Azure Fundamentals for Beginners | Azure AZ-900 Exam Prep

The cloud is enabling dramatic changes in the way we live our lives from the healthcare sector to the entertainment industry the cloud allows small businesses to go global developing countries to expand into new markets and language barriers to fade [Music] doctors can remotely monitor patients in their own home scientists can predict hurricanes and education can now be Distributed to more people than ever before from universities to refugee camps we can use the cloud ai and machine learning to help us quickly search through large amounts of data helping us make important decisions with the right kind

of information so instead of guessing and making decisions based on only part of the story we are helping scientists doctors and many other people make better Decisions with the right knowledge and skills you can be part of this change cloud computing is rapidly expanding to all businesses creating new career opportunities career opportunities in cloud computing cover a broad range of roles from developers and architects to security professionals and data scientists given the constantly evolving nature of the cloud working in the cloud requires continuously updating your knowledge and Skills however maybe you don't have that specific

university degree the right certifications and hands-on experience or maybe the cost is just too high for these reasons microsoft and coursera have partnered to develop the first in a series of programs to prepare you for a career in the cloud this program consists of four courses that will act as a bedrock of fundamental knowledge to prepare you for The az900 certification exam the az900 certification is designed to give you the fundamental knowledge skills and confidence to begin your azure certification journey we've assembled a great team of instructors to prepare you for this journey i'm rachel

in course one introduction to azure core concepts and services you'll learn the basics of cloud computing its advantages and how to determine whether Azure is the right solution for your business needs you'll learn about several of the database and big data services that are available on microsoft azure you'll also learn how to take advantage of several virtualization services in azure compute which can help your application scale out quickly and efficiently to meet increasing demands finally you'll learn about the different storage and virtual network options Available in azure i'm barry in course 2 azure management tools

and security solutions you learn about ai and software development tools and services from microsoft azure you learn about monitoring and management tools and services from azure you'll then look at the serverless computing technology and azure iot service that best addresses different business scenarios Finally you learn how azure can help you protect the workloads that you run both in the cloud and in your on-premises data center i'm anita in course 3 azure services and life cycles you'll learn how azure active directory provides identity and access management then you'll learn how to make organizational decisions about your

cloud environment by using the cloud adoption framework for azure you'll Learn how to control and audit how your resources are created by using azure policy and enable governance at scale across multiple azure subscriptions by using azure blueprints you'll use the total cost of ownership calculator to compare your current data center costs to running the same workloads on azure i'm kayleesha and finally in course four preparing for the az900 your fundamentals exam you'll get a more detailed overview of the Microsoft certification program and where you can go next in your career you'll get tips and tricks

testing strategies useful resources and information on how to sign up for the az 900 exam you'll also get a recap of the key topics and concepts covered in each course along with the practice exam finally you'll get to take the practice exam that tests all the main topics covered in the az900 proctored exam ensuring you're well prepared for Certification success hello and welcome to the first course in this program introduction to azure core concepts and services before we start diving into the detail let's take a look at an overview of the program and how you

can benefit from microsoft certification in this area becoming az900 microsoft azure fundamentals certified can be the launch pad for your learning journey into cloud computing and azure technologies This certification is a good fit if you are beginning to work with cloud-based solutions and services or are new to azure acquiring the azure fundamental certification is also an opportunity for you to prove your knowledge of cloud concepts and azure's main features these include azure services azure workloads azure security and privacy and finally azure pricing and support this course will help you to develop these Skills and prepare

you to pass the official azure az900 exam to get the most out of this course it helps if you are familiar with the general technology concepts including concepts of networking storage compute application support and application development microsoft certifications provide globally recognized and industry endorsed evidence of mastering technical Skills microsoft certification provides you with the pathway to upgrade your skills validate your abilities enhance your professional performance and develop your career microsoft certifications validate your skills and capabilities and leads you to success achieving certification shows employers that you have drive an initiative if you get hired in

a new role or it or change Your career your certification speaks volumes about you and what you know in this course you will explore various modules relating to azure core concepts and services you'll start off with an introduction to azure fundamentals here you'll explore basic cloud concepts get a streamlined overview of many azure services and be able to access hands-on exercises to deploy your very first Services for free as you navigate this module you will become familiar with cloud concepts cloud models and platforms such as infrastructure as a service platform as a service and software

as a service you'll also cover all the core things you need to know about cloud computing such as elasticity scalability and agility next you will work through azure Fundamental concepts and architectural components in this module you'll learn about the advantages of using cloud computing services and how to differentiate between the categories and types of cloud computing you'll also examine the various concepts resources and terminology that are necessary to work with the azure architecture as you dive deeper you'll explore azure database analytics and Compute services in this module you will identify several of the database services

that are available on microsoft azure such as azure cosmos db azure sql database azure sql managed instance azure database for mysql and azure database for postgresql in addition you'll learn about several of the big data and analysis services in azure you'll also learn how to take Advantage of several virtualization services in azure compute which can help your application scale out quickly and efficiently to meet increasing demands and as things become even more exciting you will navigate the different storage options that are available in azure storage and networking services as you complete the individual units in

this module you'll learn about azure blob storage azure disk storage azure Files and blob access tiers you'll also take a look at several of the core networking resources that are available in azure you'll learn about azure virtual network which can configure into a customized network environment that meets your company's needs you'll also learn how you can use azure vpn gateway and azure express route to create secure communication tunnels between your company's different Locations throughout this course you will have an opportunity to get your hands on experience with azure through interactive exercises practice quizzes and practice

exams the interactive exercises offer opportunities to practice and implement what you are learning as an example when you learn about creating a sql database you'll work in a temporary azure environment called the sandbox The beauty about this is that you will be working with real technology but in a controlled environment which allows you to apply what you learn and at your own pace as you explore the concepts and services that are available through azure you'll be given a case study to apply what you are learning to real-world examples in the case study you'll assume the

role of an it specialist and address the technology challenges of tailwind Traders so that you can help them conduct business more efficiently using real world examples helps you to reinforce concepts prepare you for the exam and gives you confidence in your approach now that you have a good idea of what you'll cover in this course you can review what you'll learn through the modules in more detail good luck earning microsoft certifications is a Great option as it shows that you are keeping pace with today's technical roles and requirements the az900 azure fundamentals forms part of

the fundamental level of the azure journey each certification pathway starts with az 900 as the fundamental level and although it is optional for those who have experience it is recommended as a foundation for next level certifications depending on your goals there are many Certifications and certification paths to choose from let's look at a few examples so that you can get some ideas on how to build your career john started his career in an i.t support department at the help desk he was brand new to cloud services he decided to learn the fundamentals and then explore

further opportunities he enrolled for the az900 exam as a starting point These exams do not assume any prior knowledge and this was a great place for him to get his feet wet john's plan for his career was to become an azure administrator the azure administrator certification az104 is an associate level certification candidates for the azure administrator associate certification should have subject matter expertise implementing managing and monitoring an organization's microsoft azure Environment john successfully completed the az900 examination and was promoted into an azure support role he went on to gain six months of experience administering his

company's azure environment he needed this experience as a prerequisite to register for the azure administrator certification today john is a successful azure administrator he keeps the azure Environment running and responds to daily business expectations leticia has always believed that it's important to upskill in a competitive work environment and has made plans to advance her existing career she decided to add new credentials to her portfolio and to step beyond software development she has more than two years experience in her existing field and supports the solutions architect with her company's Evolving azure infrastructure leticia decided that she

could achieve her goal by completing the developer certification developers implement applications and services by partnering with solution architects and customers responsibilities for this role include participating in all phases of cloud development from requirements definition and design to development deployment and maintenance Performance tuning and monitoring leticia started off with the az900 exam as she believed this would be a good foundation for success leticia has become an azure developer at her company and successfully completed the developer certification path which includes azure fundamentals az 900 and azure developer associate az204 jose lost his job during the covert crisis

he had graduated with a bachelor's Degree in history a few years ago jose gathered two years experience as an azure administrator but he did not have any certification to validate his knowledge and skills jose has always wanted to be a devops engineer and he decided that achieving certification would open new career opportunities for him jose was an ideal candidate for devops engineer certification given the experience he had gathered as an azure Administrator he completed the az900 fundamentals exam as a foundation for further studies and went on to successfully complete the devops engineer certification pathway after

certification jose was able to secure a role as an azure administrator with a large company and will be considered for a devops engineer position in the near future microsoft devops professionals combine people process and technologies to Continuously deliver valuable products and services that meet user needs and business objectives based on these scenarios you can see that microsoft provides you with the ability to start a specific certification path that matches your job role while providing you with the opportunity to improve your skills at the same time there are different certification paths for you to choose from

depending on your Expertise and background the certifications are structured into three expertise levels the fundamental certifications are targeted towards those just starting out with the technologies covered or looking to change careers the associate certifications are targeted towards professionals that already have at least two years of practical experience working with the technologies covered The expert certifications are targeted towards professionals that have a minimum of five years advanced levels of practical experience and skills with the technologies covered we have provided the link to the microsoft certifications at the end of this lesson so that you can explore

them in more detail the microsoft az 900 exam covers a basic understanding of cloud concepts including core azure services security Privacy compliance and trust as well as azure pricing and support you can expect between 40 to 60 questions in your microsoft az 900 exam there are different question types used during the exam including case study short answers multiple choice mark review and drag and drop the exam requires you to demonstrate high level knowledge of the azure cloud and its various service offerings across the following six domain areas Describe cloud concepts describe core azure services describe

core solutions and management tools on azure describe general security and network security features describe identity governance privacy and compliance features describe azure cost management and service level agreements the percentages for each domain highlights the weighting of that section To the overall exam the higher the percentage the more questions that specific section of the exam will contain at this point you may be wondering if you will have access to the information that you'll need to successfully pass the azure fundamentals exam the answer is yes each domain area is mapped to the microsoft az 900 azure fundamentals

professional certificate program Once you have successfully completed the courses in this specialization program you will receive a notification that gives you an opportunity to unlock a discount certification voucher code once you have unlocked the code you can use this to register and schedule the exam through microsoft and pearson vue the discount certification voucher code gives you 50 discount on the price that it costs to take the az 900 microsoft certification exam Please note that the content of this exam was updated on november the 9th 2020. be sure to read the microsoft azure fundamentals exam page

for more information about what skills are covered in each domain area remember to contact us if you have any questions good luck with your preparation hello and welcome to azure fundamentals in this lesson you'll take an Entry-level end-to-end look at azure and its capabilities you'll gain a solid foundation on azure fundamentals that you will rely on throughout the rest of this course in this lesson you will be introduced to the basics of cloud computing you will get a big picture view of the available services and features in azure and determine whether azure is the right

solution for your needs and if you're new to azure you can sign Up for a free account on the azure website to start exploring at this point you may have some questions like what is azure and what can it do for your business when you've completed this lesson you'll have the answers to these questions microsoft azure is a cloud computing platform with an ever expanding set of services azure gives you the freedom to build manage and deploy applications on a Massive global network using your favorite tools and frameworks the azure cloud platform has more than

200 products and cloud services that you can use to build run and manage applications across multiple clouds on premises and at the edge it delivers computing services over the internet including servers storage databases networking software analytics and intelligence azure cloud computing offers faster Innovation flexible resources and economies of scale the cloud helps you move faster and innovate in ways that were once nearly impossible but critically it does this while lowering your costs cloud computing provides computing services over the internet using a pay-as-you-go pricing model typically you only pay for the cloud services you use Which

helps you lower your operating costs run your infrastructure more efficiently and scale as your business needs change to put it another way cloud computing is a way to rent compute power and storage from someone else's data center when you're done using them you give them back you're built only for what you use instead of maintaining cpus and storage in your data center you rent them for The time that you need them the cloud provider takes care of maintaining the underlying infrastructure for you the cloud enables you to quickly solve your toughest business challenges and bring

cutting-edge solutions to your users in our ever-changing digital world two trends emerge teams deliver new features to their users at record speeds and users expect an increasingly rich And immersive experience with their devices and with software to power your services and deliver innovative and novel user experiences more quickly the cloud provides on-demand access to a nearly limitless pool of raw compute storage and networking components speech recognition and other cognitive services that help make your application stand out from the crowd analytics services that deliver Telemetry data from your software and devices you were briefly introduced to

azure at the beginning of this lesson by the end of this video you should be able to determine whether azure is the right solution for your business needs azure runs business applications by providing global scale consistency and seamless integration with on-premises environments with help from azure businesses have Everything they need to build the next great solution let's explore several benefits that azure offers azure offers businesses the option to be ready for the future continuous innovation from microsoft supports development today and product visions for tomorrow build on your terms you have choices with a commitment to

open source and support for all languages and frameworks Businesses can build how they want and deploy where they want to operate hybrids seamlessly they can integrate and manage their environments with tools and services designed for a hybrid cloud solution trust your cloud get security from the ground up backed by a team of experts and proactive compliance trusted by enterprises governments and startups now that you have an overview of some of the benefits azure offers let's take a Look at what you can do with azure many teams start exploring the cloud by moving their existing applications

to virtual machines that run in azure migrating your existing apps to virtual machines is a good start but the cloud is much more than a different place to run your virtual machine imagine communicating naturally with your users through vision hearing and speech using ai and machine learning services with azure you can explore Everything from running existing applications on virtual machines to using new software paradigms such as intelligence bots and mixed reality azure also provides storage solutions that dynamically grow to accommodate massive amounts of data you may be wondering how azure can help you to manage

your cloud resources imagine an integrated easy-to-use console built just for you the azure portal is exactly that a Web-based unified console that provides an alternative to command-line tools you can organize the azure portal to custom fit your workflow projects and style with the azure portal you can manage your azure subscription by using a graphical user interface you can build manage and monitor everything from simple web apps to complex cloud deployments create custom dashboards for an Organized view of resources and configure accessibility options for an optimal experience the azure portal is designed for resiliency and continuous

availability it maintains a presence in every azure data center the azure portal updates continuously and requires no downtime for maintenance activities this configuration makes the azure portal resilient to individual data center failures and avoids network Slowdowns by being close to users azure marketplace helps connect users with microsoft partners independent software vendors and startups that are offering their solutions and services which are optimized to run on azure azure marketplace customers can find try purchase and provision applications and services from hundreds of leading service providers all solutions and services are certified to run on azure the solution

catalog Spans several industry categories these include virtual machine images databases application build and deployment software development tools threat detection and blockchain azure marketplace is designed for it pros and cloud developers interested in commercial and it software microsoft partners also use it as a launch point for all joint go-to-market activities using azure marketplace you can Provision end-to-end solutions quickly and reliably hosted in your own azure environment to explore the azure marketplace online you can access the link in the resource section at the end of this lesson throughout the azure fundamentals learning paths we'll work with tailwind

traders a fictitious home improvement retailer it operates retail hardware stores across the globe and online Tailwind traders currently manages an on-premises data center that hosts the company's retail website the data center also stores all of the data and streaming video for its applications let's suppose that you work as an i.t specialist in tailwind traders i.t department your it team buys new hardware installs and configures software and deploys everything throughout the data center These management responsibilities create some obstacles for delivering your applications to your users in a timely fashion as an it professional you realize it

would be advantageous to have servers storage databases and other services immediately available when you develop and deploy applications you want to be able to easily start a new server or add services to your solutions Throughout this course you'll learn about some of the cloud-based services that tailwind traders can use to address its technology challenges with that in mind the services that are available through azure can help tailwind traders conduct its business more efficiently as you complete the various modules in the azure fundamentals learning paths we'll analyze the challenges that tailwind traders is facing You'll see

how you can use azure services to address each of the issues as they arise after you've completed each of the modules the knowledge that you gained from resolving the hypothetical challenges that the fictional tailwind traders company encountered should benefit you in your real world environments congratulations you have completed this lesson on core Azure concepts we defined what cloud computing is and saw some examples then covered what azure is and went through some of the most used categories of services we also saw how to get started with azure accounts finally we introduced a case study which

we will be expanding and using throughout this course hello and welcome to azure fundamental Concepts and architectural components in this module you'll learn about the main concepts of cloud computing and how azure implements these concepts we will also see in our case study how tailwind traders can benefit from migrating to a cloud computing environment more specifically after completing this lesson you will identify benefits and considerations of using cloud services you will describe the differences Between categories of cloud services and you will describe the differences between types of cloud computing so let's dive right into our

case study you work in the i t department for tailwind traders which has decided to migrate its applications and data to microsoft azure you're aware that cloud computing will save your company time and money by migrating from your existing on-premises physical hardware to a cloud solution With this new solution you'll only need to pay for the resources and computing time that you use however some of the cloud computing concepts are new to many members of your it staff they've been asking some specific questions about what cloud computing can do for them for example the team

that manages tailwind traders website wants to know how azure improves the site's Availability and scalability the team that handles the deployment of new hardware is curious to see how cloud computing can make their deployment processes faster in addition your developer team wants to learn about the different options available to them as they are designing new applications for example is there a way to run their applications in a hybrid configuration where part of their application runs on premises and the rest of the application Runs in the cloud there are several benefits that a cloud environment has

over a physical environment for example cloud-based applications employ a myriad of related strategies high availability depending on the service level agreement that you choose your cloud-based applications can provide a continuous user experience with no apparent downtime even when things go wrong Scalability applications in the cloud can be scaled in two ways vertically computing capacity can be increased by adding ram or cpus to a virtual machine horizontally computing capacity can be increased by adding instances of a resource such as adding more virtual machines to your configuration elasticity cloud-based applications can be configured to take advantage of

Auto-scaling so your applications will always have the resources they need agility cloud-based resources can be deployed and configured quickly as your application requirements change geo-distribution applications and data can be deployed to regional data centers around the globe so your customers always have the best performance in their region and disaster recovery by taking advantage of cloud-based backup services Data replication and geo-distribution you can deploy your applications with the confidence that comes from knowing that your data is safe in the event that disaster should occur cloud service providers operate on a consumption-based model which means that end

users only pay for the resources that they use whatever they use is what they pay for a consumption-based model has many benefits including no upfront costs No need to purchase and manage costly infrastructure that users might not use to its fullest the ability to pay for additional resources when they are needed the ability to stop paying for resources that are no longer needed when analyzing the benefits of cloud computing there are two different types of expenses that you should consider capital expenditure or capex operational expenditure or opex Capital expenditure or capex is the upfront spending

of money on physical infrastructure and then deducting that upfront expense over time the upfront cost from capex has a value that reduces overtime operational expenditure or opex is where you spend money on products or services and are billed for them at the moment of use you can think of these as the day-to-day Expenses that are paid for immediately in other words when tailwind traders owns its infrastructure it buys equipment that goes onto its balance sheets as assets because a capital investment was made accountants categorized this transaction as a capex over time to account for the

assets limited useful life span assets are depreciated or amortized cloud services on the other hand are categorized as an opex because of their Consumption model there's no asset for tailwind traders to amortize and its cloud service provider azure manages the costs that are associated with the purchase and lifespan of the physical equipment as a result op x has a direct impact on net profit taxable income and the associated expenses on the balance sheet to summarize capex requires significant upfront financial costs as well as ongoing maintenance and support Expenditures by contrast op-ex is a consumption-based model

so tailwind traders is only responsible for the cost of the computing resources that it uses if you've been around cloud computing for a while you've probably seen the terms infrastructure as a service or is platform as a service or pas and software as a service or sas for the different cloud service models these models define the different level of shared responsibility that a cloud Provider and cloud tenant are responsible for is is the most flexible category of cloud services it aims to give you complete control over the hardware that runs your application instead of buying

hardware with ios you rent it paz provides the same benefits and considerations as i ask but there are some additional benefits sas is software that's centrally hosted And managed for you and your users or customers usually one version of the application is used for all customers and it's licensed through a monthly or annual subscription sas provides the same benefits as i as but again there are some additional benefits you can see how when you move from is to pass to sas the shared responsibilities reduces for the client and increases for The provider this chart illustrates

the various levels of responsibility between a cloud provider and a cloud tenant as you move from on premises through iaz and paz to sas the responsibility for maintaining infrastructure platform and software responsibilities progressively transferred to the provider from the tenant like paz serverless computing enables developers to build applications faster By eliminating the need for them to manage infrastructure with serverless applications the cloud service provider automatically provisions scales and manages the infrastructure required to run the code serverless architectures are highly scalable and event driven only using resources when a specific function or trigger occurs it's important

to note that servers are still running the code the serverless Name comes from the fact that the tasks associated with infrastructure provisioning and management are invisible to the developer this approach enables developers to increase their focus on the business logic and deliver more value to the core of the business serverless computing helps teams increase their productivity and bring products to market faster and it allows organizations to better Optimize resources and stay focused on innovation there are three deployment models for cloud computing public cloud private cloud and hybrid cloud each deployment model has different aspects that

you should consider as you migrate to the cloud in a public cloud services are offered over the public internet and available to anyone who wants to purchase them Cloud resources such as servers and storage are owned and operated by a third-party cloud service provider and delivered over the internet a private cloud consists of computing resources used exclusively by users from one business or organization a private cloud can be physically located at your organization's on-site or on-premises data center it can also be hosted by a third-party service provider In the third model hybrid cloud computing environments

combine a public cloud and a private cloud by allowing data and applications to be shared between them this image illustrates several of the cloud computing concepts that are presented in this unit in this example several factors are demonstrated when you are considering where to deploy a database server in a hybrid cloud environment As your resources move from on-premises to off-premises your costs are reduced and your administration requirements decrease congratulations you have completed this lesson on cloud computing advantages by now you should be able to identify benefits and considerations of using cloud services describe the differences

between categories of cloud services and describe the differences between types of cloud computing Hello and welcome to this lesson on azure architecture in this lesson you'll examine the various concepts resources and terminology that are necessary to work with azure architecture after completing this lesson you'll be able to describe the benefits and usage of azure subscriptions and management groups azure resources resource groups and azure resource manager azure regions region pairs and availability zones In this lesson we will continue working on our case study as tailwind traders plans the adoption of azure for their cloud computing platform

let's say that you work as a developer for tailwind traders a successful hardware manufacturing company your company's chief technology officer recently decided to adopt azure as the cloud computing platform you're currently in the planning stages for the migration Before you begin the migration process you decide to study azure concepts resources and terminology to ensure your migration is a success so let's dive right into our case study as part of your research for tailwind traders you need to learn the organizing structure for resources in azure which has four levels resources resource groups subscriptions and management groups

having seen the top-down hierarchy of Organization let's describe each of those levels from the bottom up resources resources are instances of services that you create like virtual machines storage or sql databases resource groups resources are combined into resource groups which act as a logical container into which azure resources like web apps databases and storage accounts are deployed and managed subscriptions A subscription groups together user accounts and the resources that have been created by those user accounts for each subscription there are limits or quotas on the amount of resources that you can create and use organizations

can use subscriptions to manage costs and the resources that are created by users teams or projects management groups these groups help you manage access policy and compliance for multiple subscriptions All subscriptions in a management group automatically inherit the conditions applied to the management group you'll examine each of these four organizational levels in detail as tailwind traders get started with azure one of your first steps will be to create at least one azure subscription you'll use it to create your cloud-based resources in azure an azure resource is a manageable item that's available through azure virtual Machines

vms storage accounts web apps databases and virtual networks are all examples of resources using azure requires an azure subscription a subscription provides you with authenticated and authorized access to azure products and services it also allows you to provision resources an azure subscription is a logical unit of azure services that links to an azure account which is an identity in azure Active directory also called azure ad or in a directory that azure ad trusts there are two types of subscription boundaries that you can use billing boundary this subscription type determines how an azure account is billed

for using azure you can create multiple subscriptions for different types of billing requirements azure generates separate billing reports and invoices for each subscription so That you can organize and manage costs access control boundary azure applies access management policies at the subscription level and you can create separate subscriptions to reflect different organizational structures an example is that within a business you have different departments to which you apply distinct azure subscription policies this billing model allows you to manage and control access to the resources that Users provision with specific subscriptions you might want to create additional subscriptions

for resource or billing management purposes for example you might choose to create additional subscriptions to separate environments when managing your resources you can choose to create subscriptions to set up separate environments for development and testing security or to isolate data for compliance reasons This design is particularly useful because resource access control occurs at the subscription level organizational structures you can create subscriptions to reflect different organizational structures for example you could limit a team to lower cost resources while allowing the it department a full range this design allows you to manage and control access to the

resources that users provision within each subscription Billing you might want to also create additional subscriptions for billing purposes because costs are first aggregated at the subscription level you might want to create subscriptions to manage and track costs based on your needs for instance you might want to create one subscription for your production workloads and another subscription for your development and testing workloads you might also need additional Subscriptions because of subscription limits subscriptions are bound to some hard limitations for example the maximum number of azure express right circuits per subscription is 10. those limits should be

considered as you create subscriptions on your account if there's a need to go over those limits in particular scenarios you might need additional subscriptions the diagram you will see next shows an Overview of how billing is structured if you've previously signed up for azure or if your organization has an enterprise agreement your billing might be set up differently if you have multiple subscriptions you can organize them into invoice sections each invoice section is a line item on the invoice that shows the charges incurred that month for example you might need a single invoice for your

organization but want To organize charges by department team or project depending on your needs you can set up multiple invoices within the same billing account to do this create additional billing profiles each billing profile has its own monthly invoice and payment method if your organization has many subscriptions you might need a way to efficiently manage access policies and compliance for those Subscriptions azure management groups provide a level of scope above subscriptions you organize subscriptions into containers called management groups and apply your governance conditions to the management groups all subscriptions within a management group automatically inherit

the conditions applied to the management group management groups give you enterprise Grade management at a large scale no matter what type of subscriptions you might have all subscriptions within a single management group must trust the same azure a.d tenant for example you can apply policies to a management group that limits the regions available for vm creation this policy would be applied to all management groups subscriptions and resources under that management group by Only allowing vms to be created in that region you can build a flexible structure of management groups and subscriptions to organize your resources

into a hierarchy for unified policy and access management the following diagram shows an example of creating a hierarchy for governance by using management groups you can create a hierarchy that applies a policy for example you could limit vm locations to the u.s west region in a group called Production this policy will inherit onto all the enterprise agreement subscriptions that are descendants of that management group and will apply to all vms under those subscriptions this security policy can't be altered by the resource or subscription owner which allows for improved governance another scenario where you would use

management groups is to provide user access to multiple subscriptions by moving multiple subscriptions under That management group you can create one role-based access control rbac assignment on the management group which will inherit that access to all the subscriptions one assignment on the management group can enable users to have access to everything they need instead of scripting rbac over different subscriptions we will cover rbac in more detail later in the course There are some important facts about management groups that you should keep in mind up to ten thousand management groups can be supported in a single

directory a management group tree can support up to six levels of depth this limit doesn't include the root level or the subscription level each management group and subscription can support only one parent each management group can have many Children all subscriptions and management groups are within a single hierarchy in each directory after you've created a subscription for tailwind traders you're ready to start creating resources and storing them in resource groups with that in mind it's important to define those terms resource a manageable item that's available through azure virtual machines or vms Storage accounts web apps

databases and virtual networks are examples of resources resource group a container that holds related resources for an azure solution the resource group includes resources that you want to manage as a group you decide which resources belong in a resource group based on what makes the most sense for your organization resource groups are a fundamental element of the azure platform a resource Group is a logical container for resources deployed on azure these resources are anything you create in an azure subscription like vms azure application gateway instances and azure cosmos db instances all resources must be in

a resource group and a resource can only be a member of a single resource group many resources can be moved between resource groups with some services having specific limitations or Requirements to move resource groups can't be nested before any resource can be provisioned you need a resource group for it to be placed in resource groups exist to help manage and organize your azure resources by placing resources of similar usage type or location in a resource group you can provide order and organization to resources you create in azure logical grouping is the aspect that you're most

interested in here because Resources can become disordered it is a good idea to organize your resources by life cycle in non-production environments if you delete a resource group all resources contained within it are also deleted organizing resources by life cycle can be useful in non-production environments where you might try and experiment and then dispose of it resource groups make it easy to remove a Set of resources all at once you can also apply permissions to ease administration and limit access resource groups are also a scope for applying role-based access control permissions by applying our back

permissions to a resource group you can ease administration and limit access to allow only what's needed azure resource manager commonly referred to as arm is the deployment and Management service for azure it provides a management layer that enables you to create update and delete resources in your azure account you use management features like access control locks and tags to secure and organize your resources after deployment when a user sends a request from any of the azure tools apis or sdks resource manager receives the request it authenticates and authorizes the request Resource manager sends the request

to the azure service which takes the requested action because all requests are handled through the same api you see consistent results and capabilities in all the different tools all capabilities that are available in the azure portal are also available through powershell the azure cli rest apis and client sdks functionality initially released through Apis will be represented in the portal within 180 days of initial release azure resource manager brings many benefits with arm you can manage your infrastructure through declarative templates rather than scripts an arm template is a json file that defines what you want to

deploy to azure deploy manage and monitor all the resources for your solution as a group rather than handling these resources individually Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state define the dependencies between resources so they're deployed in the correct order apply access control to all services because our back is natively integrated into the management platform apply tags to resources to logically organize all the resources in your Subscription clarify your organization's billing by viewing costs for a group of resources that share the same tag by

now you should have learned about azure resources and resource groups resources are created in regions which are different geographical locations around the globe that contain azure data centers azure is made up of data centers located around the globe when you use a service Or create a resource such as a sql database or virtual machine you're using physical equipment in one or more of these locations these specific data centers aren't exposed to users directly instead azure organizes them into regions as you'll see later in this lesson some of these regions offer availability zones which are different

azure data centers within that region a region is a geographical area on the Planet that contains at least one but potentially multiple data centers that are nearby and networked together with a low latency network azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced when you deploy a resource in azure you'll often need to choose the region where you want your resource deployed it's important to note that some Services or vm features are only available in certain regions such as specific vm sizes or storage types there are also some

global azure services that don't require you to select a particular region such as azure active directory azure traffic manager and azure dns azure has more global regions than any other cloud provider these regions give you the flexibility to bring applications closer to your Users no matter where they are global regions provide better scalability and redundancy they also preserve data residency for your services a few examples of regions are west u.s canada central west europe australia east and japan west here's a view of all the available regions as of june 2020 azure has specialized regions that

you might want to use when you build out your applications for compliance or Legal purposes a few examples include u s department of defense central u s government virginia u s government iowa and more these regions are physical and logical network isolated instances of azure for us government agencies and partners these data centers are operated by screened u.s personnel and include additional compliance certifications china east china north and more These regions are available through a unique partnership between microsoft and 21 vianet whereby microsoft doesn't directly maintain the data centers regions are what you use to

identify the location for your resources there are two other terms you should also be aware of geographies and availability zones you want to ensure your services and data are redundant so you can protect your information in case of failure when you Host your infrastructure setting up your own redundancy requires that you create duplicate hardware environments azure can help make your app highly available through availability zones availability zones are physically separate data centers within an azure region each availability zone is made up of one or more data centers equipped with independent power cooling and networking an

availability zone is set up to be an Isolation boundary if one zone goes down the other continues working availability zones are connected through high-speed private fiber optic networks not every region has support for availability zones for an updated list check your documentation for azure services that support availability zones you can use availability zones to run mission critical applications and build high availability into your application Architecture by co-locating your compute storage networking and data resources within a zone and replicating in other zones keep in mind that there could be a cost to duplicating your services and

transferring data between zones availability zones are primarily for vms managed disks load balancers and sql databases azure services that support availability zones fall into two categories Zonal services you pin the resource to a specific zone for example vms managed disks and ip addresses zone redundant services the platform replicates automatically across zones for example zone redundant storage sql database check the documentation to determine which elements of your architecture you can associate with an availability zone availability zones are created by using one or more data centers There's a minimum of three zones within a single region it's

possible that a large disaster could cause an outage big enough to affect even two data centers that's why azure also creates region pairs each azure region is always paired with another region within the same geography such as u.s europe or asia at least 300 miles away this approach allows for the replication of resources such as vm storage across a Geography that helps reduce the likelihood of interruptions because of events such as natural disasters civil unrest power outages or physical network outages that affect both regions at once if a region in a pair was affected by

a natural disaster for instance services would automatically fail over to the other region in its region pair an example of a region pair in azure is west u.s paired with east u.s similarly in asia southeast asia is Paired with east asia because the pair of regions is directly connected and far enough apart to be isolated from regional disasters you can use them to provide reliable services and data redundancy some services offer automatic geo-redundant storage by using region pairs and there are some additional advantages of region pairs if an extensive azure outage occurs one region out

of every Pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair planned azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage data continues to reside within the same geography as its pair except for brazil south for tax and law enforcement jurisdiction purposes Having a broadly distributed set of data centers allows azure to provide a high guarantee of availability congratulations you have completed this lesson on core azure architecture you saw the benefits of

using cloud computing we described the differences between categories of cloud services and the differences between types of cloud computing we also covered azure subscriptions and management groups Then we described azure resources resource groups and azure resource manager finally we identified azure regions region pairs and availability zones hello and welcome to azure database analytics and compute services in this module you'll learn about several of the primary database services that are available on azure you'll analyze some of the reasons why each of these database services might be the right Choice for your needs in addition you'll look

at the big data and analysis services in azure you'll also examine how to take advantage of several virtualization services in azure compute which can help your application scale out quickly and efficiently to meet increasing demands let's take a look at our case study to see what is expected from you as the its specialist of tailwind traders due to a growing number of acquisitions Over the last decade tailwind traders uses a variety of database and analytics technologies as the company begins to migrate existing data workloads and deploy new data workloads to azure it needs to understand

which azure technology is the most appropriate for each workload the company's chief technology officer has assigned you the task of researching the different database options that are available This will help tailwind traders choose the right options for each of their data scenarios in this lesson you'll focus on several of the database services that are available on microsoft azure such as azure cosmos db azure sql database and azure sql managed instance azure database from mysql and azure database for postgresql in addition you'll learn about several of the big data and analysis services in Azure so let's

dive right in and find out how you can help tailwind traders over the years tailwind traders has acquired several smaller companies each of these companies had teams of developers who use different database services and various apis to work with their data the long-term plan is to move all of the disparate data to a common database service For now though you'd like to enable each of these teams to work with an environment where they can use their existing skills fortunately for you azure cosmos db can help out azure cosmos db is a globally distributed multi-model database

service using azure cosmos db you can elastically and independently scale throughput and storage across any number of azure regions worldwide And take advantage of fast single-digit millisecond data access by using any one of several popular apis the azure cosmos db service offers comprehensive service level agreements which cover the guarantees for throughput consistency availability and latency it's important to note that servers are still running the code azure cosmos db also supports schema-less data which lets you build Highly responsive and always-on applications to support constantly changing data you can use this feature to store data that's updated

and maintained by users around the world now let's take a look at an example of how tailwind traders use azure cosmos db tailwind traders provides a public training portal that is used by customers across the globe to learn about the different tools that tailwind Traders creates tailwind traders developers maintain and update the data this image shows a sample azure cosmos db database that's used to store data for the tailwind traders training portal website at the lowest level azure cosmos db stores data in atom record sequence ars format the data is then abstracted and projected as

an api which you specify When you're creating your database your choices include sql mongodb cassandra tables and gremlin now let's take a look at some of the key benefits you can provide to the cto at tailwind traders azure cosmos db is a flexible database that provides guaranteed single-digit milliseconds response times and 99.999 availability backed by comprehensive slas Elastic and independent scale throughput and storage on demand access to multiple data models and apis for working with your data and the ability to globally distribute your data and build highly responsive applications in this session you will explore

azure sql database as a possible solution for tailwind traders so what is azure sql database azure sql database is a relational Database based on the latest stable version of the microsoft sql server database engine azure sql database provides you with a high performance reliable fully managed and secure database you can use it to build data driven applications and websites in the programming language of your choice without needing to manage infrastructure let's take a look at some of the features provided by azure sql database Azure sql database is a platform as a service paz database engine

it handles most of the database management functions such as upgrading patching backups and monitoring without user involvement sql database also provides 99.99 availability with azure sql database you can create a highly available and high performance data storage layer for the applications and solutions in azure Microsoft handles all updates to the sql and operating system code you don't have to manage the underlying infrastructure in a nutshell azure sql database is a fully managed service that has built in high availability backups and other common maintenance operations the pas capabilities that are built into sql database enable you

to focus on the domain specific database administration and optimization activities that are Critical for your business azure sql database can be the right choice for a variety of modern cloud applications because it enables you to process both relational data and non-relational structures such as graphs json spatial and xml you can also use advanced query processing features such as high performance in-memory technologies and intelligent query processing in fact the newest capabilities of sql Server are released first to sql database and then to sql server itself you get the newest sql server capabilities with no overhead for

updates or upgrades tested across millions of databases tailwind traders currently uses several on-premises servers running sql server which provide data storage for your public-facing website for example customer data order history and product catalogs in addition your on-premises servers running sql Server also provide data storage for your internal only training portal website tailwind traders uses the website for new employee training materials such as study materials certification details and training transcripts this image illustrates the types of data that tailwind traders might store in the azure sql database training portal website you can migrate your existing sql server

Databases with minimal downtime by using the azure database migration service after you assess and resolve any remediation required you're ready to begin the migration process the azure database migration service performs all of the required steps you just change the connection string in your apps azure sql managed instance is a scalable cloud data service that provides the broadest sql server database engine Compatibility with all the benefits of a fully managed platform as a service depending on your scenario azure sql managed instance might offer more options for your database needs like azure sql database azure sql managed

instance is a platform as a service database engine which means that your company will be able to take advantage of the best features of moving your data to the cloud in a fully managed environment Let's take a look at an example of the benefits for tailwind traders using a fully managed environment tailwind traders will no longer need to purchase and manage expensive hardware and won't have to maintain the additional overheads of managing on-premises infrastructure on the other hand tailwind traders will benefit from the quick provisioning and service scaling features of azure together with automated patching

and Version upgrades in addition tailwind traders can rest assured that their data will always be there when they need it through built-in high availability features and a 99.99 uptime service level agreement they'll also be able to protect their data with automated backups and a configurable backup retention period azure sql database and azure sql managed instance offer many of the same features however azure sql managed instance Provides several options that might not be available to azure sql database in this example tailwind traders currently uses several on-premises servers running sql server and they would like to migrate

their existing databases to a sql database running in the cloud however several of their databases uses cyrillic characters for collation in this scenario tailwind traders should migrate their databases to an azure sql Managed instance one of the features of azure sql managed instance is that server level collation can be specified when the instance is created on the other hand azure sql database only uses the default sql underscore latin one underscore general underscore cp1 underscore ci underscore as server collation it's important to note that although you can change server level collation in sql Managed instance it

cannot be changed once the instance has been created azure sql managed instance makes it easy to migrate your on-premises data on sql server to the cloud using the azure database migration service dms or native backup and restore this image illustrates the migration process flow let's go through this after you've discovered all of the features that your company uses you need to assess which on-premises sql server instances you can Migrate to azure sql managed instance to see if you have any blocking issues once you have resolved any issues you can migrate your data then cut over

from your on-premises sql server to your azure sql managed instance by changing the connection string in your applications as part of your planning for your migration strategy the different teams at tailwind traders have been researching the available service Offerings that azure provides you've been tasked with investigating whether the database requirements for the web development team will continue to be met after the migration to azure tailwind traders currently manages several websites on premises that use the lamp stack linux apache mysql php you'll discover that the web apps feature of the azure app service provides built-in functionality

to Create web applications that use php on a linux server running apache now let's explore azure database for mysql azure database for mysql is a relational database service in the cloud and it's based on the mysql community edition database engine with it you have a 99.99 availability service level agreement from azure powered by a global network of microsoft managed data centers This helps keep your app running 24 7. with every azure database from mysql server you take advantage of built-in security fault tolerance and data protection that you would otherwise have to buy or design build

and manage with azure database for mysql you can use point in time restore to recover a server to an earlier state as far back as 35 days azure database for mysql delivers built-in high availability with no Additional cost predictable performance and inclusive pay as you go pricing scale is needed within seconds ability to protect sensitive data at rest and in motion automatic backups and enterprise grade security and compliance these capabilities require almost no administration and all are provided at no additional cost They allow you to focus on rapid app development and accelerating your time to

market rather than having to manage virtual machines and infrastructure in addition you can migrate your existing mysql databases with minimal downtime by using the azure database migration service after you've completed your migration you can continue to develop your application with the open source tools and platform of your choice you don't Have to learn new skills azure database for mysql offers several service tiers and each tier provides different performance and capabilities to support lightweight to heavyweight database workloads you can build your first app on a small database for a few dollars a month and then adjust

the scale to meet the needs of your solution dynamic scalability enables your database to transparently respond to Rapidly changing resource requirements you only pay for the resources you need and only when you need them now that you've explored the azure database for mysql let's go through some of the key findings in your investigation by using azure database mysql tailwind traders will be able to focus on rapid app development and accelerating time to market rather than having to manage virtual machines and Infrastructure develop applications with the open source tools using a platform of their choice deliver

with speed and efficiency without having to learn new skills use built-in features such as automated patching high availability automated backups elastic scaling enterprise grade security compliance and governance monitoring and alerting and pay only for what is used with Options to scale up or scale out for greater control with no interruption as part of its overall data strategy tailwind traders has been using postgresql for several years you and your team probably already know the benefits of postgresql part of your migration is to use azure database for postgresql and you want to make sure that you'll have

access to the same benefits as your on-premises server before moving to the Cloud let's take a closer look at azure database for postgresql azure database for postgresql is a relational database service in the cloud the server software is based on the community version of the open source postgresql database engine your familiarity with tools and expertise with postgresql is applicable when you're using azure database for postgresql Let's discuss the key benefits of azure database for postgresql azure database for postgresql delivers the following benefits built-in high availability compared to on-premises resources there's no additional configuration replication or

cost required to make sure your applications are always available simple and flexible pricing you have predictable performance based on a selected pricing tier choice that Includes software patching automatic backups monitoring and security scale up or down as needed within seconds you can scale compute or storage independently as needed to make sure you adapt your service to match usage adjustable automatic backups and point-in-time restore for up to 35 days and enterprise-grade security and compliance to protect sensitive data at rest and in motion this security covers data encryption on Disk and ssl encryption between client and server

communication azure database for postgresql is available in two deployment options single server and hyperscale situs first let's take a look at the single server option capabilities the single server option delivers built-in high availability with no additional cost and a 99.99 uptime service level agreement predictable performance and inclusive Pay-as-you-go pricing vertical scale is needed within seconds enterprise-grade security and compliance monitoring and alerting to assess your server ability to protect sensitive data at rest and in motion and automatic backups and point-in-time restore for up to 35 days these capabilities require almost no administration and all are provided

at no additional cost They allow you to focus on rapid app development and accelerating your time to market rather than having to manage virtual machines and infrastructure you can continue to develop your application with the open source tools and platform of your choice without having to learn new skills the single server option offers three pricing tiers basic general purpose and memory optimized each tier offers different resource capabilities to support your Database workloads you can build your first app on a small database for a few dollars a month and then adjust the scale to meet the

needs of your solution dynamic scalability enables your database to transparently respond to rapidly changing resource requirements you only pay for the resources you need and only when you need them now let's explore the second postgres ql deployment option hyperscale situs the hyperscale situs option horizontally Scales queries across multiple machines by using sharding its query engine parallelizes incoming sql queries across these servers for faster responses on large datasets it serves applications that require greater scale and performance generally workloads that are approaching or already exceed 100 gigabytes of data the hyperscale siteis deployment option supports multi-tenant applications

real-time operational analytics and High-throughput transactional workloads applications built for postgresql can run distributed queries on hyperscale situs with standard connection libraries and minimal changes thinking on tailwind trader's overall migration strategy you can quickly and easily develop applications using azure database for postgresql tailwind traders will also be able to use native postgresql tools drivers and libraries without worrying about having To manage and administrate the instances themselves several years ago tailwind traders rolled out a new gps tracking system for all of its delivery vehicles the new system provides real-time tracking data to your primary data center your

cto wants your team to look at several years of tracking data in order to determine trends for example an important trend might be a spike in deliveries around the holidays that Would require hiring additional staff through an in-depth analysis of the tracking data that you've recorded your cto seeks to predict when changes are necessary and proactively take the steps that are necessary to manage spikes appropriately in this tailwind trader scenario data is collected from the gps sensors which includes location information data from weather systems and many other sources that generate large amounts of data This

amount of data becomes increasingly hard to make sense of and to base decisions on the volumes are so large that traditional forms of processing and analysis are no longer appropriate data comes in all forms and formats when we talk about big data we're referring to large volumes of data open source cluster technologies have been developed over time to try to deal with these large data sets in this session we will explore microsoft Azure's broad range of technologies and services that provide big data and analytics solutions including azure synapse analytics azure hdinsight azure data bricks and

azure data lake analytics let's start exploring these solutions azure synapse analytics formerly azure sql data warehouse is a limitless analytics service that brings together enterprise data warehousing and big data analytics you can query data on your Terms by using either serverless or provisioned resources at scale with azure synapse analytics you have a unified experience to ingest prepare manage and serve data for immediate bi and machine learning needs azure hdinsight is a fully managed open source analytics service for enterprises it's a cloud service that makes it easier faster and more cost effective to process massive amounts

of data you can run popular open source frameworks and Create cluster types such as apache spark apache hadoop apache kafka apache h base apache storm and machine learning services hdinsight also supports a broad range of scenarios such as extraction transformation and loading etl data warehousing machine learning and iot azure data breaks helps you unlock insights from all your data and build artificial intelligence solutions you can set up your apache spark Environment in minutes and then auto scale and collaborate on shared projects in an interactive workspace azure databricks supports python scala r java and sql as

well as data science frameworks and libraries including tensorflow pytorch and scikit-learn azure data lake analytics is an on-demand analytics job service that simplifies big data instead of deploying configuring and tuning hardware you write queries to transform your data and Extract valuable insights the analytics service can handle jobs of any scale instantly by setting the dial for how much power you need with azure data lake analytics you only pay for your job when it's running making it more cost effective congratulations you have completed this lesson on azure database fundamentals in this lesson you explored several of

the database services that are available on microsoft azure in addition you Learned how you can use big data and analysis services like azure synapse analytics azure hd insight azure data bricks and azure data lake analytics to analyze large volumes of data by now you should be able to describe the benefits and usage of azure cosmos db azure sql database and sql managed instance azure database for mysql and postgresql and azure synapse analytics hdinsight and azure databricks hello and welcome back in this lesson You'll learn how to take advantage of several virtualization services in azure compute

which can help your application scale out quickly and efficiently to meet increasing demands now let's take a look at our case study imagine that you work as a development lead at tailwind traders a company that specializes in hardware manufacturing your management team tells you that the company's website has been having a difficult time keeping up with the Application demands the team wants you to investigate a solution the front end web servers are operating near capacity during peak periods of the day and you need to get a solution in place quickly but there's a problem you

don't have any free servers to scale out your application you could ask to buy new equipment but your department's budget is tight You want to make a good impression with leadership but you don't know how many servers are necessary for this project and you don't want to buy more hardware than you need even if you are able to procure several servers you need to invest a lot of time to set them up and install software ideally you'd obtain the resources you need to do the work without too much administration and configure them to do the

work You'd also pay only for the compute resources you need while you're using them this is the ideal scenario for tailwind traders and you can do this in azure using azure you can create compute resources configure them to do the work that's needed and pay for only what you use by the end of this lesson you will be able to describe the benefits and usage of azure virtual machines azure app Service azure container instances azure kubernetes service azure functions and windows virtual desktop let's start this session by looking at an overview of azure compute azure

compute is an on-demand computing service for running cloud-based applications it provides computing resources such as disks processors memory networking and Operating systems the resources are available on demand and can typically be made available in minutes or even seconds you pay only for the resources you use and only for as long as you're using them azure supports a wide range of computing solutions for development and testing running applications and extending your data center the service supports linux windows Server sql server oracle ibm and sap azure also has many services that can run virtual machines each service

provides different options depending on your requirements in this lesson you will examine some of the main services including azure virtual machines including virtual machine scale set azure container instances including azure kubernetes azure app service and azure functions or Serverless computing so what are virtual machines virtual machines are software emulations of physical computers they include a virtual processor memory storage and networking resources virtual machines host an operating system and you can install and run software just like a physical computer when using a remote desktop client you can use and control the virtual machine as if you

were sitting in front of it With azure virtual machines you can create and use virtual machines in the cloud virtual machines also known as vms provide infrastructure as a service i as and can be used in different ways when you need total control over an operating system and environment virtual machines are an ideal choice just like a physical computer you can customize all the software running on the virtual machine This ability is helpful when you're running custom software or custom hosting configurations for example if tailwind traders wants to provision linux and windows virtual machines with

the configurations of their choice they could do so in seconds using azure virtual machine services you know that virtual machines are software emulations of physical computers but what are virtual machine Scale sets virtual machine scale sets are an azure compute resource that you can use to deploy and manage a set of identical virtual machines azure virtual machine scale sets lets you create and manage a group of identical load balanced virtual machines scale sets allow you to centrally manage configure and update a large number of virtual machines in minutes to provide highly available applications The number

of virtual machine instances can automatically increase or decrease in response to demand or a defined schedule for this reason it's easier to build large-scale services targeting big compute big data and containerized workloads as demand goes up more virtual machine instances can be added as demand goes down virtual machine instances can be removed the process can be manual Automated or a combination of both for example if tailwind traders want to achieve high availability by auto scaling to create thousands of virtual machines they could do so in minutes using virtual machine scale sets let's take a look

at some more azure compute resources container instances and azure kubernetes service or aks are azure compute resources that you can use to deploy and manage containers Containers are lightweight virtualized application environments they're designed to be quickly created scaled out and stopped dynamically you can run multiple instances of a containerized application on a single host machine for example if tailwind traders wants to containerize apps and easily run containers with a single command they would use container instances azure kubernetes service is also ideal to simplify the deployment management And operations of kubernetes you have learned that azure

virtual machines provide infrastructure as a service or is azure app service on the other hand is a platform as a service or pas offering with azure app service you can quickly build deploy and scale enterprise grade web mobile and api apps running on any platform you can meet rigorous performance scalability security and compliance Requirements while using a fully managed platform to perform infrastructure maintenance for example if tailwind traders wants to quickly create cloud apps for web and mobile with fully managed platform they can use azure app service let's suppose you're not concerned about the underlying

platform or infrastructure but only about the code running your service functions are ideal for this scenario They're commonly used when you need to perform work in response to an event often via a rest request timer or message from another azure service and when that work can be completed quickly within seconds or less for example if tailwind traders wants to accelerate app development using an event-driven serverless architecture they can use azure functions in this session you have started gathering information that will help you To resolve tailwind traders challenges you looked at an overview of azure virtual

machines as your app service azure container instances azure kubernetes azure functions and virtual machine skill set in this session you continue to explore the possible azure solutions that can help you scale out your applications one possible solution to tailwind traders lack of physical service is using virtual machines Let's dive right in and explore virtual machines as a solution with azure virtual machines you can create and use virtual machines in the cloud virtual machines provide infrastructure as a service in the form of a virtualized server and can be used in many ways just like a physical

computer you can customize all of the software running on the virtual machines virtual machines are an ideal choice When you need total control over the operating system the ability to run custom software and to use custom hosting configurations an azure virtual machine gives you the flexibility of virtualization without having to buy and maintain the physical hardware that runs the virtual machine you still need to configure update and maintain the software that runs on the virtual machine you can create and provision a virtual Machine in minutes when you select a pre-configured virtual machine image selecting an

image is one of the most important decisions you'll make when you create a virtual machine an image is a template used to create a virtual machine these templates already include an operating system and often other software like development tools or web hosting environments here are some examples of when to use Virtual machines during testing and development virtual machines provide a quick and easy way to create different operating system and application configurations test and development personnel can then easily delete the virtual machines when they no longer need them when running applications in the cloud the ability

to run certain applications in the public cloud as opposed to creating a traditional infrastructure to Run them can provide substantial economic benefits for example an application might need to handle fluctuations in demand shutting down vms when you don't need them or quickly starting them up to meet a sudden increase in demand means you pay only for the resources you use when extending your data center to the cloud an organization can extend the capabilities of its own on-premises Network by creating a virtual network in azure and adding vms to that virtual network applications like sharepoint can

then run on an azure vm instead of running locally this arrangement makes it easier or less expensive to deploy than in an on-premises environment during disaster recovery as with running certain types of applications in the cloud and extending an on-premises Network to the cloud you can get significant cost savings by using an is-based approach to disaster recovery if a primary data center fails you can create vms running on azure to run your critical applications and then shut them down when the primary data center becomes operational again virtual machines are also an excellent choice when you

move from a physical server to the cloud this is also known as lift and shift You can create an image of the physical server and host it within a virtual machine with little or no changes just like a physical on-premises server you must maintain the virtual machine you update the installed operating system and the software it runs you can run single virtual machines for testing development or minor tasks or you can group virtual machines together to provide high availability scalability and redundancy No matter what your uptime requirements are azure has several features that can meet

them these features include virtual machine scale sets azure batch let's start off by looking at virtual machine scale sets virtual machine scale sets lets you create and manage a group of identical load balanced virtual machines imagine you're running a website that enables scientists to upload astronomy images That need to be processed if you duplicated the virtual machine you'd normally need to configure an additional service to write requests between multiple instances of the website virtual machine scale sets could do that work for you scale sets allow you to centrally manage configure and update a large number

of virtual machines in minutes to provide highly available applications The number of virtual machine instances can automatically increase or decrease in response to demand or a defined schedule with virtual machine scale sets you can build large-scale services for areas such as compute big data and other container workloads now that you have explored virtual scale sets let's take a look at azure batch azure batch enables large-scale parallel and high performance computing or hpc Batch jobs with the ability to scale to tens hundreds or thousands of virtual machines when you're ready to run a job batch does

the following starts a pool of compute virtual machines for you installs applications and staging data runs jobs with as many tasks as you have identifies failures recues work scales down the pool as work completes There might be situations in which you need raw computing power or super computer level compute power azure provides these capabilities in this session we learned that tailwind traders front-end web servers are operating near capacity during peak periods of the day as a solution to match customer demand scale sets can automatically increase the number of virtual machine instances as application demand increases

then Reduce the number of vm instances as demand decreases this ability helps reduce costs and efficiently create azure resources as required in the previous session you identified that virtual machines are an ideal choice when you need total control over an operating system and environment while virtual machines are an excellent way to reduce costs versus the investments that are necessary for Physical hardware they're still limited to a single operating system per virtual machine if you want to run multiple instances of an application on a single host machine containers are an excellent choice containers are a virtualization

environment much like running multiple virtual machines on a single physical host you can run multiple containers on a single physical or virtual host unlike virtual machines you don't manage The operating system for a container virtual machines appear to be an instance of an operating system that you can connect to and manage but containers are lightweight and designed to be created scaled out and stopped dynamically while it's possible to create and deploy virtual machines as application demand increases containers are designed to allow you to respond to changes on demand With containers you can quickly restart in

case of a crash or hardware interruption one of the most popular container engines is docker which is supported by azure as you investigate the possible azure solutions that are available to meet your needs it's important to compare the different features and benefits if you were to select container instances as an option how would you Manage this containers are managed through a container orchestrator which can start stop and scale out application instances as needed there are two ways to manage both docker and microsoft based containers in azure azure container instances or aci and azure kubernetes service

or aks azure container instances offers the fastest and simplest way to run a container in azure without having to manage any Virtual machines or adopt any additional services it's a platform as a service offering that allows you to upload your containers which it runs for you azure kubernetes service is a complete orchestration service for containers with distributed architectures and large volumes of containers orchestration is the task of automating and managing a large number of containers and how they interact Containers are often used to create solutions by using a microservice architecture a microservice architecture consists of

a collection of small autonomous services each service is self-contained and should implement a single business capability this image illustrates the microservices architecture this architecture is where you break solutions into smaller independent Pieces for example you might split a website into a container hosting your front end another hosting your back end and a third for storage this split allows you to separate portions of your app into logical sections that can be maintained scaled or updated independently imagine your website back end has reached capacity but the front end and storage aren't being stressed You could scale the

back end separately to improve performance decide to use a different storage service and replace the storage container without affecting the rest of the application in your research for tailwind traders you've looked at two different ways that you can virtualize your application another alternative is to deploy your application's front-end websites to azure app service which makes it easy to Respond to application demand app service enables you to build and host web apps background jobs mobile backends and restful apis in the programming language of your choice without managing infrastructure it offers automatic scaling and high availability app

service supports windows and linux and enables automated deployments from github azure devops or any git repo to support a continuous deployment model This platform as a service environment allows you to focus on the website and api logic while azure handles the infrastructure to run and scale your web applications you pay for the azure compute resources your app uses while it processes requests based on the app service plan you choose the app service plan determines how much hardware is devoted to your host for example the plan determines whether It's dedicated or shared hardware and how much

memory is reserved for it there's even a free tier you can use to host small low traffic sites with app service you can host most common app service styles like web apps api apps web jobs and mobile apps app service handles most of the infrastructure decisions you deal with in hosting web accessible apps deployment and management are integrated into the platform endpoints can be Secured sites can be scaled quickly to handle high traffic loads the built-in load balancing and traffic manager provide high availability all of these app styles are hosted in the same infrastructure and

share these benefits this flexibility makes app service the ideal choice to host web-oriented applications app service includes full support for hosting web apps by using asp.net Asp.net core java ruby node.js php or python you can choose either windows or linux as the host operating system much like hosting a website you can build rest based web apis by using your choice of language and framework you get full swagger support and the ability to package and publish your api in azure marketplace the produced apps can be consumed from any http or https based client You can use

the web jobs feature to run a program.exe java php python or node.js or script dot cmd dot powershell or bash in the same context as a web app api app or mobile app they can be scheduled or run by a trigger web jobs are often used to run background tasks as part of your application logic you can also use the mobile apps feature Of app service to quickly build a backend for ios and android apps with just a few clicks in the azure portal you can store mobile app data in a cloud-based sql database authenticate

customers against common social providers such as msa google twitter and facebook send push notifications execute custom back-end logic in c-sharp or node.js on the mobile app side there's sdk Support for native ios and android xamarin and react native apps to summarize azure app service is a fully managed web hosting service for building web apps mobile backends and restful apis azure app service also provides pricing and performance options that cater for every need from small websites to globally scaled web applications after consulting with several of your fellow developers at tailwind traders You've determined that some of

your application logic is event driven in other words for a large amount of time your application is waiting for a particular input before it performs any processing to reduce your costs you want to avoid having to pay for the time that your application is waiting for input with that in mind you've decided to investigate azure functions to see if it can help Azure functions is the serverless computing service hosted on the microsoft azure public cloud azure functions and serverless computing in general is designed to accelerate and simplify application development before launching straight in let's first

look at serverless computing serverless computing is the abstraction of servers infrastructure and operating systems with serverless computing azure takes Care of managing the server infrastructure and the allocation and deallocation of resources based on demand infrastructure isn't your responsibility scaling and performance are handled automatically you're billed only for the exact resources you use there's no need to even reserve capacity serverless computing includes the abstraction of servers an event driven scale and micro billing Let's explore each of these concepts serverless computing abstracts the servers you run on you never explicitly reserve server instances the platform manages that

for you each function execution can run on a different compute instance this execution context is transparent to the code with serverless architecture you deploy your code which then runs with high availability serverless computing is an excellent fit For workloads that respond to incoming events events include triggers by timers for example if a function needs to run every day at 10 am utc http for example api and web hook scenarios queues for example with order processing and much more instead of writing an entire application the developer authors a function which contains both code and metadata about

Its triggers and bindings the platform automatically schedules the function to run and scales the number of compute instances based on the rate of incoming events triggers define how a function is invoked bindings provide a declarative way to connect to services from within the code traditional computing bills for a block of time like paying a monthly or annual rate for website hosting This method of billing is convenient but isn't always cost effective even if a customer's website gets only one hit a day they still pay for a full day's worth of availability with serverless computing they

pay only for the time their code runs if no active function executions occur they're not charged for example if the code runs once a day for two minutes they're charged for one execution and two minutes of computing time Azure has two implementations of serverless compute functions can execute code in almost any modern language and logic apps are designed in a web-based designer and can execute logic triggered by azure services without writing any code let's first take a look at azure functions when you're concerned only about the code running your service and not the Underlying platform

or infrastructure using azure functions is ideal functions are commonly used when you need to perform work in response to an event often via a rest request timer or message from another azure service and when that work can be completed quickly within seconds or less using a virtual machine based approach you'd incur costs even when the virtual machine is idle with functions azure runs your code when it's triggered and Automatically deallocates resources when the function is finished in this model you're only charged for the cpu time used while your function runs functions can be either stateless

or stateful when they're stateless the default they behave as if they're restarted every time they respond to an event when they're stateful called durable functions a context is passed through the function to track prior activity Functions are a key component of serverless computing they're also a general compute platform for running any type of code if the needs of the developers app change you can deploy the project in an environment that isn't serverless this flexibility allows you to manage scaling run on virtual networks and even completely isolate the functions in our case study tailwind traders you

determined that some of your application Logic is event driven to reduce your costs you want to avoid having to pay for the time that your application is waiting for input azure functions is ideal in this scenario the serverless app runs only when it's triggered by an event the provider charges only for compute time used by that execution rather than a flat monthly fee for maintaining a physical or virtual server now you'll explore azure logic apps Logic apps are similar to functions both enable you to trigger logic based on an event where functions execute code logic

apps execute workflows that are designed to automate business scenarios and are built from pre-defined logic blocks every azure logic app workflow starts with a trigger which fires when a specific event happens or when newly available data meets specific criteria many triggers include basic scheduling capabilities so developers can specify How regularly their workloads will run each time the trigger fires the logic apps engine creates a logic app instance that runs the actions in the workflow these actions can also include data conversions and flow controls such as conditional statements switch statements loops and branching you create logic

app workflows by using a visual designer on the azure portal or in visual studio the workflows are persisted as a json file with a known Workflow schema azure provides more than 200 different connectors and processing blocks to interact with different services these resources include the most popular enterprise apps you can also build custom connectors and workflow steps if the service you need to interact with isn't covered you then use the visual designer to link connectors and blocks together you pass data through the workflow to do custom Processing often all without writing any code as an

example let's say a ticket arrives in zendesk you could detect the intent of the message with cognitive services create an item in sharepoint to track the issue add the customer to your dynamics 365 crm system if they aren't already in your database send a follow-up email to acknowledge Their request all of those actions could be designed in a visual designer which makes it easy to see the logic flow for this reason it's ideal for a business analyst role in addition to the challenges that tailwind traders has been facing with application scale your manager has asked

you to put together a new development team of remote workers this task would normally require setting up several new computers with all of the requisite Development tools for your new team then you would need to ship them to the respective developers across the country the time to procure set up and ship each of these computers will be costly also all of your new developers have their own computing devices that are running a mixture of windows android and mac os operating systems you want to find a way to expedite the deployment process for your remote workers

you also want to keep your Management course to a minimum with that in mind you want to see how windows virtual desktop can help your organization windows virtual desktop on azure is a desktop and application virtualization service that runs on the cloud it enables your users to use a cloud-hosted version of windows from any location windows virtual desktop works across devices like windows mac ios android and Linux it works with apps that you can use to access remote desktops and apps you can also use most modern browsers to access windows virtual desktop hosted experiences why

should you use windows virtual desktop windows virtual desktop provides the best user experience users have the freedom to connect to windows virtual desktop with any device Over the internet they use a windows virtual desktop client to connect to their published windows desktop and applications this client could either be a native application on the device or the windows virtual desktop html5 web client you can make sure your session host virtual machines run near apps and services that connect to your data center or the cloud this way your users stay productive and Don't encounter long load times

user sign-in to windows virtual desktop is fast because user profiles are containerized by using fs logics at sign in the user profile container is dynamically attached to the computing environment the user profile is immediately available and appears in the system exactly like a native user profile you can provide individual ownership through personal persistent desktops for Example you might want to provide personal remote desktops for members of an engineering team then they can add or remove programs without impacting other users on that remote desktop windows virtual desktop also provides enhanced security windows virtual desktop provides centralized

security management for users desktops with azure active directory azure ad you can enable multi-factor Authentication to secure user sign-ins you can also secure access to data by assigning granular role-based access controls or or backs to users with windows virtual desktop the data and apps are separated from the local hardware windows virtual desktop runs them instead on a remote server the risk of confidential data being left on a personal device is reduced user sessions are isolated in both single and multi-session environments Windows virtual desktop also improves security by using reverse connect technology this connection type is

more secure than the remote desktop protocol we don't open inbound ports to the session host virtual machines some of the key features of windows virtual desktop include simplified management performance management and multi-session windows 10 deployment let's dive right in to find out more let's start off with simplified Management windows virtual desktop is an azure service so it will be familiar to azure administrators you use azure ad and rbx to manage access to resources with azure you also get tools to automate vm deployments manage vm updates and provide disaster recovery as with other azure services windows

virtual desktop uses azure monitor for monitoring and alerts this standardization lets admins Identify issues through a single interface now let's take a look at the performance management feature of windows virtual desktop windows virtual desktop gives you options to load balance users on your virtual machine host pools host pools are collections of virtual machines with the same configuration assigned to multiple users for the best performance you can Configure load balancing to occur as users sign in breath mode with breath mode users are sequentially allocated across the host pool for your workload to save costs you can

configure your virtual machines for depth mode load balancing where users are fully allocated on one virtual machine before moving on to the next windows virtual desktop provides tools to automatically provision additional Virtual machines when incoming demand exceeds a specified threshold another key feature is the ability to set up a multi-session windows 10 deployment that delivers a full windows 10 with scalability windows virtual desktop lets you use windows 10 enterprise multi-session the only windows client based operating system that enables multiple concurrent users on a single virtual machine windows virtual desktop also provides a More consistent experience

with broader application support compared to windows server-based operating systems you have investigated the features and benefits that are available using windows virtual desktop what about costs costs are always something you should consider before you make a decision on using any services so how can you reduce costs with windows virtual desktop one way to reduce costs is that you can Use your existing microsoft licenses windows virtual desktop is available to you at no additional cost if you have an eligible microsoft 365 license you only pay for the azure resources used by windows virtual desktop further examples

of cost savings include windows 10 enterprise and windows 7 enterprise desktops and apps are available at no additional costs when you present an eligible windows or microsoft 365 license Windows server remote desktop services desktops and apps are also available at no additional cost if you are a microsoft remote services client access licensed customer another way to reduce costs associated with windows virtual desktop is to save on compute costs if you buy a one year or three year azure reserve virtual machine instances you can save up to 72 percent versus paying as you go pricing you

can pay for A reservation upfront or monthly reservations provide a billing discount and don't affect the runtime state of your resources in our case study you saw that windows virtual desktop was a great way to expedite the deployment process for your remote workers while simultaneously managing the associated costs let's review some of the key benefits windows virtual desktop can bring to your business windows virtual desktop Works across devices like windows mac ios android and linux provides virtualization on any personal device from any internet connected location gives you access at no additional cost when you use

eligible windows or microsoft 365 licenses pay only for what you use keeps your virtual desktop secure by leveraging reverse connections and security solutions Congratulations you have completed this module azure database analytics and compute services in the first lesson you learned how to help tailwind traders migrate its database workloads to microsoft azure you saw how azure sql database azure database from mysql and azure database for postgresql will enable your company to migrate its existing sql server mysql and postgresql databases to the cloud You can do this even while preserving your company's development and database administration strengths

in addition you saw how azure cosmos db works with a variety of popular apis including sql mongodb cassandra tables and gremlin you can use these to migrate your data to the cloud and retain or enhance your developers skill sets you also learned how you can use big data and analysis services like azure Synapse analytics azure hd insight azure data bricks and azure data lake analytics to analyze large volumes of data you also learned how you can help tailwind traders resolve its application demand challenges using azure virtualization services like azure virtual machines azure container instances and

azure kubernetes service you also learned how you can use azure app service to create your website front Ends azure functions to create event driven application logic that only runs when you need it windows virtual desktop to quickly provide a customized operating system and software environment for your remote workers hello and welcome to azure storage and networking services in this lesson you'll learn about the different azure storage options and the scenarios in which each is appropriate More specifically after completing this lesson you'll be able to describe the benefits and usage of azure blob storage azure disk

storage as your file storage azure blob access tiers we're going back to our case study so you can apply what you learn as we go along suppose your company tailwind traders has a number of product brochures data sheets product images and other files that are related to marketing sales and support In the past your company has been hosting these files on standalone web servers in your data center tailwind is now in the process of migrating its applications to the cloud and your development team is currently architecting new applications your chief technology officer wants to migrate

all of your marketing sales and support files to the cloud in order to take advantage of geographic distribution of your files This move also reduces the number of physical servers that your company maintains in your data center as part of your migration strategy you need to determine the correct approach for your cloud-based storage infrastructure the cto of your company tailwind traders has tasked your team with migrating all of your files to the cloud your team has chosen azure storage which is a service that you can use to store Files messages tables and other types of

information clients such as websites mobile apps desktop applications and many other types of custom solutions can read data from and write data to azure storage azure storage is also used by infrastructure as a service virtual machines and platform as a service cloud services to begin using azure storage you first create an azure storage account to store your data objects You can create an azure storage account by using the azure portal powershell or the azure cli you should note that azure storage is not the same as azure database services your storage account will contain all of

your azure storage data objects such as blobs files and disks for example by using storage accounts to store her files in the cloud sally will be able to access these files through a unique namespace using http or https These files will be highly available and securely stored within this azure storage account please note that azure vms use azure disk storage to store virtual disks however you can't use azure disk storage to store a disk outside of a virtual machine a storage account provides a unique name space for your azure storage data that's accessible from anywhere

in the world over http or https Data in this account is secure highly available durable and massively scalable for more information you can refer to the microsoft azure product documentation on how to create a storage account disk storage provides disks for azure virtual machines applications and other services can access and use these disks as needed similar to how they would in on-premises scenarios Disk storage allows data to be persistently stored and accessed from an attached virtual hard disk disks come in many different sizes and performance levels from solid state drives ssds to traditional spinning hard

disk drives hdds with varying performance tiers you can use standard ssd and hdd disks for less critical workloads premium ssd disks for mission critical production applications and ultradiscs for data Intensive workloads such as sap hana top-tier databases and transaction heavy workloads azure has consistently delivered enterprise grade durability for infrastructure as a service disks with an industry-leading zero percent annualized failure rate an azure virtual machine can use separate disks to store different data azure blob storage is an object storage solution for the cloud It can store massive amounts of data such as text or binary data

azure blob storage is unstructured meaning that there are no restrictions on the kinds of data it can hold blob storage can manage thousands of simultaneous uploads massive amounts of video data constantly growing log files and can be reached from anywhere with an internet connection blobs aren't limited to common file formats a blob could contain gigabytes Of binary data streamed from a scientific instrument an encrypted message for another application or data in a custom format for an app you're developing one advantage of blob storage over disk storage is that it does not require developers to think

about or manage disks data is uploaded as blobs and azure takes care of the physical storage needs blob storage is ideal for storing up to eight terabytes of data for virtual Machines storing data for analysis by an on-premises or azure hosted service storing data for backup and restore disaster recovery and archiving streaming video and audio storing files for distributed access serving images or documents directly to a browser this diagram illustrates how you might use azure accounts containers and blobs azure files offers fully managed file Shares in the cloud that are accessible via the industry standard

server message block and network file system preview protocols azure file shares can be mounted concurrently by cloud or on-premises deployments of windows linux and mac os applications running in azure virtual machines or cloud services can mount a file storage share to access file data just as a desktop application would mount a typical smb share Any number of azure virtual machines or roles can mount and access the file storage share simultaneously typical usage scenarios would be to share files anywhere in the world diagnostic data or application data sharing use azure files for the following situations many

on-premises applications use file shares azure files makes it easier to migrate those applications that share data to azure if you mount the azure file share to the same drive Letter that the on-premises application uses the part of your application that accesses the file share should work with minimal if any changes store configuration files on a file share and access them from multiple vms tools and utilities used by multiple developers in a group can be stored on a file share ensuring that everybody can find them and that they use the same version write data to a

file share and process or analyze the data later for Example you might want to do this with diagnostic logs metrics and crash dumps this illustration shows azure files being used to share data between two geographical locations azure files ensures the data is encrypted at rest and the smb protocol ensures the data is encrypted in transit one thing that distinguishes azure files from files on a corporate file share is that you can access the files from anywhere in the world by using a url That points to the file you can also use shared access signature or

sas tokens to allow access to a private asset for a specific amount of time a service sas uri will show the resource uri and the sas token data stored in the cloud can grow at an exponential pace to manage costs for your expanding storage needs it's helpful to organize your data based on attributes like frequency of access and planned retention period Data stored in the cloud can be different based on how it's generated processed and accessed over its lifetime some data is actively accessed and modified throughout its lifetime some data is accessed frequently early in

its lifetime with access dropping drastically as the data ages some data remains idle in the cloud and is rarely if ever accessed after it's stored to accommodate these different access Needs azure provides several access tiers which you can use to balance your storage costs with your access needs azure storage offers different access tiers for your blob storage helping you store object data in the most cost effective manner the available access tiers include hot access tier optimized for storing data that is accessed frequently for example images for your website cool access tier optimize for data that

is Infrequently accessed and stored for at least 30 days for example invoices for your customers archive access tier appropriate for data that is rarely accessed and stored for at least 180 days with flexible latency requirements for example long-term backups additionally some considerations apply to the different access tiers only the hot and cool access tiers can be set at the account level the archive Access tier isn't available at the account level hot cool and archived tiers can be set up at the blob level during upload or after upload data in the cool access tier can tolerate

slightly lower availability but still requires high durability retrieval latency and throughput characteristics similar to hot data for cool data a slightly lower availability service level agreement and Higher access costs compared to hot data are acceptable trade-offs for lower storage costs archive storage stores data offline and offers the lowest storage costs but also the highest cost to rehydrate and access data this illustration demonstrates choosing between the hot and cool access tiers on a general purpose storage account hello and welcome again to azure storage and networking services in this lesson You'll learn about the different azure networking

options and the scenarios in which each is appropriate when you have completed this lesson you'll be able to describe the core networking resources that are available in azure the benefits and usage of azure virtual network azure vpn gateway and azure express route we are going to use our case study to give you an opportunity to see how the concepts you'll learn about can be Applied in the real world suppose your company tailwind traders has migrated some applications to the cloud and is architecting new ones the servers that host tailwind traders customer and product data are

based in silicon valley your company also has several branch offices located in different geographic regions as part of your migration strategy your company needs to determine the correct Approach to configure its network infrastructure you've been tasked by the cto to take the lead for this part of the project to help save costs you convince your team to move your website and several of your other networked resources to the cloud with that in mind you'll need to provide secure access to private company data for each of its branch locations you want to know how azure can

help you Manage your network more effectively as it turns out managing networks on azure isn't entirely different from managing on-premises networks tailwind traders has an on-premises data center that you plan to keep but you want to use azure to offload peak traffic by using virtual machines hosted in azure you want to keep your existing ip addressing scheme and network appliances while ensuring that any data transfer is secure Using azure virtual network for your virtual networking can help you reach your goals azure virtual networks enable azure resources such as vms web apps and databases to communicate

with each other with users on the internet and with your on-premises client computers you can think of an azure network as a set of resources that links other azure resources azure virtual networks provide the Following key networking capabilities isolation and segmentation internet communications communicate between azure resources communicate with on-premises resources network traffic filter network traffic and connect virtual networks now let's explore the networking capabilities provided by azure isolation and segmentation virtual network allows you to create Multiple isolated virtual networks when you set up a virtual network you define a private ip address space by using

either public or private ip address ranges you can divide that ip address space into subnets and allocate part of the defined address space to each named subnet for name resolution you can use the name resolution service that's built into azure you also can configure the virtual network to use either an internal or an External dns server internet communications a vm in azure can connect to the internet by default you can enable incoming connections from the internet by defining a public ip address or a public load balancer for vm management you can connect via the azure

cli remote desktop protocol or secure shell communicate between azure resources you'll want to enable azure resources to communicate securely with each other you Can do that in one of two ways virtual networks virtual networks can connect not only vms but other azure resources such as the app service environment for powerapps azure kubernetes service and azure virtual machine scale sets service endpoints you can use service endpoints to connect to other azure resource types such as azure sql databases and storage accounts this approach enables you to link Multiple azure resources to virtual networks to improve security and

provide optimal writing between resources azure virtual networks enable you to link resources together in your on-premises environment and within your azure subscription in effect you can create a network that spans both your local and cloud environments there are three mechanisms for you to achieve this connectivity The point-to-site virtual private networks approach is like a virtual private network connection that a computer outside your organization makes back into your corporate network except that it's working in the opposite direction in this case the client computer initiates an encrypted vpn connection to azure to connect that computer to the

azure virtual network a site to cite virtual private network Links your on-premises vpn device or gateway to the azure vpn gateway in a virtual network in effect the devices in azure can appear as being on the local network the connection is encrypted and works over the internet azure express right is the best approach for environments where you need greater bandwidth and even higher levels of security express right provides dedicated private Connectivity to azure that doesn't travel over the internet you'll learn more about expressroute later azure virtual networks enable you to filter traffic between subnets by

using the following approaches network security groups a network security group is an azure resource that can contain multiple inbound and outbound security rules you can define these rules to allow or block traffic based on factors such as Source and destination ip address port and protocol network virtual appliances a network virtual appliance is a specialized vm that can be compared to a hardened network appliance a network virtual appliance carries out a particular network function such as running a firewall or performing a wide area network or one optimization you can link virtual networks together by using virtual

network peering Peering enables resources in each virtual network to communicate with each other these virtual networks can be in separate regions which allows you to create a global interconnected network through azure udr is user-defined routing udr is a significant update to azure's virtual networks as this allows network admins to control the routing tables between subnets within a subnet as well as between v-nets thereby allowing for Greater control over network traffic flow you can create and configure azure virtual network instances from the azure portal azure powershell on your local computer or azure cloud shell when you

create an azure virtual network you configure a number of basic settings you'll have the option to configure advanced settings such as multiple subnets distributed denial of service or ddos protection and service endpoints You'll configure the following settings for a basic virtual network network name the network name must be unique in your subscription but it doesn't need to be globally unique make the name a descriptive one that's easy to remember and identified from other virtual networks address space when you set up a virtual network you define the internal address space in classes inter-domain writing or cidr

format An address space in azure is similar to an on-premises ip addressing scheme this address space will be unique within your subscription just as a subnet is within your on-premises environment you can then assign these address spaces to your virtual networks ensuring there is no overlap or conflicts subscription only applies if you have multiple subscriptions to choose from like any other azure resource a virtual network needs to exist in a resource Group you can either select an existing resource group or create a new one you will have an opportunity to select the location where you

want the virtual network to exist within each virtual network address range you can create one or more subnets that partition the virtual network's address space routing between subnets will then depend on the default traffic routes you also can define custom routes Alternatively you can define one subnet that encompasses all the virtual network's address ranges please note that subnet names must begin with a letter or number and end with a letter number or underscore they may contain only letters numbers underscores periods or hyphens there are two types of services available basic or standard ddos protection standard

ddos protection is a premium Service for more information on standard ddos protection see azure ddos protection standard overview on the azure product documentation you can also enable service endpoints you can select from a list of azure service endpoints which ones you want to enable options include azure cosmos db azure service bus azure key vault and so on after you've completed the configuration of these settings you are ready to Create your azure virtual network now you can define additional settings after you create a virtual network you can then define further settings these include network security groups

have security rules that enable you to filter the type of network traffic that can flow in and out of virtual network subnets and network interfaces you create the network security group separately then you associate it with the virtual network Azure automatically creates a right table for each subnet within an azure virtual network and adds system default rights to the table you can add custom route tables to modify traffic between virtual networks you can also amend the service endpoints after you've created a virtual network you can change any further settings on the virtual network pane in

the azure portal alternatively you can use powershell commands or commands in cloud shell to make changes You can then review and change settings in further subpanes you can add additional address spaces to the initial definition under connected devices use the virtual network to connect machines you can also add additional subnets and under peerings you can link virtual networks in peering arrangements you can also monitor and troubleshoot virtual networks or you can create an automation script to generate the Current virtual network virtual networks are powerful and highly configurable mechanisms for connecting entities in azure you can

connect azure resources to one another or to resources you have on premises you can isolate filter and write your network traffic azure allows you to increase security where you feel you need it a virtual private network or vpn is a type of private interconnected network Vpns use an encrypted tunnel within another network they're typically deployed to connect two or more trusted private networks to one another over an untrusted network typically the public internet traffic is encrypted while traveling over the untrusted network to prevent eavesdropping or other attacks for our tailwind traders scenario vpns can enable

branch offices to share sensitive information between locations For example let's say that your offices on the east coast region of north america need to access your company's private customer data which is stored on servers that are physically located in a west coast region a vpn that connects your east coast offices to your west coast servers allows your company to securely access your private customer data a vpn gateway is a type of virtual network gateway azure vpn gateway instances are deployed In azure virtual network instances and enable the following connectivity connect on-premises data centers to virtual

networks through a site-to-site connection connect individual devices to virtual networks through a point-to-site connection connect virtual networks to other virtual networks through a network to network connection all transferred data is encrypted in a Private tunnel as it crosses the internet you can deploy only one vpn gateway in each virtual network but you can use one gateway to connect to multiple locations which includes other virtual networks or on-premises data centers when you deploy a vpn gateway you specify the vpn type either policy based or right-based the main difference between these two types of vpns is how

traffic to be Encrypted is specified in azure both types of vpn gateways use a pre-shared key as the only method of authentication policy-based vpn gateways specify statically the ip address of packets that should be encrypted through each tunnel this type of device evaluates every data packet against those sets of ip addresses to choose the tunnel where that packet is going to be sent through Key features of policy based vpn gateways in azure include support for ikea v1 only ike or internet key exchange is a protocol used to set up a secure authenticated communications channel between

two parties use of static routing where combinations of address prefixes from both networks control how traffic is encrypted and decrypted through the vpn tunnel the source and destination of the tunneled networks are declared in the policy and Don't need to be declared in writing tables policy-based vpns must be used in specific scenarios that require them such as for compatibility with legacy on-premises vpn devices you can use route-based gateways if defining which ip addresses are behind each tunnel is too cumbersome with write-based gateways ipsec tunnels are modeled as a network interface or virtual tunnel interface ip

writing Either static routes or dynamic writing protocols decides which one of these tunnel interfaces to use when sending each packet route-based vpns are the preferred connection method for on-premises devices they're more resilient to topology changes such as the creation of new subnets use a write-based vpn gateway if you need any of the following types of connectivity Connections between virtual networks point point-to-site connections multi-site connections coexistence with an azure express right gateway key features of right-based vpn gateways in azure include ike v2 support use of any to any wild card traffic selectors use of dynamic writing

protocols where writing forwarding tables direct traffic to different ipsec tunnels in this case the source and destination Networks aren't statically defined as they are in policy-based vpns or even in right-based vpns with static routing instead data packets are encrypted based on network writing tables that are created dynamically using routing protocols such as border gateway protocol or bgp the capabilities of your vpm gateway are determined by the skew or size that you deploy this table shows the main capabilities of each available sku Note that a basic vpn gateway should only be used for dev test workloads

in addition it's unsupported to migrate from basic to the vpn gw123az skus at a later time without having to remove the gateway and redeploy before you can deploy a vpn gateway you'll need some azure and on-premises resources you'll need one of these azure resources before you can deploy an operational vpn Gateway deploy a virtual network with enough address space for the additional subnet that you'll need for the vpn gateway the address space for this virtual network must not overlap with the on-premises network that you'll be connecting to you can deploy only one vpn gateway within

a virtual network deploy a subnet called gateway subnet for the vpn gateway use at least a forward slash 27 address mask to make sure you have enough ip addresses in the Subnet for future growth you can't use this subnet for any other services create a basic skew dynamic public ip address if you're using a non-zone aware gateway this address provides a public writable ip address as the target for your on-premises vpn device this ip address is dynamic but it won't change unless you delete and recreate the vpn gateway create a local network gateway to define

The on-premises network's configuration such as where the vpn gateway will connect and what it will connect to the configuration includes the on-premises vpn devices public ipv4 address and the on-premises writable networks this information is used by the vpn gateway to write packets that are destined for on-premises networks through the ipsec tunnel create the virtual network gateway to Write traffic between the virtual network and the on-premises data center or other virtual networks the virtual network gateway can be either a vpn or express route gateway but this unit only deals with vpn virtual network gateways you'll learn

more about expressroute in a separate unit later in this module create a connection resource to create a logical connection between the vpn gateway and the local network gateway The connection is made to the on-premises vpn device's ipv4 address as defined by the local network gateway the connection is made from the virtual network gateway and its associated public ip address this diagram shows the combination of resources and their relationships to help you better understand what's required to deploy a vpn gateway to connect your data center to a vpn gateway there are some required On-premises resources a

vpn device that supports policy-based or route-based vpn gateways a public-facing internet routable ip address there are several ways to ensure you have a fault tolerant configuration by default vpn gateways are deployed as two instances in an active standby configuration even if you only see one vpn gateway resource in azure When planned maintenance or unplanned disruption affects the active instance the standby instance automatically assumes responsibility for connections without any user intervention connections are interrupted during this failover but they're typically restored within a few seconds for planned maintenance and within 90 seconds for unplanned disruptions with the

introduction of support for the bgp writing protocol you can also deploy Vpn gateways in an active active configuration in this configuration you assign a unique public ip address to each instance you then create separate tunnels from the on-premises device to each ip address you can extend the high availability by deploying an additional vpn device on premises another high availability option is to configure a vpn gateway as a secure Failover path for express right connections express route circuits have resiliency built in but they aren't immune to physical problems that affect the cables delivering connectivity or outages

that affect the complete express right location in high availability scenarios where there's risk associated with an outage of an express right circuit you can also provision a vpn gateway that uses the Internet as an alternative method of connectivity in this way you can ensure there's always a connection to the virtual networks in regions that support availability zones vpn gateways and express route gateways can be deployed in a zone redundant configuration this configuration brings resiliency scalability and higher availability to virtual network gateways Deploying gateways in azure availability zones physically and logically separates gateways within a region

while protecting your on-premises network connectivity to azure from zone level failures these gateways require different gateway skus and use standard public ip addresses instead of basic public ip addresses expressroute lets you extend your on-premises networks into the microsoft Cloud over a private connection with the help of a connectivity provider with expressroute you can establish connections to microsoft cloud services such as microsoft azure and microsoft 365. connectivity can be from an any to any ipvpn network a point-to-point ethernet network or a virtual cross-connection through a connectivity provider at a co-location facility express route connections don't go

over the public Internet this allows express right connections to offer more reliability faster speeds consistent latencies and higher security than typical connections over the internet for information on how to connect your networks to microsoft using expressroute see expressroute connectivity models as part of your work for tailwind traders you should understand what azure express route is and how it integrates with on-premises and azure networks Now we will cover the benefits that expresswrite provides compared to other site-to-site connectivity options as a result you'll learn whether expressroute can provide your company with the best possible network performance throughout

this unit we'll focus on two different layers of the open systems interconnection or osi model layer 2 or l2 is the data link layer which provides node to node communication between two nodes on the Same network layer 3 or l3 is the network layer which provides addressing and routing between nodes on a multi-node network there are several benefits to using expressroute as the connection service between azure and on-premises networks layer 3 connectivity between your on-premises network and the microsoft cloud through a connectivity provider connectivity can be from an any to any ipvpn network a point-to-point

ethernet Connection or through a virtual cross-connection via an ethernet exchange connectivity to microsoft cloud services across all regions in the geopolitical region global connectivity to microsoft services across all regions with the express right premium add-on dynamic writing between your network and microsoft via bgp built-in redundancy in every peering Location for higher reliability connection uptime sla and qos support for skype for business express right provides layer 3 address level connectivity between your on-premises network and the microsoft cloud through connectivity partners these connections can be from a point to point or any to any network they can

also be virtual cross-connections through an exchange each connectivity provider uses Redundant devices to ensure that connections established with microsoft are highly available you can configure multiple circuits to complement this feature all redundant connections are configured with layer 3 connectivity to meet service level agreements express right enables connectivity to microsoft cloud services that includes direct access to the following services in all regions Microsoft office 365 microsoft dynamics 365. azure compute services such as azure virtual machines azure cloud services such as azure cosmos db and azure storage office 365 was created to be accessed securely and reliably

via the internet for this reason we recommend the use of express right for specific scenarios you can enable express right global reach to exchange data across your on-premises sites by connecting your Expressroute circuits for example assume that you have a private data center in california connected to express right in silicon valley you have another private data center in texas connected to express route in dallas with expressrack global reach you can connect your private data centers through two express right circuits your cross data center traffic will travel through the microsoft network expressroute uses the border gateway

Protocol or bgp routing protocol bgp is used to exchange routes between on-premises networks and resources running in azure this protocol enables dynamic routing between your on-premises network and services running in the microsoft cloud express right supports three models that you can use to connect your on-premises network to the microsoft cloud cloud exchange co-location point-to-point ethernet connection Any to any connection co-located providers can normally offer both layer 2 and layer 3 connections between your infrastructure which might be located in the co-location facility and the microsoft cloud for example if your data center is co-located at a

cloud exchange such as an isp you can request a virtual cross connection to the microsoft cloud point-to-point connections provide layer 2 and layer 3 connectivity between your On-premises site and azure you can connect your offices or data centers to azure by using the point-to-point links for example if you have an on-premises data center you can use a point-to-point ethernet link to connect to microsoft with any to any connectivity you can integrate your wide area network with azure by providing connections to your offices and data centers azure integrates with your wan Connection to provide a connection

like you would have between your data center and any branch offices with any to any connections all one providers offer layer 3 connectivity for example if you already use multi-protocol label switching to connect to your branch offices or other sites in your organization an express threat connection to microsoft behaves like any other location on your private one With express right your data doesn't travel over the public internet so it's not exposed to the potential risks associated with internet communications expressroute is a private connection from your on-premises infrastructure to your azure infrastructure even if you have

an express right connection dns queries certificate revocation list checking and azure content delivery network requests are still sent over the public internet In this module you discovered how azure storage can provide your company with a variety of options for storing your data for example you learned that your first step when using azure storage is to create a storage account after you've done so azure provides you with several options for storing your data azure blob storage as your disk storage as your file storage you also use the tailwind trader scenario to learn about the core Networking

resources that are available in azure you learned about the benefits and usage of azure virtual network azure vpn gateway and azure express right you can now apply this information to help your business use azure's networking resources to configure its network infrastructure congratulations you have completed this course on introduction to azure core concepts and services throughout this course you have learned About azure fundamental concepts and architectural components azure database analytics and compute services and finally azure storage and networking services these azure core concepts are the first requirements in the az900 exam the next course will cover

azure management tools and security solutions it is the next step in further preparing for a career using microsoft azure please be reminded to check out more Information about the exam az 900 microsoft azure fundamentals make sure to check the reading material that follows for more information on what's to come next the cloud is enabling dramatic changes in the way we live our lives from the healthcare sector to the entertainment industry the cloud allows small businesses to go global developing countries to expand into new markets and language barriers to fade [Music] doctors can remotely monitor patients

in their own home scientists can predict hurricanes and education can now be distributed to more people than ever before from universities to refugee camps we can use the cloud ai and machine learning to help us quickly search through large amounts of data helping us make important decisions with the right kind of information So instead of guessing and making decisions based on only part of the story we are helping scientists doctors and many other people make better decisions with the right knowledge and skills you can be part of this change cloud computing is rapidly expanding to

all businesses creating new career opportunities career opportunities in cloud computing cover a broad range of roles from developers and architects to security Professionals and data scientists given the constantly evolving nature of the cloud working in the cloud requires continuously updating your knowledge and skills however maybe you don't have that specific university degree the right certifications and hands-on experience or maybe the cost is just too high for these reasons microsoft and coursera have partnered to develop the first in a series of programs to prepare you for a Career in the cloud this program consists of four

courses that will act as a bedrock of fundamental knowledge to prepare you for the az900 certification exam the az900 certification is designed to give you the fundamental knowledge skills and confidence to begin your azure certification journey we've assembled a great team of instructors to prepare you for this journey I'm rachel in course one introduction to azure core concepts and services you'll learn the basics of cloud computing its advantages and how to determine whether azure is the right solution for your business needs you'll learn about several of the database and big data services that are available

on microsoft azure you'll also learn how to take advantage of several virtualization services in azure compute which can help your application scale out quickly and Efficiently to meet increasing demands finally you'll learn about the different storage and virtual network options available in azure i'm barry in course 2 azure management tools and security solutions you learn about ai and software development tools and services from microsoft azure you learn about monitoring and management tools and services from azure you'll then look at the serverless Computing technology and azure iot service that best addresses different business scenarios finally you

learn how azure can help you protect the workloads that you run both in the cloud and in your on-premises data center i'm anita in course 3 azure services and life cycles you'll learn how azure active directory provides identity and access management then you'll learn how to make organizational decisions about Your cloud environment by using the cloud adoption framework for azure you'll learn how to control and audit how your resources are created by using azure policy and enable governance at scale across multiple azure subscriptions by using azure blueprints you'll use the total cost of ownership calculator

to compare your current data center costs to running the same workloads on azure i'm kayleisha and finally in course four preparing for the Az900 as your fundamentals exam you'll get a more detailed overview of the microsoft certification program and where you can go next in your career you'll get tips and tricks testing strategies useful resources and information on how to sign up for the az900 exam you'll also get a recap of the key topics and concepts covered in each course along with the practice exam finally you'll get to take the practice exam that tests all

the main topics Covered in the az 900 proctored exam ensuring you're well prepared for certification success this course aims to help you learn more about azure and prepares you for the azure 900 exam when you pass the az 900 exam you earn the microsoft certified azure fundamental certification becoming az 900 microsoft azure fundamental certified can be the launch pad for your learning journey into cloud computing And azure technologies this certification is a good fit if you are beginning to work with cloud-based solutions and services or are new to azure acquiring the azure fundamental certification is

also an opportunity for you to prove your knowledge of cloud concepts and azure's main features these include azure services azure workloads as your security and privacy and finally azure pricing and support This course will help you to develop these skills and prepare you to pass the official azure az900 exam to get the most out of this course it helps if you are familiar with the general technology concepts including concepts of networking storage compute application support and application development microsoft certifications provide globally recognized and industry endorsed evidence of mastering technical Skills microsoft certification provides you with

the pathway to upgrade your skills validate your abilities enhance your professional performance and develop your career microsoft certifications validate your skills and capabilities and leads you to success achieving certification shows employers that you have drive an initiative if you get hired in a new role are Promoted or change your career your certification speaks volumes about you and what you know perhaps you are already in an i.t support role and your team needs your guidance or opinion you'll definitely be able to respond with confidence once you have successfully completed this program stay ahead get hired and

receive the recognition you deserve in this course you'll explore various Modules relating to azure management tools and security solutions you'll start off with ai services and solutions here you will explore artificial intelligence and software development tools and services from microsoft azure you will be asked to help choose the best solutions for a given business scenario to help you select the right tools and solutions you'll also apply the criteria That experts use to make their choices next you will work through monitoring and managing in azure you learn about monitoring and management tools and services from microsoft

azure and you'll analyze decision criteria that experts use to select the right service for a specific scenario as you dive deeper you'll explore serverless technology and azure iot solutions you'll be introduced to these Tools and services and use expert criteria to choose the best solutions for different kinds of business and technical needs and challenges and as things become even more exciting you will find out how azure can help you protect the workloads that you run both in the cloud and in your on-premises data center in this module general security and network security you will explore

the azure services you can use to help Ensure that your network is safe secure and trusted throughout this course you will have an opportunity to get hands-on experience with azure through interactive exercises practice quizzes and practice exams the interactive exercises offer opportunities to practice and implement what you are learning as an example you'll need to configure network access to a virtual machine running on azure You'll work in a temporary azure environment called the sandbox the beauty about this is that you will be working with real technology but in a controlled environment which allows you to

apply what you learn and at your own pace as you explore the concepts and services that are available through azure you will be given a case study to apply what you are learning to real-world examples in the case study you'll assume the role Of an i.t specialist and address the technology challenges of tailwind traders so that you can help them conduct business more efficiently using real world examples helps to reinforce concepts prepare you for the exam and gives you confidence in your approach now that you have a good idea of what you'll cover in this

course you can review what you learned throughout the Modules in more detail good luck hello and welcome to ai services and solutions in this module you learn about ai and software development tools and services from microsoft azure you'll be introduced to these tools and services and will be asked to help choose the best one for a given business scenario more specifically after completing this module you'll be able to choose the azure ai services that best address your Company's business challenges and choose the software development process tools and services that best address specific business scenarios so

let's dive right into our case study tailwind traders a traditional brick and mortar retailer that has experienced explosive online sales growth faces exciting challenges as it seeks to improve its e-commerce and service operations microsoft's ai services might be a good Fit for one of the company's new initiatives but tailwind traders needs to help to better understand which product option is best for each scenario artificial intelligence is a category of computing that adapts and improves its decision-making ability over time based on its successes and failures microsoft azure provides several ai solutions to choose from each one

depending on the problem you're trying to solve let's take a look at our case Study to see what exciting challenges tailwind traders face as you navigate this lesson you'll need to be familiar with the following concepts application programming interfaces or apis programmers use apis to interact with the functionality that's contained in code libraries web api an api that's accessible from servers that accept requests via http web api endpoint the location of the Code library and rest api the design of the url style that's used to expose the api's functionality after completing this lesson you'll be

able to choose the azure ai services that best address your company's business challenges let's start off by exploring artificial intelligence ai is a broad classification of computing that allows a software system To perceive its environment and take action that maximizes its chance of successfully achieving its goals a goal of ai is to create a software system that's able to adapt or learn something on its own without being explicitly programmed to do it there are two basic approaches to ai the first is to employ a deep learning system that's modeled on the neural network of the

human mind enabling it to discover learn and grow through experience The second approach is machine learning a data science technique that uses existing data to train a model test it and then apply the model to new data to forecast future behaviors outcomes and trends forecasts or predictions for machine learning can make apps and devices smarter for example when you buy online machine learning powers product recommendation systems that offer additional products These recommendations are based on your past purchases or products that you might be interested in machine learning is also used to detect credit card fraud

by analyzing each new transaction and using what it has learned from analyzing millions of fraudulent transactions at a high level there are three primary product offerings from microsoft each of which is designed for a specific audience and use case each option provides a diverse set of Tools services and programmatic apis in this lesson we'll merely scratch the surface of the options capabilities first azure machine learning is a platform for making predictions it consists of tools and services that allow you to connect to data to train and test models to find one that will most accurately

predict a future result after you've run experiments to test the model you can deploy and use it in real Time via a web api endpoint with azure machine learning you can build a process that defines how to obtain data how to handle missing or bad data how to split the data into either a training set or test set and deliver the data to the training process train and evaluate predictive models by using tools and programming languages familiar to data scientists create pipelines that define where and When to run the compute intensive experiments that are required

to score algorithms based on the training and test data and deploy the best performing algorithm as an api to an endpoint so it can be consumed in real time by other applications choose azure machine learning when your data scientists need complete control over the design and training of an algorithm using your own data Second azure cognitive services provide pre-built machine learning models that enable applications to see hear speak understand and even begin to reason use azure cognitive services to solve general problems such as analyzing text for emotional sentiment or analyzing images to recognize objects or

faces you don't need special machine learning or data science knowledge to use these services Developers access azure cognitive services via apis and can easily include these features in just a few lines of code while azure machine learning requires you to bring your own data and train models over that data azure cognitive services for the most part provides pre-trained models so that you can bring in your live data to get predictions on azure cognitive services can be divided into the following categories language Services allow your apps to process natural language with pre-built scripts evaluate sentiment and

learn how to recognize what users want speech services convert speech into text and text into natural sounding speech translate from one language to another and enable speaker verification and recognition vision services Add recognition and identification capabilities when you're analyzing pictures videos and other visual content and decision services add personalized recommendations for each user that automatically improve each time they're used moderate content to monitor and remove offensive or risky content and detect abnormalities in your time series data lastly azure bot service and bot framework are platforms for creating virtual agents That understand and reply to questions

just like a human azure bot service is a bit different from azure machine learning and azure cognitive services in that it has a specific use case namely it creates a virtual agent that can intelligently communicate with humans behind the scenes the bot you build uses other azure services such as azure cognitive services to understand what their human counterparts Are asking for bots can be used to shift simple repetitive tasks such as taking dinner reservations or gathering profile information onto automated systems that might no longer require direct human intervention users converse with the bot by using

text interactive cards and speech abot interaction can be a quick question and answer or it can be a sophisticated conversation that intelligently provides Access to services in this session you'll analyze the criteria that experts employ when they choose an ai service for a specific business need understanding the criteria can also help you better understand the nuance differences among the products the first criteria you should consider when building a virtual agent is are you building one that interfaces with humans via natural language If the answer is yes you use an azure bot service to create your

virtual agent bot service integrates knowledge services natural language processing and form factors to allow interactions across different channels bot service solutions usually rely on other ai services for such things as natural language understanding or even translation for localizing replies into a customer's preferred language there Are also pre-built no-code solutions that cover common scenarios and depending on the requirements may make more sense than starting off by building a custom chat experience with bot service for example you can use q a maker which is available from azure marketplace to build train and publish a sophisticated bot that

uses faq pages support websites product manuals sharepoint documents or editorial Content through an easy to use ui are via rest apis likewise power virtual agents integrates with microsoft power platform so that you can use hundreds of pre-built connectors for data input a connector is a proxy or a wrapper around an api that allows the underlying service to talk to microsoft power automate microsoft power apps and azure logic apps It provides a way for users to connect their accounts and leverage a set of pre-built actions and triggers to build their apps and workflows you can extend

power virtual agents by building custom workflows with power automate and if you feel that the out of the box experience is too limiting you can still build more complex interactions with microsoft bot framework next you need to consider if the service You are building needs to understand the content and meaning of images video or audio or that can translate text into a different language if it does you should use azure cognitive services this is the best solution when it comes to general purpose tasks such as performing speech to text integrating with search or identifying the

objects in an image azure cognitive services is general Purpose meaning that many kinds of customers can benefit from the work that microsoft has already done to train and test these models and offer them inexpensively at scale if you need to predict user behavior or provide users with personalized recommendations in your app you should use azure cognitive services personalizer azure cognitive services personalizer watches your users actions Within an application you can use personalizer to predict their behavior and provide relevant experiences as it identifies usage patterns here again you could capture and store user behavior and create

your own custom azure machine learning solution to do these things but this approach would require much effort and expense if you are developing an app that needs To predict future outcomes based on private historical data you use azure machine learning for example suppose you need to analyze years worth of financial transactions to discover new patterns that could help you create new products and services for your company's clients and then offer those new services during routine customer service calls when you're working with proprietary Data you'll likely need to build a more custom tailored machine learning model

if you need to build a model by using your own data or perform a different task than those that have already been discussed you can use azure machine learning for maximum flexibility data scientists and ai engineers can use the tools they're familiar with and the data you provide to develop deep learning and machine learning models that are tuned for your particular Requirements the tailwind traders e-commerce website allows its customers to browse and purchase items that can be delivered or picked up from a retail store nearest to their location the marketing team is convinced that it

can increase sales dramatically by suggesting add-on products that complement the items in the shoppers cart at the point of checkout the team could hard code these suggestions but it Feels that a more organic approach would be to use its years worth of sales data as well as new shopping trends to decide what products to display to the shopper additionally the suggestions could be influenced by product availability product profitability and other factors the marketing team's existing data science experts have already done some initial analysis of the problem domain and have determined that its plan might take

months to prototype and possibly a Year to roll out let's apply the decision criteria you learned about in the previous session to find the right option for tailwind traders is tailwind traders building a virtual agent that interfaces with humans via natural language no it is not so azure bot service is not a good candidate for this scenario Does tailwind traders need a service that can understand the content and meaning of images video audio or translate text into a different language no it doesn't so the relevant cognitive services will not help the company does tailwind traders

need to predict user behavior or provide users with personalized recommendations yes it does However creating recommendations based on user behavior is only part of the requirement tailwind traders needs to create a complex model that incorporates historical sales data trending sales data inventory and more it's possible that the azure cognitive services personalizer could play a role but it couldn't handle the entire breadth of the project alone will the tailwind traders app predict Future outcomes based on private historical data yes and that is why in this scenario azure machine learning is likely the best choice the success

of this effort would depend primarily on the ability of the model to precisely select the right up-sale products to suggest to the shopper because the model would need to be tweaked and tuned over time An off-the-shelf model would likely not suffice in this case study the marketing team already employs some data science experts and the team is willing to make at least a year-long commitment to building testing and tweaking the models to be used the first generation of the tailwind traders e-commerce website was available exclusively in english however when the marketing team sponsored a demographic

Study for the company's brick and mortar locations it found that on average only 80 percent of the potential customers speak english in some neighborhoods that number falls to 50 the team sees the addition of multiple languages as a wonderful opportunity to serve non-english speakers with the same online e-commerce experience as english speakers as in the previous session let's apply The decision criteria you learned about earlier to find the right option tailwind traders will not be implementing a virtual agent at the moment however the team are excited about adding multiple languages to serve non-english speakers translator

is part of azure cognitive services it is easy to integrate into your applications websites tools and solutions it allows you to add multi-language user Experiences in more than 60 languages and you can use it on any hardware platform with any operating system for text-to-text language translation it is likely the best solution for tailwind traders but let's continue applying the decision criteria to make sure based on the case study taiwan traders do not need to predict user behavior or provide users with personalized recommendations So azure cognitive services personalizer is not a good candidate for their current

goals based on the case study although it's possible to create a machine learning model for multi-language translation it would be expensive and time consuming for tailwind traders to attempt to build translation models themselves the team has neither the deep learning competency nor the linguistic data that's required to train the models Now that you've examined all the expert criteria you can confidently select azure cognitive services as the best product option for this case study the customer service team has long asked for a virtual agent to handle most questions it gets asked no matter how prominent it

makes the answers to the most frequently asked questions on the website shoppers are impatient and perceive contact in a Check window as saving them time the team wants shoppers to feel as though they're interacting with a real human when it becomes clear that the virtual agent can't provide an answer the chat session should be transferred to a human providing a virtual agent would decrease the amount of time it takes for all shoppers to receive answers the virtual agent could answer most questions which would free up human Customer service agents to provide support for more difficult

questions or thorny account related issues once again apply the decision criteria you're now familiar with to find the right product is tailwind traders building a virtual agent that interfaces with humans via natural language yes it is azure bot service should be used in this scenario to implement a virtual agent Chat experience bot service could benefit from the information on the website's frequently asked questions page along with thousands of chat sessions that have been stored between shoppers and customer service representatives customer service supervisors can test and tweak the answers to continue to refine the chat experience

even though you've likely found the best option for this scenario keep applying The decision criteria to see whether any additional options might work does tailwind traders need a service that can understand the content and meaning of images video audio or translate text into a different language possibly yes in this scenario as your cognitive services could be used along with bot service to build the solution to expedite implementation the developers could explore using pre-built Solutions such as q a maker part of cognitive services or power virtual agents also any azure bot solution would likely implement several

azure cognitive services such as language understanding lewis and possibly translator to translate from the shopper's language to english and back again does tailwind traders need to predict user behavior or provide users with Personalized recommendations no it doesn't azure cognitive services personalizer is not a good candidate for this scenario will the tailwind traders app need to predict future outcomes based on private historical data no although tailwind traders does have historical data to feed into a model which would make it possible to use azure machine learning to create a chat Solution another option is already tailored for

the chatbot experience our goal in this lesson was to help tailwind traders explore several ai service offerings from azure that it can apply to various business opportunities without ai services tailwind traders would spend more time and effort on manual tasks respond to customers less quickly offer weak product recommendations and be unable to fully Support customers who speak languages other than english ai is one focus that could transform every area of a business such transformation is limited only by the creativity and imagination of the organization welcome back this week you'll explore software development process tools and

services modern software development practices are supported by tools that encompass Virtually every aspect of the software development life cycle in this lesson you'll focus specifically on the comprehensive set of tools that microsoft has created to help organizations implement devops practices develop solutions and save money while doing so during this lesson you'll notice that sometimes it seems as though these tools overlap in functionality to help you select the right tools and Solutions you'll explore the criteria that experts use to make their choices there are no formal prerequisites for this course however some familiarity with the concept

of devops and its larger purpose in an organization is valuable microsoft offers tools to enable source code management automating the creation of testing environments and continuous integration and continuous delivery To help with understanding the value of the tools covered in this lesson it is beneficial to have familiarity with the concepts such as software development lifecycle source code management and version control the various forms of testing continuous integration and continuous delivery continuous deployment infrastructure as code software developers and operations Professionals strive to create working software systems that satisfy the needs of the organization however sometimes their

short-term objectives are at cross-purposes which can result in technical issues delays and downtime devops is a new approach that helps to align technical teams as they work towards common goals to accomplish this alignment organizations employ practices and Processes that seek to automate the ongoing development maintenance and deployment of software systems their aim is to expedite the release of software changes ensure the ongoing deployability of the system and ensure that all changes meet a high quality bar when done correctly devops practices and processes touch nearly every aspect of the company this includes the software development lifecycle

and the collaboration of Software developers with each other and with operations and quality assurance teams devops requires a fundamental mindset change from the top down organizations can't merely install software tools or adopt services and hope to get all of the benefits promised by devops now let's check in with tailwind traders to see if the organization has any plans to adopt a devops mindset Tailwind traders has experimented with various software development processes and tools until now however there has been no organizational commitment to shift to a devops mindset likewise there has been no planned coordinated effort

to standardize on a set of core tools and processes several new initiatives at the company accentuate the need for agile repeatable dependable management and deployment of software systems tailwind traders Believes that the adoption of devops tooling and practices is critical to the company's future success by the end of this lesson you'll be able to choose the software development process tools and services that best support those practices in this session you'll be introduced to three primary offerings azure devops services github and github actions and azure devtest labs each offering is aimed at a specific Audience and

use case and provides a diverse set of tools services programmatic apis and more so let's dive right in azure devops services is a suite of services that address every stage of the software development lifecycle azure boards is an agile project management suite that includes kanban boards reporting and tracking ideas and work from high level epics to work items and issues Like kanban boards it visually displays work at various stages of a process azure repos is a centralized source code repository where software development devops engineering and documentation professionals can publish their code for review and collaboration

azure pipelines is a continuous integration and continuous delivery pipeline automation tool azure test plans is an automated test tool that can be used in a ci cd Pipeline to ensure quality before a software release azure artifacts is a repository for hosting artifacts such as compile source code which can be fed into testing or deployment pipeline steps azure devops is a mature tool with a large feature set that began as on-premises server software and evolved into a software as a service offering from microsoft now on to github and github actions Github is arguably the world's most

popular code repository for open source software git is a decentralized source code management tool and github is a hosted version of git that serves as the primary remote github builds on top of git to provide related services for coordinating work reporting and discussing issues providing documentation and more it offers the following functionality It's a shared source code repository including tools that enable developers to perform code reviews by adding comments and questions in web view of the source code before it can be merged into the main code base it facilitates project management including kanban boards it

supports issue reporting discussion and tracking it features ci cd pipeline automation tooling It includes a wiki for collaborative documentation and it can be run from the cloud or on-premises most relevant for this module github actions enables workflow automation with triggers for many life cycle events one such example would be automating a continuous integration or continuous delivery tool chain a tool chain is a combination of software tools that aid in the delivery Development and management of software applications throughout a system's development life cycle the output of one tool in the tool chain is the input of

the next tool in the tool chain typical tool functions range from performing automated dependency updates to building and configuring the software delivering the build artifacts to various locations testing and so on with such similarity between many github And azure devops features you might wonder which product to choose for your organization unfortunately the answer might not be straightforward although both azure devops and github allow public and private code repositories github has a long history with public repositories and is trusted by tens of thousands of open source project owners github is a lighter weight tool than Azure

devops with the focus on individual developers contributing to the open source code azure devops on the other hand is more focused on enterprise development with heavier project management and planning tools and finer grained access control it's important for you to note that your choices are not limited to azure devops services or github and github actions in practice you can mix and match these services as needed For example you can use github repos with azure boards for work item tracking finally let's take a brief look at azure devtest labs and how it helps organizations to manage

the vms that developers and testers need to ensure a new app works across various operating systems azure devtest labs provides an automated means of managing the process of building setting up and tearing down virtual machines that contain builds of Your software projects this way developers and testers can perform tests across a variety of environments and builds and this capability isn't limited to vms anything you can deploy in azure vn azure resource manager template can be provisioned through devtest labs provisioning pre-created lab environments with their required configurations and tools already installed is a huge time saver

For quality assurance professionals and developers so how does azure devtest labs work suppose you need to test a new feature on an old version of an operating system azure devtest labs can set up everything automatically upon a request after the testing is complete devtest labs can shut down and deprovision the vm which saves money when it's not in use to control costs the management team can Restrict how many labs can be created how long they run and so on in this session you'll analyze the criteria that experts employ when they choose devops tools or services

to address specific business needs understanding the criteria can also help you better understand the nuance differences between each product if your aim is to automate the creation and management of a test lab environment Consider choosing azure devtest labs among the three tools and services we've discussed it's the only one that offers this functionality however you can automate the provisioning of new labs as part of a tool chain by using azure pipelines or github actions you should also consider if you are building open source software although azure devops can publish public code repositories github has long

been the preferred host For open source software if you're building open source software you would likely choose github if for no other reasons then it's visibility and general acceptance by the open source development community your choices aren't limited to azure devops services our github and github actions in practice you can mix and match these services as needed for example you can use github repos with azure boards for Work item tracking however the remaining decision criteria you will look at in this lesson are specific to choosing between either azure devops or github regarding source code management

and devops tools you need to think about what level of granularity you need for permissions github works on a simple model of read write permissions to every feature meanwhile azure devops has a much more Granular set of permissions that allow organizations to refine who is able to perform most operations across the entire tool set when it comes to source code management and devops tools you need to consider how sophisticated your project management and reporting needs to be although github has work items issues and a kanban board project management and reporting is the area where azure

Devops excels azure devops is highly customizable which allows an administrator to add custom fields to capture metadata and other information alongside each work item by contrast the github issues feature uses tags as its primary means of helping a team categorize issues when it comes to source code management and devops tools you need to think about how tightly you need to integrate with Third-party tools although we make no specific recommendations about third-party tools it's important for you to understand your organization's existing investments in tools and services and to evaluate how these dependencies might affect your choice

it's likely that most vendors that create devops tools create hooks or apis that can be used by both azure pipelines and github actions Even so it's probably worth the effort to validate that assumption in this video you'll apply the decision criteria that you have already examined to choose the most appropriate services let's check in with tailwind traders to see what the software development team are busy with the software development team at tailwind traders works on many different projects both for internal and external usage the team needs to give project Sponsors and managers executive level reporting

this reporting includes burn down charts track progress against epics and track custom information that's specific to tailwind traders in each work item and bug report as taiwan traders grows and hires contractors and outside vendors for short-term work the upper management team wants to ensure that these individuals have access only to the information they need to do their work Let's apply the decision criteria to help tailwind traders choose the best devops solution for each scenario does tailwind traders need to automate and manage test lab creation no in this scenario azure devtest labs is not a candidate

because it isn't intended for this specific use case is tailwind traders building open source software no although it's not stated specifically tailwind traders is building internal And external systems such as their e-commerce system which isn't open source so that isn't a consideration in this scenario given the level of granularity the tailwind traders team needs for assigning permissions is azure devops a good candidate for this scenario yes earlier we stated that tailwind traders will hire temporary employees and Vendors for short-term work this would make a granular permissions requirement an important consideration for upper management based on

what we have covered earlier this feature would make azure devops a leading candidate by using azure devops tailwind traders administrators would also have a more robust set of options for controlling permissions across the entire portfolio of work Does teo and traders require a sophisticated project management and reporting solution yes in the tailwind traders case study robust project management and reporting features are one of the primary considerations here again because of the amount of work item customization and reporting the management team wants azure devops would likely be a good choice does tailwind Traders require tight integration

with any third-party devops tools no tool integration was not listed as a primary consideration for this scenario as you learned in the previous session most third-party devops tools integrate both azure devops and github which makes it likely that the team will find the tools it needs considering all the expert criteria in this case there is no doubt that azure Devops is the service we should choose tailwind traders hopes to publish an api that would allow third parties to integrate their own inventories of new and used items this approach would allow tailwind traders to offer a

wider variety of products directly from their ecommerce site although the internal implementation of the api is closed source tailwind traders wants to create a set of examples that call the api to perform Various actions the team needs a platform to share example code collect feedback on the api allow contributors to report issues and build a community around feature requests using our case study let's continue to apply the decision criteria you learned about previously to help tailwind traders find the right option does tailwind traders need to automate and manage test lab creation no So in this

scenario azure devtest labs is not a candidate because it isn't intended for this specific use case is tailwind traders building open source software yes as we noted in a previous session developers are used to seeing this kind of content available on github with github tailwind traders developers can publish their code accept community contributions to improve the code Examples accept feedback and bug reports and more because this scenario involves open source code github is a leading candidate given the level of granularity the tailwind traders team needs for assigning permissions is github a good candidate for this

scenario yes although it's not stated explicitly the fact that tailwind traders will be accepting community contributions Issuing reports and generally attempting to build a community of developers around their api examples the company's permission needs are basic users can either view only or view and write does tailwind traders require a sophisticated project management and reporting solution no because of the nature of this project the team doesn't require a sophisticated Project management and reporting solution in this scenario the strength of the azure devops services isn't required does tailwind traders require tight integration with any third-party devops tools

no tool integration wasn't listed as a primary consideration for this scenario however this doesn't qualify or disqualify either tool Github is the best choice for this scenario although you could use azure devops to make the repository public some of the other features that involve the development community such as feedback or bug reports would be less accessible tailwind traders wants to be more methodical and careful when it pushes new versions of its e-commerce website to production the company will expand its quality Assurance team and it will use the cloud to create and host virtual machines through

this approach it will create testing environments that match the production environment the management team has concerns around the costs of a more automated test environment for instance it wants to make sure that the qa professionals are not wasting time configuring the testing environment to match the production environment The team wants to ensure that the vms are destroyed when they're no longer in use it wants to limit the number of vms that each qa professional is allowed to spin up also the team wants to ensure that each environment is configured correctly and consistent with the production

environment once again start by applying the decision criteria you learned about in The previous session to help tell when traders solve this final scenario does tailwind traders need to automate and manage test lab creation yes this looks like a job for azure devtest labs because it can do everything that the team needs to accomplish in this scenario we could continue evaluating the decision criteria but neither azure devops nor github is needed for this Scenario remember that either azure devops or github could be used to create product releases that can automatically be included in any vms

that you create for testing purposes without software development services and tools from microsoft the tailwind traders team might have difficulty in realizing the benefits of such devops practices as continuous integration and continuous delivery source code Management and work item management congratulations you have completed ai services and solutions you covered two lessons in this module let's look back on your journey in the previous lesson you helped tailwind traders explore several ai service offerings from azure that it can apply to various business opportunities you identified a few product options and their capabilities including azure but service as

your Cognitive services and azure machine learning you analyzed certain decision criteria to help yourself choose one option over another depending on the scenario then you applied those decision criteria to three tailwind traders initiatives helping the company find the best service option for each scenario in this lesson you helped tailwind traders choose the best devops solution for a set of requirements across various Software development and testing needs you identified various product options and capabilities including azure devops services github including github actions and azure devtest labs you analyze the criteria for choosing one option over another in

each scenario then you apply those criteria to three separate challenges at tailwind traders helping the team determine the best service option for the scenarios devops practices and processes have Changed the software development landscape helping to accelerate software development and improve the deployability and quality of software systems microsoft offers a wealth of tools that can help organizations implement devops practices experience better collaboration among technical teams and achieve more consistent results from those teams modern software systems running in the Cloud are complex gaining visibility into the health and performance of your application hosting environment across all of

its layers of services is challenging fortunately there are several solutions from microsoft that can help you react quickly to outages research intermittent issues optimize your usage and be proactive in handling future planned downtime tailwind traders a traditional brick and Mortar retailer is now experiencing explosive growth by selling products online the company is seeking to tighten and operationalize control of its cloud environment it faces several challenges from needing to optimize its cloud spend and security posture to tracking intermittent issues and planning ahead for upcoming outages however the company needs help with choosing the right product option

for Each of these scenarios in this lesson you learn about the several microsoft monitoring solutions and you'll analyze decision criteria that experts use to select the right service for a specific scenario when you have completed it you'll be able to choose the cloud monitoring service that best addresses your company's business challenges when identifying their product options several basic questions or concerns face All companies that use the cloud are we using the cloud correctly can we squeeze more performance out of our cloud spend are we spending more than we need to do we have our systems

properly secured how resilient are our resources if we experience a regional outage could we fail over to another region how can we diagnose and fix issues that occur intermittently how can we quickly determine the cause of an outage How can we learn about planned downtime fortunately by using a combination of monitoring solutions on azure you can gain answers insights and alerts to help ensure that you've optimized your cloud usage ascertain the root cause of unplanned issues prepare ahead of time for planned outages at a high level there are three primary azure monitoring offerings azure advisor

azure monitor Azure health service each of which is aimed at a specific audience and use case and provides a diverse set of tools services programmatic apis and more you will be introduced to each of these next first let's look at azure advisor this offering evaluates your azure resources and makes recommendations to help improve reliability security and performance achieve operational excellence and reduce costs advisor is Designed to help you save time on cloud optimization the recommendation service includes suggested actions you can take right away postpone or dismiss the recommendations are available via the azure portal and

the api and you can set up notifications to alert you to new recommendations when you're in the azure portal the advisor dashboard displays personalized recommendations for all your subscriptions and you can use Filters to select recommendations for specific subscriptions resource groups or services the recommendations are divided into five categories reliability used to ensure and improve the continuity of your business critical applications security used to detect threats and vulnerabilities that might lead to security breaches performance used to improve the speed of Your applications cost used to optimize and reduce your overall azure spending operational excellence used

to help you achieve process and workflow efficiency resource manageability and deployment best practices azure monitor is a platform for collecting analyzing visualizing and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment this diagram illustrates just how comprehensive azure monitor is on the left is a list of the sources of logging and metric data that can be collected at each layer in your architecture from application to operating system and network in the center you can see how the logging and metric data is stored in central repositories on the

right you can see how the data is used you can View real-time and historical performance across each layer of your architecture are aggregated and detailed information the data is displayed at different levels for different audiences you can view high-level reports on the azure monitor dashboard or create custom views by using power bi and custom queries additionally you can use the data to help you react to critical events in real time through alerts delivered to Teams via sms email and so on or you can use thresholds to trigger auto scaling functionality to scale up or down

to meet the demand some popular products such as azure application insights a service for sending telemetry information from application source code to azure uses azure monitor under the hood with application insights your application developers can take advantage of the powerful data analysis platform in azure Monitor to gain deep insights into an application's operations and diagnose errors without having to wait for users to report them azure service health notifies you about azure service incidents and planned maintenance so you can take action to mitigate downtime azure service health provides a personalized view of the health of the

azure services regions and resources you rely on The status.azure.com website which displays only major issues that broadly affect azure customers doesn't provide the full picture but azure service health displays both major and smaller localized issues that affect you service issues are rare but it's important to be prepared for the unexpected you can set up alerts that help you triage outages and planned maintenance after an outage service health provides official Incident reports called root cause analysis rrcas which you can share with stakeholders service health helps you keep an eye on several event types service issues are

problems in azure such as outages that affect you right now you can drill down to the affected services regions updates from your engineering teams and find ways to share and track the latest information Health advisories are issues that allow you to act in advance to avoid service interruption including service retirements and upcoming changes health advisories are announced far in advance to allow you to plan and finally with azure service health you can keep track of planned maintenance events that can affect your availability you can drill down to the affected services regions and details to show

how An event will affect you and what you need to do most of these events occur without any impact to you and aren't shown here in the rare case that a reboot is required service health allows you to choose when to perform the maintenance to minimize the downtime now you'll analyze the criteria that experts employ when they choose an azure monitoring service for a specified business need By understanding the criteria you can better assess the nuance differences among the products if cost reduction improving resilience or hardening your security are important considerations for your project azure

advisor can help you to achieve your goals you can use azure advisor to analyze your deployed resources it analyzes the configuration and usage of your resources and provide suggestions on how to optimize them for reliability Security performance costs and operations based on experts best practices you can use azure service health to keep tabs on azure itself especially the services and regions you depend on you can view the current status of the azure services you rely on upcoming planned outages and services that will be sunset you can set up alerts that help you stay on top

of instance and upcoming downtime without having to Visit the dashboard regularly you can use azure monitor to keep track of the performance or issues related to your specific vm or container instances databases your applications and so on you can visit azure monitor and create reports and notifications to help you understand how your services are performing or diagnose issues related to your azure usage azure monitor is also the best option if you are choosing a service to measure Custom events alongside other usage metrics if you need to set up alerts for outages or when auto scaling

is about to deploy new instances again you can use azure monitor to do this it can set up alerts for key events that are related to your specific resources you can use azure monitor when you want to measure custom events alongside other collected telemetry data custom events such as those added in the Source code of your software applications could help identify and diagnose why your application is behaving a certain way tailwind traders want to optimize its cloud spin also the organization is concerned about security breaches because it stores customer data and historical purchase data in

cloud-based databases as the organization ramps up its cloud expertise it wants to better understand Its use of the cloud better understand best practices and pinpoint easy wins where it can tighten up its cloud spend and security practices to determine which service you should choose you can apply the decision criteria you learned about earlier to find the right option tailwind traders understands that it might be spending too much is concerned about its security practices and wants To have its cloud usage analyzed against industry best practices therefore azure advisor is the best option for this scenario although

you might have found the right product option let's continue evaluating the decision criteria for this scenario second in this scenario do you think tailwind traders needs to monitor the health of azure services that affect all customers are the resources that are deployed in azure No it doesn't this scenario isn't concerned with operations however azure advisor does analyze and provide recommendations for achieving operational excellence the third consideration in this scenario does tail when traders want to measure custom events alongside other usage metrics no measuring custom events isn't mentioned as a requirement and isn't a Consideration in

this scenario fourth in this scenario does tailwind traders want to set up alerts for outages or when auto scaling is about to deploy new instances again this scenario isn't concerned with operations however azure advisor does analyze and provide recommendations for achieving operational excellence azure advisor is the right product option to help tailwind traders better Understand and optimize both its cloud spend and its cloud security posture this product might help the organization with other areas of cloud usage as well the tailwind traders ecommerce website is experiencing intermittent errors and the team is unsure of the cause

because of the nature of the errors the team suspects that it's either a database or a caching issue what are the circumstances surrounding the errors does it happen only during Peak usage times what is the state of the team's azure sql instance how can it trace the issues to a root cause just as before you should apply the decision criteria that you learned about earlier to find the right option first in this scenario does tailwind traders need an analysis of its azure usage for the sake of optimization no optimization isn't the team's objective In this

scenario so as your advisor isn't a candidate because this issue happens intermittently it's unlikely to affect an entire azure region or service it's more likely that a logic issue exists somewhere in their ecommerce website code or another issue is causing database failures or caching locks in this scenario the team could use azure monitor to pinpoint a specific user session and look at the performance Of each service that's involved in the issue the third decision in this scenario is does tailwind traders want to measure custom events alongside other usage metrics yes software developers can send additional

information about the state of the web application via application insights to help locate the root cause of the issue application insights relies on the azure Monitor platform to store custom event information fourth in this scenario does tailwind traders want to set up alerts for outages or when auto scaling is about to deploy new instances no alerting isn't their objective in this scenario azure monitor is the best option for helping tailwind traders track this intermittent issue the team can use a wealth of tools to Help it gain insight into the application's performance at a high level

and deep dive into specific issues tailwind traders wants to operationalize its cloud environment specifically its cloud operations team wants to let stakeholders know about upcoming planned downtime in advance the team also wants its solution architects to be forewarned about any microsoft plans to sunset services so it can re-architect its software products Accordingly when outages do happen the team wants to quickly ascertain whether the issue is specific to their services or a service interruption that affects many azure customers the team also wants to provide key stakeholders with reports that explain how and why the incident occurred

and so on again apply the decision criteria you learned about earlier to find the right Product first does tailwind traders need to analyze its azure usage for the sake of optimization no so azure advisor isn't a candidate for this scenario second does tailwind traders want to monitor the health of azure services that affect all customers are the resources deployed on azure the requirement is to stay abreast of Upcoming planned downtime additionally the team wants to capture official incident reports for this reason azure service health is the strongest candidate to choose for this scenario although it's

likely that you would choose azure service health let's continue evaluating the remaining decision criteria third does tailwind traders want to measure custom events alongside other Usage metrics no measuring custom events isn't mentioned as a requirement and isn't a consideration in this scenario setting up alerts for outages is a requirement but creating alerts for other events such as auto scaling are not in scope you can use azure service health to set up alerts that are specific to azure outages that affect all azure customers Or you can use azure monitor to set up alerts for outages and

other events that affect only your specific resources in this scenario azure service health is the correct option to choose congratulations you have completed this lesson our goal in this lesson was to help tailwind traders explore several monitoring service offerings from azure to apply to a variety of business scenarios We identified three product options and their capabilities azure advisor azure monitor and azure service health we analyze decision criteria for choosing one option over another for certain scenarios then we applied those decision criteria to three different challenges faced by tailwind traders helping them find the best service

option for the scenario without monitoring services tailwind Traders would spend more money on its cloud environment be unsure about its cloud security posture have difficulty pinpointing issues in its application logic and be unable to plan ahead for outages or supply formal outage reports to stakeholders azure monitoring services provide a comprehensive array of features to help improve your cloud operations by using azure management tools administrators developers and managers Can interact with the cloud environment to perform such tasks as deploying dozens or hundreds of resources at a time configuring individual services programmatically viewing rich reports across usage

health costs and more microsoft azure provides a collection of management tooling options to choose from depending on the situation tailwind traders a traditional brick and Mortar retailer is now experiencing explosive growth by selling products online the company owes much of its success to an ability to quickly and efficiently manage its cloud environment as it began its cloud journey tailwind traders initially had to choose the right management tools for its business needs in this lesson you'll explore the array of azure management tools and the Decision criteria that experts use to select the right ones for their

specific scenarios after completing this lesson you'll be able to choose the azure management tools that best address your organization's technical needs and challenges at a high level there are two broad categories of management tools visual tools and code based tools visual tools provide visually friendly Access to all the functionality of azure however visual tools might be less useful when you're trying to set up a large deployment of resources with interdependencies and configuration options when you're attempting to quickly set up and configure azure resources a code-based tool is usually the better choice although it might take

time to Understand the right commands and parameters at first after they've been entered they can be saved into files and used repeatedly as needed also the code that performs setup and configuration can be stored versioned and maintained along with application source code in a source code management tool such as git this approach to managing hardware and cloud resources which developers use when they write application code is referred to as infrastructure as code There are two approaches to infrastructure as code imperative code details each individual step that should be performed to achieve a desired outcome by

contrast declarative code details only a desired outcome and it allows an interpreter to decide how to best achieve that outcome this distinction is important because tools that are based on declarative code can provide a more robust approach to deploying dozens or hundreds of Resources simultaneously and reliably microsoft offers a variety of tools and services to manage your cloud environment each aimed at different scenarios and users by using the azure portal a web-based user interface you can access virtually every feature of azure the azure portal provides a friendly graphical ui to view all the services you're

using create new services configure your services and view reports The azure portal is how most users first experience azure but as your azure usage grows you'll likely choose a more repeatable code-centric approach to managing your azure resources the azure mobile app provides ios and android access to your azure resources when you're away from your computer with it you can monitor the health and status of your azure resources check for alerts quickly diagnose and Fix issues and restart a web app or virtual machine run the azure cli or azure powershell commands to manage your azure resources

azure powershell is a shell with which developers and devops and it professionals can execute commands called commandlets these commands call the azure rest api to perform every possible management task in azure command lists can be executed independently or combined into A script file and executed together to orchestrate the routine setup teardown and maintenance of a single resource are multiple connected resources the deployment of an entire infrastructure which might contain dozens or hundreds of resources from imperative code capturing the commands in a script makes the process repeatable and automatable azure powershell is available for windows linux

and mac and you can access it in a web browser via azure cloud Shell windows powershell has helped windows centric it organizations automate many of their on-premises operations for years and these organizations have built up a large catalog of custom scripts and commandlets as well as expertise the azure cli is an executable program with which a developer devops professional or it professional can execute commands in bash the commands call the azure rest api to Perform every possible management task in azure you can run the commands independently or combined into a script and executed together for

the routine setup teardown and maintenance of a single resource or an entire environment in many respects the azure cli is almost identical to azure powershell in what you can do with it both run on windows linux and mac and can be accessed in a web browser via Cloud shell the primary difference is the syntax you use if you're already proficient in powershell or bash you can use the tool you prefer although it's possible to write imperative code in azure powershell or the azure cli to set up and tear down one azure resource or orchestrate an

infrastructure comprising hundreds of resources there's a better way to implement this functionality By using azure resource manager templates you can describe the resources you want to use in a declarative json format the benefit is that the entire arm template is verified before any code is executed to ensure that the resources will be created and connected correctly the template then orchestrates the creation of those resources in parallel that is if you need 50 instances of the same resource all 50 instances are created at the same time Ultimately the developer devops professional or it professional needs only

to define the desired state and configuration of each resource in the arm template and the template does the rest templates can even execute powershell and bash scripts before or after the resource has been set up next you get a chance to analyze the criteria that experts employ to help them decide which azure management tools To use to address their business needs understanding the criteria can help you better understand the nuance differences among the products do you need to perform one-off management administrative or reporting actions use either azure powershell or the azure cli if you need

to quickly obtain the ip address of a virtual machine you've deployed reboot a vm or scale an app you might want to keep custom scripts handy On your local hard drive for certain operations that you perform occasionally by contrast azure resource manager templates express the infrastructure requirements for your application for a repeatable deployment arm templates aren't intended for one-off scenarios but depending on the scenario it's possible to use them for this purpose in these instances you should prefer powershell azure cli scripts or the Azure portal also arm templates can include powershell or azure cli scripts

which can trigger the execution of arm templates this gives you flexibility in choosing the right tool for your particular needs you could perform most if not all management and administrative actions via azure portal if you're just learning azure need to set up and manage resources infrequently or prefer a Visual interface for viewing reports it makes sense to take advantage of the visual presentation that the azure portal offers however if you're in a cloud management or administrative role it's less efficient to rely solely on visual scanning and clicking to find the settings and information you want

to work with it's often quicker and more repeatable to use the azure cli or powershell The last option in this case is the azure mobile app which you can access via an ios or android phone or tablet because it's full featured it's likely the best choice when a laptop isn't readily available and you need to view and triage issues immediately now if you need a way to repeatedly set up one or more resources and ensure that all the dependencies are created in the proper order you can use arm templates In a way they can express

your application's infrastructure requirements for a repeatable deployment a validation step ensures that all resources can be created so that the resources are created in the proper order based on dependencies in parallel and item potent by contrast it's entirely possible to use either powershell or the azure cli to set up all the resources for a deployment However there's no validation step in these tools if a script encounters an error the dependency resources can't be rolled back easily deployments happen serially and only some operations are idempotent when you're scripting do you come from a windows administration or

linux administration background if you or your cloud administrators come from a windows administration background it's likely you'll prefer powershell If you or your cloud administrators come from a linux administration background it's likely you'll prefer the azure cli in practice either tool can be used to perform most one-off administration tasks tailwind traders uses azure extensively throughout its entire organization to make sure that both the technical and executive teams are aware of the company's cloud spend the director of cloud operations will begin to meet Weekly with the chief financial officer to talk about their cloud spend conversations

might begin at a high level but the two officers might want to deep dive during the meeting to gain more insight into how azure resources are being used ideally they would be able to see the data displayed visually but also be able to run custom reports in real time you will decide which tool they can use during their meeting To determine which service you should choose you can apply the decision criteria you learned about earlier to find the right option first in this scenario do you think tailwind traders need to perform one-off management administrative or

reporting actions yes and given the requirement to view data visually and create custom reports during the meeting the azure portal is The best choice the meeting attendees can quickly find answers to their questions by using a wealth of reporting options the next two decisions you need to make are is there a way to repeatedly set up one or more resources and is your scripting background in windows or linux these questions don't apply to this scenario because the director of cloud operations and the cfo won't be deploying or configuring any resources Therefore the azure portal is

the correct product option for this scenario tailwind traders employs technologists with many different skills a team of developers and administrators builds and maintains a collection of internet applications that are vital to the business the team members have strong backgrounds in windows development and network administration the team moves its applications to the Cloud and it now needs a way to perform one-off testing management and administrative tasks in its internet environment the team quickly realized that managing azure from the portal takes too much time and is not repeatable which tool should the company use for one-off tasks

as you did before apply the decision criteria you learned about to find the right option first in this scenario does The tailwind traders team need to perform one-off management administrative or reporting tasks yes however the team already knows that it doesn't want to rely on the azure portal for these one-off actions therefore both azure powershell and the azure cli are good options we'll hone in on which tool the team should use in a moment second in this scenario does tailwind traders need a repeatable and reliable Means of deploying its entire infrastructure no not in this

scenario therefore azure resource manager templates are not the right choice when the tailwind traders team is doing scripting does it come from a windows administration or linux administration background this team has a windows administration background it would likely be most comfortable using azure powershell because this tool allows it to use the Syntax it's most comfortable with to perform one-off administration tasks did you work it out azure powershell is the best choice for this scenario as we noted before tailwind traders employs technologists with many different skills the devops team is primarily concerned with keeping external systems

such as the company's ecommerce site up and running This team has a linux administration background it frequently needs to perform administrative tasks related to the health of the cloud environment the team quickly realized that managing azure from the portal takes too much time and isn't repeatable which tool should it use for one-off tasks once again apply the decision criteria you learned about earlier to find the Right option because this scenario is almost identical to the one before you can skip over the first two criteria in other words you can quickly eliminate the azure resource manager

templates and the azure portal as viable options for this scenario so let's go to the third decision criterion choosing the right option in this scenario should be determined by the Team's background because this team has a linux administration background it would likely be most comfortable using the azure cli the azure cli allows the team to use the bash shell and its syntax to perform one-off administration tasks the azure cli is the best choice for this scenario tailwind traders experiences surges in e-commerce traffic that coincide with National holidays and weekends in the company's first few years

managers of critical systems had to convene at the office of the director of cloud operations during these important periods however now that tailwind traders has successfully operationalized most critical systems the director wants to relax this requirement and allow employees to spin these dates with their families is there a product that can help support This scenario the first question you need to ask in this scenario is does taiwan traders need to remotely monitor and administer services yes it does but the real question is how a phone or tablet solution could help key employees keep an eye

on the health of the cloud environment when they're out of the office the azure mobile app is likely a good compromise because it lets employees be away from work and Still perform essential one-off management and administrative tasks we can skip the rest of the decision criteria in this unique scenario the azure mobile app is the right choice tailwind traders want to operationalize their cloud deployments the company needs a repeatable reliable way to scale its operations during peak sales periods because you'll be choosing a process for scaling your production environment you Need to ensure that your

chosen service is efficient and can potentially create many resources in parallel creates all dependencies in the correct order can be used without worrying that it failed in the middle of provisioning the necessary infrastructure let's run through the decision criteria one more time first in this scenario does tailwind traders need to perform one-off management Administrative or reporting actions this time we're not looking to support one-time or one-off management or administration tasks we're looking for a technology to automate the deployment of an entire infrastructure as needed second does tailwind traders need a repeatable and reliable way to

deploy its entire infrastructure yes this is exactly what the company needs our decision criteria lead us to choose Azure resource manager templates for this scenario also does tailwind traders need a repeatable and reliable way to deploy its entire infrastructure yes this is exactly what the company needs our decision criteria leads us to choose azure resource manager templates for this scenario the third decision criterion assumes that you need to write a script by using imperative code however when you use arm Templates you define your infrastructure declaratively by using json code in some instances you still might

need imperative code for configuration or cleanup tasks in these cases you can trigger the execution of scripts by using either azure powershell or the azure cli to perform these tasks in this scenario to scale production environment arm templates are the correct choice our goal in this module Was to help tailwind traders choose the right cloud management tools from microsoft for its various technical needs we identified a variety of product options and their capabilities including the azure portal the azure mobile app azure powershell the azure cli and azure resource manager templates we analyzed decision criteria for

choosing one option over another in specific scenarios we then applied those decision criteria to three different tailwind Traders initiatives helping the company find the best service option for each scenario without a full suite of management tools the company would be severely limited in how it interacts with azure fortunately azure provides a powerful mix of visual management tools imperative scripting tools and declarative infrastructure as code tools hello and welcome to azure serverless technology and iot In the first lesson you learn about two serverless computing solutions in azure azure functions and azure logic apps you'll examine what

they are how they differ and when you should choose one over the other you'll be introduced to these tools and services and will be asked to help choose the best one for a given business scenario in the second lesson you'll help tailwind traders select the right azure Iot service offering for its business scenarios by evaluating the services in relation to a set of decision criteria you learn about what the various services do how they're different are complementary and when to use one or the other to get the most out of this module you should have

an understanding of the concept of orchestration and workflows an understanding of the concept of apis and a high level familiarity with Relevant microsoft products such as dynamics 365 and office 365. in this module you will help tailwind traders to choose which azure serverless technology and azure iot solutions are right for different business scenarios tailwind traders a traditional brick and mortar retailer has found success selling online the company sees several opportunities to improve its e-commerce website for example it wants to provide more Accurate real-time inventory information online to customers who want to visit their local store

to purchase an item the company also wants to respond more proactively to customers who've had a negative experience by providing a new customer retention program tailwind traders suspects that serverless computing can help it provide these services but it needs help to understand which azure solutions are right for its business scenarios Serverless computing is a term used to describe an execution environment that's set up and managed for you you merely specify what you want to happen by writing code or connecting and configuring components in a visual editor and then specify the actions that trigger your functionality

such as a timer or an http request best of all you never have to worry about an outage Your code can scale instantly to meet demand and you pay based only on the actual usage of your code by the end of this lesson you'll be able to choose the serverless computing technology that best addresses tailwind traders business scenarios there are two serverless computing solutions on azure azure functions and azure logic apps before we start let's take another look at the key principles of serverless Computing serverless computing is a cloud-hosted execution environment that runs your code

but abstracts the underlying hosting environment the term serverless computing is a misnomer after all there is a server or a group of servers that executes your code or desired functionality the key idea is that you're not responsible for setting up or maintaining the server you don't have to worry about scaling it when there's Increased demand and you don't have to worry about outages the cloud vendor takes care of all maintenance and scaling concerns for you you create an instance of the service and you add your code no infrastructure configuration or maintenance is required or even

allowed you configure your serverless apps to respond to events an event could be a rest in point a periodic timer or even a message Received from another azure service the serverless app runs only when it's triggered by an event scaling and performance are handled automatically and your billed only for the resources you use you don't even need to reserve resources serverless computing is ordinarily used to handle back-end scenarios in other words server-less computing is responsible for sending messages from one system to another or processing Messages that were sent from other systems it's not used for

user-facing systems but rather it works in the background the core azure services for serverless are azure functions and azure logic apps both solutions help developers to build robust cloud apps with minimal code let's take a closer look at how each of these serverless automation platforms work within azure with the azure function service you can host a single Method or function by using a popular programming language in the cloud that runs in response to an event an example of an event might be an http request a new message on a queue or a message on a

timer because of its atomic nature azure functions can serve many purposes in an application's design functions can be written in many common programming languages such as c-sharp python javascript typescript java and powershell Azure function scales automatically and changes accrue only when a function is triggered these qualities make azure functions a solid choice when demand is variable for example you might be receiving messages from an iot solution that monitors a fleet of delivery vehicles you'll likely have more data arriving during business hours as your functions can scale out to accommodate these busier times an azure Function

is a stateless environment a function behaves as if it's restarted every time it responds to an event this feature is ideal for processing incoming data and if state is required the function can be connected to an azure storage account azure functions can perform orchestration tasks by using an extension called durable functions which allows developers to chain Functions together while maintaining state the azure function solution is ideal when you're concerned only with the code that's running your service and not the underlying platform or infrastructure you use functions most commonly when you need to perform work in

response to an event you do this often via a rest request timer or message from another azure service and when that work can be Completed quickly within seconds or less now let's explore the key components of logic apps logic apps is a low code no code development platform hosted as a cloud service this service helps you automate and orchestrate tasks business processes and workflows when you need to integrate apps data systems and services across enterprises or organizations logic apps simplifies how you design and build scalable solutions whether in the Cloud on-premises or both this solution

covers app integration data integration system integration enterprise application integration and business to business integration azure logic apps is designed in a web-based designer and can execute logic that's triggered by azure services without your having to write any code you build an app by linking triggers to actions with connectors a trigger is an event such as a timer that causes an app to execute a New message to be sent to a queue or an http request an action is a task or step that can execute there are logic actions such as those you would find in

most programming languages examples of actions include working with variables decision statements and loops and tasks that parse and modify data to build enterprise integration solutions with azure logic apps you can choose From a growing gallery of over 200 connectors the gallery includes services such as salesforce sap oracle db and file shares if you can't find the action or connector you need you can build your own by using custom code both azure functions and azure logic apps help enable business logic that automates your azure workflow the primary difference between the two services is their intent Azure

functions is a serverless compute service and azure logic apps is intended to be a serverless orchestration service although you can use azure functions to orchestrate a long-running business process that involves various connections this was not its primary use case when it was designed additionally the two services are priced differently azure functions pricing is based on the number of executions and the running Time of each execution logic app's pricing is based on the number of executions and the type of connectors that it utilizes with two viable serverless options it can be difficult to know which is

the best one for the job in this session you'll analyze the criteria that experts employ when they're choosing a serverless service to use for a given business need understanding the criteria can also help You better understand the nuance differences between the products when choosing the most appropriate serverless solution you should ask yourself if you need to perform an orchestration across well-known apis as we noted previously azure logic apps was designed with orchestration in mind from the web-based visual configurator to the pricing model logic apps excels at connecting a large array of disparate services via their

Apis to pass and process data through many steps in a workflow it's possible to create the same workflow by using azure functions but it might take a considerable amount of time to research which apis to call and how to call them azure logic apps has already componentized these api calls so that you supply only a few details and the details of calling the necessary apis is abstracted away although azure logic apps can perform Logic loops decisions and so on if you have a logic intensive orchestration that requires a complex algorithm implementing that algorithm might be

more long-winded and visually overwhelming with azure functions you can use the full expressiveness of a programming language in a compact form this lets you concisely build complex algorithms or data lookup and parsing operations You would be responsible for maintaining the code handling exceptions resiliently and so on next you need to think about your existing code if you already have your orchestration or business logic expressed in c sharp java python are another popular programming language it might be easier to port your code into the body of an azure functions function app than to recreate it by

using azure logic apps Ultimately your choice comes down to whether you prefer to work in a declarative environment or an imperative environment developers who have expertise in an imperative programming language might prefer to think about automation and orchestration from an imperative mindset i t professionals and business analysts might prefer to work in a more visual low code no code declarative environment azure logic apps is best suited for Users who are more comfortable in a visual environment that allows them to automate their business processes azure functions is best suited for software developers and those with expertise

in an imperative programming language data about each product that's sold at tailwind traders is packaged as a json message and sent to an event hub the event hub distributes the json message to subscribers which allows various Systems to be notified tailwind traders wants to upgrade its e-commerce site to include real-time inventory tracking currently the website updates product availability nightly at 2 am a windows service that's written in c-sharp contains all of the necessary logic to retrieve the messages parse the json perform a lookup across multiple databases to find additional product information and potentially send notifications

to the purchasing Department so that they can reorder quantities that fall below certain levels the windows service runs in a virtual machine that's hosted on azure most of the time this system works fine however some products are in high demand and some products are kept in low quantities at each store several times a day customers drive to a store to pick up an item only to find that it's no longer in stock Instead of running the algorithm nightly the company wants to run the inventory updater each time a product is purchased let's apply the decision

criteria you learned about earlier to find the right option for tailwind traders because the tailwind traders developers team has already written the logic in c-sharp it would make sense to copy the relevant c-sharp code from the windows service and port it to an azure function the developers would bind the function To trigger each time a new message appears on a specific queue it's possible to implement the same logic in azure logic apps however because the team has already invested time in building the service in c sharp it can use the same code in an azure

function tailwind trader sends its customers an invitation to participate in a customer satisfaction survey randomly after a purchase Currently the customer satisfaction results are aggregated averaged and charted however its customer service department sees an opportunity to reach out proactively to customers who provide low scores and leave comments with a negative sentiment ideally negative customer satisfaction scores would trigger a customer retention workflow first a sentiment analysis would be Generated based on the free form comments an email would be sent to the customer with an apology and a coupon code and the message would be routed to

the dynamics 365 customer service team so that it could schedule a follow-up email unfortunately no tailwind traders developer resources are available to take on this project but the customer service team works with several cloud and it professionals who Might be able to construct a solution once again apply the decision criteria you learned about earlier to find the right option for tailwind traders this is an ideal scenario for azure logic apps connectors already exist for each of the steps outlined in the workflow because azure logic apps is a low code no code service no developers are

needed a cloud or it professional should be able to build and support this workflow a cloud or it professional could use Existing connectors to perform a sentiment analysis by using the azure cognitive services connector send an email by using the office 365 outlook connector and create a new record and follow-up email by using the dynamics 365 customer service connector using azure functions as an alternative would take quite a bit of research development and testing for a developer to build a solution that utilizes all these disparate software systems Welcome back in this lesson you'll help till

when traders select the right azure iot service offering for its business scenarios by evaluating the services in relation to a set of decision criteria you'll learn what the various services do how they're different or complementary and when to use one or the other tailwind traders sees many opportunities to use azure iot services across many Different facets of their operations from new product development to logistics and point of sale iot bridges the physical and digital worlds by enabling devices with sensors and an internet connection to communicate with cloud-based systems via the internet by the end of

this lesson you'll be able to choose the azure iot service that best addresses tailwind traders business scenarios iot enables devices to gather and then Relay information for data analysis smart devices are equipped with sensors that collect data a few common sensors that measure attributes of the physical world include environmental sensors that capture temperature and humidity levels barcode qr or optical character recognition scanners geolocation and proximity sensors light color and infrared sensors sound and ultrasonic sensors motion and touch sensors accelerometer and tilt Sensors smoke gas and alcohol sensors error sensors to detect when there's a problem

with the device mechanical sensors that detect anomalies are deformations and flow level and pressure sensors for measuring gases and liquids by using azure iot services devices that are equipped with these kinds of sensors and that can connect to the internet could send their sensor readings to a specific endpoint in azure via a message the Messages data is then collected and aggregated and it can be converted into reports and alerts alternately all devices could be updated with new firmware to fix issues or add new functionality by sending software updates from azure iot services to each device

let's suppose your company manufactures and operates smart refrigerated vending machines what kinds of information would you want To monitor you might want to ensure that each machine is operating without any errors the machines haven't been compromised the machine's refrigeration systems are keeping their contents within a certain temperature range and that you're notified when products reach a certain inventory level so you can restock the machines if the hardware of your vending machines can collect and send this information in a standard Message the messages each machine sends can be received stored organized and displayed by using azure

iot services the data that's collected from these devices could be combined with azure ai services to help you predict when machines need proactive maintenance when inventories will need to be replenished and new product ordered from vendors many services can assist and drive into end solutions for iot on azure In this lesson you'll explore azure iot hub azure iot central and azure sphere azure iot hub is a managed service that's hosted in the cloud and that acts as a central message hub for bi-directional communication between your iot application and the devices it manages you can use

azure iot hub to build iot solutions with reliable and secure communications between millions of iot devices and a cloud-hosted solution back-end you can connect Virtually any device to your iot hub the iot hub service supports communications both from the device to the cloud and from the cloud to the device it also supports multiple messaging patterns such as device to cloud telemetry file upload from devices and request reply methods to control your devices from the cloud after an iot hub receives messages from a device it can route that message to other azure services From a cloud

to device perspective iot hub allows for command and control that is you can have either manual or automated remote control of connected devices so you can instruct the device to open valves set target temperatures restart stock devices and so on iot hub monitoring helps you maintain the health of your solution by tracking events such as device creation device failures and device connections azure iot central builds on top of iot hub by adding a Dashboard that allows you to connect monitor and manage your iot devices the visual user interface makes it easy to quickly connect new

devices and watch as they begin sending telemetry or error messages you can watch the overall performance across all devices in aggregate and you can set up alerts that send notifications when a specific device needs maintenance finally you can push hardware updates to the device to help you get up and running quickly Iot central provides starter templates for common scenarios across various industries such as retail energy healthcare and government you then customize the design starter templates directly in the ui by choosing from existing themes are creating your own custom theme setting the logo and so on

with iot central you can tailor the starter templates for the specific data that's sent from your devices the Reports you want to see and the alerts you want to send you can use the ui to control your devices remotely this feature allows you to push a software update or modify a property of the device you can adjust the desired temperature for one or all of your refrigerated vending machines from directly inside of iot central a key part of iot central is the use of device templates by using a device Template you can connect a device

without any service side coding iot central uses the templates to construct the dashboard's alerts and so on device developers still need to create code to run on the devices and that code must match the device template specification azure sphere creates an end-to-end highly secure iot solution for customers that encompasses everything from the hardware and operating system on the device to the Secure method of sending messages from the device to the message hub azure sphere has built-in communication and security features for internet connected devices azure sphere comes in three parts the first part is the azure

sphere microcontroller unit or mcu which is responsible for processing the operating system and signals from attached sensors this image displays the seed azure sphere mt-3620 development kit mcu one Of several different starter kits that are available for prototyping and developing azure sphere applications the second part is a customized linux operating system that handles communication with the security service and can run the vendor's software and the third part is azure sphere security service also known as as3 its job is to make sure that the device has not been maliciously compromised as3 is microsoft's cloud-based service That

communicates with azure sphere chips to enable maintenance update and control when the device attempts to connect to azure it first must authenticate itself per device which it does by using certificate-based authentication if it authenticates successfully as3 checks to ensure that the device hasn't been tampered with after it has established a secure channel of communication As3 pushes any os or approved customer developed software updates to the device after the azure sphere system has validated the authenticity of the device and authenticated it the device can interact with other azure iot services by sending telemetry and error information

now that you have looked at how azure iot hub azure iot central and azure sphere can assist and drive into in solutions for iot on azure next you will Choose the appropriate service to use in different business scenarios in this video you'll analyze the criteria that experts employ when they decide which iot service to use for a given business need understanding the criteria can also help you better understand the nuance differences between each product let's start off by looking at security whether you are a manufacturer or customer you don't want your devices to Be maliciously

compromised and used for criminal purposes it's obviously more critical to ensure the integrity of an atm than say a washing machine so when choosing the correct option you always look at what is most critical for your needs before making a decision when security is a critical consideration in your product's design the best product option is azure sphere which provides a comprehensive end-to-end solution for Iot devices as we mentioned previously azure sphere ensures a secure channel of communication between the device and azure by controlling everything from the hardware to the operating system and the authentication process

this ensures that the integrity of the device is uncompromised after a secure channel is established messages can be received from the device securely and messages or software updates can be sent to the device remotely your next Decision will be the level of services you require from your iot solution if you merely want to connect to your remote devices to receive telemetry and occasionally push updates and you don't need any reporting capabilities you might prefer to implement azure iot hub by itself your programmers can still create a customized set of management tools and reports by using

the iot hub restful api iot central integrates with many Different azure products including iot hub to create a dashboard with reports and management features the dashboard is based on starter templates for common industry and usage scenarios you can use the dashboard that's generated by the starter template as is or customize it to suit your needs you can have multiple dashboards and target them at a variety of users the tailwind traders senior leadership Team has decided to partner with a leading appliance manufacturer to create an exclusive high-end brand that promises a pre-emptive maintenance service agreement this

unique feature would differentiate tailwind traders appliances in a crowded competitive market the feature also makes the brand lucrative because a yearly subscription would be required to build a strong brand reputation the Appliances will send telemetry information to a centralized location where it can be analyzed and maintenance can be scheduled the devices will not require remote control they will merely be sending their telemetry data for analysis and proactive maintenance because tailwind traders already has software in place for managing appliance maintenance requests the company wants to integrate all functionality into this Existing system let's apply the decision

criteria you learned about earlier to find the right option for tailwind traders do you think it is critical to ensure that the device are in this case each appliance isn't compromised no it's preferable but not critical that the devices aren't compromised the worst that could happen is a hacker reads the current temperature of the customer's refrigerator or the number of loads of laundry the washing machine has Completed even if the customer calls and reports strange behavior with their appliance a technician could reset or replace the microcontroller it might not warrant the extra expense or engineering

resources that would be required to employ azure sphere but why not azure sphere provides a complete solution for scenarios where security is critical in this scenario security is preferred but not critical The appliances can't be updated with new software remotely the sensors merely report usage data as a result azure sphere isn't necessary in this case do you think you need a dashboard for reporting and management no tailwind traders wants to integrate the telemetry data and all other functionality into an existing maintenance request system given the responses to the decision Criteria azure iot hub is the

best choice in this scenario azure iot central provides a dashboard that allows companies to manage iot devices individually and in aggregate view reports and set up error notifications via a gui but in this scenario tailwind traders wants to integrate the telemetry it collects and other analysis functionality into an existing software application Furthermore the company's appliances will be collecting data via sensors only and don't need the ability to update settings or software remotely therefore the company doesn't need azure iot central azure sphere provides a complete solution for scenarios where security is critical in this scenario security

is preferred but not critical the appliances can't be updated with new Software remotely the sensors merely report usage data as a result azure sphere isn't necessary tailwind traders owns a fleet of delivery vehicles that transport products from warehouses to distribution centers and from distribution centers to stores and homes the company is looking for a complete logistics solution that takes data sent from an onboard vehicle computer and turns it into actionable information Furthermore shipments can be outfitted with sensors from a third-party vendor to collect and monitor ambient conditions these sensors can collect information such as temperature

humidity tilt shock light and the location of a shipment the goals for this logistics system are shipment monitoring with real-time tracing and tracking shipment integrity with real-time ambient condition monitoring Security from theft loss or damage of shipments geofencing route optimization fleet management and vehicle analytics and forecasting for predictable departure and arrival of shipments the company would prefer a pre-built solution to collect the sensor and vehicle computer data and provide a graphical user interface that displays reports about shipments and vehicles let's find the right solution in this case is it critical to ensure That the device

isn't compromised ideally each sensor and vehicle computer would be impervious to interference however security was not mentioned as a critical concern at this point the vehicle computers and sensors are built by a third-party vendor and unless tailwind traders wants to manufacture its own devices which they don't the company will be forced to use hardware that's already available does tailwind traders need a dashboard For reporting and management yes a reporting and management dashboard is a requirement if tailwind traders uses iot central the company would actually be using an iot hub that's pre-configured for its specific needs

by the connected logistics starter template otherwise the company would need to do a lot of custom development to build its own cloud-based dashboards and management systems on top of azure iot Hub on the other hand azure sphere provides a complete solution for scenarios where security is critical in this scenario security is ideal but not a critical priority although azure sphere provides an end-to-end solution that includes hardware tailwind traders will use hardware from a third-party vendor so in this scenario azure sphere is not necessary In this scenario you can see that iot central is the best

choice tailwind traders wants to implement a touchless point of sale solution for self-checkout the self-checkout terminals should be above all else secure each terminal must be impervious to malicious code that could create fraudulent transactions force the company to take systems offline during a heavy shopping period or send transactional data to a spying Organization the terminal should also report back vital information on the company's health and allow secure updates to its software remotely after reviewing many possible solutions during a request for proposal process tailwind traders decides that it needs features that vendors have yet to implement

instead of using an existing solution the company decides to work with a leading engineering firm that Specializes in iot solutions this approach allows the company to build a uniquely secure terminal that gives it a retail platform to build on going forward although most of the company's focus is on the terminal itself taiwan traders realizes that it wants a solution that can help it make sense of all the data that will be generated by these terminals across all of its retail stores And it wants an easy way to push software updates to its terminals let's see

whether you can decide on the perfect solution do you think it is critical to ensure that the device or in this case each point of sale terminal is not compromised absolutely device security is the primary requirement does tailwind traders need a dashboard For reporting and management yes the company requires a reporting and management dashboard so given the responses to the decision criteria the iot engineering firm will build a platform on top of both azure iot central and azure sphere even though no specific starter template is available in azure iot central for this scenario one can

easily be adapted to accommodate the kinds of reports the company wants To see and the management operations it wants to perform by using iot central tailwind traders would actually be using iot hub behind the scenes as well congratulations you have completed azure serverless technology and iot you covered two lessons in this module let's look back on your journey you helped tell when traders choose the right serverless computing technology For its business scenarios when the company needed to build a solution that pulls code logic from an existing c-sharp windows service you chose azure functions when the

company needed to orchestrate a workflow to improve customer retention after a negative shopping experience you chose azure logic apps in both cases you noted how choosing the other serverless computing service would be possible However you try to help the company consider the decision criteria we outlined and choose the right service for the scenario without serverless computing tailwind traders would be forced to set up and manage its own computing infrastructure for these business scenarios the team would have needed to closely monitor the services to determine whether it needed to scale the service and it likely would

have wasted money in The process with either too many or too few computing resources dedicated to the solution additionally it might have had to design write test and maintain custom code to get similar results by helping tailwind traders select the right serverless computing solutions you are able to deploy new functionality to help the company improve customer satisfaction with its e-commerce platform our goal in this lesson was to help Tailwind traders explore various iot services from azure and choose the best service for the company's business scenarios tailwind traders was able to capture telemetry data from appliances

combine it with some machine learning to predict future maintenance and create a significant value-added service for customers by using azure iot hub the company was able to implement a complete real-time logistics system to Track deliveries and vehicles by using azure iot central and the connected logistics starter template and finally it was able to design and build a secure modern point-of-sale self-checkout terminal by using azure sphere without azure iot services receiving messages from devices might still be possible but it would likely be less secure and require custom development to implement A dashboard for reporting and management

it would also be more difficult to push software or firmware updates to each device iot is an exciting evolution in computing that bridges the physical and digital worlds azure iot services provide a significant amount of functionality for organizations that want to build device driven and sensor driven solutions hi and welcome to this module on general security and network security in azure In this module you'll learn about how azure can help you protect the workloads that you run in both the cloud and in your on-premises data center you will also learn about the azure services you

can use to help ensure that your network is safe secure and trusted more specifically after completing this module you will know the concepts of how to strengthen your security posture and protect against threats by using azure security center Collect and act on security data from many different sources by using azure sentinel store and access sensitive information such as passwords and encryption keys securely in azure key vault manage dedicated physical servers to host your azure vms for windows and linux by using azure dedicated host identify the layers that make up a defense in-depth strategy explain how

azure firewall enables you to control what traffic is allowed on The network configure network security groups to filter network traffic to and from azure resources within a microsoft azure virtual network and explain how azure ddos protection helps protect your azure resources from ddos attacks so let's dive right into our case study to demonstrate this we are going to use our case study to give you an opportunity to apply the concepts you Learn tailwind traders operates retail hardware stores across the globe and online it specializes in competitive pricing fast shipping and a large range of items

it's looking at cloud technologies to improve business operations and support growth into new markets by moving to the cloud the company plans to enhance its shopping experience to further differentiate itself from Competitors tailwind traders runs a mix of workloads on azure and in its data center the company needs to ensure that all of its systems meets a minimum level of security and that its information is protected from attacks the company also needs a way to collect and act on security events from across its digital estate let's explore how tailwind traders can use some of the

tools and features in Azure as part of its overall security strategy in this lesson you learn about some of the security tools that can help keep your infrastructure and data safe when you work in the cloud security is a small word for a significant concept there are so many factors to consider in order to protect your applications and your data how does azure help you protect Workloads that you run in the cloud and in your on-premises data center after completing this lesson you'll be able to know the concepts of how to strengthen your security posture

and protect against threats by using azure security center collect and act on security data from many different sources by using azure sentinel store and access sensitive information such as passwords and encryption keys securely in azure key vault Manage dedicated physical servers to host your azure vms for windows and linux by using azure dedicated host tailwind traders is broadening its use of azure services it still has on-premises workloads with current security related configuration best practices and business procedures how does the company ensure that all of its systems meet a minimum level of security and that its

information is protected from attacks Many azure services include built-in security features tools on azure can also help tailwind traders with this requirement let's start by looking at azure security center azure security center is a monitoring service that provides visibility of your security posture across all of your services both on azure and on-premises the term security posture refers to cyber security policies and controls As well as how well you can predict prevent and respond to security threats security center can monitor security settings across on-premises and cloud workloads automatically apply required security settings to new resources as

they come online provide security recommendations that are based on your current configurations resources and networks continuously monitor your resources and Perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited use machine learning to detect and block malware from being installed on your virtual machines and other resources you can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run detect and analyze potential inbound attacks And investigate threats and any post-breach activity that might have occurred and provide just-in-time access control for network

ports doing so reduces your attack surface by ensuring that the network only allows traffic that you require at the time that you need it to tailwind traders can use security center to get a detailed analysis of different components in its environment because the company's resources are Analyzed against the security controls of any governance policies it has assigned it can view its overall regulatory compliance from a security perspective all from one place here's an example of what you might see in azure security center let's say the tailwind traders must comply with the payment card industries data

security standard this report shows that the company has the resources that it needs to remediate In the resource security hygiene section tailwind traders can see the health of its resources from a security perspective to help prioritize remediation actions recommendations are categorized as low medium and high let's now take a look at how secure score is implemented secure score is a measurement of an organization's security posture secure score is based on security controls are groups of Related security recommendations your score is based on the percentage of security controls that you satisfy the more security controls you

satisfy the higher the score you receive your score improves when you remediate all of the recommendations for a single resource within a control in this example from the azure portal we can see the portal showing a score of 57 or 34 out of 60 points following the secure score Recommendations can help protect your organization from threats from a centralized dashboard and azure security center organizations can monitor and work on the security of their azure resources like identities data apps devices and infrastructure secure score helps you report on the current state of your organization's security posture

improve your security posture by providing discoverability visibility Guidance and control and compare benchmarks and establish key performance indicators security center also includes advanced cloud defense capabilities for virtual machines network security and file integrity let's take a look at how some of these capabilities apply to tailwind traders just in time vm access tailwind traders will configure just in time access to vms this access blocks Traffic by default to specific network ports of virtual machines but allows traffic for a specified time when an administrator requests and approves it adaptive application controls tailwind traders can control which applications

are allowed to run on its virtual machines in the background security center uses machine learning to look at the processes running on a virtual machine it creates exception rules for each Resource group that holds the virtual machines and provides recommendations this process provides alerts that inform the company about unauthorized applications that are running on its vms adaptive network hardening security center can monitor the internet traffic patterns of the vms and compare those patterns with the company's current network security group settings are nsg settings from there security center can make Recommendations on whether the nsgs should

be locked down further and provide remediation steps file integrity monitoring tailwind traders can also configure the monitoring of changes to important files on both windows and linux registry settings applications and other aspects that might indicate a security attack so as you can see tailwind traders can use security center to get a centralized view of all of its security alerts From there the company can dismiss false alerts investigate them further remediate alerts manually or use an automated response with a workflow automation this workflow automation uses azure logic apps and security center connectors the logic app can

be triggered by a threat detection alert or by a security center recommendation filtered by name or by severity you can then configure the logic app to Run an action such as sending an email or posting a message to a microsoft teams channel security management on a large scale can benefit from a dedicated security information and event management or sim system a sim system aggregates security data from many different sources as long as those sources support an open standard logging format it also provides capabilities for threat detection and Response azure sentinel is microsoft's cloud-based sim system

it uses intelligent security analytics and threat analysis azure sentinel enables you to collect cloud data at scale across all users devices applications and infrastructure both on-premises and from multiple clouds detect previously undetected threats while minimizing false positives by Using microsoft's comprehensive analytics and threat intelligence investigate threats with artificial intelligence and examine suspicious activities at scale tapping into years of cyber security experience from microsoft respond to incidents rapidly by utilizing built-in orchestration and automation of common tasks let's go back to the tailwind traders case study in this instance tailwind Decides to explore the capabilities of azure

sentinel first the company identifies and connects its data sources azure sentinel supports a number of data sources which it can analyze for security events these connections are handled by built-in connectors or industry standard log formats and apis connectors provide real-time integration for services like microsoft threat protection solutions microsoft 365 sources including office 365 azure Active directory and windows defender firewall connectors are available for common non-microsoft services and solutions including aws cloudtrail citrix analytics sophos xg firewall vmware carbon black cloud and octa sso azure sentinel supports data from other sources that use the common event format

messaging standard syslog a rest api tailwind traders needs to be notified when something suspicious occurs It decides to use both built-in analytics and custom rules to detect threats built-in analytics use templates designed by microsoft's team of security experts and analysts they are based on known threats common attack vectors and escalation chains for suspicious activity these templates can be customized and search across the environment for any activity that looks suspicious some templates use machine Learning behavioral analytics that are based on microsoft proprietary algorithms custom analytics are rules that you create to search for specific criteria within

your environment you can preview the number of results that the query would generate based on past log events and set a schedule for the query to run you can also set an alert threshold when azure sentinel detects suspicious events Tailwind traders can investigate specific alerts or incidents incidents are a group of related alerts this is what an investigation graph looks like in azure sentinel with the investigation graph the company can review information from entities directly connected to the alert and see common exploration queries to help guide the investigation you can also use azure monitor workbooks

to automate responses to threats Workbooks can run manually or automatically when a rule triggers an alert for example it can set an alert that looks for malicious ip addresses that access the network and create a workbook that does the following steps when the alert is triggered it opens a ticket in the itt ticketing system then it sends a message to the security operations channel in microsoft teams or slack to make sure the security analysts Are aware of the incident next it sends all of the information in the alert to the senior network admin and to

the security admin the email message includes two user option buttons block or ignore when an admin chooses block the ip address is blocked in the firewall and the user is disabled in azure active directory when an admin chooses ignore the alert is closed in azure sentinel and the incident is closed in the it Ticketing system the workbook continues to run after it receives a response from the admins let's take a look at how azure key vault is used to store and manage secrets once again we will use an example from our tailwind traders case study

as tailwind traders builds its workloads in the cloud it needs to carefully handle sensitive information such as passwords encryption keys and certificates This information needs to be available for an application to function but it might allow an unauthorized person access to application data azure key vault is a centralized cloud service for storing an application secrets in a single central location it provides secure access to sensitive information by providing access control and logging capabilities now that we know what azure key vault is let's take a look at what azure key Vault can do azure key vault

can help you manage secrets you can use keyvault to securely store and tightly control access to tokens passwords certificates api keys and other secrets manage encryption keys you can use keyvault as a key management solution vault makes it easier to create and control the encryption keys that are used to encrypt your data Manage ssl tls certificates key vault enables you to provision manage and deploy your public and private secure sockets layer transport layer security or ssl tls certificates for both your azure resources and your internal resources store secrets backed by hardware security modules are hsms

these secrets and keys can be protected either by software or by fips 140-2 level 2 validated hsms Here's an example that shows a certificate used for testing in key vault you'll add a secret to key vault later in this module the benefits of using key vault include centralized application secrets centralizing the storage for your application secrets enables you to control their distribution and reduces the chances that secrets are accidentally leaked securely stored secrets and keys azure uses industry standard algorithms Key links and hsms access to key vault requires proper authentication and authorization access monitoring and

access control by using key vault you can monitor and control access to your application secrets simplified administration of application secrets key vault makes it easier to enroll and renew certificates from public Certificate authorities rcas you can also scale up and replicate content within regions and use standard certificate management tools integration with other azure services you can integrate key vault with storage accounts container registries event hubs and many more azure services these services can then securely reference the secrets stored in key vault on azure vms run on shared hardware that microsoft manages Although the underlying hardware

is shared your vm workloads are isolated from workloads that other azure customers run however some organizations must follow regulatory compliance that requires them to be the only customer using the physical machine that hosts their virtual machines to facilitate this requirement azure dedicated host provides dedicated physical servers that will host your Azure vms for windows and linux here's a diagram that shows how virtual machines relate to dedicated hosts and host groups a dedicated host is mapped to a physical server in an azure data center and a host group is a collection of dedicated hosts now that

we know that a dedicated host is mapped to a physical server in an azure data center let's take a look at some of the benefits of using azure Dedicated host azure dedicated host gives you visibility into and control over the server infrastructure that's running your azure vms helps address compliance requirements by deploying your workloads on an isolated server lets you choose the number of processors server capabilities vm series and vm sizes within the same host after a dedicated host is provisioned azure assigns it to the physical server In microsoft's cloud data center for high availability

you can provision multiple hosts in a host group and deploy your virtual machines across this group vms and dedicated hosts can also take advantage of maintenance control this feature enables you to control when regular maintenance updates occur within a 35-day rolling window you're charged per dedicated host independent of how many virtual machines you deploy to it The host price is based on the vm family type or hardware size and region software licensing storage and network usage are built separately from the host and vms congratulations you have completed this lesson on how to protect against security

threats on azure you learned how to use azure security center to strengthen your security posture and protect against threats you learned how to collect and act on Security data from many different sources by using azure sentinel we looked at how to store and access sensitive information such as passwords and encryption keys securely in azure key vault we also covered how you can manage dedicated physical servers to host your azure vms for windows and linux by using azure dedicated host welcome to this lesson on secure network connectivity on azure This is an important topic every application

and service whether on premises or in the cloud needs to be designed with security in mind there's too much at risk for example a denial of service attack might prevent customers from reaching your website or services and block you from doing business or your website might be defaced causing damage to your reputation a data breach would be even worse because it can ruin Hard-earned trust while causing significant personal and financial harm let's go back to our case study on tailwind traders a fictitious home improvement retailer that operates retail hardware stores across the globe and online

tailwind traders specializes in competitive pricing fast shipping and a large range of items it's looking at cloud technologies to improve business operations and support growth into new Markets by moving to the cloud the company plans to enhance its shopping experience to further differentiate itself from competitors as tailwind traders moves to the cloud it needs to evaluate its security needs before it can deploy a single line of code to production although security must be considered at every layer in the company's applications all the way from the physical servers to the application Data some factors relate specifically

to the network configuration and network traffic of cloud-based workloads in this lesson you'll focus on the network security capabilities in azure and review how they help you secure your solutions in the cloud based on your business needs after completing this lesson you'll be able to identify the layers that make up a defense in depth strategy explain how azure firewall enables you To control what traffic is allowed on the network configure network security groups to filter network traffic to and from azure resources within a microsoft azure virtual network and explain how azure ddos protection helps protect

your azure resources from ddos attacks tailwind traders currently runs its workloads on premises in its data center running on premises means that the Company is responsible for all aspects of security from physical access to buildings all the way down to how data travels in and out of the network the company wants to know how its current defense in depth strategy compares to running in the cloud the objective of defense in depth is to protect information and prevent it from being stolen by those who aren't authorized to access it a defense in-depth strategy uses a Series

of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data each layer provides protection so that if one layer is breached a subsequent layer is already in place to prevent further exposure this approach removes reliance on any single layer of protection it slows down an attack and provides alert telemetry that security teams can act upon either automatically or Manually the physical security layer is the first line of defense to protect computing hardware in the data center the identity and access layer controls access to infrastructure and change control the perimeter

layer uses distributed denial of service protection to filter large scale attacks before they can cause a denial of service for users the network layer limits communication between resources through segmentation And access controls the compute layer secures access to virtual machines the application layer helps ensure that applications are secure and free of security vulnerabilities and the data layer controls access to business and customer data that you need to protect these layers provide a guideline for you to help make security configuration decisions in all of the layers of your applications azure provides security tools and Features at

every level of the defense and depth concept let's take a closer look at each layer physically securing access to buildings and controlling access to computing hardware within the data center are the first line of defense with physical security the intent is to provide physical safeguards against access to assets these safeguards ensure that other layers can't be bypassed and loss or Theft is handled appropriately microsoft uses various physical security mechanisms in its cloud data centers at the identity and access layer it's important to control access to infrastructure and change control use single sign-on and multi-factor authentication

and audit events and changes the identity and access layer is all about ensuring that identities are secure access is granted only to what's needed And sign in events and changes are logged we will cover identity and access in detail in another module at the perimeter layer it's important to use ddos protection to filter large-scale attacks before they can affect the availability of a system for users use perimeter firewalls to identify an alert on malicious attacks against your network at the network perimeter it's About protecting from network-based attacks against your resources identifying these attacks eliminating their

impact and alerting you when they happen are important ways to keep your network secure at the network layer it's important to limit communication between resources deny by default restrict inbound internet access and limit outbound access where appropriate and implement secure connectivity to On-premises networks at this layer the focus is on limiting the network connectivity across all your resources to allow only what's required by limiting this communication you reduce the risk of an attack spreading to other systems in your network at the compute layer it's important to secure access to virtual machines and implement endpoint protection

on devices and keep systems patched and current malware unpatched systems and improperly Secured systems open your environment to attacks the focus in this layer is on making sure that your compute resources are secure and that you have the proper controls in place to minimize security issues at application layer it's important to ensure that applications are secure and free of vulnerabilities store sensitive application secrets in a secure storage medium make security a design requirement for All application development integrating security into the application development lifecycle helps reduce the number of vulnerabilities introduced in code every development team

should ensure that its applications are secure by default in almost all cases attackers are after data stored in a database stored on disk inside virtual machines stored in software as a service applications such as office 365 and Managed through cloud storage those who store and control access to data are responsible for ensuring that it's properly secured often regulatory requirements dictate the controls and processes that must be in place to ensure the confidentiality integrity and availability of the data we will cover privacy compliance and data protection standards on azure in detail in another module your security

posture is your Organization's ability to protect from and respond to security threats the common principles used to define a security posture are confidentiality integrity and availability known collectively as cia confidentiality uses the principle of least privilege which means restricting access to information only to individuals explicitly granted access at only the level that they need to perform their work This information includes protection of user passwords email content and access levels to applications and underlying infrastructure integrity prevents unauthorized changes to information at rest when it's stored and in transit when it's being transferred from one place to

another including from a local computer to the cloud a common approach used in data transmission is for the cinder to create A unique fingerprint of the data by using a one-way hashing algorithm the hash is sent to the receiver along with the data the receiver recalculates the data's hash and compares it to the original to ensure that the data wasn't lost or modified in transit an availability ensures that services are functioning and can be accessed only by authorized users denial of service attacks are designed To degrade the availability of a system affecting its users a

firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules you can create firewall rules that specify ranges of ip addresses only clients granted ip addresses from within those ranges are allowed to access the destination server Firewall rules can also include specific network protocol and port information tailwind traders currently runs firewall appliances which combine hardware and software to protect its on-premises network these firewall appliances require a monthly licensing fee to operate and they require it staff to

perform routine maintenance as tailwind traders moves to the cloud the it manager wants to know what azure services can protect both the company's Cloud networks and its on-premises networks azure firewall is a managed cloud-based network security service that helps protect resources in your azure virtual networks a virtual network is similar to a traditional network that you'd operate in your own data center it's a fundamental building block for your private network that enables virtual machines and other compute Resources to securely communicate with each other the internet and on-premises networks this diagram shows a basic azure firewall

implementation azure firewall is a stateful firewall a stateful firewall analyzes the complete context of a network connection not just an individual packet of network traffic azure firewall features high availability and unrestricted cloud scalability azure firewall provides a Central location to create enforce and log application and network connectivity policies across subscriptions and virtual networks it uses a static unchanging public ip address for your virtual network resources which enables outside firewalls to identify traffic coming from your virtual network the service is integrated with azure monitor to enable logging and analytics azure firewall provides many features Including built-in

high availability unrestricted cloud scalability inbound and outbound filtering rules inbound destination network address translation or dnat support and azure monitor logging you typically deploy azure firewall on a central virtual network to control general network access with azure firewall you can configure application rules that define fully qualified domain names are fqdns that Can be accessed from a subnet network rules that define source address protocol destination port and destination address network address translation also known as nat rules that define destination ip addresses and ports to translate inbound requests azure application gateway also provides a firewall that's called

the web application firewall or waf waf provides centralized inbound protection for your web applications Against common exploits and vulnerabilities azure front door and azure content delivery network rcdn also provides waft services any large company can be the target of a large-scale network attack attackers might flood your network to make a statement or simply for the challenge tailwind traders is no exception as tailwind traders moves to the cloud it wants to understand how Azure can prevent ddos and other attacks now you'll learn how azure ddos protection standard service tier helps protect your azure resources from ddos

attacks first let's define what a ddas attack is a ddas attack attempts to overwhelm and exhaust an application's resources making the application slow or unresponsive to legitimate users ddas attacks can target any resource that's publicly reachable through the internet Including websites azure ddos protection standard helps protect your azure resources from ddos attacks when you combine ddos protection with recommended application design practices you help provide a defense against ddos attacks ddos protection uses the scale and elasticity of microsoft's global network to bring ddos mitigation capacity to every azure region the ddos protection Service helps protect your

azure applications by analyzing and discarding ddos traffic at the azure network edge before it can affect your services availability this diagram shows network traffic flowing into azure from both customers and an attacker ddas protection identifies the attacker's attempt to overwhelm the network and blocks further traffic from them Ensuring that traffic never reaches azure resources legitimate traffic from customers still flows into azure without any interruption of service ddos protection can also help you manage your cloud consumption when you run on premises you have a fixed number of compute resources but in the cloud elastic computing means

that you can automatically scale out your deployment to meet demand A cleverly designed ddos attack can cause you to increase your resource allocation which incurs unneeded expense ddas protection standard helps ensure that the network load you process reflects customer usage you can also receive credit for any costs accrued for scaled out resources during a ddas attack there are several service tiers available to dds protection the basic Service tier is automatically enabled for free as part of your azure subscription it ensures that azure infrastructure itself is not affected during a large scale ddos attack the standard

service tier provides additional mitigation capabilities that are tuned specifically to azure virtual network resources ddos protection standard is relatively easy to enable and requires no changes To your applications protection policies are tuned through dedicated traffic monitoring and machine learning algorithms policies are applied to public ip addresses which are associated with resources deployed in virtual networks such as azure load balancer and application gateway both the basic and standard tiers provide always-on traffic monitoring and real-time mitigation of common network level attacks they provide the same Defenses that microsoft's online services use the azure global network is used

to distribute and mitigate attack traffic across azure regions the standard service tier can help prevent volumetric attacks where the goal of this attack is to flood the network layer with a substantial amount of seemingly legitimate traffic protocol attacks which render a target inaccessible by exploiting a weakness in the layer 3 and layer 4 protocol stack And resource layer are application layer attacks which is provided only with web application firewall these attacks target web application packets to disrupt the transmission of data between the hosts you need a waf to protect against layer 7 attacks ddos protection

standard protects the waf from volumetric and protocol attacks although azure firewall and azure ddos protection can help control what traffic Can come from outside sources tailwind traders also wants to understand how to protect its internal networks on azure doing so will give the company an extra layer of defense against attacks now you will examine network security groups or nsgs a network security group enables you to filter network traffic to and from azure resources within an azure virtual network you can think of nsgs like an internal firewall an nsg can contain multiple Inbound and outbound security

rules that enable you to filter traffic to and from resources by source and destination ip address port and protocol a network security group can contain as many rules as you need within azure subscription limits when you create a network security group azure creates a series of default rules to provide a baseline level of security you can't remove the default rules but you can override them by creating new Rules with higher priorities each rule specifies the properties you can see in the table on screen when you're considering an azure security solution consider all the elements of

defense in depth next we will present some recommendations on how to combine azure services to create a complete network security solution the perimeter layer is about protecting your organization's resources from Network-based attacks identifying these attacks alerting the appropriate security teams and eliminating their impact are important to keeping your network secure to do this you can use azure ddos protection to filter large-scale attacks before they can cause a denial of service for users and use perimeter firewalls with the azure firewall to identify an alert on malicious attacks against your network At this layer the focus is

on limiting network connectivity across all of your resources to allow only what's required segment your resources and use network level controls to restrict communications to only what's needed by restricting connectivity you reduce the risk of lateral movement throughout your network from an attack use network security groups to create rules that define allowed inbound and outbound communication at this layer the Recommended practices for securing the network layer are to limit communication between resources by segmenting your network and configuring access controls deny by default restrict inbound internet access and limit outbound where appropriate and implement secure connectivity

to on-premises networks you can combine azure networking and security services to manage your network security and provide increased layered protection Here are two ways you can combine services azure firewall complements the functionality of network security groups together they provide better defense in-depth network security network security groups provide distributed network layer traffic filtering to limit traffic to resources within virtual networks in each subscription azure firewall is a fully stateful centralized network firewall as a Service it provides network level and application level protection across different subscriptions and virtual networks you can also combine azure application gateway web

application firewall and azure firewall waff is a feature of azure application gateway that provides your web applications with centralized inbound protection against common exploits and vulnerabilities Azure firewall provides inbound protection for non-https protocols for example rdp ssh and ftp outbound network level protection for all ports and protocols and application level protection for outbound https combining them provides more layers of protection tailwind traders faces a number of security challenges in today's digital world its needs aren't unique azure provides tools and services that can help you detect and Act on important security events it also provides ways

to help keep your data safe which can prevent security incidents from happening to begin with in the first lesson you learned about azure services that relate to security azure security center provides visibility of your security posture across all of your services both on azure and on-premises azure sentinel aggregates security data from many different sources and provides Additional capabilities for threat detection and response azure key vault stores your application secrets such as passwords encryption keys and certificates in a single central location and azure dedicated host provides dedicated physical servers to host your azure vms for windows

and linux in the second lesson you learned about some of the ways you can secure network traffic both on azure and in your On-premises data center we covered an important topic defense in depth defense in depth helps us think about security as a multiple layer multiple vector concern threats come from places we don't expect and they can come with surprising strength tailwind traders now has a few tools and services that it can use to secure its networks azure firewall is a managed Cloud-based network security service that helps protect resources in azure virtual networks an azure

virtual network is similar to a traditional network that you'd operate in your own data center it enables virtual machines and other compute resources to securely communicate with each other the internet and on-premises networks a network security group enables you to filter network traffic to and from azure Resources within a virtual network and azure ddos protection helps protect azure resources from ddos attacks congratulations you have completed the azure management tools and security solutions course management tools encompass a wide array of tools and services from microsoft azure in this course you have looked at many of these

tools and services and chose the best one for a given business Scenario you have also examined the various azure services you can use to help ensure that your cloud resources are safe secure and trusted at this point you should be able to choose the correct azure artificial intelligence service to address different kinds of business challenges the best software development process tools and services for a given business scenario The correct cloud monitoring service and management tool to address different kinds of technical needs and challenges the right serverless computing technology for your business scenario and the best

azure iot service for a given business scenario you should also be able to strengthen your security posture and protect against threats by using azure security center collect and act on security data from Many different sources by using azure sentinel store and access sensitive information such as passwords and encryption keys securely in azure key vault manage dedicated physical servers to host your azure vms for windows and linux by using azure dedicated host and secure network connectivity on azure demonstrating knowledge of these topics is a requirement in the az900 microsoft azure fundamentals exam You are one step

further down the road to certification the next course will cover identity governance privacy and compliance features on azure it will be the next step in further preparing for the az 900 so you can pursue a career using microsoft azure make sure to check the reading material that follows for more information on what's to come in the next course hello and welcome to azure Services and life cycles this course aims to help you learn more about azure and prepares you for the azure 900 exam understanding who is using your systems and what they have permission to

do is critical to keeping your data safe from attackers to stay organized manage costs and meet your compliance goals you need a good cloud governance strategy in this course you will learn how azure can help you secure access to cloud resources What it means to build a cloud governance strategy and how azure adheres to common regulatory and compliance standards this course will also guide you further down the path of becoming az900 microsoft azure fundamentals certified acquiring the azure fundamental certification is also an opportunity for you to prove your knowledge of cloud concepts and azure's main

features for this course it will include azure Identity services cloud governance strategy privacy compliance and data protection standards and finally costs and sla service cycles to get the most out of this course it helps if you are familiar with the general technology concepts including concepts of networking storage compute application support and application development in terms of your azure fundamentals exam up to 40 of your exam content will be Covered in this course 20 to 25 of the exam will focus on identity governance privacy and compliance features while the remaining 10 to 15 percent will focus

on cost management and service level agreements a successful completion of this course will set you well on the way to obtaining the az900 azure fundamental certification microsoft certifications provide globally recognized and industry Endorsed evidence of mastering technical skills microsoft certification provides you with a pathway to upgrade your skills validate your abilities enhance your professional performance and develop your career microsoft certifications validate your skills and capabilities and leads you to success achieving certification shows employers that you have drive and initiative if You get hired in a new role or promote it or change your career your

certification speaks volumes about you and what you know perhaps you are already in an i.t support role and your team needs your guidance or opinion you will definitely be able to respond with confidence once you have successfully completed this program stay ahead get hired and receive the recognition you deserve In this course you will explore various modules relating to azure management tools and security solutions you'll start off with azure identity services next you will work through the process of how to build a cloud governance strategy on azure as you dive deeper you'll explore privacy compliance

and data protection standards on azure finally you look at how azure can help you by managing costs and sla service cycles throughout this course you will Have an opportunity to get hands-on experience with azure through interactive exercises practice quizzes and practice exams the interactive exercises offer opportunities to practice and implement what you're learning as an example you will protect a storage account from accidental deletion by using a resource lock from the azure portal the beauty about this is that you will be working with real technology but In a controlled environment which allows you to apply

what you learn and at your own pace bear in mind that you will need to have a microsoft account in order to access the azure portal as you explore the concepts and services that are available through azure you'll be given a case study to apply where you're learning to real-world examples in the case study you'll assume the role of an i.t specialist and address the Technology challenges of tailwind traders so that you can help them conduct business more efficiently using real-world examples helps to reinforce concepts prepare you for the exam and gives you confidence in

your approach now that you have a good idea of what you'll cover in this course in the following reading you can review what you learn throughout the modules in more detail Good luck hello and welcome to this lesson on azure identity services in this lesson you learn about azure identity and services with focus on identity and access management with people increasingly able to work from anywhere plus the rise of bring your own device strategies mobile applications and cloud applications many of those access points are now outside the company's physical networks Identity has become the new

primary security boundary accurately proving that someone is a valid user of your system with an appropriate level of access is critical to maintaining control of your data this identity layer is now more often the target of attack than the network is to demonstrate this we're going to use our case study to give you an opportunity to apply the concepts that you'll learn The mobile workforce of tailwind traders is increasing as are the number of applications that the company runs in the cloud as a result retail employees located around the world are issued tablet devices from

which they can create orders for customers track delivery schedules and plan their work schedules delivery drivers can use their own mobile devices to access scheduling and logistics applications some delivery Drivers are permanent employees of tailwind traders and others work on short-term contracts currently tailwind traders uses active directory to secure its on-premises environment it needs to ensure that only employees can sign in and access the company's business applications it also needs to ensure that short-term staff can access these applications only when they're under active contract in this module you will learn how azure Active directory or

azure ad can also help tailwind traders consistently secure all of its applications accessed from the internet and from public networks be mindful not to confuse active directory with azure active directory the first is primarily associated with securing on-premises applications while the latter is associated with securing them in the cloud later in this module you will look at How tailwind traders can use azure active directory to consistently secure all of their applications accessed from the intranet and from public networks after completing this module you'll be able to explain the difference between authentication and authorization describe azure

active directory and how it provides identity and access management explaining the role that single sign-on commonly known as sso multi-factor authentication and Conditional access play in managing user identity let's take a look at tailwind traders again recall that they must ensure that only employees can sign in and access its business applications tailwind traders also needs to ensure that employees can access only authorized applications for example all employees can access inventory and pricing software but only store managers can access payroll in certain accounting Software in order to achieve this let's examine two fundamental concepts that you

need to understand when talking about identity and access these are authentication which is sometimes referred to as auth n and authorization which is sometimes referred to as author z authentication and authorization both support everything else that happens and they occur sequentially in the identity And access process let's now take a brief look at each authentication is the process of establishing the identity of a person or service that wants to access a resource it involves a process of call and response where the end user or service is challenged for a set of credentials these credentials are

then used as the basis to create a security principle and this security principle is used to establish the user's identity and access Control you can think of this as the digital version of a person showing an identity card to a doorman prior to being granted access to an office building by using authentication you can establish whether the user is who they say they are while authentication establishes the user's identity authorization is the process of establishing what level of access an authenticated person or Service has it specifies what data they're allowed to access and what they

can do with it once again let's look at our doorman example once you show your identity card to the doorman and you have been successfully identified the doorman may only allow you to access one room in the building based on the information on your identity card this process of access based on identity credentials is Authorization therefore in summary authentication is the process of proving who you are while authorization defines what you are allowed to do let's look at a practical example now here the identification card represents credentials that the user has to prove their identity

you'll learn more about the types of credentials later in this module once authenticated authorization defines What kinds of applications resources and data the user can access let's take a look at what is azure active directory or azure ad and how it provides identity services that enable your users to sign in and access both microsoft cloud applications and cloud applications that you develop we will also explore the functionality and usage of azure active directory azure active directory is microsoft's cloud-based identity and access Management service azure ad enables an organization's employees to sign in and access both

internal and external resources while also keeping them secure in doing so users can sign in and access external resources such as microsoft 365 the azure portal and thousands of other software as a service or sas applications internal resources such as apps on the organization's corporate network and Intranet along with any cloud apps developed by the organization tailwind traders already uses active directory to secure its on-premises environment but they don't want users to have a different username and password to remember for accessing applications and data in the cloud they also need to ensure that only employees

can sign in and access the company's business applications additionally application access must be Available for any short-term staff but only when they're under an active contract let's explore how azure active directory can help tailwind traders consistently secure all of its applications accessed from the intranet and from public networks active directory is related to azure ad but they have some key differences microsoft introduced active directory in windows 2000 to give organizations the Ability to manage multiple on-premises infrastructure components and systems by using a single identity per user for on-premises environments active directory running on windows server

provides an identity and access management service that's managed by your own organization azure ad is microsoft's cloud-based identity and access management service with azure ad you control the identity accounts but microsoft ensures that the Service is available globally if you've worked with active directory azure ad will be familiar to you when you secure identities on premises with active directory microsoft doesn't monitor sign-in attempts when you connect active directory with azure ad microsoft can help protect you by detecting suspicious sign-in attempts at no extra cost for example azure ad can detect sign-in attempts from unexpected locations

or Unknown devices azure active directory is used by a variety of end users let's take a look at some of them now it administrators can use azure ad to control access to applications and resources based on their business requirements app developers can use azure ad to provide a standards-based approach for adding functionality to applications that they build such as adding single sign-on functionality to an app or Enabling an app to work with a user's existing credentials end users can manage their identities for example self-service password reset enables users to change or reset their password with

no involvement from an it administrator or help desk if you are a microsoft 365 microsoft office 365 azure or microsoft dynamics crm online subscriber then you are already using azure ad here's an example of what an it Administrator might see in the azure portal when working with active directory sometimes you may hear the term tenant a tenant represents an organization in azure active directory it's a dedicated azure ad instance that an organization receives and owns when it signs up for a microsoft cloud service such as azure microsoft intune or microsoft 365 you can think of

a tenant as an instance of your organization with isolated data Which is separated from other tenants or organizations each microsoft 365 office 365 azure and dynamics crm online tenant is automatically an azure ad tenant now let's explore the main services provided by azure ad azure ad provides services such as authentication which includes verifying identity to access applications and resources it also includes providing Functionalities such as self-service password reset multi-factor authentication a custom list of banned passwords and smart lockout services single sign-on or sso which enables you to remember only one username and one password to

access multiple applications a single identity is tied to a user which simplifies the security model as users change roles or leave an organization access modifications are tied to that identity which greatly Reduces the effort needed to change or disable accounts you can manage your cloud and on-premises apps by using azure ad features like application proxy sas apps the my apps portal also called the access panel and single sign-on provide a better user experience along with accounts for individual people azure ad supports the registration of devices registration enables devices to be managed through Tools like microsoft

intune it also allows for device-based conditional access policies to restrict access attempts to only those coming from known devices regardless of the requesting user account connecting active directory with azure ad enables you to provide a consistent identity experience to your users there are a few ways to connect your existing active directory installation with azure ad Perhaps the most popular method is to use azure ad connect azure ad connect synchronizes user identities between on-premises active directory and azure ad azure ad connect also synchronizes changes between both identity systems so you can use features like sso multi-factor

authentication and self-service password reset under both systems the self-service password reset is important as it prevents users from Using known compromised passwords here's a diagram that shows how azure ad connect fits between on-premises active directory and azure ad as tailwind traders integrates its existing active directory instance with azure ad it creates a consistent access model across its organization doing so greatly simplifies its ability to sign into different applications manage changes to user identities and control and monitor and block unusual Access attempts this connection is made possible by using azure ad connect let's take a closer

look at single sign-on now single sign-on enables a user to sign in one time and use that credential to access multiple resources and applications from different providers this is important as organizations need a robust identity and access management strategy that can handle the challenges of securing user and data access from The cloud more identities mean more passwords to remember and change password policies can vary among applications as complexity requirements increase it becomes increasingly difficult for users to remember them the more passwords a user has to manage the greater the risk of a credential related security

incident consider the process of managing all those identities Additional strain is placed on help desks as they deal with account lockouts and password reset requests if a user leaves an organization tracking down all those identities and ensuring they are disabled can be challenging if an identity is overlooked this might allow access when it should have been eliminated with sso you need to remember only one id and one password access across applications is granted to A single identity that's tied to the user which simplifies the security model as users change roles or leave an organization access

is tied to a single identity this change greatly reduces the effort needed to change or disable accounts using sso for accounts makes it easier for users to manage their identities and increases your security capabilities you'll find resources at the end of this module about how to enable sso through Azure ad let's take a look at the features of multi-factor authentication and conditional access now but before we do let's give it some context in relation to our case study on tailwind traders tailwind traders allows delivery drivers to use their own mobile devices to access scheduling and

logistics applications some delivery drivers are permanent employees of tailwind traders others work on short-term contract How can the it department ensure that an access attempt is really from a valid tailwind traders worker in this part you learn about two processes that enable secure authentication azure ad multi-factor authentication and conditional access let's start with a brief look at what multi-factor authentication is in general multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form Of identification examples include a code on their mobile phone or a fingerprint scan think about

how you sign into websites email or online gaming services in addition to your username and password have you ever needed to enter a code that was sent to your phone if so you've used multi-factor authentication to sign in multi-factor authentication is important as it provides an additional level of Security for your identities by requiring two or more elements to fully authenticate these elements fall into three categories something the user knows this might be an email address and password something the user has this might be a code that's sent to the user's mobile phone something the

user is this is typically some sort of biometric property such as a fingerprint or face scan that's used On many mobile devices azure ad multi-factor authentication or mfa is a microsoft service that provides multi-factor authentication capabilities azure ad mfa enables users to choose an additional form of authentication during sign-in such as a phone call or mobile app notification the following services provide azure ad multi-factor authentication capabilities the azure active directory free edition enables azure ad multi-factor Authentication for administrators with a global admin level of access via the microsoft authenticator app phone call or sms code

you can also enforce azure ad multi-factor authentication for all users via the microsoft authenticator app only by enabling security defaults in your azure ad tenant azure active directory premium p1 or p2 licenses allows for comprehensive and granular configuration of azure ad multi-factor authentication Through conditional access policies explained shortly a subset of azure ad multi-factor authentication capabilities is part of your office 365 subscription for more information on licenses and azure ad multi-factor authentication capabilities see available versions of azure ad multi-factor authentication conditional access is a tool that azure active directory uses to allow or deny access

to resources based on identity signals These signals include who the user is where the user is and what device the user is requesting access from conditional access helps it administrators empower users to be productive wherever and whenever and protect the organization's assets conditional access also provides a more granular multi-factor authentication experience for users for example a user might not be challenged for a second authentication factor if they're at a Known location however they might be challenged for a second authentication factor if their sign and signals are unusual or they're at an unexpected location during sign

in conditional access collects signals from the user makes decisions based on those signals and then enforces that decision by allowing or denying the access request or challenging for a multi-factor authentication response Here the signal might be the user's location the user's device or the application that the user is trying to access based on these signals the decision might be to allow full access if the user is signing in from their usual location if the user is signing in from an unusual location or a location that's marked as high risk then access might be blocked entirely

or possibly granted After the user provides a second form of authentication enforcement is the action that carries out the decision for example the action is to allow access or require the user to provide a second form of authentication conditional access is useful when you require multi-factor authentication to access an application you can configure whether all users require multi-factor authentication or only certain users Such as administrators you can also configure whether multi-factor authentication applies to access from all networks or only untrusted networks require access to services only through approved client applications for example you might want

to allow users to access office 365 services from a mobile device as long as they use approved client apps like the outlook mobile app require your users to access your application only from managed devices a Managed device is a device that meets your standards for security and compliance block access from untrusted sources such as access from unknown or unexpected locations as we've learned conditional access is a capability of azure active directory that enables you to control how authorized users access your cloud apps how do you know what to expect from the conditional access policies in

your Environment to answer this question you can use the conditional access what if tool the conditional access what-if policy tool allows you to understand the impact of your conditional access policies on your environment you can use this tool to model your proposed conditional access policies across recent sign-in attempts from your users to see what the impact would have been if those policies had been enabled the what-if tool enables you to test Your proposed conditional access policies before you implement them to use conditional access you need an azure ad premium p1 or p2 license if you

have a microsoft 365 business premium license you also have access to conditional access features congratulations you have completed this lesson on azure identity services you now should be able to explain the difference between authentication and authorization and how Azure active directory provides identity and access management to cloud-based applications we explored how this is achieved using concepts such as single sign-on or sso multi-factor authentication and conditional access hello and welcome to cloud governance strategy in this module you'll learn about access policies resource locks and tags you will be introduced to azure services such as azure policy

and azure Blueprints then you will look at how they can help you build a comprehensive cloud governance strategy the term governance describes the general process of establishing rules and policies and ensuring that those rules and policies are enforced when running in the cloud a good governance strategy helps you maintain control over the applications and resources that you manage in the cloud Maintaining control over your environment ensures that you stay compliant with industry standards like the payment card industry data security standard pci dss and corporate or organizational standards such as ensuring that network data is encrypted

governance can be beneficial to organizations in a wide range of areas such as multiple engineering teams working in azure multiple subscriptions to manage Regulatory requirements that must be enforced and standards that must be followed for all cloud resources in this module you'll help tailwind traders explore ways they can enforce standards while still enabling teams to create and manage the cloud resources they need tailwind traders is continuing its migration to the cloud its existing data center development and test teams must submit support tickets to request access To virtual machines storage and networking components it can take

it staff anywhere from two weeks to two months to purchase provision and configure these components by working in the cloud you essentially have immediate access to compute storage and networking components many kinds of groups and users including people from development test operations and security teams can potentially have direct access to cloud resources going forward Tailwind traders could enforce similar processes that prevent teams from directly creating or configuring resources on azure similar to its existing approach where central i.t provisions infrastructure but the company knows that these restrictions reduce team agility and the ability to innovate the

question is how can they enable innovation while still maintaining control after completing this module you will be Able to make organizational decisions about your cloud environment by using the cloud adoption framework for azure define who can access cloud resources by using azure role-based access control apply a resource lock to prevent accidental deletion of your azure resources apply tags to your azure resources to help describe their purpose control and audit how your resources are Created by using azure policy and enable governance at scale across multiple azure subscriptions by using azure blueprints tailwind traders needs to control

its cloud environment so that it complies with several industry standards but it's not sure where to start it has existing business requirements and it understands how these requirements relate its on-premises workloads these requirements also must Be met by any workloads it runs in the cloud you've been tasked with investigating what's available on azure and to define and implement the governance strategy for tailwind traders you decide to start with a cloud adoption framework the cloud adoption framework for azure provides you with proven guidance to help with your cloud adoption journey it helps you create and implement

the business and technology strategies Needed to succeed in the cloud the cloud adoption framework consists of tools documentation and proven practices which can help you create and implement the business and technology strategies needed to succeed in the cloud the cloud adoption framework includes these stages define your strategy make a plan ready your organization adopt the cloud and govern and manage Your cloud environments to help build your adoption strategy the cloud adoption framework breaks out each stage into further exercises and steps let's take a brief look at each stage in the first stage you define your

strategy using the cloud adoption framework which includes tools documentation and proven practices you answer questions such as why you're moving to the cloud and what you want to get out of cloud migration do you need to scale to meet demand or Reach new markets will it reduce costs or increase business agility let's take a look at the steps in this stage define and document your motivations meeting with stakeholders and leadership can help you answer why you're moving to the cloud document business outcomes meet with leadership from your finance marketing sales and human resource groups to

help you document your goals Develop a business case validate that moving to the cloud gives you the right return on investment roi for your efforts and choose the right first project choose a project that's achievable but also shows progress towards your cloud migration goals in the second stage you build a plan that maps your aspirational goals to specific actions a good plan helps ensure that your efforts map to the Desired business outcomes let's walk through the steps in this stage first digital estate this is when you create an inventory of the existing digital assets and

workloads that you plan to migrate to the cloud second initial organizational alignment in this step you ensure that the right people are involved in your migration efforts both from a technical standpoint As well as from a cloud governance standpoint third skills readiness plan here you build a plan that helps individuals build the skills they need to operate in the cloud last cloud adoption plan in this final step you build a comprehensive plan that brings together the development operations and business teams toward a shared cloud adoption goal in the third stage you get your Organization ready

by creating a landing zone a landing zone is an environment in the cloud that helps you begin hosting your workloads review the azure setup guide to become familiar with the tools and approaches you need to use to create a landing zone begin to build out the azure subscriptions that support each of the major areas of your business a landing zone includes cloud infrastructure as well as governance accounting and Security capabilities refine your landing zone to ensure that it meets your operations governance and security needs and start with recommended and proven practices to help ensure that

your cloud migration efforts are scalable and maintainable in the fourth stage you begin to migrate your applications to the cloud along the way you might find ways to modernize your applications and build innovative Solutions that use cloud services let's take a look at the steps in the migrate phase of the adopt stage use the azure migration guide to deploy your first project to the cloud use additional in-depth guides to explore more complex migration scenarios check in with the azure cloud migration best practices checklist to verify that you're following recommended practices and identify ways to make

the migration process scale while requiring less Effort now for the steps in the innovate phase of this stage establish business value consensus by verifying that investments and new innovations add value to the business and meet customer needs use azure innovation guide to accelerate development and build a minimum viable product mvp for your idea verify that your progress maps to recommended best practices before you Move forward and create feedback loops by checking in frequently with your customers to verify that you're building what they need in the final stages you begin to form your cloud governance and

cloud management strategies as the cloud estate changes over time so too will your cloud governance processes and policies you need to create resilient solutions that are constantly optimized let's look at the steps in the govern Phase of this stage consider your end state solution then define a methodology that incrementally takes you from your first steps all the way to full cloud governance use the governance benchmark tool to assess your current state and future state to establish a vision for applying the framework create a minimally viable product that captures the first steps of your Governance plan

and iteratively add governance controls that address tangible risks as you progress towards your end state solution now for the steps in the manage phase of this stage it is here that you define your minimum commitment to operations management a management baseline is the minimum set of tools and processes that should be applied to every asset in an environment document supported workloads to Establish operational commitments with a business and agree on cloud management investments for each workload apply recommended best practices to iterate on your initial management baseline and for workloads that require a higher level of

business commitment perform a deeper architecture review to deliver on your resiliency and reliability commitments there's no single cloud adoption path That works for every organization but the main implementation stages are similar for all organizations and industries define your strategy make a plan ready your organization adopt the cloud and govern and manage your digital estate in the first course in this series you learned that the hierarchical structure for an organization's resources in azure has four levels resources resource groups subscriptions and management Groups let's take a brief look at each of these levels resources are instances of

services that you create like virtual machines storage or sql databases resources are combined into resource groups which act as a logical container into which azure resources like web apps databases and storage accounts are deployed and managed a subscription groups to gather user accounts and the resources that have Been created by those user accounts for each subscription there are limits or quotas on the amount of resources that you can create and use organizations can use subscriptions to manage costs and the resources that are created by users teams or projects and management groups help you manage access

policy and compliance for multiple subscriptions all subscriptions in a management group automatically inherit the conditions Applied to that management group at the beginning of any cloud governance implementation you identify a cloud organization structure that meets your business needs this step often involves forming a cloud center of excellence team also called a cloud enablement team or a cloud custodian team this team is empowered to implement governance practices from a centralized location for the entire organization teams often start their azure governance Strategy at the subscription level so let's dive right in and see what's involved at this

level there are three main aspects to consider when you create and manage subscriptions billing access control and subscription limits let's look at each of these aspects in more detail you can create one billing report per subscription if you have multiple departments and need to do a chargeback of cloud costs one possible solution is to organize Subscriptions by department or by project resource tags can also help you'll explore tags later in this module when you are defining how many subscriptions you need and what to name them you should take into account your internal billing requirements a

subscription is a deployment boundary for azure resources every subscription is associated with an azure active directory tenant Each tenant provides administrators the ability to set granular access through defined roles by using azure role-based access control when you design your subscription architecture consider the deployment boundary factor for example do you need separate subscriptions for development and for production environments with separate subscriptions you can control access to each one separately and isolate their resources from one Another subscriptions also have some resource limitations for example the maximum number of azure express route circuits per subscription is 10. those

limits should be considered during your design phase if you'll need to exceed those limits you might need to add more subscriptions if you hit a hard limit maximum there's no flexibility to increase it management groups are also available to Assist with managing subscriptions a management group manages access policies and compliance across multiple azure subscriptions you'll learn more about management groups later in this module organizations need to control who has access to their resources this also applies in your cloud environment when you have multiple it and engineering teams how can you control what access they have

to the resources in your cloud environment It is good security practice to grant users only the rights they need to perform their job and only to the relevant resources ordinarily when new resources are created you would have to define the detailed access requirements for each individual and then update their access rights using azure role-based access control are back this process becomes much simpler Azure role-based access control azure are back is the system that allows control over who has access to which azure resources and what those people can do with those resources you achieve control by

assigning roles to users groups or applications at a particular scope a role might be described as a collection of permissions while the scope is the set of resources that the access applies to This diagram shows the relationship between roles and scopes you can apply azure roles at four levels of scope management group a collection of multiple subscriptions subscription resource group and resource scopes are structured in a parent-child relationship each level of hierarchy makes the scope more specific you can assign roles at any of these levels of scope These are some of the built-in roles in

azure that you can assign to users the reader can view resources but is not allowed to make any changes the contributor has full access to manage all resources but is not allowed to assign roles the owner role has full access to manage all resources including the ability to assign roles and azure are back if the built-in roles don't meet the specific needs of your organization you Can create your own custom roles when you assign the owner role to a user at the management group scope that user can manage everything in all subscriptions within the management

group when you assign the reader role to a group at the subscription scope the members of that group can view any resource group and resource within the subscription when you assign the contributor role to an application at the resource group Scope the application can manage resources of all types within that resource group but not other resource groups within the subscription observers users managing resources admins and automated processes illustrate the kinds of users or accounts that would typically be assigned each of the various roles how is azure role-based access control enforced azure rbac is enforced on

any action That's initiated against an azure resource that passes through azure resource manager resource manager is a management service that provides a way to organize and secure your cloud resources azure rbac doesn't enforce access permissions at the application or data level application security must be handled by your application you typically access resource manager from the azure portal azure cloud shell azure Powershell and the azure cli azure rbac uses an allow model when you're assigned a role our back allows you to perform certain actions such as read write or delete the allow model is cumulative that

means if one role assignment grants you read permissions to a resource group and a different role assignment grants you write permissions to the same resource group you have both read and write permissions on that resource group By combining an azure role and a scope you can set finely tailored permissions for your azure resources azure rbac allows you to grant access to azure resources that you control suppose you need to manage access to resources in azure for tailwind traders development engineering and marketing teams you've started to receive access requests and you need to quickly learn how

access management works for azure resources Here are some scenarios you can implement with azure role-based access control allow one user to manage virtual machines in a subscription and another user to manage the virtual network allow a database administrator group to manage sql databases in a subscription and allow a user to manage all resources in a resource group such as virtual machines websites and subnets you can also allow an application to Access all resources in a resource group you'll find the complete list of built-in roles at the end of this module the way you control access

to resources is to create role assignments which control how permissions are enforced a role assignment is the process of attaching a role to a security principle at a particular scope for the purpose of granting access user permissions are based on built-in or custom roles while scope is the set of resources to which The permissions apply a security principle is an object that represents a user group service principle or managed identity that is requesting access to azure resources you can assign a role to an individual person known as a user or to a group which is

a set of users when you assign a role to a group all users within that group are granted that role you can also assign a role to other identity types such as service Principles and managed identities these identity types are used by applications and services to automate access to azure resources tailwind traders have multiple teams with an interest in some part of their overall i.t environment it is important to the company to control access to different resources based on the functions and requirements of the individual teams as you have discovered one of the Benefits for

tailwind traders is that they can use role-based access control to assign roles to either individuals or groups let's review the group setup for tailwind traders i.t administrators this team has ultimate ownership of technology assets both on-premises and in the cloud the team requires full control of all resources backup and disaster recovery this team Is responsible for managing the health of regular backups and invoking any data or system recoveries cost and billing this team track and report on technology related spend they also manage the organization's internal budgets and security operations this team monitors and responds to

any technology related security incidents the team requires ongoing access to log files and security alerts Using azure rbac you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs instead of giving everybody unrestricted permissions in your azure subscriptions or resources you can allow only certain actions at a particular scope now let's take a look at an example of how to manage azure rbac permissions you manage access permissions on the access control i am pane in the azure portal The example in this image is

of the access control pane for a resource group in this example allen shahoon has been assigned the backup operator role for this resource group this pane shows who has access to what scope and what roles applied you can also grant or remove access from this pane as an additional layer of access control we can use azure resource locking a resource lock prevents resources from Being accidentally deleted or changed even with azure rbac policies in place there's still a risk that people with the right level of access could delete critical cloud resources think of a resource

lock as a warning system that reminds you that a resource should not be deleted or changed for example a tailwind traders an it administrator was performing routine cleanup of unused resources in azure the admin accidentally deleted resources That appear to be unused but these resources were critical to an application that's used for seasonal promotions how can resource locks help prevent this kind of incident from happening in the future as an administrator you can lock a subscription resource group or resource to prevent other users in your organization from accidentally deleting or modifying critical resources this is

an example that shows how to add A resource lock from the azure portal to view add or delete locks in the azure portal go to the settings section of any resources settings pane in the azure portal you can also manage resource locks from the azure portal powershell the azure cli or from an azure resource manager template later you'll be given an opportunity to apply a similar resource lock you can set the lock level to cannot delete or Read only in the portal the locks are called delete and read-only respectively cannot delete means authorized people can

still read and modify a resource but they can't delete the resource without first removing the lock and read-only means authorized people can read a resource but they can delete or change the resource applying this lock is like restricting all authorized users to the permissions granted by the reader role in azure are back Although locking helps prevent accidental changes you can still make changes by following a two-step process to modify a locked resource you must first remove the lock after you remove the lock you can apply any action you have permissions to perform this additional step

allows the action to be taken but it helps protect your administrators from doing something they might not have intended to do Resource locks apply regardless of our back permissions even if you're an owner of the resource you must still remove the lock before you can perform the blocked activity what if a cloud administrator accidentally deletes a resource lock if the resource lock is removed its associated resources can be changed or deleted to make the protection process more robust you can combine resource locks with azure blueprints Azure blueprints enables you to define the set of standard

azure resources that your organization requires for example you can define a blueprint that specifies that a certain resource lock must exist azure blueprints can automatically replace the resource lock if the lock is removed you'll learn more about azure blueprints later in this module as your cloud usage grows it's increasingly important to stay organized A good organization strategy helps you understand your cloud usage and can help you manage costs for example as tailwind traders prototypes new ways to deploy its applications on azure it needs a way to mark its test environments so that it can easily

identify and delete resources in these environments when they're no longer needed earlier you learned that you can organize related resources by placing Them in their own subscriptions you can also use resource groups to manage related resources resource tags are another way to organize resources tags provide extra information or metadata about your resources metadata is useful for a variety of purposes including resource management tags enable you to locate and act on resources that are associated with specific workloads environments business Units and owners cost management and optimization tags enable you to group resources so that you can

report on costs allocate internal cost centers track budgets and forecast estimated cost operations management tags enable you to group resources according to how critical their availability is to your business this grouping helps you formulate service level agreements slas an sla is an Uptime or performance guarantee between you and your users security tags enable you to classify data by its security level such as public or confidential governance and regulatory compliance tags enable you to identify resources that align with governance or regulatory compliance requirements such as iso 27001 tags can also be part of your standards enforcement

efforts for example you might require that all resources be Tagged with an owner or department name and workload optimization and automation tags can help you visualize all of the resources that participate in complex deployments for example you might tag a resource with its associated workload or application name and use software such as azure devops to perform automated tasks on those resources you can add modify or delete resource tags through azure portal powershell the azure cli azure the rest api or resource Manager templates you can also manage tags by using azure policy for example you can

apply tags to a resource group but those tags aren't automatically applied to the resources within that resource group you can use azure policy to ensure that a resource inherits the same tags as its parent resource group you can also use azure policy to enforce tagging rules and conventions for example you can require that certain Tags be added to new resources as they are provisioned you can also define rules that reapply tags that have been removed you'll learn more about azure policy later in this module a resource tag consists of a name and a value you

can assign one or more tags to each azure resource after reviewing its business requirements tailwind traders decides on a selection of tags let's take a look a tag name reflects the exact term you Would use for the azure resource tag for example app name cost center owner environment and impact value is a list of all potential values applicable to the resource tag in this example the value refers to the following the name of the application that the resource is part of the internal cost center code the name of The business owner who's responsible for the

resource an environment name such as prod dev or test and the importance of the resource to the business operations such as mission critical high impact or low impact this image shows these tags as they're applied to a virtual machine during provisioning the tailwind traders team can run queries for example from powershell or The azure cli to list all resources that contain these tags keep in mind that you don't need to enforce that a specific tag is present on all of your resources for example you might decide that only mission critical resources have the impact tag

all non-tagged resources would then not be considered as mission critical now that you've identified your governance and business requirements how do you ensure that your resources stay Compliant how can you be alerted if a resources configuration has changed azure policy is a service in azure that enables you to create assign and manage policies that control or audit your resources these policies enforce different rules and effects over your resource configurations so that those configurations stay compliant with corporate standards azure policy enables you to define both Individual policies and groups of related policies known as initiatives azure

policy evaluates your resources and highlights resources that aren't compliant with the policies you've created azure policy can also prevent non-compliant resources from being created azure policy comes with a number of built-in policy and initiative definitions that you can use under Categories such as storage networking compute security center and monitoring for example say you define a policy that allows only a certain stock keeping unit sku size of virtual machines to be used in your environment after you enable this policy that policy is created when you create new vms or resize existing vms azure policy also evaluates

any current vms in your environment in some cases azure policy can Automatically remediate non-compliant resources and configurations to ensure the integrity of the state of the resources for example if all resources in a certain resource group should be tagged with the app name tag at a value of special orders azure policy can automatically reapply that tag if it has been removed azure policy also integrates with azure devops by applying any continuous Integration and delivery pipeline policies that apply to the pre-deployment and post-deployment phases of your applications now let's take a look at azure policy in

action implementing a policy and azure policy involves these three steps create a policy definition assign the definition to resources and review the evaluation results let's examine each step in more detail A policy definition expresses what to evaluate and what action to take for example you could prevent virtual machines from being deployed in certain azure regions you also could audit your storage accounts to verify that they only accept connections from allowed networks every policy definition has conditions under which it's enforced a policy definition also has an accompanying effect that takes place when the Conditions are met

azure policy offers some built-in policies that are available by default let's go through a few examples this policy enables you to specify a set of vm skus that your organization can deploy this policy enables you to restrict the locations that your organization can specify when it deploys resources its effect is used to enforce your geographic compliance requirements This policy requires the multi-factor authentication be enabled for all subscription accounts with right privileges to prevent a breach of accounts or resources cross-origin resource sharing is an http feature that enables a web application running under one domain to

access resources in another domain for security reasons modern web browsers restrict cross-site scripting by default this policy allows only required domains To interact with your web app in this policy enables azure security center to recommend missing security system updates on your servers to implement your policy definitions you assign definitions to resources a policy assignment is a policy definition that takes place within a specific scope this scope could be a management group a collection of multiple subscriptions a single subscription or a resource group policy assignments are inherited by all Child resources within that scope if a

policy is applied to a resource group that policy is applied to all resources within that resource group you can exclude a subscope from the policy assignment if there are specific child resources you need to be exempt from the policy assignment when a condition is evaluated against your existing resources each resource is marked as compliant or non-compliant you can review the non-compliant policy Results and take any action that's needed policy evaluation happens about once per hour if you make changes to your policy definition and create a policy assignment that policy is evaluated over your resources within

the hour an azure policy initiative is a way of grouping related policies into one set the initiative definition contains all of the policy definitions to help track your compliance state for a larger goal For example azure policy includes an initiative named enabled monitoring and azure security center its goal is to monitor all of the available security recommendations for all azure resource types in azure security center under this initiative the following policy definitions are included this policy monitors for unencrypted sql databases and servers this policy Monitors servers that don't satisfy the configured os vulnerability baseline in

this policy monitors for servers that don't have an installed endpoint protection agent in fact the enable monitoring and azure security center initiative contains over 100 separate policy definitions azure policy also includes initiatives that support regulatory compliance standards such as hipaa and iso 27001 this image shows a few example azure Policy initiatives you define initiatives by using the azure portal or by using command line tools from the azure portal you can search the list of built-in initiatives that are already provided by azure you also can create your own custom policy definition like a policy assignment an

initiative assignment is an initiative definition that's assigned to a specific scope of a management group a subscription or a resource group Even if you have only a single policy an initiative enables you to increase the number of policies over time because the associated initiative remains assigned it's easier to add and remove policies without the need to change the policy assignment for your resources so far you've explored a number of azure features that can help you implement your governance decisions monitor the compliance of your cloud resources and Control access and protect critical resources from accidental deletion

what happens when your cloud environment starts to grow beyond just one subscription how can you scale the configuration of these features knowing they need to be enforced for resources in new subscriptions instead of having to configure features like azure policy for each new subscription with azure blueprints you can define a repeatable set of governance tools and standard Azure resources that your organization requires in this way development teams can rapidly build and deploy environments in compliance with organizational standards by using a set of built-in components that speed the development and deployment phases azure blueprints orchestrates the

deployment of various resource templates and other artifacts such as role assignments policy assignments Azure resource manager templates and resource groups when you form a cloud center of excellence team or a cloud custodian team that team can use azure blueprints to scale their governance practices throughout the organization implementing a blueprint in azure blueprints involves these three steps create a blueprint assign the blueprint and track the blueprint assignments with azure blueprints the relationship Between the blueprint definition what should be deployed and the blueprint assignment what was deployed is preserved in other words azure creates a record that

associates a resource with a blueprint that defines it this connection helps you track and audit your deployments blueprints are also versioned versioning enables you to track and comment on changes to your blueprint each component In the blueprint definition is known as an artifact artifacts can have no parameters an example is the deploy threat detection on sql servers policy which requires no further configuration artifacts can also contain one or more parameters that you can configure this image shows the allowed locations policy this policy includes a parameter that specifies the allowed locations you can specify a parameter's

value when you create the blueprint definition or when You assign the blueprint definition to a scope in this way you can maintain one standard blueprint but have the flexibility to specify the relevant configuration parameters at each scope where the definition is assigned how will tailwind traders use azure blueprints for iso 27001 compliance iso 27001 is a standard that applies to the security of i.t systems published by the international organization for standardization as part of its quality Process tailwind traders wants to certify that it complies with this standard azure blueprints has several built-in blueprint definitions that

relate to iso 27001 as an i.t administrator you decide to investigate the iso 27001 shared services blueprint definition let's take a look at the outline of your plan first define a management group that's named prodmg second recall that a Management group manages access policies and compliance across multiple azure subscriptions every new azure subscription is added to this management group when the subscription is created third create a blueprint definition that's based on the iso 27001 shared services blueprint template then publish the blueprint last assign the blueprint to your prodmg management group The following image shows artifacts

that are created when you run an iso 27001 blueprint from a template you see that the blueprint template contains policy assignments resource manager templates and resource groups the blueprint deploys these artifacts to any existing subscriptions within the prodmg management group the blueprint also deploys these artifacts to any new subscriptions as they're created and added to the Management group congratulations you have completed cloud governance strategy let's look back on your journey you've been tasked with defining and implementing the governance strategy for tailwind traders cloud governance requires good analysis and requirement gathering luckily the cloud adoption framework

for azure can help you define and implement your governance strategy there are several services and features At azure to support these efforts these services and features include azure role-based access control as your rbac a feature that enables you to create roles that define access permissions resource locks a feature that prevents resources from being accidentally deleted or changed resource tags a feature that provides extra information or metadata about your resources azure policy a service in azure that enables you to create assign And manage policies that control or audit your resources and azure blueprints a service that

enables you to define a repeatable set of governance tools and standard azure resources that your organization requires with these points in mind you're ready to take the next step towards building a good cloud governance strategy hello and welcome to this lesson on privacy compliance and data protection standards As tailwind traders moves to running its applications in the cloud it wants to know how azure adheres to applicable regulatory compliance frameworks the company asks how compliant is azure when it comes to handling personal data how compliant are each of azure's individual services up until now tailwind traders

are used to having full control of all of their application data which is stored on servers that it manages in its data center Tailwind traders knows that moving an application to the cloud means the data is now outside of its own walls the company also understands that the cloud provider has access to the server hardware and infrastructure how is the privacy of its application data protected tailwind traders must also adhere to multiple regulatory and compliance frameworks for example it must follow certain rules to ensure that it properly Handles credit card data it will still need

to ensure that its applications comply with applicable regulations and standards how does infrastructure on azure already adhere to these same standards to answer these questions let's start by learning about the types of compliance offerings that are available on azure after completing this module you'll be able to describe the types of compliance Offerings that are available on azure you will look at how to access the microsoft privacy statement the online services terms and the data protection addendum to learn what personal data microsoft collects how microsoft uses it and for what purposes you will also gain insight

into regulatory standards and compliance on azure from the trust center and from the azure compliance documentation finally you will explore the azure Capabilities that are specific to government agencies in this video you will look at how the microsoft privacy statement the online services terms and the data protection addendum explain what personal data microsoft collects how microsoft uses it and for what purposes for tailwind traders understanding microsoft's commitment to privacy helps ensure that their customer and application data will be protected Let's begin with a brief look at the microsoft privacy statement the microsoft privacy statement explains

what personal data microsoft collects how microsoft uses it and for what purposes the privacy statement covers all of microsoft services websites apps software servers and devices this list ranges from enterprise and server products to devices that you use in your home to software that students Use at school microsoft's privacy statement also provides information that's relevant to specific products such as windows and xbox the online services terms or ost is a legal agreement between microsoft and the customer the ost details the obligations by both parties with respect to the processing and security of customer data and

personal data the ost applies specifically to microsoft's online services that you License through subscription including azure dynamics 365 office 365 and bing maps the data protection addendum or dpa further defines the data processing and security terms for online services these terms include compliance with laws disclosure of process data data security which includes security practices and policies data encryption data access customer responsibilities and compliance with auditing data transfer retention and deletion to access the dpa you can Do the following go to the licensing terms and documentation page in the search bar enter dpa from the search

results locate the link to the dpa in your preferred language alternatively in the search bar that appears enter your preferred language to filter the results here's an example that retrieves the english version of the dpa transparency is also very important when it comes to how a cloud provider Communicates its privacy policies and how it treats your data the microsoft privacy statement the ost and the dpa detail microsoft's commitment to protecting data and privacy in the cloud here you'll learn how to access detailed documentation about legal and regulatory standards and compliance on azure ecommerce is an

important part of tailwind trader's sales strategy its online retail stores enables customers To easily browse and order products customers typically pay by credit card so tailwind traders has a responsibility under the payment card industry data security standard or pci dss this global information security standard known as pci dss seeks to prevent fraud through increased control of credit card data the standard applies to any organization that stores processes or transmits payment and cardholder data You've been tasked with investigating whether hosting the company's e-commerce application on azure would be compliant with pci dss to do this you

start with the azure compliance documentation the azure compliance documentation provides you with detailed documentation about legal and regulatory standards and compliance on azure here you find compliance offerings across the following categories Global us government financial services health media and manufacturing regional there are also additional compliance resources such as audit reports privacy information compliance implementations and mappings and white papers and analyst reports country and region privacy and compliance guidelines are also included it's important to note that some resources might require you to be signed into your cloud service in Order to access them azure government is

a separate instance of the microsoft azure service it addresses the security and compliance needs of u.s federal agencies state and local governments and their solution providers azure government offers physical isolation from non-us government deployments and provides screened u.s personnel azure government services handle data that is subject to certain Government regulations and requirements for example the national institute of standards and the department of defense to provide the highest level of security and compliance azure government uses physically isolated data centers and networks located only in the u.s azure government customers such as the us federal state and

local government or their partners are subject to validation of eligibility azure government provides the broadest compliance and level 5 Department of defense approval azure government is available in 8 geographies and offers the most compliance certifications of any cloud provider let's explore microsoft azure china 21 vianet in order to comply with government regulation azure services in china are operated by 21 via net which is based on the technologies licensed from microsoft azure china 21 via net is a physically separated instance of cloud services Located in china azure china 21 vianet is independently operated and transacted by

shanghai blue cloud technology company or 21 vianet this is a wholly owned subsidiary of beijing 21 vianet broadband data center company the reason for this compliance according to the china telecommunication regulation providers of cloud services infrastructure as a service or is and platform as a service or pass must have Value added telecom permits and only locally registered companies with less than 50 foreign investment qualify for these permits to comply with this regulation the azure service in china is operated by 21 vianet based on the technologies licensed from microsoft the azure services are based on the

same azure office 365 and power bi technologies that make up the microsoft global cloud service with comparable service levels Azure agreements and contracts in china where applicable are signed between customers and 21 via net this results in two major differences between the azure global service and azure china service these are operation model and service availability microsoft azure services operated by 21 vianet are a standalone instance separating from azure global services therefore the service availability is not identical to global Azure however this does not change the quality of available services as the first foreign public cloud

service provider offered in china in compliance with government regulations azure china 21 vianet provides world-class security as required by chinese regulations for all systems and applications built on its architecture congratulations you have completed this lesson on privacy compliance and data protection Standards in this lesson you learned about the types of compliance offerings that are available on azure you learned how to access the microsoft privacy statement the online services terms and the data protection addendum to learn what personal data microsoft collects how microsoft uses it and for what purposes you gained insight into azure regulatory standards

and compliance by accessing the trust center and from the azure Compliance documentation finally you explored azure's capabilities that are specific to government agencies hello and welcome in this module you will learn about managing costs and service level agreements or sla service cycles lesson one will focus on the cost of running in the cloud and lesson two will cover service level agreements in azure let's get started by exploring the major Factors that influence the cost of running in the cloud along the way you'll get hands-on experience with some of the tools you can use to estimate

the costs of running your workloads on azure to help ensure that you stay within budget and use only the services that you need let's turn to our case study so you can apply where you learn tailwind traders is planning its migration to the cloud the company has Run a few successful proof of concept projects and wants to better understand how to manage its costs before it moves its workloads to azure running in the data center requires you to maintain a facility and purchase power cool and maintain your servers running in the cloud presents new ways

to think about your it expenses to answer the question of how much it will cost you need to understand the factors that influence cost you also need to Understand what tools are available to you to help estimate and manage your cloud spend using this scenario after you complete this lesson you'll be able to use the total cost of ownership calculator to compare your current data center costs to running the same workloads on azure describe the different ways you can purchase azure products and services use the pricing calculator to estimate The monthly cost of running your

cloud workloads define some of the major factors that affect total cost and apply recommended practices to minimize cost before tailwind traders takes its next steps toward migrating to the cloud it wants to better understand what it spends today in its data center having a firm understanding of where the company is today will give it a greater sense of what cloud migration means in Terms of cost now you'll see how the total cost of ownership calculator can help you compare the cost of running in the data center versus running on azure the total cost of ownership

or tco calculator helps you estimate the cost savings of operating your solution on azure over time instead of in your on-premises data center the term total cost of ownership is commonly used in finance It can be hard to see all the hidden costs related to operating a technology capability on premises software licenses and hardware are additional costs with the tco calculator you enter the details of your on-premises workloads for servers storage costs i.t labor costs and other assumptions that may apply to your business then you review the suggested industry average cost which you can adjust

for related operational costs These costs include hardware and software electricity data center networking and storage and it labor you're then presented with a side-by-side report using the report you can compare those costs with the same workloads running on azure you don't need an azure subscription to work with the tco calculator working with the tco calculator involves three steps Define your workloads adjust assumptions view the report let's take a closer look at each step the first step define your workloads is where you enter the specifications of your on-premises infrastructure into the tco calculator based on these

four categories the servers category includes operating systems virtualization methods cpu cores and memory ram the databases category includes database Types server hardware and the azure service you want to use which includes the expected maximum concurrent user sign-ins the storage category includes storage type and capacity which includes any backup or archive storage and the networking category includes the amount of network bandwidth you currently consume in your on-premises environment in step two you adjust your assumptions about your operating costs Here you specify whether your current on-premises licenses are enrolled for software assurance if they are you can

save money by reusing those licenses on azure you can also specify whether you need to replicate your storage to another azure region for greater redundancy then you can also see the key operating cost assumptions across several different areas you might need to adjust these to more accurately reflect your Situation these costs have been certified by nucleus research an independent research company for example these costs include electricity price per kilowatt hour network maintenance cost as a percentage of network hardware and software costs hourly pay rate for it administration to improve the accuracy of the tco calculator

results you adjust the values so that they match the costs of your Current on-premises infrastructure in step 3 you generate a report based on your answers in steps one and two you start by choosing a time frame between one and five years the tco calculator generates a report that's based on the information you've entered for each category compute data center networking storage and i.t labor you can also view a side-by-side comparison of the cost breakdown of operating those workloads on premises versus operating Them on azure you can download share or save this report to review

later next we will go back to our case study and use the tco calculator to help the tailwind traders team understand their total costs now you'll learn how to purchase azure services and get a sense for other factors that affect cost you meet with your chief financial officer and some of the team leads you learn about some assumptions you've missed you were able To quickly update your total estimated spend through the tco calculator during the meeting some new questions arose as the discussion moved toward cloud migration what types of azure subscriptions are available how do

we purchase azure services does location or network traffic affect cost what other factors affect the final cost how can we get a more detailed estimate of the cost to run on azure it's important to learn how costs are Generated and azure so that you can understand how your purchasing and solution design decisions can impact your final cost you agree to research these questions so let's review each one in greater detail you probably know that an azure subscription provides you with access to azure resources such as virtual machines storage and databases the types of resources you

use impact your monthly bill Azure offers both free and paid subscription options to fit your needs and requirements they are free trial pay as you go and member offers let's examine these subscription models a free trial subscription provides you with 12 months of popular free services a credit to explore any azure service for 30 days and over 25 services that are always free your azure services are disabled when the trial ends or when your credit expires for paid products unless you Upgrade to a paid subscription a pay-as-you-go subscription enables you to pay for what you

use by attaching a credit or debit card to your account organizations can apply for volume discounts and prepaid invoicing your existing membership to certain microsoft products and services might provide you with credits for your azure account and reduced rates on azure services for example member offers are available to visual studio subscribers microsoft Partner network members microsoft for startups members and microsoft imagine members there are three main ways to purchase services on azure through an enterprise agreement directly from the web and through a cloud solution provider let's look at each of these now large customers known

as enterprise customers can sign an enterprise agreement with microsoft this agreement Commits them to spending a predetermined amount on azure services over a period of three years the service fee is typically paid annually as an enterprise agreement customer you'll receive the best customized pricing based on the kinds and amounts of services you plan on using here you purchase azure services directly from the azure portal website and pay standard prices you're billed monthly as a credit card payment or Through an invoice this purchasing method is known as web direct a cloud solution provider or csp is

a microsoft partner who helps you build solutions on top of azure your csp bills you for your azure usage at a price they determine they also answer your support questions and escalate them to microsoft as needed you can bring up or provision azure resources from the azure portal or from the command line The azure portal arranges products and services by category you select the services that fit your needs your account is billed according to azure's pay for what you use model at the end of each month you're billed for what you've used at any time

you can check the cost management and billing page in the azure portal to get a summary of your current usage and review invoices from prior months the way you use resources your Subscription type and pricing from third-party vendors have an impact on the cost of your azure implementation among these factors that affect your costs are resource type usage meters resource usage azure subscription types and azure marketplace let's take a quick look at each of these a number of factors influence the cost of azure resources they depend on the type of resource or how you customize

it for example with a storage account you Specify a type such as a block blob storage or table storage a performance tier standard or premium and an access tier hot cool or archive these selections present different costs when you provision a resource azure creates meters to track usage of that resource azure uses these meters to generate a usage record that's later used to help calculate your bill think of usage meters similar to how you Use electricity or water in your home you might pay a base price each month for electricity or water service but your

final bill is based on the total amount that you consumed let's look at a single vm as an example the following kinds of meters are relevant to tracking its usage overall cpu time time spent with a public ip address incoming ingress or outgoing egress network traffic in and out of the vm Disk size and amount of disk read and disk write operations each meter tracks a specific type of usage for example a meter might track bandwidth usage ingress or egress network traffic in bits per second number of operations or its size storage capacity and bytes

the usage that a meter tracks correlates to a quantity of billable units those units are charged to your account for each billing period the rate per billable unit depends on The resource type you're using in azure you're always charged based on what you use as an example let's look at how this billing applies to deallocating a vm to reduce costs you can delete or deallocate a vm deleting a vm means that you no longer need it the vm is removed from your subscription and is no longer available deallocating a vm means that the vm is

no longer running but the associated Hard disks and data are still kept in azure the vm isn't assigned to a cpu or network in azure's data center so it doesn't generate the costs associated with compute time or the vm's ip address because the disks and data are still stored and the resource is present in your azure subscription you're still billed for disk storage deallocating a vm when you don't plan on using it for some time is just one way to minimize costs For example you might deallocate the vms you use for testing purposes on weekends

when your testing team isn't using them you'll learn more about ways to minimize cost later in this module some azure subscription types also include usage allowances which affect costs for example an azure free trial subscription provides access to a number of azure products that are free for 12 months it also includes credit to spend within your first 30 days of sign up And you get access to more than 25 products that are always free based on resource and regional availability you can also purchase azure-based solutions and services from third-party vendors through azure marketplace examples include

managed network firewall appliances or connectors to third-party backup services billing structures are set by the vendor when you provision a resource in azure you need to define the location known as the Azure region where it will be deployed let's see why this decision can have cost consequences azure infrastructure is distributed globally which enables you to deploy your services centrally or provision your services closest to where your customers use them different regions can have different associated prices because geographic regions can impact where your network traffic flows network Traffic is a cost influence to consider as well

for example say tailwind traders decides to provision its azure resources in the azure regions that offer the lowest prices that decision would save the company some money but if they need to transfer data between those regions or if their users are located in different parts of the world any potential savings could be offset by the additional network usage Costs of transferring data between those resources billing zones are a factor in determining the cost of some azure services bandwidth refers to data moving in and out of azure data centers some inbound data transfers data going into

azure data centers are free for outbound data transfers data leaving azure data centers data transfer pricing is based on zones A zone is a geographical grouping of azure regions for billing purposes the following zones include some of the regions as shown here zone 1 australia central west u.s east to west canada west west europe french central and others zone 2 australia east japan west central india korea south and others zone 3 brazil south south africa north south africa west uae central uae north de zone 1 germany central germany Northeast as you've learned an accurate cost

estimate takes all of the preceding factors into account fortunately the azure pricing calculator helps you with that process the pricing calculator displays azure products and categories you add these categories to your estimate and configure according to your specific requirements you then receive a consolidated estimated price with a detailed breakdown of the costs Associated with each resource you added to your solution you can export or share that estimate or save it for later you can load a saved estimate and modify it to match updated requirements you also can access pricing details product details and documentation for

each product from within the pricing calculator a region is the geographical location in which you can provision a service Southeast asia western united states and northern europe are a few examples tiers such as the free tier or basic tier have different levels of availability or performance and different associated costs billing options highlight the different ways you can pay for a service options can vary based on your customer type and subscription type and can include options to save costs support options enable you to select Additional support pricing options for certain services in programs and offers your

customer or subscription type might enable you to choose from specific licensing programs or other offers azure dev test pricing lists the available prices for development and test workloads dev test pricing applies when you run resources within an azure subscription that's based on a dev test offer Keep in mind that the pricing calculator provides estimates and not actual price quotes actual prices can vary depending upon the date of purchase the payment currency you're using and the type of azure customer you are as a home improvement retailer the proverb measure twice cut ones is fitting for the

team at tailwind traders here are some recommended practices that can help you minimize your costs first it's important to understand estimated Costs before you deploy to help you plan your solution on azure carefully consider the products services and resources you need read the relevant documentation to understand how each of your choices is metered and billed calculate your projected costs by using the pricing calculator and the tco calculator only add the products services and resources that you need for your Solution ideally you want your provisioned resources to match your actual usage azure advisor identifies unused or

underutilized resources and recommends unused resources that you can remove this information helps you configure your resources to match your actual workload azure advisor recommendations are sorted by impact high medium or low in some cases azure advisor can automatically remediate or fix the Underlying problem other issues such as the two that are listed as high impact require human intervention if you have a free trial or a credit-based azure subscription you can use spending limits to prevent accidental overrun for example when you spend all the credit included with your azure free account azure resources that you deployed

are removed from production and your azure virtual machines are stopped And deallocated the data in your storage accounts is available as read-only at this point you can upgrade your free trial subscription to a pay-as-you-go subscription if you have a credit-based subscription and you reach your configured spending limit azure suspends your subscription until a new billing period begins a related concept is quotas or limits on the number of similar resources that you can provision within your subscription For example you can allocate up to 25 000 vms per region these limits mainly help microsoft plan its data

center capacity azure reservations offer discounted prices on certain azure services azure reservations can save you up to 72 percent as compared to pay-as-you-go prices to receive a discount you reserve services and resources by paying an advance Example you can prepay for one year or three years of use of vms database compute capacity database throughput and other azure resources this example shows estimated savings on vms in this example you save an estimated 72 percent by committing to a three-year term azure reservations are available to customers with an enterprise agreement cloud solution providers and Pay-as-you-go subscriptions the

cost of azure products services and resources can vary across locations and regions if possible you should use them in those locations and regions where they cost less but remember some resources are metered and billed according to how much outgoing egress network bandwidth they consume you should provision connected resources that are metered by bandwidth in the Same azure region to reduce egress traffic between them keep up to date with the latest azure customer and subscription offers and switch to offers that provide the greatest cost saving benefit azure cost management and billing is a free service that

helps you understand your azure bill manage your account and subscriptions monitor and control azure spending and optimize resource use this image shows current usage broken Down by service in this example azure app service a web application hosting service generates the greatest cost azure cost management and billing provides a number of features with reporting you can use historical data to generate reports and forecast future usage and expenditure data enrichment allows you to improve accountability by categorizing resources with tags that correspond to real-world Business and organizational units you can create and manage cost and usage budgets by

monitoring resource demand trends consumption rates and cost patterns with alerts you can set alerts based on your cost and usage budgets you can receive recommendations to eliminate idle resources and to optimize the azure resources you provision tags help you manage costs associated with the different groups of azure Products and resources you can apply tags to groups of azure resources to organize billing data for example if you run several vms for different teams you can use tags to categorize costs by department such as human resources marketing or finance or by environment such as test or production

tags make it easier to identify groups that generate the biggest azure costs which can help you adjust your spending accordingly this image shows a year's Worth of usage broken down by tags on the azure cost management plus billing page a common recommendation that you'll find from azure cost management and billing and azure advisor is to resize or shut down vms that are under utilized or idle as an example say you have a vm whose size is standard d4v4 a general purpose vm type with four vcpus and 16 gigabytes of memory you might discover that this

vm is idle 90 of the time virtual machine costs are linear and double for each size larger in the same series so in this case if you reduce the vm size from standard d4 v4 to standard d2 v4 which is the next size lower you reduce your compute cost by 50 percent keep in mind that resizing a vm requires it to be stopped resized and then restarted this process might take a few minutes Depending on how significant the size change is be sure to properly plan for an outage or shift your traffic to another instance

while you perform resize operations recall that to deallocate a vm means to no longer run the vm but preserve the associated hard disks and data in azure if you have vm workloads that are only used during certain periods but you're running them every hour of every day You're wasting money these vms are great candidates to shut down when not in use and start back when you need them saving you compute costs while the vm is deallocated this approach is an excellent strategy for development and testing environments where the vms are needed only during business hours

azure even provides a way to automatically start and stop your vms on a schedule This recommendation might sound obvious but if you aren't using a resource you should shut it down it's not uncommon to find non-production or proof-of-concept systems that are no longer needed following the completion of a project regularly review your environment and work to identify these systems shutting down these systems can have a dual benefit by saving you on infrastructure costs and potential savings on licensing and operating costs As you move your workloads to the cloud a natural evolution is to start with

infrastructure as a service or i as services because they map more directly to concepts and operations you're already familiar with over time one way to reduce costs is to gradually move is workloads to run on platform as a service or pass services while you can think of ias as direct access to compute infrastructure paths provides ready-made development And deployment environments that are managed for you as an example say you run sql server on a vm running on azure this configuration requires you to manage the underlying operating system set up a sql server license manage software

and security updates and so on you also pay for the vm whether or not the database is processing queries one way to potentially save costs is to move your database from sql server on a Vm to azure sql database azure sql database is based on sql server not only are paas services such as azure sql database often less expensive to run but because they're managed for you you don't need to worry about software updates security patches or optimizing physical storage for read and write operations licensing is another area that can dramatically impact your cloud spending

Let's look at some ways you can reduce your licensing costs you should also choose a cost-effective operating system many azure services provide a choice of running on windows or linux in some cases the cost depends on which you choose when you have a choice and your application doesn't depend on the underlying operating system it's useful to compare pricing to see whether you Can save money if you've purchased licenses for windows server or sql server and your licenses are covered by software assurance you might be able to repurpose those licenses on vms on azure some of

the details vary between windows server or sql server we'll provide resources at the end of this module where you can learn more tailwind traders is taking a methodical approach toward cloud migration while proof-of-concept projects can help Demonstrate technical feasibility having a clear picture of the total cost of running in the cloud will further help the team validate its approach to start the tailwind traders team used the total cost of ownership calculator to estimate the cost savings of operating its solution on azure instead of in its on-premises data center from there the team used the pricing

calculator to get a more detailed estimate for running a typical workload On azure each month the team also created a checklist of cost-saving measures that he can use to help keep down costs this list includes perform cost analysis before you deploy use azure advisor to monitor your usage use spending limits to prevent accidental spending use azure reservations to prepay choose low-cost locations and regions research available cost-saving offers apply tags to identify cost owners with These measures in place the tailwind traders team is ready to take the next steps toward cloud migration as next steps if

you run existing workloads on premises or in the data center try entering your existing workloads in the total cost of ownership calculator to see how the cost of running on azure compares to what you pay today then use the azure documentation to map your current infrastructure to cloud services Use the pricing calculator to get a more accurate picture of what it would cost to run your existing workloads on azure hello again in this lesson you'll learn about service level agreements or slas and azure and how they can affect your application design decisions you'll also learn

about the life cycle of new azure services from preview to general availability moving to the cloud removes the burden of supporting it infrastructure when Network connectivity is lost or hard drive fails you rely on the cloud provider to restore service tailwind trader's i.t department hosts applications and services in its data center for the rest of the company the it department has agreements with other teams in place that state how available those services will be which includes when and how planned maintenance can happen as tailwind traders moves its workloads To azure and no longer has full

control over the hardware and networks how will its agreements around availability be affected with this scenario in mind and after you complete this lesson you'll be able to describe what an sla is and why slas are important identify factors such as the service tier you choose that can affect an sla combine slas to compute a composite sla describe the service life cycle in azure Including how to access new capabilities that are coming to azure a service level agreement or sla is a formal agreement between a service company and the customer for azure this agreement defines

the performance standards that microsoft commits to for you the customer now you'll learn more about azure slas including why slas are important where you can find the sla for a specific azure service and what you'll find in a Typical sla slas are an important part of your azure subscription understanding the sla for each azure service you use helps you know what guarantees you can expect when you build applications on azure the availability of the services that you use affect your application's performance understanding the slas involved can help you establish the sla you set with your

Customers later you'll learn about some strategies you can use when an azure sla doesn't meet your needs you don't need an azure subscription to review service slas each azure service defines its own sla service level agreements or slas describe microsoft's commitments for uptime and connectivity you can find the sla for individual azure services on the service level agreement section of the Azure.microsoft.com website as an example we will use the sla for azure database for mysql a managed database that makes it easy for developers to work with mysql databases you can access this sla from service

level agreements in the azure documentation as your services are organized by category under the databases category you can select azure database for mysql a typical sla breaks down into these sections introduction General terms and sla details the introduction explains what to expect in the sla including its scope and how subscription renewals can affect the terms the general terms contain terms that are used throughout the sla so that both parties you and microsoft have a consistent vocabulary for example this section might define what's meant by downtime incidents and error codes this section also defines the general

terms of the agreement including how to submit A claim receive credit for any performance or availability issues and limitations of the agreement the details section defines the specific guarantees for the service performance commitments are commonly measured as a percentage that percentage typically ranges from ninety nine point nine percent or three nines to ninety nine point nine nine percent four nines the primary performance commitment typically focuses on uptime or the Percentage of time that a product or service is successfully operational some slas focus on other factors as well including latency or how fast the service must

respond to a request this section also defines any additional terms that are specific to the service the sla for azure database for my sql focuses mainly on uptime azure database for mysql guarantees 99.99 or four nines uptime this means that the service is Guaranteed to be running and available to process requests 99.99 of the time downtime refers to the time duration that the service is unavailable the difference between 99.9 percent and 99.99 might seem minor but it's important to understand what these numbers mean in terms of total downtime this table shows how the total downtime

decreases as the sla percentage increases from 99 To 99.999 for example a 99.9 sla has a downtime of 8.76 hours per year while the 99.99 sla drops down to 5.26 minutes these amounts are cumulative which means that the duration of multiple different service outages would be combined or added together a service credit is the percentage of the fees you paid that are credited back to you according to the claim approval Process an sla describes how microsoft responds when an azure service fails to perform to its specification for example you might receive a discount on your

azure bill as compensation when a service fails to perform according to its sla credits typically increase as uptime decreases for example an uptime of under 99.00 will give you a 10 service credit an uptime under 95 Will give you a 100 service credit free products typically don't have an sla for example many azure services provide a free or shared tier that provides more limited functionality services like azure advisor are always free the sla for azure advisor states that because it's free it doesn't have a financially backed sla azure status provides a global view of The

health of azure services and regions if you suspect there's an outage this is often a good place to start your investigation azure status also provides an rss feed of changes to the health of azure services that you subscribe to you can connect this feed to communication software such as microsoft teams or slack from the azure status page you can also access azure service health this provides a personalized view of the Health of the azure services and regions that you're using directly from the azure portal typically you need to file a claim with microsoft to receive

a service credit if you purchase azure services from a cloud solution provider or csp partner your csp typically manages the claim process each sla specifies the timeline by which you must submit your claim and when microsoft processes your claim for many services you must submit your claim by The end of the calendar month following the month in which the incident occurred next let's take a look at some other factors that tailwind traders might need to consider that might affect sla performance targets an application sla defines the sla requirements for a specific application this term typically

refers to an application that you build on azure tailbind traders runs an application that is built on azure called special Orders the application tracks special orders that customers have placed in the company's retail stores a special order includes an item and any customizations that the customer needs for example a folding door might include customizations such as dimension and hinge placement because customizations typically require special handling the customized item needs to be ordered from the supplier when a customer needs it there are many Design decisions you can make to improve the availability and resiliency of the

applications and services you build on azure these decisions extend beyond just the sla for a specific service in this part you'll explore a few of these considerations a good place to start is to have a discussion with your team about how important the availability of each application is to your business we will Cover a few factors that ailment traders might consider now if the special orders application goes down customers can't place new orders through the store and staff can't check the status of existing orders customers will either need to try again later or possibly go

to a competitor the special orders application doesn't affect other operations so the majority of the tailwind traders business will continue to function normally if the Special orders application went down usage patterns define when and how users access your application one question to consider is whether the availability requirement differs between critical and non-critical time periods for example a tax filing application can't fail during a filing deadline for tailwind traders retail stores aren't open 24 hours a day so if the application were down in the middle of the night the impact would be minimal However because tailwind

traders has retail locations all over the world it will need to ensure that each location has access to the service during its retail hours let's say the tailwind traders decides that an sla of 99.9 is acceptable for the special orders application this gives the company an estimated downtime of 10.1 minutes per week but how will it ensure that its Technology choices support its application sla next you'll see how the team maps its application requirements to specific azure services you'll learn about some of the techniques you can use to help ensure that your technology choices meet

your application sla tailwind traders decides that an sla of 99.9 is acceptable for the special orders application recall that this gives the company an Estimated downtime of 10.1 minutes per week now you need to design an efficient and reliable solution for this application on azure keeping that application sla in mind you'll select the azure products and services you need and provision your cloud resources according to those requirements in reality failures will happen hardware can fail the network can have Intermittent timeout periods while it's rare for an entire service or region to experience a disruption you

still need to plan for such events let's follow the process tailwind traders uses to ensure that its technology choices meet its application sla a workload is a distinct capability or task that's logically separated from other tasks in terms of business logic and data storage requirements Each workload defines a set of requirements for availability scalability data consistency and disaster recovery on azure the special orders application will require two virtual machines one instance of azure sql database and one instance of azure load balancer this diagram shows the basic architecture after you've identified the sla for the individual

workloads in the special orders application you might notice that Those slas are not all the same how does this affect our overall application sla requirement of 99.9 percent to work that out you'll need to do some math the process of combining slas helps you compute the composite sla for a set of services computing the composite sla requires that you multiply the sla of each individual service from service level agreements you discover the sla For each azure service that you need they are 99.9 for azure virtual machines recall that you need two virtual machines therefore you

include the virtual machines sla of 99.9 two times in the formula 99.99 for sql database and 99.99 for azure load balancer therefore for the special orders application the composite sla would be 99.78 percent note that even though all the individual services have slas equal to or better than the application sla combining them results in an overall number that is lower than the 99.9 percent you need why because using multiple services adds an extra level of complexity and slightly increases the risk of failure you see here that the composite sla of 99.78 Doesn't meet the required

sla of 99.9 you might go back to the team and ask whether this is acceptable or you might implement some other strategies into your design to improve this sla for the special orders application the composite sla doesn't meet the required sla of 99.9 percent let's look at a few strategies that tailwind traders might consider you can choose customization options that fit your required sla Each of the workloads defined previously has its own sla and the customization choices you make when you provision each workload affects that sla let's look at disks and tiers with virtual machines

you can choose from a standard hdd managed disk a standard ssd managed disk or a premium ssd or ultra disk the sla for a single vm would be either 95 percent 99.5 or 99.9 percent depending on the disk Choice some azure services are offered as both a free tier product and as a standard paid service for example azure automation provides 500 minutes of job run time in an azure free account but is not backed by an sla the standard tier sla for azure automation is 99.9 percent make sure that your purchasing decisions take into account

the impact on the sla for the azure services that you choose doing so ensures that the sla supports Your required application sla here tailwind traders might choose the ultra disk option for its virtual machines to help guarantee greater uptime there are application design considerations you can use that relate to the underlying cloud infrastructure for example to improve the availability of the application avoid having any single points of failure so instead of adding more virtual machines you can deploy one or more extra instances of The same virtual machine across the different availability zones in the same

azure region an availability zone is a unique physical location within an azure region each zone is made up of one or more data centers equipped with independent power cooling and networking these zones use different schedules for maintenance so if one zone is affected your virtual machine instance in the other zone is unaffected deploying two or more instances of an Azure virtual machine across two or more availability zones raises the virtual machine sla to 99.99 recalculating your composite sla above with this virtual machines sla gives you an application sla of 99.96 percent this revised sla of

99.96 exceeds your target of 99.9 percent to learn more about the sla for virtual machines you visit the sla for virtual machines section of the azure.microsoft.com Website to ensure high availability you might plan for your application to have duplicate components across several regions known as redundancy conversely to minimize costs during non-critical periods you might run your application only in a single region tailwind traders might consider this if there's a trend that the special orders rates are much higher during certain months or seasons To achieve maximum availability in your application add redundancy to every single part

of the application this redundancy includes the application itself as well as the underlying services and infrastructure be aware however that doing so can be difficult and expensive and often results in solutions that are more complex than they need to be consider how critical high availability is to your requirements before you add Redundancy there may be simpler ways to meet your application sla performance targets above 99.99 are very difficult to achieve recall that an sla of 99.99 means 10.1 minutes of downtime per week it's difficult for humans to respond to failures quickly enough to meet sla

performance targets above 99.99 instead your application must be able to self-diagnose and self-heal during an outage Now that tailwind traders has its applications up and running it wants to start looking into new capabilities one option is to look at preview services now you'll learn how azure services go from the preview phase to being generally available for tailwind traders migration from the data center to azure is more about operational efficiency the research and development team is looking into new cloud-based features That will keep them ahead of the competition tailwind traders is experimenting with a custom drone

delivery system for customers in rural areas the company needs the ability to use real-time storm tracking in the drone guidance system but the feature isn't ready yet in this scenario you will work with ai storm analyzer a fictitious azure service introduced here for illustration purposes only Ai storm analyzer service has just entered the public preview phase so tailwind traders has decided to incorporate it into the early stages of application testing before the team moves forward it wants a better understanding of how preview services affect its sla let's begin by defining the azure service lifecycle the

service life cycle defines how every azure service is released for public use Every azure service starts in the development phase in this phase the azure team collects and defines its requirements and begins to build the service next the service is released to the public preview phase during this phase the public can access and experiment with it so that it can provide feedback your feedback helps microsoft improve services more importantly providing feedback gives you The opportunity to request new or different capabilities so that services better meet your needs after a new azure service is validated and

tested it's released to all customers as a production ready service this is known as general availability or ga each azure preview defines its own terms and conditions all preview specific terms and conditions supplement your existing azure service agreement some previews aren't covered by customer Support therefore previews are not recommended for business critical workloads you can access preview services from the azure portal after you sign in you can select create a resource then search for preview you can also launch the service if you'd like to try it out some preview features relate to a specific area

of an existing azure Service for example a compute or database service that you use daily might provide enhanced functionality these preview features are accessible when you deploy configure and manage the service although you can use an azure preview feature in production make sure you're aware of any limitations around its use before you deploy it to production you can provide feedback from the Feedback tab in the azure portal or from the azure portal feedback forum the azure updates page provides information about the latest updates to azure products services and features as well as product roadmaps and

announcements from the azure updates page you can view details about all azure updates subscribe to an rss feed to receive notifications search for updates by keyword see which updates are in general Availability preview or development browse updates by product category or update type and access the microsoft connect page to read azure product news and announcements using the azure updates page is an easy way to stay on top of the latest information nsla is the formal agreement between a service company and the customer for azure this agreement defines the Performance standards that microsoft commits to for

its customers the tailwind traders team is working on quite a variety of projects in addition to its main website the team is adding a mapping feature to its special orders application so that it can calculate routes between suppliers and retail stores the team is also exploring how severe weather tracking can improve its drone guidance system as requirements evolve it's important For the team to understand how the sla for each service it chooses affects the overall performance guarantees of its applications for example the main website must be available as close to 100 of the time as

possible to accomplish that tailwind traders might deploy extra instances of the same virtual machine across different availability zones in the same azure region doing so helps ensure that if one zone Is affected virtual machine instances in the other zone can pick up the load the special orders application might have more flexible tolerances as long as retail employees don't lose data and can quickly regain network access the special orders application might have a lower sla here the team can choose to include less redundancy in its design when defining your sla requirements be sure to consider both

your business Needs and the time it takes to restore a component after a failure also consider how the use of preview services and preview features might affect your systems in production as a next step create a sketch or diagram for an application that you plan to migrate to the cloud include each azure service that you plan to use use the documented service level agreements to find out the sla for each azure service involved then compute the Composite sla for your application does the composite sla meet your requirements if not what can you do to improve

it you have now completed three courses in this program intended to prepare you for the microsoft certified az900 azure fundamentals exam introduction to azure core concepts and services azure management tools and security solutions and azure services and life Cycles at this stage you should have foundational knowledge of cloud services and how those services are provided with microsoft azure you are almost ready to take the exam to prove your knowledge of cloud concepts azure services as your workloads security and privacy and azure as well as azure pricing and support each course you have taken has taught

you the core concepts and skills that are measured by the exam In the next course you will get an opportunity to recap on all the content you have covered and test your knowledge in a series of practice exams by the end of this program you will be ready to take and sign up for the az900 exam microsoft certifications give you a professional advantage by providing globally recognized and industry endorsed evidence of mastering skills in digital and cloud businesses When you are az900 certified there are many different paths that you can follow the az900 certification is

the entry level for any other azure certification it is the starting point to the associate level and to the engineer and expert level certificates depending on your interests you can build on what you have learned by pursuing certification at associate level in many different areas associate level certifications usually Require around two years of working experience with the products they cover it'll be helpful that you have already earned a fundamental certification before trying for the associate level credentials but it's not mandatory at the moment there are a wide range of associate level azure certifications on offer

each certification is aligned to an azure career so if you want to be a developer an administrator a data scientist or an ai engineer you're on The right path in the next course you will be preparing for the az 900 microsoft azure fundamentals exam you will find information about the microsoft certification program the topics covered in the exam and also get access to study materials and practice exams make sure to cover the reading on what to expect next congratulations you have now completed the azure Services and life cycles course now you're one step away from

completing the program let's get some practice preparing for the az 900 exam so you can further your career in microsoft azure hello and welcome to the final course in this program preparing for the az900 microsoft azure fundamentals exam the focus of this course is exam preparation here you have access to practice exams that will help prepare you for the microsoft az 900 certification exam You'll also have access to resources that will help you to prepare for taking the exam online which is a proctored exam you will also enhance your study techniques and learn how to

develop successful exam strategies by now you may have already started thinking about learning and development or your career goals or ask yourself what next in this course you will have an opportunity to explore some further Certifications that can help your learning and development strategy and assist you in preparing for your chosen career path the practice exams in this course are designed primarily to help you assess your knowledge and application of the key concepts covered in the az900 microsoft certified azure fundamentals exam you'll have an opportunity to recap key topics and take a practice exam for

each of the three courses covered in this program In this course for a module to be considered complete you must successfully complete the practice exam only then can you progress to the next module module two covers the key concepts presented in course one introduction to azure core concepts and services module three covers the key concepts presented in course two azure management tools and security solutions and module four covers the key concepts presented in course three azure services And life cycles through the practice exams you'll revisit the topics and key concepts covered in this program these

topics are mapped to six domain areas in the az 900 microsoft certified azure fundamentals exam and include cloud concepts core azure services core solutions and management tools on azure general security and network security Features identity governance privacy and compliance features and azure cost management and service level agreements the final practice exam in module 5 incorporates the key concepts covered in this program and is mapped to the six domain areas that we've reviewed earlier by taking the practice exams you'll be able to measure your readiness to take the microsoft az 900 azure fundamentals proctored exam Once

you've successfully completed a course and graded quiz you will be awarded a coursera certificate if everything goes well you will also receive a certificate at the end of this program after you've successfully completed all the courses on coursera you'll be ready to take the exam good luck with your preparation hi and welcome to this module certification and exam preparation No matter your experience level you can advance your career and demonstrate your achievements through industry recognized microsoft certifications there can be many reasons to pursue a microsoft certification microsoft certifications are among the most highly regarded certifications

in the it industry in this module you'll explore several microsoft certification pathways that will help to develop your career there are multiple certification options To choose from that will help you achieve personal success you'll also get to work through strategies and techniques that you can use to successfully prepare for a proctored exam including how the proctored exam is administered testing strategies access to study materials and hints and tips for the exam after completing it you will be able to identify the opportunities available for Your future development and microsoft certification and identify study techniques and strategies

required to prepare for a proctored exam in the next modules you'll get an opportunity to recap on all the content you have covered and test your knowledge in a series of practice exams the world is changing rapidly and you must be ready to meet the challenges of today's economy the skills required for jobs are constantly evolving employment Criteria has changed from what was needed even just a few years ago to be successful it's important to keep growing your skill set experience and abilities in this video you'll explore jobs and careers in cloud computing the demand

for certified cloud computing professionals is increasing rapidly the shortage of qualified professionals in this field presents a golden opportunity for you and your future Career a strong foundation of knowledge through learning and certifications can prepare you for developing a career in cloud computing in this video we focus on three of the growing professions in cloud computing cloud system administrators data analysts and ai engineers these jobs require a range of skills and experience that can cater to the increasingly expanding market let's dive right in and Find out more is this the job for you as a

cloud systems administrator you will have to deploy configure implement and manage the systems that make up the underlying technical platform you will also assist in setting up public or private cloud systems and support and maintain the virtual systems as an administrator you often serve as part of a larger team dedicated to implementing an organization's cloud infrastructure typically a cloud Administrator's responsibility can range from provisioning systems and services to managing and securing the cloud infrastructure cloud systems administrators often work their way up from a junior cloud systems administrator role perhaps even starting in a help desk

role getting certified can help you to become a cloud system administrator next let's take a look at the role of an ai engineer and how that fits into cloud computing ai is driving Massive technical innovation across all aspects of life from disease diagnosis to self-driving cars this has led to an increased demand for ai experts organizations all over the world are gearing up for a future powered by ai and they're looking for engineers who can create ai enabled apps and bots to help improve customer service drive cost savings accelerate decision making and build agility and

resilience with this new breed of digital technologies does This sound like you responsibilities for this role include analyzing requirements for ai solutions recommending the appropriate tools and technologies and designing and implementing ai solutions that meet scalability and performance requirements ai engineers translate the vision from solution architects and work with data scientists data engineers iot specialists and software developers to build complete end-to-end solutions To be an ai engineer completing a certification course in data science machine learning or artificial intelligence is highly recommended getting az900 certified can be the start of this journey now let's find out

more about data analysts data analysts collect process and perform statistical analysis on large data sets the data analyst also identifies and interprets trends or patterns in complex Data sets data analysts provide important information to key stakeholders to help solve problems or identify areas for improvement is analytics one of your career goals as a subject matter expert data analysts are responsible for designing and building scalable data models cleansing and transforming data and enabling advanced analytic capabilities that provide meaningful business value through easy to comprehend data Visualizations as in most fields of i.t the road towards becoming

a data analyst can be a long one and requires a lot of hard work but the rewards are good for those who stay the course aspiring data analysts are usually mathematically and analytically inclined and have a background in statistics economics or computer science as well as expertise in using analysis tools there are many jobs and career paths That you can follow it's important to stay ahead of the technology learning curve and keep an eye on relevant training and certifications that could advance your career in cloud computing please remember to access the additional resources to continue

exploring the exciting world of cloud computing hi and welcome to this lesson on preparing for the az900 exam that you can take online from the comfort of your home or office in this lesson we will Take you through the essential readings how to prepare for the az900 examination and the topics covered in the exam you will also gain a better understanding about how the exam is administered and the techniques you can use that will help you to pass the exam and obtain your certification we will guide you through the implementation of an appropriate exam strategy

focusing on preparation and exam technique and we will also provide You with some tips and tricks that can help in your preparation you can take the az900 or any microsoft role-based or fundamentals exam with pearson vue in person at an authorized test center or online at your home or office while being monitored by an off-site proctor whether you take the exam at a test center or online you will need to complete a check-in process which involves id verification face matching and a live greeter Let's take a closer look at the onview online proctoring which allows

you to take your certification exam securely from your home or office a proctored exam is a monitored exam where the proctor or supervisor monitors the student during the examination process proctored exams usually have a time limit during this time you are monitored by a person via proctoring software that has access to your computer's desktop Webcam video and audio there are a few requirements that you need to fulfill before you can take a proctored exam at home with pearson vue firstly you must have a functioning home computer with the webcam and strong internet connection you will

need to run a system check to test the compatibility of the onview application you need to have a space ideally a room that is free from noise or distractions such as roommates and Pets finally you will need to make sure that the room or space is free of any preparation materials or unauthorized items in order to avoid exam violations outlined in the microsoft certification program agreement on the microsoft side you will need to make sure that you have your microsoft certification profile with your cell phone number including country code in case pearson vue needs to

contact you during the exam at the start of your exam you must read And agree to the nda and general terms of use for microsoft certification exams let's take a brief look at the exam format now you can expect between 40 to 60 questions and the microsoft az 900 exam there are many different types of exam question formats these include case study multiple choice short answers and more we will review all of these question types later in this lesson a successful exam with a good grade is An achievable goal if you are well prepared and

practice some basic strategies as with all exams different assessments may require different strategies here we will discuss the main strategy that you should employ in order to maximize your chances of passing the az900 exam one of the best preparations that you can make is to take a practice test before the exam this way you can monitor your progress and identify the areas that Might require a little more study or attention throughout this program you have taken practice ungraded and graded quizzes these are specifically designed to help you monitor your progress while preparing you for the

real exam later in this course you will take three practice exams where each one will focus on the topics and key concepts covered in the previous three courses each practice exam content is associated With an individual course for example practice exam 1 to course content 1 and so on the exams must be taken in sequential order meaning that you will have to complete them in order 1 2 and 3. you will only be able to move on to the next exam once you have passed the previous one remember that you can go back over any

lesson at any time for revision once you have successfully completed the practice exams it's time to turn your attention To the real exam a good exam strategy for the az 900 exam can be summarized with the checklist of what to do on the test day when the test day arrives it's recommended that you do the following be well rested and eat a meal or snack try not to drink too much water as to not need to go to the bathroom during the exam give yourself enough time to get set up the last thing you want

is to feel hurried or be late for the exam bring the appropriate identification With you if you are not sure check the official documentation from microsoft and pearson vue the az 900 is a closed book exam meaning that you cannot bring any study or exam materials into the examination with you for a full list please see the microsoft program agreement make sure that you read all test instructions and candidate rules thoroughly and finally take your time read the exam questions carefully if Possible try to leave some time at the end to check back over your

answers to protect exam security microsoft does not specify exam formats or question types before the exam microsoft continually introduces innovative testing technologies and question types and reserves the right to incorporate either into exams at any time without advance notice to get a feel for what you might see on an exam we encourage you to review some possible exam formats and Question types from the microsoft documentation the exam may contain any of the following question types active screen best answer build list case studies drag and drop hot area multiple choice repeated answer choices short answer labs

mark review and review screen when it comes to answering the exam questions here are some strategies keep calm and read the question in its entirety before checking the answer options Students often choose the wrong option because they have misread the question if there are multiple answer options try to eliminate answers you know are a hundred percent incorrect by using this process of elimination you can cross out all the incorrect answers this visual tool will help you focus on the remaining answers and this will help you find the right answer if you are unsure between one

or more possible answers try to find the best Answer to the question being asked this may not always be the answer that seems most correct in isolation make sure to read every answer option before choosing a final answer a common mistake that students make is to rush and pick the first answer that sounds right without reading all of the available options if you're having difficulty with the question move on and come back after you have answered all the questions you know Remember to play the percentage game try not to spend too much time on only

one question which could leave you short on time for the rest you want to make sure you have enough time to attempt all questions try to leave some time to review your answers depending on the question format you may not be able to change your answer but for those you can you want to make sure that you have answered them correctly During this review you may be tempted to second guess yourself at times and change your answer while this can work in certain circumstances it can be counterproductive be careful and try to trust your instincts

once again be aware that depending on the question format some answers cannot be changed the az900 does not apply negative marking meaning that you will not be penalized for making an incorrect guess If you are unsure of a question try make the best educated guess that you can try to apply your existing as your logic from what you know and pick the best possible answer be aware that some questions will apply partial marking as there may be more than one correct answer required remember a successful blend of preparation test strategy and exam technique will help

you maximize your chances of obtaining certification good luck in this part we explore some Tips and tricks in order to make sure that your proctored exam runs as smoothly as possible prior to registering for and purchasing your exam complete the required system test on the same computer and in the same location you will test from online exams can be disrupted by proxy servers network packet inspection or filtering or strict network security configurations as a result make sure that the windows user account logged in To the delivery workstation has local administrative permissions some anti-virus software can

cause performance issues please disable anti-virus scanning while taking your exam you may need to ensure that your security software does not block the execution of required software scripts if possible take your exam on a personal computer rather than a work computer because work computers could have Software installed that will prevent the on-view software from launching also if possible use a desktop computer rather than a laptop computer you may need to configure your internet security and anti-virus software to make an exception for the pearson secure browser executable file finally when taking an online proctored exam use

a hard-wired internet connection if this is not possible use wi-fi do not tether to a mobile hotspot As this is explicitly prohibited for more information or troubleshooting we recommend that you read the network administrator level troubleshooting requirements located on the pearson vue website hello again and welcome to module 2 practice exam 1. by now you should have a good understanding of the microsoft certification program and how to prepare for the az900 exam In this module you will have an opportunity to recap key topics and take a practice exam on course one introduction to azure core

concepts and services with that in mind by the end of this lesson you will have reviewed key concepts and taken a practice exam on the topics covered in course one you have almost completed this azure fundamental series of courses by now you should have a grasp of the basic cloud concepts a streamlined overview of many Azure services and hands-on experience deploying your very first services for free first you looked at the basics of cloud computing and azure and how to get started with azure subscriptions and accounts you examine the advantages of using cloud computing services

and learn how to differentiate between the categories and types of cloud computing you also learned about several of the database services that are available on microsoft Azure such as azure cosmos db azure sql database azure sql managed instance azure database for mysql and azure database for postgresql in addition you looked at several of the big data and analysis services in azure you learn how to take advantage of several virtualization services in azure compute which can help your application scale out quickly and efficiently to meet increasing demands you saw some of the different storage options that

are Available in azure storage services you learned about azure blob storage azure disk storage azure files and blob access tiers you also covered several of the core networking resources that are available in azure you learned about azure virtual network which you can configure into a customized network environment that meets your needs and how you can use azure vpn gateway and azure express route to create secure communication tunnels between your Company's different locations by now you should be able to understand the benefits of cloud computing in azure and how it can save you time and money

explain cloud concepts such as high availability scalability elasticity agility and disaster recovery describe core as your architecture components such as subscriptions management groups resources and resource groups summarize geographic distribution Concepts such as azure regions region pairs and availability zones your next step is to take the practice exam that covers these topics hi and welcome to module 3 practice exam 2. in this module you will have an opportunity to recap key topics and take a practice exam on the contents of course too azure management tools and security solutions in course two you learn about ai services

and solutions monitoring and Managing in azure azure serverless technology the internet of things and general security and network security in azure in the azure management tools and security solutions course you are introduced to a wide array of tools and services for microsoft azure you examined the features of these tools and services and were asked to help choose the best one for a given business scenario artificial intelligence or ai is a category of computing that adapts And improves its decision-making ability over time based on its successes and failures microsoft azure provides several ai solutions to choose

from each one depending on the problem you're trying to solve you identified a few product options and their capabilities including azure bot service azure cognitive services and azure machine learning you also analyze certain decision criteria to help you choose one option over Another depending on the scenario you identified various product options and capabilities that help developers and operations engineers build modern solutions for both the cloud and on-premises these included azure devops services github including github actions and azure devtest labs you analyze the criteria for choosing one option over another for each scenario then you apply

those criteria to three separate Challenges at tailwind traders helping the team determine the best service option for the scenarios devops practices and processes have changed the software development landscape helping to accelerate software development and improve the deployability and quality of software systems as you have seen microsoft offers a wealth of tools that can help organizations implement devops practices experience better collaboration among Technical teams and achieve more consistent results from those teams azure monitoring services provide a comprehensive array of features that can give your it organization insight into the health and performance of its cloud-based applications

you identified three monitoring services and their capabilities azure advisor azure monitor and azure service health we analyze decision criteria for Choosing one option over another for certain scenarios next you examine azure server-less technologies and chose the right service for your business scenario when the company needs to build a solution that pulls code logic from an existing c-sharp windows service you helped it choose azure functions and when the company needed to orchestrate a workflow to improve customer retention after a negative Shopping experience you helped to choose azure logic apps iot is an exciting evolution in computing

that bridges the physical and digital worlds you learned how azure iot services provide a significant amount of functionality for organizations that want to build device driven and sensor driven solutions using iot you can capture telemetry data from appliances and combine it with some Machine learning to predict future maintenance and create a significant value-added service for customers by using azure iot hub and how you can use azure iot central and the connected logistics starter template to implement a complete real-time logistics system to track deliveries and finally you looked at designing and building a secure modern point-of-sale

self-checkout terminal by using azure sphere Azure provides tools and services that can help you detect and act on important security events it also provides ways to help keep your data safe which can prevent security incidents from happening to begin with azure security center provides visibility of your security posture across all of your services both in the cloud and on-premises azure sentinel aggregates security data from many different sources and provides Additional capabilities for threat detection and response azure key vault stores your application secrets such as passwords encryption keys and certificates in a single central location azure

dedicated host provides dedicated physical servers to host your azure vms for windows and linux you learned about the azure services you can use to help ensure that your network is safe secure and trusted Defense and depth is the overriding theme when we consider security think about security as a multiple layer multiple vector concern threats come from places we don't expect and they can come with surprising strength azure firewall is a managed cloud-based network security service that helps protect resources and azure virtual networks an azure virtual network is similar to a traditional network that you'd operate

In your own data center a network security group nsg enables you to filter network traffic to and from azure resources within a virtual network azure ddos protection helps protect azure resources from ddos attacks at this point you should be able to describe the core solutions and management tools on azure you should also be able to describe the general security and network security services you can use to protect against threats On azure take the practice exam and test your knowledge hello and welcome to module 4 practice exam 3. by now you should have a good understanding

of the microsoft certification program and how to prepare for the az 900 exam in this module you will have an opportunity to recap key topics and take a practice exam on course 3 azure services and life cycles with that in mind by the end of this Lesson you will have reviewed key concepts and taken a practice exam on the topics covered in course 3. in the azure services and life cycles course you looked at how azure can help you secure access to cloud resources what it means to build a cloud governance strategy and how azure

adheres to common regulatory and compliance standards you also learned about the factors that influence cost tools you can use to help Estimate and manage your cloud spend and how azure service level agreements can impact your application design decisions first you examine the difference between authentication and authorization and learned how azure active directory provides identity and access management you saw how single sign-on multi-factor authentication and conditional access enable your users to securely access resources and applications from your intranet and from public networks Identity has become the new primary security boundary accurately proving that someone is a

valid user of your system with an appropriate level of access is critical to maintaining control of your data this identity layer is now more often the target of attack than a network is authentication authn establishes the user's identity authorization auth c establishes the level of access that an authenticated user has Single sign-on sso enables a user to sign in one time and use that credential to access multiple resources and applications azure active directory azure ad is a cloud-based identity and access management service azure ad enables an organization to control access to apps and resources based

on its business requirements azure ad multi-factor authentication provides additional security for Identities by requiring two or more elements to fully authenticate in general multi-factor authentication can include something the user knows something the user has and something the user is conditional access is a tool that azure ad uses to allow or deny access to resources based on identity signals such as the user's location with these ideas in place the organization can begin to integrate and improve their existing Solutions including multi-factor authentication and single sign-on then you learned how access policies resource locks and tags as well

as azure services such as azure policy and azure blueprints can help you build a comprehensive cloud governance strategy cloud governance requires good analysis and requirement gathering luckily the cloud adoption framework for azure can help you define and implement your governance strategy There are several services and features in azure to support these efforts azure role-based access control azure rbac enables you to create roles that define access permissions resource locks prevent resources from being accidentally deleted or changed resource tags provide extra information or metadata about your resources azure policy is a service in azure that enables you

to create assign and manage policies that control or audit resources Azure blueprints enables you to define repeatable set of governance tools and standard azure resources that your organization requires with these points in mind you're ready to take the next step towards building a good cloud governance strategy next you learned about microsoft's approach to privacy security and compliance you explored resources specific to online services including azure and how Governments can use azure to meet their specific security and compliance needs the microsoft privacy statement provides trust in how microsoft collects protects and uses customer data the trust

center provides you with documentation about compliance standards and how azure can support your business the azure compliance documentation includes detailed information about legal and regulatory standards and compliance on azure Migration to cloud presents new ways to think about your i.t expenses the cloud also removes the burden of supporting i.t infrastructure you learned about the factors that influence costs and tools you can use to help estimate and manage your cloud spend use the total cost of ownership calculator to estimate the cost savings of operating solutions on azure instead of in its on-premises data center From there

you use the pricing calculator to get a more detailed estimate for running a typical workload on azure you also examine how you can use a range of measures to keep the costs down finally you learned about service level agreements in azure and how they can affect your application design decisions you saw how to access preview services and learn how they affect your planning a service level agreement is the formal Agreement between a service company and the customer for azure this agreement defines the performance standards that microsoft commits to for its customers when defining your sla

requirements you should consider both your business needs and the time it takes to restore a component after a failure also consider how the use of preview services and preview features might affect your systems in production By now you should be able to secure access to cloud resources understand what it means to build a cloud governance strategy describe how azure adheres to common regulatory and compliance standards understand the factors that influence cloud costs describe tools you can use to help estimate and manage your cloud spend and explain how azure service level agreements can impact your application

design decisions Hi you're now almost finished this microsoft az 900 azure fundamentals program in this module you will briefly review the weights of core concepts in the exam and take a full practice exam you will also look at some specific information about how learners who have been unemployed or furloughed due to covet 19 can secure an industry recognized microsoft certification at a discounted fee Finally you will get another chance to look at the detailed instructions on how to sign up for the microsoft certification exam first let's have a quick recap on the weightings of the

topics covered in the exam keep in mind that the exam requires you to demonstrate high level knowledge of the azure cloud and its various service offerings across the following six domain areas describe cloud concepts describe core Azure services describe core solutions and management tools on azure describe general security and network security features describe identity governance privacy and compliance features and describe azure cost management and service level agreements the percentages for each domain highlight the weighting of that section to the overall exam the higher the percentage the more questions that specific section of the exam will

Contain the next reading in this module links to the complete list of skills measured in the exam now good luck with the full practice exam congratulations you are now ready to take the microsoft azure fundamentals certification exam before you do here is a quick reminder of the certification paths that this will open to you the az900 certification is the entry level for any other azure certification it is the starting point to the associate Level and to the engineer and expert level certificates depending on your interest you can build on what you have learned by pursuing

certification at associate level in many different areas microsoft's associate level certifications usually require around two years of working experience of the products they cover it'll be helpful that you have already earned a fundamental certification before trying for the associate level credentials but It's not mandatory at the moment there are a wide range of associate level azure certifications on offer so if you want to be a developer an administrator a data scientist or an ai engineer you are on the right path your next step is to pass the az900 exam good luck