CONTENTS

1. Cover
2. Acknowledgments
3. About the Author
4. Introduction
5. Chapter 1 The Cloud and Microsoft Azure Fundamentals
   1. The Evolution of the Datacenter
   2. Microsoft Azure 101
   3. Getting Access to Microsoft Azure
   4. Reserved Instances and Azure Hybrid Benefit
   5. Increasing Azure Limits
   6. The Azure Portal
6. Chapter 2 Governance
   1. What Is Governance?
   2. Understanding Governance Requirements in Your Organization
   3. Azure Subscriptions and Management Groups
   4. Resource Groups
   5. Role-Based Access Control
   6. Naming Conventions
   7. Using Tags
   8. Azure Policy
   9. Azure Templates
   10. Azure Blueprints
   11. Azure Resource Graph
   12. Cost Management
7. Chapter 3 Identity
   1. The Importance of Identity
   2. A Brief Refresher on Active Directory
   3. Using Cloud Services, Federation, and Cloud Authentication
   4. Azure Active Directory Fundamentals
8. Chapter 4 Identity Security and Extended Identity Services
   1. Azure AD Security
   2. Azure AD B2C
   3. Active Directory in the Cloud
9. Chapter 5 Networking
   1. Connectivity
   2. Protection
   3. Delivery
   4. Monitoring
10. Chapter 6 Storage
    1. Azure Storage Services
    2. Storage with Azure VMs
    3. Bulk Data Options
    4. Azure Database Offerings
11. Chapter 7 Azure Compute
    1. Virtual Machines
    2. Platform as a Service Offerings
12. Chapter 8 Azure Stack
    1. Azure Stack Foundation
    2. Managing Azure Stack
    3. Understanding Azure Stack HCI
13. Chapter 9 Backup, High Availability, Disaster Recovery, and Migration
    1. Availability 101
    2. Backups in Azure
    3. High Availability in Azure
    4. Disaster Recovery in Azure
    5. Migrating Workloads to Azure
14. Chapter 10 Monitoring and Security
    1. Azure Monitoring
    2. Security in Azure
15. Chapter 11 Managing Azure
    1. Command Line, Scripting, and Automation with Azure
    2. Deploying Resources with ARM JSON Templates
    3. Additional Useful Technologies for Azure Management
16. Chapter 12 What to Do Next
    1. Understanding and Addressing Azure Barriers
    2. Why You Should Use Azure and Getting Started
17. Index
18. End User License Agreement

List of Tables

1. Chapter 1
   1. Table 1.1
2. Chapter 3
   1. Table 3.1
3. Chapter 6
   1. Table 6.1
4. Chapter 7
   1. Table 7.1
5. Chapter 8
   1. Table 8.1
6. Chapter 11
   1. Table 11.1

List of Illustrations

1. Chapter 1
   1. Figure 1.1 The three axes of datacenter planning
   2. Figure 1.2 A high-level view of a virtualization host and resources assigned to virtual ma...
   3. Figure 1.3 The key types of highly variable workloads that are a great fit for consumption...
   4. Figure 1.4 The responsibility levels for different types of “as a Service”
   5. Figure 1.5 A more detailed view of responsibilities for different PaaS offerings
   6. Figure 1.6 Various types of Pizza as a Service
   7. Figure 1.7 Scale out vs. scale up
   8. Figure 1.8 Example availability set deployment
   9. Figure 1.9 Availability zone architecture
   10. Figure 1.10 Resilient service using multiple constructs
   11. Figure 1.11 Regional network gateway architecture
   12. Figure 1.12 An old view of available Azure services
   13. Figure 1.13 How resource providers fit in the Azure Resource Manager architecture
   14. Figure 1.14 Viewing the resource providers via the Resource Explorer
   15. Figure 1.15 Viewing billing information for Azure subscriptions
   16. Figure 1.16 The hierarchy when using an enterprise enrollment
   17. Figure 1.17 Possible methodologies for enterprise enrollment account setup
   18. Figure 1.18 A simple RI example
   19. Figure 1.19 A more complex RI example using instance size flexibility
   20. Figure 1.20 Enabling Azure Hybrid Benefit for an existing VM
   21. Figure 1.21 The prompt to create a free account when your identity has no access to Azure s...
   22. Figure 1.22 The Azure portal structure
   23. Figure 1.23 Using the navigation tree in the portal
   24. Figure 1.24 The Azure portal command bar
   25. Figure 1.25 Customizing a dashboard
   26. Figure 1.26 Viewing shared dashboards
2. Chapter 2
   1. Figure 2.1 Basic Compliance Manager dashboard
   2. Figure 2.2 Tracking customer-managed controls
   3. Figure 2.3 Moving a subscription to a new Azure AD tenant
   4. Figure 2.4 An example management group hierarchy
   5. Figure 2.5 Common ID between the root management group and the Azure AD tenant
   6. Figure 2.6 Enabling access for all subscriptions and management groups under the Azure AD ...
   7. Figure 2.7 The wonderous things you can do with your new management group
   8. Figure 2.8 Accessing the properties of a management group
   9. Figure 2.9 Viewing the roles available for assignment at a resource group level, and then ...
   10. Figure 2.10 A slightly modified icon for a custom role
   11. Figure 2.11 Switching to PIM-based role resource management.
   12. Figure 2.12 Changing the scope for Azure PIM role assignment.
   13. Figure 2.13 Whiteboarding output of tags taxonomy discussion
   14. Figure 2.14 How governance and policy fits into the core of Azure Resource Manager
   15. Figure 2.15 Overview page of Policy
   16. Figure 2.16 Assigning a policy
   17. Figure 2.17 Definition configuration as part of initiative
   18. Figure 2.18 A simple blueprint
   19. Figure 2.19 Assigning a blueprint to a subscription
   20. Figure 2.20 The cost optimization cycle
   21. Figure 2.21 Basic cost analysis with resources grouped by type
   22. Figure 2.22 Adding a new filter
   23. Figure 2.23 Changing the type of chart
   24. Figure 2.24 Creating a budget
   25. Figure 2.25 Viewing advisor cost recommendations
   26. Figure 2.26 VM recommendation options
3. Chapter 3
   1. Figure 3.1 SAML flow for federation
   2. Figure 3.2 Simple token flow
   3. Figure 3.3 More advanced token flow
   4. Figure 3.4 Viewing some of the built-in federated applications
   5. Figure 3.5 Creating a new Azure AD instance
   6. Figure 3.6 Some architectural elements of Azure AD
   7. Figure 3.7 Matching ImmutableID to ObjectGUID
   8. Figure 3.8 Replicating objects to different AAD instances
   9. Figure 3.9 A custom domain as the primary domain for my Azure AD instance
   10. Figure 3.10 The Microsoft 365 admin center shows details on directory sync
   11. Figure 3.11 The connector accounts used by Azure AD Connect
   12. Figure 3.12 Filtering the objects that will replicate to Azure AD
   13. Figure 3.13 Viewing basic Azure AD Connect status
   14. Figure 3.14 Azure AD Connect Health information for Azure AD Connect
   15. Figure 3.15 Azure AD Connect Health information for AD DS
   16. Figure 3.16 Third-party inbound provisioning to Azure AD
   17. Figure 3.17 Overview of Azure AD B2B
   18. Figure 3.18 OTP usage flow
   19. Figure 3.19 Enabling OTPs
   20. Figure 3.20 High-level flow of pass-through authentication
   21. Figure 3.21 High-level flow of federated authentication
   22. Figure 3.22 Modified token flow with federation in the picture
   23. Figure 3.23 Computer account in AD representing Azure AD
   24. Figure 3.24 Required configuration for Seamless Sign-on
   25. Figure 3.25 Enabling Enterprise State Roaming
   26. Figure 3.26 A simple dynamic group rule
   27. Figure 3.27 User vs. Group Management Properties
   28. Figure 3.28 Adding an application to Azure AD tenant
   29. Figure 3.29 User settings related to enterprise application
   30. Figure 3.30 User vs. admin consent scopes
   31. Figure 3.31 Example MyApps portal experience
   32. Figure 3.32 MyApps browser extension providing easy access to applications
4. Chapter 4
   1. Figure 4.1 Using an OATH token
   2. Figure 4.2 User Security Info interface
   3. Figure 4.3 Using password reset registration requirements
   4. Figure 4.4 The building blocks of conditional access
   5. Figure 4.5 Forcing re-registration of MFA
   6. Figure 4.6 Diagnostic settings for Azure AD
   7. Figure 4.7 Some of the information available via Log Analytics views
   8. Figure 4.8 Change the resource filter to apply ARM roles at different resource levels
   9. Figure 4.9 An example timeline of activities detected by Azure ATP
   10. Figure 4.10 Basic Azure AD Application Proxy flow
   11. Figure 4.11 Adding identity providers for a B2C instance
5. Chapter 5
   1. Figure 5.1 Viewing the address space for virtual subnets
   2. Figure 5.2 A public IP address in East US
   3. Figure 5.3 The non-transitive nature of network peering
   4. Figure 5.4 ExpressRoute high-level view
   5. Figure 5.5 Route exchange with BGP
   6. Figure 5.6 Example route filter
   7. Figure 5.7 An example Azure Virtual WAN deployment
   8. Figure 5.8 Traffic control can be achieved using network security groups.
   9. Figure 5.9 Possible NVA deployment with load balancers
   10. Figure 5.10 Traffic flow with NAT
   11. Figure 5.11 Components used with Application Gateway
   12. Figure 5.12 Example Traffic Manager usage scenario
   13. Figure 5.13 High-level Azure Front Door architecture
   14. Figure 5.14 Split TCP detail
6. Chapter 6
   1. Figure 6.1 Azure Storage architecture and its interaction with Azure compute services
   2. Figure 6.2 An example Azure Storage account showing many of the key attributes
   3. Figure 6.3 Displaying the access keys for a storage account
   4. Figure 6.4 Portal screen for creating a SAS
   5. Figure 6.5 Blob storage pricing
   6. Figure 6.6 Blobs in different access tiers
   7. Figure 6.7 An example Azure table
   8. Figure 6.8 The computer account for the storage account in my managed AAD DS instance
   9. Figure 6.9 Restore options for a file restore
   10. Figure 6.10 Endpoint cloud tiering options
   11. Figure 6.11 Replication of data in a sync group
   12. Figure 6.12 The storage of an Azure VM
   13. Figure 6.13 Availability sets with aligned managed disks
   14. Figure 6.14 Consistency models in Cosmos DB
7. Chapter 7
   1. Figure 7.1 The layers for IaaS
   2. Figure 7.2 Key cost considerations for on premises and Azure
   3. Figure 7.3 B series credits consumed
   4. Figure 7.4 B series credits remaining
   5. Figure 7.5 Quick Run command options for a VM
   6. Figure 7.6 Boot diagnostics console screenshot
   7. Figure 7.7 Traditional virtualization-hosting applications vs. applications running in con...
   8. Figure 7.8 Windows Server containers vs. Hyper-V isolation containers
   9. Figure 7.9 Container architecture with Docker
   10. Figure 7.10 Applications and deployment slots in an App Service plan
8. Chapter 8
   1. Figure 8.1 Registered applications during the Azure Stack deployment to Azure AD
   2. Figure 8.2 Using the Admin portal Marketplace management
   3. Figure 8.3 Azure Stack’s update experience
   4. Figure 8.4 The Azure Stack HCI stack
9. Chapter 9
   1. Figure 9.1 A very simple application architecture
   2. Figure 9.2 Architecture extended to have the frontend in two regions
   3. Figure 9.3 Architecture with a replica in Region 2 of the database for DR purposes only
   4. Figure 9.4 Architecture using the replica for read operations
   5. Figure 9.5 Architecture using Cosmos DB
   6. Figure 9.6 Retention policy in Azure Backup
   7. Figure 9.7 Disaster recovery on premises
   8. Figure 9.8 Disaster recovery on premises to Azure
   9. Figure 9.9 Disaster recovery for Azure to Azure
10. Chapter 10
    1. Figure 10.1 Monitoring relationships in Azure
    2. Figure 10.2 Viewing metrics for a VM
    3. Figure 10.3 Service Health information in Azure Monitor
    4. Figure 10.4 Diagnostic setting configuration
    5. Figure 10.5 Example blob created as part of diagnostic setting sink to storage
    6. Figure 10.6 Configuring data to collect via connected sources
    7. Figure 10.7 Viewing the schema of a workspace
    8. Figure 10.8 Searching available monitoring solutions
    9. Figure 10.9 Action options in an action group
    10. Figure 10.10 Sources of alerts in Azure
    11. Figure 10.11 Signals available for a resource
    12. Figure 10.12 Metric using dynamic thresholds
    13. Figure 10.13 Alert rules generated across possible sources
    14. Figure 10.14 Alert rules based on Log Analytics queries
    15. Figure 10.15 Action rule filters
    16. Figure 10.16 Viewing alerts with smart groups
    17. Figure 10.17 Viewing threats for Azure SQL database
    18. Figure 10.18 Viewing threats through a query in Log Analytics
    19. Figure 10.19 The overall security state for my subscription and actionable recommendations
    20. Figure 10.20 Enabling access via JIT for my machine
    21. Figure 10.21 Security cases in Azure Sentinel
    22. Figure 10.22 An application using its managed identity to gain access to a secret, which is ...
11. Chapter 11
    1. Figure 11.1 Opening the JSON settings file
    2. Figure 11.2 Performing an interactive logon via a browser
    3. Figure 11.3 Accessing the Cloud Shell
    4. Figure 11.4 Setting up advanced cloud drive options
    5. Figure 11.5 Viewing the $PSVersionTable information for a Cloud Shell instance
    6. Figure 11.6 An included example runbook
    7. Figure 11.7 Permissions for the created Run As account
    8. Figure 11.8 Working with credential assets
    9. Figure 11.9 Creating a new function with PowerShell as an option
    10. Figure 11.10 Testing a function
    11. Figure 11.11 Viewing the template that will be used to create resources authored in the port...
    12. Figure 11.12 Azure ARM JSON template editing IntelliSense in action
    13. Figure 11.13 Enabling the use of a key vault’s contents for template deployments
    14. Figure 11.14 A very simple release pipeline that consists of a single task for the release: ...
    15. Figure 11.15 Using the Cloud Shell within the Azure application
    16. Figure 11.16 Connecting to my VM via the bastion host service
    17. Figure 11.17 Managing S2D with Windows Admin Center from the browser
12. Chapter 12
    1. Figure 12.1 Elements and perceived possible vulnerabilities for a public cloud service
    2. Figure 12.2 Gartner Methodologies and Magic Quadrant
    3. Figure 12.3 Gartner Methodologies and Hype Cycle

Guide

1. Cover
2. Table of Contents
3. Introduction