Azure Basics Tutorial

[Music] Welcome to Azure Fundamentals. I'm your

instructor, Damian Defalco. As

technology in the workplace has evolved more and more organizations and businesses have decided to move their physical computing infrastructure to the cloud. You may ask yourself, what is the

cloud. You may ask yourself, what is the cloud? Well, the cloud or cloud

cloud? Well, the cloud or cloud computing is the delivery of computing services over the internet. This

includes everything from servers storage, databases, and networking infrastructure to software, analytics and intelligence. Cloud computing

and intelligence. Cloud computing presents opportunities for faster innovation, quicker turnaround times and the ability to scale your operations to meet modern-day needs. In this

course, we will be taking an in-depth view of one of the more widely used cloud computing platforms in the industry today, Microsoft Azure.

This course is intended for anybody who is looking into getting a basic understanding of cloud computing concepts and the services and offerings provided by Microsoft's Azure platform.

You might be a developer looking to learn more about CI/CD environments. Or

maybe a network engineer that would like to understand how you might integrate Azure AD with your on-prem instance of AD. Or maybe you're somebody who's

AD. Or maybe you're somebody who's responsible for purchasing technology resources for your organization and you'd like to understand what total cost of ownership looks like in the cloud versus the expenses you might have

experienced when purchasing physical hardware. In any case, we'll be taking a

hardware. In any case, we'll be taking a deep dive into the world of possibility that comes with Microsoft's Azure platform. Since there are a wide variety

platform. Since there are a wide variety of services and offerings available, you may find that we start talking about a subject or concept that you're not familiar with. If this happens to you

familiar with. If this happens to you I'd like to encourage you to pause the video and do a little bit of research on the topic in question. I realize it can be easy to go down the rabbit hole when

learning about new technology concepts but if you or your organization is considering cloud adoption, it would be pretty important to have a firm grasp on the concepts and offerings that are

available to you. So, please take your time and move along at your own pace.

I've included a worksheet for this course with links to resources and practice exercises. I would like to

practice exercises. I would like to encourage you to take the time to work through each of these exercises and review the resources I've shared. The

more informed you are, the more successful your efforts will be. If

you're enjoying these videos, please remember to like and subscribe. If

you're looking to earn certificates and watch videos without ads, sign up for Learn It Anytime, our dedicated online training subscription service. Check the

link in the description for more information. Also, if you have any

information. Also, if you have any questions you want answered by one of our instructors, please join our offsite community. The link for the community is

community. The link for the community is in the description as well. All right

I'll see you in the next video.

Welcome back. This is module one, cloud concepts. In this module, you will learn

concepts. In this module, you will learn about the basic concepts of cloud computing. After completing the module

computing. After completing the module you should be able to do the following.

Answer the question, why cloud services?

Describe the terms infrastructure as a service or IAS, platform as a service or path, and software as a service or SAS.

You should also be able to understand the difference between public, private and hybrid cloud models. Okay, let's

begin. So, now that we know what the cloud is, the next question we'll want to explore is, why should I be considering cloud services?

Well, if you've ever had to manage network cabling in your on-site infrastructure or thought about hosting your mission critical applications and websites in a room like this, you may already know why

pioneers in technology decided to start contemplating this question.

So, what are some of the benefits of working in the cloud that you should be thinking about? First, let's talk a

thinking about? First, let's talk a little bit about cost. Cloud computing

is typically cheaper to use. Virtualized

computing services over the internet means you pay as you go and only for what you use. This translates into lower operating costs, the ability to run your

infrastructure in a more efficient manner, and the ability to scale your infrastructure as your business evolves and your business needs change.

Another benefit is that the cloud creates an ideal environment for quicker innovation and production.

We're now seeing development teams deliver new features and software at record speeds thanks to the ease of quickly setting up test environments that used to take us weeks or longer to

procure and an on premises setting.

Software releases that used to be scheduled on a monthly or even annual basis are now being released in weeks or days with some updates even happening multiple times a day. The cloud

ultimately provides modern-day resources for modern-day needs. Relatively

speaking, it wasn't all that long ago when we were all using flip phones and waiting for our dialup internet connections to load a single internet page. Devices today have the ability to

page. Devices today have the ability to recognize biometrics such as the look of your face, the pattern of your fingerprint, or the sound of your voice.

We can now connect to our thermostats and doorbells from our phones, even if we're in another part of the country.

Most of these modern technologies are powered by the cloud. The cloud offers nearly limitless pool of raw compute storage, and networking components.

It also provides ondemand access to speech recognition and other cognitive services that help you make your application stand out from the crowd.

Cloud analytic services deliver telemetry data from software and devices in near real time.

When thinking about how the benefits of cloud computing compare to doing similar business in an on premises environment we'll find that there are several advantages the cloud environment offers.

The cloud offers high availability.

There are a variety of SLA offerings for you to choose from with options that offer virtually no downtime for your services and applications. We'll get a little deeper into SLAs's later in this

course. The cloud offers scalability. It

course. The cloud offers scalability. It

allows you to scale vertically by easily adding RAM or CPU power to a virtual machine, while it also allows you to scale horizontally by adding instances of resources like new virtual servers to

your environment on demand.

The cloud has elasticity.

You can configure your cloud-based applications to autoscale so that they'll always have the resources that they need. The cloud also offers agility

they need. The cloud also offers agility by giving you options to deploy and configure resources quickly to meet your everchanging application requirements.

The cloud is geodistributed.

This means that you can deploy your resources anywhere in the world where your customers may be so that they'll have the best performance when interacting with your applications.

Disaster recovery is revolutionized in the cloud. With backup services, data

the cloud. With backup services, data replication, and geo distribution, there are multiple avenues for you to quickly and easily restore your production environments back to their optimal

states. When it comes to expenses, cloud

states. When it comes to expenses, cloud computing translates into an operational expenditure or opex instead of a capital expenditure or capex. When you purchase

on-remise equipment, it goes on your balance sheets as an asset. Over time

to account for the limited lifespan of the equipment, the asset has to be depreciated or amortized. Cloud

computing, on the other hand, is consumptionbased.

The expenses are categorized as operational, which has a direct impact on net profit, taxable income, and the associated expenses on your balance sheet.

As you can see, there are a good amount of benefits to be gained by moving into cloud computing.

Okay, now that we know a few reasons why we should consider cloud services, let's discuss a few terms that we'll come across as we start to navigate the cloud computing landscape. Infrastructure as a

computing landscape. Infrastructure as a service or IAS platform as a service or paz, and software as a service or SAS.

These are the terms used to describe the different levels of cloud service models. Let's take a look at each of

models. Let's take a look at each of these service models in a little more depth.

First, let's consider infrastructure as a service or IAS. This service model is the most flexible in that it gives you close to complete control over the hardware that runs your applications.

You can think of IAS as renting a data center with all of the hardware in it instead of purchasing the space hardware, and environmental controls on your own. Your cloud service provider

your own. Your cloud service provider will keep the hardware up to date for you, but your teams will be responsible for operating system maintenance and network configurations.

Some of the additional benefits of the service model are there are no capex expenses as there aren't any upfront costs to deploy an environment.

In terms of agility, applications can be made available quickly and deprovisioned just as quickly.

As I mentioned earlier, this cloud service model has a shared responsibility model of management. Your

team can stay focused on your mission critical services and the underlying software while the cloud service providers team manages and maintains the cloud's infrastructure.

This cloud service model is consumptionbased. As we've mentioned

consumptionbased. As we've mentioned meaning that you only pay for what you use incurred as an operating expense for your organization.

And when you work with a cloud service provider, you can be assured that you have a skilled team of experts working to make sure your workloads are secure safe, and highly available.

Next, let's take a look at the platform as a service or PA cloud service model.

The Paz model is what we would consider a managed hosting environment. This

means that your cloud service provider will manage your virtual machines and networking resources while your team will work in the hosted environment deploying and supporting your organization's applications.

So for example, you may have web developers on your team who would be able to upload their web applications directly to a readytouse cloud server without having to worry about the

physical hardware and software requirements. In addition to sharing

requirements. In addition to sharing many of the benefits of the IAZ model the PAS model also offers some unique benefits. This cloud service model

benefits. This cloud service model offers access to cutting edge development tools which can be applied across an application's life cycle. As

we mentioned, in terms of management your cloud service provider will be taking care of most of your environment variables.

This means that your teams can focus on the applications that mean the most to your organization leading to one of the greatest benefits of the Paz model, increased productivity. Your teams can be

productivity. Your teams can be geographically dispersed but have the same access to the platform over the internet. This creates more

internet. This creates more opportunities for collaboration and cooperation among your team as your cloud service provider handles the platform management.

There is one disadvantage to mention with this model. There could potentially be limitations to a cloud platform that would conflict with the requirements of an application. If you're going to

an application. If you're going to consider this model, it would be wise to keep this in mind when doing your shopping. Make sure that the environment

shopping. Make sure that the environment offered can provide what your team will need.

Finally, we have the software as a service cloud service model.

In this model, the cloud service provider manages all aspects of the application from hardware all the way through operating systems to the software and applications that are

available to your users. An example of this model would be Microsoft Office 365, which is a full version of Microsoft Office in the cloud. This

cloud service model enjoys many of the benefits of the two other models we've covered with the primary limitation being that the software is provided asis and typically cannot be customized to

meet an enduser special request. This is

something to keep in mind if you're considering going with an offering of this model type. Okay, that covers the three types of cloud service models

available to us. IAS, PAS, and SAS.

Now that we've talked a bit about cloud service models, let's take a look at the three types of deployment models for cloud computing. Public, private, and

cloud computing. Public, private, and hybrid clouds. The public cloud

hybrid clouds. The public cloud deployment model is defined as computing services offered by thirdparty providers over the internet, making them available to anyone who wants to use or purchase

them. They may be free or sold on

them. They may be free or sold on demand, allowing customers to pay only for the resources they use.

Public clouds can save companies from the expensive cost of having to purchase, manage, and maintain on premises hardware and application infrastructure.

The cloud service provider is held responsible for all management and maintenance of the platform. Public

clouds can also be deployed faster than onremise infrastructure and with an almost infinitely scalable platform.

Every employee of a company can use the same application from any location using their device of choice as long as they can access the internet.

Security concerns have been raised over public cloud environments. However, when

implemented correctly, the public cloud can be as secure as the most effectively managed private cloud implementation.

The private cloud deployment model is defined as computing services offered either over the internet or a private internal network and only to select users instead of the general public.

Also referred to as internal or corporate clouds, private cloud computing offers many of the benefits of a public cloud, including self-service scalability, and elasticity with

additional controls and customizations available through dedicated resources hosted in onremise infrastructure.

In addition, private clouds deliver a higher level of security and privacy through both company firewalls and internal hosting, ensuring operations and sensitive data are not accessible to

thirdparty providers. However, the

thirdparty providers. However, the company's IT department is held responsible for the costs and accountability of managing the private cloud. So, private clouds require the

cloud. So, private clouds require the same staffing, management, and maintenance expenses as traditional data center ownership.

Two models for cloud services can be delivered in a private cloud. The first

is IAZ which allows a company to use infrastructure resources such as compute network and storage as a service. The

second is path that lets a company deliver everything from simple cloud-based applications to sophisticated enterprise level applications.

Finally, we have the hybrid cloud deployment model which offers the most flexibility in terms of control by combining the features of the public and private cloud models. Organizations can

combine both models and allow data and applications to be shared between them.

In this model, organizations determine where they run their applications, but they also take on the added responsibilities of security compliance, and legal requirements.

Okay, that covers the three types of cloud deployment models and brings us to the end of our first module. I've

included an exercise sheet with this video that asks you to take a moment to review our goals for the module.

Our first goal was to answer the question, why cloud services? Take a

moment and see if you feel comfortable describing some of the benefits of cloud computing.

Next, we were asked to describe the terms infrastructure as a service or IAS, platform as a service or paz, and software as a service or SAS. Are you

comfortable with your understanding of the benefits each of these cloud service models has to offer?

Finally, we were asked to understand the difference between public, private, and hybrid cloud deployment models.

Take a moment to write down what you can recall about each of these concepts and questions before moving on to the next module where we'll be looking under the hood of the Microsoft Azure platform.

Okay, congratulations on completing module one. I'll see you in our next

module one. I'll see you in our next module.

Welcome back to Azure fundamentals. This

is module two core Azure services. In

this module, we'll cover the basics of the course services and products available on the Microsoft Azure platform. By the time you're finished

platform. By the time you're finished with this module, you should have a basic understanding of the tools and services offered on the Azure platform including core Azure architectural

components, core Azure services and products, and Azure management tools.

Now that we've familiarized ourselves with some basic concepts of cloud computing, let's take a look at how some of those concepts are realized on the Azure platform.

We'll start by looking at the core Azure architectural components. The

architectural components. The organizational structure of Azure is broken out into four main levels.

Management groups, subscriptions resource groups, and resources.

Let's take a look at the elements of this tree from the bottom up. Resources

are instances of services that you create such as virtual machines, storage allocation, or SQL databases.

Resources are then combined into resource groups in order to create a container for easy organization and management. When you delete a resource

management. When you delete a resource group, any resources that you had added to that group will also be deleted. When

thinking about strategies for organizing your resource groups, you might want to consider life cycle management where you create a resource group that will hold all of the resources for a test environment. And as soon as you're

environment. And as soon as you're finished running your testing, you can easily delete the group and the resources associated with it. Resource

groups are also a great way to apply role-based access controls to certain applications and resources.

Then here on the next level at subscriptions, we see that subscriptions group together user accounts and the services that have been created by those accounts. An Azure account can have one

accounts. An Azure account can have one subscription or many subscriptions which would be used to organize different billing and access management policies.

There are limits on how many resources you can create per subscription. So

organizations can choose to use subscriptions to organize and manage costs and resources by user, team, or project. When thinking about how to

project. When thinking about how to structure your subscriptions, you may want to consider subscriptions broken out by your environments. For example, a subscription for your dev environment.

You may have another for your stage environment and then one for your production environment. Or you might

production environment. Or you might want to think about subscriptions aligned to your org structure or billing departments. Then finally at the top

departments. Then finally at the top level of this tree, we have our management groups. Management groups

management groups. Management groups help you manage access policy and compliance for multiple subscriptions.

All subscriptions and a single management group will inherit any conditions that have been applied to the top level group. You can build a flexible structure of management groups and subscriptions to organize your

resources into a hierarchy that reflects your organization's policy and access management.

Let's take a look at this next diagram as an example.

Okay, if we take a look at this diagram we'll see that we have a management group hierarchy that's broken out to match the organization's org structure.

We have a root management group at the top level here. And you can see we have three separate management groups underneath that. One for human

underneath that. One for human resources, one for IT, and one for marketing. Then we see we have two

marketing. Then we see we have two standalone subscriptions which would belong to the root management group at the top level.

Underneath HR we see we have another management group that's used to manage the applications that that team would use and also a dev test subscription that would belong strictly to the HR

management group. Underneath it we see

management group. Underneath it we see we have another management group for production that is broken out into two geo regions. geo region one and geo

geo regions. geo region one and geo region two. And underneath each of those

region two. And underneath each of those regions, we have the subscriptions that are used in each of those regions. We

have two for go region one and three subscriptions for geo region 2. Finally

if we take a look at the marketing group, we'll see that we have two free trial subscriptions for use underneath the marketing teams. And again, you can think about breaking

this out by your billing and accounting needs, or you might want to think about breaking it out based on your user groups or your environments. There are a couple of facts that I want to cover

regarding management groups. You can

have up to 10,000 groups in a single directory.

Your management group trees can have up to six layers of depth. And a management group and subscription may only have one parent, but they can have many children.

Okay, so now that we've covered some of the core architectural components, let's take a look under the hood of Azure and see what this looks like in reality.

Okay, now that we know that cloud services are delivered over the internet, the first thing we're going to want to do is go ahead and open up your browser of choice and let's navigate to httpsportal.asure.com.

httpsportal.asure.com.

I've already logged into Azure. If this

is your first time signing into the portal, you're going to be prompted to sign in with a Microsoft account of choice. If you don't have a Microsoft

choice. If you don't have a Microsoft account, you can go ahead and set one up. But for now, we can see that my

up. But for now, we can see that my Azure portal is autoloading because I have my credentials saved.

All right. So, now we are looking at your homepage in the Microsoft Azure portal. Let's take a brief little look

portal. Let's take a brief little look at what we have here. Okay, on the top level we have some of our favorite links. We have a link to create

links. We have a link to create resources. We have links to our

resources. We have links to our subscriptions, links to create SQL servers, SQL server stretch, virtual machines, management groups. A little

below that we have links to navigate and also tools. You can learn for free.

also tools. You can learn for free.

Microsoft presents classes online, so you can go through any of these resources and dig into them in a little bit more depth.

There is the Azure monitor which shows you the status of your resources and tools. And again, you can see if you

tools. And again, you can see if you hover over any of these. Microsoft

offers free trainings and useful links that relate to each of the resources that you're hovering over.

Microsoft Defender for Cloud. So they

offer security training for Microsoft cloud and also cost management. Down

here we also see a few more useful links. We have our technical

links. We have our technical documentation, migration tools, Azure services, links to find Azure experts

recent Azure updates, and a quick start center. Looking across the top on the

center. Looking across the top on the blue bar here, we see that we have a search bar where we can search for anything. Say we're looking for Azure

anything. Say we're looking for Azure Active Directory.

And there we have it. Azure Active

Directory. We could link right to that and we could see right now we are in a default directory but all of the features and tools that you would have

in an on-prem version of active directory are also replicated here into a cloud version of active directory.

Okay, we can navigate by clicking at any point back on Microsoft Azure home or if you look at the top window bar over here. We can navigate back to the home

here. We can navigate back to the home screen as well. Let's look at this hamburger menu here. And this is the porter menu.

We can create a resource. We can always navigate right back home.

We can create a dashboard here. Now in

this dashboard you can set up a series of charts and reports that reflect the status of the resources you have set up.

So your virtual machines, your app services, your databases.

You can have a network watcher turned on. You can have security features

on. You can have security features turned on to show you if there's any threats.

Again, you customize this by clicking on the new dashboard button here and going ahead and building out a dashboard that contains relevant information to you and

your organization.

Okay, this is a big one here. Let's get

ready to look at all services. But

before we do, you'll see a list of favorite links. Now, these are links

favorite links. Now, these are links that by default, the first time you're in here, it assumes that these are going to be links that you're interested in reviewing and looking at. But after you

use Azure for a bit of time, these favorites will reflect the services and apps that you're using the most. But

with that said, let's take a look at all services.

Going to wait here a second for this page to load. All right. And we can see we have all of our services listed broken out into categories. So we have

our favorites, recents, and then we have our general categories. The main

categories of services available fall into compute, networking, storage, and apps.

They break that down into further classifications, but you can scroll through and see that there are a good amount of services and resources

available to you. everything from

subscriptions and templates to coming down into the compute area. This is

where we would go to create our virtual machines. We could come and look into

machines. We could come and look into our Kubernetes services to manage containers and storage.

If we scroll down a little further, we see our virtual networking tools and services available. Again, you may not

services available. Again, you may not see distinct services in these lists.

You may find that a service applies to more than one category. So you'd see it listed multiple times here. But we have a networking breakdown.

We have a category broken out into storage services. So our storage

storage services. So our storage accounts, our device managers and data managers.

We have web services. So web apps, app service plans, domains API management services. We have

notification hubs, media services.

Scrolling down a little further, we have the mobile category. Again, a container category, a database category, and as you can see

here, we're not limited strictly to SQL Server. We have

Server. We have no SQL databases like We have Cosmos. We have Mariab.

Cosmos. We have Mariab.

We have Postgress and MySQL is also available in here. So there's a great variety of services available. Coming

down, we have an analytics category.

In here, we're going to find tools that help us to monitor the services that we've subscribed to and that we have in place.

We have a category for services related to AI and machine learning IoT, mixed reality.

We have integration services identity services where we'd find our active directory and identity management tools. We'll dig into all of these in a

tools. We'll dig into all of these in a little bit more detail later in the course.

We have a security category where we find things like Microsoft Defender for the cloud. We have DevOps categories. So

the cloud. We have DevOps categories. So

here we can manage our agile teams with Microsoft DevOps.

We have a migration category a monitoring category.

We have our management and governance category. And again, we'll take a look

category. And again, we'll take a look at some of these in a little more detail in just a bit.

Intoune services, hybrid and multicloud services, a generalized other category, 120 services categorized into the other

category.

So I'd say once you have your account set up for Azure, it would be worth coming in and taking a look at each of these services that interest you. Hover

over one, see what it's all about. Check

out what Azure VMware solutions might look like. If you hover over any of

look like. If you hover over any of these, you can see you get a description here that the Azure VMware solution combines the VMware software defined data center with Microsoft Azure cloud

bare metal infrastructure.

So, come in, take a look at these services. You may want to pause the

services. You may want to pause the video here just to look through some of these and see if any of these appeal to you. All right, let's navigate back home

you. All right, let's navigate back home again. We can click here to come back to

again. We can click here to come back to the homepage. And across the top bar, we

the homepage. And across the top bar, we have a few more items that we can take a look at. If we hover over this, we see

look at. If we hover over this, we see we have a cloud shell, which opens up in the bottom of your window. As soon as you click on it, you have the options with this cloud shell to run either a

bash shell or PowerShell. So, if you're familiar with these scripting environments, you can use either of those two. We'll go ahead and close out

those two. We'll go ahead and close out of that right now.

If you hover over this, you'll see we have directories and subscriptions.

This will bring you to a default portal settings for directories and subscriptions.

You can set your appearance and the look and feel of your environment. Here, your

language and region, your general information, and how to handle sign out and notifications. Here we have our

and notifications. Here we have our notifications window.

Right now, we don't have any new notifications to look at. As you create resources, this notifications window will let you know when the resource is ready to use. Likewise, if you're going

to delete anything, you would get a notification here when a deletion is complete. Okay, we have our settings

complete. Okay, we have our settings sprocket here. Again, this takes you

sprocket here. Again, this takes you back to the same area as the directories and subscriptions link. directories and

subscriptions takes you to the default setting for that value in the settings bar. You can also access any of the

bar. You can also access any of the other settings links through here. We

have the help and support window.

Give that a second to open up.

Okay, we can see here now that this loaded that we have a link to service health. There is no service issues

health. There is no service issues detected. We can dig in a little deeper

detected. We can dig in a little deeper by clicking this service health link here. We could also jump into any of

here. We could also jump into any of these support resources. Azure community

questions documentations billing, frequently asked questions, and a quick start center. You could also create tickets here, help and support by clicking on this link. Let's take a look

at the service health window to see what we find there.

We'll close out of this sidebar window so we can view the service health window in full screen.

Okay. And now that this loaded, we can see that there are no service issues found. This is my subscription. I'm on

found. This is my subscription. I'm on

an Azure pass. And the region we have selected is all which is East US and global.

And all services are currently selected as well. So this would show us if there

as well. So this would show us if there are any outstanding service issues. We

can also find out about planned maintenance by looking in this window.

And as we see here, there are no maintenance events scheduled.

We could look into health and security advisories, health history, resource health, and health alerts.

All right. And we have one more area to look at and that is feedback where you can provide your feedback to Microsoft about your experience here with Azure.

The last thing to look at in this bar is if you hover over here your account sign in which shows your name, email, your default directory and the domain that you're working in.

If you click on this you could sign out or you could switch accounts.

Okay. So that is a brief overview. Let's

go back to the homepage.

And now that we've taken a tour, let's dive in a little deeper to look at some of the services and tools provided in Microsoft Azure.

Okay, now that we've had a look at the portal, let's take some time to understand some of the core services and products available to us on the Azure platform. The services and products can

platform. The services and products can be summarized into four core categories.

That would be compute services and products, storage services and products databases, and networking services and products.

Starting with the compute category we'll find products such as virtual machines. Perhaps you need a web server

machines. Perhaps you need a web server and you don't want to add the expense or maintenance of adding a new bare metal server to your environment. Virtual

machines allow you to spin up a server in the cloud on demand with the software and hardware specifications you need to run your website.

Maybe you're just interested in providing a desktop for your users where you control the environment they work in and the software they use. Virtual

desktops provide an excellent option for that need. Going back to our first

that need. Going back to our first example, if we wanted to just run a web app that we built in a Windows platform without having to be concerned with the server hardware or the software that

underlies, the Azure web app service can provide that environment for us. It can

autoscale the resources on the machine that it runs on to meet the needs of your application.

Maybe your web app is OS agnostic and you would like to orchestrate several instances of it without having to worry about the operating system or hardware.

The Azure's container service allows you to create app orchestrations using Kubernetes.

If we look at the storage services available to us, we'll find items like file storage, which allow you to access fully managed file shares in the cloud.

These shares can be accessed for most any OS anywhere in the world via a distinct URL.

The disk storage product provides disks for virtual machines similar to onremise scenarios. applications and other

scenarios. applications and other services can access and use these discs as needed. The discs come in many

as needed. The discs come in many different sizes and performance levels from solid state drives to your standard HDDs.

Blob storage provides massive amounts of object storage in the cloud. Blob

storage is unstructured, which means there are no restrictions on the type of data it can hold. That means you can store everything from binary data streamed from a scientific instrument to

encrypted messages from an enterprise application. Blobs are organized into

application. Blobs are organized into storage containers that you configure to match your business needs.

The Azure database service provides the ability to host SQL servers that are accessible to your applications from anywhere in the world. Instead of

hosting an on-prem server to run your SQL server instance and another to store your databases, you can opt to take care of these needs in a one-stop shop in the

cloud. Azure provides up to a 99.99%

cloud. Azure provides up to a 99.99% availability for SQL Server databases meaning your apps can have almost seamless access to a back-end data store.

You can support your NoSQL needs by using Cosmos DB, which supports schemaless data and the atom record sequence. The data is abstracted and

sequence. The data is abstracted and projected as an API based on your specifications, allowing you to use many of the popular NoSQL options like

MongoDB, Cassandra, and Gremlin.

Azure also supports cloud versions of open source databases such as Postgress and MySQL. So if your application needs

and MySQL. So if your application needs to run on the LAMstack, you'll have no problem finding the environment to host your needs in Azure.

Finally, we have the networking service category.

Say you have an on-prem data center that you plan to keep, but you wanted to use Azure to offload peak traffic using VMs. Azure virtual networking allows you to

keep your existing IP addressing schemes and network appliances while making sure all data transfers are secure.

Azure virtual networks enable resources such as VMs, web apps, and databases to communicate with each other as well as with users on the internet and your on-prem environments.

The AzureVPN gateways use an encrypted tunnel to connect to other networks.

These VPNs can be configured to support secure sight to sight, pointto-sight and network to network connections using either policybased or route-based protocols.

Another benefit of using a virtual VPN gateway is not having to add another capital expense to your books by purchasing a bulky piece of hardware that needs to be configured and

maintained in a physical location.

Azure networking also offers a product called Express Route, which allows you to connect your on-prem network to the Microsoft cloud over a private connection. Express Route connections

connection. Express Route connections don't go over the public internet and instead utilize a private circuit provided by a connectivity provider.

This translates to more reliability faster speeds, consistent latency, and stronger security than your typical connections over the internet.

Okay, so that covers the core services and products offered by Azure. As we saw earlier in the walkthrough of the portal, Azure offers several products and Microsoft is dedicated to

continually iterating and evolving the platform. Let's jump back over to the

platform. Let's jump back over to the portal to walk through an example of creating one of the resources in our account.

Okay, here we are back in our Azure portal. As we saw earlier, you can

portal. As we saw earlier, you can access the ability to create and view resources for many different spots in Azure. For this example, why don't we go

Azure. For this example, why don't we go through the exercise of creating a virtual web server? To do that, again we could go up here to search for virtual machines. We could go to our

virtual machines. We could go to our hamburger menu and look for our resources. But right here on our

resources. But right here on our homepage, we have a link to virtual machines. So, let's start there.

machines. So, let's start there.

Okay, here we are in our virtual machine directory and as you can see right now we have no virtual machines to display.

So let's go ahead and create our first virtual machine. We're going to come

virtual machine. We're going to come over here to the create button and click create.

And we're offered four different options here. An Azure virtual machine with

here. An Azure virtual machine with preset configuration. This means that

preset configuration. This means that Azure would determine based on your usage what type of virtual machine would be best for your workload. An Azure Arc

virtual machine allows you to create a virtual machine in one of your non-asure environments that can connect back to your Azure environment. And Azure also offers VMware solutions. So you could

create a VMware virtual machine if needed. For this exercise, let's stick

needed. For this exercise, let's stick with the Azure virtual machine.

And as we wait for this page to load these are the steps that we're going to go through to basically configure this virtual server for ourselves. Uh we'll

start here on the basics tab. So we're

going to come down to our first step which is to set our subscription level.

I have one level here available to me.

If you're using a class pass, you may have a free student account subscription. Pick the subscription that

subscription. Pick the subscription that applies to your account.

And then in the resource group, let's go ahead and create a new resource group since we haven't set one up before.

We're going to call this class VM servers.

So, we'll stick our virtual machine servers in this resource group as we work through examples.

For now, let's just call this my VM web server.

and we'll leave it in the default region which is US East. As you can see here there are several regions available for us to choose from.

In terms of availability options, we're going to leave no infrastructure redundancy required. Again, you could

redundancy required. Again, you could choose redundancy options based on an availability zone, virtual machine scale set, or an availability set.

We're going to leave standard security in place for now. And let's go ahead and set our image for this server to a Windows Server 2019 data center.

We're going to leave the Azure Spot instance unchecked and we're going to go with the standard size for the time being, which is two virtual CPUs with 8 GB of memory. There are other options

available to us here. You can take a look at these.

We have a 3.5 gigabit of memory available for 91.98 a month versus the 13724 a month for 8 GB of memory. We

have four virtual CPUs here. And with 16 GB of memory, we're looking at 274 a month. And for two CPUs with 16 gigs

month. And for two CPUs with 16 gigs we're looking at 15914 a month. So let's

stick with the default value.

It's important as you create your username and password here that you remember both of these because we're going to need these to log into the server that we create. So

we'll create a username called Azure user.

And I'm going to go ahead and create a password here and confirm that password.

And then we're going to set our inbound port rules. So right now we can see

port rules. So right now we can see remote desktop protocol on port 3389 is allowed. Let's also go ahead and allow

allowed. Let's also go ahead and allow port 80 HTTP traffic to come in. Okay.

So if we scroll back up to the top let's skip on over to the networking tab.

And, we're, not, going to, save, this password here. And we want to verify on

password here. And we want to verify on this tab that our inbound ports are set to allow traffic over port 80 and port 3389.

And let's now take a look at the management tab.

All right. And here what we want to do is for the time being in this example we want to disable boot diagnostics. We

don't need these diagnostics to run on setup.

We can leave the rest of these settings set to their default settings for the time being. And let's go ahead and

time being. And let's go ahead and create this server by clicking on the review and create button.

Azure is going to read all of the configurations that we just set and present to us the option to review them and then create this server.

Okay, so Azure's validated our configuration. We pass their

configuration. We pass their validations. Gives us a pricing estimate

validations. Gives us a pricing estimate here.

And we can review our terms. We don't need to read through the legal east now, but it's advisable that you make sure you are familiar with these terms

and look through the configurations you chose. We have a warning here that we

chose. We have a warning here that we set RDP ports open to the internet. This

is only recommended for testing as they suggest because this allows users to connect to the server and typically you would not want to allow users connection to the server.

So our basics, we're on my Azure Pass sponsorship subscription.

We added a new resource group called class VM servers. The name of the server is my VM web server. We set it up in the Eastern US region with no redundancy

required. Standard security Windows

required. Standard security Windows Server 2019 data center image with a standard sizing. We created a username

standard sizing. We created a username and a password that you hopefully remember and set allowing RDP and HTTP

traffic to come in over inbound ports.

And then for our management, we turned off boot diagnostics. So, let's go ahead and click the create button and create the server.

Okay, we're going to wait for Azure. In

the meantime, you can take your cursor and hover over notifications.

And when the server is actually provisioned and created and ready for use, you'll get a notification here. As

you can see, it's already updating showing that it's submitting for deployment.

And there we go. That quickly we have a new server available to us online. If we

come to the notification tab here we'll see that the deployment is still in progress. Oh, and we also see that

in progress. Oh, and we also see that over here that our deployment is in progress. So, we do have to wait just a

progress. So, we do have to wait just a bit longer for the server to be available to us.

Okay. And there's our notification. The

deployment succeeded.

And if we click go to resource the portal will reload the page that we just had loaded there and it will take us back to the virtual server that we just created.

Okay, so this is the overview tab for our new VM web server that we created.

Let's go ahead and connect to this server. So we're going to come over here

server. So we're going to come over here to the connect tab and let's connect by remote desktop protocol.

and it's going to allow us to connect via RDP using a public IP address over the port we specified earlier. Let's go

ahead and click the download RDP file button and that will create a configured RDP client for us down here in our downloads

bar. Go ahead and click on that.

bar. Go ahead and click on that.

We'll give it a second to load.

Okay. And we're going to go ahead and click connect in this dialogue box.

Okay. And in this next dialogue box you'll see that the user Azure user is already loaded. So, we need to type in

already loaded. So, we need to type in the password that we created earlier.

Let's go ahead and do that.

and then click on the okay button.

Okay. And we're going to see here another warning that says that the remote computer cannot be identified or verified. Uh it's because we do not have

verified. Uh it's because we do not have a certificate associated with that. So

let's just go ahead and click on yes.

And here we are connected to our server.

Let's go ahead and close the server manager window.

And we want to go ahead and make this server serve a function for us. And the

function we discussed earlier was turning this into a web server. So what

we'll do is we'll use PowerShell to configure this as a default web server.

Let's go ahead and do that. If you come down here to your Windows icon and you search we're going to look for PowerShell. You

can start typing that in.

And when PowerShell loads, we want to rightclick on it and make sure you run this as administrator.

Okay. And now that PowerShell is loaded let's go ahead and type in some commands. So, we're going to install a

commands. So, we're going to install a Windows feature as a web server. So we

type install hyphen windows feature and the name of that feature is web-

server and we want to make sure we include the management tool. So we add that command

management tool. So we add that command include management tools

and we go ahead and click enter.

Now we have to wait for PowerShell to run these commands and configure and deploy our web server for us. So, as we can see, the installation

us. So, as we can see, the installation has started. We're at 24%.

has started. We're at 24%.

I'm going to go ahead and pause the video while this installation runs, so we don't have to wait for it to complete. I'll be back in just a second.

complete. I'll be back in just a second.

Okay. Uh that took about two minutes in real time while I had the video paused here. But now you can see that we have a

here. But now you can see that we have a successful deployment of the web server feature. So let's go ahead and close the

feature. So let's go ahead and close the server down. We'll disconnect from it

server down. We'll disconnect from it for now. So if we rightclick

for now. So if we rightclick and sign out we'll come right back to our Azure portal page. And let's go back to the

portal page. And let's go back to the overview tab of our web server.

And let's make sure that our web server is accessible over the web.

So if we come over here, we see we have we have a public IP address for the server.

Let's go ahead and click on that and copy it.

And let's open a tab and navigate to that.

As you can see, it's 20.228.132.149.

And here we are, our IIS homepage. So

we've successfully created a web server and installed and launched III on it.

All right. So, now that we've gone through this example, we have a resource on our accountant subscription that is going to start incurring some fees. So

this is pay as you go as we've discussed earlier. So let's go back to our

earlier. So let's go back to our homepage and let's look at our resource groups. We created

a resource group for this server earlier on. Uh so we're not seeing a resource

on. Uh so we're not seeing a resource group up here. Uh recent resources though, however it shows up there. We

could also search for resource groups there or navigate to resource groups here.

And we have two resource groups set up. A network

watcher resource group and a classVM servers resource group. So we're going to select the one that we just created that has the server in it. And we want to go through and delete that server. We

have some messages here from Microsoft.

So, I'm, going to, pause, for, a, second, and close these notifications.

And now that those notifications are closed, I'm going to click on the class VM servers link here.

And once our resource group page loads I'm going to go up here and I'm going to choose to delete the resource group. And

this will delete all of the resources that we've put in this group. So let's

go ahead and delete.

and you'll see that you're prompted to enter in the name of the resource group that you created. This is to protect you from accidentally deleting a group that you did not intend to delete. So, we

know we want to go ahead and get this off our book. So, we're going to enter class VM servers and then we're going to come down here.

You could see the list of resources that exist in this resource group right now that are all going to be deleted once we delete the resource group. So, let's go ahead and click the delete button

and give it a second.

If we look at our notifications icon we'll see that we have a message and we can see that Azure is currently in the process of deleting the resource group

that we've created called class VM servers. So, we'll wait for that. I'm

servers. So, we'll wait for that. I'm

going to pause the video here for a second and I'll come back as soon as the resource group is deleted.

Okay, that took just a couple of minutes and we can see that the resource group class VM servers is now deleted.

So we can come back over to our resource groups homepage and see that that resource group is gone along with the server resource that we had created there. All right. So, we've

successfully created a server and deleted that server. Let's take a look at some of the other services available to us.

Okay, now that we've covered the core services and products available to us let's take a look at some of the management tools that Azure provides to help you optimize the services and resources you deploy. We've already

walked through one of the primary management tools available to us in the web portal. In addition to the web

web portal. In addition to the web portal, Azure offers a mobile app that allows you to monitor the health and status of your resources, check for alerts, diagnose and fix issues, restart

VMs, and run bash or PowerShell commands. Several routine tasks can be

commands. Several routine tasks can be handled via the bash or PowerShell command line environments that we briefly saw in our walkthrough of the portal earlier. The benefit of these

portal earlier. The benefit of these environments is that you can write scripts to execute for processes and tasks that your team may have to repeat multiple times.

In the last example, we created a VM to act as a web server. Say you wanted to host a web app, but you didn't want to worry about maintaining the server.

Azure serverless technology allows you to set up an execution environment that's managed for you. You only have to specify what you want to happen by either writing code or configuring components in a visual editor, which

define the actions that trigger your functionality, such as timers or HTTP requests.

This functionality is configured through either Azure functions which is an environment that allows you to write a single method or function in the programming language of your choice that you can chain together with other

functions or through using Azure logic apps which is a declarative noode/ lowode platform that allows you to automate and orchestrate tasks business

processes and workflows.

As we saw in our walkthrough of the portal earlier, Azure has a section of resources dedicated to the internet of things or IoT.

These resources run the gamut from Azure IoT hub that acts as a central message hub for IoT devices and the application they interact with to Azure IoT Central

which adds onto the IoT hub by providing a visual UI for connecting to monitoring, and managing your IoT devices.

Azure takes it one step further with Azure Sphere which is a three-part highly secure end-to-end IoT solution that encompasses everything from the hardware and software on the devices to

the secure method of communicating with the message hub and monitoring for any malicious activity.

Azure offers several AI and machine learning tools, including Azure Machine Learning, which is a platform for making predictions. Machine learning can create

predictions. Machine learning can create processes to help you define data, to train and evaluate predictive models and to determine and deploy the best performing algorithms as an API endpoint

based on training and test data that you supply.

Azure cognitive services provide machine learning models that help your applications to see, hear, speak understand, and even reason. When Azure

machine learning requires you to bring data and train models over that data cognitive services provide pre-trained models adept at handling language

speech, vision, and decision making.

The Azure Bot Service creates virtual agents that can understand and reply to questions just like a human being.

When it comes time for your organization to tackle agile development, Azure offers great management tools and DevOps, which allows your team to build user stories and iterate on them on

conbon or testboards and plugins for GitHub, one of the most widely used platforms as a source code repository.

Finally, Azure offers monitoring services to make sure your resources are performing as you expect them to.

Azure Advisor evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs. Advisor is

designed to help you save time on cloud optimization. The recommendation service

optimization. The recommendation service includes suggested actions you can take right away, postpone or dismiss.

Azure Monitor is a platform for collecting analyzing visualizing and potentially taking action based on the metric and logging data from your entire

Azure and on premise environment.

Finally, Azure Service Health provides a personalized view of the health of your Azure services with information about service issues, plan maintenance, and health advisories, including service

retirements or breaking changes to a service.

That covers the core management tools available in Azure and brings us to the end of module 2. I've included a worksheet for this module that has a list of activities and exercises I'd

like you to work through to become more familiar with the Azure platform. Please

make sure you take the time to review these exercises so that you can comfortably describe the goals we laid out in the beginning of the module. Can

you identify the core Azure architectural components?

Are you familiar with the core Azure services and products? Do you know which Azure management tools are available to you and how they can help your mission?

All right, that does it for module two.

Thank you for your time and I'll see you in the next module.

Welcome back to Azure Fundamentals. This

is module 3, security, privacy compliance, and trust. In this module you'll learn about security, privacy compliance, and trust within the Microsoft Azure platform. When we're

finished with this module, you should be familiar with the security tools and features provided with Azure. You should

be able to understand how to secure network connectivity in Azure, as well as explain the core identity services provided in Azure. You should be able to identify the Azure governance

methodologies and tools and know how to navigate to documentation about privacy compliance, and data protection standards in Azure.

Okay, let's talk a bit about the security features and tools available in Azure. As I'm sure you're aware, there

Azure. As I'm sure you're aware, there are many factors to consider when talking about securing your applications and data. Azure provides a set of tools

and data. Azure provides a set of tools to make sure you have your bases covered.

Let's start by talking a bit about Microsoft Defender. Defender is a

Microsoft Defender. Defender is a monitoring service that provides visibility into your cyber security policies and controls as well as your ability to predict, prevent, and respond

to threats. Defender monitors the

to threats. Defender monitors the security settings you have in place on each of your resources and automatically apply settings on new resources as you bring them online. This tool uses

machine learning to analyze your environment and in doing so it can provide recommendations for increasing your security posture as well as identifying and responding to potential

vulnerabilities.

Azure offers another layer of protection with Microsoft Sentinel. Sentinel is a dedicated security information and event management system or an SIM that

aggregates security data across all users, devices, and applications in both your cloud and on-prem environments.

Sentinel employs AI to detect and investigate previously undetected threats using both built-in analytics and custom rules that you can configure.

When Sentinel detects a threat, it creates an alert that your team can choose to act upon or ignore.

Azure Key Vault is a cloud service for storing and handling your application sensitive information such as passwords encryption keys, and certificates, all in a centralized location. Keyvault

utilizes access control and logging to provide secure access to these assets.

Key vault can be seamlessly integrated with your Azure resources and services so that they can securely reference the secrets stored in the vault.

Some organizations are required to follow regulatory compliance measures that require the organization to be the only customer using a server that hosts their virtual machines. Azure dedicated

host is provided to meet this requirement. With dedicated host, Azure

requirement. With dedicated host, Azure provides a physical server in its data center for your VMs. If you need more capacity than can be provided by a single server, you can also set up

what's known as host groups, which organize a collection of these dedicated host servers into one group.

When it comes to securing network connectivity in Azure, it's important to understand the concept of having a defense and depth strategy. A defense

and depth strategy is aimed at protecting information and preventing it from being stolen by unauthorized parties. The strategy employs a series

parties. The strategy employs a series of mechanisms to slow the advance of an incoming attack. You can think about

incoming attack. You can think about defense and depth as a set of layers with your data being the innermost layer. Looking at this graphic, we can

layer. Looking at this graphic, we can see that the outermost physical security layer is the first line of defense to protect computing hardware in the data center. This translates into physically

center. This translates into physically securing access to the buildings that your data center lives in. The identity

and access layer is all about ensuring that identities are secure, access is granted only to what's needed, and signin events and changes are logged.

The perimeter layer uses distributed denial of service protection to filter large-scale attacks before they can cause a denial of service for users.

The network layer limits communication between resources through segmentation and access controls. At this layer, the focus is on limiting the network connectivity across all your resources

to allow only what's required. By

limiting this communication, you reduce the risk of an attack spreading to other systems in your network. The compute

layer secures access to virtual machines, working to secure them from malware and improper security configurations.

The application layer helps to ensure that applications are secure and free of security vulnerabilities.

The data layer controls access to business and customer data that you need to protect. In almost all cases

to protect. In almost all cases attackers are after your data, which is why this is the central layer of your defense strategy.

Azure provides security tools and features at every level of the defense and depth concept. Let's take a look at some of the tools employed by Azure to secure your network connectivity.

Azure employs network security groups or NSGs to filter traffic within a virtual network. You can think of NSGS as an

network. You can think of NSGS as an internal firewall that allows you to configure inbound and outbound security rules to filter traffic by source and destination IP address, port, and

protocol. We'll walk through an example

protocol. We'll walk through an example of putting NSGs to work in just a moment.

While NSGS protects your network internally, the Azure firewall is employed to filter your network's interactions with external traffic Azure firewall is what's known as a

stateful firewall, meaning it analyzes the complete context of a network connection as opposed to individual packets of network traffic. Azure

firewall offers high availability unrestricted scalability, inbound and outbound rule configuration, DNA support, and Azure monitor logging.

In addition to NSGS and the Azure firewall, Azure offers two tiers of protection against DDoS attacks distributed denial of service or DDoS

attacks attempt to overwhelm and exhaust an application's resources, making it virtually unusable. At the basic level

virtually unusable. At the basic level Azure DDoS protection is enabled for free as part of your subscription. This

tier ensures that the Azure infrastructure is not impacted by a large-scale DDoS attack. You can upgrade to the standard level of Azure DDoS protection which offers additional

mitigation capabilities that are tuned specifically to your Azure virtual network resources.

Let's walk through an example of creating inbound and outbound security port rules to secure our Azure network traffic.

Okay, for this example, I've already gone through the process of creating a virtual machine and a resource group similarly to what we did in module 2 but I set up the virtual machine

slightly differently. So, let's navigate

slightly differently. So, let's navigate over to the virtual machine and take a look at what we did differently this time.

Okay, we are on the overview tab of our VM, which is named Simple WinVM. It's

running in a resource group called Secure Network and it's running Windows Server 2019 Data Center Edition. Let's

navigate over to the networking tab to see what I set up differently this time.

All right,, as, this, tab, loads,, we, can, see we have a few different options for inbound port rules, outbound port rules application security groups, and load balancing. But if we look here

balancing. But if we look here underneath inbound port rules, we have a message that says this network interface does not contain network security groups and there are no rules for inbound

traffic. So what does that exactly mean

traffic. So what does that exactly mean to us? To find that out, let's take a

to us? To find that out, let's take a look. Let's navigate back to the

look. Let's navigate back to the overview tab and let's try to connect to this server via RDP like we did in module 2 with the server we created

then. So, we click on connect and then

then. So, we click on connect and then click here on RDP and we're going to connect via public IP

address over port 3389. So, let's go ahead and download the RDP config file and give that a second to load here. And

once that's loaded, let's go ahead and click on that to execute it.

And we can hit connect here.

And it shows that it's trying to connect to our VM. So, let's give it a second to see what happens.

Ah, look at that. We just got an error message. It says remote desktop cannot

message. It says remote desktop cannot connect to the remote computer for one of these reasons. Remote access to the server is not enabled. The remote

computer is turned off. The remote

computer is not available on the network. So, we know that our VM is on

network. So, we know that our VM is on and active. We just saw that in the

and active. We just saw that in the overview tab that it's on and running and we know that it's available here in Azure. So it appears that we don't have

Azure. So it appears that we don't have remote access enabled. So what can we do to change that? Okay. So let's close out of this error message and let's go ahead

and create oursel a NSG. We're going to create a network security group. So, if

we come in the search bar here and type in network security groups there we go. It's in our list.

And we're going to go with the one that does not have classic in brackets here.

We're just going to go with the standard network security groups link. I'm going

to click on that.

And we can see we have no network security groups to display. So, let's go ahead and create our first NSG. Click on

the create button here and stick with your default subscription. And with your resource

subscription. And with your resource group, we have a resource group that the server is associated with called secure network. So we're going to choose that.

network. So we're going to choose that.

And then we're going to go ahead and give this NSG a name. So let's see. For

this example, we'll name this my NSG secure.

and we're going to hit review and create.

We passed validation checks. And let's

go ahead and click that create button one more time to create this resource.

Oh, we have a notification. Let's go see what's showing on our notification bar.

Deployment is in progress and the deployment of our NSG has succeeded. So

let's click on this go to resource button and go to that resource group that we just created.

All right. So, here we are in the my NSG secure network security group.

Okay. So, we load to our overview tab of our network security group. And if we look here, we can see a few things. We

can see that it's associated with the resource group secure network in the east US location and it's tied into my Azure Pass sponsorship subscription. And

then if we look down here at our security inbound and outbound rules, we can see deny all inbound is set underneath action. All inbound traffic

underneath action. All inbound traffic is denied with the exception of two inbound rules. We have anything that's

inbound rules. We have anything that's in our virtual network is allowed to connect to the server. So when we're RDPing to the server, we're coming from outside of the network into a virtual

network to connect. So we're not able to connect via RDP right now. And we can also see that there is a rule that's allowing the Azure load balancer to come

in and run its probes to make sure that the server is correctly load balanced.

So what do we need to do to allow us to RDP? So, let's go in and we're going to

RDP? So, let's go in and we're going to create a rule that would allow us to RDP to our server. To do that, we're going to want to navigate over to the settings

area and we're going to want to go to network interfaces.

Right now, there are no network interfaces associated with this group.

And there is a network interface on the overview tab of our VM that we created that we want to associate to this group here. So, we go ahead and we click the

here. So, we go ahead and we click the associate button.

and we're going to search for network interface associations.

And this is the association that is tied to our VM that we just saw in the previous screen. So, Simple WinVM 812.

previous screen. So, Simple WinVM 812.

And we're going to go ahead and click okay to create this association.

And we wait as that saves.

Okay. And now that that's saved, our VM is effectively associated with this network security group. Let's navigate

back to our VM.

Okay, as we load this overview tab we're going to want to go back to the networking tab and we're going to look at our inbound port rules again. And now we can see

that there are rules that are associated with our security group that we just created and configured. It contains the deny all inbound and the two allowed

rules which allow inbound traffic on the virtual network and traffic from load balancers probing for load balancing purposes.

So what we want to do now is we want to create a new rule that will allow us to RDP to this server.

To do that, we want to click on the add inbound port rule button over here on our right.

And as this pop out loads, we're going to set a few settings here. So, we're

going to leave the source to any and source port ranges to star. Destination

is what we're concerned about here. We

want to leave this set to any.

And underneath service, we're going to leave this set to RDP.

And we can see after setting this to RDP here that the destination port range is set to 3389 and the protocol by default is set to TCP which ties into the RDP

service. And for action, we're going to

service. And for action, we're going to set this to allow. Coming down to priority, we have it set to 100 by default, but we're going to go ahead and

change that to 300. The higher the priority number here, the sooner the rule is evaluated. So, it has priority over other rules. And let's give this a name that makes some sense to us.

Instead of port 8080, let's call this allow RDP.

And we're going to go ahead and add that rule.

So, we can see that it's creating a security rule up here in our notification center.

and give this a second to complete.

All right., And, we, can, see, that, our, new rule has been created here and it's called allow RDP. So this should now allow us to access the server over RDP.

Let's go back to our overview tab and let's click on the connect button here in the menu again and let's try to connect via RDP.

Okay. Via public IP over port 3389.

Let's go ahead and download our RDP file and let's launch it.

We're going to hit the connect button here and we're going to enter in the username and password that I created when I set up this VM. So again, we used Azure

user.

I'll go ahead and enter in that password and click okay. And we get the warning again that there's no certificate associated with the server. So we'll go ahead and click yes.

And voila. Look at this.

We are connecting to our server. We

don't get the error message that we saw earlier.

Okay. Hey, now that we've successfully connected to our server, let's try a little experiment. What do you think

little experiment. What do you think will happen if we open up Internet Explorer and try to connect to a website like Bing? Let's give that a shot.

like Bing? Let's give that a shot.

Go to www.bing.com.

What do you think will happen here?

No problem at all. Okay, so say that as an administrator I wanted to prevent users who connect to this server from getting out to any site on the internet.

How would we go about doing that? Let's

close down IE here and let's go back to our Azure portal.

Okay, now that we're here at the portal let's navigate back to the overview tab.

Make sure that we're looking at the correct VM. So, we're in our simple win

correct VM. So, we're in our simple win VM. And what we want to do to prevent

VM. And what we want to do to prevent users who connect to that server from connecting to the internet while they're on that server is set up a rule to deny outbound traffic to the internet from

that server. So let's navigate over to

that server. So let's navigate over to the networking tab.

And by default, we load to the inbound port rules, but let's take a look at the outbound port rules this time around.

All right. So, we have a few outbound port rules here. Oh, look at this. We

have a rule called allow internet outbound that allows any traffic to the internet. Let's see. Can we

internet. Let's see. Can we

do Oh, delete is grayed out here. Well

that's because this rule is set up by default and it cannot be removed. So, in

order to override this rule, we have to create a rule that will deny traffic to the internet. Let's go ahead and add an

the internet. Let's go ahead and add an outbound port rule by clicking this button over here on the right.

So, we're going to leave the source and the port ranges for the source set to any. For the destination, we're going to

any. For the destination, we're going to choose service tag.

And the destination service tag is the internet., We're, going to, say, we, don't

internet., We're, going to, say, we, don't want to allow services to the internet to be accessed.

And so, we have that set. We're going to set the service to custom. Our

destination port ranges here are going to be any.

And so we'll give it a little star. And

then, we're, going to, say, over, TCP, any, TCP traffic is going to be denied.

And we'll give this a high priority of 4,000.

And let's give this a name that makes sense to us as a rule. We'll call this deny internet.

And let's go ahead and click add to add this rule.

You can see it's being created up here on our notifications tab.

Okay, we can see that our rule has been successfully created. Deny internet with

successfully created. Deny internet with a priority of 4,000. And the action is going to deny any traffic out to the internet. So, let's navigate back to our

internet. So, let's navigate back to our server and let's reopen IE and try to connect to Bing again and let's see what happens this time around.

Okay, let's wait for the page to load.

Oh, and the page cannot be reached. It

looks like our rule did the trick. Now

we are not able to get out to Bing.

Let's try a different site. Let's try to go to Google.

See if we had any any luck getting out to Google.

And look at that. We cannot get to Google either. So our outbound rule is

Google either. So our outbound rule is doing the trick of preventing users from accessing the internet from the server.

Okay. So now that we've created this and gone through this example, I just want to remind you that you pay for resources as you use them. So if you don't want to pay for the resources that we've created in this walkthrough, I would recommend

going through and deleting your resource group that associates the VM and the security group, the NSG that we just created.

Okay, so now that we've seen how to secure network connectivity in Azure let's take a look at the core Azure identity services. Identity is the

identity services. Identity is the primary security boundary for your network. The ability to accurately prove

network. The ability to accurately prove that somebody is a valid user of your system is critical to maintaining control of your data. Identity services

in Azure start with Azure Active Directory or Azure AD for short. Azure

AD is Microsoft's cloud-based identity and access management service. It allows

you to manage and control the identity accounts of your users with tools such as multiffactor authentication and conditional access. It's important to

conditional access. It's important to discern the difference between authentication and authorization.

Authentication is the process of verifying the identity of a person who wants to access a resource by challenging them to enter credentials.

Multiffactor authentication or MFA adds an additional requirement of entering a code that is sent to the user via either a trusted email account, phone number

or authentication app.

While authentication establishes who a person is or their identity authorization dictates what resources that person can access and the level of permissions they're granted.

Authorization is handled through role-based access controls in the Azure access management service.

Azure AD also supports single sign on or SSO which enables a user to sign in one time and use that credential to access multiple resources and applications.

Working with Azure AD greatly simplifies the process of having to sign into different applications, managing user identities, and monitoring and blocking unusual access attempts.

In order to enforce organizational policies and rules, Azure provides a comprehensive set of tools to support your governance methodologies. A good

governance strategy helps you to maintain control over your environment and stay compliant with industry standards as well as your organizational standards.

One of the first tools you should consider when getting started with your cloud experience is the cloud adoption framework for Azure. This framework

helps you create and implement strategies needed to be successful in the cloud. The framework consists of

the cloud. The framework consists of tools, documentation, and proven practices that walk you through the steps of defining your strategies making a plan, readying your

organization, adopting the cloud, and then finally governing and managing your cloud environments.

As we've mentioned a few times throughout this course, applying role-based access controls or RBAC is key to ensuring your users have access only to the resources they should have

access to. RBAC can be applied at

access to. RBAC can be applied at several levels of scope including management groups, single subscriptions a resource group or at a single resource

level. RBAC can be accessed through

level. RBAC can be accessed through either Azure AD or through the access control IM link in your Azure portal.

Azure provides an extra level of protection with resource locks.

Sometimes even a person who is supposed to have access to a resource can make a mistake and do something like accidentally deleting a VM. Resource

locks can be applied to subscriptions, a resource group or a resource. The locks

serve as a barrier to accidental deletion at two levels. The cannot

delete level allows authorized users to read and modify a resource but prevents them from deleting it without first removing the lock. The read only level is similar but it only allows a user to

read the resource without having the ability to modify it.

Azure allows you to tag your resources so that you can easily group and organize them to align with your organization strategy and plans. Tags

can be created through bash or powershell scripts, Azure resource manager templates, the REST API, or the Azure portal.

After you've identified your governance and business requirements, Azure policy can help to make sure your resources stay compliant. Azure policy is a

stay compliant. Azure policy is a service that allows you to create assign, and manage policies that control and audit your resources. It enables you to define both individual and groups of

related policies or initiatives. It will

evaluate your existing resources and flag any resources that aren't compliant with the policies you've created. It

will also prevent new resources from being created if they don't comply with your policies.

Implementing a policy in Azure policy is taken care of in three steps. Defining

your policy, assigning its resources and then evaluating the results.

If your organization is ready to grow beyond a single subscription, Azure Blueprints can help you define a repeatable set of governance tools which you can use to avoid having to create new Azure policies for each

subscription.

Azure blueprints orchestrates the deployment of resources, templates, and other artifacts or blueprint definitions such as role assignments, policy assignments, Azure resource manager

templates, and resource groups.

Microsoft is committed to maintaining user privacy and ensuring that Azure adheres to common regulatory and compliance standards. Regulatory

compliance standards. Regulatory compliance refers to the discipline of ensuring that a company adheres to the laws that governing bodies enforce.

Azure offerings are built upon a set of controls and standards that ensure security and compliance. Azure offers

compliance with industry, US government regional and global standards. Microsoft

provides documentation highlighting their privacy policy as seen here on their privacy statement, their licensing terms, their customer agreements, their

compliance offerings, and their audit reports. On the worksheet for this

reports. On the worksheet for this module, I've provided links to each of these pages. I'd like to recommend that

these pages. I'd like to recommend that you read through these pages and perhaps look up compliance offerings that might apply to your organization. Come to the compliance portal here. And for example

if you work for a healthcare company you may want to look in the industry standards for the HIPPO policy you'll find all the documentation that

you need here about how Microsoft adheres to this standard.

That brings us to the end of module 3 security privacy compliance and trust. Let's take a minute to review the

trust. Let's take a minute to review the goals we set out at the beginning of the module. You should now feel comfortable

module. You should now feel comfortable describing the security tools and features available to you in Azure such as Microsoft Defender and Microsoft Sentinel. You should be ready to start

Sentinel. You should be ready to start experimenting with securing your network connectivity using NSGS and the Azure firewall. You should be familiar with

firewall. You should be familiar with Azure Active Directory and how it forms the core of Azure's identity services.

You should understand how the cloud adoption framework for Azure can help your organization make the most out of Azure's governance methodologies.

And finally, you should know where to look for Microsoft's documentation on their privacy policies, compliance offerings, and data protections. As I

mentioned a moment ago, I've created a worksheet for this course with a series of exercises I'd like you to walk through, as well as links to resources we reviewed in this module. Please make

sure you take the time to look over that document. All right, thank you for your

document. All right, thank you for your time and I'll see you in the next module.

Welcome back to Azure fundamentals. This

is our last module, module 4, Azure pricing and support. In this module we'll focus on Azure pricing and the support models available with Microsoft.

After completing this module, you should be able to explain the different types of subscriptions available to you, how to plan for and manage your costs, what support options are available with

Azure, and what an SLA and the Azure service life cycle are, and how they affect your organization.

Okay, let's jump in. Now that we've seen what Azure has to offer, we'll want to understand the impacts moving to the cloud will have on our bottom line.

First, let's talk about the different types of Azure subscriptions that are available to us. Azure offers both free and paid subscription options to fit your needs. Starting with the free

your needs. Starting with the free trial. The free trial subscription

trial. The free trial subscription provides you with 12 months of access to 25 free services and a credit to explore any Azure service for 30 days. Your

services will be disabled after the trial period unless you upgrade to a paid subscription.

Next, we have the pay as you go subscription that we've discussed a few times throughout this course. By

attaching a credit or debit card to your Azure account, you pay for the resources you use. Organizations can apply for

you use. Organizations can apply for volume discounts and prepaid invoicing with Microsoft.

Finally, Azure provides offers for reduced rates and Azure credits to existing members of other Microsoft products such as Visual Studio subscribers, Microsoft Partner Network

members, Microsoft for Startups members and Microsoft Imagine members.

So, how would you go about purchasing a subscription? Microsoft offers three

subscription? Microsoft offers three options.

Larger customers known as enterprise customers can sign an enterprise agreement with Microsoft committing them to spending a predetermined amount on Azure services over the course of three

years. The service fee is typically paid

years. The service fee is typically paid annually with this arrangement.

Enterprise customers have access to the best customized pricing. You can

purchase your subscription directly through the web on the Azure portal.

This method is known as web direct and you pay for your services on a monthly basis. Finally, you can purchase

basis. Finally, you can purchase subscriptions through a cloud solution provider. You may find that your

provider. You may find that your organization has a need to work with a certified Microsoft partner to build solutions on top of the Azure platform.

These providers will typically bill you for your usage as well as handle your support requests.

So, now that we know what types of subscriptions are available to us and how we can go about purchasing them we'll want to understand how to plan for and manage the cost of working in the Azure cloud. There are a variety of

Azure cloud. There are a variety of factors that will have an impact on your cost such as resource type where you may have a storage account. For example

you'll need to specify the type performance, tier, and access tier. The

options you choose will incur different costs. Your resource usage will impact

costs. Your resource usage will impact your costs as well. Azure utilizes

resource meters to track your usage of a resource. If you deallocate a resource

resource. If you deallocate a resource such as a VM, you won't be charged for using it. However, you will be charged

using it. However, you will be charged for storing the hard drive. So, you'll

need to make determinations as to whether you want to deallocate or delete resources as part of your organizational strategy. The location you choose for

strategy. The location you choose for your resource instance will also have an impact on your pricing. Azure offers

different pricing based on the region or zone that a resource is created in.

As you think about these factors, you may be wondering how you can plan and manage your Azure cloud usage so that you can stay within the limits of your organization's budget. Microsoft offers

organization's budget. Microsoft offers a few different tools to assist you with this.

Microsoft offers a pricing calculator that displays categories of services.

You can choose from the categories to add to your estimate. And as you update the configurations to meet your requirements, the calculator will provide a consolidated estimated price with a detailed breakdown of the

associated costs. We'll walk through an

associated costs. We'll walk through an example of using this calculator in just a moment. Microsoft also offers a total

a moment. Microsoft also offers a total cost of ownership or TCO calculator. The

TCO has you enter the details of your current on-remise workloads, including factors and resources such as servers databases storage networking electricity usage, maintenance, and

labor. After entering these details, the

labor. After entering these details, the calculator will provide you with a side-by-side report showing you your on-prem costs and how they would compare to hosting a similar environment on the

Azure platform.

After you've made your move to the cloud, Azure Advisor can help you to identify unused or underutilized resources. Advisor will create

resources. Advisor will create recommendations to remove these types of resources. Advisor breaks out the

resources. Advisor breaks out the recommendations into three impact categories, high, medium, and low. And

it can automatically fix or remediate some of the issues it identifies for you.

Azure cost management plus billing is a free service that helps you understand your Azure bill, manage your account and subscriptions, monitor and control Azure spending, and optimize resource usage.

With the software, you can review reports on your historical data and forecasting for future usage. You can

build budgets by monitoring resource demand trends, consumption rates, and cost patterns, and have alerts notify you if and when you've exceeded one of your budget caps. The service will also

provide recommendations to eliminate or optimize resources you've provisioned based on the factors identified in your budget. Okay, let's take a look at one

budget. Okay, let's take a look at one of these tools in a little more detail.

Okay, this is the Azure pricing calculator. I've included a link for

calculator. I've included a link for this on the worksheet for this course for you to reference so you can come in and play with this on your own. What the

pricing calculator does, as we described, is lay out different categories of services that you may be interested in. So, let's walk through an

interested in. So, let's walk through an example of getting a quote on what a virtual machine might cost us. So, let's

click on the category virtual machines and let the website think. It's added a virtual machine to our estimate. So

let's click on the view button here and navigate down to our estimate. Okay, here is our virtual machine. We could always throw

virtual machine. We could always throw this portion in the trash if we need to but let's go through this and work it out to see if it meets our needs. So, we

can configure different things such as the region. Let's say that we want to

the region. Let's say that we want to host this in East US.

We have options for operating systems. Let's stick with Windows.

Type is operating system oi bis talk or SQL server. We're going to stick with

SQL server. We're going to stick with OSI.

And we have a couple of options for the tier. We have basic or standard tier.

tier. We have basic or standard tier.

And we're going to stick with standard for this example. And category. You'll

see you have a few different categories available. You can say it's a compute

available. You can say it's a compute optimized VM, a general purpose VM, a graphics processing unit VM, a high performance compute VM, a memory

optimized VM, or a storage optimized VM.

We'll say that this server is going to serve all categories.

our instance series. We have a series of choices available to us that breaks out what types of RAM and CPUs we'll have in our machine. For this one, we're going

our machine. For this one, we're going to leave this series set to all, and choose our instance to have the D2V3

which is two virtual CPUs with 8 GB of RAM and 50 GB of temporary storage. And

for now, we'll leave the quantity set to one. And we can choose hours, days, or

one. And we can choose hours, days, or months that we plan on running this.

Okay, as you can see here, they will prompt you to review potential savings options. If we look here for compute

options. If we look here for compute D2V3, if you pay as you go, you're looking at about $70 a month for this

server. You can purchase a year of

server. You can purchase a year of service in advance. So, this one offers if you buy one year in advance, you get

about a 40% discount or 4175 a month.

And if you choose the three-year option you'll see you get an even greater discount about 62% or 26.89 a month.

Regarding your operating system options here, if you purchase this server with the license for your operating system included, you'll get the charge for that

license included in your overall cost.

However, if you have an on-prem environment and you already have software assurance, you can choose to have the Azure hybrid benefit where your software assurance provides a license for this virtual machine, which would

bring your cost for that down to nothing. So, let's say we need a

nothing. So, let's say we need a license. We'll leave that checked. And

license. We'll leave that checked. And

we're looking at about $945 a month for this if we agree to a three-year reserved virtual machine.

Let's see. We have a few other options available to us here. Right now, this is telling us that our discs come standard

as standard HDDs. They're 32 gigabit discs. We have options to change these

discs. We have options to change these to solid state drives and we can choose redundancy factors on

those. And also we can choose different

those. And also we can choose different disc sizes.

You can run through the gamut here all the way down to 32,767 gabits.

So, we're saying that we're going with the standard amount of discs, but we could add additional discs to the server. And you can specify the quantity

server. And you can specify the quantity here., All right.

here., All right.

We can also have storage transactions added. Right now, we have 5 cents worth

added. Right now, we have 5 cents worth of transactions, which is transaction units, a total of 10,000 transactions.

And we can choose our bandwidth. So

based on region in between regions or internet egress we have our source region and our destination region. So

this tells us if we had to pay for additional bandwidth g in terms of gigabits we could up that. So say we wanted to have a guarantee in the 10

range.

We could type that in and see that that will incur a 25 cent cost.

All right. So next we come to support and support is included with the server but you have the options to upgrade from

developer standard and professional direct.

Let's take a look at the support options that are available to us in Azure. So

let's bounce on over here to our Azure portal. And if we search here for

portal. And if we search here for support and come to the help and support link on the left side of our screen here we'll see an option to look at support

plans.

Let's go ahead and click on that and we'll wait for this page to load.

And right now, because of the type of subscription I have, I get the developer support plan.

The virtual server that we're looking at here comes with the included basic support. So let's take a look at these

support. So let's take a look at these different tiers of support. We have four tiers. We have the basic tier, a

tiers. We have the basic tier, a developer tier, a standard tier, and a professional direct.

So the scope is a little different depending on the tier that you choose.

So the scope for basic is billing and subscription support and you are limited to online self-help.

In the developer tier we get trial and nonproduction environment support. In

the standard tier we get production workload environment support and in the professional direct we're looking at business critical dependence support.

So, regarding the communities and support, you can see we there's 247 access to customer service available across all tiers and there's access to a full set of Azure advisor

recommendations to cover best practices in each of these tiers. You'll see that you get some

tiers. You'll see that you get some additional benefits if you move up from the basic tier in terms of tech support.

So with the developer tier, you have tech support available for business hours.

For standard and professional direct you have 24/7 access to support engineers.

Basic, you can't open support cases with the basic tier. But with the other three tiers, you can see that you can set up an unlimited amount of contacts who can

open an unlimited amount of cases.

The three paid for tiers also offer thirdparty software support across the board. And as you can see, there's

board. And as you can see, there's different response times depending on the tier that you're looking at.

When you look at the professional direct tier, you also get a benefit and architecture support. They give you

architecture support. They give you architectural guidance based on the best practice delivered by Prodirect delivery managers. And as we see here, there's a

managers. And as we see here, there's a few more benefits that come with the professional direct package, including onboarding services, service reviews

Azure advisor consultations. They have

Azure engineeringled web seminars for you, and they also provide a prodirect delivery manager. And as you can see

delivery manager. And as you can see there are different pricing tiers for the three paid tiers of support. Okay

so that covers the different support plans that are available to us through Azure. Let's go back to the calculator

Azure. Let's go back to the calculator and take a look at our example of pricing out this virtual machine.

So, our estimated upfront cost given the specifications we fed the calculator is $0 upfront. And we're going to be

$0 upfront. And we're going to be looking at a cost of $94.35 a month for this server.

And again, that is with a three-year reserved, plan., We're, going to, be, looking

reserved, plan., We're, going to, be, looking at that cost. If we decide that we want to pay for this as we go without using a reserve plan, let's look at what that

cost would be again 13754.

So you have some options here. You can

export this estimate to Excel. You can

save it here. And again, if you wanted to get rid of this and you wanted to add other services to your estimate, you can trash this quote.

And then you have an empty estimate. And

then you could go ahead and then add any other services that you're looking for.

Okay, so that is our pricing calculator.

I recommend that you give this a go and play around to see what a cost might look like for your organization.

Now that we've reviewed some of the factors that might impact our bottom line and the tools available for us to work with them, let's take a look at SLAs's and the service life cycle in

Azure. When it comes time to understand

Azure. When it comes time to understand and explain the uptime and availability of Azure services, you'll need to know what a service level agreement or SLA

is. An SLA is a formal agreement between

is. An SLA is a formal agreement between a service provider and a customer that defines the performance standards a customer can expect.

SLAs's typically explain the scope of the agreement and the general terms such as definitions for downtime, incidents credits, and agreements, as well as instructions for submitting claims and

any limitations.

They'll also include the details around specific guarantees for service. These

details are typically measured as a percentage for uptime or the amount of time a service should be expected to be available. You may have heard the term

available. You may have heard the term 99% uptime and wonder what that translates to in terms of downtime.

This chart shows a breakdown of expected downtimes for a variety of SLA uptime percentages. Let's take a quick look to

percentages. Let's take a quick look to see how they differ. So, if we look here, we have an SLA percentage of 99%.

And that translates into about 1.68 hours of downtime per week over the course of a year. That translates into about 3.65 days of expected downtime

over the course of a year. You may not think there's a big difference between a 99% uptime guarantee and a 99.999 uptime guarantee, but let's take a look

at some of the differences. So, over the course of the week, as we saw, we're expecting about 1.68 hours of downtime

with a 99% guarantee. With a 99.999% guarantee, we're looking at only about 6 seconds of downtime a week. It's a

pretty significant difference. And if we look at that over the course of a year we could see that 3.65 days of expected downtime is quite different than 5.26

minutes of expected downtime over the course of a year. If you find that you encounter an incident where your Azure service does not meet the uptime guarantee in your SLA, you might be

eligible for a service credit. Depending

on your SLA, this credit is typically a percentage of your monthly bill that is refunded to you after you go through the claims process.

With that said, it's important to note that there are no SLAs's for the free services provided by Azure.

You may find that you need to provide your customers with an SLA for software that you've built on the Azure platform.

If your software is utilizing two VMs with 99.9% uptime, a SQL server with 99.99% uptime, and a load balancer with 99.99%

uptime. How would you explain the

uptime. How would you explain the overall expected uptime to your customers? Well, to do this, you would

customers? Well, to do this, you would need to create a composite SLA. Let's

take a look at this example. We said we have two VMs at 99.9% uptime. So broken down into a decimal

uptime. So broken down into a decimal that is.999. So we have these two VMs.

that is.999. So we have these two VMs. We multiply those with the load balancing and SQL server that had a.999%

SLA. When you multiply these four figures together, you get a grand total of.9978

of.9978 or an SLA composite of 99.78%.

So you want to consider the SLAs's of each Azure resource you'll need to utilize in your solution. It's important

to realize that a very high uptime is difficult to achieve. So you want to set the expectations for your team and your customers accordingly.

Okay, the last thing we want to touch on in this module is the Azure service life cycle. The service life cycle defines

cycle. The service life cycle defines how every Azure service is released for public use. Every service starts in a

public use. Every service starts in a development phase and as it's built, it moves into a public preview phase where the general public can test the service and provide feedback. After all the

kinks are worked out, the service is considered production ready and moved into general availability or GA. As an

Azure customer, you'll have the ability to work with services while they're in the preview phase, but you should keep in mind that it's recommended to only use GA services in your production environment.

Okay, so that takes us to the end of this module and the end of our course.

I've included a worksheet for this module that includes some exercises for you to work through, as well as links to some of the resources we've discussed.

Please make sure you take the time to work through these exercises and review the references. You'll want to make sure

the references. You'll want to make sure that you're comfortable with the understanding of the goals we laid out in the beginning of this module. You

should be comfortable with your understanding of the types of Azure subscriptions available to you and how you can purchase them, how to plan for and manage your costs on the Azure

platform, the support options available to you, and how SLAs's and the Azure service life cycle can impact your organization.

You should now feel confident in explaining how Azure can potentially help your organization to grow and scale. I want to take a moment to thank

scale. I want to take a moment to thank you for the time you spent with me throughout this course.