Introduction Assessment Test xxiii
Chapter 1 Identity: Azure Active Directory 1
Azure Active Directory 2
Benefits 2
Concepts 4
Azure AD vs. Active Directory Domain Services 4
Azure AD: Licensing 5
Custom Domains in Azure AD 7
Users and Groups 8
User Accounts 8
Group Accounts 26
Azure AD Roles 36
Azure AD Join 37
Benefits 37
Connection Options 38
Self- Service Password Reset 39
Enabling SSPR 39
Authentication Methods 40
Managing Multiple Directories 42
Summary 43
Exam Essentials 44
Review Questions 45
Chapter 2 Compliance and Cloud Governance 49
Azure Regions 50
Facts 51
Regional Pairs 52
Azure Accounts and Subscriptions 53
Azure Accounts 54
Azure Subscriptions 54
Azure Cost Management 57
Plan and Control Expenses 58
Cost Saving Techniques 59
Resource Groups 60
Management Groups 65
Azure Policy 68
Implementing Azure Policy 69
Implementing Initiatives 77
Role- Based Access Control 79
Concepts 80
Azure RBAC Roles 82
Custom RBAC Roles 84
Role Assignment 91
Resource Locks 95
Configuring Locks 97
Resource Tags 99
Use Cases 99
Applying Tags 100
Summary 102
Exam Essentials 102
Review Questions 104
Chapter 3 Virtual Networking 109
Virtual Networks 110
VNet Concepts 111
Address Space 111
Subnets 111
Regions 111
Subscription 112
IP Addressing 113
Static and Dynamic Addressing 113
Private IP Addresses 113
Public IP Address 116
Network Routes 118
System Routes 119
User- Defined Routes 119
Service Endpoints 125
Supported Services 127
Private Endpoint 127
Azure DNS 129
Record Management 131
Private DNS Zones 133
Network Security Groups 137
NSG Concepts 137
NSG Effective Rules 141
Azure Firewall 142
Azure Firewall Rules 142
Implementing Azure Firewall 144
Summary 145
Exam Essentials 146
Review Questions 148
Chapter 4 Intersite Connectivity 153
Azure- to- Azure Connectivity 154
Internet 155
Virtual Network Peering 156
VPN Gateway 165
Virtual Network Peering vs. VPN Gateway 177
Azure to On- Premises Connectivity 178
VPN Gateways 178
ExpressRoute Connections 189
Intersite Connectivity Architecture 193
Virtual WAN 196
Summary 197
Exam Essentials 198
Review Questions 199
Chapter 5 Network Traffic Management 203
Availability Options 204
Availability Sets 205
Availability Zones 207
Service Level Agreement 208
Azure Load Balancer 208
Types of Load Balancers 209
Load Balancer SKUs 212
Configuring Load Balancer 212
Implementing Azure Load Balancer 214
Azure Application Gateway 221
Request Handling Process 222
Routing Methods 223
Configuring Application Gateway 224
Implementing Application Gateway 226
Azure Front Door 235
Azure Traffic Manager 237
Comparing the Load Balancing Solutions 239
Summary 239
Exam Essentials 240
Review Questions 241
Chapter 6 Azure Storage 245
Azure Storage Account 246
Azure Storage Services 247
Azure Blob Storage 247
Azure Files 248
Azure Queues 249
Azure Tables 249
Azure Disks 249
Storage Replication 250
Locally Redundant Storage 250
Zone Redundant Storage 251
Georedundant Storage 252
Geo- zone- Redundant Storage 253
Storage Account Types 255
Storage Account Endpoints 256
Accessing Storage 256
Custom Domain Configuration 256
Securing Storage Endpoints 257
Azure Blob Storage 258
Blob Containers 259
Blob Access Tiers 259
Blob Lifecycle Management 260
Uploading Blobs 261
Storage Security 268
Authorization Options 268
Shared Access Signatures 269
Storage Service Encryption 275
Azure Files and File Sync 276
Azure Files vs. Azure Blobs 276
Managing File Shares 277
Mapping File Shares 279
File Share Snapshots 282
Azure File Sync 285
Managing Storage 288
Azure Storage Explorer 289
AzCopy 291
Import/Export Service 297
Summary 299
Exam Essentials 300
Review Questions 302
Chapter 7 Azure Virtual Machines 307
Virtual Machine Planning 309
Virtual Network 309
Name 309
Location and Pricing 310
Size 311
Storage 312
Operating System 315
Chapter 8
Deploying Virtual Machines 315
Connecting to Virtual Machines 320
Windows Connections 320
Linux Connections 324
Azure Bastion 329
Availability of Virtual Machines 334
Scaling Concepts 335
Vertical Scaling 335
Horizontal Scaling 336
Virtual Machine Scale Sets 336
Implementing a Scale Set 337
Autoscaling 340
Summary 342
Exam Essentials 342
Review Questions 343
Automation, Deployment, and Configuration of Resources 349
Azure Resource Manager 350
ARM Templates 352
Template Design 352
Template Modes 354
Template Sections 355
Composing Templates 361
Exporting Templates 370
Configuring Virtual Hard Disk Templates 374
Create a VM from a VHD 375
Virtual Machine Extensions 376
Custom Script Extension 378
Desired State Configuration 379
Summary 380
Exam Essentials 381
Review Questions 382
Chapter 9 PaaS Compute Options 387
Azure App Service Plans 388
Pricing Tiers 389
Scaling 391
Azure App Services 396
Continuous Deployment 400
Deployment Slots 402
Securing App Service 405
Custom Domains 408
Backup 409
Container Instances 411
Docker 412
Azure Container Instances 415
Container Groups 421
Azure Kubernetes Service 422
Terminology 424
Cluster Components 425
Networking 426
Storage 429
Cluster Upgrade 431
Scaling 432
Summary 438
Exam Essentials 439
Review Questions 440
Chapter 10 Data Protection 445
File and Folder Backups 446
Azure Backup 446
Creating Recovery Services Vault 447
Configuring a Recovery Services Vault 448
Virtual Machine Data Protection 451
Virtual Machine Snapshots 452
Azure Backup 453
Azure Backup Server 463
Azure Site Recovery 466
Summary 469
Exam Essentials 470
Review Questions 471
Chapter 11 Monitoring Resources 475
Azure Monitor 476
Metrics 477
Logs 478
Data Sources 479
Activity Log 480
Azure Alerts 482
Creating Alert Rules 483
Alert States 484
Action Groups 484
Log Analytics 492
Workspace 493
Data Sources 493
Agents Configuration 496
Query Language 497
Network Watcher 502
IP Flow Verify 503
Next Hop 503
Effective Security Rules 505
VPN Troubleshoot 505
Packet Capture 506
Connection Troubleshoot 506
NSG Flow Logs 507
Topology 509
Summary 509
Exam Essentials 510
Review Questions 511
Appendix Answers to the Review Questions 515
Chapter 1: Identity: Azure Active Directory 516
Chapter 2: Compliance and Cloud Governance 517
Chapter 3: Virtual Networking 519
Chapter 4: Intersite Connectivity 520
Chapter 5: Network Traffic Management 521
Chapter 6: Azure Storage 522
Chapter 7: Azure Virtual Machines 524
Chapter 8: Automation, Deployment, and Configuration of Resources 526
Chapter 9: PaaS Compute Options 528
Chapter 10: Data Protection 529
Chapter 11: Monitoring Resources 530
Index 533
Exercise 1.1 Viewing Users in Your Directory 9
Exercise 1.2 Creating Users in Azure AD 14
Exercise 1.3 Modifying and Deleting Users 16
Exercise 1.4 Performing Bulk Operations 20
Exercise 1.5 Viewing Groups in Azure AD 27
Exercise 1.6 Adding Security Groups to Azure AD 29
Exercise 1.7 Adding Microsoft 365 Groups in Azure AD 32
Exercise 2.1 Creating a Resource Group from the Azure Portal 61
Exercise 2.2 Listing Resource Groups from the Azure Portal 63
Exercise 2.3 Deleting Resource Groups from the Azure Portal 64
Exercise 2.3 Implementing a Custom Policy 73
Exercise 2.4 Creating a Custom Role Using PowerShell 87
Exercise 2.5 Assigning Roles from the Azure Portal 91
Exercise 3.1 Creating Virtual Networks 114
Exercise 3.2 Creating Virtual Networks Using Azure PowerShell 116
Exercise 3.3 Creating Public IP Addresses 117
Exercise 3.4 Creating a Route Table 121
Exercise 3.5 Creating a Custom Route 122
Exercise 3.6 Associating a Routing Table to a Subnet 124
Exercise 3.7 Creating an Azure DNS Zone 130
Exercise 3.8 Adding Records to an Azure DNS Zone 132
Exercise 3.9 Creating a Private DNS Zone and Validating Resolution 134
Exercise 3.10 Creating NSG and NSG Rules 139
Exercise 4.1 Implementing Virtual Network Peering in the Azure Portal 159
Exercise 4.2 Implementing the Virtual Network to Virtual Network VPN in the Azure Portal 173
Exercise 4.3 Implementing a P2S VPN in the Azure Portal 183
Exercise 5.1 Implementing Load Balancing in Azure 215
Exercise 5.2 Implementing Azure Application Gateway 227
Exercise 6.1 Uploading Blobs 262
Exercise 6.2 Working with SAS Keys 273
Exercise 6.3 Working with AzCopy 294
Exercise 7.1 Creating a Windows Virtual Machine 316
Exercise 7.2 Connecting to a Windows VM Using RDP 321
Exercise 7.3 Connecting to a Linux VM Using a Password 325
Exercise 7.4 Connecting to Linux VM Using SSH Keys 327
Exercise 7.5 Connecting to Linux VM Using SSH Keys 329
Exercise 8.1 Composing an ARM Template 362
Exercise 9.1 Creating an App Service Plan 392
Exercise 9.2 Creating an App Service Plan 397
Exercise 9.3 Building and Running Containers in Azure 416
Exercise 9.4 Running Applications in an AKS Cluster 435
Exercise 10.1 Implementing a VM Backup 455
Exercise 11.1 Creating Alerts 486
Exercise 11.2 Ingesting Logs to the Log Analytics Workspace 497
ntroduction xxiii
Assessment Test xxx
Chapter 1 Identity: Azure Active Directory 1
Chapter 2 Compliance and Cloud Governance 49
Chapter 3 Virtual Networking 109
Chapter 4 Intersite Connectivity 153
Chapter 5 Network Traffic Management 203
Chapter 6 Azure Storage 245
Chapter 7 Azure Virtual Machines 307
Chapter 8 Automation, Deployment, and Configuration of Resources 349
Chapter 9 PaaS Compute Options 387
Chapter 10 Data Protection 445
Chapter 11 Monitoring Resources 475
Appendix Answers to the Review Questions 515
Chapter 1: Identity: Azure Active Directory 516
Chapter 2: Compliance and Cloud Governance 517
Chapter 3: Virtual Networking 519
Chapter 4: Intersite Connectivity 520
Chapter 5: Network Traffic Management 521
Chapter 6: Azure Storage 522
Chapter 7: Azure Virtual Machines 524
Chapter 8: Automation, Deployment, and Configuration of Resources 526
Chapter 9: PaaS Compute Options 528
Chapter 10: Data Protection 529
Chapter 11: Monitoring Resources 530
Index 533
Table of Exercises
Exercise 1.1 Viewing Users in Your Directory 9
Exercise 1.2 Creating Users in Azure AD 14
Exercise 1.3 Modifying and Deleting Users 16
Exercise 1.4 Performing Bulk Operations 20
Exercise 1.5 Viewing Groups in Azure AD 27
Exercise 1.6 Adding Security Groups to Azure AD 29
Exercise 1.7 Adding Microsoft 365 Groups in Azure AD 32
Exercise 2.1 Creating a Resource Group from the Azure Portal 61
Exercise 2.2 Listing Resource Groups from the Azure Portal 63
Exercise 2.3 Deleting Resource Groups from the Azure Portal 64
Exercise 2.3 Implementing a Custom Policy . 73
Exercise 2.4 Creating a Custom Role Using PowerShell 87
Exercise 2.5 Assigning Roles from the Azure Portal 91
Exercise 3.1 Creating Virtual Networks 114
Exercise 3.2 Creating Virtual Networks Using Azure PowerShell 116
Exercise 3.3 Creating Public IP Addresses 117
Exercise 3.4 Creating a Route Table 121
Exercise 3.5 Creating a Custom Route 122
Exercise 3.6 Associating a Routing Table to a Subnet 124
Exercise 3.7 Creating an Azure DNS Zone 130
Exercise 3.8 Adding Records to an Azure DNS Zone 132
Exercise 3.9 Creating a Private DNS Zone and Validating Resolution 134
Exercise 3.10 Creating NSG and NSG Rules 139
Exercise 4.1 Implementing Virtual Network Peering in the Azure Portal 159
Exercise 4.2 Implementing the Virtual Network to Virtual Network VPN in the Azure Portal 173
Exercise 4.3 Implementing a P2S VPN in the Azure Portal 183
Exercise 5.1 Implementing Load Balancing in Azure 215
Exercise 5.2 Implementing Azure Application Gateway 227
Exercise 6.1 Uploading Blobs 262
Exercise 6.2 Working with SAS Keys 273
Exercise 6.3 Working with AzCopy 294
Exercise 7.1 Creating a Windows Virtual Machine 316
Exercise 7.2 Connecting to a Windows VM Using RDP 321
Exercise 7.3 Connecting to a Linux VM Using a Password 325
Exercise 7.4 Connecting to Linux VM Using SSH Keys 327
Exercise 7.5 Connecting to Linux VM Using SSH Keys 329
Exercise 8.1 Composing an ARM Template 362
Exercise 9.1 Creating an App Service Plan 392
Exercise 9.2 Creating an App Service Plan 397
Exercise 9.3 Building and Running Containers in Azure 416
Exercise 9.4 Running Applications in an AKS Cluster 435
Exercise 10.1 Implementing a VM Backup 455
Exercise 11.1 Creating Alerts 486
Exercise 11.2 Ingesting Logs to the Log Analytics Workspace 497