Azure Database Services:
Azure Database Services are fully managed Paas database services. Azure database services are fully managed, freeing up valuable time you’d otherwise spend managing your database so you can focus on new ways to delight your users and unlock opportunities. Enterprise-grade performance with built-in high availability means you can scale quickly and reach global distribution without worrying about costly downtime.
- Cosmos Database:
Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service. With a click of a button, Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide. You can elastically scale throughput and storage, and take advantage of fast, single-digit-millisecond data access using your favorite API including SQL, MongoDB, Cassandra, Tables, or Gremlin. https://docs.microsoft.com/en-us/azure/cosmos-db/introduction
- SQL Database:
Azure SQL Database is a general-purpose relational database-as-a-service (DBaaS) based on the latest stable version of Microsoft SQL Server Database Engine. SQL Database is a high-performance, reliable, and secure cloud database that you can use to build data-driven applications and websites in the programming language of your choice, without needing to manage infrastructure. It is a PaaS offering from Microsoft. https://docs.microsoft.com/en-us/azure/sql-database/
- Azure Database Migration:
Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations). https://docs.microsoft.com/en-us/azure/dms/dms-overview
It is a service on Azure that connects Azure users with Microsoft partners, software vendors, and startups. Azure users can try and purchase apps and services from a lot of other service providers. These apps and services are certified to run on Azure.
The communication of internet-connected devices and identifying themselves to other devices is called IoT.
The Azure Internet of Things (IoT) is a collection of Microsoft-managed cloud services that connect, monitor and control billions of IoT assets. In simpler terms, an IoT solution is made up of one or more IoT devices and one or more back-end services running in the cloud that communicate with each other.
Azure SQL Data Warehouse:
SQL Data Warehouse is a cloud-based Enterprise Data Warehouse (EDW) that uses Massively Parallel Processing (MPP) to quickly run complex queries across petabytes of data. Use SQL Data Warehouse as a key component of a big data solution. Once data is stored in Data warehouse, you can run analytics at massive scale. Queries finish within seconds instead of hours.
HDInsight is a cloud service that makes it easy, fast, and cost-effective to process massive amounts of data. HDInsight also supports a broad range of scenarios, like extract, transform, and load (ETL); data warehousing; machine learning; and IoT.
Azure Data Lake Analytics:
Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights. The analytics service can handle jobs of any scale instantly by setting the dial for how much power you need. You only pay for your job when it is running, making it cost-effective.
Azure Artificial Intelligence:
AI is the capability of a machine to imitate intelligent human behavior. Through AI, machines can analyze images, comprehend speech, interact in natural ways and make predictions using data.
Azure Machine Learning Service:
Azure Machine Learning service provides SDKs and services to quickly prep data, train, and deploy machine learning models. Improve productivity and costs with autoscaling compute & pipelines. Use these capabilities with open-source Python frameworks, such as PyTorch, TensorFlow, and scikit-learn.
Azure Machine Learning Studio:
Azure Machine Learning Studio is a collaborative, drag-and-drop tool for building, testing, and deploying predictive analytics solutions on your data. Tutorials, videos, and example models show you how to use Studio to build and deploy machine learning models.
Serverless Computing Solutions:
Serverless computing is the abstraction of servers, infrastructure, and operating systems. When you build serverless apps you don’t need to provision and manage any servers, so you can take your mind off infrastructure concerns. Serverless computing is driven by the reaction to events and triggers happening in near-real-time—in the cloud. As a fully managed service, server management and capacity planning are invisible to the developer and billing is based just on resources consumed or the actual time your code is running.
Serverless app runs only when an event is triggered. Scaling and performance are automatically handled.
Azure Functions is a solution for easily running small pieces of code, or “functions,” in the cloud. You can write just the code you need for the problem at hand, without worrying about a whole application or the infrastructure to run it. Functions can make development even more productive, and you can use your development languages of choice, such as C#, F#, Node.js, Python, or PHP. Pay only for the time your code runs and Azure scales as needed.
Azure Logic Apps:
Azure Logic Apps provides a way to simplify and implement scalable integrations and workflows in the cloud. It provides a visual designer to model and automates your process as a series of steps called a workflow. There are many connectors across cloud and on-premises services to quickly connect a serverless app to other APIs. A logic app begins with a trigger (like ‘When an account is added to Dynamics CRM’) and after firing can begin many combinations of actions, conversions, and condition logic. Logic Apps is a great choice when orchestrating different Azure Functions in a process – especially when the process requires interacting with an external system or API.
Azure Event Grid:
Azure Event Grid allows you to easily build applications with event-based architectures. First, select the Azure resource you would like to subscribe to, and then give the event handler or WebHook endpoint to send the event to. Event Grid has built-in support for events coming from Azure services, like storage blobs and resource groups. Event Grid also has support for your own events, using custom topics.
DevOps is a set of practices that automates the processes between software development and IT teams, in order that they can build, test, and release software faster and more reliably. The concept of DevOps is founded on building a culture of collaboration between teams that historically functioned in relative siloes. The promised benefits include increased trust, faster software releases, ability to solve critical issues quickly, and better manage unplanned work.
Azure DevOps (Formerly known as Visual Studio Team Services VSTS) provides development and collaboration tools for your DevOps environment.
Azure DevTest Labs:
Azure DevTest Labs enables developers on teams to efficiently self-manage virtual machines (VMs) and PaaS resources without waiting for approvals.
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates. These have all the necessary tools and software that you can use to create environments. You can create environments in a few minutes, as opposed to hours or days.
Azure Management Tools:
Using management tools you can access Azure resources.
Azure Portal is a website, https://portal.azure.com using which you can access all your azure resources from your browser. You can manage, deploy and delete resources as you like.
Azure PowerShell provides a set of cmdlets that use the Azure Resource Manager model for managing your Azure resources. Azure PowerShell uses .NET Standard, making it available for Windows, macOS, and Linux. Azure PowerShell is also available on Azure Cloud Shell. Azure PowerShell is available as a module using which you can connect to your Azure resources and manage them from PowerShell console.
Azure CLI is a command-line tool using which you can connect to your Azure resources and manage them. It is available on Windows, Linux and MacOS.
Azure Cloud shell:
Azure Cloud Shell is an interactive, browser-based scripting environment for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell. It is accessible via URL, https://shell.azure.com.
Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.
With Advisor, you can:
- Get proactive, actionable, and personalized best practices recommendations.
- Improve the performance, security, and high availability of your resources, as you identify opportunities to reduce your overall Azure spend.
- Get recommendations with proposed actions inline.
You can access Advisor through the Azure portal. Sign in to the portal, locate Advisor in the navigation menu, or search for it in the All services menu. Azure Advisor provides security recommendations by integrating with azure security center.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.
Azure DDOS Protection:
A DDoS attack attempts to exhaust an application’s resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet. Azure DDoS protection, combined with application design best practices, provide defense against DDoS attacks.
Azure Network Security Groups:
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
Azure Active Directory:
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employee’s sign in and access resources in:
- External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
- Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.
You can use the various Microsoft Cloud for Enterprise Architects Series posters to better understand the core identity services in Azure, Azure AD, and Office 365.
Along with a normal username and password, users are prompted to enter an additional MFA challenge to be completed in order to login to the application or a system. MFA delivers strong authentication via a range of easy verification options—a phone call, text message, or mobile app notification and one-time passwords—allowing users to choose the method they prefer. It can be used both on-premises and in the cloud to add security for accessing Microsoft online services, Azure Active Directory-connected SaaS applications, line of business applications, and remote access applications. In order to complete the authentication, you are requested to enter a username, password, and an MFA token. This completes the whole authentication process.
MFA works by requiring two or more of the following authentication methods:
- Something you know (typically a password)
- Something you have (a trusted device that is not easily duplicated, like a phone)
- Something you are (biometrics)
Azure Security Center:
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on-premises.
Keeping your resources safe is a joint effort between your cloud provider, Azure, and you, the customer. You have to make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service). Azure Security Center provides you the tools needed to harden your network, secure your services and make sure you’re on top of your security posture.
Azure Key Vault:
Cloud applications and services use cryptographic keys and secrets to help keep information secure. Azure Key Vault safeguards these keys and secrets. When you use Key Vault, you can encrypt authentication keys, storage account keys, data encryption keys, .pfx files, and passwords by using keys that are protected by hardware security modules (HSMs).
Key Vault helps solve the following problems:
- Secret management: Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
- Key management: Create and control encryption keys that encrypt your data.
- Certificate management: Provision, manage and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with Azure and your internal connected resources.
- Store secrets backed by HSMs: Use either software or FIPS 140-2 Level 2 validated HSMs to help protect secrets and keys.
Azure Information Protection:
Azure Information Protection (sometimes referred to as AIP) is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. After your content is classified (and optionally protected), you can then track and control how it is used.
Azure Advanced Threat Protection (Azure ATP):
Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Azure ATP monitors your domain controllers by capturing and parsing network traffic and leveraging Windows events directly from your domain controllers then analyzes the data for attacks and threats. Utilizing profiling, deterministic detection, machine learning, and behavioral algorithms Azure ATP learns about your network, enables detection of anomalies, and warns you of suspicious activities.
Azure ATP Components
Azure ATP consists of the following components:
- Azure ATP portal
The Azure ATP portal (https://portal.atp.azure.com) allows the creation of your Azure ATP instance, displays the data received from Azure ATP sensors, and enables you to monitor, manage, and investigate threats in your network environment.
- Azure ATP sensor
Azure ATP sensors are installed directly on your domain controllers. The sensor directly monitors domain controller traffic, without the need for a dedicated server, or configuration of port mirroring.
Azure ATP cloud service
Azure ATP cloud service runs on Azure infrastructure and is currently deployed in the US, Europe, and Asia. Azure ATP cloud service is connected to Microsoft’s intelligent security graph.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
The journey of creating and implementing a policy in Azure Policy begins with creating a policy definition. Every policy definition has conditions under which it’s enforced. And, it has a defined effect that takes place if the conditions are met.
In Azure Policy, we offer several built-in policies that are available by default. For example:
- Require SQL Server 12.0: Validates that all SQL servers use version 12.0. Its effect is to deny all servers that don’t meet these criteria.
- Allowed Storage Account SKUs: Determines if a storage account being deployed is within a set of SKU sizes. Its effect is to deny all storage accounts that don’t adhere to the set of defined SKU sizes.
- Allowed Resource Type: Defines the resource types that you can deploy. Its effect is to deny all resources that aren’t part of this defined list.
- Allowed Locations: Restricts the available locations for new resources. Its effect is used to enforce your geo-compliance requirements.
- Allowed Virtual Machine SKUs: Specifies a set of virtual machine SKUs that you can deploy.
- Apply tag and its default value: Applies a required tag and its default value if it’s not specified by the deploy request.
- Enforce tag and its value: Enforces a required tag and its value to a resource.
- Not allowed resource types: Prevents a list of resource types from being deployed.
To implement these policy definitions (both built-in and custom definitions), you’ll need to assign them. You can assign any of these policies through the Azure portal, PowerShell, or Azure CLI.
Azure Role Based access control:
Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. RBAC provides access to azure resources, enabling you to grant rights to users they need to complete their jobs.
RBAC is provided at no additional cost to all azure subscribers.
Here are some examples of what you can do with RBAC:
- Allow one user to manage virtual machines in a subscription and another user to manage virtual networks
- Allow a DBA group to manage SQL databases in a subscription
- Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets
- Allow an application to access all resources in a resource group
Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. Instead of giving everybody unrestricted permissions in your Azure subscription or resources, you can allow only certain actions at a particular scope. When planning your access control strategy, it’s a best practice to grant users the least privilege to get their work done.
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
- CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
- ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence.
Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on. Azure monitor starts collecting data as soon as you create azure subscription and start adding resources. Activity logs record when resources are created or modified and metrics display how the resource is performing.
Azure Service Health:
Azure Service Health is a suite of experiences that provide personalized guidance and support when issues in Azure services affect you. Azure Service Health can notify you, help you understand the effect of an issue, and keep you updated as the issue resolves. Azure Service Health also can help you prepare for planned maintenance and changes that could affect the availability of your resources.
Azure Service Health is composed of:
- Azure status – A global view of the health of Azure services
- Service Health – A personalized view of the health of your Azure services in regions where you use them.
- Resource Health – A deeper view of the health of the individual resources provisioned to you by your Azure services