greenoperator

Analyzing images with the computer vision service

Analyze an image evaluate objects that are detect

Generate human readable phrase or sentence that can describe what image is detected

If multiple phrases are created for an image, each will have an associated confidence score

Image descriptions are based on sets of thousands of recognizable objects used to suggest tags for an image

Tags are associated with the image as metadata and summarizes attributes of the image.

Similar to tagging, but it can identify common objects in the picture.

It draws a bounding box around the object with coordinates on the image.

It can identify commercial brands.

The service has an existing database of thousands of recognized logos

If a brand name is in the image, it returns a score of 0 to 1

Detects where faces are in an image

Draws a bounding box

Facial analysis capabilities exist because of the Face Service

It can detect age, mood, attributes, etc.

Currently limited set of categories.

Objects detected are compared to existing categories and it uses the best fit category

86 categories exist in the list

Celebrities

Landmarks

It can read printed and hand written content.

Detect image types - line drawing vs photo

Detect image color schemes - identify the dominant foreground color vs overall colors in an image

Genrate thumbnails

Moderate content - detect images with adult content, violent or gory scenes

Classify images with the Custom Vision Service

Image classification is a technique where the object in an image is being classified

You need data that consists of features and labels

Digital images are made up of an array of pixel values. These are used as features to train the model based on known image classes

Most modern image classification solutions are based on deep learning techniques.

They use Convolutional neural Networks (CNNS) to uncover patterns in the pixels to a particular class.

Model Training

To train a model you must upload images to a training resource and label them with class labels

Custom Vision Portal is the application where the training occurs in

Additionally it can use Custom Vision service programming languages-specific SDKs

Model Evaluation

Precision - percentage of the class predictions made by the model that are correct

Recall - percentage of the class predictions the model identified correctly

Average Precision - Overall metric using precision and recall

Detect objects in images with the Custom Vision service

The class of each object identified

The probability score of the object classification

The coordinates of a bounding box of each object.

Requires training the object detection model, you must tag the classes and bounding box coordinates in a training set of images

This can be time consuming, but the Custom Vision portal makes this straightforward

The portal will suggest areas of the image where discrete objects are detected and you can add a class label

It also has Smart Tagging, where it suggests classes and bounding boxes to use for training

Precision - percentage of the class predictions made by the model that are correct

Recall - percentage of the class predictions the model identified correctly

Mean Average Precision (mAP) - Overall metric using precision and recall across all classes

Detect and analyze faces with the Face Service

Involves identifying regions of an image that contain a human face

It returns a bounding box that form a rectangle around the face

Moving beyond face detection, some algorithms return other information like facial landmarks (nose, eyes, eyebrows, lips, etc)

Facial landmarks can be used as features to train a model.

Another application of facial analysis. Used to train ML models to identify known individuals from their facial features.

More generally known as facial recognition

Requires multiple images of the person you want to recognize

Security - to build security applications and is used more and more no mobile devices

Social Media - use to automatically tag people and friends in photos.

Intelligent Monitoring - to monitor a persons face, for example when they are driving to determine where they are looking

Advertising - analyze faces in an image to direct advertisements to an appropriate demographic audience

Missing persons - use public camera systems with facial recognition to identify if a person is a missing person

Identity validation - use at port of entry kiosks to allow access/special entry permit

Blur - how blurry the face is

Exposure - aspects such as underexposed or over exposed and applies to the face in the image not overall image exposure

Glasses - if the person has glasses on

Head pose - face orientation in 3d space

Noise - visual noise in the image.

Occlusion - determines if any objects cover the face

Read text with the Computer Vision service

Submit an image to the API and get an operation ID

Use the operation ID to check status

When it’s completed get the result.

Pages - one for each page of text and orientation and page size

Lines - the lines of text on a page

Words - the words in a line of text including a bounding box and the text itself

Analyze receipts with the Form recognizer service

Matching field names to values

Processing tables of data

Identifying specific types of field, such as date, telephone number, addresses, totals, and other

Images must be JPEG, PNG, BMP, PDF, TIFF

File size < 50 MB

Image size between 50x50 pixels and 10000x10000 pixels

PDF documents no larger than 17 inches x 17 inches

You can train it with your own data

It just requires 5 samples to train it

Microsoft Azure AI Fundamentals: Explore decision support

Monitoring blood pressure

Evaluating mean tie between failures for hardware products

Part of the decision services category

Can be used with REST API

Sensitivity parameter is from 1 to 99

Anomalies are values outside expected values or ranges of values

The sensitivity boundary can be configured when making the API call

It uses a boundary, set as a sensitivity value, to create the upper and lower boundaries for anomaly detection

Calculated using concepts known as expectedValue, upperMargin, lowerMargin

If a value exceeds either boundary, then it is an anomaly

upperBoundary = expectedValue + (100-marginScale) * upperMargin

The service accepts data in JSON format.

It supports a maximum of 8640 data points. Break this down into smaller requests to improve the performance.

When to use Anomaly Detector

Process the algorithm against an entire set of data at one time

It creates a model based on your complete data set and the finds anomalies

Uses streaming data by comparing previously seen dat points to the last datapoint to determine if your latest one is an anomaly.

Model is created using the data points you send and determines if the current point is an anomaly.

Microsoft Azure AI Fundamentals: Explore natural language processing

Analyze Text with the Language Service

Used to describe solutions that involve extracting information from large volumes of unstructured data.

Analyzing text is a process to evaluate different aspects of a document or phrase, to gain insights about that text.

Text Analytics Techniques

Interpret words like “power”, “powered”, and “powerful” as the same word.

Convert to tree like structures (Noun phrases)

Often used for sentiment analysis

Determine the language of a document or text

Perform sentiment analysis (positive or negative)

Extract key phrases from text to indicate key talking points

Identify and categorize entities (places, people, organizations, etc)

Get started with Text analysis

Language name

ISO 6391 language code

Score as a level of confidence n the language returned.

Evaluates text to return a sentiment score and labels for each sentence

Useful for detecting positive or negative sentiment

Classification is between 0 to 1 with 1 being most positive

A score of 0.5 is indeterminate sentiment.

The phrase doesn’t have sufficient information to determine the sentiment.

Mixing language content with the language you tell it will return 0.5 also

Key Phrase extraction

Used to determine the main talking points of a text or a document

Depending on the volume this can take longer, so you can use the key phrase extraction capabilities of the Language Service to summarize main points.

Key phrase extraction can provide context about the document or text

Entity Recognition

Person

Location

OrganizationQuantity

DateTime

URL

Email

US-based phone number

IP address

Recognize and Synthesize Speech

Acoustic model - converts audio signal to phonemes (representation of specific sounds)

Language model - maps the phonemes to words using a statistical algorithm to predict the most probably sequence of words based on the phonemes

ability to generate spoken output

Usually converting text to speech

This process tokenizes the set to break it down into individual words, assign phonetic sounds to each word

It then breaks the phonetic transcription to prosodic units to create phonemes for the audio

Get started with speech on Azure

Use this for demos, presentations, or scenarios where a person is speaking

In real time it can translate to many lunges as it processes

Audio files with Shared access signature (SAS) URI can be used and results are received asynchronously.

Jobs will start executing within minutes, but no estimate is provided for when the job changes to running state

Used to convert text to speech

Voices can be selected that will vocalize the text

Custom voices can be developed

Voices are trained using neural networks to overcome limitations in speech synthesis with regards to intonation.

Translate Text and Speech

Where each word is translated to the corresponding word in the target language

This approach has issues. For example, a direct word to word translation may not exist or the literal translation may not be the correct meaning of the phrase

Machine learning has to also understand the semantic context of the translation.

This provides more accurate translation of the input phrase or phrases

Grammar, formal versus informal, colloquialism all need to be considered

Text and speech translation

Profanity filtering - remove or do not translate profamity

Selective translation - tag content that isn’t to be translated (brand names, code names, etc)

Speech to text - transcribe speech from an audio source to text format.

Text to speech - used to generate spoken audio from a text source

Speech translation - translate speech in one language to text or speech in another

Create a language model with Conversational language Understanding

A None intent exists.

This should be used when no intent has been identified and should provide a message to a user.

Getting started with Conversational Language Understanding

Authoring the model - Defining entities, intents, and utterances to use to train the model

Entity Prediction - using the model after it is published.

Define intents based on actions a user would want to perform

Each intent should include a variety of utterances as examples of how a user may express the intent

If the intent can be applied to multiple entities, include sample utterances for each potential entity.

Machine-Learned - learned by the model during training from context in the sample utterances you provide

List - Defined as a hierarchy of lists and sublists

RegEx - regular expression patterns

Pattern.any - entities used with patterns to define complex entities that may be hard to extract from sample utterances

After intents and entities are created you train the model.

Training is the process of using your sample utterances to teach the model to match natural language expressions that a user may say to probable intents and entities.

Training and testing are iterative processes

If the model does not match correctly, you create more utterances, retrain, and test.

When results are satisfactory, you can publish the model.

Client applications can use the model by using and endpoint for the prediction resource

Build a bot with the Language Service and Azure Bot Service

Knowledge base of question and answer pairs. Usually some built-in natural language processing model to enable questions and can understand the semantic meaning

Bot service - to provide an interface to the knowledge base through one or more channels

Microsoft Azure AI Fundamentals: Explore knowledge mining

Used to describe solutions that involve extracting information from large volumes of unstructured data.

It has a services in Cognitive services to create a user-managed index.

The index can b meant for internal use only or shared with the public.

It can use other Cognitive Services capabilities to extract the information

What is Azure Cognitive Search?

Provides a programmable search engine build on Apache Lucene

Highly available platform with 99.9% uptime SLA for cloud and on-premise assets

Data from any source - accepts data form any source provided in JSON format with auto crawling support for selected data sources in Azure

Full text search and analysis - Offers full text search capabilities supporting both simple query and full Lucene query syntax

AI Powered search - has Cognitive AI capabilities built in for image and text analysis from raw content

Multi-lingual - offers linguistic analysis for 56 langues

Geo-enabled - supports geo-search filtered based on proximity to a physical location

Configurable user experience - it includes capabilities to improve the user experience (autocomplete, autosuggest, pagination, hit highlighting, etc)

Identify elements of a search solution

Folders with files,

Text in a database

Etc

Use a skillset to Define an enrichment pipeline

Key Phrase Extraction - uses a pre-trained model to detect important phrases based on term placement, linguistic rules, proximity to terms

Text Translation - pre-trained model to translate the input text into various languages for normalization or localization use cases

Image Analysis Skills - uses an image detection algorithm to identify the content of an image an generate a text description

Optical Character Recognition Skills - extract printed or handwritten text from images, photos, videos

Understand indexes

Index schema - index includes a definition of the structure of the data in the documents to read.

Index attributes - Each field in a document the index stores its name, the data type, supported behaviors (searchable, sortable, etc)

Best indexes use only the features that are required/needed

Use an indexer to build an index

Push method - JSON data is pushed into a search index via a REST API or a .NET SDK. Most flexible and with least restrictions

Pull method - Search service indexer pulls from popular Azure data sources and if necessary exports the Tinto JSON if its not already in that format

Use the pull method to load data with an indexer

Azure Cognitive search’s indexer is a crawler that extracts searchable text and metadata form an external Azure data source an populates a search index using field-to-field mapping between the data and the index.

Data import monitoring and verification

Indexers only import new or updated documents. It is normal to see zero documents indexed

Health information is displayed in a dashboard.

You can monitor the progress of the indexing

Making changes to an index

You need to drop and recreate indexes if you need to make changes to the field definitions

An approach to update your index without impacting your users is to create a new index with a new name

After importing data, switch to the new index.

Persist enriched data in a knowledge store

A knowledge store is persistent storage of enriched content.

Azure Machine Learning Studio

You can use the workspace to develop solutions with the Azure ML service on the web portal or with developer tools

Web portal for ML solutions in Sure

Capabilities for preparing data, training models, publishing and monitoring a service.

First step assign a workspace to a studio.

Compute targets are cloud-based resources which can run model training and data exploration processes

Compute Instances - Development workstations that data scientists can use to work with data and models

Compute Clusters - Scalable clusters of VMs for on demand processing of experiment code

Inference Clusters - Deployment targets for predictive services that use your trained models

Attached Compute - Links to existing Azure compute resources like VMs or Azure data brick clusters

What is Azure Automated Machine Learning

Jobs have multiple settings

Provide information needed to specify your training scripts, compute target and Azure ML environment and run a training job

Understand the AutoML Process

ML model must be trained with existing data

Data scientists spend lots of time pre-processing and selecting data

This is time consuming and often makes inefficient use of expensive compute hardware

In Azure ML data for model training and other operations are encapsulated in a data set.

You create your own dataset.

Classification (predicting categories or classes)

Regression (predicting numeric values)

Time series forecasting (predicting numeric values at a future point in time)

After part of the data is used to train a model, then the rest of the data is used to iteratively test or cross validate the model

The metric is calculated by comparing the actual known label or value with the predicted one

Difference between the actual known and predicted is known as residuals; they indicate amount of error in the model.

Root Mean Squared Error (RMSE) is a performance metric. The smaller the value, the more accurate the model’s prediction is

Normalized root mean squared error (NRMSE) standardizes the metric to be used between models which have different scales.

Shows the frequency of residual value ranges.

Residuals represents variance between predicted and true values that can’t be explained by the model, errors

Most frequently occurring residual values (errors) should be clustered around zero.

You want small errors with fewer errors at the extreme ends of the sale

Should show a diagonal trend where the predicted value correlates closely with the true value

Dotted line shows a perfect model’s performance

The closer to the line of your model’s average predicted value to the dotted, the better.

Services can be deployed as an Azure Container Instance (ACI) or to a Azure Kubernetes Service (AKS) cluster

For production AKS is recommended.

Identify regression machine learning scenarios

Regression is a form of ML

Understands the relationships between variables to predict a desired outcome

Predicts a numeric label or outcome base on variables (features)

Regression is an example of supervised ML

What is Azure Machine Learning designer

Allow you to organize, manage, and reuse complex ML workflows across projects and users

Pipelines start with the dataset you want to use to train the model

Each time you run a pipelines, the context(history) is stored as a pipeline job

Encapsulates one step in a machine learning pipeline.

Like a function in programming

In a pipeline project, you access data assets and components from the Asset Library tab

You can create data assets on the data tab from local files, web files, open at a sets, and a datastore

Data assets appear in the Asset Library

Azure ML job executes a task against a specified compute  target.

Jobs allow systematic tracking of your ML experiments and workflows.

Understand steps for regression

To train a regression model, your data set needs to include historic features and known label values.

Use the designer’s Score Model component to generate the predicted class label value

Connect all the components that will run in the experiment

Average difference between predicted and true values

It is based on the same unit as the label

The lower the value is the better the model is predicting

The square root of the mean squared difference between predicted and true values

Metric based on the same unit as the label.

A larger difference indicates greater variance in the individual  label errors

Relative metric between 0 and 1 on the square based on the square of the differences between predicted and true values

Closer to 0 means the better the model is performing.

Since the value is relative, it can compare different models with different label units

Relative metric between 0 and 1 on the square based on the absolute of the differences between predicted and true values

Closer to 0 means the better the model is performing.

Can be used to compare models where the labels are in different units

Also known as R-squared

Summarizes how much variance exists between predicted and true values

Closer to 1 means the model is performing better

Remove training components form your data and replace it with a web service inputs and outputs to handle the web requests

It does the same data transformations as the first pipeline for new data

It then uses trained model to infer/predict label values based on the features.

Create a classification model with Azure ML designer

Classification is a form of ML used to predict which category an item belongs to

Like regression this is a supervised ML technique.

Understand steps for classification

True Positive - Model predicts the label and the label is correct

False Positive - Model predicts wrong label and the data has the label

False Negative - Model predicts the wrong label, and the data does have the label

True Negative - Model predicts the label correctly and the data has the label

For multi-class classification, same approach is used. A model with 3 possible results would have a 3x3 matrix.

Diagonal lien of cells were the predicted and actual labels match

Number of cases classified as positive that are actually positive

True positives divided by (true positives + false positives)

Fraction of positive cases correctly identified

Number of true positives divided by (true positives + false negatives)

Overall metric that essentially combines precision and recall

Classification models predict probability for each possible class

For binary classification models, the probability is between 0 and 1

Setting the threshold can define when a value is interpreted as 0 or 1.  If its set to 0.5 then 0.5-1.0 is 1 and 0.0-0.4 is 0

Recall also known as True Positive Rate

Has a corresponding False Positive Rate

Plotting these two metrics on a graph for all values between 0 and 1 provides information.

Receiver Operating Characteristic (ROC) is the curve.

In a perfect model, this curve would be high to the top left

Area under the curve (AUC).

Remove training components form your data and replace it with a web service inputs and outputs to handle the web requests

It does the same data transformations as the first pipeline for new data

It then uses trained model to infer/predict label values based on the features.

Create a Clustering model with Azure ML designer

Clustering is used to group similar objects together based on features.

Clustering is an example of unsupervised learning, you train a model to just separate items based on their features.

Understanding steps for clustering

Prebuilt components exist that allow you to clean the data, normalize it, join tables and more

Requires a dataset that includes multiple observations of the items you want to cluster

Requires numeric features that can be used to determine similarities between individual cases

Initializing K coordinates as randomly selected points called centroids in an n-dimensional space (n is the number of dimensions in the feature vectors)

Plotting feature vectors as points in the same space and assigns a value how close they are to the closes centroid

Moving the centroids to the middle points allocated to it (mean distance)

Reassigning to the closes centroids after the move

Repeating the last two steps until tone.

Maximum distances between each point and the centroid of that point’s cluster.

If the value is high it can mean that cluster is widely dispersed.

With the Average Distance to Closer Center, we can determine how spread out the cluster is

Remove training components form your data and replace it with a web service inputs and outputs to handle the web requests

It does the same data transformations as the first pipeline for new data

Describe Azure OpenAI

Microsoft partnered with OpenAI to deliver on three main goals

Utilize Azure’s infrastructure, security, compliance, and regional availability to help users build enterprise grade apps

Deploy Open AI model capabilities in Microsoft products (Azure AI included)

Use Azure to power all of OpenAI's workplads

Introduction to Azure OpenAI Service

Pre-trained generative AI models

Customization capabilities; the ability to fine-tune AI models with your own data

Built-in tools to detect and mitigate harmful use cases so users can implement AI responsibly

Enterprise-grade security with RBAC and private networks

Understand Azure OpenAI workloads

Machine learning

Computer vision

Natural Language Processing

Conversational AI

Anomaly detection

Knowledge mining

Text completion - generate and edit text

Embeddings - search, classify, and compare text

Azure OpenAI’s relationship to Azure AI Services

Azure’s Machine Learning Platform

Cognitive Services

Applied AI Services

Vision

Speech

Language

Decision

Azure Open AI Service

How to use Azure OpenAI

GPT4

GPT3

Codex

Embeddings - Special format of data representation that can be easily utilized by machine learning models and algorithms.

DALL-E

Completion - Allow you to see text responses as you type

Chat - use the assistant setup to instruct the model about how it should behave.

Understanding OpenAI’s natural language capabilities

Generative Pre-trained transformer models are excellent at understanding and generating natural language

Azure OpenAI is powered by GPT3.5-turbo and GPT4

Summarizing text

Classifying text

Generating names or phrases

Translation

Answering questions

Suggesting content

Understanding OpenAI code generation capabilities

build unit tests for the code

Summarize functions already written

Explain sql queries or tables

Convert code between languages

GitHub Copilot

OpenAI partnered with GitHub to create copilot

Integrates codex as a plugin into IDE’s like visual studio code

It can suggest how to write or finish a method based on some text you type

Understand OpenAI’s image generation capabilities

Original images generated by providing a text prompt

The more detail in the prompt, the better quality and more desired result

Provided an image, edits can take place based on the user’s request.

It requires uploading the image and selecting a transparent mask to inform the model where to edit.

Prompts are used to describe the edit

This requires uploading an image and then providing how many variations you required

Subjects and backgrounds along with other elements are moved around the image.

Describe Azure OpenAI’s access and responsible AI Policies

Fairness - AI systems shouldn’t make decisions that discriminate against or support bias of a group or individual

Reliability and Safety - AI systems should response safely to new situations and potential manipulation

Privacy and Security - AI systems should be secure and respect data privacy

Inclusiveness - AI systems should empower everyone and engage people

Accountability - People must be accountable for how AI systems operate

Understand Responsible AI (RAI)

AI systems should treat all people fairly

For example RAI with Face service retires facial recognition capabilities that can be use to stereotype or discriminate people

AI systems should perform reliably and safely

Systems should be subjected to rigorous testing and deployment management processes to ensure they work as expected before release.

AI systems should be secure and respect privacy

System decisions and predictions should keep the data used to train it and the responses private

AI systems should empower everyone and engage people

They should not only benefit a small group of people.

AI systems should be understandable.

Users should be made aware of how the system works, its limitations, and its purpose

People should be accountable for AI systems

Computer Vision models and capabilities

Image classification - This involves training a ML model to classify images based on the contents.

Object detection - Training a ML model to classify individual objects within an image and identify their location with a bounding box

Semantic Segmentation - An advanced ML learning technique where individual pixels in the image are classified based on the object they belong to, the area is masked

Image analysis - Specialized form of object detection that locates human faces

Optical character recognition (OCR) - technique used to detect and read text in images. It can be used to read documents or images.

Computer vision services in Microsoft Azure

Computer vision - use this service to analyze images and video and extract descriptions, tags, objects, and text

Custom vision - use this service to train custom image classification and object detection models using your own images

Face - use this service to build face detection and facial recognition solutions

Form Recognizer - use this service to extract information from scanned forms and invoices

Understand Natural Language Processing (NLP)

Analyze and interpret text in documents, emails, etc.

Interpret spoken language and synthesize speech responses

Automatically translate spoken or written phrases between languages

Interpret commands and determine the appropriate action to take

Natural language processing in Microsoft Azure

This service provides a platform for conversational AI

Capability of software agent to participate in a conversation

Devs can use the Bot Framework to create a bot and manage it via Azure Bot service

How machine learning works

Machines learn from data!

Every day we create huge volumes of data and that data can be used to train models (text messages, emails, social media, photos, video, etc)

Data is also created by devices, sensors that are everywhere in our environment (cars, cities, factories, etc)

Data scientists use the data to train machine learning models

The models make predictions and inferences based on the relationships in the data

Machine learning in Microsoft Azure

Automated machine learning - enables non-experts to quickly create an effective machine learnings model from data

Azure machine learning designer - graphical interface enabling a no-code development environment for machine learning solution

Data and compute management - Cloud based data storage and computer resources to run data experiments at scale by professional data scientists

All transfers are encrypted 

Only one VPN gateway per virtual network 

Two types of gateway configuration and they both use a pre-shared key for authentication

Policy-based

Specify statically the IP address of packets that should be encrypted in the tunnel 

This type of devices evaluates every data package against those sets of IP addresses to choose the tunnel where that packet is going to be sent through

Route-based

IPSec tunnels are modeled as a network interface or virtual tunnel interface. 

 IP routing (static or dynamic router protocols) decides which one of these tunnel interfaces to use when sending each package. 

Preferred connection method for on-premises devices (more resilient to topology changes like creation of new subnets)

Use route-based VPN gateways if you need the following connectivity

Connections between virtual networks

Point-to-site connections 

Multisite connections 

Coexistence with an Azure ExpressRoute gateway

Describe Azure ExpressRoute

Express route lets you extend your on-premises network into the Microsoft cloud over a private connection.

The connection is also called an ExpressRemote Circuit.

This allows you to connect offices, data centers, and other facilities to the Microsoft cloud.

Each location would have its own ExpressRoute circuit

Connectivity can be from 

any-to-any (IP VPN)network 

Point-to-point ethernet network 

Virtual cross-connection through a connectivity provider at a colocation facility 

ExpressRoute connections don’t go over the public internet 

This allows connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the internet.

Features and benefits of ExpressRoute

Connectivity to Microsoft cloud services across all regions in the geopolitical region 

Global connectivity to Microsoft services across all regions with express route global reach. 

Dynamic routing between your network and Microsoft via Border Gateway Protocol (BGP) 

Built in redundancy in every peering location for higher reliability

Direct access to these services in all regions

Microsoft Office 365 

Microsoft Dynamics 365 

Azure computer services such as Virtual machines 

Azure cloud services such as Azure Cosmos DB and Azure storage

Global connectivity -  ExpressRoute Global reach to exchange data across your premises sites by connecting your ExpressRoute circuits.

Dynamic routing

ExpressRoute uses the BGP to exchange routes between on-premises networks and resources running in Azure. 

Enables dynamic routing between your on-premises network and services running in the Microsoft cloud

Built-in redundancy -  Each connectivity provider uses redundant devices to ensure connections established with Microsoft are highly available.

ExpressRoute connectivity models

CloudExchange colocation

Your data center, office, or facility being physically co-located at a cloud exchange such as an ISP 

If you’re co-located at a cloud exchange you can request a virtual cross-connect to the Microsoft cloud

Point-to-Point Ethernet connection - Connecting your facility to the Microsoft cloud

Any-to-Any connection

You can integrate your wide area network (WAN) with azure by providing connections to your offices and data centers.

Integrates your WAN connections to provide a connection like you would have between your datacenter and any branch offices.

Directly from ExpressRoute sites -  Connect into Microsoft global network at a peering location strategically distributed across the world

Security considerations -  Everything runs over the private connection except for DNS queries, certificate revocation, etc.

Describe Azure DNS

Azure DNS is a hosting service for DNS domains that provides name resolution

Benefits of Azure DNS

Reliability and performance

Hosted on  Azure’s global network of DNS servers providing resiliency and high availability 

Uses any cast networking so each DNS query is answered by the closes DNS server

Security

Based on Azure Resource Manager 

Provides RBAC control to who has access to specific actions 

Activity logs to monitor how a resource is changed 

Resource locking to lock a subscription, resource group, resource

Ease of use

Manage DNS records for Azure and non-Azure resources 

Integrated with your Azure portal for bulling and support

Customizable virtual networks

Supports private DNS domains 

Feature allows you to use your own custom domain names in your private networks.

Alias records

Supports alias record sets. 

Use an alias record to refer to an Azure resource, such as an Azure public address, an Azure Traffic manager profile, etc.

Describe Azure Storage Services

Storage accounts provide unique namespaces for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPs.

Data in this account is very secure, highly available, durable, and massively scalable

When creating a storage account, pick the account type which determines the storage services and redundancy options and has impact on the use cases.

Redundancy options

Locally redundant storage (LRS) 

Geo-redundant storage (GRS) 

Read-access geo-redundant storage (RA-GRS) 

Zone-redundant storage (ZRS) 

Geo-zone-redundant storage (GZRS) 

Read-access geo-zone-redundant storage (RA-GZRS)

Storage account endpoints

Unique namespaces for your data 

Every storage account must have a unique-in-azure account name 

Combination of account name with Azure storage service end point, form the endpoints for a storage account.

Describe Azure storage redundancy

Always stores multiple copies of your data so that its protected from planned and unplanned events

Shoes best option for your scenario (tradeoffs between lower cost and higher availability)

Factors include

How data is replicated in the primary region 

Whether data is replicated to a second region that is geographically distant to the primary region to protect against regional disasters 

Whether your application requires read access to the replicated data in the secondary region if the primary region becomes unavailable.

Azure Service Health

Helps you keep track of Azure resources, both your specifically deployed resources and overall status of Azure.

Azure Status

Broad picture of the status of Azure globally 

Informs you of service outages in Azure 

Global view of health of all Azure services across all Azure regions.

Service Health

Narrower view of Azure services and regions 

Focuses on the Azure service and regions you are using 

Can use your authenticated account to identify your services and then report on status of those 

Alerts can be setup to notify you when service issues, planned maintenance or other changes may affect your services and/or region.

Resource Health

Tailored view of your actual Azure resources 

Information about the health of your individual cloud resources 

Use Azure monitor to configure alerts to notify of availability changes to your resources

Azure Monitor

Platform collecting data on your resources, analyzing the data, visualizing the information and even acting on the results 

Can monitor Azure resources, on-prem resources, and even multi-cloud resources hosted on a different provider.

Configure alerts based on critical events

Azure Log Analytics

Tool in Azure Portal where you’ll write and run log queries on data from the Azure Monitor. 

Supports simple and complex queries and data analysis

Azure Monitor Alerts

Are automated to stay informed when Azure monitor detects a threshold being crossed. 

Set alert conditions, the notification actions, and then Azure monitor Alerts notifies when an alert is triggered. 

It can sometimes attempt corrective actions 

Alerts can trigger on certain log events too.

Application Insights

Azure Monitor feature that monitors your web applications 

Capable of monitoring applications that run in Azure, on-premises, or in a different cloud environment 

Two ways to configure Application Insights

Install SDK in your application 

Use the Application Insights agent -  Agent supported in C#, VB.NET, Java, JavaScript, Node.is, and Python

It can monitor

Request rates, response times, and failure rates 

Dependency rates, response times and failure rates for external services 

Page views and load performance reported by users browsers 

AJAX calls from web pages 

User and session counts 

Performance counters for OS information

It can monitor, but also send synthetic requests to check if your application is up

Azure Fundamentals: Describe Azure architecture and services

Supports SaaS, PaaS, and IaaS

You need an Azure subscription to create and use Azure services

Structure of objects in Azure

Core Architectural components of Azure

Physical infrastructure

The physical “stuff” that is in a data center (racks, dedicated power, cooling, networking infrastructure) 

Azure has data centers around the world. 

Data centers are not directly accessible, but they are grouped into Azure Regions or Azure Availability Zones to provide resiliency and reliability.

Regions

Geographical area that contains at least one, but possibly more data centers 

Networked together with a low latency network 

Azure assigns workloads across the region to balance workloads

Availability Zones

Physically separate data centers within an Azure region 

Each zone is made up of one or more data centers with independent power, cooling, and networking 

Availability zone is setup to be an isolation boundary 

If one goes down the others continue to work 

Connected with high-speed private fiber optic networks

Use Availability zones in your apps

Ensure services and data are redundant to protect your information 

Azure can make your app highly available through availability zones 

Primarily for VMs, managed disks, load balancers, and SQL database 

Three categories

Zone service - You pin the resource to as specific zone (VMs, managed disks, etc) 

Zone-redundant services - The platform replicates automatically across zones (zone-redundant storage, databases) 

Non-regional services - always available from Azure geographies and resilient to zone-wide outages as well as region-wide outages.

Region Pairs

Most Azure regions are paired with another region within he same geography (at least 300 miles away) 

Allows for replication of resources across a geography mitigating risks of one data center going down 

Provides fail-over for a region 

Examples of Azure are West US with East US and South-East Asia with East Asia

Additional Advantages

Planned Azure updates are rolled out to paired regions with one going down at a time 

Data continues to reside within the same geography as its pair (except for Brazil South) for tax and law enforcement jurisdiction purposes

Sovereign Regions

Azure has sovereign regions 

Isolated from the main instance of Azure 

US DoD Central, US Gov Virginia, US Gov Iowa and more for the US government. Operated by screened US personnel with additional compliance certifications 

China East, China North and more, regions available through a unique partnership between Microsoft and 21vianet. MS doesn’t maintain the data centers.

Describe Azure management Infrastructure

Azure resources and resource groups

Resource - basic building block of Azure 

Anything you create, provision, deploy, etc is a resource. 

Resource Groups are grouping of resources and cannot be nested 

When are resource is created, it must be added to a resource group 

Actions applied to a resource group apply to all the resources within the group 

Current and future resources are applied the setting if one is added. 

Deleting a group will result in deleting all resources in the group 

Grant or deny access to a group and it is inherited by the resources within the group

Azure subscriptions

Unit of management, billing, and scale 

Similar to how resource groups are away to logically organize resources, subscriptions allow you to logically organize your resource groups and facilitate billing

Provides you with authenticated and authorized access to Azure 

Links to an Azure account which is an identity in Azure Active Directory, or in a directly that Azure AD trusts 

Accounts can have multiple subscriptions 

Multi-subscription accounts can use subscriptions to configure billing models or different access-management policies.

Billing boundary

Determines how an azure account is billed 

You can configure different billing requirements. 

Different reports and invoices are created for each subscription

Access control boundary

Applies access-management policies at the subscription level 

Can create separate subscriptions to reflect different organizational structures. 

Each department can have a different subscription policies

Create additional subscriptions

Environments - primarily good for resource access controls 

Organizational Structures - reflect different organizational structures via subscriptions 

Billing - Aggregated at the subscription level, can set up additional subscriptions for managing and tracking cost base on needs

Azure Management Groups

Resources are gathered into resource groups

Resource groups are gathered into Subscriptions

Management Groups If you have many subscriptions and want to manage access, policies, and compliance for those you can organize subscriptions into containers

You can apply governance conditions to the management groups

Management groups can be nested

You can build flexible structure of management groups and subscriptions 

Can be used to apply policies, provide user access to multiple subscriptions 

10000 management groups can be supported in a single directory 

Depth of the Tree can be 6 levels (Does not include the root level or the subscription level) Each management group and subscription can support only one parent

Describe Azure compute and networking services

Azure virtual machines

VMs provide SaaS in the form of a virtualized server 

Flexibility of virtualization without having to buy and maintain physical hardware that runs the vm. 

You can use images to create VMs at scale.

Scale VMs in Azure

You can run a single VM or group VMs together 

Grouped VMs provide high availability, scalability, and redundancy. 

You can manage the grouping of VMs for you with features such as scale sets and availability sets

Virtual Machine Scale sets

Lets you create and manage a group of identical, load-balanced VMs. 

If you create them one at at time, you must configure them identical and then set up network routing parameters to ensure efficiency. 

Azure automates most of that work with scale sets 

Allow you to centrally manage, configure, and update a large number of VMs in minutes 

The number of VMs can automatically increase o decrease in response to demand or can be configured to scale based on a defined schedule. 

Automatically deploy a load balancer to make sure that your resources are used efficiently.

Virtual Machine Availability sets

Another tool to help you build a more resilient, highly available environment 

Availability sets are designed to ensure that Vm stagger updates and have varied power and network connectivity 

Availability sets do this by grouping VMs into two ways

Update Domain

VMs can be rebooted at the same time 

Allows to apply updates while knowing that only one update domain grouping will be offline at a time. 

Update group going through the update process has 30 minutes to recover before maintenance of the next update domain starts

Fault Domain

Groups VMs by common power source and network switch. 

By default availability set will split your VMS across three fault domains. 

This helps protect against physical power or network failure

Azure Virtual Desktop

Another type of virtual machine 

It is a desktop and application virtualization service in the cloud 

You can get to Cloud hosted versions of Windows over the internet. 

Accessible from clients that are available from native OS’ and HTML5 browsers. 

Remote Desktop Services (RDS) use to be expensive an difficult to setup - Could take weeks to set up

Now setup the rules in Azure PaaS. The users connect to the VMs on a secure connection 

You have control of how the users are spread across those VMs and workloads 

You can have multiple users on a single VM with a multisession Win10 Enterprise 

For users, their experience is the same 

A globe indicates that the application is virtual, otherwise it seems like being on the same workstation/PC 

Enhance security

Provides centralized security management of users’ desktops 

You can enable MFA to secure signing 

Secure access to data by assigning granular RBAC to users 

Data and apps are separate from the local hardware 

User sessions are isolated in both a single or multi-session environment

Multi-Session Windows 10 or Windows 11

The only client-based operating system that enables multiple sessions on the same single VM 

More consistent experience similar to that of a windows server based operating system with broader application support

Describe Azure Containers

Although VMs are excellent to reduce cost versus investment for physical hardware, they are limited to a single operating system per virtual machine

If you need multiple instances of an application on a single host machine, you can use containers

Containers

Virtualization environment 

Multiple containers on a single physical or virtual host 

You don’t manage the OS for the container 

They appear as an instance of an OS that you connect to and manage. 

Light weight and designed to be created, scaled out, and stopped dynamically 

You can quickly restart if there is a crash or hardware interruption. 

Most popular engine is Docker and it is supported by Azure

Compare Virtual Machine to Containers

Virtual Machines provide abstraction layer for CPU, memory, Storage

VMs you are in control with OS, tools, and packages 

Downsides - only one OS at a time. If the apps require different runtime environments, you may need multiple VMs

Containers

Bundles an app and its dependencies 

Deploys it as a unit to a container host -  The container host has a standardized runtime environment and abstracts away the OS and hardware

VM machines virtualize hardware 

Containers virtualize the Operating system 

Containerized apps are smaller in size 

You wait for the app and not the OS to restart if you reboot it 

Development process is simplified because your development environment can look like production 

Use Cluster orchestration without wondering which server to put it on. 

Complete control of environment may mean using a VM 

Portability and management capabilities of containers may be a better choice

Azure Container Instances

Offer fastest and simplest way to run a container in Azure 

Without having to manage any virtual machines or adopt services. 

Azure container instances allow you to upload your containers and the services will run them for you 

Use containers in your solution

Used to create solutions by using a micro services architecture 

Break your solution into smaller independent pieces 

You could scale one part of the application. For example your backend can be called if the front-end is not being stressed.

Describe Azure Functions

Event-driven, server less compute option that doesn’t require maintaining virtual machines or containers

With Azure Functions an event wakes the function and prevents having the resource (VM or container) always running

Serverless computing

Removes the server management tasks from the users’ responsibilities 

Allows you to focus on pushing your applications to the customers 

“Servers are there, but you don’t need to manage them” 

Take your mind off the infrastructure concerns and move to application. 

Often triggered based on an event (a REST request), timer, or message from another service 

Benefits

No infrastructure management 

Scalability 

Only pay for your use

By default functions are stateless. 

When they are stateful (called Durable Functions) a context is passed through the function to track prior activity

Describe application hosting options

Azure Ap Service

Enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the language you choose

No management of infrastructure

Automatic scaling and high availability

Supports Windows and Linux

Automated deployments from Github, Azure DevOps, or any git repo

Types of app services

Web apps -  Full support for hosting web apps using ASP.NET, ASP.NET core, Java, Ruby, Node.js, PHP, or python Linux or windows

API apps

You can build REST-based web APIs using your language and framework 

Full Swagger support and ability to publish your API in Azure Marketplace

Web Jobs

Allow you to run a program (.exe, Java, PHP, Python, or Node.js) or script (.cmd, .bat, PowerShell, or bash) in the same context as a web app, API, or mobile app. 

Often used to run background tasks as part of your application logic.

Mobile Apps

Quickly build back-end for iOS an android apps 

Store mobile data in cloud-based sql database 

Authenticate customers against social providers, such as MSA, Google, Twitter, and Facebook 

Send push notifications 

Execute custom back-end logic in c# or node.js

Handles most of the infrastructure decisions you deal with in hosting web-accessible apps

Deployment and management are integrated into the platform 

Endpoints can be secured 

Sites can be scaled quickly to handle high traffic loads

The built-in load balancing and traffic manager provide high availability

Describe Azure Virtual Networking

Azure Virtual Networking

Allows you to create virtual networks and virtual subnets to enable Azure resources to communicate

With each other, users on the internet and with your on-premises client computers.

Provide the following key networking capabilities

Isolation and segmentation

Allows creating multiple isolated virtual networks 

You define a private address space using either public or private addresses 

You can use internal or eternal DNS servers for name resolution

Internet communications -  Assign a public ip address to the resource or put it behind a public load balancer to have internet connectivity

Communicate between Azure resources

Virtual networks can connect not only VMs, but the resources too 

Service endpoints can connect to other resource types 

This enables you to link multiple Azure resources to virtual networks to improve security and provide optimal routing between resources

Communicate with on-premises resources

Virtual networks allow you to link resources together in your on-premises environment with your azure subscription. 

Network that spans both your local and cloud environments. 

Three mechanism for this

Point to Site

Virtual networks connections are from a computer outside the origination back into your corporate network 

A client computer initiates an encrypted VPN connection to connect to the Azure virtual network

Site to Site

Virtual private networks link your on-premise VPN device or gateway to an Azure VPN gateway in a virtual network. 

Devices in Azure can appear as being on the local network. 

 The connection is encrypted and works over the internet. 

Azure VPN device (also known as Virtual Network Gateway) 

Gateway subnets are a virtual subnet gateway located in a dedicated subnet in the Azure virtual network.

Azure Express Route

Dedicated private connectivity to Azure that doesn’t travel over the internet 

Useful for environments where you need greater bandwidth and even higher levels of security

Route network traffic

Allow you to define rules about how traffic should be directed. 

You can create custom route tables that control how packets are routed between subnets 

Border Gateway Protocol (BGP) works with Azure VPN gateways, Azure Route Server, or Azure ExpressRoute to propagate on-premises BGP routes to Azure virtual networks

Filter network traffic

Allow you filter traffic between subnets 

Network security groups

Are Azure resources that can contain multiple inbound and outbound security rules 

You can define these rules to allow or block traffic, based on source and destination IP address, port, and protocol 

Network virtual appliance

Are specialized VMs that can be compared to hardened network appliances. 

Carry out a particular network function like a firewall or WAN optimization

Connect virtual networks

Link virtual networks together using virtual network peering 

Peering allows two virtual networks to connect directly to each other 

Traffic between peered networks is private and travels on Microsoft’s backbone network. 

User-defined Routes (UDR) allow you to control the routing tables between subnets or between virtual networks

It supports both public and private endpoints to enable communication between external and internal resources

Public endpoints have a public IP address can be accessed from anywhere in the world 

Artifacts

Each component in the blueprint is known as an artifact. 

Artifacts may not have additional parameters (configuration) -  Example: Threat detection rule for SQL server policy

Artifacts can contain one or more parameters that can be configured -  Example: Allowed location policy for where to deploy resources

You can specify parameter values when you create the blueprint definition or when you assign the blueprint definition to a scope.

Blueprints deploy a new environment based on all the requirements in the artifacts which can include: role assignments, policy assignments, azure resource manager templates, and resource groups 

Blueprints are version-able. You can create an initial version and then make updates later 

The relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. It maintains a record of each resource and which blueprint defined it. (Auditable)

Azure Policy

A service in Azure that enables you to create, assign, and manage policies that control or audit your resources enables you to define both individual policies and groups of related policies known as initiatives. 

Evaluates your resource and highlights resources not compliant 

Prevents non compliant resources from being created 

Policies can be set at any level: resource, resource group, subscription, etc. 

Policies are inherited at a high level and applied to all the groupings that fall within the parent 

For example, if the resource group has a policy, all the resources in that resource group receive the same policy. 

Comes with built in policy and initiative definitions for Storage, Networking, Compute, Security Center, and monitoring. 

Some auto-remediation of non compliant resources is possible 

Azure Policy Initiatives

Are a way of grouping related policies together. 

Contains all the policy definitions to help track your compliance state for a larger goal 

For example: Azure security center has an initiative named Enable monitoring 

Included definitions in Security Center

Monitor unencrypted sql database 

Monitor OS vulnerabilities 

Monitor missing Endpoint Protection

Resource Locks

Prevent resources from being accidentally deleted or changed. 

Even with RBAC in place, some risk that people with the appropriate rights can delete resources exists 

Resource locks can be applied to resource, resource groups, subscription 

For example: Are inherited by all resources in a resource group 

Resource Lock Types

Two types. One prevents users from deleting, the other prevents from changing or deleting a resource 

Delete means authorized users can read and modify a resource, but cannot delete the resource 

ReadOnly means authorized users can read a resource, but can’t delete it or update it. (Similar to applying a reader role)

Can be managed via Azure portal, Azure cli, PowerShell, and an Azure resource manager template 

How to delete or change a locked resource?

Remove the lock

Then apply any action you have permissions to perform

Re-apply it after again

Service Trust Portal

Provides access to various content, tools and other resources about Microsoft security, privacy and compliance practices. 

Contains details of Microsoft’s implementation of controls and processes that protect cloud services and the customer data therein. 

URL: https://servicetrust.Microsoft.com

Features and Tools for managing and deploying Azure resources

Tools for interacting with Azure

Azure Portal 

Azure PowerShell 

Azure Command Line Interface (CLI)

Required to interact with the Azure environment, management groups, subscriptions, resource groups, resources, and so on 

Azure Cloud Shell

Browser based shell tool that allows you to create configure and manage Azure resources using a shell 

Supports Azure PowerShell and Azure command line interface ( a bash shell ) 

No local installation or configuration required 

Authenticated to your Azure credential 

Use the shell you are most convenient

Azure PowerShell

Shell with which developers, DevOps, and IT professionals run commands called command-lets (cmd-lets) 

The commands call Azure REST APIs to perform management tasks in Azure 

They can run independently or combined to help orchestrate complex actions

Routine setup, tear down, and maintenance of a single resource or multiple connected resources 

Deployment of an entire infrastructure, which might contain dozens or hundreds of resources from imperative code

Allows to script commands to make the process repeatable and automatable. 

You can install Azure Cloud shell and configure it via Windows, Linux, and Mac platforms

Azure CLI

Functional equivalent to Azure PowerShell just the syntax is different 

Uses bash commands vs PowerShell, because that is used in the Azure PowerShell 

Same benefits as PowerShell

Azure Arc

Allows you to extend Azure compliance and monitoring to your hybrid and multi-cloud configurations via Azure Resource Manager.

Simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Provides a centralized, unified way to:

Managed entire environment together by projecting your existing non-Azure resources into ARM 

Manage multi-cloud and hybrid virtual machines, Kubernetes clusters, and databases as if they are on Azure 

Use familiar azure services and management capabilities no mater where the resources live 

Continue using traditional ITOps while introducing DevOps practices to support new cloud and native patterns in your environment. 

Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions.

Currently you can manage the following resources outside of Azure

Servers 

Kubernetes clusters 

Azure data services 

SQL Server 

Virtual Machines (preview)

Azure Resource Manager and Azure ARM Templates

Deployment and management service for Azure 

Provides a management layer that enables you to create, update, and delete resources in your Azure account. 

When are request comes from any Azure tool, API, or SDK ARM receives the request. It authenticates and authorizes the request. 

Benefits

Managed your infrastructure through declarative templates rather than scripts. Templates are JSON files 

Deploy, manage, and monitor all resources in the solution as a group, rather than individually 

Re-deploy your solution throughout the development life-cycle and have confidence your resources are deployed in a consistent state 

Define dependencies and order when deploying them 

Apply access control to all services because RBAC is natively integrated into the management platform 

Apply tags to resources to logically organize all the resources in your subscription 

Clarify the organizations billing by viewing costs for a group of resources with the same tag.

ARM Templates

Infrastructure as code - a concept where you manage your infrastructure as lines of code. 

Uses Azure Cloud Shell, PowerShell, or Azure CLI 

Via templates you can describe the resources you want to use using a declarative JSON format. 

Deployment code is verified before it is run 

Ensures resources are created and connected correctly. 

All resources are created at the same time in parallel 

Benefits

Declarative syntax allows you to create and deploy an entire Azure infrastructure declaratively. 

Repeatable resource, repeatedly deploy your infrastructure throughout the development lifecycle and have confidence your resources are deployed in a consistent manner. 

Orchestration, no worry about the complexities of ordering operations. It determines the correct order. 

Modular files, break your templates into smaller, reusable components and link them together at deployment time. Nesting is allowed. 

Azure Cost Management Tool

Provides the ability to quickly check Azure resource costs, create alerts based on resource spend, and create budgets that can be used to automate management of resources.

Cost analysis is a subset of cost management that provides a quick visual for your azure costs.

use cost analysis to explore and analyze your organizational costs.

Cost alerts

Single location for all types of alerts 

Budget alerts

Notify when spending, based on usage or cost reaches or exceeds the defined amount 

Created using Azure portal or Azure consumption API 

Support both cost based and usage based budgets.

Credit alerts

Alerts when your monetary commitments are consumed. 

Monetary commitments are for organizations with Enterprise Agreements (EAs) 

Credit alerts are created automatically at 90% and then 100% of your credit balance. 

Email sent to account owners

Department spending quota alerts

Alerts when a department reaches a fixed threshold of the quota. 

Configured in the EA portal 

Email sent to department owners at 50 or 75% of the quota

Budgets

When you set a spending limit for Azure. 

Can set budgets based on a subscription, resource group, service type or other criteria.

Purpose of Tags

Helps you stay organized as your cloud grows.

Can help manage costs

One way to organize is to place resources into subscriptions.

You can also use resource groups to manage related resources.

Resource tags are another way to organize resources.

Tags provide extra information, or metadata, about your resources.

Resource Management -  Tags enable you to locate and act on resources associated with specific workloads, environments, business units and owners

Cost management and optimization -  Tags enable you to group resources so that you can report on cost, allocate internal cost centers, track budgets, and forecast estimated costs

Operations management

Tags enable you to group resources according to how critical their availability is to your business 

This grouping helps you formulate SLAs.

Security Tags -  Enable you to classify data by its security level (public or confidential)

Governance and regulatory compliance

Tags enable you to identify resources that align with governance or regulatory compliance requirements like ISO27001 

Tags can also be part of your standards enforcement efforts (i.e all resources are tagged to an owner or department)

Workload optimization and automation

Tags can help you visualize all of the resources that participate in complex deployments 

For example, tag a resource with its associated workload or application name and use software such as DevOps to perform automated tasks on those resources

How do I manage resource tags?

Add, modify, delete through PowerShell, azure cli, resource manager templates, REST api, or azure portal 

Use Azure Policy

To enforce tagging rules or conventions 

Add new tags at time of provisioning 

Apply tags again when they are removed

Resources don’t inherit tags from subscriptions and resource groups. 

You can create different tagging schemas that change depending on the level (resource, resource group, subscription) 

Monitor health of resources and automatically replace failing resources

Receive automatic alerts based on configured metrics, so you are aware of performance in real time

Management in the cloud

Web portal 

Command line interface 

APIs 

PowerShell

Cloud Service Types

Infrastructure as a Service

Maximum control for your cloud resources

Cloud provider is only responsible maintaining hardware, network connectivity, and physical security

Shared responsibility model -  Customer is responsible for everything else: operating system, configuration, maintenance, storage, network, etc.

Scenarios

Lift and shift migration

Standing up cloud resources similar to on-prem data center 

Simply move existing things running on-prem to the cloud 

Testing and development

Quickly replicate established configuration for development and test environments 

Stand up or shut down different environments rapidly.

Platform as a Service

Middle ground between renting space in a data center and paying for a complete deployed solution. 

Shared responsibility model

Cloud provider maintains physical infrastructure, physical security, and connection to the internet, operating systems, middle ware, development tools, business intelligence services, etc. 

You do not worry about licensing of said software components

Well suited for a complete development environment without the headaches of maintaining all the development infrastructure

Scenarios

Development framework - PaaS provides a framework that developers can build upon to develop or customize cloud-based applications. 

Cloud features such as scalability, high-availability, and multi-tenant capabilities are included reducing the amount of coding that developers must do 

Analytics or business intelligence: tools provided as a service allow organizations to analyze and mine their data, finding insights, and patterns and predicting outcomes to improve forecasting, products design decisions, investment returns, and other business decisions

Supplier as a Service

Most complete cloud service model from a product perspective.

Shared Responsibility Model

Places most responsibility with the cloud provider and least responsibility with the user. 

Customer is responsible for data and user access.

Scenarios

Email and messaging 

Business productivity apps 

Finance and expense tracking

Azure Fundamentals: Describe Azure management and governance

Factors that affect costs in Azure

Azure shifts development costs from Capital expenses (CapEX) to Operational expenses (OpEx)

Factors that can impact the OpEx costs

Resource type

Consumption

Maintenance

Geography

Subscription type

Azure marketplace

Resource Type can be impacted by

Type of resource

Settings of the resource

Azure region

When creating a resource, Azure creates a metered instance for that resource to track usage and generate usage reports, that are later used to calculate the bill

Examples

Storage account

You can configure type as a blob, a performance tier, an access tier, redundancy settings, and a region 

The same account in another region may cost less

Virtual machine

Consider licensing for the operating system or other software 

Process and number of cores 

Attached storage, interface 

Same VM available in different regions may cost different.

Consumption

Pay as you go has been a consistent theme 

If you use more, you pay more 

You can “reserve” usage of a resource and pay in advance, this can allow receiving discounts 

Many services offer this and it can be a discount up to 72% 

Commitment to consume and pay for a certain usage of that resource in a given period (1 or 3 year increments) 

If you need to use more, you pay as you go

Maintenance

Resource groups can help you keep your resources organized. 

To control cost it is important to maintain your cloud environment 

Monitor to ensure resources are decommissions automatically or not. Sometimes they are not decommissioned right away.

Geography

Deployment and network traffic may have different costs based on geography

Network Traffic

Billing zones are a factor in determining the cost of some services. 

Bandwidth refers to the data moving in and out of Azure data centers. 

Inbound traffic is free for some services 

Outbound traffic is not, based on zones 

A zone is a geographical grouping of Azure regions for billing purposes.

Subscription Type

Some have usage allowances which can impact cost

Azure Marketplace

Cloud computer is OpEx because it operations on a consumption based model.

You pay for the IT services you use

Benefits of a consumption based model

No upfront costs

No need to purchase and manage infrastructure that may not be used to its full potential

Ability to pay for more resource when they are needed

Ability to stop paying for resources that are no longer needed

No need to worry about planning (over estimating or under estimating for use of a data center)

This model helps you pay for your cost based on services you use

Plan and manage operating costs

Run your infrastructure more efficiently

Scale as your business needs change

Benefits of high availability and scalability in the cloud

Two biggest considerations when building or deploying a cloud application are: uptime(availability) and handling demand (scale) 

High availability

Focuses on ensuring maximum availability, regardless of disruptions or events that may occur

When architecting the solution, account for service availability guarantees.

Azure is a height available cloud environment with uptime guarantees depending on the service (Part of the SLA agreement)

Service Level Agreement (SLA)

Formal agreement between customer and service provider. 

Also used inside organizations between IT and business 

Provided on uptime % ie 100% uptime 

Also has downtime information and credits you may get then 

100% uptime is expensive and hard. Thus 99% or 99.9% or 99.95% is common. 

99% vs 99.99% has a difference.

99% down 1.6 hrs per week/7.2 per month

99.9% down 10 mins per week/43.2 per month

More expensive for higher availability

Scalability

Major benefit is the scalability of cloud computing

Scalability refers to the ability to adjust resources to meet demand

Another benefit, you are not over paying for services and only paying for what your using

Horizontal Scaling

adding or removing resources

Needing more CPUs or more RAM

Vertical Scaling

increase or decrease the capabilities of the resource

Needing more virtual machines or containers.

Reliability

Ability of a system to recover from failures and continue to function 

Cloud is decentralized by design and supports reliable and resilient infrastructure 

Even if one region has a catastrophic event, other regions can be up and operating 

Predictability

Move forward with confidence

Performance predictability - Auto scaling, load balancing, and high availability

Cost predictability

Forecasting cloud spend 

Use analytics to find patters in your use to allow for better planning of resource deployments 

Can predict the Total Cost of ownership(TCO) 

Cloud computing

Power and features to run your software

PC is in the cloud provider data center vs you

Pay for services you use

Others manage up keep of computer

Basic services are compute and storage

Compute power

How much processing your computer may do

Pay for resources you use

Storage

Volume of data you can store on your computer

Over time you need more, here you can request more

They make backups and ensure your system is up to date.

Shared responsibility model

Responsibilities are shared between the cloud provider and the consumer

Cloud provider: physical security, power, cooling, network connectivity

Consumer: data and information stored in cloud, access security

Mixed: example SQL server, the provider is responsible for the sql server, but the customer is responsible for the data

Different Models

IaaS - Infrastructure as a service

Consumer: Most responsibility

Provider: responsible for basics: physical security, power, connectivity, etc.

PaaS - Platform as a service

Middle ground

SaaS - Software as a service

Consumer: access, data, etc.

Provider: Most responsibility

Consumer is always responsible for

Information and data

Devices that are allowed to connect to your cloud

The accounts and identities of the people, services, and devices within the organization

Cloud provider is always responsible for

Physical data center

Physical network

Physical hosts

Your service model will determine responsibility for things like

Operating system

Network controls

Applications

Identity and infrastructure

Define Cloud models

Private Cloud

Similar to a traditional data center

Delivers services to a single entity

Greater control for the company of its IT department

More expensive and fewer benefits of a public cloud

Can be hosted at your on-site datacenter or at a third party facility

Public Cloud

Built, controlled, and maintained by a third party provider

Anyone that wants to purchase services can purchase them

Hybrid Cloud

An environment that uses both public and private clouds in an inter-connected environment.

Hybrid cloud environments can be used to allow private cloud to surge for increased temporary demand by deploying public cloud resources

Can provide an extra layer of security

Multi-cloud

Use of multiple public cloud providers

Use of different features at each provider

Starting your cloud journey with one provider and then migrating later

Get information about a user from Active Directory and store it in a text file named info.txt

Get-ADUser -Identity <username format for organization> -Properties * > info.txt

Get information about a user from Active Directory based on a filter

Get-ADUser -Properties * -Filter “(city -eq ‘New York’) | Select-Object -last 10 -Property samAccountName, Modified, Enabled

Get information about a user from Active Directory in a specific OU

Get-ADUser -SearchBase “OU=abc,DC=test,DC=com”  | Select-Object -last 10 -Property samAccountName, Modified, Enabled

Get information about a user from Active Directory using LDAP dialect