Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learn Azure Administration
  • Table Of Contents Toc
Learn Azure Administration

Learn Azure Administration

By : Kamil Mrzygłód
4.5 (2)
Buy this Book
close
close
Learn Azure Administration

Learn Azure Administration

4.5 (2)
By: Kamil Mrzygłód
Buy this Book

Overview of this book

Microsoft Azure is one of the upcoming cloud platforms that provide cost-effective solutions and services to help businesses overcome complex infrastructure-related challenges. This book will help you scale your cloud administration skills with Microsoft Azure. Learn Azure Administration starts with an introduction to the management of Azure subscriptions, and then takes you through Azure resource management. Next, you'll configure and manage virtual networks and find out how to integrate them with a set of Azure services. You'll then handle the identity and security for users with the help of Azure Active Directory, and manage access from a single place using policies and defined roles. As you advance, you'll get to grips with receipts to manage a virtual machine. The next set of chapters will teach you how to solve advanced problems such as DDoS protection, load balancing, and networking for containers. You'll also learn how to set up file servers, along with managing and storing backups. Later, you'll review monitoring solutions and backup plans for a host of services. The last set of chapters will help you to integrate different services with Azure Event Grid, Azure Automation, and Azure Logic Apps, and teach you how to manage Azure DevOps. By the end of this Azure book, you'll be proficient enough to easily administer your Azure-based cloud environment.
Table of Contents (15 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Code in Action
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
1
Section 1: Understanding the Basics
Icon
Section 1: Understanding the Basics
Lock Free Chapter
2
Getting Started with Azure Subscriptions
chevron up
Icon
Getting Started with Azure Subscriptions
Icon
Technical requirements
Icon
Getting an Azure subscription
Icon
PAYG
Icon
CSP
Icon
Enterprise Agreement
Icon
Understanding different subscription models
Icon
Implementing subscription policies
Icon
Getting started with Azure Policy
Icon
Policy validation results
Icon
Examples of Azure policies
Icon
Using Azure Blueprints for repeatable deploy and update operations
Icon
Getting started with Blueprint assignment
Icon
Assigning an Azure blueprint
Icon
Checking usage and managing quotas
Icon
Cost monitoring and analysis
Icon
Cost analysis
Icon
Budgets
Icon
Azure Advisor
Icon
Implementing management automation
Icon
Summary
Icon
Further reading
3
Managing Azure Resources
Icon
Managing Azure Resources
Icon
Technical requirements
Icon
Managing resource providers
Icon
Managing resource groups
Icon
Browsing resource groups
Icon
Listing the available resources
Icon
Moving resources
Icon
Understanding resource providers
Icon
Performing deployments using ARM with templates
Icon
Writing a template from scratch
Icon
Automation scripts
Icon
Other tools
Icon
Implementing resource locks
Icon
Subscription locks
Icon
Resource group locks
Icon
Automating resource group management with Azure Event Grid
Icon
Creating an event subscription
Icon
Analyzing the gathered data
Icon
Implementing proper resource naming conventions
Icon
Subscription
Icon
Resource group
Icon
Resources
Icon
Summary
4
Configuring and Managing Virtual Networks
Icon
Configuring and Managing Virtual Networks
Icon
Technical requirements
Icon
Creating and configuring VNet peering
Icon
The Azure portal
Icon
The Azure CLI
Icon
Creating and configuring VNet-to-VNet connection
Icon
Single region
Icon
Multiple regions
Icon
Connecting the networks
Icon
The same resource group
Icon
Different resource groups
Icon
Creating and configuring subnets
Icon
Creating a VNet
Icon
Creating a subnet
Icon
Understanding subnet configuration
Icon
Securing critical Azure services with service endpoints
Icon
Creating a VNet and Azure Storage account
Icon
Creating a service endpoint
Icon
Configuring a service endpoint
Icon
Configuring a naming resolutions
Icon
Creating a DNS zone
Icon
Configuring the DNS within a VNet
Icon
Creating and configuring network security groups (NSGs)
Icon
Creating a VNet with a subnet
Icon
Adding an NSG to a subnet
Icon
Reviewing NSG rules
Icon
Adding an NSG rule
Icon
Summary
5
Section 2: Identity and Access Management
Icon
Section 2: Identity and Access Management
6
Identity Management
Icon
Identity Management
Icon
Technical requirements
Icon
Creating users in Azure AD
Icon
Getting started with user creation
Icon
Creating a user in an Azure Active Directory tenant
Icon
Creating a guest user
Icon
Describing the user creation process
Icon
Assigning a role to a user
Icon
Registering an application in Azure AD
Icon
Creating a new application
Icon
Creating groups
Icon
Group creation
Icon
Managing groups
Icon
Managing directory roles
Icon
Monitoring and auditing users
Icon
Enabling MFA authentication
Icon
Securing an Azure Service Fabric cluster
Icon
Summary
7
Access Management
Icon
Access Management
Icon
Technical requirements
Icon
Creating a custom role
Icon
Configuring access to Azure resources
Icon
Configuring MSI
Icon
Securing Azure App Services
Icon
Using and revoking Shared Access Policies
Icon
Creating and managing Shared Access Policies
Icon
Generating SAS tokens for different services
Icon
Summary
8
Managing Virtual Machines
Icon
Managing Virtual Machines
Icon
Technical requirements
Icon
Adding data disks
Icon
Creating a data disk
Icon
Adding network interfaces
Icon
Using Desired State Configuration
Icon
Scaling VMs up/out
Icon
Scaling caveats
Icon
Configuring monitoring
Icon
Configuring guest-level monitoring
Icon
Extending monitoring capabilities
Icon
Enabling connection monitor
Icon
Configuring high availability
Icon
Deploying VMs
Icon
Browsing the solutions
Icon
Deploying resources using various tools
Icon
Securing access to VMs
Icon
Connecting to a VM
Icon
Connecting to a VM
Icon
Using RDP and SSH to connect
Icon
Summary
9
Section 3: Advanced Topics
Icon
Section 3: Advanced Topics
10
Advanced Networking
Icon
Advanced Networking
Icon
Technical requirements
Icon
Implementing load balancing
Icon
Monitoring and diagnosing networks
Icon
IP flow verify
Icon
Next hop
Icon
Effective security rules
Icon
VPN troubleshoot, Packet capture, and Connection troubleshoot
Icon
Configuring DDoS protection
Icon
Enabling VNets in AKS
Icon
Enabling VNets for ACI
Icon
Enabling VNets in Redis Cache
Icon
Summary
11
Implementing Storage and Backup
Icon
Implementing Storage and Backup
Icon
Technical requirements
Icon
Configuring network access for Azure Storage accounts
Icon
Enabling monitoring and finding logs for Azure Storage accounts
Icon
Managing the replication of Azure Storage accounts
Icon
Selecting the replication mode
Icon
Setting up Azure file shares
Icon
Transferring large datasets with low or no network bandwidth
Icon
Understanding your case – low or no bandwidth
Icon
Transferring data from on-premises to Azure
Icon
Transferring large datasets with medium or high network bandwidth
Icon
Understanding your case – medium or high bandwidth
Icon
The available options
Icon
Exploring periodic data transfer
Icon
Enabling security for Azure Storage
Icon
Summary
12
High Availability and Disaster Recovery Scenarios
Icon
High Availability and Disaster Recovery Scenarios
Icon
Technical requirements
Icon
Monitoring Azure VMs
Icon
Creating a VM
Icon
Enabling monitoring
Icon
Understanding the details
Icon
Monitoring Azure Storage services
Icon
Monitoring Azure App Service
Icon
Exploring capabilities of Azure Application Insights
Icon
Implementing Azure SQL backup
Icon
Creating our SQL server and database
Icon
Backing up your databases
Icon
Implementing Azure Storage backup
Icon
Backing up your storage account data
Icon
Implementing Availability Zones for VMs and HA
Icon
Availability Sets versus Availability Zones
Icon
Implementing AZs
Icon
Understanding how AZs work
Icon
Monitoring and managing global routing for web traffic with Azure Front Door
Icon
Understanding Azure Front Door
Icon
Creating an Azure Front Door instance
Icon
Designing backup plans for VMs
Icon
Summary
Icon
Further reading
13
Automating Administration in Azure
Icon
Automating Administration in Azure
Icon
Technical requirements
Icon
Starting/stopping Azure VMs during off-hours
Icon
Getting started with a VM
Icon
Creating an Automation account
Icon
Monitoring Blob storage with Azure Event Grid
Icon
Extending your setup
Icon
Monitoring ACR with Azure Event Grid
Icon
Integrating ACR with Azure Event Grid
Icon
Integrating FTP/SFTP servers with Azure Logic Apps
Icon
Creating an Azure Logic App instance
Icon
Understanding the setup
Icon
Integrating Office 365 with Azure Logic Apps
Icon
Integrating Azure SQL Server with Azure Logic Apps
Icon
Getting started with Azure Logic Apps
Icon
Managing updates for VMs
Icon
Getting started with the Update Management feature
Icon
Enabling the feature for multiple machines
Icon
Tracking changes in VMs
Icon
Summary
Icon
Further reading
14
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Examples of Azure policies

To give you a better understanding of the topic, we can take a look at various examples of policies you may use. There are many different kinds of available policies—let's try to describe the most interesting ones:

  • Audit CORS resource access restrictions for a function app: When using Azure Functions, you may want to force developers to assign proper Cross-Origin Resource Sharing (CORS) configuration to function apps, so they are not accessible from all domains. A very simple and helpful policy that addresses a common security issue when hosting web applications.
  • Audit resource location matches resource group location: To avoid confusion, you can ensure that resource groups and their resources are always provisioned in the same location.
  • Audit unrestricted network access to storage accounts: If your storage accounts should not be available from the internet, you can enforce their owners to configure network rules so they are only accessible from configured networks.
  • Not allowed resource types: Sometimes, your organization just cannot deploy some of the resources (for example, you need to audit the whole code base, so you cannot use Azure Functions). This policy is something you want when forbidding the use of a particular resource is essential.

When you assign any of the policies, it will immediately start to watch for your resources and check whether they are compliant with that policy.

Some of the policies require you to set some parameters before they can be added. Carefully check the Parameters section to configure them exactly as you want.

Of course, the error displayed previously (see Figure 1.13) is in fact returned by an API powering Azure resources. That means that it will be returned also for other operations (such as using the command line or PowerShell).

The policy I described previously was executed during the creation of a resource, but of course, it also works for the resources created previously. Subscription policies are really powerful tools for an Azure administrator, allowing for setting strong fundamentals for further management activities such as automation and building an organization-wide mindset of what is allowed and what is not. The more resources your subscription has, the more difficult it is to manage and keep everything up to the defined rules. This is especially true for all companies for which compliance is crucial to work effectively—if you have thousands of VMs, app services, and storage accounts, you just cannot rely only on telling everyone that this one particular feature isn't allowed. For those scenarios, use properly set up policies, which can cover many different scenarios, especially if you create a custom one.

Check out the next section to learn more about ensuring proper policies are assigned to Azure resources using Azure Blueprints.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Learn Azure Administration
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon