siddydutta/AZ-900-Notes.txt

## AZ-900-Notes.txt
Azure Fundamentals Part 1: Describe core Azure concepts

Cloud computing is the delivery of computing services over the internet by using a pay-as-you-go pricing model. You typically pay only for the cloud services you use, which helps you:
	Lower your operating costs.
	Run your infrastructure more efficiently.
	Scale as your business needs change.

Types of Cloud Models
	Public cloud
		No capital expenditures to scale up.
		Applications can be quickly provisioned and deprovisioned.
		Organizations pay only for what they use.
	Private cloud
		Hardware must be purchased for start-up and maintenance.
		Organizations have complete control over resources and security.
		Organizations are responsible for hardware maintenance and updates.
	Hybrid cloud
		Provides the most flexibility.
		Organizations determine where to run their applications.
		Organizations control security, compliance, or legal requirements.

Types of Cloud Service Models
	IaaS (Infrastructure-as-a-Service)
		Cloud provider maintains hardware. OS + Network configuration is upto cloud tenant. Example: Azure Virtual Machines.
	PaaS (Platform-as-a-Service)
		Cloud provider manages the virtual machines and networking resources. Cloud tenant chooses to what applications to deploy on the platform. Example: Azure App Services.
	SaaS (Software-as-a-Service)
		Cloud provider manages all aspects of the application environment. Cloud tenant provides the data. Example: Office 365.

Model Comparison: https://docs.microsoft.com/en-us/learn/azure-fundamentals/fundamental-azure-concepts/media/shared-responsibility-76efbc1e.png

Azure Hierarchy
Management Groups -> Subscriptions -> Resource Groups -> Resources
https://docs.microsoft.com/en-us/learn/azure-fundamentals/azure-architecture-fundamentals/media/hierarchy-372fef74.png

Azure Regions: A region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network.
Azure Availability Zone: Availability zones are physically separate datacenters within an Azure region. Minimum of three zones in a region.
Azure Region Pairs: Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away.


Azure Fundamentals Part 2: Describe core Azure services

Azure Compute Services - Azure Virtual Machines, Azure Container Instances, Azure App Service, Azure Functions
						 Azure Functions (Code first, imperative) vs Azure Logic Apps (Design first, declarative)
Azure Networking Services - Azure Virtual Networks, Azure VPN Gateway,
							Azure ExpressRoute: extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider; site-to-site virtual private network is not an ExpressRoute model
Azure Storage Services - Azure Blob Storage: objects storage (static, streaming); organized into containers; access tiers: hot/cool/archive
						 Azure Disk Storage (disks for virtual machines), Azure Files (file share functionality)
An Azure storage account is required to use Azure Storage Services.
Azure Database Services - Azure Cosmos DB: database service abstracted by SQL, MongoDB, Cassandra, Tables, and Gremlin
						  Azure SQL Database, Azure Database for MySQL, Azure Database for PostgreSQL,
						  Azure SQL Managed Instance (PaaS for SQL Server)
Azure Analytics - Azure Synapse Analytics (data warehousing, big data analytics), Azure HDInsight, Azure Databricks,
				  Azure Data Lake Analytics
				  Azure Synapse Analytics: Run analytics at a massive scale by using a cloud-based enterprise data warehouse that takes advantage of massively parallel processing to run complex queries quickly across petabytes of data.
				  Azure HDInsight: Process massive amounts of data with managed clusters of Hadoop clusters in the cloud.
				  Azure Databricks: Integrate this collaborative Apache Spark-based analytics service with other big data services in Azure.


Azure Fundamentals Part 3: Describe core solutions and management tools on Azure

Azure IoT Services
	Azure IoT Hub is a managed service that's hosted in the cloud and that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages.
	Azure IoT Central builds on top of IoT Hub by adding a dashboard that allows you to connect, monitor, and manage your IoT devices.
	Azure Sphere creates an end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub.
Azure AI Services
	Azure Machine Learning is a platform for making predictions. It consists of tools and services that allow you to connect to data to train and test models to find one that will most accurately predict a future result.
	Azure Cognitive Services provides prebuilt machine learning models that enable applications to see, hear, speak, understand, and even begin to reason. *Azure Cognitive Services also has decision services based on personalized recommendations.*
	Azure Bot Service and Bot Framework are platforms for creating virtual agents that understand and reply to questions just like a human.
Azure Serverless Technologies
	Azure Functions service can host a single method or function by using a popular programming language in the cloud that runs in response to an event.
	Logic Apps is a low-code/no-code that helps automate and orchestrate tasks, business processes, and workflows when needed to integrate apps, data, systems, and services across enterprises or organizations.
Azure Development Tools
	Azure DevOps Services is a suite of services that address every stage of the software development lifecycle.
		Includes : Azure Repos, Azure Boards, Azure Pipelines, Azure Artifacts, Azure Test Plans
	GitHub and GitHub Actions
	Azure DevTest Labs provides an automated means of managing the process of building, setting up, and tearing down virtual machines (VMs) that contain builds of your software projects.
Azure Tools for Managing and Configuring Azure Environment
	Azure Portal
	Azure Mobile App
	Azure Powershell (For Windows based)
	Azure CLI (For Bash based)
	ARM Templates (JSON based)
Azure Monitoring Services
	Azure Advisor evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs. Advisor is designed to help you save time on cloud optimization. (recommendations)
	Azure Monitor is a platform for collecting, analyzing, visualizing, and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment. (insights and monitoring)
	Azure Service Health provides a personalized view of the health of the Azure services, regions, and resources you rely on. (incidents)


Azure Fundamentals Part 4: Describe general security and network security features

Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. (Application control rule)
Azure Sentinel is Microsoft's cloud-based SIEM (security information and event management) system. It uses intelligent security analytics and threat analysis.
	- Collect cloud data at scale
	- Detect previously undetected threats
	- Investigate threats with artificial intelligence
	- Respond to incidents rapidly
	(Monitoring, reporting)
Azure Key Vault is a centralized cloud service for storing an application's secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities.
Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.

Azure Firewall is a managed, cloud-based network security service that helps protect resources in your Azure virtual networks.
Azure DDoS Protection (Standard) helps protect your Azure resources from DDoS attacks.
A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network. You can think of NSGs like an internal firewall.


Azure Fundamentals Part 5: Describe identity, governance, privacy, and compliance features

Authentication vs Authorization
Azure Active Directory
	Authentication
	Single Sign-on
	Application Management
	Device Management
Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from.

Role-based access control is applied to a scope, which is a resource or set of resources that this access applies to.
https://docs.microsoft.com/en-us/learn/azure-fundamentals/build-cloud-governance-strategy-azure/media/4-role-scope-0223bfae.png
A resource lock prevents resources from being accidentally deleted or changed.

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources. These policies enforce different rules and effects over your resource configurations so that those configurations stay compliant with corporate standards.
Azure Blueprints you can define a repeatable set of governance tools and standard Azure resources that your organization requires.

The Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey. The Cloud Adoption Framework helps you create and implement the business and technology strategies needed to succeed in the cloud.

The Microsoft Privacy Statement explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes.
The Online Services Terms (OST) is a legal agreement between Microsoft and the customer. The OST details the obligations by both parties with respect to the processing and security of customer data and personal data.
The Data Protection Addendum (DPA) further defines the data processing and security terms for online services.
The Trust Center showcases Microsoft's principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.
Azure compliance documentation
The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription.


Azure Fundamentals Part 6: Describe Azure cost management and service level agreements

The TCO Calculator helps you estimate the cost savings of operating your solution on Azure over time, instead of in your on-premises datacenter. The term total cost of ownership is commonly used in finance. It can be hard to see all the hidden costs related to operating a technology capability on-premises. Software licenses and hardware are additional costs.
Azure Pricing calculator helps an accurate cost estimate for Azure services.

Manage and minimize total cost on Azure
	- Understand estimated costs before you deploy
	- Use Azure Advisor to monitor your usage
	- Use spending limits to restrict your spending
	- Use Azure Reservations to prepay
	- Choose low-cost locations and regions
	- Research available cost-saving offers
	- Use Azure Cost Management + Billing to control spending
	- Apply tags to identify cost owners
	- Resize underutilized virtual machines
	- Deallocate virtual machines during off hours
	- Delete unused resources
	- Migrate from IaaS to PaaS services
	- Save on licensing costs
		- Choose cost-effective operating systems
		- Use Azure Hybrid Benefit to repurpose software licenses on Azure

A service-level agreement (SLA) is a formal agreement between a service company and the customer. For Azure, this agreement defines the performance standards that Microsoft commits to for you, the customer.
Composite SLA would be: 99.9% × 99.9% x 99.99% × 99.99%
	- Choose customization options that fit your required SLA
	- Build availability requirements into your design
	- Include redundancy to increase availability
	Azure Fundamentals Part 1: Describe core Azure concepts

	Cloud computing is the delivery of computing services over the internet by using a pay-as-you-go pricing model. You typically pay only for the cloud services you use, which helps you:
	Lower your operating costs.
	Run your infrastructure more efficiently.
	Scale as your business needs change.

	Types of Cloud Models
	Public cloud
	No capital expenditures to scale up.
	Applications can be quickly provisioned and deprovisioned.
	Organizations pay only for what they use.
	Private cloud
	Hardware must be purchased for start-up and maintenance.
	Organizations have complete control over resources and security.
	Organizations are responsible for hardware maintenance and updates.
	Hybrid cloud
	Provides the most flexibility.
	Organizations determine where to run their applications.
	Organizations control security, compliance, or legal requirements.

	Types of Cloud Service Models
	IaaS (Infrastructure-as-a-Service)
	Cloud provider maintains hardware. OS + Network configuration is upto cloud tenant. Example: Azure Virtual Machines.
	PaaS (Platform-as-a-Service)
	Cloud provider manages the virtual machines and networking resources. Cloud tenant chooses to what applications to deploy on the platform. Example: Azure App Services.
	SaaS (Software-as-a-Service)
	Cloud provider manages all aspects of the application environment. Cloud tenant provides the data. Example: Office 365.

	Model Comparison: https://docs.microsoft.com/en-us/learn/azure-fundamentals/fundamental-azure-concepts/media/shared-responsibility-76efbc1e.png

	Azure Hierarchy
	Management Groups -> Subscriptions -> Resource Groups -> Resources
	https://docs.microsoft.com/en-us/learn/azure-fundamentals/azure-architecture-fundamentals/media/hierarchy-372fef74.png

	Azure Regions: A region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network.
	Azure Availability Zone: Availability zones are physically separate datacenters within an Azure region. Minimum of three zones in a region.
	Azure Region Pairs: Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away.


	Azure Fundamentals Part 2: Describe core Azure services

	Azure Compute Services - Azure Virtual Machines, Azure Container Instances, Azure App Service, Azure Functions
	Azure Functions (Code first, imperative) vs Azure Logic Apps (Design first, declarative)
	Azure Networking Services - Azure Virtual Networks, Azure VPN Gateway,
	Azure ExpressRoute: extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider; site-to-site virtual private network is not an ExpressRoute model
	Azure Storage Services - Azure Blob Storage: objects storage (static, streaming); organized into containers; access tiers: hot/cool/archive
	Azure Disk Storage (disks for virtual machines), Azure Files (file share functionality)
	An Azure storage account is required to use Azure Storage Services.
	Azure Database Services - Azure Cosmos DB: database service abstracted by SQL, MongoDB, Cassandra, Tables, and Gremlin
	Azure SQL Database, Azure Database for MySQL, Azure Database for PostgreSQL,
	Azure SQL Managed Instance (PaaS for SQL Server)
	Azure Analytics - Azure Synapse Analytics (data warehousing, big data analytics), Azure HDInsight, Azure Databricks,
	Azure Data Lake Analytics
	Azure Synapse Analytics: Run analytics at a massive scale by using a cloud-based enterprise data warehouse that takes advantage of massively parallel processing to run complex queries quickly across petabytes of data.
	Azure HDInsight: Process massive amounts of data with managed clusters of Hadoop clusters in the cloud.
	Azure Databricks: Integrate this collaborative Apache Spark-based analytics service with other big data services in Azure.


	Azure Fundamentals Part 3: Describe core solutions and management tools on Azure

	Azure IoT Services
	Azure IoT Hub is a managed service that's hosted in the cloud and that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages.
	Azure IoT Central builds on top of IoT Hub by adding a dashboard that allows you to connect, monitor, and manage your IoT devices.
	Azure Sphere creates an end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub.
	Azure AI Services
	Azure Machine Learning is a platform for making predictions. It consists of tools and services that allow you to connect to data to train and test models to find one that will most accurately predict a future result.
	Azure Cognitive Services provides prebuilt machine learning models that enable applications to see, hear, speak, understand, and even begin to reason. Azure Cognitive Services also has decision services based on personalized recommendations.
	Azure Bot Service and Bot Framework are platforms for creating virtual agents that understand and reply to questions just like a human.
	Azure Serverless Technologies
	Azure Functions service can host a single method or function by using a popular programming language in the cloud that runs in response to an event.
	Logic Apps is a low-code/no-code that helps automate and orchestrate tasks, business processes, and workflows when needed to integrate apps, data, systems, and services across enterprises or organizations.
	Azure Development Tools
	Azure DevOps Services is a suite of services that address every stage of the software development lifecycle.
	Includes : Azure Repos, Azure Boards, Azure Pipelines, Azure Artifacts, Azure Test Plans
	GitHub and GitHub Actions
	Azure DevTest Labs provides an automated means of managing the process of building, setting up, and tearing down virtual machines (VMs) that contain builds of your software projects.
	Azure Tools for Managing and Configuring Azure Environment
	Azure Portal
	Azure Mobile App
	Azure Powershell (For Windows based)
	Azure CLI (For Bash based)
	ARM Templates (JSON based)
	Azure Monitoring Services
	Azure Advisor evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs. Advisor is designed to help you save time on cloud optimization. (recommendations)
	Azure Monitor is a platform for collecting, analyzing, visualizing, and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment. (insights and monitoring)
	Azure Service Health provides a personalized view of the health of the Azure services, regions, and resources you rely on. (incidents)


	Azure Fundamentals Part 4: Describe general security and network security features

	Azure Security Center is a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. (Application control rule)
	Azure Sentinel is Microsoft's cloud-based SIEM (security information and event management) system. It uses intelligent security analytics and threat analysis.
	- Collect cloud data at scale
	- Detect previously undetected threats
	- Investigate threats with artificial intelligence
	- Respond to incidents rapidly
	(Monitoring, reporting)
	Azure Key Vault is a centralized cloud service for storing an application's secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities.
	Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux.

	Azure Firewall is a managed, cloud-based network security service that helps protect resources in your Azure virtual networks.
	Azure DDoS Protection (Standard) helps protect your Azure resources from DDoS attacks.
	A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network. You can think of NSGs like an internal firewall.


	Azure Fundamentals Part 5: Describe identity, governance, privacy, and compliance features

	Authentication vs Authorization
	Azure Active Directory
	Authentication
	Single Sign-on
	Application Management
	Device Management
	Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from.

	Role-based access control is applied to a scope, which is a resource or set of resources that this access applies to.
	https://docs.microsoft.com/en-us/learn/azure-fundamentals/build-cloud-governance-strategy-azure/media/4-role-scope-0223bfae.png
	A resource lock prevents resources from being accidentally deleted or changed.

	Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources. These policies enforce different rules and effects over your resource configurations so that those configurations stay compliant with corporate standards.
	Azure Blueprints you can define a repeatable set of governance tools and standard Azure resources that your organization requires.

	The Cloud Adoption Framework for Azure provides you with proven guidance to help with your cloud adoption journey. The Cloud Adoption Framework helps you create and implement the business and technology strategies needed to succeed in the cloud.

	The Microsoft Privacy Statement explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes.
	The Online Services Terms (OST) is a legal agreement between Microsoft and the customer. The OST details the obligations by both parties with respect to the processing and security of customer data and personal data.
	The Data Protection Addendum (DPA) further defines the data processing and security terms for online services.
	The Trust Center showcases Microsoft's principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.
	Azure compliance documentation
	The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription.


	Azure Fundamentals Part 6: Describe Azure cost management and service level agreements

	The TCO Calculator helps you estimate the cost savings of operating your solution on Azure over time, instead of in your on-premises datacenter. The term total cost of ownership is commonly used in finance. It can be hard to see all the hidden costs related to operating a technology capability on-premises. Software licenses and hardware are additional costs.
	Azure Pricing calculator helps an accurate cost estimate for Azure services.

	Manage and minimize total cost on Azure
	- Understand estimated costs before you deploy
	- Use Azure Advisor to monitor your usage
	- Use spending limits to restrict your spending
	- Use Azure Reservations to prepay
	- Choose low-cost locations and regions
	- Research available cost-saving offers
	- Use Azure Cost Management + Billing to control spending
	- Apply tags to identify cost owners
	- Resize underutilized virtual machines
	- Deallocate virtual machines during off hours
	- Delete unused resources
	- Migrate from IaaS to PaaS services
	- Save on licensing costs
	- Choose cost-effective operating systems
	- Use Azure Hybrid Benefit to repurpose software licenses on Azure

	A service-level agreement (SLA) is a formal agreement between a service company and the customer. For Azure, this agreement defines the performance standards that Microsoft commits to for you, the customer.
	Composite SLA would be: 99.9% × 99.9% x 99.99% × 99.99%
	- Choose customization options that fit your required SLA
	- Build availability requirements into your design
	- Include redundancy to increase availability