relational, 288

selecting, 288289

deploying, from ARM template, 7073

deployment slots, 254

creating, 254255

diagnostics extension, Azure VMs, 78

dirty reads, 279

disaster recovery, Cosmos DB, 281

disks

Azure Storage, 31, 5152

encryption, ADE (Azure Disk Encryption), 5356

DMA (Database Migration Assistant), 314, 315

DMS (Database Migration Service), 314321

Docker toolset

ACR (Azure Container Registry), 262

creating container images, 261262

documentation, 262

document databases, 270

documentation

Azure CLI, 273

Azure Table storage, 273

Docker toolset, 262

governance, 237

load balancing, 218

logic apps, 257

DTUs (Data Transaction Units), 290

E

edges, creating for graph database, 285286

editing, ARM templates, 6668

encryption

ADE (Azure Disk Encryption), 53

Azure SQL Database, 302303

SSE (server-side encryption), 53

endpoints

adding to Azure Traffic Manager, 209210

Azure Key Vault, accessing, 181

configuring network access, 3638

private, 39

ephemeral OS disks, 5152

Event Grid, 172

features, 173174

subscriptions, 173

topics, 172173

events, monitoring, 1314

exporting

resources, 6566

templates, 6466

expressions, ARM templates, 6970

ExpressRoute, 218219, 225

configuring, 225226, 227228

configuring a virtual network gateway, 227

peering settings, 226

F

failover

auto-, 311314

storage account, 48

files, Azure, configuring, 3234

fraud alerts, 9697

function app

creating, 168170

Kudu troubleshooting console, 171172

Overview blade, 169170

Platform Features blade, 170171

function apps, creating, 258259

functions, 257258

creating, 259260

G

General-purpose V2 account, creating, 31

Get-AzStorageBlobContent cmdlet, 43

GitHub, 66

Global VNet peering, 8384

governance, 228. See also Azure Policy

documentation, 237

policies

access, 177178

AKS policy add-on, 231232

Azure Front Door, 206

conditional access, 108111

stored access, 275276

WAF, 206208

RBAC (role-based access control), 237

configure access to resource by assigning roles, 240241

configure management access to Azure, 241242

creating a custom role, 237240

troubleshooting, 243245

graph databases, 270, 284

creating edges, 285286

creating vertices, 284285

Gremlin API, 284. See also graph databases

graph database

creating edges, 285286

creating vertices, 284285

guest accounts, 101105

H

health probes, 189190, 198

high availability, 56

availability sets, 5659

availability zones, 5960

Azure SQL Database, 309310, 311

configuring an auto-failover group, 311314

geo-replication strategy, 311

models, 310

Azure Storage, 4647

hot tier, Azure Storage, 32

hybrid identities, 111112

I

IaaS (Infrastructure as a Service), 7

IaC (Infrastructure as Code), 6364, 71

Identity Protection, 106108

Insights, 18

Application, 2021

Network, 22

installing, Azure AD Connect, 112118

J-K

JIT (just-in-time) access, 4

Key Metrics workbook template, 12

Key Vaults, 180. See also Azure Key Vault

key-value databases, 269270

KQL (Kusto Query Language), 10, 1112

Kudu troubleshooting console, 171172

L

latency, monitoring, 15

Linux VMs

sizing, 4950

storage, configuring, 5053

Live Metrics, 21

load balancing, 187, 191192

back-end pools, 197

documentation, 218

health probes, 198

read scale-out, 299

rules, 198199

Log Analytics workspace, creating, 1819

logging, 8

VM workload, 2426

logic apps

building, 164166, 255256

creating an email action, 257

creating an RSS trigger, 256257

documentation, 257

LTR (long-term backup retention) backups, 294295

creating, 296

restoring, 296297

M

managed identity, 181183

management groups, 235236

adding subscriptions, 236

changing, 237

top-level access, 236

managing

access keys, 3536

containers, 266

guest accounts, 101105

hybrid identities, 111112

on-premises connectivity, 224

manual backups, 297

metrics, 89, 22

MFA (multi-factor authentication), 131

bypass options, 9798

configuring, 9395

configuring verification methods, 100101

fraud alerts, 9697

trusted IPs, 9899

migration projects. See also Azure Site Recovery; server migration

creating, 132

Data Box offline migration, 146149

server environment assessment, 133138

SQL databases

assessment, 133, 141144, 145, 314

migration, 145146

publishing an Azure SQL database, 314321

update management, 150152

web app assessment and migration, 138145

modifying, ARM templates, 6668

MongoDB API, 283

monitoring, 1. See also Azure Front Door; Azure Traffic Manager; Connection Monitor

containers, 1222

costs, 15

budgets, 16

spending, 16

networks, 14

latency, 15

topology, 1415

performance, 4

capacity, 1012

unused resources, 910

security, 2

service health, 1314

Movere, 133

My Apps portal, SSPR (self-service password reset), 9091

N

Network Insights, 22

networks

latency, 15

monitoring, 14

topology, monitoring, 1415

New-AzWebApp cmdlet, 252

NoSQL databases, 269

and Azure Table storage, 270271

Cosmos DB Table API, 276

data models, 269270

storage account tables, configuring, 270

NPM (Network Performance Monitor), 15

NSGs (Network Security Groups), 211, 214, 224, 225

adding to a VM, 211212

associating with resources, 214

placement, 212

rules, 212214

O-P

OneDrive, connecting to, 166167

OSI networking model, 195

PaaS (platform as a service), configuring diagnostic settings on resources, 56

password writeback, 119122

peering

ExpressRoute, 226

VNet, 8385

performance

baselining, 89

metrics, 89

monitoring, 4

capacity, 1012

unused resources, 910

visualizing diagnostics data, 1213

Performance Analysis workbook template, 12

platform logs, 5

policies

access, creating, 177178

AKS (Azure Kubernetes Service), 231232

assigning, 229230

Azure Front Door, 206

conditional access, 108111

stored access, 275276

WAF, 206208

PowerShell, 43, 265

cmdlets, 33, 35

Get-AzStorageBlobContent, 43

New-AzWebApp, 252

Set-AzDiagnosticSetting, 7

configuring diagnostic settings on resources, 7

configuring URL path-based routing, 193195

creating a client secret, 187

creating an application registration, 185186

storage accounts, 3942

authentication, 4246

on-premises components of Azure Site Recovery, configuring, 155159, 160

on-premises SQL database, migrating to Azure SQL database, 314315

assessment phase, 314, 315

private endpoints, 39

publishing an Azure SQL database

data migration, 315318

DMA (Database Migration Assistant), 314, 315

DMS (Database Migration Service), 314321

methods, 314

online migration, 318319

phases, 314

purchasing models, Azure SQL Database, 290

Q-R

queues, Azure Storage, 31

RBAC (role-based access control), 237

configure access to resource by assigning roles, 240241

configure management access to Azure, 241242

creating a custom role, 237240

troubleshooting, 243245

read scale-out, 299

recovery plan, configuring, 161162

relational databases, 288. See also Azure SQL Database

replication

Azure Storage, 4647

database, 287

enabling on Azure Site Recovery, 160161

reports, Cost Management, 17

resource logs, 5

resources, 1, 153

assigning roles, 240241

associating with NSG (Network Security Group), 214

Azure Key Vault, creating, 176177

baselining, 89

configuring diagnostic settings, 5

using PaaS, 56

using PowerShell, 7

creating in Azure Site Recovery, 153154

deploying from ARM template, 7073

exporting, 6566

serverless, 164

Azure Functions, 168

logic app, 164166

service health, monitoring, 1314

unused, 910

restoring, LTR (long-term backup retention) backups, 296297

rotating, access keys, 36

rules

Azure Firewall, 201203

firewall, 300302

load balancing, 198199

NSG (Network Security Group), 212214

runbooks, creating, 7579

S

SAS (shared access signature), 3942, 274275

scale sets

autoscaling, 62

configuring, 6061

scaling, Azure SQL Database, 297300

scheduling, updates, 151152

SDKs, 265

seamless SSO, 123125

security. See also ASGs (Application Security Groups); authentication; Azure Firewall; Azure Security Center; NSGs (Network Security Groups)

Azure Key Vault, 176

creating resources, 176177

Azure Sentinel, 4

Azure SQL Database, 299300

access control, 302

advanced threat protection, 303304

auditing, 304305

configuring server-level firewall rules, 300302

data protection and encryption, 302303

defense-in-depth strategy, 299

managed identity, 181183

monitoring, 2

selecting, APIs, 286

Server Assessment tool, 133138

server migration

assessment tools, 132133

Server Assessment tool, 133138

serverless resources, 164

Azure Functions, 168172

service health, monitoring, 1314

Set-AzDiagnosticSetting cmdlet, 7

site-to-site VPNs

configuring, 221222

verifying on-premises connectivity, 222223

sizing VMs, 4950

SLA (service-level agreement), 56

spending

budgets, 16

monitoring, 16

reports, 17

SQL API, 282283

SQL databases. See also NoSQL databases

assessment, 141144, 145

migrating, 133, 145146

SSE (server-side encryption), 53

SSE (Storage Service Encryption), 30

SSPR (self-service password reset)

implementing, 8991

password writeback, 119122

storage

blobs, 3435

creating resources for container images, 262264

tables, 274276

VMs, 5053

storage accounts, 160

access keys, 3536

authentication, 4246

configuring network access, 3638

failover, 48

keys, 274

private endpoints, 39

SAS (shared access signature), 3942

types, 31

stored access policies, 275276

subscriptions, 173

management groups, 235236

system-assigned managed identity, 181

T

Table API, 283

tables, Azure Storage, 31

template library, 7475

threat intelligence, configuring on Azure Firewall, 203

topology

networks, 1415

VNet peering, 8485

traffic management. See Azure Traffic Manager

troubleshooting, RBAC (role-based access control), 243245

trusted IPs, 9899

two-step verification, 93, 97

bypass options, 9798

configuring verification methods, 100101

U

unused resources, monitoring for, 910

updates, scheduling, 151152

URL path-based routing, 192195

user accounts

fraud alerts, 9697

guest, 101105

hybrid identities, 111112

Identity Protection, 106108

MFA (multi-factor authentication), 9395

bypass options, 9798

password writeback, 119122

risk reports, 106108

seamless SSO, 123125

user-assigned managed identity, 181

V

VDI (virtual desktop infrastructure)

Data Box offline migration, 146149

migrating to Azure, 146

vertices, creating for graph database, 284285

viewing, alerts, 29

visualizations

Application Insights, 20

diagnostics data, 1213

VMs. See also Azure VMs

adding a Network Security Group, 211212

alerts

creating, 2829

viewing, 29

Azure Dedicated Hosts, 63

on-boarding, 24

high availability, 56

availability sets, 5659

availability zones, 5960

monitoring performance capacity, 1011

preparing for migration, 155160

and private endpoints, 39

replicating data to Azure, 160162

scale sets, 6061

autoscaling, 62

sizing, 4950

storage, configuring, 5053

workload, logging, 2426

VMSS (virtual machine scale set), 6061

VNet(s)

App Service integration, 253254

configuring Azure Firewall, 199200

peering, 8385

-to-VNet connections, 8083

VPNs, 218

creating a virtual network gateway, 219220

ExpressRoute, 225

configuring a virtual network gateway, 227

peering settings, 226

managing on-premises connectivity with Azure, 224

NSGs (Network Security Groups), 224, 225

site-to-site

configuring, 221222

verifying on-premises connectivity, 222223

W-X-Y-Z

WAF (web application firewall) policies, 206208

web app assessment and migration, 138145

web apps, 250

for containers, 251252

creating, 250251

Windows VMs

ADE (Azure Disk Encryption), 5356

sizing, 4950

storage, configuring, 5053

workbook templates

Key Metrics, 12

Performance Analysis, 12

workload management

assessment tools, 132133

Azure Migrate Server Assessment tool, 133

server environment assessment, 133138

Azure Update Management

configuring, 150151

scheduling updates, 152

migrating VDI infrastructure to Azure, 146149

SQL database migration, 145146

web app assessment and migration, 138145