First complete theory then videos

Video learning check -Saturday(185 questions)

Az practice teston pluralsight- Sunday(185 questions)

Actual azure practice test- mondaay (185 questions)

Cost goes into Capex instead of opex

Scalable environments only care about increasing capacity to accommodate an increasing workload.
Elastic environments care about being able to meet current demands without under/over
provisioning, in an autonomic fashion.
Microsoft Azure Services and Concepts

ITPAC – IT pre-assembled component- part of the data center preassembled

Azure CLI

Az login – to open azure login page

Az resource list – to get all resource list

In VM, Selecting an image means os or software
Local station – download docker and then user container

On premises – host on hardware or virtual server.

VM in Azure – host on VM in azure

Azure container instance – host when need to run simple applications

Azure Resourcee Group is a logical container which help to gather all resources together.

ARM-Azure Resource Manager is an abstraction layer that provide interaction to azure portal, cli or
powershell and resources.
Application Gateway is a public traffic load balancer.
Application Gateway used as a load balancer for VM here.
DSA is a feature of CDM.
Azure Services

VM-Virtual machines are software emulations of physical computers. They include a virtual
processor, memory, storage, and networking resources.

This ability is helpful when you're running custom software or custom hosting configurations.
Virtual machine scale set- Virtual machine scale sets are an Azure compute resource that you
can use to deploy and manage a set of identical VMs. With all VMs configured the same, virtual
machine scale sets are designed to support true autoscale. Virtual machine scale sets let you
create and manage a group of identical, load-balanced VMs. 

Containers-Container Instances and Azure Kubernetes Service are Azure compute resources that

you can use to deploy and manage containers. Containers are lightweight, virtualized
application environments.

App Service - you can quickly build, deploy, and scale enterprise-grade web, mobile, and API
apps running on any platform. Its is paas.

App Service enables you to build and host web apps, background jobs, mobile back-ends, and
RESTful APIs in the programming language of your choice without managing infrastructure. It
offers automatic scaling and high availability.

Types of App Service

 Web apps-App Service includes full support for hosting web apps by using
ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python.
 Container – Can deploy container using app service. 
 API apps - can build REST-based web APIs by using your choice of language and
framework.
 WebJobs- WebJobs are often used to run background tasks as part of your
application logic.
 Mobile apps -  quickly build a back end for iOS and Android apps
Functions- Functions are ideal when you're concerned only about the code running your service
and not the underlying platform or infrastructure. 

 VMs are an ideal choice when you need:

 Total control over the operating system (OS).

 The ability to run custom software.
 To use custom hosting configurations.
Selecting an image is one of the most important decisions you'll make when you create a VM.
An image is a template used to create a VM. These templates already include an OS and often
other software, like development tools or web hosting environments.

VM scale set can be used to create multiple VM's based on the business requirement and,

Also, Azure batch is also used to execute job in multiple VM's

Container vs VM
VM is used to virtualized hardware(complete control) and Container is a virtualized environment
are managed through container orchestrator.

Azure Container Instances offers the fastest and simplest way to run a container in Azure
without having to manage any virtual machines or adopt any additional services.

Azure Kubernetes Service

The task of automating, managing, and interacting with a large number of containers is
known as orchestration. Azure Kubernetes Service is a complete orchestration service for
containers with distributed architectures and large volumes of containers.

Containers are often used to create solutions by using a microservice architecture. This
architecture is where you break solutions into smaller, independent pieces. For example,
you might split a website into a container hosting your front end, another hosting your
back end, and a third for storage. This split allows you to separate portions of your app
into logical sections that can be maintained, scaled, or updated independently.

Imagine your website back-end has reached capacity but the front end and storage
aren't being stressed. You could:

 Scale the back end separately to improve performance.

 Decide to use a different storage service.
 Replace the storage container without affecting the rest of the application.

What is a microservice?

Microservice is simplify application by developing each module of application

independently.

Serverless Computing

Serverless computing is the abstraction of servers, infrastructure, and operating systems. With

serverless computing, Azure takes care of managing the server infrastructure and the allocation
and deallocation of resources based on demand. Infrastructure isn't your responsibility

Serverless computing includes the abstraction of servers, an event-driven scale, and micro-
billing:

Azure has two implementations of serverless compute:

  Azure Functions: Functions can execute code in almost any modern
language.
 Azure Logic Apps: Logic apps are designed in a web-based
designer(Workflow) and can execute logic triggered by Azure services
without writing any code.

Functions can be either stateless or stateful. When they're stateless (the default), they behave as
if they're restarted every time they respond to an event. When they're stateful (called Durable
Functions), a context is passed through the function to track prior activity.

Azure Virtual Desktop

Azure Virtual Desktop on Azure is a desktop and application virtualization service that runs on
the cloud. It enables your users to use a cloud-hosted version of Windows from any location.
Azure Virtual Desktop works across devices like Windows, Mac, iOS, Android, and Linux.

This client could either be a native application on the device or the Azure Virtual
Desktop HTML5 web client.

You can make sure your session host virtual machines (VMs) run near apps and services
that connect to your datacenter or the cloud. This way your users stay productive and
don't encounter long load times.

User sessions are isolated in both single and multi-session environments.

Reduce cost by buying licenses for app and paying for year to save 72 percent.

Exploring Azure networking Services

Azure virtual networks enable Azure resources, such as VMs, web apps, and databases,
to communicate with each other, with users on the internet, and with your on-premises
client computers. You can think of an Azure network as a set of resources that links
other Azure resources.

Azure virtual networks provide the following key networking capabilities:

 Isolation and segmentation-Virtual Network allows you to create multiple

isolated virtual networks. When you set up a virtual network, you define a private
IP address space by using either public or private IP address ranges. You can divide
that IP address space into subnets and allocate part of the defined address space
to each named subnet.
  Internet communications- A VM in Azure can connect to the internet by default.
You can enable incoming connections from the internet by defining a public IP
address or a public load balancer.
 Communicate between Azure resources using virtual network or security
endpoint.
 Communicate with on-premises resources – this can be done in 3 ways:
1.point to site VPN - a virtual private network (VPN) connection is from a
computer outside your organization, back into your corporate network.
2. site to site VPN - A site-to-site VPN links your on-premises VPN device or
gateway to the Azure VPN gateway in a virtual network.
3. Azure Express Route – for higher bandwidth.
 Route can control routing in 2 ways:
Route tables A route table allows you to define rules about how traffic should be
directed. You can create custom route tables that control how packets are routed
between subnets.
Border Gateway Protocol Border Gateway Protocol (BGP) works with Azure VPN
gateways or ExpressRoute to propagate on-premises BGP routes to Azure virtual
networks.

 Filter network traffic – 2 approach:

1. Network security group - A network security group is an Azure resource that
can contain multiple inbound and outbound security rules.
2. Network virtual appliances – to handle certain task such as running firewall.
 Connect virtual networks - You can link virtual networks together by using virtual
network peering. Peering enables resources in each virtual network to
communicate with each other. These virtual networks can be in separate regions,
which allows you to create a global interconnected network through Azure.

VPN Gateway

A VPN gateway is a type of virtual network gateway. Azure VPN Gateway instances are
deployed in Azure Virtual Network instances and enable the following connectivity:

 Connect on-premises datacenters to virtual networks through a site-to-

site connection.
 Connect individual devices to virtual networks through a point-to-
site connection.
 Connect virtual networks to other virtual networks through a network-to-
network connection.
you can deploy only one VPN gateway in each virtual network, but you can use one gateway to
connect to multiple locations, which includes other virtual networks or on-premises datacenters.

When you deploy a VPN gateway, you specify the VPN type: either policy-based or route-based.
The main difference between these two types of VPNs is how traffic to be encrypted is specified.

Policy-based VPN gateways specify statically the IP address of packets that should be encrypted
through each tunnel. This type of device evaluates every data packet against those sets of IP
addresses to choose the tunnel where that packet is going to be sent through.

With route-based gateways, IPSec tunnels are modeled as a network interface or virtual tunnel
interface. IP routing (either static routes or dynamic routing protocols) decides which one of
these tunnel interfaces to use when sending each packet.

Hight Availability Scenario of VPN

Active/Standby -By default, VPN gateways are deployed as two instances in an active/standby
configuration, even if you only see one VPN gateway resource in Azure. When planned
maintenance or unplanned disruption affects the active instance, the standby instance
automatically assumes responsibility for connections without any user intervention.
Active/Active-In this configuration, you assign a unique public IP address to each instance. You
then create separate tunnels from the on-premises device to each IP address.

Expressroute Scenario-. In high-availability scenarios, where there's risk associated with an

outage of an ExpressRoute circuit, you can also provision a VPN gateway that uses the internet
as an alternative method of connectivity. In this way, you can ensure there's always a connection
to the virtual networks.

Zone-redundant Gateways- Deploying gateways in Azure availability zones physically and

logically separates gateways within a region while protecting your on-premises network
connectivity to Azure from zone-level failures. These gateways require different gateway SKUs
and use Standard public IP addresses instead of Basic public IP addresses.

Expressroute way-

ExpressRoute provides Layer 3 (address-level) connectivity between your on-premises network

and the Microsoft cloud through connectivity partners. These connections can be from a point-
to-point or any-to-any network. They can also be virtual cross-connections through an
exchange.

Benefits –

Built in redundancy-Each connectivity provider uses redundant devices to ensure that

connections established with Microsoft are highly available.

Connectivity to Microsoft cloud services such as m365,database

Dynamic routing-ExpressRoute uses the Border Gateway Protocol (BGP) routing protocol. BGP is
used to exchange routes between on-premises networks and resources running in Azure. 

Across on-premises connectivity using expressroute global reach-You can enable ExpressRoute
Global Reach to exchange data across your on-premises sites by connecting your ExpressRoute
circuits. For example, assume that you have a private datacenter in California connected to
ExpressRoute in Silicon Valley. You have another private datacenter in Texas connected to
ExpressRoute in Dallas. With ExpressRoute Global Reach, you can connect your private
datacenters through two ExpressRoute circuits. Your cross-datacenter traffic will travel through
the Microsoft network.

ExpressRoute Connectivity Model

Colocation - For example, if your datacenter is co -located at a cloud exchange such as an ISP,
you can request a virtual cross-connection to the Microsoft cloud.
Point to point-Point-to-point connections provide Layer 2 and Layer 3 connectivity between
your on-premises site and Azure. You can connect your offices or datacenters to Azure by using
the point-to-point links. 

Any to Any network - With any-to-any connectivity, you can integrate your wide area network
(WAN) with Azure by providing connections to your offices and datacenters.

 ExpressRoute is a private connection from your on-premises infrastructure to your Azure

infrastructure. Even if you have an ExpressRoute connection, DNS queries, certificate revocation
list checking, and Azure Content Delivery Network requests are still sent over the public internet.

Expressroute provide private connectivity without encryption.

Explore Azure Storage Services

Disk Storage -Disk Storage provides disks for Azure virtual machines. Applications and other
services can access and use these disks as needed, similar to how they would in on-premises
scenarios. 

Blob storage-Azure Blob Storage is an object storage solution for the cloud. It can store
massive amounts of data, such as text or binary data. Azure Blob Storage is
unstructured, meaning that there are no restrictions on the kinds of data it can hold.
Blob Storage can manage thousands of simultaneous uploads, massive amounts of
video data, constantly growing log files, and can be reached from anywhere with an
internet connection.

Blob Storage is ideal for:

 Serving images or documents directly to a browser.

 Storing files for distributed access.
 Streaming video and audio.
 Storing data for backup and restore, disaster recovery, and archiving.
 Storing data for analysis by an on-premises or Azure-hosted service.
 Storing up to 8 TB of data for virtual machines.

Azure File Storage

Azure Files offers fully managed file shares in the cloud that are accessible via the industry
standard Server Message Block and Network File System (preview) protocols
Server message Block Protocol(SMB)

One thing that distinguishes Azure Files from files on a corporate file share is that you can
access the files from anywhere in the world, by using a URL that points to the file.

Azure Storage offers different access tiers for your blob storage, helping you store
object data in the most cost-effective manner. The available access tiers include:

 Hot access tier: Optimized for storing data that is accessed frequently (for
example, images for your website).
 Cool access tier: Optimized for data that is infrequently accessed and
stored for at least 30 days (for example, invoices for your customers).
 Archive access tier: Appropriate for data that is rarely accessed and stored
for at least 180 days, with flexible latency requirements (for example, long-
term backups). Archive storage stores data offline and offers the lowest
storage costs, but also the highest costs to rehydrate and access data.
 Azure DB Services

Azure cosmoDB - Azure Cosmos DB is a globally distributed, multi-model database

service. You can elastically and independently scale throughput and storage across any
number of Azure regions worldwide. You can take advantage of fast, single-digit-
millisecond data access by using any one of several popular APIs. Azure Cosmos DB
provides comprehensive service level agreements for throughput, latency, availability,
and consistency guarantees.

Azure Cosmos DB supports schema-less data, which lets you build highly responsive and
"Always On" applications to support constantly changing data. You can use this feature
to store data that's updated and maintained by users around the world.
Azure SQL database

Azure SQL Database is a relational database based on the latest stable version of the Microsoft
SQL Server database engine. SQL Database is a high-performance, reliable, fully managed, and
secure database. You can use it to build data-driven applications and websites in the
programming language of your choice, without needing to manage infrastructure.

You can migrate your existing SQL Server databases with minimal downtime by using
the Azure Database Migration Service.

MySql DB
Azure Database for MySQL offers several service tiers, and each tier provides different
performance and capabilities to support lightweight to heavyweight database workloads. You
can build your first app on a small database for a few dollars a month, and then adjust the scale
to meet the needs of your solution. Dynamic scalability enables your database to transparently
respond to rapidly changing resource requirements. You only pay for the resources you need,
and only when you need them.

 Built-in high availability with no additional cost.

 Predictable performance and inclusive, pay-as-you-go pricing.
 Scale as needed, within seconds.
 Ability to protect sensitive data at-rest and in-motion.
 Automatic backups.
 Enterprise-grade security and compliance.

Sql- Microsoft sql server RDBMS

Mysql – open source RDBMS

PostgreySQL

Azure Database for PostgreSQL is a relational database service in the cloud. The server software
is based on the community version of the open-source PostgreSQL database engine.
Azure Database for PostgreSQL delivers the following benefits:

 Built-in high availability compared to on-premises resources. There's no

additional configuration, replication, or cost required to make sure your
applications are always available.
 Simple and flexible pricing. You have predictable performance based on a
selected pricing tier choice that includes software patching, automatic
backups, monitoring, and security.
 Scale up or down as needed, within seconds. You can scale compute or
storage independently as needed, to make sure you adapt your service to
match usage.
 Adjustable automatic backups and point-in-time-restore for up to 35 days.
 Enterprise-grade security and compliance to protect sensitive data at-rest
and in-motion. This security covers data encryption on disk and SSL
encryption between client and server communication.

Azure Database for PostgreSQL is available in two deployment options: Single

Server and Hyperscale (Citus).

On both option same benefits but in single server vertical scaling only. Hyperscale used for
process data more than 100 GB.

Azure sql managed instances

Azure SQL Managed Instance is a scalable cloud data service that provides the broadest SQL
Server database engine compatibility with all the benefits of a fully managed platform as a
service. Depending on your scenario, Azure SQL Managed Instance might offer more options for
your database needs.

A collation defines bit patterns that represent each character in metadata of database. SQL
Server supports storing objects that have different collations in database.

 several of their databases use Cyrillic characters for collation. In this scenario, Tailwind Traders
should migrate their databases to an Azure SQL Managed Instance, since Azure SQL Database
only uses the default SQL_Latin1_General_CP1_CI_AS server collation.
Migration from sql server to sql managed instances.

Big data and Analytics

Microsoft Azure supports a broad range of technologies and services to provide big data and
analytic solutions, including Azure Synapse Analytics, Azure HDInsight, Azure Databricks, and
Azure Data Lake Analytics.

Azure Synapse Analytics (formerly Azure SQL Data Warehouse) is a limitless analytics service that
brings together enterprise data warehousing and big data analytics. You can query data on your
terms by using either serverless or provisioned resources at scale.

Azure HDInsight is a fully managed, open-source analytics service for enterprises. It's a cloud
service that makes it easier, faster, and more cost-effective to process massive amounts of data.
You can run popular open-source frameworks and create cluster types such as Apache
Spark, Apache Hadoop, Apache Kafka, Apache HBase, Apache Storm, and Machine Learning
Services.

Azure Databricks helps you unlock insights from all your data and build artificial intelligence
solutions. Support programing languages and framework.

Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data. Instead
of deploying, configuring, and tuning hardware, you write queries to transform your data and
extract valuable insights

 Azure Database for MySQL is the logical choice for existing LAMP stack applications.

Explore Azure IOT Service

Azure IoT Hub is a managed service that's hosted in the cloud and that acts as a central
message hub for bi-directional communication between your IoT application and the devices it
manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure
communications between millions of IoT devices and a cloud-hosted solution back end. You can
connect virtually any device to your IoT hub.

Azure IoT Central builds on top of IoT Hub by adding a dashboard that allows you to connect,
monitor, and manage your IoT devices.

A key part of IoT Central is the use of device templates. By using a device template, you can
connect a device without any service-side coding. IoT Central uses the templates to construct
the dashboards, alerts, and so on. Device developers still need to create code to run on the
devices, and that code must match the device template specification.

Azure Sphere ensures a secure channel of communication between the device and
Azure by controlling everything from the hardware to the operating system and the
authentication process.Azure Sphere comes in three parts:

 The first part is the Azure Sphere micro-controller unit (MCU), which is
responsible for processing the operating system and signals from attached
sensors.

 The second part is a customized Linux operating system (OS) that handles
communication with the security service and can run the vendor's software.

 The third part is Azure Sphere Security Service, also known as AS3. Its job is to
make sure that the device has not been maliciously compromised. 

IoT Central integrates with many different Azure products, including IoT Hub, to
create a dashboard with reports and management features. The dashboard is based
on starter templates for common industry and usage scenarios. You can use the
dashboard that's generated by the starter template as is or customize it to suit your
needs. You can have multiple dashboards and target them at a variety of users.

Which service for which product

When security is a critical consideration in your product's design, the best product option is
Azure Sphere, which provides a comprehensive end-to-end solution for IoT devices.

For reporting only IOT hub is sufficient.

If Tailwind Traders uses IoT Central, the company would actually be using an IoT hub that's
preconfigured for its specific needs by the Connected Logistics starter template. Otherwise, the
company would need to do a lot of custom development to build its own cloud-based
dashboards and management systems on top of Azure IoT Hub.

if you want a pre-built customizable user interface with which you can view and control your
devices remotely, you might prefer to start with IoT Central. With this solution, you can control a
single device or all devices at once, and you can set up alerts for certain conditions, such as a
device failure.

Explore Azure AI Services

A goal of AI is to create a software system that's able to adapt, or learn something on its
own without being explicitly programmed to do it.

There are two basic approaches to AI. The first is to employ a deep learning system
that's modeled on the neural network of the human mind, enabling it to discover, learn,
and grow through experience.

The second approach is machine learning, a data science technique that uses existing
data to train a model, test it, and then apply the model to new data to forecast future
behaviors, outcomes, and trends.

 Familiarity with the following additional concepts:

o Web API: An API that's accessible from servers that accept
requests via HTTP.
o Web API endpoint: The location of the code library.
o REST API: The design of the URL style that's used to expose the
API's functionality.

Azure Machine Learning is a platform for making predictions. It consists of tools and services
that allow you to connect to data to train and test models to find one that will most accurately
predict a future result. After you've run experiments to test the model, you can deploy and use it
in real time via a web API endpoint.

 Create a process that defines how to obtain data, how to handle missing or
bad data, how to split the data into either a training set or test set, and
deliver the data to the training process.
 Train and evaluate predictive models by using tools and programming
languages familiar to data scientists.
 Create pipelines that define where and when to run the compute-intensive
experiments that are required to score the algorithms based on the training
and test data.
  Deploy the best-performing algorithm as an API to an endpoint so it can be
consumed in real time by other applications.

Azure Cognitive Services provides prebuilt machine learning models that enable applications to
see, hear, speak, understand, and even begin to reason. Use Azure Cognitive Services to solve
general problems, such as analyzing text for emotional sentiment or analyzing images to
recognize objects or faces. You don't need special machine learning or data science knowledge
to use these services. Developers access Azure Cognitive Services via APIs and can easily include
these features in just a few lines of code

Azure Cognitive Services can be divided into the following categories:

 Language services: Allow your apps to process natural language with

prebuilt scripts, evaluate sentiment, and learn how to recognize what users
want.
 Speech services: Convert speech into text and text into natural-sounding
speech. Translate from one language to another and enable speaker
verification and recognition.
 Vision services: Add recognition and identification capabilities when you're
analyzing pictures, videos, and other visual content.
 Decision services: Add personalized recommendations for each user that
automatically improve each time they're used, moderate content to monitor
and remove offensive or risky content, and detect abnormalities in your
time series data.

Azure Bot Service and Bot Framework are platforms for creating virtual agents that understand
and reply to questions just like a human. Azure Bot Service is a bit different from Azure Machine
Learning and Azure Cognitive Services in that it has a specific use case. 

 Power Virtual Agents integrates with Microsoft Power Platform so that you can use hundreds of
prebuilt connectors for data input. You can extend Power Virtual Agents by building custom
workflows with Power Automate, and if you feel that the out-of-the-box experience is too
limiting, you can still build more complex interactions with Microsoft Bot Framework.

In serverless computing we don’t need to woory about deployment and infra.

Azure DevOps Services

Azure DevOps Services is a suite of services that address every stage of the software
development lifecycle.
  Azure Repos is a centralized source-code repository where software
development, DevOps engineering, and documentation professionals can
publish their code for review and collaboration.
 Azure Boards is an agile project management suite that includes Kanban
boards, reporting, and tracking ideas and work from high-level epics to
work items and issues.
 Azure Pipelines is a CI/CD pipeline automation tool.
 Azure Artifacts is a repository for hosting artifacts, such as compiled source
code, which can be fed into testing or deployment pipeline steps.
 Azure Test Plans is an automated test tool that can be used in a CI/CD
pipeline to ensure quality before a software release.

Azure DevOps is a mature tool with a large feature set that began as on-premises server
software and evolved into a software as a service (SaaS) offering from Microsoft.

Github and Github actions

it is a decentralized source-code management tool, and GitHub is a hosted version of Git that
serves as the primary remote. GitHub builds on top of Git to provide related services for
coordinating work, reporting and discussing issues, providing documentation, and more.

It offers the following functionality:

 It's a shared source-code repository, including tools that enable developers

to perform code reviews by adding comments and questions in a web view
of the source code before it can be merged into the main code base.
 It facilitates project management, including Kanban boards.
 It supports issue reporting, discussion, and tracking.
 It features CI/CD pipeline automation tooling.
 It includes a wiki for collaborative documentation.
 It can be run from the cloud or on-premises

GitHub is a lighter-weight tool than Azure DevOps, with a focus on individual developers
contributing to the open-source code. Azure DevOps, on the other hand, is more focused on
enterprise development, with heavier project-management and planning tools, and finer-
grained access control.

Azure DevTest Labs

Azure DevTest Labs provides an automated means of managing the process of building, setting
up, and tearing down virtual machines (VMs) that contain builds of your software projects. 
Suppose you need to test a new feature on an old version of an operating system. Azure
DevTest Labs can set up everything automatically upon request. After the testing is
complete, DevTest Labs can shut down and deprovision the VM, which saves money
when it's not in use. To control costs, the management team can restrict how many labs
can be created, how long they run, and so on.

GitHub works on a simple model of read/write permissions to every feature. Meanwhile, Azure
DevOps has a much more granular set of permissions that allow organizations to refine who is
able to perform most operations across the entire toolset.

First, does Tailwind Traders need to automate and manage test lab creation? No. So, in
this scenario, Azure DevTest Labs is not a candidate, because it isn't intended for this
specific use case.

Second, is Tailwind Traders building open-source software? Though it's not stated
specifically, Tailwind Traders is building internal and external systems, such as their e-
commerce system, which isn't open source. So that isn't a consideration in this scenario.

Third, what level of granularity does Tailwind Traders need for permissions? Earlier, we
stated that Tailwind Traders will hire temporary employees and vendors for short-term
work, which makes a granular permissions requirement an important consideration for
upper management. Based on our description in the preceding unit, this feature would
make Azure DevOps a leading candidate. By using Azure DevOps, Tailwind Traders
administrators would also have a more robust set of options for controlling permissions
across the entire portfolio of work.

Fourth, does Tailwind Traders require a sophisticated project management and

reporting solution? Yes, robust project management and reporting features are one of
the primary considerations. Here again, because of the amount of work-item
customization and reporting the management team wants, Azure DevOps would likely
be a good choice.

Fifth, does Tailwind Traders require tight integration with any third-party DevOps tools?
Tool integration was not listed as a primary consideration for this scenario. As you
learned in the preceding unit, most third-party DevOps tools integrate with both Azure
DevOps and GitHub, which makes it likely that the team will find the tools it needs.

Azure Pipelines is a CI/CD tool for building an automated toolchain. It lacks features to
assign tasks for individual developers to work on. However, it can automate other tools to
assign tasks to users.
 This approach to managing hardware and cloud resources, which developers use when they
write application code, is referred to as infrastructure as code.

There are two approaches to infrastructure as code: imperative code and declarative code.

Imperative code details each individual step that should be performed to achieve a desired
outcome. By contrast, declarative code details only a desired outcome, and it allows an
interpreter to decide how to best achieve that outcome. This distinction is important because
tools that are based on declarative code can provide a more robust approach to deploying
dozens or hundreds of resources simultaneously and reliably.

Azure powershell – used becoz it allows to interact with

ARM template is used when you need to deploy service which are interconnected as it provide
more access to cloud environment.

The Azure mobile app provides iOS and Android access to your Azure resources when you're
away from your computer.

Azure Powershell

Azure PowerShell is a shell with which developers and DevOps and IT professionals can execute
commands called cmdlets

Cmdlets can be executed independently or combined into a script file and executed
together to orchestrate:

 The routine setup, teardown, and maintenance of a single resource or

multiple connected resources.
 The deployment of an entire infrastructure, which might contain dozens or
hundreds of resources, from imperative code.

Azure powershell vs cli

 the Azure CLI is almost identical to Azure PowerShell in what you can do with it. Both run on
Windows, Linux, and Mac, and can be accessed in a web browser via Cloud Shell and both call
rest API to perform even a single function. The primary difference is the syntax you use. If you're
already proficient in PowerShell or Bash, you can use the tool you prefer.

Azure Resource Manager templates (ARM templates), you can describe the resources you want
to use in a declarative JSON format. 

ARM templates define your application's infrastructure requirements for a repeatable

deployment that is done in a consistent manner.
to view data visually and create custom reports during the meeting, the Azure portal is the best
choice.

Cloud Monitoring Product Options

Azure Advisor evaluates your Azure resources and makes recommendations to help improve
reliability, security, and performance, achieve operational excellence, and reduce costs.

Azure Monitor is a platform for collecting, analyzing, visualizing, and potentially taking action
based on the metric and logging data from your entire Azure and on-premises environment.

IT’s used when you know the error but you want to know the cause of error.

Azure Service Health provides a personalized view of upcoming downtime events in advance.

After an outage, Service Health provides official incident reports, called root cause analyses
(RCAs), which you can share with stakeholders.

First, in this scenario, does Tailwind Traders need to analyze its Azure usage for the sake
of optimization? No, so Azure Advisor isn't a candidate for this scenario.

Second, does Tailwind Traders want to monitor the health of Azure services that affect
all customers or the resources deployed on Azure? In this scenario, the requirement is to
stay abreast of upcoming planned downtime. Additionally, the team wants to capture
official incident reports. For this reason, Azure Service Health is the strongest candidate
to choose for this scenario.
Although it's likely that you would choose Azure Service Health, let's continue
evaluating the remaining decision criteria.

Third, in this scenario, does Tailwind Traders want to measure custom events alongside
other usage metrics? No, measuring custom events isn't mentioned as a requirement
and isn't a consideration in this scenario.

Fourth, in this scenario, does Tailwind Traders want to set up alerts for outages or when
autoscaling is about to deploy new instances? Setting up alerts for outages is a
requirement in this scenario, but creating alerts for other events such as autoscaling are
not in scope. Use Azure Service Health to set up alerts that are specific to Azure outages
that affect all Azure customers. Use Azure Monitor to set up alerts for outages and other
events that affect only your specific resources.

Azure Monitor is the platform used by Application Insights.

Azure Security Center is a monitoring service that provides visibility of your security posture
across all of your services, both on Azure and on-premises. The term security posture refers to
cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to
security threats.

Security Center can:

 Monitor security settings across on-premises and cloud workloads.

 Automatically apply required security settings to new resources as they
come online.
 Provide security recommendations that are based on your current
configurations, resources, and networks.
 Continuously monitor your resources and perform automatic security
assessments to identify potential vulnerabilities before those vulnerabilities
can be exploited.
 Use machine learning to detect and block malware from being installed on
your virtual machines (VMs) and other resources. You can also use adaptive
application controls to define rules that list allowed applications to ensure
that only applications you allow can run.
 Detect and analyze potential inbound attacks and investigate threats and
any post-breach activity that might have occurred.
 Provide just-in-time access control for network ports. Doing so reduces your
attack surface by ensuring that the network only allows traffic that you
require at the time that you need it to.
Secure score is a measurement of an organization's security posture.
The more security controls you satisfy, the higher the score you receive.

Workflow automation uses Azure Logic Apps and Security Center connectors. The logic app can
be triggered by a threat detection alert or by a Security Center recommendation, filtered by
name or by severity. You can then configure the logic app to run an action, such as sending an
email, or posting a message to a Microsoft Teams channel.

Resource security hygnie help to prioritize recommendations.

 Adaptive network hardening

Security Center can monitor the internet traffic patterns of the VMs, and
compare those patterns with the company's current network security group
(NSG) settings. From there, Security Center can make recommendations
about whether the NSGs should be locked down further and provide
remediation steps.

 File integrity monitoring

Tailwind Traders can also configure the monitoring of changes to important

files on both Windows and Linux, registry settings, applications, and other
aspects that might indicate a security attack.

security information and event management (SIEM) system. A SIEM system aggregates
security data from many different sources (as long as those sources support an open-
standard logging format). It also provides capabilities for threat detection and response.

Azure Sentinel is Microsoft's cloud-based SIEM system. It uses intelligent security

analytics and threat analysis.

Azure Sentinel enables you to:

 Collect cloud data at scale

Collect data across all users, devices, applications, and infrastructure, both
on-premises and from multiple clouds.

Connect the data sources using 3 option:

Microsoft solution- between azure and on premises using azure ad

Microsoft and other solution

Connect the industry standard data sources

  Detect previously undetected threats

Minimize false positives by using Microsoft's comprehensive analytics and

threat intelligence.

Two approach to achieve:

Built in analytics use templates designed by Microsoft's team of security

experts and analysts based on known threats, common attack vectors, and
escalation chains for suspicious activity.

Custom analytics are rules that you create to search for specific criteria
within your environment.

 Investigate threats with artificial intelligence

Examine suspicious activities at scale, tapping into years of cybersecurity

experience from Microsoft.

 Azure Monitor Workbooks to automate responses to threats. For example, it can set an
alert that looks for malicious IP addresses that access the network and create a
workbook that does the following steps:

1. When the alert is triggered, open a ticket in the IT ticketing system.

2. Send a message to the security operations channel in Microsoft Teams or Slack to
make sure the security analysts are aware of the incident.
3. Send all of the information in the alert to the senior network admin and to the
security admin. The email message includes two user option
buttons: Block or Ignore.

When an admin chooses Block, the IP address is blocked in the firewall, and the user is
disabled in Azure Active Directory. When an admin chooses Ignore, the alert is closed in
Azure Sentinel, and the incident is closed in the IT ticketing system.

 Respond to incidents rapidly

Use built-in orchestration and automation of common tasks.

The workbook continues to run after it receives a response from the admins.

Workbooks can be run manually or automatically when a rule triggers an alert.

Azure Key Vault is a centralized cloud service for storing an application's secrets in a
single, central location. It provides secure access to sensitive information by providing
access control and logging capabilities.

What can Azure Key Vault do?

Azure Key Vault can help you:

 Manage secrets

You can use Key Vault to securely store and tightly control access to tokens,
passwords, certificates, API keys, and other secrets.

 Manage encryption keys

You can use Key Vault as a key management solution. Key Vault makes it
easier to create and control the encryption keys that are used to encrypt
your data.

 Manage SSL/TLS certificates

Key Vault enables you to provision, manage, and deploy your public and
private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates
for both your Azure resources and your internal resources.

 Store secrets backed by hardware security modules (HSMs)

These secrets and keys can be protected either by software or by FIPS 140-2
Level 2 validated HSMs.

Key vault script contain password secrets

az keyvault secret show \

--name MyPassword \

--vault-name my-keyvault-nnnnnnn1 \
 --query value \

--output tsv

Host VM on Dedicated Server

Here's a diagram that shows how VMs relate to dedicated hosts and host groups.
A dedicated host is mapped to a physical server in an Azure datacenter. A host group is a
collection of dedicated hosts.

Secure Network Connectivity on the azure

A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that
aims at acquiring unauthorized access to data.

The objective of defense in depth is to protect information and prevent it from being
stolen by those who aren't authorized to access it.

a brief overview of the role of each layer:

 The physical security layer is the first line of defense to protect computing

hardware in the datacenter.
 The identity and access layer controls access to infrastructure and change
control.
 The perimeter layer uses distributed denial of service (DDoS) protection to
filter large-scale attacks before they can cause a denial of service for users.
 The network layer limits communication between resources through
segmentation and access controls.
 The compute layer secures access to virtual machines.
 The application layer helps ensure that applications are secure and free of
security vulnerabilities.
 The data layer controls access to business and customer data that you need
to protect.
Azure Application Gateway also provides a firewall that's called the web application
firewall (WAF). WAF provides centralized, inbound protection for your web applications against
common exploits and vulnerabilities. 

Azure Firewall:

With Azure Firewall, you can configure:

 Application rules that define fully qualified domain names (FQDNs) that can
be accessed from a subnet.
 Network rules that define source address, protocol, destination port, and
destination address.
 Network Address Translation (NAT) rules that define destination IP
addresses and ports to translate inbound requests.

DDos protection
DDoS Protection identifies the attacker's attempt to overwhelm the network and
blocks further traffic from them, ensuring that traffic never reaches Azure
resources. Legitimate traffic from customers still flows into Azure without any
interruption of service.

DDOS Protection provides 2 tier:

Basic-The Basic service tier is automatically enabled for free as part of your Azure
subscription.

Always-on traffic monitoring and real-time mitigation of common network-level attacks

provide the same defenses that Microsoft's online services use. The Basic service tier
ensures that Azure infrastructure itself is not affected during a large-scale DDoS attack.

Standard- The Standard service tier provides additional mitigation capabilities that are tuned
specifically to Azure Virtual Network resources.
 DDOS protection protect from volume arrack, protocol attack and resource layer attack.

A network security group enables you to filter network traffic to and from Azure resources
within an Azure virtual network. You can think of NSGs like an internal firewall. 

NSG properties:

operty Description
me A unique name for the NSG.
ority A number between 100 and 4096. Rules are processed in priority order, with lower numbers
processed before higher numbers.
urce or A single IP address or IP address range, service tag, or application security group.
stination
otocol TCP, UDP, or Any.
ection Whether the rule applies to inbound or outbound traffic.
rt Range A single port or range of ports.
tion Allow or Deny.
A network security group rule enables you to filter traffic to and from resources by source
and destination IP address, port, and protocol.

Secure ACCESS

Azure Active Directory (Azure AD) provides identity services that enable your users to sign in
and access both Microsoft cloud applications and cloud applications that you develop

Azure AD is for:

 IT administrators

Administrators can use Azure AD to control access to applications and

resources based on their business requirements.

 App developers

Developers can use Azure AD to provide a standards-based approach for

adding functionality to applications that they build, such as adding SSO
functionality to an app or enabling an app to work with a user's existing
credentials.
  Users

Users can manage their identities. For example, self-service password reset
enables users to change or reset their password with no involvement from
an IT administrator or help desk.

 Online service subscribers

Microsoft 365, Microsoft Office 365, Azure, and Microsoft Dynamics CRM
Online subscribers are already using Azure AD.

A tenant is a representation of an organization. A tenant is typically

separated from other tenants and has its own identity.

Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is
automatically an Azure AD tenant.

Azure AD provides the services such as

Authentication, Single sign on, Application management, Device Management.

Azure AD helps users access both external and internal resources.

External resources might include Microsoft Office 365, the Azure portal, and thousands
of other software as a service (SaaS) applications.

Internal resources might include apps on your corporate network and intranet, along
with any cloud applications developed within your organization.
Multifactor authentication is a process where a user is prompted during the sign-in process for
an additional form of identification. Examples include a code on their mobile phone or a
fingerprint scan.

These elements fall into three categories:

 Something the user knows-This might be an email address and password.

 Something the user has-This might be a code that's sent to the user's
mobile phone.
 Something the user is-This is typically some sort of biometric property, such
as a fingerprint or face scan that's used on many mobile devices.

 To use Conditional Access, you need an Azure AD Premium P1 or P2 license. If

you have a Microsoft 365 Business Premium license, you also have access to
Conditional Access features.

Build Cloud Adoption Strategy

The Cloud Adoption Framework for Azure provides you with proven guidance to

help with your cloud adoption journey. The Cloud Adoption Framework helps you
create and implement the business and technology strategies needed to succeed
in the cloud.

Build Cloud Governance Strategy

The Cloud Adoption Framework helps you create and implement the business and technology
strategies needed to succeed in the cloud.
Define your strategy

Here, you answer why you're moving to the cloud and what you want to get out of
cloud migration. Do you need to scale to meet demand or reach new markets? Will it
reduce costs or increase business agility?

Here are the steps in this stage.

DEFIN

Define and document your motivations: Meeting with stakeholders and leadership can help you answer wh
cloud.

Document business outcomes: Meet with leadership from your finance, marketing, sales, and human resou
document your goals.

Develop a business case: Validate that moving to the cloud gives you the right return on investment (ROI) fo

Choose the right first project: Choose a project that's achievable but also shows progress toward your cloud

Make a plan

Here, you build a plan that maps your aspirational goals to specific actions. A good plan
helps ensure that your efforts map to the desired business outcomes.

Here are the steps in this stage.

Digital estate: Create an inventory of the existing digital assets and workloads that you plan to migrate to the cloud.

Initial organizational alignment: Ensure that the right people are involved in your migration efforts, both from a technica
standpoint as well as from a cloud governance standpoint.

Skills readiness plan: Build a plan that helps individuals build the skills they need to operate in the cloud.

Cloud adoption plan: Build a comprehensive plan that brings together the development, operations, and business teams
shared cloud adoption goal.

Ready your organization

Here, you create a landing zone, or an environment in the cloud to begin hosting your
workloads.

Here are the steps in this stage.

READY YOU

Azure setup guide: Review the Azure setup guide to become familiar with the tools and approaches you nee
landing zone.

Azure landing zone: Begin to build out the Azure subscriptions that support each of the major areas of your
 READY YOU

zone includes cloud infrastructure as well as governance, accounting, and security capabilities.

Expand the landing zone: Refine your landing zone to ensure that it meets your operations, governance, an

Best practices: Start with recommended and proven practices to help ensure that your cloud migration effo
maintainable.

Adopt the cloud

Here, you begin to migrate your applications to the cloud. Along the way, you might
find ways to modernize your applications and build innovative solutions that use cloud
services.

The Cloud Adoption Framework breaks this stage into two parts: migrate and innovate.

Migrate: Here are the steps in the migrate part of this stage.

Migrate your first workload: Use the Azure migration guide to deploy your first project to the cloud.

Migration scenarios: Use additional in-depth guides to explore more complex migration scenarios.
 A

Best practices: Check in with the Azure cloud migration best practices checklist to verify that you're following recommend
practices.

Process improvements: Identify ways to make the migration process scale while requiring less effort.

Innovate: Here are the steps in the innovate part of this stage.

Business value consensus: Verify that investments in new innovations add value to the business and meet c

Azure innovation guide: Use this guide to accelerate development and build a minimum viable product (MV

Best practices: Verify that your progress maps to recommended practices before you move forward.

Feedback loops: Check in frequently with your customers to verify that you're building what they need.
Govern and manage your cloud environments

Here, you begin to form your cloud governance and cloud management strategies. As
the cloud estate changes over time, so do cloud governance processes and policies. You
need to create resilient solutions that are constantly optimized.

Govern: Here are the steps in the govern part of this stage.

GOVERN AND MANAGE YOUR CLOU

Methodology: Consider your end state solution. Then define a methodology that incrementally takes you from your first
the way to full cloud governance.

Benchmark: Use the governance benchmark tool to assess your current state and future state to establish a vision for app
framework.

Initial governance foundation: Create an MVP that captures the first steps of your governance plan.

Improve the initial governance foundation: Iteratively add governance controls that address tangible risks as you progres
your end state solution.

Manage: Here are the steps in the manage part of this stage.
 GOVERN AND MANAGE YOUR CLOU

Establish a management baseline: Define your minimum commitment to operations management. A manag
minimum set of tools and processes that should be applied to every asset in an environment.

Define business commitments: Document supported workloads to establish operational commitments with
agree on cloud management investments for each workload.

Expand the management baseline: Apply recommended best practices to iterate on your initial managemen

Advanced operations and design principles: For workloads that require a higher level of business commitm
architecture review to deliver on your resiliency and reliability commitments.

Teams often start their Azure governance strategy at the subscription level. There are three main
aspects to consider when you create and manage subscriptions: billing, access control, and
subscription limits.

You can create one billing report per subscription. If you have multiple departments and need to
do a "chargeback" of cloud costs, one possible solution is to organize subscriptions by
department or by project.

A subscription is a deployment boundary for Azure resources. Every subscription is associated

with an Azure Active Directory tenant. Each tenant provides administrators the ability to set
granular access through defined roles by using Azure role-based access control.

Subscriptions also have some resource limitations. For example, the maximum number of
network Azure ExpressRoute circuits per subscription is 10. Those limits should be considered
during your design phase. If you'll need to exceed those limits, you might need to add more
subscriptions.

Azure Role based access control(RBAC)

When you grant access at a parent scope, those permissions are inherited by all child
scopes. For example:

 When you assign the Owner role to a user at the management group scope, that
user can manage everything in all subscriptions within the management group.
 When you assign the Reader role to a group at the subscription scope, the
members of that group can view every resource group and resource within the
subscription.
 When you assign the Contributor role to an application at the resource group
scope, the application can manage resources of all types within that resource
group, but not other resource groups within the subscription.
RBAC uses an allow model. When you're assigned a role, RBAC allows you to perform certain
actions, such as read, write, or delete. If one role assignment grants you read permissions to a
resource group and a different role assignment grants you write permissions to the same
resource group, you have both read and write permissions on that resource group.

A resource lock prevents resources from being accidentally deleted or changed

To view, add, or delete locks in the Azure portal, go to the Settings section of any

resource's Settings pane in the Azure portal.

Here's an example that shows how to add a resource lock from the Azure portal. You'll
apply a similar resource lock in the next part.
You can set the lock level to CanNotDelete or ReadOnly.

 CanNotDelete means authorized people can still read and modify a

resource, but they can't delete the resource without first removing the lock.
 ReadOnly means authorized people can read a resource, but they can't
delete or change the resource. Applying this lock is like restricting all
authorized users to the permissions granted by the Reader role in Azure
RBAC.

Although you didn't create a lock specifically for the storage account, the lock you created for
the parent resource group prevents you from deleting the resource. In other words, the storage
account inherits the lock from the parent resource group.

If we want to delete the resource group first we need to remove the lock

You can add, modify, or delete resource tags through PowerShell, the Azure CLI, Azure
Resource Manager templates, the REST API, or the Azure portal.

You can also manage tags by using Azure Policy. For example, you can apply tags to a
resource group, but those tags aren't automatically applied to the resources within that
resource group
Resource tags are another way to organize resources. Tags provide extra information, or
metadata, about your resources

Azure policy

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that
control or audit your resources. These policies enforce different rules and effects over your
resource configurations so that those configurations stay compliant with corporate standards.

For example, say you define a policy that allows only a certain stock-keeping unit (SKU) size of
virtual machines (VMs) to be used in your environment. After you enable this policy, that policy
is applied when you create new VMs or resize existing VMs. Azure Policy also evaluates any
current VMs in your environment.

Implementing a policy in Azure Policy involves these three steps:

1. Create a policy definition. – eg allow vm sku

2. Assign the definition to resources.-  A policy assignment is a policy definition
that takes place within a specific scope
3. Review the evaluation results.- Policy evaluation happens about once per hour.
If you make changes to your policy definition and create a policy assignment, that
policy is evaluated over your resources within the hour.
Azure policy initiatives -

An Azure Policy initiative is a way of grouping related policies into one set

Eg. Enable Monitoring in Azure Security Center initiative contains over 100 separate policy
definitions.

 an initiative assignment is an initiative definition that's assigned to a specific scope of a

management group, a subscription, or a resource group.
Implementing a blueprint in Azure Blueprints involves these three steps:

1. Create an Azure blueprint.

2. Assign the blueprint.
3. Track the blueprint assignments.

Each component in the blueprint definition is known as an artifact.

It is possible for artifacts to have no additional parameters (configurations). An
example is the Deploy threat detection on SQL servers policy, which requires
no additional configuration.

What happens when your cloud environment starts to grow beyond just one
subscription? How can you scale the configuration of these features, knowing
they need to be enforced for resources in new subscriptions?

Instead of having to configure features like Azure Policy for each new
subscription, with Azure Blueprints you can define a repeatable set of governance
tools and standard Azure resources that your organization requires
Privacy, Compliance and data protection standards

Microsoft privacy statement- The Microsoft Privacy Statement explains what personal data

Microsoft collects, how Microsoft uses it, and for what purposes.

The Online Services Terms (OST) is a legal agreement between Microsoft and the customer.

The Data Protection Addendum (DPA) further defines the data processing and security
terms for online services. These terms include:

 Compliance with laws.

 Disclosure of processed data.
 Data Security, which includes security practices and policies, data
encryption, data access, customer responsibilities, and compliance with
auditing.
 Data transfer, retention, and deletion.
The Trust Center showcases Microsoft's principles for maintaining data integrity in the cloud and
how Microsoft implements and supports security, privacy, compliance, and transparency in all
Microsoft cloud products and services

The Trust Center provides:

 In-depth information about security, privacy, compliance offerings, policies,

features, and practices across Microsoft cloud products.
 Additional resources for each topic.
 Links to the security, privacy, and compliance blogs and upcoming events.

The Azure compliance documentation provides you with detailed documentation about legal

and regulatory standards and compliance on Azure.

Azure Government services handle data that is subject to certain government regulations and
requirements:

Azure Government is a separate instance of the Microsoft Azure service. It addresses the security
and compliance needs of US federal agencies, state and local governments, and their solution
providers. 

Azure China 21Vianet is operated by 21Vianet. It's a physically separated instance of cloud
services located in China. Azure China 21Vianet is independently operated and transacted by
Shanghai Blue Cloud Technology Co., Ltd. ("21Vianet"), a wholly owned subsidiary of Beijing
21Vianet Broadband Data Center Co., Ltd
The Azure services are based on the same Azure, Office 365, and Power BI technologies that
make up the Microsoft global cloud service, with comparable service levels. Azure agreements
and contracts in China, where applicable, are signed between customers and 21Vianet.

The compliance documentation provides reference blueprints, or policy definitions, for common
standards that you can apply to your Azure subscription.
he compliance documentation provides reference blueprints, or policy definitions, for
common standards that you can apply to your Azure subscription.

Azure Pricing and cost model

The TCO Calculator helps you estimate the cost savings of operating your solution on Azure
over time, instead of in your on-premises datacenter.

TCO Calculator works in three way

1. Define your workloads – such Database , servers and storage

2. Adjust assumption - electricity, bandwidth , etc.
3. View report- choose frame between 1 to 5 years and view report.

Three ways for subscription:

Azure offers both free and paid subscription options to fit your needs and requirements.
They are:

 Free trial

A free trial subscription provides you with 12 months of popular free

services, a credit to explore any Azure service for 30 days, and more than 25
services that are always free. Your Azure services are disabled when the trial
ends or when your credit expires for paid products, unless you upgrade to a
paid subscription.

 Pay-as-you-go

A pay-as-you-go subscription enables you to pay for what you use by

attaching a credit or debit card to your account. Organizations can apply for
volume discounts and prepaid invoicing.

 Member offers

Your existing membership to certain Microsoft products and services might

provide you with credits for your Azure account and reduced rates on Azure
services. For example, member offers are available to Visual Studio
 subscribers, Microsoft Partner Network members, Microsoft for Startups
members, and Microsoft Imagine members.

Three way of purchasing azure service

Through enterprise agreement – Larger customers, known as enterprise customers, can sign an
Enterprise Agreement with Microsoft. This customer typically paid on annually based.

Directly from web – In this case, customer need to pay the standard price as per month.

Through a cloud solution provider- in this case, Microsoft partner who helps to determine
payment option. Flexible payment option is available.

Factors affect the cost

Resource

Usage meters- Azure creates meters to track usage of that resource. Azure uses these meters to
generate a usage record that's later used to help calculate your bill.

Resource usage

Azure subscription time

Azure marketplace

Zones and location matter for billing

A zone is a geographical grouping of Azure regions for billing purposes

SLA

 a service-level agreement (SLA) is a formal agreement between a service company and the

customer. For Azure, this agreement defines the performance standards that Microsoft commits
to for you, the customer.

A service credit is the percentage of the fees you paid that are credited back to you according to
the claim approval process.

Azure status provides a global view of the health of Azure services and regions. If you suspect
there's an outage, this is often a good place to start your investigation

Each SLA specifies the timeline by which you must submit your claim and when Microsoft
processes your claim. For many services, you must submit your claim by the end of the calendar
month 
Application SLA’S

An application SLA defines the SLA requirements for a specific application. This term typically
refers to an application that you build on Azure.

Usage patterns define when and how users access your application.

A workload is a distinct capability or task that's logically separated from other tasks, in terms of
business logic and data storage requirements. Each workload defines a set of requirements for
availability, scalability, data consistency, and disaster recovery.

Service Lifecycle

Every Azure service starts in the development phase. In this phase, the Azure team
collects and defines its requirements, and begins to build the service.

Next, the service is released to the public preview phase. During this phase, the public
can access and experiment with it so that it can provide feedback. 

The Azure updates page provides information about the latest updates to Azure products,
services, and features, as well as product roadmaps and announcements.

The Azure updates page provides information about the latest updates to Azure products,
services, and features, as well as product roadmaps and announcements.