1. Design identity, governance, and monitoring solutions Flashcards
How does Azure organize resources?
4 levels:
* management groups
* subscriptions
* resource groups
* resources.
Which Azure service can be used to manage user access and permissions?
Azure AD is Microsoft’s identity and access management service.
It’s used to manage user accounts, groups, and access to applications and resources in the cloud.
Azure AD provides single sign-on (SSO) capabilities, which means that users can sign in to all their apps with a single set of credentials.
Azure AD also provides multi-factor authentication (MFA) to enhance security.
How can you automate the provisioning and deprovisioning of user accounts?
- Azure AD Connect, which allows you to synchronize on-premises Active Directory with Azure AD.
- Azure AD Graph API, which allows you to programmatically manage user accounts, groups, and other directory objects.
- Azure Logic Apps, which allows you to create automated workflows that can trigger actions based on events in Azure AD.
- Azure Automation, which allows you to create runbooks that can automate tasks like provisioning and deprovisioning user accounts.
What is the difference between Just-in-Time (JIT) and Just-Enough-Access (JEA) in Azure?
- JIT focuses on granting access to resources on an as-needed basis. Users request access to a resource, and that access is granted for a limited period of time, typically for a specific task or project.
- JEA, on the other hand, focuses on granting users only the permissions they need to perform their job functions. This means that users are granted the minimum amount of access required to perform their tasks, and no more.
What are Azure Regions?
A region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.
When you deploy a resource in Azure, you’ll often need to choose the region where you want your resource deployed.
A few examples of regions are West US, Canada Central, West Europe, Australia East, and Japan West. Here’s a view of all the available regions as of June 2020.
What is an Azure Availability zone?
- Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking.
- Availability zones are primarily for VMs, managed disks, load balancers, and SQL databases.
- By co-locating your compute, storage, networking, and data resources within a zone and replicating them in other zones. You can use availability zones to run mission-critical applications and build high-availability into your application architecture. Keep in mind that there could be a cost to duplicating your services and transferring data between zones.
What are Azure Region Pairs?
- Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as VM storage) across a geography to help reduce the likelihood of interruptions due to catastrophic events.
- Examples of region pairs in Azure are West US paired with East US and SouthEast Asia paired with East Asia.
What is an Azure Resource?
A manageable item that’s available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are examples of resources.
What is an Azure Resource Group?
- Resource groups are a fundamental element of the Azure platform. A resource group is a logical container for resources deployed on Azure. These resources are anything you create in an Azure subscription like VMs, Azure Application Gateway instances, and Azure Cosmos DB instances.
- All resources must be in a resource group, and a resource can only be a member of a single resource group.
- Many resources can be moved between resource groups with some services having specific limitations or requirements to move. Resource groups can’t be nested.
- Before any resource can be provisioned, you need a resource group for it to be placed in.
Why should Resource Groups be organized in a logical way?
- Resource groups exist to help manage and organize your Azure resources. By placing resources of similar usage, type, or location in a resource group, you can provide order and organization to resources you create in Azure.
- Life cycle - If you delete a resource group, all resources contained within it are also deleted. Organizing resources by life cycle can be useful in nonproduction environments, where you might try an experiment and then dispose of it. Resource groups make it easy to remove a set of resources all at once.
- Authorization - Resource groups are also a scope for applying role-based access control (RBAC) permissions. You can ease administration and limit access to allow only what’s needed by applying RBAC permissions to a resource group.
What is Azure Resource Manager?
With Resource Manager, you can:
- Manage your infrastructure through declarative templates rather than scripts. A Resource Manager template is a JSON file that defines what you want to deploy to Azure.
- Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
- Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state.
- Define the dependencies between resources so they’re deployed in the correct order.
- Apply access control to all services because RBAC is natively integrated into the management platform.
- Apply tags to resources to logically organize all the resources in your subscription.
- Clarify your organization’s billing by viewing costs for a group of resources that share the same tag.
What is Azure Cost Management?
Monitor the consumption and cost of Azure resources. It includes the following features:
Cost Analysis - you can analyze costs at various levels, such as management group level, subscription level, resource group level, or resource level.
Budgets - set this according to monthly usage, and you can configure alerts for usage that exceeds the threshold cost you specify.
Advisor Recommendation - use this to optimize the cost of your Azure subscription. It offers recommendations—such as resizing or shutting down underutilized VMs and using reserved VM instances rather than paying as you go—to reduce your costs.
Invoices - access these in the Billing section of the Cost Management tool.
Payment - configure payment methods in the Billing section of the Cost Management tool.
What is Azure Advisor?
Azure Advisor is a single-stop shop to keep watch over the following:
- Cost management
- Security
- Reliability
- Operational excellence
- Performance
Azure Advisor provides an advisor score. A higher score indicates that your Azure Cloud deployment follows the best practices of the Azure WAF. Azure Advisor also provides recommendations to improve each of the WAF pillars for your Azure deployment.
