Application Insights

Azure AD Directory Services

Azure Machine Learning Service - Coding Required
Security & Compliance
Artificial Intelligence
Azure Machine Learning Studio - SAAS
Cost Management
Management & Governance
Azure Advisor

Azure Monitor

Tags Billing Internet of Things (IoT)

Azure Notification Hubs
Azure Service Health
IoT Edge
Resource Groups Azure Data Lake Analytics
Logical container for resources. IoT Central Azure SignalR Service
Azure HDInsight
Helps with management, viewing billing Resource Management IoT Hub
spend and access management
Web Azure API Management
Resource naming convention
Use common naming convention organisation-wide Azure Databricks

Azure Search
Role Based Access Control (RBAC) Big Data
Azure Database for MySQL Web Apps

Read-Only
Databases Spending Limits
Resource Locks
Delete Reserved Instances
Storage

Disk Storage Infrastructure Costs Low-cost Locations / Regions

Azure SQL Data Warehouse
Blob Storage VM Sizing

File Storage Shutdown VM's

Azure Database Migration Service
1 bill generated each month per subscription
Migrate to PAAS / SAAS
Queue Storage
Multiple subscriptions allowed per account Azure Database for PostgreSQL

Hard limits per account e.g. 10 express route circuits per Azure App Service
Azure Cosmos DB Constrained instance size
subscription Savings
Constraints Bring Your Own Licensing (BYOL)
Spending limits can be set
Service Catalogue Compute Requires use of MS SQL Server images

Containers Choice of OS (Windows vs Linux)

Licensing
Azure SQL Database Azure Hybrid Benefit:
Virtual Machines
Re-use existing Windows and SQL Server licenses
Subscriptions Notification Hub
Azure free subscription SQL Server Developer Edition
Export to Excel
Mobile Pricing Calculator
Azure Pay-As-You-Go subscription Azure Database for MariaDB Functions
Share link
Azure DevOps
Azure Enterprise Agreement Types Azure Cache for Redis
DevOps
Azure for Students subscription
Azure DevTest Labs Cognitive Services
SQL Server on VMs Location
Factors
Cost Effective Load Balancer Resource Type
Networking Azure Firewall
Capital Expenditure (CapEx) vs Operation Expenditure (OpEx)
Azure Application Gateway Azure Billing Zones
Secure geographical grouping of Azure Regions for billing purposes
Firewalls
Network virtual
Reliable appliances (NVAs) Pricing Enterprise
Commitment to spend a negotiated amount annually. Customised
Scalable Purchasing Options pricing
Benefits of Cloud Computing
Elastic Web Direct
DDOS Protection General public pricing, paid each month
Less Management Overheads

Global Cloud Solution Provider (CSP) Updates

Third party on-selling cloud services
https://azure.microsoft.com/en-us/updates/

API's
Performance Targets Total Cost of Ownership (TCO) Calculator
Azure Feedback Forum SLA's Predict savings by migrating to Azure Azure Mobile App
Azure Knowledge Center Uptime and Connectivity Guarantees
Management
Service Credits
Scope - Trial & Non-Prod workloads
Developer
Support during business hours via email Azure Cloud Shell
< 8 hour response
Azure CLI
General architectural guidance
AZ-900 Infrastructure as a Service (IAAS) Integrated
Support Cloud Service Types PowerShell
Paid Platform as a Service (PAAS) https://shell.azure.com/
Scope - Production workloads
Standard Software as a Service (SAAS)
Feature Preview - https://preview.portal.azure.com/
24x7 access to support via phone & email

Export JSON
< 1 hour response Dashboards
Share - Publish as Resource
General architectural guidance UK Government G-Cloud Azure Portal
Blades
Service Organization Controls (SOC) 1, 2, and 3
Geography
Scope - Business critical dependence Discrete market typically containing two or more regions, that
Professional Direct Criminal Justice Information Services (CJIS) preserves data residency and compliance boundaries.
24x7 access to support via phone & email
Certification
Cloud Security Alliance (CSA) STAR Certification
Region - Geographical area containing at least 1 or
< 1 hour response
more data centers
General Data Protection Regulation (GDPR)
Architectural advice based on best practice
EU Model Clauses Region Pair -
Operations Support - onboarding services, service reviews, Azure advisor Each Region is paired with another region within the same
consultations Public geography
Health Insurance Portability and Accountability Act (HIPAA)
Azure engineering web seminars Private
Architecture
International Organization for Standardization (ISO) Hybrid
ProDirect Delivery Manager
Cloud Deployment Models
International Electrotechnical Commission (IEC) 27018
Policy & Compliance
Scope - Dependence across multiple products Multi-Tier Cloud Security (MTCS) Singapore
Premier
Advanced Threat Protection
24x7 access to support via phone & email National Institute of Standards and Technology (NIST) Cybersecurity
https://portal.atp.azure.com/
Framework (CSF
< 15 min response Available through CSP or Azure E5 licence

Customer specific architectural advice Microsoft Azure Information Protection

Classification of content Update Domain
Azure Policy - Create and, manage standards for
Technical account manager service reviews & reporting resources in Azure Can be purchased standalone, or comes with Enterprise level
O365 subscriptions Fault Domain
Azure engineering web seminars & training Azure Initiative - Group of Policy Definitions
Availability Set - Grouping of VM's in single data center.
Designated technical account manager JSON configuration file Shared Security Model Protects against server rack failure.
Governance & Resource
Security
Azure Event Management (fee) Accessible through Portal, PowerShell, Azure CLI, and template Management Availability Zone
Physically separated datacenters within a
Management Groups - Define policies across multiple
Region. Protects against data center
subscriptions
failure.
Azure Blueprint - Packages ARM templates + policies
definitions + RBAC

Compliance Manager
Dashboard showing your level of compliance, Azure Security Center
and recommendations for improvement

Azure Key Vault

Centralised store for secrets

At Rest
Azure US Government - Available to US government and US
Transport contractors
Encryption Sovereign Clouds
Azure Germany - Isolated instance to meet EU data residency,
Pricing security, and compliance needs
Microsoft Privacy Statement
Explains what, why and how data is processed Role Based Access (RBAC) Azure China - Operated by 21Vianet
Azure Advisor
Trust Center Provides recommendations on HA, Security, Performance
Multi-Factor Authentication (MFA)
Contains resources regarding Microsoft Security, Privacy, and Cost
Compliance and transparency practices Compliance Identity Access Management
Azure Active Directory Single Sign-On (SSO)

B2B / B2C

Identity - Thing to be authenticated

Identities
Principal - Identity acting in a certain role
Azure Monitor e.g. standard user vs admin user
Service Trust Portal
Collect and analyse data from your Azure services
Central portal for compliance management
Service Principal - Identity used by a service
Firewalls
Monitoring

Azure Firewall
Managed, cloud-based, network security service. No packet filtering
Resource Health Azure Application Gateway
Provides you details with about the Network Load balancer including Web Application Firewall (WAF). Packet
current and past state of your resources filtering

Network virtual appliances (NVAs)

Azure Status Suited to custom configurations. Similar to hardware firewall.
Global view of health of Azure services
Service Health

Service Issues - Current issues Basic

Service Health DDOS Protection
Health History - Historic health Customisable dashboard to Standard
track the state of your Azure
Health Advisories - Detected health issues services
Azure Cost Management Network Security Groups (NSG)
Health Alerts Shows breakdown of Azure spend Firewall

Planned Maintenance
ExpressRoute

Virtual Private Network (VPN)

Cloudyn
Tracks cloud usage and expenditure for
cloud resources, including Azure and AWS.
MS acquired Cloudyn. Being phased out.