├── .gitignore ├── README.md ├── 6-cost-management.md ├── 4-security.md ├── 1-cloud-concepts.md ├── 3-core-solutions.md ├── 5-governance-compliance.md └── 2-core-services.md /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Microsoft Azure Fundamentals (AZ-900) Certification 2 | Study notes and guide for the Azure Fundamentals Certification, part of a full [O'Reilly course](https://learning.oreilly.com/videos/microsoft-azure-fundamentals/27702422VIDEOPAIML/). 3 | 4 | ## 🚀 Watch the Video course 5 | 6 | [![O'Reilly](https://learning.oreilly.com/covers/urn:orm:video:27702422VIDEOPAIML/400w/)](https://learning.oreilly.com/videos/microsoft-azure-fundamentals/27702422VIDEOPAIML/ "Azure Fundamentals Certification") 7 | 8 | ## 💡 Create a study strategy 9 | This repository has _my own notes_ but you should create yours as part of studying for the course. I show you how I did it below 👇 10 | 11 | **Centralized details:** Certification https://docs.microsoft.com/en-us/learn/certifications/exams/az-900 12 | 13 | * Download the skills outline 14 | 15 | * Go through the 6 sections: 16 | 17 | 1. Describe core Azure concepts 18 | 1. Describe core Azure services 19 | 1. Describe core solutions and management tools on Azure 20 | 1. Describe general security and network security features 21 | 1. Describe identity, governance, privacy, and compliance features 22 | 1. Describe Azure cost management and SLAs 23 | 24 | 25 | * Summarize 26 | 27 | Sample repo structure: 28 | 29 | ``` 30 | . 31 | ├── 1-cloud-concepts.md 32 | ├── 2-core-services.md 33 | ├── 3-core-solutions.md 34 | ├── 4-security.md 35 | ├── 5-governance-compliance.md 36 | ├── 6-cost-management.md 37 | └── README.md 38 | ``` 39 | 40 | 1. Create a repository and add 6 markdown files, one for each section 41 | 1. Start summarizing, adding the Learning Path and Learning Module for each section 42 | 1. Capture services, definitions, and any key differentiators 43 | 44 | Sample section: 45 | 46 | ``` 47 | ## Main topic 48 | 49 | ### Service Name 50 | 51 | Definition: Some definition 52 | 53 | Features: 54 | 55 | * Feature 1 56 | * Feature 2 57 | ``` 58 | 59 | Find key differences for similar services. For example, IoT Hub vs. IoT Central: 60 | 61 | **IoT Hub:** More control, less managed (no dashboard). Telemetry analysis. 62 | 63 | **IoT Central:** Less control, more managed (dashboard included). Telemetry analysis. 64 | -------------------------------------------------------------------------------- /6-cost-management.md: -------------------------------------------------------------------------------- 1 | | Service | Definition | 2 | | -- | --| 3 | |**Azure Cost management + Billing**| A Free service that helps you grasp your Azure bill, manage subscription, monitor, optimize and control spending.| 4 | |**Azure Reservations** | Offers discounted pricing on certain Azure services for reserving and paying in advance for services| 5 | |**Azure Pricing Calculator**| A calculator that estimates cost based on all preceding factors according to specific requirements| 6 | |**Azure Advisor** |Identifies unused/underutilized resources and makes recommendations.| 7 | 8 | ## TCO Calculator 9 | 10 | Definition: helps you estimate the cost savings of operating your solution on Azure over time vs. on-premise datacenter 11 | 12 | 13 | ## Azure subscriptions 14 | 15 | There are 3 options: 16 | 17 | * Free trial 18 | * Pay-as-you-go: pay for what you use by attaching a CC to your account. Orgs can get discounts by prepaying. 19 | * Member offers: Memberships might provide you credits or reduced rates for Azure services. 20 | 21 | 22 | ## Affecting cost 23 | 24 | 1. Region 25 | 1. Tier 26 | 1. Billing Options 27 | 1. Support options 28 | 1. Programs and offers 29 | 1. Azure Dev/Test pricing 30 | 31 | **Type**: 32 | * Resource type 33 | * Performance Tier 34 | 35 | **Usage Meter** 36 | * CPU 37 | * IP address time 38 | * Incoming+Outgoing network traffic 39 | * Disk size and read+write operations 40 | 41 | **Usage:** 42 | * Deallocated still uses storage, but not compute 43 | 44 | **Subscription Type:** 45 | 46 | * Free tier has access to free services for 12 months 47 | * Some types have usage allowances 48 | 49 | **Azure Marketplace** 50 | 51 | * Third-party (vendor) services and solutions with billing set by the vendor 52 | 53 | **Location (a.k.a. Region)** 54 | 55 | * Different regions have different associated prices 56 | 57 | **Zones for network traffic** 58 | (Data moving in+out of Azure datacenters) 59 | 60 | Zone: a geographical grouping of Azure regions 61 | 62 | * Some inbound data to Azure is free. 63 | * Outbound is based in zones 64 | 65 | There are 4 zones: 66 | 67 | 1. Zone 1 (Australia Central, West US, East US, Canada West, West Europe, France Central and others) 68 | 1. Zone 2 69 | 1. Zone 3 70 | 1. DE Zone 1 71 | 72 | 73 | ## Azure Pricing Calculator 74 | 75 | Definition: A calculator that estimates cost based on all preceding factors according to specific requirements 76 | 77 | ## Azure Advisor 78 | 79 | Definition: Identifies unused/underutilized resources and makes recommendations. 80 | 81 | ## Spending limits 82 | 83 | Prevent accidental overrun by setting limits. 84 | 85 | ## Azure Reservations 86 | 87 | Definition: offers discounted pricing on certain Azure services for reserving and paying in advance for services 88 | 89 | ## Azure Cost Management + Billing 90 | 91 | Definition: A Free service that helps you grasp your Azure bill, manage subscription, monitor, optimize and control spending. -------------------------------------------------------------------------------- /4-security.md: -------------------------------------------------------------------------------- 1 | # Identity, Governance, Privacy, and compliance features 2 | 3 | LP https://docs.microsoft.com/en-us/learn/paths/az-900-describe-general-security-network-security-features/ 4 | 5 | ## Core Azure Identity Services 6 | 7 | ### Azure Security Center 8 | 9 | Definition: a monitoring service for security across all services in Azure and on-premises 10 | 11 | * Monitors across on-premises and cloud workloads 12 | * Applies security settings 13 | * Provides security recommendations 14 | * Continuously monitors, automatic identification of vulnerabilities 15 | * Allows defining rules for allowing applications to run 16 | * Detects and analyses attacks, investigates threats 17 | * Provides just-in-time access network control 18 | * Views _overall_ regulatory compliance - Assigns a Secure score 19 | 20 | Threat protection: 21 | * Just-in-time VM Access 22 | * Checks unauthorized applications running on VMs 23 | * Monitor internet traffic patterns of VMs 24 | * File integrity monitoring 25 | 26 | **Secure Score** 27 | 28 | Definition: Is a measurement of an organization's percentage of satisfied security recommendations 29 | 30 | * Based on security controls or groups of security recommendations 31 | 32 | 33 | 34 | ### Azure Sentinel 35 | 36 | Definition: is a cloud-based Security Information and Event Management System (SIEM) 37 | 38 | * Collects cloud data across all devices, users, apps, infrastructure for on-premise and multiple-clouds 39 | * Inteligent threat detection (past and present) - uses AI for suspicious activities and investigation 40 | * Orchestrate and automate common tasks (**Azure monitor workbooks**) 41 | 42 | ### Azure Key Vault 43 | 44 | Definition: centralized cloud service for storing app secrets. Store them in Hardware Security Modules (HSMs) 45 | 46 | Manage: 47 | * secrets 48 | * encryption keys 49 | * SSL/TLS certificates 50 | 51 | Benefits: 52 | 53 | * Centralized app secrets 54 | * Access monitoring and control 55 | * Integrates with Azure services 56 | 57 | ### Dedicated Host 58 | 59 | Definition: Provides a dedicated physical server to host VMs (Windows+Linux) 60 | 61 | * Exclusive control of the underlying physical host for VMs 62 | * Helps with compliance requirements for isolated servers 63 | * Pick and choose processor/VM series/sizes on the same host 64 | * HA: provision multiple hosts in a host group 65 | * Optional maintenance control for when maintenance updates happen 66 | * Pricing is per dedicated host, regardless of VMs hosted 67 | 68 | 69 | ### Defense in Depth 70 | 71 | Definition: protect information using a layered strategy with data secured at the center. 72 | 73 | * **Security Posture**: Confidentiality, Integrity, Availability _CIA_ 74 | * **confidentiality**: restrict access, least privilege 75 | * **integrity**: prevent unauthorized changes to information 76 | * **availability**: access only for authorized users 77 | 78 | ### Azure Firewall 79 | 80 | Definition: managed cloud-based network security service for Azure virtual networks 81 | 82 | * High Availability + scalability 83 | * Inbound and outbound filtering rules 84 | * Azure Monitor logging 85 | * Inbound Destination Network Address Translation (DNAT) 86 | 87 | You can configure: 88 | 89 | * Application rules for FQDNs 90 | * Network rule for source, protocol, and destination port and address 91 | * NAT rules 92 | 93 | Note: Azure Application Gateway provides Web Application Firewall (WAF) which is also a firewall. 94 | 95 | ### Azure DDoS Protection 96 | 97 | Definition helps protect your resources from DDoS attacks 98 | 99 | * **Basic**: Enabled by default, for free as part of Azure subscription. Always on monitoring. Helps mitigate 100 | attacks across regions. 101 | * **Standard**: Additional mitigation capabilities for Azure Virtual Networks. Easy to enable, no app changtes needed. 102 | Policies are applied to public IPs. 103 | 104 | Prevents the following attacks: 105 | 106 | * **Volumetric**: Floods the network layer with legitimate-looking traffic 107 | * **Protocol**: Makes a target inaccessible by exploiting layer 3 and layer 4 protocols 108 | * **Resource-layer**: Targets web app packets to disrupt data transmission between hosts. 109 | 110 | ### Network Security Groups (NSGs) 111 | 112 | Definition: Enables you to filter traffic to/from Azure resources within a virtual network (like an internal firewall) 113 | 114 | * NSG can have many rules within an Azure subscription. 115 | * A new rule has default rules to provide a security baseline 116 | * Can't remove default rules, but you can override them 117 | 118 | ### Network security strategy/solution 119 | 120 | * Secure the perimeter (Firewall, DDoS) 121 | * Secure the network layer (restrict connectivity, limit communication) (NSGs) 122 | * Combine services: NSG + Firewall + DDoS, WAF, etc... -------------------------------------------------------------------------------- /1-cloud-concepts.md: -------------------------------------------------------------------------------- 1 | # Describe Cloud Concepts 2 | 3 | LP: https://docs.microsoft.com/en-us/learn/paths/az-900-describe-cloud-concepts/ 4 | 5 | Identify Cloud Computing benefits, use GASHED: 6 | 7 | * Geo-distribution 8 | * Agility 9 | * Scalability 10 | * High Availability 11 | * Elasticity 12 | * Disaster Recovery 13 | 14 | 15 | ## Azure Portal 16 | 17 | Definition: Web-based unified console that allows you to build, manage, and monitor everything in Azure. 18 | 19 | ## Azure Marketplace 20 | 21 | Definition: Connects users to partners and vendors that offer solutions/services for Azure 22 | 23 | ## Accounts 24 | 25 | Azure Account -> Many subscriptions -> Many Resource groups -> Resources 26 | 27 | ## Types of Cloud 28 | 29 | | Type | Description | Expenditure | 30 | | -- | -- | -- | 31 | | Public | Services over the internet. Owned by a third party| OpEx | 32 | | Private | Exclusive by users from a company. Can be on-premise, datacenter, or hosted by a third-party service provider.| CapEx | 33 | | Hybrid | Combination of Public and Private| | 34 | 35 | ## Expenses 36 | 37 | Describe CapEx (Capital Expenditures) and OpEx (Operational Expenditures) 38 | 39 | | Type | Description | 40 | | -- | -- | 41 | | Capital Expenditure (CapEx) | Up-front spending on infrastructure. Value is reduced over time | 42 | | Operational Expenditure (OpEx) | No up-front cost. Spending only on services and billed for what you use | 43 | 44 | ## Consumption-Based Model 45 | 46 | Is the basis of OpEx: 47 | 48 | * No up-front costs 49 | * Only pay for what you use/need 50 | * Pay for additional resources when they are needed 51 | * Stop paying for what you don't use 52 | 53 | 54 | ## Cloud Service models 55 | 56 | 57 | | Model | Description | Complexity/Ownership | 58 | | -- | -- | -- | 59 | | IaaS | OS and Network owned by the user, including maintenance and configuration | High | 60 | | PaaS | Apps are deployed into a managed OS. No ownership of hardware or software requirements | Medium | 61 | | SaaS | User only provides data. Everything else is managed. E.g. MS Office | Low | 62 | 63 | ## Subscriptions, Management Groups, and Resources 64 | 65 | | Name | Definition | 66 | | -- | -- | 67 | |Management Groups|Manage access, policy, compliance for multiple subscriptions| 68 | |Subscriptions|Groups accounts with resources. Can be used to manage costs+resources| 69 | |Resource Groups| A logical grouping of services (resources)| 70 | |Resources| Services that you create. E.g. a Virtual Machine| 71 | 72 | ## Azure Regions 73 | 74 | Definition: A geographical area with one or more datacenters nearby and networked together. 75 | 76 | **Special Regions**: US DoD, US Gov: physically+logically isolated with additional compliance certifications. China 77 | is operated by 21Vianet. 78 | 79 | 80 | ## Azure availability Zones 81 | 82 | Definition: One or more physically separate datacenters within an Azure region. A.K.A. Isolation Boundary (HA/redundancy). 83 | 84 | Availability Zones are interconnected with ultra high-speed, private, fiber network. 85 | 86 | Not all regions have AZs. 87 | 88 | Services that support AZs have these categories: 89 | 90 | * **Zonal service**: Pins to a zone 91 | * **Zone-redundant**: Auto-replication across zones 92 | * **Non-regional**: HA in an Azure geography. 93 | 94 | ## Azure Region Pairs 95 | 96 | Definition: Each Azure region is **always paired** with another region within the same geography. 97 | 98 | AZs have one or more datacenters, and a Region has at least 3 zones. 99 | 100 | Helps protect against natural disasters or civil unrest. Separated at least 300 miles. 101 | 102 | Replication resides always within the same Geography as the pair except for Brazil South. 103 | 104 | ## Azure resources and Azure resource Manager 105 | 106 | **Resource**: A manageable item within Azure. Like a database or a VM 107 | **Resource group**: A grouping of resources you want to manage as a group. 108 | 109 | ### Azure Resource Groups 110 | 111 | Can contain anything you create in Azure to form a logical grouping of services (resources). Helps provide organization. 112 | 113 | * **Life cycle**: If you delete a resource group, all contained resources are deleted as well. Makes it easier to get rid of. 114 | * **Authorization**: A resource group is a scope for applying RBAC 115 | 116 | ### Azure Resource Manager 117 | 118 | Definition: Deployment and management service for Azure. CRUD for Azure resources 119 | 120 | * Manage infrastructure with templates 121 | * Deploy, manage, and monitor 122 | * Define dependencies between resources for correct ordering 123 | * Apply RBAC and tags 124 | 125 | ## Azure subscriptions 126 | 127 | Definition: Provides you with authenticated and authorized access to products and services. Always linked back to an account. 128 | 129 | An account can have one or many subscriptions. 130 | 131 | Types of subscription boundaries: 132 | 133 | * **Billing boundary**: Determines how an Azure account is billed. You can create multiple subscriptions for different billing requirements. 134 | * **Access Control boundary**: Access-management policies happen at the subscription level. You can control access+resources for specific subscriptions. 135 | 136 | Additional subscription helps with: 137 | 138 | * **Environments**: Separate environments via subscriptions. E.g. development and testing 139 | * **Org structure**: Marketing and IT, helping manage access and limit resources 140 | * **Billing**: Make it easier to track billing better. 141 | 142 | ## Azure management groups 143 | 144 | Definition: Provides a level of scope above subscriptions. Helps organize subscriptions into groups. 145 | 146 | Helps provide user access to multiple subscriptions with a single RBAC that gets inherited 147 | -------------------------------------------------------------------------------- /3-core-solutions.md: -------------------------------------------------------------------------------- 1 | LP: https://docs.microsoft.com/en-us/learn/paths/az-900-describe-core-solutions-management-tools-azure/ 2 | 3 | find about days and hours of sla 4 | 5 | ## Azure IoT fundamentals 6 | 7 | LM https://docs.microsoft.com/en-us/learn/modules/iot-fundamentals/ 8 | 9 | ### Azure IoT Hub 10 | 11 | Definition: Managed service hosted in the cloud. Central hub for bi-directional communication with devices and the cloud. 12 | 13 | Features: 14 | 15 | * Device-to-cloud telemetry 16 | * File upload from devices 17 | * Control devices from the cloud 18 | * Monitoring of device creation, failures, connections 19 | 20 | Key difference with IoT Central: More control, less managed (no dashboard). Telemetry analysis. 21 | 22 | ### Azure IoT Central 23 | 24 | Definition: Builds on IoT Hub with a dashboard to connect, monitor and manage IoT Devices 25 | 26 | Features: 27 | 28 | * Dashboard for managing devices 29 | * Push firmware updates to devices 30 | * Provides starter templates for common scenarios 31 | 32 | Key difference with IoT Central: Less control, more managed (dashboard included). 33 | 34 | ### Azure Sphere 35 | 36 | Definition: End-to-end, secure IoT solution. From hardware to OS and messaging from the device to the message hub. 37 | 38 | Three parts: 39 | 40 | 1. **Azure Sphere Micro-Controller (MCU)**: Processes OS and signals from attached sensors. 41 | 1. **Custom Linux OS** that handles communication with the security service 42 | 1. **Azure Sphere Security Service (AS3)**: Makes sure the device hasn't been compromised 43 | 44 | Features: 45 | 46 | * Built-in communication and security features for IoT devices 47 | 48 | ## Azure AI Fundamentals 49 | 50 | LM https://docs.microsoft.com/en-us/learn/modules/ai-machine-learning-fundamentals/ 51 | 52 | ### Azure Machine Learning 53 | 54 | Definition: Platform for working with models. Tools and services that allow you to connect to data, train, and deploy models. 55 | 56 | Features: 57 | 58 | * Define how to obtain, handle, and split data in training and test sets. 59 | * Train and evaluate modules with programming languages like Python 60 | * Pipeline creation for compute-intensive tasks 61 | * Best-algorithm deployment with an API to a REST endpoint 62 | 63 | ### Azure Cognitive Services 64 | 65 | Definition: Provides pre-built ML models to see, hear, speak, understand and reasoning. 66 | 67 | Features: 68 | 69 | * Solves generic problems, like text sentiment analysis, image or face recognition 70 | 71 | 4 categories: 72 | 73 | 1. Language: Process NLP 74 | 1. Speech: Speech-to-text, and text into natural sounding speech. Language translations 75 | 1. Vision: Analyze and recognize pictures, videos or other visual content 76 | 1. Decision: Automatic and Personalized recommendations for users. Detect abnormalities in Time Series data. 77 | 78 | ### Azure Bot Service and Bot Framework 79 | 80 | Definition: Platform for creating virtual agents that can reply to questions as a human. 81 | 82 | Features: 83 | 84 | * Virtual agent that can communicate intelligently with humans 85 | * Uses other Azure services like Azure Cognitive Services to proces information better 86 | 87 | ## Serverless Fundamentals 88 | 89 | LM https://docs.microsoft.com/en-us/learn/modules/serverless-fundamentals/ 90 | 91 | ### Azure Functions 92 | 93 | Definition: Use a programming language that responds to an event based on a queue, timer, or HTTP request. 94 | 95 | Features: 96 | 97 | * Use common languages like C#, Python, JavaScript, Typescript, Java and PowerShell 98 | * Scales automatically 99 | * Stateless environment, but can be connected to storage to persist data 100 | * Orchestration possible with Durable functions, chaining functions together and maintaining state. 101 | 102 | Key difference from Azure Logic Apps: Azure is a serverless compute service, not meant to be a long-running business-logic process that connects with other services. 103 | 104 | ### Azure Logic Apps 105 | 106 | Definition: A low-code/no-code platofrm that helps automate and orchestrate tasks, business processes and workflows. 107 | 108 | Features: 109 | 110 | * Integration for apps, data, system, enterprise (EAI), and B2B 111 | * Web-based designer triggered from Azure services 112 | * Trigger from events like timers, a queue, or an HTTP request (like functions) 113 | * Over 200 pre-made solutions (connectors) for SalesForce, SAP, Oracle DB, and file shares 114 | 115 | Key difference from Azure Functions: Logic Apps is an _orchestration service_. Pricing is dependent on the connector. 116 | 117 | ## Azure DevOps & DevTest Labs 118 | 119 | LM https://docs.microsoft.com/en-us/learn/modules/azure-devops-devtest-labs/ 120 | 121 | ### Azure DevOps 122 | 123 | Definition: Suite of services for all stages of software development lifecycle 124 | 125 | Services included: 126 | 127 | * Azure Repos: Source-code repositories 128 | * Azure Boards: Project management 129 | * Azure Pipelines: CI/CD automation tooling 130 | * Azure Artifacts: A repository for hosting artifacts that can be used in deployment or testing pipelines 131 | * Azure Test Plans: Automated testing tool for CI/CD pipelines that can ensure quality before a release 132 | 133 | Key difference from GitHub: Enterprise development, with more project-management, planning tools and fine-grained access control. 134 | 135 | ### GitHib and GitHub Actions 136 | 137 | Definition: Git Source-code repositories and CI/CD automation 138 | 139 | Features: 140 | 141 | * Shared repos that allow code reviews, comments, questions, and discussions before merging code 142 | * Helps project management with Kanban boards included 143 | * Issue reports, discussion, and tracking 144 | * CI/CD pipelines via GitHub Actions 145 | * Wiki for collaborative docs 146 | * SaaS or on-premise capabilities 147 | 148 | Key difference from Azure DevOps: More lightweight, less customizable, less project-management and planning tools. 149 | 150 | ### Azure DevTest Labs 151 | 152 | Definition: Service for automating building, setup, and tearing down of VMs that build software projects. 153 | 154 | Features: 155 | 156 | * Test across a variety of environments and builds 157 | * Support for anything that ARM templates can deploy 158 | * Shutdown or fully deprovision VMs after completion 159 | 160 | ## Management Fundamentals 161 | 162 | LM https://docs.microsoft.com/en-us/learn/modules/management-fundamentals/2-identify-product-options 163 | 164 | ### Azure Portal 165 | 166 | Definition: Web-based UI to access almost every feature and service of Azure. 167 | 168 | Features: 169 | 170 | * View all services you are using 171 | * Create new services 172 | * Configure new or existing services 173 | * View reports 174 | 175 | ### Azure Mobile App 176 | 177 | Definition: iOS and Android mobile app to access Azure resources remotely. 178 | 179 | Features: 180 | 181 | * Monitor health and status of services 182 | * Check alerts 183 | * Restart web apps or VMs 184 | * Run the CLI or PowerShell commands to manage Azure resources 185 | 186 | 187 | ### Azure PowerShell 188 | 189 | Definition: A shell where you can execute commands called _cmdlets_ (command-lets) that call into the Azure REST API for resource/service management. 190 | 191 | Features: 192 | 193 | * Execute independently or combined to orchestrate setup, teardown, or maintenance or 1 or more resources 194 | * Deploy an entire infrastructure wich might contain hundreds of resources 195 | * Use imperative code 196 | * Create repeatable+automatable processes by using code 197 | * Windows, Linux, OSX, and browser availability via Azure Cloud Shell 198 | 199 | ### Azure CLI 200 | 201 | Definitio: A CLI tool to execute commands in Bash that call the Azure REST API for resource/service management. 202 | 203 | It is almost **the same** as Azure PowerShell 204 | 205 | Key difference: The syntax used. If you are proficient in Bash, then use the Azure CLI. 206 | 207 | Features: 208 | 209 | * Execute independently or combined to orchestrate setup, teardown, or maintenance or 1 or more resources 210 | * Deploy an entire infrastructure wich might contain hundreds of resources 211 | * Use imperative code 212 | * Create repeatable+automatable processes by using code 213 | * Windows, Linux, OSX, and browser availability via Azure Cloud Shell 214 | 215 | ### ARM Templates 216 | 217 | Definition: Describe infrastructure in a declarative way using JSON. 218 | 219 | Features: 220 | 221 | * ARM templates are verified before execution 222 | * Orchestration of resources in parallel 223 | * Define only the desired state and configuration of each resource 224 | * Templates can use PowerSHell or the Azure CLI for before/after actions 225 | 226 | ## Monitoring Fundamentals 227 | 228 | LM https://docs.microsoft.com/en-us/learn/modules/monitoring-fundamentals/ 229 | 230 | ### Azure Advisor 231 | 232 | Definition: Evaluates your Azure resources and makes recommendations for reliability, security, performance, and reduce costs. 233 | 234 | Features: 235 | 236 | * Get alerts on new recommendations that you can use, dismiss, or postpone 237 | * Personalized recommendations for _all your subscriptions_ 238 | * Available in the Azure Portal and the REST API 239 | 240 | 5 categories: 241 | 242 | * **Reliability**: Improve availability of applications 243 | * **Security**: Detect threats and vulnerabilities 244 | * **Performance**: Improve speed of applications 245 | * **Cost**: Optimize/reduce Azure spending 246 | * **Operational Excellence**: Deployment best-practices, efficiency workflow, resource management 247 | 248 | ### Azure Monitor 249 | 250 | Definition: Platform to collect, analyze, visualize, and take action based on data from your entire Azure **and on-premise environment** 251 | 252 | Features: 253 | 254 | * Monitor applications, integrating them with PagerDuty, Jira, or Azure DevOps 255 | * Monitor and optimize your infrastructure, including VMs, K8s, and Storage 256 | * Monitor and diagnose your network, trigger packet capture or analyze routing issues 257 | * Supports an extensive query language to analyze and get insights from operational data 258 | * Visualize, analyze, gain insights, and set alerts based on monitoring data 259 | 260 | Application Insights uses Azure Monitor under the hood 261 | 262 | ### Azure Service Health 263 | 264 | Definition: A personalized view of Azure services, regions, and resources health. 265 | 266 | status.azure.com does **not** provide the full picture. as its main informational dashabord 267 | 268 | Features: 269 | 270 | * Both major and smaller health displays, localized to issues that affect you 271 | * Peronalizable to services and regions that are interesting to you 272 | * Set up alerts to help triage outages 273 | * Provides official incident reports and Root Cause Analyses (RCAs) 274 | * Advertises **Planned Maintenance** that can affect availability 275 | * Publishes **Health Advisories** that include service retirements (sunsetting) or breaking changes. 276 | 277 | Key difference with status.azure.com: The status dashboard is **not** personalized and not granular to issues that might affect you directly. 278 | -------------------------------------------------------------------------------- /5-governance-compliance.md: -------------------------------------------------------------------------------- 1 | # Identity, Governance, Privacy, and compliance 2 | 3 | LP: https://docs.microsoft.com/en-us/learn/paths/az-900-describe-identity-governance-privacy-compliance-features/ 4 | 5 | 6 | # Identity 7 | 8 | ## Authentication and Authorization 9 | 10 | **Authentication** 11 | 12 | * Establishes identity for access 13 | * Challenges a party for legitimate credentials 14 | * Establishes whether the user is who they say they are 15 | 16 | 17 | **Authorization** 18 | 19 | * Establishes the **level** of access for authenticated user 20 | * Specifies what data a user is allowed to access and what they can do with that data 21 | 22 | 23 | ## Azure Active Directory (AAD) 24 | 25 | Definition: Cloud-based identity and access management service 26 | 27 | | Active Directory | Azure Active Directory | 28 | | -- | -- | 29 | | Managed by your own org | Managed by Azure | 30 | | On-premise identity control | Global identity control service| 31 | 32 | **Note**: Can connect AAD with Active Directory for sign-in attempts 33 | 34 | Features: 35 | 36 | * Control access to applications and resources 37 | * SSO functionality within apps, integration with existing creds 38 | * Self-service password reset for users 39 | * MSFT 365, Azure, and other services already use AAD 40 | 41 | Services: 42 | 43 | * Authentication 44 | * Single Sign-On (SSO) 45 | * Application management 46 | * Device management (device registration) 47 | 48 | Secure: 49 | 50 | * Both internal and external resources 51 | * Internal resources like on-premise (behind firewall) apps and resources 52 | 53 | ### Connect AD with AAD 54 | 55 | * Azure AD Connect syncs user identities between on-premise and cloud (AAD). 56 | * SSO, password resets, multi-factor auth within both systems 57 | 58 | ## Azure AD Multi-factor Authentication 59 | 60 | Definition: Service that provides multifactor authentication capabilities. 61 | 62 | ### Multifactor Authentication 63 | 64 | Definition: user is prompted during sign-in for additional forms of identification 65 | 66 | Requires two or more elements to authenticate: 67 | 68 | * Something the user knows (e.g. an email) 69 | * Something the user has (e.g. a phone) 70 | * Something the user is (e.g. fingerprint or face scan) 71 | 72 | ### Conditional Access 73 | 74 | Definition: A tool that AAD uses to allow/deny resources based on identity _signals_ 75 | 76 | **identity signals**: Who the user is, where the user is, what device the user is requesting access from. 77 | 78 | Provides granular multifactor authentication. 79 | 80 | Available to AAD Premium 81 | 82 | # Governance 83 | 84 | ## RBAC 85 | 86 | Definition: Role based access control based on an allow model. Access that applies to a scope which is a resource or set of resources. 87 | 88 | Scopes: 89 | 90 | * Management group 91 | * Single subscription 92 | * Resource group 93 | * Single resource 94 | 95 | | Role name | Scope | Permissions | 96 | | -- | -- | -- | 97 | | Owner | Management Group | Can manage everything in all subscriptions | 98 | | Reader | Subscription Group | View every resource group within the subscription | 99 | | Contributor | Resource Group | Can manage resources of all types within the resource group, but not other resource groups| 100 | 101 | Permissions are compounded: one app gives you read, another gives you write, means read+write permissions 102 | 103 | **Enforcement**: Goes through Azure Resource manager (access via Portal) 104 | 105 | Apply it to: 106 | 107 | * Individuals 108 | * Groups 109 | * Service principals or other managed identities 110 | 111 | **Management**: Through IAM (Acccess Control) 112 | 113 | ## Resource Locks 114 | 115 | Definition: Prevents resources from being accidentally deleted or changed 116 | 117 | | Level | Permissions | 118 | | -- | -- | 119 | | CanNotDelete | Authorized users can still read and modify but can't delete | 120 | | ReadOnly | Authorized users can read but cannot change. Like Reader role in RBAC | 121 | 122 | **Changes to locked resource**: Must remove the lock first. Regardless of RBAC permissions. 123 | 124 | **Combine**: Use locks with Azure Blueprints to prevent accidental lock removal. Blueprints can automatically 125 | replace the resource lock if removed. 126 | 127 | ## Tags 128 | 129 | Definition: provides extra information about resources. 130 | 131 | Useful for: 132 | 133 | * Resource management 134 | * Cost management 135 | * Operations management 136 | * Security 137 | * Governance and compliance 138 | * Workloads and optimization 139 | 140 | Add tags with: 141 | * PowerShell + CLI 142 | * ARM templates (Azure Resource Manager) 143 | * REST API 144 | * Azure Portal 145 | 146 | **Azure Policy** Allows tag management. Tags for a resource group aren't auto applied to resources within the group. Azure Policy can make resource inherit tags or enforce tag conventions 147 | 148 | ## Azure Policy 149 | 150 | Definition: Enables you to create, assign, and manage policies that control resources. Highlights non-compliant resources and prevents noncompliant resources from being created. 151 | 152 | Can automatically remediate noncompliant resources+configurations 153 | 154 | Works with Azure DevOps for CI and Pipeline for app pre and post deployment phases. 155 | 156 | **Initiative**: Individual or group of related policies. 157 | 158 | Built-in initiatives for: 159 | 160 | * Storage 161 | * Network 162 | * Compute 163 | * Security Center 164 | * Monitoring 165 | 166 | Enable it by: 167 | 168 | 1. Create a definition 169 | 1. Assign definition to resources 170 | 1. Review results 171 | 172 | Enforce: 173 | 174 | * VM SKUs 175 | * Allowed geographical locations 176 | * Multifactor authentication with specific permissions 177 | * CORS. Only required domains can interact with certain apps 178 | * Install system updates on machines 179 | 180 | Policy assignment: 181 | 182 | * To resources 183 | * Takes place within a scope (management group, single subscription, or resource group) 184 | * Automatically inherited for all child resources within a resource group (can be excluded) 185 | 186 | Review: 187 | 188 | * Each resource is marked as compliant or noncompliant 189 | * Evaluation happens every hour 190 | 191 | ### Initiatives 192 | 193 | Definition: groups related policies. Helps track for a larger objective 194 | 195 | Initiatives are assigned to a scope of a mangement group, subscription, or resource group. 196 | 197 | ## Azure Blueprints 198 | 199 | Definition: Orchestrate/automate deployment of resource templates and artifacts like Roles, Policies, ARM templates, and Resource groups 200 | 201 | | Action | Description | 202 | | -- | -- | 203 | | Define/Create | Describes what should be deployed | 204 | | Assign | An actual deployed resource | 205 | | Track | Capture changes via versioning | 206 | 207 | **Artifacts**: a component in a Blueprint definition. Can contain zero or more parameters to configure 208 | 209 | 210 | ## Cloud Adoption Framework (CAF) 211 | 212 | Definition: Provides guidance for cloud adoption 213 | 214 | 1. Create a strategy 215 | 1. Plan 216 | 1. Ready for cloud adoption 217 | 1. Adopt the cloud 218 | 1. Govern and manage 219 | 220 | ## Subscription governance strategy 221 | 222 | **Billing** One report per subscription. When creating subscription take into account internal billing requirements 223 | 224 | **Access Control** A subscription is a boundary for Azure resources. Each subscription is mapped to an AAD tenant. Each tenant can set granular access via RBAC 225 | 226 | **Limits** Subscriptions have resource limitations. Exceeding limits means more subscriptions. A management group can help with subscriptions. 227 | 228 | 229 | ## Compliance 230 | 231 | Microsoft services build on several regulatory compliance controls. Grouped by: 232 | 233 | * Global 234 | * US Government 235 | * Industry 236 | * Regional 237 | 238 | ### Criminal Justice Information Service (CJIS) 239 | 240 | Azure is the only major cloud that contractually commits to CJIS security policy - just like law enforcement 241 | 242 | ### Cloud Security Alliance STAR Certification 243 | 244 | Azure, Intune, Power BI are CSA STAR certified. 245 | 246 | **CCM**: Cloud Controls Matrix. 247 | 248 | This certification means that: 249 | 250 | * Service conforms to applicable requirements 251 | * Has addressed issues critical to cloud security 252 | * Asses against the STAR capability maturity model in CCM areas 253 | 254 | ### European Union Model Clauses 255 | 256 | Azure offers EU customers contractual guarantees around transfers of personal data outside of the EU. 257 | 258 | ### Health Insurance Portability and Accountability Act (HIPAA) 259 | 260 | Azure offers HIPAA business associate agreement (BAA) to adhere to security+privacy provisions. 261 | 262 | ### International Organization of Standards/International Electrotechnical Commission 27018 263 | 264 | Microsoft has adopted ISO/IEC 27018 code of practice for processing information by cloud service providers. 265 | 266 | ### Multi-tier Cloud Security Singapore 267 | 268 | Microsoft is certified all classifications: 269 | 270 | * IaaS 271 | * PaaS 272 | * SaaS 273 | 274 | ### Service Organization Controls 1,2, and 3 275 | 276 | Microsoft is audited annually against the SOC report framework. Covering security, availability, and integrity. 277 | 278 | 279 | ### National Institute of Standards and Technology Cybersecurity Framework (NIST) (CSF) 280 | 281 | A voluntary framework that consists of standards, guidelines, and best-practices to manage cybersecurity threats 282 | 283 | Microsoft has undergone several audits and Office 365 is certified to the objectives in NIST CSF 284 | 285 | ## Privacy, Online Services, and Data Protection 286 | 287 | ### Privacy Statement 288 | 289 | Explains personal data that Microsoft collects and how it is used and for what purpose. 290 | 291 | 292 | ### Online Services Terms 293 | 294 | OST is a legal agreement between Microsoft and the customer for the processing and security of customer+personal data. You must license 295 | through a subscription. 296 | 297 | 298 | ### Data Protection Addendum (DPA) 299 | 300 | Details the data processing and security terms for online services: 301 | 302 | * Law compliant 303 | * Processed data disclosure 304 | * Data security 305 | * Data transfer, retention, and deletion 306 | 307 | ### Trust Center 308 | 309 | Definition: Service that provides information about security, privacy, and compliance offerings (e.g. ISO certs) across products. 310 | 311 | 312 | ### Azure Government 313 | 314 | Definition: A separate instance of Azure in physically isolated datacenters and networks located in the US. Addresses security+compliance needs of US Federal agencies. 315 | 316 | Available in 8 geographies with the boradest compliance and Level 5 DoD approval. 317 | 318 | 319 | ### Azure China 21Vianet 320 | 321 | Definition: A physically separated instance of cloud services in China operated by 21Vianet. -------------------------------------------------------------------------------- /2-core-services.md: -------------------------------------------------------------------------------- 1 | LP: https://docs.microsoft.com/en-us/learn/paths/az-900-describe-core-azure-services/ 2 | 3 | ## Azure Compute Services 4 | LM: https://docs.microsoft.com/en-us/learn/modules/azure-compute-fundamentals/ 5 | 6 | ### Virtual Machines (VMs) 7 | 8 | Definition: Emulate physical machines. These provide IaaS. 9 | 10 | ### Virtual machine scale sets 11 | 12 | Definition: Deploy and manage set of identical VMs. Supports autoscale 13 | 14 | ### Containers and K8s 15 | 16 | Definition: Azure compute resources that you can use to deploy+manage containers. Quickly create, scale, and stop dynamically. 17 | 18 | ### Azure App Service 19 | 20 | Definition: a Paas that allows to build, deploy, and scale web/mobile/API apps on any platform. 21 | 22 | Types: 23 | 24 | * Web apps 25 | * API apps 26 | * Webjobs (for background tasks) 27 | * Mobile apps 28 | 29 | Service handles: 30 | 31 | * Deployment and management 32 | * Can secure endpoints 33 | * Scaling of sites 34 | * Built-in load balancing and traffic manager 35 | 36 | ### Azure Functions 37 | 38 | Definition: Serverless code that does not require managing the underlying platform. 39 | 40 | Similar to Azure Logic Apps. Both are serverless. 41 | 42 | Use them for: 43 | 44 | * Running on a timer 45 | * Trigger over HTTP 46 | * With queues. 47 | 48 | Key difference with Azure Logic Apps: Functions requires code and is not an orchestration service 49 | 50 | ### When to use VMs 51 | 52 | * Total control of the OS 53 | * To use custom Software 54 | * Custom hosting configurations 55 | 56 | Example scenarios: 57 | 58 | * In testing/development 59 | * When extending your datacenter to the cloud 60 | * For disaster recovery (quickly provisioning VMs) 61 | 62 | 63 | ### Azure Batch 64 | 65 | Definition: Allows large-scale parallel and high-performance computing (HPC) batch jobs. Can scale to thousands of VMs 66 | 67 | Batch can: 68 | 69 | * Start a pool of compute 70 | * Install apps + stage data 71 | * Run jobs 72 | * Identify failures 73 | * Reque work 74 | * Scale down 75 | 76 | ### Azure Logic Apps 77 | 78 | Definition: It executes workflows, designed to automate (orchestrate) business scenario from predefined logic blocks 79 | 80 | Similar to Functions. Both can get triggered with logic based on event. 81 | 82 | Workflows are persisted in JSON. 83 | 84 | Declarative and stateful. Runs only in the cloud. 85 | 86 | Key difference with Azure Functions: Logic Apps don't require code, and it is an orchestration service 87 | 88 | ### Azure Virtual Desktop 89 | 90 | Definition: A Windows desktop virtualization service in the cloud. 91 | 92 | Works across devices like Windows, Mac, iOS, Android, and Linux. Including most browsers 93 | 94 | Use it because: 95 | 96 | * Provides flexibility (supported across devices) 97 | * Enhanced security. Data+apps are separate from the local hardware 98 | 99 | * **Simplified management**: with Azure AD + RBAC 100 | * **Performance management**: Can load balance on VM host pools 101 | * **Multi-session**: Allows concurrent users on Windows 10 102 | 103 | Reduce costs by bringing your own licenses. Available with no extra costs for existing MSFT 365 license. 104 | Save on compute by buying 1 or 3 year Azure reserved virtual machine instances. 105 | 106 | ## Azure Networking 107 | LM https://docs.microsoft.com/en-us/learn/modules/azure-networking-fundamentals/ 108 | 109 | ### Azure Virtual Network fundamentals 110 | 111 | * Isolate 112 | * Communicate over the internet 113 | * Communicate between Azure resources 114 | * Communicate with on-premise 115 | * Route+filter traffic 116 | * Connect virtual networks 117 | 118 | **Internet communications**: VMs can connect to the internet _by default_ 119 | 120 | **Communicate between Azure resources**: with Virtual networks, or service endpoints (from an Azure resource) 121 | 122 | **Communicate with on-premise**: 123 | * via Point-to-site (typical VPN) 124 | * Site-to-site (everything appears on the same network) 125 | * Azure ExpressRoute: dedicated private connection to Azure (not over the internet) 126 | 127 | **Route Network traffic** 128 | * Route tables: defines rules for directing network traffic 129 | * Border Gateway Protocol: (BGP) Propagate on-premises BGP to Azure virtual networks 130 | 131 | **Connect virtual networks**: With network peering. Peering allows connecting virtual networks together. 132 | 133 | ## Azure VPN gateway fundamentals 134 | 135 | 136 | ### VPN Gateway 137 | 138 | Definition: A type of virtual network gateway. 139 | 140 | They enable: 141 | 142 | * Connecting on-premise datacenter to virtual networks (site-to-site) 143 | * Connecting individual devices to virtual networks (point-to-site) 144 | * Connect virtual networks to other virtual networks (network-to-network) 145 | 146 | **Only 1 VPN gateway per virtual network** 147 | 148 | Supports two types: 149 | 150 | **Policy-based** 151 | * IKEv1 only 152 | * Static-routing: Combinations of address prefixes control traffic. Source+destination are declared in policy (**not** in routing tables) 153 | * Mainly used for compatibility with legacy VPN 154 | 155 | **Route-based** 156 | Use it for: 157 | * point-to-site, connections between virtual networks, multisite, coexistence with Azure ExpressRoute 158 | * IKEv2 support 159 | * Wildcard (any-to-any) traffic selectors 160 | * Dynamic routing protocols. Source/Destination networks don't need to be statically defined. Supports Border Gateway Protocol (BGP) 161 | 162 | **Gateway sizes** 163 | * Basic (does not support Border Gateway Protocol) 164 | * VpnGw1 165 | * VpnGw2 166 | * VpnGw3 167 | 168 | **Required Azure resources** 169 | * Virtual Network 170 | * Gateway subnet 171 | * Public IP 172 | * Local network gateway 173 | * Virtual network gateway 174 | * Connection resource 175 | 176 | ### HA for VPN gateways 177 | 178 | * **Active/Standby**: By default VPN gateways are deployed as two instances. Automatic failover. Connections can be interrupted 179 | * **Active/Active**: Use with Border Gateway Protocol, create each VPN with unique IPs but separate tunnels from on-premise device. 180 | * **ExpressRoute Failover**: If an ExpressRoute connection fails, connectivity can fail over to traffic over the internet with the VPN 181 | * **Zone-redundant gateways** For regions that support AZs, VPNs can be deployed with zone-redundancy. Requires a Standard public IP (not a **basic** IP) 182 | 183 | ## Azure ExpressRoute Fundamentals 184 | LM https://docs.microsoft.com/en-us/learn/modules/azure-networking-fundamentals/express-route-fundamentals 185 | 186 | Definition: Extends/connects your on-premise network into Azure over a private connection (**not** over the internet) 187 | 188 | Connection types: 189 | 190 | * Point-to-Point (between nodes) (L2) 191 | * Any-to-Any (VPN) (L3) 192 | 193 | Features: 194 | 195 | * Fast (over private fiber optic) 196 | * Low latency 197 | * Higher security 198 | * Global connectivity with ExpressRoute premium 199 | * Reduntant + Dynamic Routing 200 | * Uptime SLA 201 | 202 | ### Redundancy 203 | 204 | Only for Layer 3 connections. Redundancy uses multiple devices for HA 205 | 206 | ### Connectiviy to cloud services 207 | 208 | Direct connection to: 209 | 210 | * Compute services like: VMs 211 | * Cloud services like Cosmos DB or Storage 212 | 213 | ### Dynamic Routing 214 | 215 | Uses Border Gateway Protocol (BGP) routing protocol, allowing dymaic routing between on-premise and Azure services 216 | 217 | 218 | ### Connectivity Models 219 | 220 | * **Cloud Exchange**: From an ISP/Datacenter to Azure 221 | * **Point-to-Point**: From on-premise to Azure 222 | * **Any-to-Any**: WAN with Azure with L3 connectivity. Access Azure like any private service in a WAN 223 | 224 | ## Azure Storage Services 225 | LM https://docs.microsoft.com/en-us/learn/modules/azure-storage-fundamentals/ 226 | 227 | ### Disk Storage 228 | 229 | Definition: Provides (virtual) disks for Azure VMs. Similar like on-premise server with disks. 230 | 231 | Types: 232 | 233 | * SSDs 234 | * HDDs 235 | * Premium SSDs 236 | * Ultra Disks 237 | 238 | ZERO% annualized failure rate. 239 | 240 | ### Blob storage 241 | 242 | Definition: Unstructured object storage for massive amounts of data. 243 | 244 | Features: 245 | * Can be readched anywhere from http 246 | * Does not require space/disk management 247 | 248 | Use it for: 249 | 250 | * Serve assets over to a browser 251 | * Store files for distributed access 252 | * Video+Audio streaming 253 | * Disaster recovery backups 254 | * Analyzis for on-premise Azure-hosted services 255 | * Storing up to 8TB of data for VMs 256 | 257 | Blobs are stored in containers which are owned by an account: 258 | 259 | Account -> Many containers (e.g. movies/pictures) -> many blobs (files) 260 | 261 | ### Azure files 262 | 263 | Definition: Is a file share service in the cloud available via SMB (Server Message Block) and NFS (preview) (Network File System). 264 | 265 | File shares can be mounted on Windows, Linux and OSX at the same time. 266 | 267 | Features: 268 | 269 | * Data encrypted at rest. 270 | * Access files from anywhere in the world via a URL 271 | * Provide temporary access with a SAS (Shared Access Signature) 272 | 273 | 274 | Use it for: 275 | 276 | * Seamless support for apps that use SMB that need to be migrated to the cloud 277 | * Store, retrieve, and share configuration files that can be accessed by multiple VMs 278 | * Write metrics, crash dumps, or diagnostic logs, so that they can be analyzed later 279 | 280 | 281 | ### Blob Access Tiers 282 | 283 | Definition: Allows organizing data depending on access frequency and retention period. 284 | 285 | * **Hot access tier**: Frequently accessed data like website assets 286 | * **Cool access tier**: Infrequent access stored for at least 30 days 287 | * **Archive access tier**: Almost never accessed and stored for at least 180 days, like backups 288 | 289 | Service attributes: 290 | 291 | * Hot + Cool tiers are set at the account level. Acrhive isn't available at the account level. 292 | * All tiers can be set before or after uploading at the blob level. 293 | * Archive has the lowest cost, but it is more expensive to rehydrate and access data. 294 | 295 | Tier cost 296 | 297 | | Tier | SLA | Access Cost | Storage Cost | 298 | | -- | -- | -- | -- | 299 | | Hot | High | Low | High | 300 | | Cold | Medium | High | Low | 301 | | Archive | - | Highest | Lowest | 302 | 303 | ## Azure Database and analytics 304 | LM https://docs.microsoft.com/en-us/learn/modules/azure-database-fundamentals/ 305 | 306 | ### Azure Cosmos DB 307 | 308 | Definition: A globally distributed, multi-model database service. 309 | 310 | Although usually meant for Key/Value store, it abstracts out several APIs providing support for: 311 | 312 | * SQL 313 | * MongoDB 314 | * Cassandra 315 | * Tables 316 | * Gremlin 317 | 318 | ### Azure SQL Database 319 | 320 | Definition: Relational DB based on the latest stable version of Microsoft SQL Server database. 321 | 322 | Features: 323 | 324 | * HA: 99.99% 325 | * PaaS: Update, patching, backups, and monitoring are all managed 326 | * Fully managed: No need to manage infrastructure or the OS 327 | * Can process relational and non-relational data like graphs, JSON, and XML 328 | 329 | **Key differences from SQL Managed Database**: 330 | 331 | * Offers _less_ options that are available in Azure SQL Managed Database 332 | 333 | See: https://docs.microsoft.com/en-us/azure/azure-sql/database/features-comparison 334 | 335 | ### Azure SQL Managed Instance 336 | 337 | Definition: Similar to SQL Database. Relational DB based on the latest stable version of Microsoft SQL Server database. 338 | 339 | Features: 340 | 341 | * HA: 99.99% 342 | * PaaS: Update, patching, backups, and monitoring are all managed 343 | * Fully managed: No need to manage infrastructure or the OS 344 | * Can process relational and non-relational data like graphs, JSON, and XML 345 | * Can use the Azure Database Migration Service (DMS) or native backup/restore 346 | 347 | **Key differences from SQL Database**: 348 | * Offers _more_ options that aren't available in Azure SQL Database 349 | * Can manually initiate backups 350 | * Has access to all built-in functions 351 | * Collation choices at instance creation 352 | * Cross-database name queries and transactions 353 | * Database Mail 354 | 355 | See: https://docs.microsoft.com/en-us/azure/azure-sql/database/features-comparison 356 | 357 | ### Azure Database for MySQL 358 | 359 | Definition: Relational DB based on MySQL community edition 360 | 361 | Features: 362 | 363 | * HA at no additional cost 364 | * Automatic backups + up to 35 days for a point-in-time restore 365 | * Scale as needed within seconds 366 | * Fully managed 367 | * Several tiers offered 368 | 369 | ### Azure Database for PostgreSQL 370 | 371 | Definition: Relational DB based on PostgreSQL database engine 372 | 373 | Features: 374 | 375 | * HA at no additional cost 376 | * Automatic backups + up to 35 days for a point-in-time restore 377 | * Scale as needed within seconds 378 | * Fully managed 379 | * SSL encryption between client and server communications 380 | 381 | Available in two deployment options: 382 | 383 | **Single Server** 384 | * 3 tiers: Basic, General, and Memory Optimized 385 | * Dynamic scaling 386 | 387 | **Hyperscale (Citus)** 388 | * Horizontally scalling using sharding 389 | * Query parallelization across server for fast responses on large datasets 390 | * Made for applications that need greater scale+performance for 100GB of data or more 391 | * Supports multi-tenant, real-time analytics, high (transactional) throughput 392 | * Standard connection + minimal changes 393 | 394 | ### Azure Synapse Analytics 395 | 396 | Definition: Limitless analytics service for big data analytics. 397 | 398 | Features: 399 | 400 | * Serverless queries or provisioned resources at scale 401 | * Unified experience to ingest+prepare+manage+serve data 402 | * Data warehousing 403 | * Big data analytics 404 | 405 | ### Azure HDInsight 406 | 407 | Definition: Fully managed analytics service 408 | 409 | Features: 410 | 411 | * Works with Apache Spark, Apache Hadoop, Apache Kafka, Apache HBase, Apache Storm 412 | * Supports Machine Learning Services 413 | * ETL support 414 | * Data Warehousing 415 | 416 | ### Azure Delta Lake Analytics 417 | 418 | Definition: Simplified on-demand analytics job service for big-data 419 | 420 | Features: 421 | 422 | * Handle jobs of any scale 423 | * Configure analytics power instantly 424 | * Pay for when the job is running (cost effective) 425 | 426 | 427 | ### Azure Databricks 428 | 429 | Definition: Apache Spark environment to build AI solutions and insights from data. 430 | 431 | Features: 432 | 433 | * Support for Python, Scala, Java, and SQL 434 | * Support for data science frameworks like TensorFlow, PyTorch, and Scikit-Learn 435 | --------------------------------------------------------------------------------