Book Image

Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond - Second Edition

By : Brett Hargreaves, Sjoukje Zaal
Book Image

Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond - Second Edition

By: Brett Hargreaves, Sjoukje Zaal

Overview of this book

From designing solutions on Azure to configuring and managing virtual networks, the AZ-303 certification validates your knowledge and skills for all this and much more. Whether you want to take the certification exam or gain hands-on experience in administering, developing, and architecting Azure solutions, this study guide will help you get started. Divided into four modules, this book systematically takes you through the wide range of concepts and features covered in the AZ-303 exam. The first module demonstrates how to implement and monitor infrastructure. You'll develop the skills required to deploy and manage core Azure components such as virtual machines, networking, storage, and Active Directory (AD). As you progress, you'll build on that knowledge and learn how to create resilient and secure applications before moving on to working with web apps, functions, and containers. The final module will get you up to speed with data platforms such as SQL and Cosmos DB, including how to configure the different high availability options. Finally, you'll solve mock tests and assess yourself with the answers provided to get ready to take the exam with confidence. By the end of this book, you'll have learned the concepts and techniques you need to know to prepare for the AZ-303 exam and design effective solutions on Microsoft Azure.

Related Content you might be interested in

Current Title:

Small book image
Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond - Second Edition
Brett Hargreaves | Sjoukje Zaal
Dec, 2020 | 548 pages
Small book image
Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond
Riaan Lowe | Donovan Kelly
Jul, 2022 | 776 pages
Small book image
Architecting Microsoft Azure Solutions - Exam Guide 70-535
Sjoukje Zaal
Apr, 2018 | 418 pages
Small book image
Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond
Brett Hargreaves
Jul, 2021 | 520 pages
Table of Contents (25 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Implement and Monitor Azure Infrastructure
Section 1: Implement and Monitor Azure Infrastructure
Free Chapter
2
Chapter 1: Implementing Cloud Infrastructure Monitoring
Chapter 1: Implementing Cloud Infrastructure Monitoring
Technical requirements
Understanding Azure Monitor
Creating and analyzing metrics and alerts
Creating a baseline for resources
Configuring diagnostic settings on resources
Viewing alerts in Log Analytics
Utilizing log search query functions
Using Network Watcher
Monitoring security
Managing costs
Questions
Further reading
3
Chapter 2: Creating and Configuring Storage Accounts
Chapter 2: Creating and Configuring Storage Accounts
Technical requirements
Understanding Azure Storage accounts
Creating and configuring a storage account
Installing and using Azure Storage Explorer
Configuring network access to the storage account
SAS tokens and access keys
Implementing Azure Storage replication and failover
Summary
Questions
Further reading
4
Chapter 3: Implementing and Managing Virtual Machines
Chapter 3: Implementing and Managing Virtual Machines
Technical requirements
Understanding VMs
Understanding Availability Sets
Understanding how to provision VMs
Understanding VM scale sets
Modifying and deploying ARM templates
Deploying resources with Azure DevOps
Configuring Azure Disk Encryption for VMs
Azure Dedicated Host
Summary
Questions
Further reading
5
Chapter 4: Implementing and Managing Virtual Networking
Chapter 4: Implementing and Managing Virtual Networking
Technical requirements
Understanding Azure VNets
Understanding IP addresses
Configuring VNets and subnets
Configuring private and public IP addresses
User-defined routes
Summary
Questions
Further reading
6
Chapter 5: Creating Connectivity between Virtual Networks
Chapter 5: Creating Connectivity between Virtual Networks
Technical requirements
Understanding VNet peering
Creating and configuring VNet peering
Understanding VNet-to-VNet
Verifying your virtual network's connectivity
VNet peering versus VNet-to-VNet connections
Summary
Questions
Further reading
7
Chapter 6: Managing Azure Active Directory (Azure AD)
Chapter 6: Managing Azure Active Directory (Azure AD)
Understanding Azure AD
Creating and managing users and groups
Configuring a self-service password reset
Understanding Conditional Access policies and security defaults
Working with Azure AD join
Adding custom domains
Summary
Questions
Further reading
8
Chapter 7: Implementing Multi-Factor Authentication (MFA)
Chapter 7: Implementing Multi-Factor Authentication (MFA)
Understanding Azure MFA
Configuring user accounts for MFA
Configuring verification methods
Configuring trusted IPs
Configuring fraud alerts
Configuring bypass options
Summary
Questions
Further reading
9
Chapter 8: Implementing and Managing Hybrid Identities
Chapter 8: Implementing and Managing Hybrid Identities
Understanding Azure AD Connect
Installing Azure AD Connect
Managing Azure AD Connect
Managing password synchronization and password writeback
Using Azure AD Connect Health
Summary
Questions
Further reading
10
Section 2: Implement Management and Security Solutions
Section 2: Implement Management and Security Solutions
11
Chapter 9: Managing Workloads in Azure
Chapter 9: Managing Workloads in Azure
Understanding Azure Migrate
Selecting Azure Migrate tools
Migrating on-premises servers to Azure
Using Azure Update Management
Protecting VMs with Azure Backup
Implementing disaster recovery
Summary
Questions
Further reading
12
Chapter 10: Implementing Load Balancing and Networking Security
Chapter 10: Implementing Load Balancing and Networking Security
Technical requirements
Understanding load balancing options
Implementing Azure Load Balancer
Implementing Azure Traffic Manager
Understanding Azure Application Gateway
Understanding Azure Front Door
Choosing the right options
Implementing network security and application security groups
Understanding Azure Firewall
Using Azure Bastion
Summary
Questions
Further reading
13
Chapter 11: Implementing Azure Governance Solutions
Chapter 11: Implementing Azure Governance Solutions
Technical requirements
Understanding governance and compliance
Understanding RBAC
Configuring access to Azure resources by assigning roles
Configuring management access to Azure
Creating a custom role
Azure Policy
Implementing and configuring Azure Blueprints
Using hierarchical management
Summary
Questions
Further reading
14
Section 3: Implement Solutions for Apps
Section 3: Implement Solutions for Apps
15
Chapter 12: Creating Web Apps Using PaaS and Serverless
Chapter 12: Creating Web Apps Using PaaS and Serverless
Technical requirements
Understanding App Service
Understanding App Service plans
Using deployment slots
Setting up automatic scaling
Understanding WebJobs
Understanding diagnostic logging
Using Azure Functions
Building Azure Logic Apps
Summary
Questions
Further reading
16
Chapter 13: Designing and Developing Apps for Containers
Chapter 13: Designing and Developing Apps for Containers
Technical requirements
Understanding ACI
Understanding Web App for Containers
Understanding AKS
Summary
Questions
Further reading
17
Chapter 14: Implementing Authentication
Chapter 14: Implementing Authentication
Technical requirements
Understanding Azure App Service authentication
Implementing Active Directory authentication
Implementing authentication using certificates
Understanding and implementing OAuth2 authentication in Azure AD
Understanding and implementing managed identities
Summary
Questions
Further reading
18
Section 4: Implement and Manage Data Platforms
Section 4: Implement and Manage Data Platforms
19
Chapter 15: Developing Solutions that Use Cosmos DB Storage
Chapter 15: Developing Solutions that Use Cosmos DB Storage
Technical requirements
Understanding the differences between NoSQL and SQL
Understanding Cosmos DB
Creating, reading, updating, and deleting data using the appropriate APIs
Understanding partitioning schemes
Setting the appropriate consistency level for operations
Creating replicas
Summary
Questions
Further reading
20
Chapter 16: Developing Solutions that Use a Relational Database
Chapter 16: Developing Solutions that Use a Relational Database
Technical requirements
Understanding Azure SQL Database
Provisioning and configuring an Azure SQL database
Creating, reading, updating, and deleting data tables using code
Configuring elastic pools for Azure SQL Database
Configuring high availability
Implementing Azure SQL Database managed instances
Publishing a SQL database
Summary
Questions
Further reading
21
Chapter 17: Mock Exam Questions
Chapter 17: Mock Exam Questions
22
Chapter 18: Mock Exam Answers
Chapter 18: Mock Exam Answers
23
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
24
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Monitoring security

Azure manages and protects many aspects of your solutions for you; however, it is still crucial that you monitor for intrusion events either at the platform level or in your hosted applications.

To help you monitor and protect your environment, you can use the Azure Activity log.

Activity log

Every action you perform in Azure, either directly in the portal, via PowerShell, the Azure CLI, using DevOps pipelines, or even as a result of an automated task, is logged.

These logs can be viewed at the resource level, resource group level, or subscription level. The process is the same for them all, but the following is an example of how to view subscription events:

  1. Navigate to the Azure portal by opening https://portal.azure.com.
  2. In the left-hand menu, select or search for Subscriptions.
  3. Select the subscription you wish to view.
  4. In the left-hand menu, click Activity log.

As the following screenshot shows, you are presented with a list of events showing what happened, when, and who or what initiated it. Events are grouped by the operation name, and clicking on the operation will provide more granular details of the events:

Figure 1.27 – Azure Activity Logs

Figure 1.27 – Azure Activity Logs

Above the events are a series of filters to set the level you wish to view, over what time span, and a severity setting.

The severity can be filtered by Critical, Warning, Error, and Informational.

You can also add additional filters by clicking the Add Filter button, which then allows you to filter by the following properties:

  • Resource Group
  • Resource
  • Resource Type
  • Operation
  • Event Initiated By
  • Event Category

To see more detail of a particular event, follow these steps:

  1. From the list of events, expand the Operation Name group by clicking on the arrow, as shown in the previous screenshot.
  2. Now click on the event to show the summary.
  3. Click JSON to see more details of the event. The following screenshot shows an example:
    Figure 1.28 – Example event details in JSON

    Figure 1.28 – Example event details in JSON

  4. If you want to be alerted whenever this event occurs, click New Alert Rule and then create the alert as before.

Using the Event viewer and creating relevant alerts will help identify inappropriate activities within Azure, either via the console or other methods.

Monitoring security is an important and critical activity to ensure the safety of your systems and data. In the following section, we look at another equally important task—keeping control of your costs.

Previous Section
End of Section 10
Next Section