Introduction xxiiiAssessment Test xxxChapter 1 Identity: Azure Active Directory 1Azure Active Directory 2Benefits 2Concepts 4Azure AD vs. Active Directory Domain Services 4Azure AD: Licensing 5Custom Domains in Azure AD 7Users and Groups 8User Accounts 8Group Accounts 26Azure AD Roles 36Azure AD Join 37Benefits 37Connection Options 38Self-Service Password Reset 39Enabling SSPR 39Authentication Methods 40Managing Multiple Directories 42Summary 43Exam Essentials 44Review Questions 45Chapter 2 Compliance and Cloud Governance 49Azure Regions 50Facts 51Regional Pairs 52Azure Accounts and Subscriptions 53Azure Accounts 54Azure Subscriptions 54Azure Cost Management 57Plan and Control Expenses 58Cost Saving Techniques 59Resource Groups 60Management Groups 65Azure Policy 68Implementing Azure Policy 69Implementing Initiatives 77Role-Based Access Control 79Concepts 80Azure RBAC Roles 82Custom RBAC Roles 84Role Assignment 91Resource Locks 95Configuring Locks 97Resource Tags 99Use Cases 99Applying Tags 100Summary 102Exam Essentials 102Review Questions 104Chapter 3 Virtual Networking 109Virtual Networks 110VNet Concepts 111Address Space 111Subnets 111Regions 111Subscription 112IP Addressing 113Static and Dynamic Addressing 113Private IP Addresses 113Public IP Address 116Network Routes 118System Routes 119User-Defined Routes 119Service Endpoints 125Supported Services 127Private Endpoint 127Azure DNS 129Record Management 131Private DNS Zones 133Network Security Groups 137NSG Concepts 137NSG Effective Rules 141Azure Firewall 142Azure Firewall Rules 142Implementing Azure Firewall 144Summary 145Exam Essentials 146Review Questions 148Chapter 4 Intersite Connectivity 153Azure-to-Azure Connectivity 154Internet 155Virtual Network Peering 156VPN Gateway 165Virtual Network Peering vs. VPN Gateway 177Azure to On-Premises Connectivity 178VPN Gateways 178ExpressRoute Connections 189Intersite Connectivity Architecture 193Virtual WAN 196Summary 197Exam Essentials 198Review Questions 199Chapter 5 Network Traffic Management 203Availability Options 204Availability Sets 205Availability Zones 207Service Level Agreement 208Azure Load Balancer 208Types of Load Balancers 209Load Balancer SKUs 212Configuring Load Balancer 212Implementing Azure Load Balancer 214Azure Application Gateway 221Request Handling Process 222Routing Methods 223Configuring Application Gateway 224Implementing Application Gateway 226Azure Front Door 235Azure Traffic Manager 237Comparing the Load Balancing Solutions 239Summary 239Exam Essentials 240Review Questions 241Chapter 6 Azure Storage 245Azure Storage Account 246Azure Storage Services 247Azure Blob Storage 247Azure Files 248Azure Queues 249Azure Tables 249Azure Disks 249Storage Replication 250Locally Redundant Storage 250Zone Redundant Storage 251Georedundant Storage 252Geo-zone-Redundant Storage 253Storage Account Types 255Storage Account Endpoints 256Accessing Storage 256Custom Domain Configuration 256Securing Storage Endpoints 257Azure Blob Storage 258Blob Containers 259Blob Access Tiers 259Blob Lifecycle Management 260Uploading Blobs 261Storage Security 268Authorization Options 268Shared Access Signatures 269Storage Service Encryption 275Azure Files and File Sync 276Azure Files vs. Azure Blobs 276Managing File Shares 277Mapping File Shares 279File Share Snapshots 282Azure File Sync 285Managing Storage 288Azure Storage Explorer 289AzCopy 291Import/Export Service 297Summary 299Exam Essentials 300Review Questions 302Chapter 7 Azure Virtual Machines 307Virtual Machine Planning 309Virtual Network 309Name 309Location and Pricing 310Size 311Storage 312Operating System 315Deploying Virtual Machines 315Connecting to Virtual Machines 320Windows Connections 320Linux Connections 324Azure Bastion 329Availability of Virtual Machines 334Scaling Concepts 335Vertical Scaling 335Horizontal Scaling 336Virtual Machine Scale Sets 336Implementing a Scale Set 337Autoscaling 340Summary 342Exam Essentials 342Review Questions 343Chapter 8 Automation, Deployment, and Configuration of Resources 349Azure Resource Manager 350ARM Templates 352Template Design 352Template Modes 354Template Sections 355Composing Templates 361Exporting Templates 370Configuring Virtual Hard Disk Templates 374Create a VM from a VHD 375Virtual Machine Extensions 376Custom Script Extension 378Desired State Configuration 379Summary 380Exam Essentials 381Review Questions 382Chapter 9 PaaS Compute Options 387Azure App Service Plans 388Pricing Tiers 389Scaling 391Azure App Services 396Continuous Deployment 400Deployment Slots 402Securing App Service 405Custom Domains 408Backup 409Container Instances 411Docker 412Azure Container Instances 415Container Groups 421Azure Kubernetes Service 422Terminology 424Cluster Components 425Networking 426Storage 429Cluster Upgrade 431Scaling 432Summary 438Exam Essentials 439Review Questions 440Chapter 10 Data Protection 445File and Folder Backups 446Azure Backup 446Creating Recovery Services Vault 447Configuring a Recovery Services Vault 448Virtual Machine Data Protection 451Virtual Machine Snapshots 452Azure Backup 453Azure Backup Server 463Azure Site Recovery 466Summary 469Exam Essentials 470Review Questions 471Chapter 11 Monitoring Resources 475Azure Monitor 476Metrics 477Logs 478Data Sources 479Activity Log 480Azure Alerts 482Creating Alert Rules 483Alert States 484Action Groups 484Log Analytics 492Workspace 493Data Sources 493Agents Configuration 496Query Language 497Network Watcher 502IP Flow Verify 503Next Hop 503Effective Security Rules 505VPN Troubleshoot 505Packet Capture 506Connection Troubleshoot 506NSG Flow Logs 507Topology 509Summary 509Exam Essentials 510Review Questions 511Appendix Answers to the Review Questions 515Chapter 1: Identity: Azure Active Directory 516Chapter 2: Compliance and Cloud Governance 517Chapter 3: Virtual Networking 519Chapter 4: Intersite Connectivity 520Chapter 5: Network Traffic Management 521Chapter 6: Azure Storage 522Chapter 7: Azure Virtual Machines 524Chapter 8: Automation, Deployment, and Configuration of Resources 526Chapter 9: PaaS Compute Options 528Chapter 10: Data Protection 529Chapter 11: Monitoring Resources 530Index 533

ABOUT THE AUTHORRITHIN SKARIA is a cloud evangelist, speaker, consultant, and a published author with an interest in cloud architecture design and optimization. With a decade of experience managing, implementing, and designing IT infrastructure solutions for public and private clouds, he is currently working with Microsoft as a Customer Engineer, focusing on Azure solutions. Rithin has over 18 certifications in different technologies such as Azure, Linux, Microsoft 365, and Kubernetes; he is also a Microsoft Certified Trainer. Rithin has been recognized has one of the engagement leads for his contributions to the Microsoft Worldwide Open Source Community. He has presented at various events and conferences, including Microsoft Spark.