Introduction
Microsoft Azure is a cloud computing platform offering a wide range of services for building, deploying, and managing applications through Microsoft’s global network of data centers. It provides infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) solutions that help organizations meet business challenges while reducing capital expenditure on hardware and infrastructure management.
Core Azure Concepts
Cloud Computing Models
Model | Description | Azure Examples |
---|
IaaS (Infrastructure as a Service) | Provides virtualized computing resources over the internet | Virtual Machines, Virtual Networks, Storage Accounts |
PaaS (Platform as a Service) | Provides platform allowing customers to develop, run, and manage applications | App Service, Azure Functions, Logic Apps |
SaaS (Software as a Service) | Delivers software applications over the internet, on-demand | Microsoft 365, Dynamics 365, Power BI |
Serverless | Abstracts servers, infrastructure, and OS | Azure Functions, Logic Apps |
Core Azure Architectural Components
Azure Regions and Availability Zones
- Region: Geographic area containing at least one data center
- Region Pair: Two regions paired for disaster recovery
- Availability Zone: Physically separate facilities within a region
- Availability Set: Logical grouping of VMs that protects from hardware failures
Azure Resources Hierarchy
- Management Groups: Container for multiple subscriptions
- Subscriptions: Billing unit and security boundary
- Resource Groups: Logical container for resources
- Resources: Individual services (VMs, databases, etc.)
Azure Core Services
Compute Services
Service | Description | Use Case |
---|
Virtual Machines | IaaS offering providing full control over OS | Legacy app migration, custom software |
VM Scale Sets | Set of identical VMs with autoscaling | Web servers, processing nodes |
App Service | PaaS for hosting web apps, APIs, mobile backends | Web applications, API hosting |
Azure Functions | Serverless compute service | Event-driven processing, microservices |
Container Instances | Run containers without managing servers | Simple container deployment |
Azure Kubernetes Service (AKS) | Managed Kubernetes service | Container orchestration |
Storage Services
Service | Description | Use Case |
---|
Blob Storage | Object storage for unstructured data | Images, videos, documents, backups |
File Storage | Fully managed file shares | Share files between apps, hybrid scenarios |
Queue Storage | Message queuing for reliable messaging | Application decoupling |
Table Storage | NoSQL key-value store | Semi-structured data storage |
Disk Storage | Persistent disks for VMs | VM storage |
Azure Data Lake Storage | Storage optimized for big data analytics | Big data solutions |
Networking Services
Service | Description | Key Features |
---|
Virtual Network (VNet) | Isolated network in Azure | Subnets, NSGs, Route Tables |
Load Balancer | Distributes traffic to VMs | High availability, scalability |
Application Gateway | Web traffic load balancer with firewall | URL routing, SSL termination, WAF |
VPN Gateway | Connect on-premises to Azure | Site-to-site, point-to-site |
ExpressRoute | Private connection to Azure | High bandwidth, low latency |
Content Delivery Network (CDN) | Delivers content from point of presence close to users | Cache static content, reduce latency |
Azure DNS | Domain name system hosting | Manage DNS records |
Azure Firewall | Managed network security service | Network filtering, threat protection |
Database Services
Service | Description | Use Case |
---|
Azure SQL Database | Managed relational database | Enterprise applications |
Azure Cosmos DB | Globally distributed multi-model database | Global apps, IoT, mobile apps |
Azure Database for MySQL | Managed MySQL database | Web applications, CMS |
Azure Database for PostgreSQL | Managed PostgreSQL database | Geospatial, analytical apps |
Azure Synapse Analytics | Data warehousing and big data analytics | Data warehousing, BI |
Azure Cache for Redis | In-memory data store | Caching, session store |
Identity Services
Service | Description | Use Case |
---|
Azure Active Directory (Azure AD) | Identity and access management | Single sign-on, MFA, RBAC |
Azure AD B2C | Customer identity management | Customer-facing applications |
Managed Identities | Automatically managed identities for Azure resources | Secure service-to-service communication |
Azure Management Tools
Core Management Tools
Tool | Description | Purpose |
---|
Azure Portal | Web-based console | Visual management of resources |
Azure PowerShell | Command-line shell | Scripted management and automation |
Azure CLI | Cross-platform command-line interface | Scripted management and automation |
Azure Cloud Shell | Browser-based shell environment | Management without local installation |
Azure Resource Manager (ARM) | Deployment and management service | Infrastructure as code |
Azure Mobile App | Mobile app for Azure | Monitoring and alerts on the go |
Monitoring Tools
Tool | Description | Use Case |
---|
Azure Monitor | Platform for collecting and analyzing data | Monitoring and diagnostics |
Application Insights | Application performance management | Web app monitoring |
Log Analytics | Collects and analyzes log data | Troubleshooting, analysis |
Azure Advisor | Personalized recommendations | Optimize resources |
Azure Service Health | Personalized guidance about service issues | Stay informed about outages |
Azure Security and Compliance
Security Services
Service | Description | Key Features |
---|
Azure Security Center | Unified security management system | Security posture, threat protection |
Microsoft Defender for Cloud | Extended security management across clouds | Advanced threat protection |
Azure Sentinel | Cloud-native SIEM and SOAR | Security analytics, threat intelligence |
Key Vault | Secrets management and key management | Store credentials, certificates |
DDoS Protection | Network protection against DDoS attacks | Automatic detection, mitigation |
Azure Security Best Practices
- Implement defense in depth (layered security)
- Use Azure RBAC for fine-grained access control
- Enable multi-factor authentication (MFA)
- Apply the principle of least privilege
- Encrypt data at rest and in transit
- Implement network security groups and application security groups
- Keep systems patched and updated
- Monitor and audit regularly
Compliance Programs
- ISO 27001, ISO 27018
- SOC 1, SOC 2, SOC 3
- HIPAA, HITECH
- FedRAMP
- GDPR
- PCI DSS
Cost Management and Governance
Azure Cost Factors
- Resource type and consumption
- Azure subscription type
- Azure Marketplace
- Resource location/region
- Inbound/outbound traffic
- Reserved instances vs. pay-as-you-go
Cost Management Tools
Tool | Description | Use Case |
---|
Azure Cost Management | Monitor, allocate, and optimize costs | Cost analysis, budgets |
Azure Advisor Cost Recommendations | Cost optimization suggestions | Reduce waste, rightsize resources |
Pricing Calculator | Estimate costs before deployment | Project planning, budgeting |
Total Cost of Ownership (TCO) Calculator | Compare on-premises vs. cloud costs | Migration planning |
Azure Reservations | Reserved capacity at discounted rates | VM instances, Azure SQL |
Azure Spot VMs | Low-cost VMs using excess capacity | Batch processing, non-critical workloads |
Governance Tools
Tool | Description | Benefits |
---|
Azure Policy | Create, assign, and manage policies | Enforce standards, assess compliance |
Azure Blueprints | Repeatable sets of Azure resources | Standardized environment setup |
Management Groups | Manage multiple subscriptions | Hierarchical organization |
Resource Locks | Prevent accidental deletion/modification | Critical resource protection |
Service Trust Portal | Access compliance documents | Review compliance offerings |
Common Azure CLI Commands
# Login to Azure
az login
# Set subscription
az account set --subscription "Subscription Name"
# Create resource group
az group create --name MyResourceGroup --location eastus
# List all resource groups
az group list --output table
# Create a virtual machine
az vm create \
--resource-group MyResourceGroup \
--name MyVM \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys
# List all VMs
az vm list --output table
# Start/stop VM
az vm start --resource-group MyResourceGroup --name MyVM
az vm stop --resource-group MyResourceGroup --name MyVM
# Create storage account
az storage account create \
--name mystorageaccount \
--resource-group MyResourceGroup \
--location eastus \
--sku Standard_LRS
# Create Azure SQL Database
az sql server create \
--name mysqlserver \
--resource-group MyResourceGroup \
--location eastus \
--admin-user serveradmin \
--admin-password ComplexPassword123!
# Delete a resource group and all resources
az group delete --name MyResourceGroup --yes
Common PowerShell Commands
# Login to Azure
Connect-AzAccount
# Select subscription
Select-AzSubscription -SubscriptionName "Subscription Name"
# Create resource group
New-AzResourceGroup -Name "MyResourceGroup" -Location "EastUS"
# List resource groups
Get-AzResourceGroup | Format-Table
# Create a VM
New-AzVM -ResourceGroupName "MyResourceGroup" -Name "MyVM" -Location "EastUS" -VirtualNetworkName "MyVNet" -SubnetName "MySubnet" -SecurityGroupName "MyNSG" -PublicIpAddressName "MyPublicIP" -OpenPorts 80,3389
# Start/stop VM
Start-AzVM -ResourceGroupName "MyResourceGroup" -Name "MyVM"
Stop-AzVM -ResourceGroupName "MyResourceGroup" -Name "MyVM" -Force
# List all VMs
Get-AzVM | Format-Table Name,ResourceGroupName,Location
# Create storage account
New-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount" -Location "EastUS" -SkuName "Standard_LRS"
# Remove resource group and all resources
Remove-AzResourceGroup -Name "MyResourceGroup" -Force
ARM Template Structure
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"metadata": {
"description": "Storage Account Name"
}
}
},
"variables": {
"storageAccountSku": "Standard_LRS"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"name": "[parameters('storageAccountName')]",
"location": "[resourceGroup().location]",
"sku": {
"name": "[variables('storageAccountSku')]"
},
"kind": "StorageV2",
"properties": {
"supportsHttpsTrafficOnly": true
}
}
],
"outputs": {
"storageAccountId": {
"type": "string",
"value": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
}
}
}
Azure Deployment Strategies
Strategy | Description | Benefits |
---|
Blue-Green Deployment | Create identical environments, switch traffic | Minimal downtime, easy rollback |
Canary Deployment | Gradually shift traffic to new version | Controlled risk, real-world testing |
Rolling Deployment | Gradually replace instances with new version | Minimal impact on capacity |
A/B Testing | Route subset of users to new version | Test features with real users |
Common Azure Architectures
Web Application with Database
- Front-end: App Service or Static Web Apps
- API: App Service, Azure Functions
- Database: Azure SQL Database, Cosmos DB
- Caching: Redis Cache
- CDN: Azure CDN
Microservices Architecture
- Service orchestration: AKS, Service Fabric
- API Gateway: API Management
- Service-to-service communication: Event Grid, Service Bus
- Monitoring: Application Insights
- Identity: Azure AD, Managed Identities
Big Data and Analytics
- Data ingestion: Event Hubs, IoT Hub
- Storage: Data Lake Storage
- Processing: HDInsight, Databricks
- Analysis: Synapse Analytics
- Visualization: Power BI
Common Azure Troubleshooting
Issue | Troubleshooting Steps |
---|
VM Can’t Connect | Check NSG rules, public IP, VM state |
Web App Not Responding | Check App Service logs, Application Insights |
Database Performance | Check DTU usage, query performance, indexing |
Network Connectivity | Check NSGs, UDRs, firewall settings, peering |
Azure AD Authentication | Check user permissions, MFA settings, conditional access |
Resources for Further Learning
Azure Certification Path
Certification | Description | Recommended Experience |
---|
AZ-900 | Azure Fundamentals | 0-6 months |
AZ-104 | Azure Administrator | 6+ months |
AZ-204 | Azure Developer | 1-2 years developing in Azure |
AZ-500 | Azure Security Engineer | 1-2 years security experience |
AZ-305 | Azure Solutions Architect | 1-2 years designing cloud solutions |
AZ-700 | Azure Network Engineer | 1-2 years networking experience |
DP-900 | Azure Data Fundamentals | 0-6 months data experience |
DP-203 | Azure Data Engineer | 1-2 years data engineering |
AI-900 | Azure AI Fundamentals | 0-6 months AI experience |
AI-102 | Azure AI Engineer | 1-2 years AI development |
This comprehensive Azure Fundamentals cheat sheet provides a quick reference for anyone working with or studying Microsoft Azure cloud services. From core concepts to specific services and commands, use this guide to accelerate your Azure journey and build cloud solutions more effectively.