O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T 10979D Microsoft Azure Fundamentals Companion Content ii Microsoft Azure Fundamentals Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. © 2017 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at https://www.microsoft.com/enus/legal/intellectualproperty/Trademarks/Usage/General.aspx are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners Product Number: 10979D Released: 09/2017 MICROSOFT LICENSE TERMS MICROSOFT INSTRUCTOR-LED COURSEWARE These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which includes the media on which you received it, if any. These license terms also apply to Trainer Content and any updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms apply. BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT. If you comply with these license terms, you have the rights below for each license you acquire. 1. DEFINITIONS. a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning Competency Member, or such other entity as Microsoft may designate from time to time. b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led Courseware conducted by a Trainer at or through an Authorized Learning Center. c. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware. d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee. e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft Instructor-Led Courseware or Trainer Content. f. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a Microsoft Certified Trainer under the Microsoft Certification Program. g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware. h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy Program. i. “Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network program in good standing that currently holds the Learning Competency status. j. “MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft Official Course that educates IT professionals and developers on Microsoft technologies. k. “MPN Member” means an active Microsoft Partner Network program member in good standing. l. “Personal Device” means one (1) personal computer, device, workstation or other digital electronic device that you personally own or control that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware. m. “Private Training Session” means the instructor-led training classes provided by MPN Members for corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware. These classes are not advertised or promoted to the general public and class attendance is restricted to individuals employed by or contracted by the corporate customer. n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program Member to teach an Authorized Training Session, and/or (ii) a MCT. o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Prerelease course feedback form. To clarify, Trainer Content does not include any software, virtual hard disks or virtual machines. 2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed Content. 2.1 Below are five separate sets of use rights. Only one set of rights apply to you. a. If you are a Microsoft IT Academy Program Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User who is enrolled in the Authorized Training Session, and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or 2. provide one (1) End User with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or 3. provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session, v. you will ensure that each End User provided with the hard-copy version of the Microsoft InstructorLed Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session, vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Authorized Training Sessions, viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training Session that uses a MOC title, and ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources for the Microsoft Instructor-Led Courseware. b. If you are a Microsoft Learning Competency Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Authorized Training Session and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware provided, or 2. provide one (1) End User attending the Authorized Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft InstructorLed Courseware, or 3. you will provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure that each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session, v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session, vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training Sessions, viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Authorized Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers. c. If you are a MPN Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Private Training Session, and only immediately prior to the commencement of the Private Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or 2. provide one (1) End User who is attending the Private Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or 3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure that each End User attending an Private Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session, v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Private Training Session, vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training Sessions, viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Private Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers. d. If you are an End User: For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. e. If you are a Trainer. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the i. form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized Training Session or Private Training Session, and install one (1) additional copy on another Personal Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not install or use a copy of the Trainer Content on a device you do not own or control. You may also print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training Session or Private Training Session. ii. You may customize the written portions of the Trainer Content that are logically associated with instruction of a training session in accordance with the most recent version of the MCT agreement. If you elect to exercise the foregoing rights, you agree to comply with the following: (i) customizations may only be used for teaching Authorized Training Sessions and Private Training Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of “customize” refers only to changing the order of slides and content, and/or not using all the slides or content, it does not mean changing or modifying any slide or content. 2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not separate their components and install them on different devices. 2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft. 2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included for your information only. 2.5 Additional Terms. Some Licensed Content may contain components with additional terms, conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also apply to your use of that respective component and supplements the terms described in this agreement. 3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to the other provisions in this agreement, these terms also apply: a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of the Microsoft technology. The technology may not work the way a final version of the technology will and we may change the technology for the final version. We also may not release a final version. Licensed Content based on the final version of the technology may not contain the same information as the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you with any further content, including any Licensed Content based on the final version of the technology. b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or through its third party designee, you give to Microsoft without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its technology, technologies, or products to third parties because we include your feedback in them. These rights survive this agreement. c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”). Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies of the Licensed Content in your possession or under your control. 4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not: • access or allow any individual to access the Licensed Content if they have not acquired a valid license for the Licensed Content, • alter, remove or obscure any copyright or other protective notices (including watermarks), branding or identifications contained in the Licensed Content, • modify or create a derivative work of any Licensed Content, • publicly display, or make the Licensed Content available for others to access or use, • copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or distribute the Licensed Content to any third party, • work around any technical limitations in the Licensed Content, or • reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the Licensed Content except and only to the extent that applicable law expressly permits, despite this limitation. 5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Licensed Content. 6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting. 7. SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it. 8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail to comply with the terms and conditions of this agreement. Upon termination of this agreement for any reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in your possession or under your control. 9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any third party sites, any links contained in third party sites, or any changes or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to you only as a convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party site. 10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and supplements are the entire agreement for the Licensed Content, updates and supplements. 11. APPLICABLE LAW. a. United States. If you acquired the Licensed Content in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort. b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that country apply. 12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so. 13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. 14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES. This limitation applies to o anything related to the Licensed Content, services, content (including code) on third party Internet sites or third-party programs; and o claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law. It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages. Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French. Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français. EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues. LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices. Cette limitation concerne: • tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers; et. • les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur. Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard. EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas. Revised July 2013 Getting started with Microsoft Azure 1-1 Module 1 Getting started with Microsoft Azure Contents: Lesson 2: What is Azure? 2 Lesson 3: Managing Azure 4 Lesson 4: Subscription management, support, and billing 6 Module Review and Takeaways 9 Lab Review Questions and Answers 10 1-2 Microsoft Azure Fundamentals Lesson 2 What is Azure? Contents: Question and Answers 3 Resources 3 Getting started with Microsoft Azure 1-3 Question and Answers Question: Which of the following items did Azure Resource Manager introduce? ( ) Tags ( ) Template-based deployment ( ) Role-based access control (RBAC) ( ) An Azure Web portal ( ) Windows PowerShell-based management of Azure services Answer: (√) Tags (√) Template-based deployment (√) Role-based access control (RBAC) ( ) An Azure Web portal ( ) Windows PowerShell-based management of Azure services Feedback: Azure Resource Manager introduced the concept of resource groups, and made it possible for you to tag these groups’ resources and delegate administrative access via Role-Based Access Control (RBAC). The Web portal and Windows PowerShell-based management were available in the Service Management (classic) model, and they are available in both management models. However, the portal interface has changed considerably. Resources Overview of Azure Additional Reading: For more information on newly announced Azure geographies and regions, including planned regional datacenter deployments, refer to “Azure Regions” at: http://aka.ms/Tzcz4g Overview of Azure services Additional Reading: For a full list of services that are currently available in Azure, refer to the “Popular products” section at: http://aka.ms/Qe9skc 1-4 Microsoft Azure Fundamentals Lesson 3 Managing Azure Contents: Question and Answers 5 Resources 5 Getting started with Microsoft Azure 1-5 Question and Answers Question: Which of the following are limitations of the Azure classic portal? ( ) You cannot view resources deployed by using Azure Resource Manager templates. ( ) You cannot view resources by using Service Management deployment model. ( ) You cannot delegate permissions by using RBAC. ( ) You cannot modify subscription level settings. ( ) You cannot use tagging. Answer: (√) You cannot view resources deployed by using Azure Resource Manager templates. ( ) You cannot view resources by using Service Management deployment model. (√) You cannot delegate permissions by using RBAC. ( ) You cannot modify subscription level settings. (√) You cannot use tagging. Feedback: In the Azure classic portal interface, you cannot use any of the features that the Azure Resource Manager deployment model introduces, such as Azure Resource Manager resources (which are in Azure Resource Manager template-based deployments), tagging, or RBAC. However, you can use it to view and manage services that you deploy by using Service Management model. You also can modify subscription-level settings by using the SETTINGS page. Resources Client tools Additional Reading: To develop applications that target Azure in Visual Studio, install the Azure SDK for .NET, from “Downloads, Get the SDKs and command-line tools you need” at: http://aka.ms/ywmvxt 1-6 Microsoft Azure Fundamentals Lesson 4 Subscription management, support, and billing Contents: Question and Answers 7 Resources 7 Getting started with Microsoft Azure 1-7 Question and Answers Question: You are a Service Administrator of an Azure subscription. What method do we recommend for delegating the ability to manage some of your subscription’s resources to another user? ( ) Configure the user as the Account Administrator ( ) Configure the user as the Service Administrator ( ) Configure the user as a Co-Administrator ( ) Configure the user as the Owner of the subscription by using RBAC ( ) Configure the user as the Owner of the resources by using RBAC Answer: ( ) Configure the user as the Account Administrator ( ) Configure the user as the Service Administrator ( ) Configure the user as a Co-Administrator ( ) Configure the user as the Owner of the subscription by using RBAC (√) Configure the user as the Owner of the resources by using RBAC Feedback: You should use RBAC to configure the user as the Owner of the resources. This complies with the principle of least privilege and is the most secure solution. Configuring the user as the Account Administrator would not have the desired outcome, because the Account Administrator does not have privileges to manage subscription services. You cannot configure the user as the Service Administrator, because there can be only one Service Administrator. Lastly, while configuring the user as Co-Administrator would allow that user to manage any resources in the subscription, we do not recommend this as it is excessive. Resources Accounts, subscriptions, administrative roles, and RBAC Additional Reading: You can access the Azure Account Center from the Microsoft website at: http://aka.ms/Cbnltm Azure billing and support options Additional Reading: For more information about the Pay-As-You-Go plan, including usage quotas, refer to “Pay-As-You-Go” at: http://aka.ms/Gote79 Additional Reading: For more information, refer to “Get Started with Azure in Open Licensing” at: http://aka.ms/Kem08f Additional Reading: For more information, refer to “Licensing Azure for the Enterprise” at: http://aka.ms/Voag7x Additional Reading: For more information about Microsoft Azure FAQs, refer to https://aka.ms/emtve7 Additional Reading: For more information about Microsoft Azure pricing, refer to https://aka.ms/qoc6im 1-8 Microsoft Azure Fundamentals Additional Reading: For more information about members’ benefits, refer to “Member Offers” at: http://aka.ms/Nse6tf Additional Reading: For more information about support plans, refer to “Azure Support For Customers” at: http://aka.ms/cqf65f Azure pricing Additional Reading: For more information, refer to “Azure pricing” at: http://aka.ms/Svvfpj Getting started with Microsoft Azure 1-9 Module Review and Takeaways Review Question Question: What are the three categories of cloud services? Answer: Cloud services generally fall into one of the following three categories: • Software as a service (SaaS) • Platform as a service (PaaS) • Infrastructure as a service (IaaS) 1-10 Microsoft Azure Fundamentals Lab Review Questions and Answers Lab: Using the Azure portals Question and Answers Question: The lab showed you how you use different methods to view charges of services and resources in your subscription. Which method allows you to download an Excel spreadsheet that contains billing data? Answer: Account Portal Feedback: Account Portal. While you can view billing and usage data in the Azure portal, the Azure classic portal, and the Account Portal, only the Account Portal provides the option to download an Excel spreadsheet that contains billing data. Microsoft Azure management tools 2-1 Module 2 Microsoft Azure management tools Contents: Lesson 1: What is Azure PowerShell? 2 Lesson 2: Azure SDK and Azure CLI 5 Module Review and Takeaways 7 Lab Review Questions and Answers 8 2-2 Microsoft Azure Fundamentals Lesson 1 What is Azure PowerShell? Contents: Question and Answers 3 Resources 3 Microsoft Azure management tools 2-3 Question and Answers Question: Which cmdlet should you use if you want to authenticate to your subscription and manage Azure Resource Manager resources? ( ) Select-AzureRmSubscription ( ) Add-AzureAccount ( ) Add-AzureRmAccount ( ) Select-AzureSubscription ( ) Get-AzureRmContext Answer: ( ) Select-AzureRmSubscription ( ) Add-AzureAccount (√) Add-AzureRmAccount ( ) Select-AzureSubscription ( ) Get-AzureRmContext Feedback: The Add-AzureRmAccount cmdlet prompts you for credentials to authenticate to your Azure subscription, providing you with the ability to manage its Azure Resource Manager resources. The Add-AzureAccount cmdlet behaves in a similar manner but provides access to Service Management services. You can use the Select-AzureRmSubscription and SelectAzureSubscription cmdlets to select the target subscription you want to manage after you authenticate. You can use the Get-AzureRmContext cmdlet to identify your current context but not to trigger authentication. Resources Introduction to Windows PowerShell Additional Reading: For more information, refer to “PowerShell Tools for Visual Studio 2017” at https://aka.ms/iz4i9p. Additional Reading: For more information, refer to Visual Studio Code: http://aka.ms/Frdda1 Introduction to Azure PowerShell Additional Reading: For more information, refer to “Downloads” at https://aka.ms/wiu6qp. Additional Reading: For more information, refer to “Windows Management Framework 5.1” at https://aka.ms/n4hlto. Additional Reading: For more information, refer to PackageManagement PowerShell Modules Preview: http://aka.ms/Onym5y Additional Reading: For more information, refer to “Azure/azure-powershell” at http://aka.ms/Vep7fj. 2-4 Microsoft Azure Fundamentals Managing Azure subscriptions by using Azure PowerShell Additional Reading: The expiration time for an Azure AD authentication token depends on several factors. For more information, refer to “Configurable token lifetimes in Azure Active Directory (Public Preview)” at https://aka.ms/k2mtil. Microsoft Azure management tools 2-5 Lesson 2 Azure SDK and Azure CLI Contents: Question and Answers 6 Resources 6 2-6 Microsoft Azure Fundamentals Question and Answers Question: You have successfully authenticated and connected to your Azure subscription in an Azure CLI 1.0 session. You currently manage Azure Resource Manager resources. Which Azure CLI command should you run if you want to manage Azure classic resources? ( ) azure config mode arm ( ) azure config mode asm ( ) azure login ( ) azure account list ( ) azure account set Answer: ( ) azure config mode arm (√) azure config mode asm ( ) azure login ( ) azure account list ( ) azure account set Feedback: You should use the azure config mode asm command. This allows you to switch from the Azure Resource Manager mode to the classic mode. You use the first command, azure config mode arm, to switch back to the Azure Resource Manager mode. You use azure login to authenticate. You use the last two commands, azure account list and azure account set, to list and set the target Azure subscription, which is already configured per the question. Alternatively, you could use Azure CLI 2.0, if you installed it on your computer. Another option is to use Azure Cloud Shell, which is accessible directly from the Azure portal. Resources What is the Azure SDK? Additional Reading: For more information, refer to Downloads: http://aka.ms/Nc0773 Additional Reading: For more information, refer to What is the Azure SDK for .NET?: http://aka.ms/Rixh0i Introduction to the Azure CLI Additional Reading: For more information about installing Azure CLI 1.0, refer to “Microsoft Azure Xplat-CLI for Windows, Mac and Linux” at https://aka.ms/q3asut. Additional Reading: For more information about installing Azure CLI 2.0, refer to “Install Azure CLI 2.0” at https://aka.ms/ultvco. Microsoft Azure management tools 2-7 Module Review and Takeaways Review Question Question: Which method would you choose to automate the management of your Azure environment? Answer: The most common answers will likely include Azure PowerShell or the Azure CLI. The answers will likely depend on the students’ level of familiarity with Windows PowerShell and Linux shell scripting. 2-8 Microsoft Azure Fundamentals Lab Review Questions and Answers Lab: Using Microsoft Azure management tools Question and Answers Question: What must you do in order to use Azure CLI to manage classic resources? Answer: To manage classic resources, you must install Azure CLI 1.0. Azure CLI 2.0 only supports the Azure Resource Manager deployment model. Virtual machines in Microsoft Azure 3-1 Module 3 Virtual machines in Microsoft Azure Contents: Lesson 1: Creating and configuring VMs 2 Lesson 2: Configuring disks 4 Module Review and Takeaways 6 Lab Review Questions and Answers 7 3-2 Microsoft Azure Fundamentals Lesson 1 Creating and configuring VMs Contents: Question and Answers 3 Resources 3 Virtual machines in Microsoft Azure 3-3 Question and Answers Question: What is the maximum number of fault domains in an availability set consisting of Azure VMs that were deployed by using the Azure Resource Manager deployment model? ( )2 ( )3 ( )5 ( ) 20 ( ) 50 Answer: ( )2 (√) 3 ( )5 ( ) 20 ( ) 50 Feedback: Azure Resource Manager assigns up to three fault domains to an availability set consisting of Azure VMs. Resources Creating a VM from an Azure Resource Manager template Additional Reading: For more information, refer to Azure Quickstart Templates: http://aka.ms/Qgh9jn Additional Reading: For more information, refer to Create a Windows virtual machine with a Resource Manager template: http://aka.ms/Bt1gf6 Configuring an operating system by using VM extensions Additional Reading: For more information, refer to “Virtual machine extensions and features for Windows” at http://aka.ms/B8t3pl and “Virtual machine extensions and features for Linux” at https://aka.ms/qb84ta. Connecting to a VM Additional Reading: You can connect to an Azure Linux VM via Remote Desktop by using functionality that the xrdp open source RDP server provides. To accomplish this, you must install xrdp on the target Linux VM. For more information, refer to “Using Remote Desktop to connect to a Microsoft Azure Linux VM” at https://aka.ms/i32wgz. 3-4 Microsoft Azure Fundamentals Lesson 2 Configuring disks Contents: Question and Answers 5 Resources 5 Virtual machines in Microsoft Azure 3-5 Question and Answers Question: You have a Microsoft Azure VM that runs Windows Server 2016 with a single data disk with a size of 4 TB. You need to create a 7-TB file system volume. What should you do? ( ) Attach one disk. Create a Storage Spaces–based volume with the simple layout. ( ) Increase the size of the data disk. ( ) Attach one disk. Convert data disks to dynamic disks and create a stripe. ( ) Attach one disk. Create a Storage Spaces–based volume with the parity layout. ( ) Convert the data disk to Premium Storage and increase the size of the disk. Answer: (√) Attach one disk. Create a Storage Spaces–based volume with the simple layout. ( ) Increase the size of the data disk. ( ) Attach one disk. Convert data disks to dynamic disks and create a stripe. ( ) Attach one disk. Create a Storage Spaces–based volume with the parity layout. ( ) Convert the data disk to Premium Storage and increase the size of the disk. Feedback: To accomplish this objective, you should create a two-disk Storage Spaces–based volume with the simple layout. This will yield usable space of 8 TB. 4 TB is the maximum size of page blobs, so you cannot increase the disk size. Striping by using dynamic disks was deprecated in Windows Server 2012. Parity layout requires at least three disks. Premium Storage is subject to the same size limitations as standard storage, so the maximum size of the disk is 4 TB. Resources Azure VMs disk mobility Additional Reading: Azure REST API is beyond the scope of this course. If you want to explore this topic further, refer to “Snapshot Blob” at https://aka.ms/dupgph. Configuring storage in Windows and Linux VMs Additional Reading: For more information regarding LVM, refer to “Configure LVM on a Linux VM in Azure” at https://aka.ms/d44xh4. For more information regarding mdadm, refer to “Configure Software RAID on Linux” at https://aka.ms/n8yavz. 3-6 Microsoft Azure Fundamentals Module Review and Takeaways Review Questions Question: How does your organization use virtualization? Did you implement any public or private cloud solutions with your virtualization solution? Answer: Answers might vary, but most students will probably already have virtualization deployed. Also, some students might have deployed private cloud solutions by using systems such as Microsoft System Center 2012. Question: Based on what you learned in this module, for what purpose would you choose Azure VM deployment? Answer: Answers might vary, but will likely include implementations that must accommodate dynamically changing demand (such as a customer-facing website that must quickly adjust to fluctuations in its workload) or that involve temporary setup (frequently required by proof-ofconcept or development projects). Virtual machines in Microsoft Azure 3-7 Lab Review Questions and Answers Lab: Creating a VM in Azure Question and Answers Question: What type of connection can you establish to the VM in Azure by default? Answer: You can establish a RDP connection to Windows-based VMs and a Secure Shell (SSH) connection to Linux-based VMs. Web Apps and cloud services 4-1 Module 4 Web Apps and cloud services Contents: Lesson 1: Creating and configuring web apps 2 Lesson 2: Deploying and monitoring web apps 4 Lesson 3: Creating and deploying PaaS cloud services 6 Module Review and Takeaways 8 Lab Review Questions and Answers 9 4-2 Microsoft Azure Fundamentals Lesson 1 Creating and configuring web apps Contents: Question and Answers 3 Resources 3 Web Apps and cloud services 4-3 Question and Answers Question: You work as a developer for your organization, and your manager wants you to list the major benefits of using Azure App Service. What would you tell him? Answer: Some of the most important benefits of Azure App Service include: • Rapid deployment of web and mobile apps. • Native support for staged deployments. • Support for most common development platforms. Resources Creating and maintaining web apps Additional Reading: For App Service Plan Pricing Details, refer to “App Service pricing” at http://aka.ms/Nmhpka. Configuring and scaling web apps Additional Reading: For more information about scaling web apps, refer to “Scale up an app in Azure” at http://aka.ms/Peyuez. 4-4 Microsoft Azure Fundamentals Lesson 2 Deploying and monitoring web apps Contents: Question and Answers 5 Resources 5 Web Apps and cloud services 4-5 Question and Answers Question: What are the benefits of deployment slots, and how can you move your web app between different slots? Answer: You can create deployments slots for production and development. You can validate the status of your web app in the staging deployment slot and swap it into production after the validation is complete. Furthermore, if it turns out that the newly deployed version of the web app is not functioning properly, you have the flexibility to perform an instant rollback. Resources Options for creating and publishing web app content Additional Reading: To download the MSDeploy.exe tool, refer to “Web Deploy 3.6” at http://aka.ms/D8g047. Publishing a web app from Visual Studio Additional Reading: For information on how to use Visual Studio to publish ASP.NET websites on the Deploy an ASP.NET web app to Azure App Service by using Visual Studio webpage, refer to “Create an ASP.NET web app in Azure” at http://aka.ms/C4mv1m. Performing staged deployments Additional Reading: For more information on the configuration steps for a Git repository in Visual Studio Team Services, refer to “Continuous Delivery for Cloud Services in Azure” at http://aka.ms/A1pvoq. 4-6 Microsoft Azure Fundamentals Lesson 3 Creating and deploying PaaS cloud services Contents: Question and Answers 7 Web Apps and cloud services 4-7 Question and Answers Question: What scenarios do you consider to be most suitable for deployment of web apps in Azure? Answer: Answers might vary based on the students’ organizational requirements and current infrastructure. 4-8 Microsoft Azure Fundamentals Module Review and Takeaways Best Practices The Web Apps feature of Azure App Service is the primary choice for the majority of web apps for a number of reasons: • Both deployment and website management are integrated into the Azure platform. • You can scale your sites rapidly to handle high-volume traffic. • Web apps have the built-in support for load balancing. • You can move your existing web apps to Azure quickly and easily with an online migration tool. • You can use an open-source app from the Azure Marketplace or create a new site by using the framework and tools of your choice. Note that, in some situations, you might need a higher level of control over your web apps. For example, you might require the ability to connect remotely to your server or to configure server startup tasks. In such cases, Azure Cloud Services might be a better option. However, if such an application requires significant modifications to run as an Azure cloud service, you might want to consider using an Azure virtual machine to host it. Review Question Question: From a management standpoint, what is the key difference between using a web app and an Azure virtual machine with the IIS server role installed to host your web apps? Answer: Azure web apps provide a fully managed PaaS, whereas the Azure virtual machine does not. Web Apps and cloud services 4-9 Lab Review Questions and Answers Lab: Web Apps and cloud services Question and Answers Question: In the lab, you created an Azure cloud service. Which two files did you require to create the cloud service? Answer: The two files required were the service package file (.cspkg) and the service configuration file (.cscfg). Creating and configuring virtual networks 5-1 Module 5 Creating and configuring virtual networks Contents: Lesson 1: Getting started with virtual networks 2 Lesson 2: Configuring Azure networking 4 Lesson 3: Getting started with Azure Load Balancer 6 Module Review and Takeaways 8 Lab Review Questions and Answers 9 5-2 Microsoft Azure Fundamentals Lesson 1 Getting started with virtual networks Contents: Question and Answers 3 Creating and configuring virtual networks 5-3 Question and Answers Question: Which of the following Azure services support direct connectivity to an Azure virtual network? ( ) Azure SQL Database ( ) Azure Active Directory ( ) Azure Virtual Machines ( ) Azure PaaS Cloud Services ( ) Web Apps Answer: ( ) Azure SQL Database ( ) Azure Active Directory (√) Azure Virtual Machines (√) Azure PaaS Cloud Services (√) Web Apps Feedback: Azure virtual machines are automatically placed on a virtual network during their deployment. You also have the option to connect web and worker roles of an Azure PaaS cloud service directly to a virtual network. In the case of Azure Web apps, you can connect them via a point-to-site VPN. Azure SQL databases and Azure Active Directory tenants are not virtual network-aware. 5-4 Microsoft Azure Fundamentals Lesson 2 Configuring Azure networking Contents: Question and Answers 5 Creating and configuring virtual networks 5-5 Question and Answers Question: What is the smallest subnet that you can implement in an Azure virtual network? ( ) /24 ( ) /26 ( ) /29 ( ) /30 ( ) /31 Answer: ( ) /24 ( ) /26 (√) /29 ( ) /30 ( ) /31 Feedback: There are five IP addresses on each subnet that Azure platform reserves for its internal use. The smallest subnet you can implement is /29. 5-6 Microsoft Azure Fundamentals Lesson 3 Getting started with Azure Load Balancer Contents: Question and Answers 7 Creating and configuring virtual networks 5-7 Question and Answers Question: Is it mandatory to set up a custom Domain Name System (DNS) on your Azure virtual network? Answer: No, it is not. If you do not set up the DNS, your network will use the Azure build in name resolution. 5-8 Microsoft Azure Fundamentals Module Review and Takeaways Review Question Question: If you decide to implement some of your services on the Azure platform, would you need to create Azure virtual networks? Answer: The answers might vary, but in general: • • • • You must create virtual networks when deploying Azure VMs. Virtual networks are optional when deploying Azure PaaS Cloud Services. The Web Apps feature of Azure App Service supports integration with the Azure virtual networks to facilitate direct connectivity to Azure VMs. Services such as Azure SQL Database or Azure Active Directory do not connect directly to virtual networks. Creating and configuring virtual networks 5-9 Lab Review Questions and Answers Lab: Create and configure virtual networks Question and Answers Question: Can you move virtual machines that you created in the lab to a different virtual network? Answer: No. You would have to redeploy these virtual machines. You can easily move Azure virtual machines between subnets on the same virtual network. You cannot move virtual machines between virtual networks. Doing so requires redeployment. Question: Will you be able to successfully ping the two virtual machines on the virtual network? Answer: No, which is the reason that in the lab, the test involved using the Remote Desktop Protocol. Ping functionality relies on the Internet Control Message protocol (ICMP), which by default is blocked by Windows Firewall on each of the two Azure virtual machines. Cloud storage 6-1 Module 6 Cloud storage Contents: Lesson 1: Understanding cloud storage 2 Lesson 2: Create and manage storage 4 Module Review and Takeaways 6 Lab Review Questions and Answers 7 6-2 Microsoft Azure Fundamentals Lesson 1 Understanding cloud storage Contents: Question and Answers 3 Resources 3 Cloud storage 6-3 Question and Answers Question: What type of Azure Storage would you use for storing virtual disk files for Azure virtual machines (VMs)? ( ) Page blobs ( ) Block blobs ( ) Table storage ( ) Append blobs ( ) File storage Answer: (√) Page blobs ( ) Block blobs ( ) Table storage ( ) Append blobs ( ) File storage Feedback: The only possibility for virtual disk file storage of Azure VMs is page blobs. This type of storage is optimized for random access. Resources Overview of Azure Storage Additional Reading: For more information, refer to “Azure subscription and service limits, quotas, and constraints” at http://aka.ms/O5vvrr. 6-4 Microsoft Azure Fundamentals Lesson 2 Create and manage storage Contents: Question and Answers 5 Resources 5 Cloud storage 6-5 Question and Answers Question: You need to create a Premium Storage account. Which of the following storage options can you use in this case? ( ) Locally redundant storage ( ) Zone-redundant storage ( ) Geo-redundant storage ( ) Read-access geo-redundant storage ( ) Blob storage account type Answer: (√) Locally redundant storage ( ) Zone-redundant storage ( ) Geo-redundant storage ( ) Read-access geo-redundant storage ( ) Blob storage account type Feedback: Locally redundant storage is the only replication type supported by Microsoft Azure Premium Storage accounts. In addition, Premium Storage must use the general-purpose storage account, because the Blob storage account supports only block and append blobs. Resources Creating and managing Azure Storage non-programmatically Reference Links: For more information, refer to Azure Web Storage Explorer: http://aka.ms/M09rms Additional Reading: For more information, refer to Azure Storage Client Tools at http://aka.ms/R3aaz8. Reference Links: For more information, refer to Use the Microsoft Azure Import/Export Service to Transfer Data to Blob Storage at http://aka.ms/Fskpq4. Creating and managing storage programmatically Additional Reading: For more information, refer to “Get started with Azure Blob storage using .NET” at http://aka.ms/c7n9ho. Creating and managing tables programmatically Additional Reading: For more information, refer to “Get started with Azure Table storage using .NET” at http://aka.ms/Gcjemy. 6-6 Microsoft Azure Fundamentals Module Review and Takeaways Best Practices By following the best practices for using Azure Storage, you can minimize its cost. The four factors that will influence your costs are: • Amount of storage used (with Standard storage) or provisioned (with Premium Storage). Consider using Standard storage disks for volumes hosting the operating system and carefully estimate the optimum size of Premium Storage disks. • Replication options. Geo-redundant storage accounts are more expensive than locally redundant storage. One way to reduce costs is to create multiple storage accounts with replication settings configured individually according to the resiliency requirements of their content. • Number of storage transactions. Transactions are defined as operations (such as create, read, or write) across all Azure Storage types including blobs, tables, queues, and files. One way to minimize these charges is to ensure that VMs rely on temporary disks for hostingnon-persistent content (such as their paging files). This cost is not applicable to Premium Storage accounts. • Egress data from the Azure region hosting the storage account. To minimize these charges, you should consider grouping interdependent services together in the same region. Note: For more information, refer to Azure Blobs Storage Pricing at http://aka.ms/Lfqijq. Review Question Question: If you want to store installation image files that will be accessed via the SMB protocol by multiple Azure VMs, which type of storage should you choose? Answer: You should choose Azure File storage. Feedback: Only Azure File storage supports access via the SMB protocol. Tools The following is a list of the tools that this module references: • Azure Portal • Microsoft Visual Studio • Microsoft Azure Storage Explorer • Azure Web Storage Explorer • AzCopy.exe • Microsoft Azure Import/Export service Cloud storage 6-7 Lab Review Questions and Answers Lab: Configure Azure Storage Question and Answers Question: Can you convert a Standard storage account to a Premium Storage account? Answer: No, this is not possible. Feedback: If your intention is to change performance of a data disk from Standard to Premium or from Premium to Standard, then you must detach the disk from its VM, copy its content to an Azure storage account that has the desired performance setting, and then attach its copy to the VM. Question: Is it possible to upload a file to an Azure Storage blob by using the Azure portal? Answer: Yes, you can upload files to an Azure storage blobs by using the Azure portal. Feedback: You can also use one of several Azure Storage tools, such as Azure Web Storage Explorer, for this purpose. Microsoft Azure Databases 7-1 Module 7 Microsoft Azure Databases Contents: Lesson 1: Understanding options for relational database deployments 2 Lesson 2: Creating and connecting to Azure SQL databases 4 Module Review and Takeaways 6 Lab Review Questions and Answers 7 7-2 Microsoft Azure Fundamentals Lesson 1 Understanding options for relational database deployments Contents: Question and Answers 3 Resources 3 Microsoft Azure Databases 7-3 Question and Answers Question: Which of the following features increase resiliency of Azure SQL database? ( ) Point In Time Restore ( ) Sharding ( ) Elastic Database pools ( ) Geo-Replication ( ) Geo-Restore Answer: (√) Point In Time Restore ( ) Sharding ( ) Elastic Database pools (√) Geo-Replication (√) Geo-Restore Resources Compare SQL database with SQL Server in a virtual machine Additional Reading: For a comprehensive list of features that SQL databases support, refer to: http://aka.ms/N7d08a Additional Reading: For a comprehensive list of differences of Transact-SQL related functionality between SQL Server and Azure SQL Database, refer to: Azure SQL Database Transact-SQL differences: http://aka.ms/Ps3svp Additional Reading: For information about identifying and resolving databasecompatibility issues by using SQL Server Database Migration Wizard, refer to: http://aka.ms/Qmu1ip Please note that the SQL Server 2016 Upgrade Advisor includes most of the SQL Database Migration Wizard features and additionally, it extends that functionality by adding support for migration of Full-Text search functionality. 7-4 Microsoft Azure Fundamentals Lesson 2 Creating and connecting to Azure SQL databases Contents: Question and Answers 5 Microsoft Azure Databases 7-5 Question and Answers Question: How will your organization use Azure SQL Database? Answer: Answers will vary but might include: • To store data for Azure web apps, PaaS cloud services, and applications running in Azure IaaS virtual machines. • To store data for Azure mobile apps. • To migrate databases from a SQL Server instance hosted in an Azure virtual machine. • To migrate data from SQL Server on-premises. 7-6 Microsoft Azure Fundamentals Module Review and Takeaways Review Question Question: What should you consider when choosing between on-premises SQL Server, SQL Server on an Azure virtual machine, and Azure SQL Database? Answer: You should consider the following factors: 1. Data storage policy compliance. Some organizations, geopolitical regions, and industries have strict requirements for data storage, which might determine where and how data can be stored. 2. Required functionality. SQL Server supports some functionality that is not available in Azure SQL Database. 3. Additional relational database–related services. SQL Server includes not only the database engine but also additional services such as the SQL Server Agent, SQL Server Integration Services, SQL Server Reporting Services, SQL Server Analysis Services, and SQL Server Master Data Services. If you require the capabilities of these services, SQL Server might be a better choice. 4. Maintenance and manageability. In general, Azure SQL Database requires considerably less maintenance overhead than a SQL Server instance (on-premises or on an Azure virtual machine). Additional Reading: For more information regarding data storage policy compliance, refer to the Azure Trust Center: http://aka.ms/Rhwnfd Microsoft Azure Databases 7-7 Lab Review Questions and Answers Lab: Creating a SQL Database in Azure Question and Answers Question: In the lab, you connected to an Azure SQL database by using SQL Server Management Studio. What configuration change must you make first in the Azure portal before successfully establishing the connection? Answer: You must configure a SQL Server firewall rule to allow incoming connections from the IP address range containing the public IP address of your lab computer. Question: What authentication method do you have to use when connecting to Azure SQL Database? Answer: You must use SQL Server authentication or Azure Active Directory–based authentication. Windows authentication is not supported when connecting to Azure SQL Database. Creating and managing Azure AD 8-1 Module 8 Creating and managing Azure AD Contents: Lesson 1: Overview of Azure AD 2 Lesson 2: Manage Azure AD authentication 4 Module Review and Takeaways 6 Lab Review Questions and Answers 7 8-2 Microsoft Azure Fundamentals Lesson 1 Overview of Azure AD Contents: Question and Answers 3 Resources 3 Creating and managing Azure AD 8-3 Question and Answers Question: Which of the following are characteristics of Azure AD? ( ) Multi-tenant ( ) Contains organizational units ( ) Uses LDAP for directory lookups ( ) Supports Group Policy ( ) Offers native support for Multi-Factor Authentication Answer: (√) Multi-tenant ( ) Contains organizational units ( ) Uses LDAP for directory lookups ( ) Supports Group Policy (√) Offers native support for Multi-Factor Authentication Feedback: Unlike AD DS, Azure AD is multi-tenant by design. It does not support organizational units. It relies on Internet-friendly protocols for directory lookups (Graph API over HTTPS) rather than Lightweight Directory Access Protocols (LDAP). It does not support Group Policies for management of its domain-joined devices; you can use an MDM solution, such as Microsoft Intune, instead. It offers native support for MFA. Resources Additional Reading: For more information regarding configuring Web App Azure AD authentication, refer to “How to configure your App Service application to use Azure Active Directory login” at: http://aka.ms/L27lid 8-4 Microsoft Azure Fundamentals Lesson 2 Manage Azure AD authentication Contents: Question and Answers 5 Resources 5 Creating and managing Azure AD 8-5 Question and Answers Question: How will your organization use Azure AD? Answer: Answers will vary, but might include: • To secure access to Azure-based services. • To delegate management of Azure-based services. • To enhance authentication security by leveraging Multi-Factor Authentication. • To provide SSO functionality for access to SaaS applications. Feedback: As an identity and access management solution, Azure AD provides a range of features that integrate with other cloud and on-premises services. Leveraging Azure AD to authenticate Azure web apps, Azure PaaS cloud services, and web applications running in Azure virtual machines is easy. Similarly, you can delegate management of Azure AD resources that are accessible via the Azure Portal by using Role-Based Access Control (RBAC). You can also use Azure AD accounts when designating co-administrators of a subscription. Azure AD offers additional authentication enhancements, including Multi-Factor Authentication and SSO for access to SaaS applications or cloud-based Web applications, including the Azure portal. In addition, directory synchronization with AD DS makes it possible to sign in to cloudbased applications by using on-premises credentials. For example, an organization that deploys a web app for sales personnel to Azure can use Azure AD to authenticate user requests to the app and can choose to implement Multi-Factor Authentication when sales personnel access the app via a browser or a mobile device. Resources Multi-Factor Authentication Additional Reading: For more information regarding modern authentication, refer to “Office 2013 modern authentication public preview announced” at https://aka.ms/m37pjz. Additional Reading: For more information about Azure Multi-Factor Authentication, refer to “What is Azure Multi-Factor Authentication?” at: http://aka.ms/Ddsfo9 SSO via Access Panel Additional Reading: To view all currently available commercial Azure AD applications, go to the Azure Marketplace at http://aka.ms/Htfnef and click Azure Active Directory apps. 8-6 Microsoft Azure Fundamentals Module Review and Takeaways Review Question Question: What are some benefits of using Azure AD as an identity provider? Answer: The benefits include: 1. Scalability and availability, without additional infrastructure. 2. Centralized identity management. 3. Single sign-on to SaaS applications. 4. Increased security of the authentication process by leveraging Multi-Factor Authentication. 5. Integration with Office 365 and Microsoft Intune. Tools Azure AD Connect is the primary tool for performing directory synchronization. Creating and managing Azure AD 8-7 Lab Review Questions and Answers Lab: Create and manage Azure Active Directory tenants Question and Answers Question: What role should you assign to a user account in the Azure AD directory instance to enable the user to fully manage all of its objects? Answer: You should assign the Global Administrator role to the user account. Feedback: The Global Administrator role grants full control of the Azure AD tenant where this role exists. Note that this role does not grant any access rights to Azure subscription resources.