[PDF] Manage Azure subscriptions and resources (15-20%)

26270_3AZ_103_Objectives_MrNetTek.pdf Manage Azure subscriptions and resources (15-20й)

Manage Azure Subscriptions

Assign administrator permissions; o Add or change Azure subscription administrators Configure cost center quotas and tagging; o Azure Subscription Resource Limits and Quotas o Prevent unexpected charges with Azure billing and cost management o Manage you Azure spend by cost center Configure Azure subscription policies at Azure subscription level o What is Azure Policy? o Azure enterprise scaffold: Prescriptive subscription governance o Examples of implementing Azure enterprise scaffold o Organizing subscriptions and resource groups within the Enterprise Use multiple Azure subscriptions o Windows Azure tutorial Part 1: Set up and manage subscriptions o Blog - Subscription Management Pluralsight - Managing Microsoft Azure Subscriptions

Analyze Resource Utilization and Consumption

Configure diagnostic settings on resources; o Automatically enable Diagnostic Settings at resource creation using a Resource

Manager template

o Managing multiple Azure diagnostic settings using Azure CLI instead of

PowerShell

o Collect and consume log data from your Azure resources o What is Azure Diagnostics extension? o Monitoring data collected by Azure Monitor create baseline for resources; o Manage Azure resources with these top tips of 2017 o Use Cloudyn reports o Prevent unexpected charges with Azure billing and cost management create and test alerts; analyze alerts across subscription; o Unified alerts in Azure Monitor o Respond to events with Azure Monitor Alerts o Create, view, and manage metric alerts using Azure Monitor o Azure logging and auditing analyze metrics across subscription; o Azure Monitor Metrics Explorer create action groups; o Create and manage action groups in the Azure portal monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; o Log Analytics Examples view alerts in Log Analytics

Manage Resource Groups

Use Azure policies for resource groups; o Create and manage policies to enforce compliance configure resource locks; configure resource policies; o Lock resources to prevent unexpected changes implement and set tagging on resource groups; o Use tags to organize your Azure resources o Managing Microsoft Azure Subscriptions o Ready: Recommended naming and tagging conventions move resources across resource groups; o Move resources to new resource group or subscription o Azure: How to move resources between subscriptions under different tenants? o Remove-AzureRmResourceGroup o Understand limitations remove resource groups o Azure Resource Manager resource group and resource deletion o Remove-AzureRmResourceGroup

Managed Role Based Access Control (RBAC)

Create a custom role, o Custom roles in Azure configure access to Azure resources by assigning roles, o Manage access using RBAC and the Azure portal o Manage access using RBAC and Azure Resource Manager templates configure management access to Azure, troubleshoot RBAC, o Troubleshoot RBAC in Azure implement RBAC policies, o What is role-based access control (RBAC)? assign RBAC Roles Pluralsight - Managing Identities in Microsoft Azure Active Directory

Implement and manage storage (5-10й)

Create and Configure Storage Accounts

Configure network access to the storage account; o Configure Azure Storage Firewalls and Virtual Networks o Virtual Network Service Endpoints and Firewalls for Azure Storage now generally available create and configure storage account; o Create a storage account o Introduction to Azure Storage o Create a storage account o Create a BlockBlobStorage account o Manage storage account settings in the Azure portal generate shared access signature; o Using shared access signatures (SAS) o Shared Access Signatures, Part 2: Create and use a SAS with Blob storage install and use Azure Storage Explorer; o Azure Storage Explorer o Get started with Storage Explorer manage access keys; o Using shared access signatures (SAS) o Shared Access Signatures, Part 2: Create and use a SAS with Blob storage monitor activity log by using Log Analytics; o Storage Analytics implement Azure storage replication o Azure Storage redundancy o Locally-redundant storage (LRS): Low-cost data redundancy for Azure Storage o Zone-redundant storage (ZRS): Highly available Azure Storage applications o Geo-redundant storage (GRS): Cross-regional replication for Azure Storage o Azure Storage scalability and performance targets o Designing highly available applications using RA-GRS Storage o Microsoft Azure Storage redundancy options and read access geo redundant storage

Import and Export Data to Azure

Create export from Azure job; o What is Azure Import/Export service? o Azure Import/Export system requirements o Use Azure Import/Export service to import data to Azure Files create import into Azure job; o Creating an import job for the Azure Import/Export service Use Azure Data Box; o What is Azure Data Box? configure and use Azure blob storage; o Create a storage account o Introduction to Azure Storage configure Azure content delivery network (CDN) endpoints o What is a content delivery network on Azure? o Quickstart: Create an Azure CDN profile and endpoint o Create an Azure CDN endpoint o Using the Azure CDN to access blobs with custom domains over HTTPS o Configure a custom domain name for your Azure storage account

Configure Azure Files

Create Azure file share; o Introduction to Azure Files o Create a file share in Azure Files o Use an Azure file share with Windows create Azure File Sync service; o Deploy Azure File Sync o Step-by-step guide: Getting started with Azure file sync service o Prepare Windows Server to use with Azure File Sync create Azure sync group; o Create a sync group and a cloud endpoint troubleshoot Azure File Sync o Troubleshoot Azure File Sync

Implement Azure Backup

Configure and review backup reports; o Configure Azure Backup reports perform backup operation; o Back up a Windows Server or client to Azure using the Resource Manager deployment model create Recovery Services Vault; o Recovery Services vaults overview o Monitor and manage Recovery Services vaults o Set up disaster recovery for Azure VMs to a secondary Azure region. o Delete a Recovery Services vault create and configure backup policy; o Defining a backup policy perform a restore operation o Restore files to a Windows server or Windows client machine using Resource

Manager deployment model

o Use the Azure portal to restore virtual machines o Restore An Azure VM to an Availability Set From Azure Backup in the Azure

Portal

o Restore Azure Virtual Machines to an Availability Set Using PowerShell o Using templates to customize restored VMs from Azure Backup Deploy and Manage Virtual Machines (VMs) (20-25й)

Create and Configure a VM for Windows and Linux

Configure high availability; o Understanding Azure Availability Sets o Tutorial: Create and deploy highly available virtual machines with Azure

PowerShell

o Manage the availability of Windows virtual machines in Azure o Regions and availability for virtual machines in Azure o Design for Virtual Machines with High Availability Using Azure o High availability in Azure configure monitoring, networking, storage, and virtual machine size; o How to monitor virtual machines in Azure o Rich insights for virtual machines from Azure Monitor o Microsoft Azure Virtual Machine Monitoring with Azure Diagnostics Extension o Tutorial: Monitor a Windows virtual machine in Azure configure monitoring, networking, storage, and virtual machine size; o Resize virtual machines o Resize a Windows VM (Powershell) o Notes on changing Azure VM size o Resize Azure Resource Manager (ARM) VM OS & Data disk using Azure Portal o How to expand the OS drive of a virtual machine o Expand virtual hard disks on a Linux VM with the Azure CLI o Overview of Windows virtual machines in Azure o Quickstart: Create a Windows virtual machine in the Azure portal o Tutorial: Create and Manage Windows VMs with Azure PowerShell deploy and configure scale sets o Understanding Azure Virtual Machine Scale Sets (Part 1) o Understanding Azure Virtual Machine Scale Sets (Part 2) o Virtual Machine Scale Sets o What are virtual machine scale sets? o Quickstart: Create a virtual machine scale set in the Azure portal

Automate Deployment of VMs

Modify Azure Resource Manager (ARM) template; o Create a Windows virtual machine from a Resource Manager template o Azure Quickstart Templates see 101-vm-* configure location of new VMs; configure VHD template; o Creating Virtual Machine Templates in VMM o How to Create a Template from a Virtual Hard Disk o How to Create a Virtual Machine Template deploy from template; o Understand the structure and syntax of Azure Resource Manager Templates o Deploy resources with Resource Manager templates and Azure PowerShell save a deployment as an ARM template; o Export an Azure Resource Manager template from existing resources deploy Windows and Linux VMs o Quickstart: Create a Linux virtual machine in the Azure portal o Quickstart: Create a Windows virtual machine in the Azure portal o New-AzureQuickVM cmdlet

Manage Azure VM

Add data discs; o Attach a managed data disk to a Windows VM by using the Azure portal o Use the portal to attach a data disk to a Linux VM o Disks FAQs o Add a disk o Detach a disk o Resize a disk o Snapshot a disk o Back up unmanaged disks o Convert to Managed Disks o Convert disk between Standard and Premium o Copy files to a VM o Migrate to Premium storage with Azure Site Recovery o Find unattached disks o Use File storage o Deploy disks with template add network interfaces; o Add network interfaces to or remove network interfaces from virtual machines automate configuration management by using PowerShell Desired State; Configuration (DSC) and VM Agent by using custom script extensions; o Azure Automation State Configuration Overview (and sub-pages) o Custom Script Extension for Windows o 201-vm-custom-script-windows manage VM sizes; o Resize virtual machines o Resize a Windows VM (Powershell) o Notes on changing Azure VM size o Resize Azure Resource Manager (ARM) VM OS & Data disk using Azure Portal o How to expand the OS drive of a virtual machine o Expand virtual hard disks on a Linux VM with the Azure CLI move VMs from one resource group to another; o Move a Windows VM to another Azure subscription or resource group o Migrate Azure VMs to another region o Move resources to new resource group or subscription redeploy VMs o Redeploy Windows virtual machine to new Azure node o Redeploy Linux virtual machine to new Azure node o Set-AzureRmVM -redeploy

Manage VM Backups

Configure VM backup; o Plan your VM backup infrastructure in Azure o Deploy a Windows VM and enable backup using Azure Backup define backup policies; o Defining a backup policy implement backup policies; o Manage Azure VM backups with Azure Backup service perform VM restore; o Use the Azure portal to restore virtual machines Azure Site Recovery o Azure Site Recovery documentation Configure and Manage Virtual Networks (20-25й)

Connectivity Between Virtual Networks

Create and configure VNET peering; o Virtual network peering o Tutorial: Connect virtual networks with virtual network peering using the Azure portal o Create, change, or delete a virtual network peering o Configure VPN gateway transit for virtual network peering create and configure VNET to VNET; create virtual network gateway o Configure a VNet-to-VNet VPN gateway connection using the Azure portal o What is VPN Gateway? o Create a Site-to-Site connection in the Azure portal o Step-By-Step: Configuring a site-to-site VPN Gateway between Azure and On-

Premise

o Configure Network Performance Monitor for ExpressRoute o ExpressRoute FAQ o ExpressRoute Premium Add-on & Pricing verify virtual network connectivity; o Verify a VPN Gateway connection

Implement and Manage Virtual Networking

Configure private and public IP addresses, o Configure private IP addresses for a virtual machine using the Azure portal o Create a virtual machine with a static public IP address using the Azure portal o IP address types and allocation methods in Azure network routes, o Virtual network traffic routing network interface, subnets, and virtual network o Create, change, or delete a network interface o Add, change, or delete a virtual network subnet

Configure Name Resolution

Configure Azure DNS; o Azure DNS Documentation o What is Azure DNS? o Overview of DNS zones and records o Azure DNS FAQ o Delegation of DNS zones with Azure DNS o Tutorial: Create DNS records in a custom domain for a web app configure custom DNS settings; o Name resolution for resources in Azure virtual networks o Create, change, or delete a network interface configure private and public DNS zones o How to manage DNS Zones in the Azure portal o Manage DNS records and recordsets in Azure DNS using Azure PowerShell Create and Configure a Network Security Group (NSG) Create security rules; o Create, change, or delete a network security group o Security groups o Azure Network Security Groups (NSG) - Best Practices and Lessons Learned o Filter network traffic with a network security group using PowerShell associate NSG to a subnet or network interface; o Step by Step Azure network security groups NSG - Security Center o Associate network interfaces to an ASG o Associate network security group to subnet identify required ports; o Diagnose a virtual machine network traffic filter problem o Automate NSG auditing with Azure Network Watcher Security group view evaluate effective security rules o Diagnose a virtual machine network traffic filter problem o Azure Network Security Groups (NSG) - Best Practices and Lessons Learned

Implement Azure Load Balancer

Configure internal load balancer, o What is Azure Load Balancer? o Internal Load Balancing o Tutorial: Balance internal traffic load with a Basic load balancer in the Azure portal o Using Azure Resource Manager Support with Azure Load Balancer configure load balancing rules, o Azure Load Balancer Standard overview o Load balance internet traffic to VMs o Load balance internal traffic to VMs o Load balance VMs across availability zones o Load balance VM within a specific availability zone o Configure port fowarding in Load Balancer o Outbound connections in Azure configure public load balancer, o Quickstart: Create a Basic Load Balancer by using the Azure portal troubleshoot load balancing o Troubleshoot Azure Load Balancer Pluralsight - Managing Network Load Balancing in Microsoft Azure Pluralsight - Architecting Azure Solutions (70-534): Infrastructure and Networking

Monitor and Troubleshoot Virtual Networking

Monitor on-premises connectivity, o Diagnose on-premises connectivity via VPN gateways o Create an Azure Network Watcher instance o View the topology of an Azure virtual network o Network Performance Monitor͛s Serǀice Connectivity Monitor is now generally available use Network resource monitoring, o Network Watcher use Network Watcher, troubleshoot external networking, troubleshoot virtual network connectivity o Network connectivity o Border connectivity Pluralsight - Connecting Microsoft Azure Virtual Networks Pluralsight - Connecting On-premises Networks with Azure Virtual Networks Pluralsight - Architecting Azure Solutions (70-534): Infrastructure and Networking Integrate on Premises Network with Azure Virtual Network Create and configure Azure VPN Gateway, o What is VPN Gateway? o Create and manage a VPN gateway o New-AzureRmLocalNetworkGateway o Concepts

ƒ Planning and design for VPN Gateway

ƒ About VPN Gateway settings

ƒ About VPN devices

ƒ About cryptographic requirements

ƒ About BGP and VPN Gateway

ƒ About highly available connections

ƒ About Point-to-Site connections

ƒ About Point-to-Site VPN routing

ƒ About zone-redundant gateways for Availability Zones create and configure site to site VPN, o Create and manage S2S VPN connections configure Express Route, o Configure ExpressRoute and Site-to-Site coexisting connections using PowerShell verify on premises connectivity, o Configuring and validating VNet or VPN connections o Diagnose on-premises connectivity via VPN gateways o How to validate VPN throughput to a virtual network o iPerf - The ultimate speed test tool for TCP, UDP and SCTP o Troubleshooting: Azure Site-to-Site VPN disconnects intermittently troubleshoot on premises connectivity with Azure o Troubleshooting: Azure Site-to-Site VPN disconnects intermittently

Manage Identities (15-20й)

Manage Azure Active Directory (AD)

Add custom domains; o How to: Add your custom domain name using the Azure Active Directory portal o Managing custom domain names in your Azure Active Directory Azure AD Join; o Azure AD Join o How to join a Windows 10 computer to your Azure Active Directory configure self-service password reset; o How it works: Azure AD self-service password reset o How to successfully roll out self-service password reset o Quickstart: Self-service password reset o Password management frequently asked questions manage multiple directories; o Creating and Managing Multiple Windows Azure Active Directories o Manage your Azure Active Directory tenant Manage Azure AD Objects (Users, Groups, and Devices) Create users and groups; manage user and group properties; o How to: Add or delete users using Azure Active Directory o How to: Create a basic group and add members using Azure Active Directory o Dynamic membership rules for groups in Azure Active Directory o Dynamic membership rules for groups - Create a "Direct reports" rule manage device settings; o How to manage devices using the Azure portal perform bulk user updates; o Azure Active Directory - Bulk updating user profile attributes using PowerShell manage guest accounts o Manage guest access with Azure AD access reviews o Guests In The Cloud - How To Safely Manage External Users Using Azure AD B2B o Guest User Access in Office 365 and Azure AD

Implement and Manage Hybrid Identities

Install Azure AD Connect, o Getting started with Azure AD Connect using express settings o Custom installation of Azure AD Connect including password hash and pass-through synchronization; o User sign-in with Azure Active Directory Pass-through Authentication o Azure Active Directory Pass-through Authentication: Quick start use Azure AD Connect to configure federation with on-premises Active Directory

Domain Services (AD DS);

o Azure Active Directory Seamless Single Sign-On o How to configure federated single sign-on for an Azure AD Gallery application o What is application access and single sign-on with Azure Active Directory? manage Azure AD Connect; o Implement password hash synchronization with Azure AD Connect sync o Enable password synchronization to Azure Active Directory Domain Services o Hybrid identity and Microsoft identity solutions o Azure AD Connect Health Agent Installation o One or more on-premise AD objects don't sync to Office 365 (AAD) manage password sync and password writeback o How-to: Configure password writeback o Azure AD Connect sync: Understanding the default configuration Especially ƒ IsPresent([isCriticalSystemObject]). Ensure many out-of-box objects in Active Directory, such as the built-in administrator account, are not synchronized. o Install and run the Office 365 IdFix tool o Prepare directory attributes for synchronization with Office 365 by using the

IdFix tool

Implement Multi-Factor Authentication (MFA)

Configure user accounts for MFA, o Enforce multi-factor authentication (MFA) for subscription administrators o Tutorial: Complete an Azure Multi-Factor Authentication pilot roll out o Manage app passwords for two-step verification enable MFA by using bulk update, o (Bulk) pre-register MFA for users without enable MFA on the account o How to require two-step verification for a user o Deploy password reset without requiring end-user registration o PowerShell to Enable Azure MFA for bulk user using bulkupdatemfasamplefile CSV configure fraud alerts, o Fraud alert configure bypass options, o One-time bypass o Azure Conditional Access with ͞Skip MFA for ReƋuests From Federated users on my intranet" option - Scenarios o Bypass Azure MFA and Azure AD Connect Pass-Through Authentication configure Trusted IPs, o What is the location condition in Azure Active Directory conditional access? o Trusted IPs configure verification methods o Verification methods o What is conditional access in Azure Active Directory? Pluralsight - Implementing and Managing Azure Multi-factor Authentication