Microsoft AZ-900 training - Day 2

Updated: November 20, 2024

DE Informatikai Kar / UD Faculty of Informatics


Summary

The video covers a wide range of topics in Azure cloud computing, including setting up virtual networks, utilizing various storage options like Azure Blob Storage and Azure Disk Storage, and managing data migration. It also delves into security measures such as Network Security Groups, RBAC, and the Zero Trust security model. Additionally, it explores tools like Azure File Sync, Azure Cost Management, and Azure Logic Apps to enhance cloud operations and efficiency. It provides valuable insights into cloud computing advantages, data protection strategies, and key features of Microsoft's security and compliance practices.


Creating Virtual Network and Machines

The speaker demonstrates the process of creating a virtual network, setting up subnets, assigning IP addresses, and creating virtual machines within the network. They explain the importance of choosing the right region and compliance with laws and regulations for data storage. Testing the connection between virtual machines is also highlighted.

Network Security Groups

The speaker elaborates on setting up Network Security Groups (NSG) to control inbound and outbound traffic within virtual networks. They discuss default NSG rules, creating custom rules, and associating NSGs with subnets for enhanced security.

Azure Blob Storage

The speaker explains Azure Blob Storage, highlighting its scalability, object storage nature, use of containers for objects, private IP address ranges, and the benefits of using blob storage over disk storage for various data types such as video, binary, and text. They also discuss the importance of Tiers for data access and management.

Azure File Storage

The speaker introduces Azure File Storage, which offers fully managed file shares accessible via SMB or NFS protocols. They explain the benefits of shared access, compatibility with industry standards, and ease of management without dealing with hardware or operating systems. They mention the use of Azure File Sync to centralize file shares and automate syncing with Azure files.

Azure Queue Storage

The speaker discusses Azure Queue Storage, a service for storing a large number of messages, emphasizing its use for asynchronous communication between services. They highlight the capacity for potentially millions of messages, individual message size limitations, and integration with Azure Functions for automated actions based on message reception.

Azure Disk Storage

The speaker talks about Azure Disk Storage, managed block-level storage volumes for use with Azure virtual machines. They explain the provisioning process, storage types (HDD, SSD, Ultra Disk), and the scalability and performance levels of disk storage based on virtual machine size. Migration options and benefits of using Azure Disk Storage are also covered.

Azure Data Migration

The speaker explains different data migration options to Azure, including Azure Migrate for real-time infrastructure migration and Azure Data Box for physical data transfer. They detail the process of requesting and using Azure Data Box to move large amounts of data quickly and efficiently.

File Management Options in Azure

The speaker discusses various file management tools in Azure, including AzCopy for blob operations between storage accounts, Azure Storage Explorer for graphical file management, and Azure File Sync for centralizing file shares. They highlight the functionalities and advantages of each tool for efficient file operations.

Cloudshell and Common Line Interface

Introduction to Cloudshell and its usefulness for working with Azure portal and running scripts using a common line interface in the browser.

Running Bash Commands in Cloud Shell

Demonstration of running bash commands in Cloud Shell to manage resources and create virtual machines.

Mounting and Uploading Files in Cloud Shell

Explanation of mounting and uploading files in Cloud Shell using PowerShell and verifying the functionality.

Working with Fshare (File Share)

Demonstration of using Fshare for sharing information and files in a synchronized manner within the Azure cloud environment.

Microsoft Entro ID and Authentication

Overview of Microsoft Entro ID and the authentication process, including multifactor authentication and passwordless authentication methods.

Microsoft Entro Domain Services

Explanation of Microsoft Entro Domain Services and its benefits in managing domain services without the need for deploying and patching domain controllers.

External Identities and Conditional Access

Discussion on external identities, business-to-business collaborations, and conditional access for securing access based on location, device, and application signals.

Role-Based Access Control (RBAC)

Understanding Role-Based Access Control (RBAC) and its implementation for managing permissions and access control at various scopes within Azure resources.

Zero Trust Model

Introduction to the Zero Trust security model that assumes a breach and verifies each request to protect resources in modern computing environments.

Defense in Death Objective

Defense in death aims to protect information and prevent unauthorized access by using various mechanisms to slow down attacks and protect data through multiple layers.

Layers of Data Protection

The defense strategy involves seven layers to protect central data, with each layer providing added security to slow down attacks and prevent exposure.

Security Layers

Includes physical security, identity & access control, parameter layer, network layer, compute layer, application layer, and data layer to ensure data protection and access control.

Microsoft Defender for Cloud

Microsoft Defender for Cloud is a monitoring tool for security posture management that offers threat protection and guidance for securing resources in the cloud or on-premises.

Log Analytics

Log Analytics gathers security-related data to monitor, protect, and provide insights across multicloud and hybrid environments for threat detection and anomaly classification.

Azure Cost Management

Azure Cost Management helps track expenses and enables monitoring, budgeting, and alert features to manage costs effectively in the cloud.

Azure Policy

Azure Policy enforces organizational standards and compliance by setting scale policies to control and audit resources for compliance and configuration management.

Resource Locks

Resource locks prevent accidental deletions or changes by applying restrictions to resources to prevent unauthorized actions, requiring the lock to be removed before any modifications are made.

Permissions and Locks

To update or delete a resource, the lock must be removed regardless of the user's permissions.

Break Time

A 20-minute break is announced before continuing with the session.

Service Trust Portal

The Service Trust Portal provides information on Microsoft's security, privacy, and compliance practices, including controls and processes to protect cloud services and customer data.

Service Trust Portal Content

Details on the content available on the Service Trust Portal, such as Microsoft's implementation of controls and processes to safeguard cloud services and customer data.

Microsoft Service Trust Portal Authentication

Users need to sign in as authenticated users with a Microsoft Cloud Services account to access features and content on the Service Trust Portal.

Microsoft Perview

Microsoft Perview offers data governance, risk, and compliance solutions for a unified view of data landscape with automated data discovery and end-to-end data lineage.

Microsoft Perview: Risk and Governance

Microsoft Perview includes risk and governance solutions using Microsoft 365 features and unified data governance capabilities for managing data across various platforms, including Amazon S3.

Cloud Adoption Framework

The Cloud Adoption Framework provides guidance and tools to aid in a smooth transition to cloud services, ensuring compliance and operational excellence.

Azure Logic Apps vs. Azure Functions

Azure Logic Apps use predefined workflows instead of developing your own, providing the same functionality as Azure Functions without the need for coding.

Use Case for VPN Gateway

A use case for a VPN Gateway is connecting an on-premises data center to an Azure virtual network for communication between Azure resources.

Azure Virtual Desktop

Azure Virtual Desktop allows users to run Windows-based applications from a Windows environment, providing cloud-hosted Windows access across different devices.

Running Applications in Containers

Two services that allow running applications in containers are highlighted, offering flexibility in container-based application deployment.

Azure Blob Storage for Reading and Writing Data

Choosing Azure Blob Storage (option C) ensures the fastest access times for reading and writing data, making it ideal for storage needs.

Storing Unstructured Files in Azure Storage

Azure Blob Storage is recommended for storing unstructured files like images to be served on web pages, ensuring efficient storage and access.

Accessing Azure File Shares

Utilizing NFS and SMB standards (options C and D) enable easy access and sharing of files through Azure File Shares.

Purpose of Defense in Depth

Defense in Depth strategy aims to prevent unauthorized access to sensitive information by using multiple layers of security.

Multi-Factor Authentication

Multi-Factor Authentication enhances security by requiring users to use their mobile phones for authentication, ensuring additional verification.

Conditional Access

Conditional Access allows administrators to control access to resources based on specific signals, ensuring compliance and security.

Advantages of Cloud Computing

Cloud computing advantages include no physical server access and horizontal scaling, providing scalability and flexibility in resource management.

Capital Expenditures in Cloud Computing

Capital Expenditures refer to upfront costs like hardware purchases, impacting budgeting and financial planning in cloud deployments.

Hybrid Cloud Deployment

Hybrid Cloud combines private and public cloud infrastructure, balancing control and scalability for organizations.

Disaster Recovery Plan in Cloud

Cloud-based backup services and data replication are crucial in disaster recovery planning, ensuring operational continuity in case of unexpected events.

Geo Distribution in Cloud Computing

Geo Distribution allows deploying applications and data to regional data centers worldwide, optimizing performance and user experience based on location.

Scaling Applications in Cloud

Horizontal scaling increases application capacity by adding additional virtual resources, enhancing performance and resource availability.

Responsibility in Deployment Models

Customers are responsible for managing the operating system in deployment models A and B, indicating control over application hosting.

Flexibility in Cloud Service Models

The platform as a service model offers the most control over hardware for running applications, providing flexibility and customization options.

Responsibilities in Platform as a Service Model

In a platform as a service model, the cloud service provider is responsible for managing and maintaining the infrastructure and hardware, ensuring hassle-free usage for customers.

Software as a Service Model

Data and access management in a software as a service model are handled by the cloud provider, allowing users to focus on application usage.

Infrastructure as a Service Model

The infrastructure as a service model offers virtual networks, giving users control over network configurations and settings.


FAQ

Q: What is Azure Blob Storage and how is it beneficial?

A: Azure Blob Storage is a scalable object storage solution in Azure that uses containers for objects and allows storage of unstructured data like images efficiently for web page serving.

Q: Explain the importance of Network Security Groups (NSG) within virtual networks.

A: Network Security Groups (NSG) are used to control inbound and outbound traffic within virtual networks by defining rules, both default and custom, to enhance the security of subnets.

Q: What is the function of Azure File Storage and how does it differ from Azure Blob Storage?

A: Azure File Storage provides fully managed file shares accessible via SMB or NFS protocols, allowing shared access without needing to manage hardware or OS. It differs from Azure Blob Storage in the way files are accessed and shared.

Q: How does Azure Queue Storage facilitate asynchronous communication between services?

A: Azure Queue Storage is used to store a large number of messages for asynchronous communication between services, enabling the integration with Azure Functions for automated actions based on received messages.

Q: What are the benefits of using Azure Disk Storage with Azure virtual machines?

A: Azure Disk Storage provides managed block-level storage volumes for VMs, offering different storage types for performance optimization. It simplifies provisioning, scaling, and migration options for disk storage in Azure.

Q: Explain the concept of Role-Based Access Control (RBAC) and its significance in Azure.

A: RBAC is a method of managing permissions and access control in Azure resources by assigning roles to users, allowing fine-grained control over who can perform specific actions at different scopes.

Q: What is the Zero Trust security model and how does it enhance security?

A: The Zero Trust security model assumes a breach and verifies every request to protect resources, implementing multiple security layers like identity & access control, network layers, and data layers to prevent unauthorized access and data exposure.

Q: Explain the purpose of Azure Cost Management and how it helps in cloud cost optimization.

A: Azure Cost Management helps track expenses, monitor costs, set budgets, and receive alerts for effective cost management in the cloud, ensuring optimized resource allocation and usage.

Logo

Get your own AI Agent Today

Thousands of businesses worldwide are using Chaindesk Generative AI platform.
Don't get left behind - start building your own custom AI chatbot now!