Microsoft AZ-900 training - Day 2

The speaker demonstrates the process of creating a virtual network, setting up subnets, assigning IP addresses, and creating virtual machines within the network. They explain the importance of choosing the right region and compliance with laws and regulations for data storage. Testing the connection between virtual machines is also highlighted.

The speaker elaborates on setting up Network Security Groups (NSG) to control inbound and outbound traffic within virtual networks. They discuss default NSG rules, creating custom rules, and associating NSGs with subnets for enhanced security.

The speaker explains Azure Blob Storage, highlighting its scalability, object storage nature, use of containers for objects, private IP address ranges, and the benefits of using blob storage over disk storage for various data types such as video, binary, and text. They also discuss the importance of Tiers for data access and management.

The speaker introduces Azure File Storage, which offers fully managed file shares accessible via SMB or NFS protocols. They explain the benefits of shared access, compatibility with industry standards, and ease of management without dealing with hardware or operating systems. They mention the use of Azure File Sync to centralize file shares and automate syncing with Azure files.

The speaker discusses Azure Queue Storage, a service for storing a large number of messages, emphasizing its use for asynchronous communication between services. They highlight the capacity for potentially millions of messages, individual message size limitations, and integration with Azure Functions for automated actions based on message reception.

The speaker talks about Azure Disk Storage, managed block-level storage volumes for use with Azure virtual machines. They explain the provisioning process, storage types (HDD, SSD, Ultra Disk), and the scalability and performance levels of disk storage based on virtual machine size. Migration options and benefits of using Azure Disk Storage are also covered.

The speaker explains different data migration options to Azure, including Azure Migrate for real-time infrastructure migration and Azure Data Box for physical data transfer. They detail the process of requesting and using Azure Data Box to move large amounts of data quickly and efficiently.

The speaker discusses various file management tools in Azure, including AzCopy for blob operations between storage accounts, Azure Storage Explorer for graphical file management, and Azure File Sync for centralizing file shares. They highlight the functionalities and advantages of each tool for efficient file operations.

Introduction to Cloudshell and its usefulness for working with Azure portal and running scripts using a common line interface in the browser.

Demonstration of running bash commands in Cloud Shell to manage resources and create virtual machines.

Explanation of mounting and uploading files in Cloud Shell using PowerShell and verifying the functionality.

Demonstration of using Fshare for sharing information and files in a synchronized manner within the Azure cloud environment.

Overview of Microsoft Entro ID and the authentication process, including multifactor authentication and passwordless authentication methods.

Explanation of Microsoft Entro Domain Services and its benefits in managing domain services without the need for deploying and patching domain controllers.

Discussion on external identities, business-to-business collaborations, and conditional access for securing access based on location, device, and application signals.

Understanding Role-Based Access Control (RBAC) and its implementation for managing permissions and access control at various scopes within Azure resources.

Introduction to the Zero Trust security model that assumes a breach and verifies each request to protect resources in modern computing environments.

Defense in death aims to protect information and prevent unauthorized access by using various mechanisms to slow down attacks and protect data through multiple layers.

The defense strategy involves seven layers to protect central data, with each layer providing added security to slow down attacks and prevent exposure.

Includes physical security, identity & access control, parameter layer, network layer, compute layer, application layer, and data layer to ensure data protection and access control.

Microsoft Defender for Cloud is a monitoring tool for security posture management that offers threat protection and guidance for securing resources in the cloud or on-premises.

Log Analytics gathers security-related data to monitor, protect, and provide insights across multicloud and hybrid environments for threat detection and anomaly classification.

Azure Cost Management helps track expenses and enables monitoring, budgeting, and alert features to manage costs effectively in the cloud.

Azure Policy enforces organizational standards and compliance by setting scale policies to control and audit resources for compliance and configuration management.

Resource locks prevent accidental deletions or changes by applying restrictions to resources to prevent unauthorized actions, requiring the lock to be removed before any modifications are made.

To update or delete a resource, the lock must be removed regardless of the user's permissions.

A 20-minute break is announced before continuing with the session.

The Service Trust Portal provides information on Microsoft's security, privacy, and compliance practices, including controls and processes to protect cloud services and customer data.

Details on the content available on the Service Trust Portal, such as Microsoft's implementation of controls and processes to safeguard cloud services and customer data.

Users need to sign in as authenticated users with a Microsoft Cloud Services account to access features and content on the Service Trust Portal.

Microsoft Perview offers data governance, risk, and compliance solutions for a unified view of data landscape with automated data discovery and end-to-end data lineage.

Microsoft Perview includes risk and governance solutions using Microsoft 365 features and unified data governance capabilities for managing data across various platforms, including Amazon S3.

The Cloud Adoption Framework provides guidance and tools to aid in a smooth transition to cloud services, ensuring compliance and operational excellence.

Azure Logic Apps use predefined workflows instead of developing your own, providing the same functionality as Azure Functions without the need for coding.

A use case for a VPN Gateway is connecting an on-premises data center to an Azure virtual network for communication between Azure resources.

Azure Virtual Desktop allows users to run Windows-based applications from a Windows environment, providing cloud-hosted Windows access across different devices.

Two services that allow running applications in containers are highlighted, offering flexibility in container-based application deployment.

Choosing Azure Blob Storage (option C) ensures the fastest access times for reading and writing data, making it ideal for storage needs.

Azure Blob Storage is recommended for storing unstructured files like images to be served on web pages, ensuring efficient storage and access.

Utilizing NFS and SMB standards (options C and D) enable easy access and sharing of files through Azure File Shares.

Defense in Depth strategy aims to prevent unauthorized access to sensitive information by using multiple layers of security.

Multi-Factor Authentication enhances security by requiring users to use their mobile phones for authentication, ensuring additional verification.

Conditional Access allows administrators to control access to resources based on specific signals, ensuring compliance and security.

Cloud computing advantages include no physical server access and horizontal scaling, providing scalability and flexibility in resource management.

Capital Expenditures refer to upfront costs like hardware purchases, impacting budgeting and financial planning in cloud deployments.

Hybrid Cloud combines private and public cloud infrastructure, balancing control and scalability for organizations.

Cloud-based backup services and data replication are crucial in disaster recovery planning, ensuring operational continuity in case of unexpected events.

Geo Distribution allows deploying applications and data to regional data centers worldwide, optimizing performance and user experience based on location.

Horizontal scaling increases application capacity by adding additional virtual resources, enhancing performance and resource availability.

Customers are responsible for managing the operating system in deployment models A and B, indicating control over application hosting.

The platform as a service model offers the most control over hardware for running applications, providing flexibility and customization options.

In a platform as a service model, the cloud service provider is responsible for managing and maintaining the infrastructure and hardware, ensuring hassle-free usage for customers.

Data and access management in a software as a service model are handled by the cloud provider, allowing users to focus on application usage.

The infrastructure as a service model offers virtual networks, giving users control over network configurations and settings.