AZ-900 : Azure Fundamentals - To The Point "Exam Reference Guide" (100+ Services)

If you are preparing for Exam: Azure Fundamental (AZ-900) or looking to enhance your knowledge of Azure fundamentals to the point, then you are at the right place.

    In this post I tried to cover all the services (100+ Service & 20+ Very Important Additional Services) belongs to AZ-900 exam content and few additional services which will help you to prepare for this exam.

01. High Availability 

High Availability is the ability to keep services up and running for long periods of time, with very little downtime. Workloads are typically spread across different virtual machines to gain high throughput, performance, and to create redundancy in case a service is impacted due to an update or other event.

02. Scalability

Scalability is the ability to increase or decrease resources for any given workload. You can add additional resources to service a workload (known as scaling out) or add additional capabilities to manage an increase in demand to the existing resource (known as scaling up).

03. Elasticity,

Elasticity is the ability to automatically or dynamically increase or decrease resources as needed. Elastic resources match the current needs and resources are added or removed automatically to meet future needs when it’s needed.

 04. Agility 

Agility is the ability to respond to change rapidly based on changes to market or environment, ensuring fast time to market. Cloud services can allocate and deallocate resources quickly.

05. Fault Tolerance

Fault tolerance is the ability to remain up and running even in the event of a component (or service) no longer functioning. Typically, redundancy is built into cloud services architecture, so if one component fails, a backup component takes its place. This type of service is said to be tolerant of faults.

06. Disaster Recovery 

Disaster recovery is the ability to recover from an event that has taken down a region-wide cloud service. Cloud services disaster recovery can happen very quickly, with automation and services being readily available to use. 

07. CapEx Vs OpEx 

Capital Expenditure (CapEx) is the upfront spending of money on physical infrastructure, and then deducting that upfront expense over time. The upfront cost from CapEx has a value that reduces over time. Following are different cost considered as CapEx:

    o Server costs

    o Storage costs

    o Network costs

    o Backup and archive costs

    o Organization continuity and disaster recovery costs

    o Datacenter infrastructure costs

    o Technical personnel

Operational Expenditure (OpEx) is spending money on services or products now and being billed for them now. You can deduct this expense in the same year you spend it. There is no upfront cost, as you pay for a service or product as you use it (pay-as-you-go). The following are different cost considered as OpEx:

    o Software licensing.

    o Hosting expenses.

    o Electric bills.

    o Real estate rentals.

    o Cooling expenses.

    o Temporary staff required for operations.

    o Equipment rentals.

    o Replacement parts.

    o Maintenance contracts.

    o Repair services.

    o Business continuity and disaster recovery (BCDR) services.

    o Other expenses that don't require capital expense approvals.

08. Consumption-based model

Consumption-based model allows end-users only to pay for the resources that they use. Whatever they use is what they pay for. A consumption-based model has many benefits, including:

     o No upfront costs.

     o No need to purchase and manage the costly infrastructure that they may or may not use to its fullest.

     o The ability to pay for additional resources when they are needed.

     o The ability to stop paying for resources that are no longer needed.

09. Economics benefits of the Cloud 

Economies of scale is the ability to reduce costs and gain efficiency when operating at a larger scale in comparison to operating at a smaller scale. Cloud providers such as Microsoft, Google, and Amazon are large businesses and are able to leverage the benefits of economies of scale, and then pass those benefits on to their customers.

10. Shared Responsibility Model 

In an on-premises datacenter, you own the whole stack. As you move to the cloud some responsibilities transfer to Microsoft. Under the shared responsibility model, the management of the resource is shared between the cloud provider and the end-user. The cloud provider is responsible for the cloud services infrastructure and the end-user is responsible for the service being configured and managed correctly. The following diagram illustrates the areas of responsibility between you and Microsoft.

11. Service Model (IaaS, PaaS, SaaS)

Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned, and managed over the internet. IaaS quickly scales up and down with demand, letting you pay only for what you use. It helps you avoid the expense and complexity of buying and managing your own physical servers and other datacenter infrastructure.

Platform as a service (PaaS) allows you to avoid the expense and complexity of buying and managing underlying application infrastructure. You manage the applications and services you develop, and the cloud service provider typically manages everything else.

Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365).

12. Serverless Computing 

Serverless computing lets you run application code without creating, configuring, or maintaining a server. The core idea is that your application is broken into separate functions that run when triggered by some action. Few examples of Serverless applications on Azure are Logic apps, Functions, Service Fabric.

13. Cloud Computing

Cloud Computing  is the delivery of computing services over the internet (the cloud), enabling for faster innovation, flexibility to the resources, and economies of scale.

The cloud provider is responsible for

Ø  Physical hardware required to execute your work

Ø  Keeping Hardware up to date.

Every business is unique and has different needs. To meet those needs, Cloud providers offer a wide range of services : Compute, Storage, Networking etc.

14. Deployment Model (Private, Public, Hybrid) 

Private Cloud does not provide flexibility to scale up or down based on demand or agility.

Public Cloud is a computing service offered by third-party providers (eg. Azure) over the public Internet, making them available to anyone who wants to use or purchase them. Public clouds can save companies from the expensive costs of having to purchase, manage, and maintain on-premises hardware and application infrastructure

Hybrid Cloud provides you the greatest degree of flexibility as you have the option to choose either public or private depending on your requirements.

15. Region, Geographies & Region-Pairs

Region is a geographical area on the planet containing at least one, but potentially multiple datacenters that are in close proximity and networked together with a low-latency network. The region contains Availability Zones.

 

Geographies - typically containing two or more regions that preserve data residency and compliance boundaries

Geographies contain region-pairs. Each Azure region is paired with another region within the same geography at least 300 miles away, which together make a region pair. Region pair helps in case of a large disaster, which causes an outage large enough to affect even two datacenters.

16. Availability Zone 

Availability Zones - are physically separate locations with their own power, cooling, and networking.

In other words, Availability Zones are physically separate locations within an Azure region that use availability sets to provide additional fault tolerance. AZs are used to avoid outages at datacenter level.

17. Availability Set

Availability Set ensures your application remains online if a high-impact maintenance event is required, or if a hardware failure occurs with 99.95% Azure SLA. Availability sets are made up of Update domains (UD) and Fault domains (FD).

     o Update domains are a logical section of the data center, and they are implemented with software and logic. When a maintenance event occurs (such as a performance update or critical security patch applied to the host), the update is sequenced through update domains.

     o Fault domains provide for the physical separation of your workload across different hardware in the datacenter. This includes power, cooling, and network hardware that supports the physical servers located in server racks. In the event the hardware that supports a server rack becomes unavailable, only that rack of servers would be affected by the outage.

18. Resource Groups

Resource Group allows you to logically group Azure Resources together. Resource groups are created under subscriptions (see the diagram above), so it can't be used to manage subscriptions.

       In other words, Resource Groups is a unit of management for resources in Azure, allows you to logically group Azure Resources together. This allows you to manage the application collectively over its lifecycle, rather than manage components individually. You can not have a different payment option, one for each department, using Resource groups.

19. Subscription

Azure subscription is a logical unit of Azure services that links to an Azure account. You can have multiple subscriptions, one for each department. You can use department subscriptions to define boundaries around Azure products, services, and resources.

20. Management Groups

 

Management groups are containers that help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

    In other words we can define, Management groups are containers, to manage multiple subscriptions. You should create multiple subscriptions, one for each department, and then logically group subscriptions in Management groups, based on the company policy and compliance.

21. Azure Resource Manager

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

22. Azure Virtual Machine

Azure Virtual Machine is an Infrastructure as a Service (IaaS) offering. IaaS is an instant computing infrastructure, provisioned and managed over the internet. IaaS quickly scales up and down with demand, letting you pay only for what you use.

23. Azure App Service

Azure App Service enables you to quickly and easily build web and mobile apps for any platform or device. With App Service, you can host the most common app service styles like:

     - Web apps

     - API apps

     - WebJobs

     - Mobile apps

Desktop apps are not supported by app services.

It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo.

24. Azure Container Instances (ACI)

Containers provide a consistent, isolated execution environment for applications. They're similar to VMs except they don't require a guest operating system. Instead, the application and all its dependencies is packaged into a "container" and then a standard runtime environment is used to execute the app.

25. Azure Kubernetes Service (AKS)

Kubernetes is open-source orchestration software for deploying, managing, and scaling containers. Azure Kubernetes Service (AKS) is a fully managed Kubernetes service on azure, which makes easy to deploy n manage containerized applications and remove the burden of managing the underlying infrastructure of Kubernetes deployments

26. Azure Virtual Network

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. To connect VNet with an on-premises network, you will need to create a VPN Gateway.

27. Azure VPN

Microsoft Azure gives you the possibility to work in a hybrid work environment with which you can integrate the servers and physical equipment of your company with the cloud. To carry out this task, our proposal is based on the use of a virtual private network (azure Virtual Private Network or VPN) that works as a gateway.

28. Azure VPN Gateway

Azure Virtual Private Network (VPN) gateway is used to send encrypted traffic between an Azure Virtual Network and an on-premises location over the public internet. It provides a more secure connection from on-premises to Azure over the internet.

    In other words, Azure VPN Gateway connects your on-premises networks to Azure through Site-to-Site VPNs in a similar way that you set up and connect to a remote branch office. The connectivity is secure and uses the industry-standard protocols Internet Protocol Security (IPsec) and Internet Key Exchange (IKE).

29. Azure ExpressRoute

ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365.

Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a colocation facility. ExpressRoute connections don't go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.

30. Azure Blob Storage

Azure Blob storage is Microsoft's object storage solution for the cloud, optimized for storing massive amounts of unstructured data, such as text, videos, images, or other binary data. Blob storage is ideal for:

    o Serving images or documents directly to a browser.

    o Storing files for distributed access.

    o Streaming video and audio.

    o Storing data for backup and restore disaster recovery, and archiving.

    o Storing data for analysis by an on-premises or Azure-hosted service.

    Azure Storage offers three types of Blob storage:

     - Block Blobs: Block blobs are composed of blocks and are ideal for storing text or binary files, and for uploading large files efficiently.

     - Append Blobs: Append blobs are also made up of blocks, but they are optimized for append operations, making them ideal for logging scenarios.

     - Page Blobs: Page blobs are made up of 512-byte pages up to 8 TB in total size and are designed for frequent random read/write operations. 

31. Azure Disk Storage

Azure Disk Storage offers high-performance, durable block storage for your mission- and business-critical applications. Confidently migrate to Azure infrastructure with four disk storage options for the cloud—–Ultra Disk Storage, Premium SSD, Standard SSD and Standard HDD—to optimise costs and performance for your workload. 

32. Azure File Storage

Azure Files enables you to set up highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. That means that multiple VMs can share the same files with both read and write access.

33. Azure Table Storage

Azure Table storage is a cloud-based NoSQL datastore you can use to store large amounts of structured, non-relational data. Azure Table offers a schemaless design, which enables you to store a collection of entities in one table. An entity contains a set of properties, and each property defines a name-value pair.

34. Azure Queue Storage

Azure Queue Storage is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue message can be up to 64 KB in size. A queue may contain millions of messages, up to the total capacity limit of a storage account. Queues are commonly used to create a backlog of work to process asynchronously.

35. Azure Storage Tiers

Azure storage offers different access tiers, allowing you to store blob object data in the most cost-effective manner. Available access tiers include:

• Hot - Optimized for storing data that is accessed frequently.
• Cool - Optimized for storing data that is infrequently accessed and stored for at least 30 days.
• Archive - Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements, on the order of hours.

36. Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL database for modern app development. Single-digit millisecond response times, and automatic and instant scalability, guarantee speed at any scale. Business continuity is assured with SLA-backed availability and enterprise-grade security. 

 

37. Azure SQL Database

Azure SQL Server Database is a relational database as a service (DaaS) based on the latest stable version of the Microsoft SQL Server database engine. SQL Database is a high-performance, reliable, fully managed, and secure database that you can use to build data-driven applications and websites in the programming language of your choice without needing to manage infrastructure.

38. Azure Database for MySQL

Azure Database for MySQL is a relational database service powered by the MySQL community edition. You can use either Single Server or Flexible Server (Preview) to host a MySQL database in Azure. It's a fully managed database as a service offering that can handle mission-critical workloads with predictable performance and dynamic scalability.

39. Azure Database for PostgreSQL

Azure Database for PostgreSQL is a relational database service based on the open-source Postgres database engine. It's a fully managed database-as-a-service that can handle mission-critical workloads with predictable performance, security, high availability, and dynamic scalability.

40. Azure SQL Managed Instance

Azure SQL Managed Instance is the intelligent, scalable cloud database service that combines the broadest SQL Server database engine compatibility with all the benefits of a fully managed and evergreen platform as a service. SQL Managed Instance has near 100% compatibility with the latest SQL Server (Enterprise Edition) database engine, providing a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for existing SQL Server customers. 

    SQL Managed Instance allows existing SQL Server customers to lift and shift their on-premises applications to the cloud with minimal application and database changes. At the same time, SQL Managed Instance preserves all PaaS capabilities (automatic patching and version updates, automated backups, high availability) that drastically reduce management overhead and TCO.

41. Azure Marketplace

Microsoft Azure Marketplace is an online store that offers applications and services either built on or designed to integrate with Microsoft's Azure public cloud. The Marketplace is the premier destination for all your software needs - certified and optimized to run on Azure.

42. Internet of Things (IoT) Hub

 IoT hub allows bi-directional communication between IoT applications and the devices it manages. IoT Hub will not ensure the security of the IoT device. It does not provide a graphical user interface for device management.

43. IoT Central

Azure IoT Central builds on top of IoT Hub by adding a dashboard that allows you to connect, monitor, and manage your IoT devices. IoT Central will not ensure the security of the IoT device.

IoT Central quickly creates a web-based management portal to enable reporting and communication with IoT devices. The visual user interface (UI) makes it easy to quickly connect new devices and watch as they begin sending telemetry or error messages.

44. Azure Sphere

Azure Sphere is hardware with an operating system, which has built-in communication and security features for internet-connected devices. It does not provide a graphical user interface for device management.

Azure Sphere creates an end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub. Azure Sphere has built-in communication and security features for internet-connected devices, that provides the highest degree of security to ensure the device has not been tampered with.

45. Azure Synapse Analytics

Azure Synapse Analytics is a limitless analytics service that brings together enterprise data warehousing and big data analytics. It gives you the freedom to query data on your terms, using either serverless on-demand or provisioned resources - at scale.

Reference : Microsoft Documentation

46. Azure Stream Analytics

Azure Stream Analytics is a real-time analytics and complex event-processing engine that is designed to analyze and process high volumes of fast streaming data from multiple sources simultaneously. Patterns and relationships can be identified in information extracted from a number of input sources including devices, sensors, clickstreams, social media feeds, and applications. 

Reference : Microsoft Documentation

47. Azure HDInsight

Azure HDInsight is a cloud service that makes it easier, faster, and more cost-effective to process massive amounts of data. HDInsight allows you to run popular open-source frameworks and create cluster types such as Apache Spark, Apache Hadoop, Apache Kafka.

48. Azure Databricks

Azure Databricks is an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform. Databricks is integrated with Azure to provide one-click setup, streamlined workflows, and an interactive workspace that enables collaboration between data scientists, data engineers, and business analysts.

49. Azure Machine Learning

Azure Machine Learning service provides a cloud-based environment that can be used to develop, train, test, deploy, manage, and track machine learning models to implement Artificial Intelligence AI. It will let you start training on your local machine, and then scale out to the cloud.

50. Microsoft Cognitive Services 

Microsoft Cognitive services are a collection of domain-specific pre-trained AI models that can be customized with your data. They are categorized broadly into vision, speech, language, and search. Cognitive services are not an IoT service.

Azure Cognitive Services provides natural language services.

51. Azure Bot Service

Azure Bot Service creates virtual agent solutions that utilize natural language. It should not be eliminated as a candidate.

Azure Bot Service will not help with prediction, as it works with predefined rules in the backend system. So it should be eliminated as a candidate.

52. Serverless computing solutions (Azure Functions & Logic Apps)

Azure function is a serverless implementation, provides a runtime environment to execute code, written in any language the user is comfortable. Based on the language chosen, an appropriate platform is provided to users for bringing their own code. You can send emails using Azure function, but it will need you to write and manage code, which can be achieved using Logic App configuration.

Azure Logic Apps is a serverless cloud service that helps you automate and orchestrate tasks, business processes, and workflows. You can use Logic Apps to send email notification based on predefined rules without writing code.

53. Azure DevOps

Azure DevOps Services provides development collaboration tools including high-performance pipelines, private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing. DevOps services provide the following tools

Azure Repos provides Git repositories or Team Foundation Version Control (TFVC) for source control of your code. 

Azure Pipelines provides build and release services to support continuous integration and delivery of your applications. 

Azure Boards delivers a suite of Agile tools to support planning and tracking work, code defects, and issues using Kanban and Scrum methods. 

Azure Test Plans provides several tools to test your apps, including manual/exploratory testing and continuous testing. 

Azure Artifacts allows teams to share packages such as Maven, npm, NuGet, and more from public and private sources and integrate package sharing into your pipelines.

54. GitHub Actions for Azure

GitHub Actions helps you automate your software development workflows from within GitHub. You can deploy workflows in the same place where you store code and collaborate on pull requests and issues.

A workflow is an automated process that you set up in your GitHub repository. You can build, test, package, release, or deploy any project on GitHub with a workflow.

55. Azure DevTest Labs

 Azure DevTest Labs provides self-service cloud environments (Windows/Linux) for demo/training purposes to speed up the development process. One of the primary scenarios involves using DevTest Labs to host development machines for developers.

56. Azure Portal

Azure portal is a public website that you can access with any web browser, to create, manage, and monitor any available Azure services. It also guides you through complex administrative tasks using wizards and tooltips.

    Azure enables you to create and manage support requests, also known as support tickets. You can create and manage requests in the Azure portal. You can also create and manage requests programmatically, using the Azure support ticket REST API.

57. Azure PowerShell

PowerShell can be used for  Windows OS only, MacOS users can use PowerShell Core which is a cross-platform version of PowerShell that runs on Windows, Linux or macOS.

PowerShell Core is a cross-platform version of PowerShell that runs on Windows, Linux or macOS.

58. Azure CLI

Azure CLI is a cross-platform command-line program that connects to Azure and executes administrative commands on Azure resources. Cross-platform means that it can be run on Windows, Linux, or macOS.

59. Azure Cloud Shell

Azure Cloud Shell is a browser-based scripting environment in your portal. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell.

60. Azure Mobile App

Azure Mobile App keeps you connected to your Azure resources - anytime, anywhere. While it’s technically possible to open the Azure portal in your browser on your phone, it is not a better option than using the mobile app. You can also run ad hoc Azure CLI or PowerShell commands from the Azure mobile app.

61. Azure Advisor

Azure Advisor analyses your configurations and usage telemetry and offers personalised, actionable recommendations to help you optimise your Azure resources for reliability, security, operational excellence, performance and cost.

62. Azure Resource Manager (ARM) templates

Azure Resource Manager (ARM) Templates are JSON files that define the infrastructure and configuration for your project. In the template, you specify the resources to deploy and the properties for those resources.

    Templates do not help in categorizing resources and generating bills based on office location.

63. Azure Monitor

Azure Monitor helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on. It does not provide any information for planned resource maintenance.

64. Azure Service Health

Azure Service Health helps you prepare for planned maintenance and changes that could affect the availability of your resources. It also provides personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved.

65. Azure Security Center

Azure Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises. It does not provide any information for planned resource maintenance.

It does not provide recommendations for an organization's regulatory compliance requirements. Also It's not used for password or secrets management.

66. Secure Score

Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken.

Secure Score helps organizations:

• Report on the current state of the organization's security posture.
• Improve their security posture by providing discoverability, visibility, guidance, and control.
• Compare with benchmarks and establish key performance indicators (KPIs).

67. Azure Key Vault

Azure Key Vault is a centralized cloud service for storing your applications' passwords and secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities.

68. Azure Sentinel

Azure Sentinel is Microsoft's cloud-based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats. It also provides capabilities for threat detection and response.

Note: It does not provide a graphical user interface for device management.

69. Azure Dedicated Host

Azure Dedicated Host provides physical servers that host one or more Azure virtual machines. Your server is dedicated to your organisation and workloads—capacity is not shared with other customers. This host-level isolation helps address compliance requirements. As you provision the host, you gain visibility into (and control over) the server infrastructure and you determine the host’s maintenance policies.

70. Concept of defense in depth

The objective of defense in depth is to protect information and prevent it from being stolen by those who aren’t authorized to access it. A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.

Layers of defense in depth shown in the below image:

Reference: https://www.azureguru.org/what-is-defense-in-depth/

71. Network Security Group

A Network Security Group rule enables you to filter traffic to and from Azure resources in an Azure virtual network. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.

72. Azure Firewall

Azure Firewall is a network security service that protects your Azure Virtual Network resources by adding allow or deny rules based on different conditions. 

Azure Firewall applies IP-based restriction to access Azure resources from the internet, but it doesn't specify connection rules within a virtual network.

The Azure Firewall grants server access based on the originating IP address of each request. You create firewall rules that specify ranges of IP addresses. Only clients from these granted IP addresses will be allowed to access the server.

73. Azure DDoS protection

DDoS attacks attempt to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users. Azure DDoS Protection provides Basic and Standard service plans.

74. Authentication and Authorization

Authorization to access Azure resources can be provided by other identity providers by using federation. A commonly used example of this is to federate your on-premises Active Directory environment with Azure AD and use this federation for authentication and authorization.

75. Azure Active Directory

Azure Active Directory is a cloud-based identity and access management service. Azure AD provides services such as authentication, Single sign-on (SSO), Application management, Device Management.

76. Multi-Factor Authentication (MFA)

MFA provides additional security for your identities by requiring two or more elements for full authentication. These elements fall into three categories:

     o Something you know could be a password or the answer to a security question.

     o Something you possess might be a mobile app that receives a notification, or a token-generating device.

     o Something you are is typically some sort of biometric property, such as a fingerprint or face scan used on many mobile devices.

Note: MFA can't encrypt and manage administrative credentials.

77. Single Sign-On (SSO)

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.

78. Role-Based Access Control (RBAC)

Role-based access control (RBAC) provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs. It's not used to manage subscriptions.

79. Resource locks

Azure Lock allows locking Azure Resources like subscription, resource group, or other resources to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.

 o CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.     

     o ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

Note: Locks do not help in categorizing resources and generating bills based on office location.

80. Tags

Tags are used to logically organize Azure resources, resource groups, and subscriptions into a taxonomy. Each tag consists of a name and a value pair. For example, you can apply the name "Environment" and the value "Production" to all the resources in production.

This tag can be used to generate billing reports per office basis from the Azure portal.

81. Azure Policy

Azure Policy helps to enforce rules at the resource group, or subscription level. You can create a policy to validate the naming requirement and apply this policy either on Subscription or Resource Group so that any resource created under the resource group will follow the policy for tagging. All resources created under the subscription will be checked if the policy rule is fulfilled or not to enforce the users to follow the naming convention.

Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. These business rules, described in JSON format, are known as policy definitions.

82. Azure Blueprints

Azure Blueprints enable cloud architects to define a repeatable set of Azure resources that implement and adhere to an organization's standards, patterns, and requirements. Azure Blueprint is a declarative way to orchestrate the deployment of various resource templates and other artifacts, such as:

     o Role assignments

     o Policy assignments

     o Azure Resource Manager templates

     o Resource groups

You can create a policy to enforce tagging, and use Blueprint to make sure that policy is assigned to subscription/resource group/resources.

83. Cloud Adoption Framework for Azure

Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey. The Cloud Adoption Framework helps you create and implement the business and technology strategies needed to succeed in the cloud. The Cloud Adoption Framework includes these stages:

Strategy -> Plan -> Ready -> Adopt

84. Microsoft privacy statement

The Microsoft privacy statement explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.

85. Online Services Terms (OST)

"Online Services Terms" means the terms that apply to your use of the Products available at "https://www.microsoft.com/en-us/Licensing/product-licensing/products.aspx". The Online Services Terms include terms governing your use of Products that are in addition to the terms in this agreement.

86. Data Protection Amendment (DPA)

The Online Services Data Protection Addendum (“DPA”) sets forth your and Microsoft’s obligations with respect to the processing and security of Customer Data and Personal Data in connection with Azure.

87. Trust Center

Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.

88. Azure compliance documentation

The Azure compliance documentation provides you with detailed documentation about legal and regulatory standards and compliance on Azure.

You can find details information at https://docs.microsoft.com/en-us/azure/compliance/

89. Azure Sovereign Clouds

Azure Sovereign Clouds run on dedicated physical and logical network-isolated instances in country

90. Factors affects Cost

When you provision an Azure resource, Azure creates one or more meter instances for that resource. The meters track the resources’ usage, and each meter generates a usage record that is used to calculate your bill.

• Usage meters

• Resource type

• Services

• Location

Azure usage rates and billing periods can differ between Enterprise, Web Direct, and Cloud Solution Provider (CSP) customers. Some subscription types also include usage allowances, which affect costs.

91. Pricing calculator

Pricing Calculator is a tool that helps you estimate the cost of Azure products. You choose the Azure products you need and configure them according to your specific requirements. Azure then provides a detailed estimate of the costs associated with your selections and configurations.

92. Total Cost of Ownership (TCO) calculator

The Total Cost of Ownership Calculator (TCO) is a tool that you use to estimate cost savings you can realize by migrating to Azure. The TCO calculator generates a detailed report based on the details you enter and the adjustments you make. The report allows you to compare the costs of your on-premises infrastructure with the costs using Azure products and services to host your infrastructure in the cloud.

93. Azure Cost Management

Cost Management provides a set of tools for monitoring, allocating, and optimizing your Azure costs. Cost management can be used once you started using the Azure cloud, to evaluate the cost of resources/services you are using.

94. Budgets

Budgets in Cost Management help you to proactively manage costs and to monitor how spending progresses over time. When the budget thresholds you've created are exceeded, notifications are triggered, so that you can take corrective actions.

95. Service-level agreements (SLAs)

Service-level agreements (SLAs) describe Microsoft’s commitments for uptime and connectivity.

96. Service lifecycle in Azure (Private Preview, Public Preview and General Availability)

Private preview - For service in private preview, the customer needs to request to use it. So private preview service is not available to all customers for testing or evaluation purposes.

Public preview means that an Azure feature, which is in the beta phase, is available to all Azure customers for evaluation purposes.

 

General Availability (GA) - A service in GA means that it has passed the beta phase and is now production-ready.

Note: The general lifecycle of a service is:

Private Preview > Public Preview > Generally Available (GA)

Very Important Additional Services

1. Windows Virtual Desktop

Windows Virtual Desktop enables your team members to run Windows in the cloud, with access to the required applications for your company's needs. Windows Virtual Desktop works across devices like Windows, Mac, iOS, Android, and Linux. It works with apps that you can use to access remote desktops and apps. You can also use most modern browsers to access Windows Virtual Desktop-hosted experiences.

2. VPN Gateway

Azure Virtual Private Network (VPN) gateway is used to send encrypted traffic between an Azure Virtual Network and an on-premises location over the public internet. It provides a more secure connection from on-premises to Azure over the internet.

3. Local network gateway

Local network gateway represents the hardware or software VPN device in your local network. It’s used to set up a site-to-site VPN connection between an Azure virtual network and your local network.

4. Azure Application Gateway 

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications & also perform URL based routing. It is the connection through which users connect to your application. 

5. Gateway subnet

The virtual network gateway uses a specific subnet called the gateway subnet, which is used for routing the traffic from one network to another network.

6. Azure Load Balancer

Azure Load Balancer provides high availability by distributing incoming traffic among healthy Virtual Machines. You can use Load Balancer with incoming internet traffic, internal traffic across Azure services, port forwarding for specific traffic, or outbound connectivity for VMs in your virtual network.

7. Azure Content Delivery Network

Azure CDN is a distributed network of servers that can efficiently deliver web content to users. It is a way to get content to users in their local region to minimize latency.

8. Azure Database Migration Service

Azure Database Migration Service enables seamless migrations from multiple database sources to Azure Data platforms with minimal downtime (online migrations).

9. Azure Cache for Redis

Azure Cache for Redis can be used as an in-memory data structure store, a distributed non-relational database, and a message broker. Application performance is improved by taking advantage of the low-latency, high-throughput performance of the Redis engine.

10. Azure Traffic Manager

Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions while providing high availability and responsiveness.

11. Azure Data Lake Analytics 

Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data. The analytics service can handle jobs of any scale instantly by setting the dial for how much power you need. You only pay for your job when it is running, making it more cost-effective.

12. Azure Initiative

Azure Initiative is a collection of policy definitions that are tailored towards achieving a singular overarching goal. Initiative definitions simplify managing and assigning policy definitions.

13. Azure Event Grid

Azure Event Grid allows you to easily build applications with event-based architectures.

14. Event Hubs

Event Hubs is a data ingestion service, which streams millions of events per second from any source. This service does not provide any information for planned resource maintenance

15. Azure Advanced Threat Protection

Azure Advanced Threat Protection is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. It's not used for password or secrets management.

16. Azure Reserved Virtual Machines (VM) Instances

Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use, but require upfront Capital investment, in spite of, if you will use resources or not. So reservation is not a cost-effective solution.

17. Azure Information Protection (AIP)

Azure Information Protection (AIP) is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).

18. Compliance Manager

Compliance Manager is a dashboard within the Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities.

Compliance Manager provides ongoing risk assessments with a risk-based score reference displayed in a dashboard view for regulations and standards. The compliance manager does not enforce rules to be applied to resources.

19. Azure Active Directory (Azure AD) Identity Protection

Azure Active Directory (Azure AD) Identity Protection allows you to detect potential vulnerabilities affecting your organization's identities, configure automated responses, and investigate incidents. The risk signals can trigger remediation efforts such as requiring users to perform Azure Multi-Factor Authentication, reset their password using the self-service password reset, or blocking until an administrator takes action.

20. Azure AD Privileged Identity Management (PIM) 

Azure AD Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization.