aka ms70 533 aka mscertification70 533 aka msAzureShortcuts

aka. ms/70 -533 aka. ms/certification/70 -533 aka. ms/Azure/Shortcuts aka. ms/Azure/Iaa. SOps. Guide

410: 411: 412: MCSA Windows Installing and Configuring Administering Configuring Advanced Server 2012 Windows Server 2012 Services CLOUD PLATFORM & INFRASTRUCTURE 740: Installation, Storage, and Compute with Windows Server 2016 741: Networking with Windows Server 2016 MCSA Windows 742: Server 2016 Identity with Windows Server 2016 MCSE Elective 533: Managing Microsoft Azure Infrastructure Solutions LFCS: Linux Foundation Certified System Administrator Choose two from: 532: Developing Microsoft Azure Solutions 533: Managing Microsoft Azure Infrastructure Solutions 534: Architecting Microsoft Azure Solutions 537: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack (Planned January 2018) Cloud Platform & Infrastructure Earned: 2017 MCSA Linux on Azure MCSA Cloud Platform • 246: Monitoring and Operating a Private Cloud (Retires: 12/31/2017) • 247: Configuring and Deploying a Private Cloud (Retires: 12/31/2017) • 537: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack (Planned January 2018) • 538: Implementing Microsoft Azure Dev. Ops Solutions (Planned 2018) *Select one elective to complete your MCSE. Then choose a different elective next year or retake a previous cloud-based exam to stay relevant and prove your expanded skills

This slide deck – great study guide 5 Things to know at the end of each section Embedded links for additional info / section The MS Press Study Guide for 70 -533 Azure Documentation – Microsoft Azure Subscription (MSDN, etc. ) Azure Power. Shell Azure CLI Install & configure Azure CLI/ Power. Shell Measure Up practice exams

Caveat Emptor! Free trial account Hands-On Workshops/Labs Microsoft Virtual Academy azure. microsoft. com 70 -533 exam objectives

Implement Deploy Web Apps 15 -20% ARM Virtual Machines 15 -20% Storage Strategy 15 -20% Azure Active Directory 15 -20% Virtual Networks 15 -20% Design Deploy ARM Templates 15 -20%

aka. ms/Azure/App. Service

Define Deployment Slots swapped and not Swap with preview Auto Swap Setting Up Staging Environments in Azure App Service Rollback Deployments Power. Shell CLI

Implement Pre/Post Deployment Actions Traffic Manager To. Do app Create a Web App within an App Service plan Create a web app in an App Service Environment

Retrieve Diagnostics Data Logging. Enabled: true View Streaming Logs Configure Endpoint Monitoring Stefan Shackow’s Video

Kudu

disables the others! Enabling Java for app /Log. Files/Detailed. Errors

custom domain names

Verbs Nouns Edit Backup. Configuration Get Backup, Metrics, Slot, SSL Binding New Backup, Slot, SSL Binding Remove Backup, Slot, SSL Binding Reset Publishing. Profile, Slot. Publishing. Profile Restart Slot Restore Backup Set Slot, Slot. Config. Name, Start Slot Stop Slot See ALL Azure Website cmdlets

To list the commands available for Azure Web. Apps in the xplat -cli, Azure site create MSIgnite 2016 Azure site list delete See more See Use the Azure CLI for Mac, Linux, and Windows with Azure Resource Manager

know these 5 things now 1. Continuous 2. Schedule 3. On-Demand connection. Strings Environment Variables 2 Endpoints, 3 Geographic locations Schedule : Free | Shared | Basic | Standard By Metric :

aka. ms/Azure/VM

see resource-group-name} templates location azure-quickstart- resource-group-name location quickstart-templates -name {resource-group-name deployment

General Purpose VMs Memory Intensive VMs Compute Instance Name Virtual Cores RAM Extra Small (A 0) Shared 768 MB Small (A 1) 1 1. 75 GB Medium (A 2) 2 3. 5 GB Large (A 3) 4 7 GB Extra Large (A 4) 8 14 GB Compute Instance Name Virtual Cores RAM A 5 2 14 GB A 6 4 28 GB A 7 8 56 GB Compute Instance Name Virtual Cores RAM Networking A 8 8 56 GB 40 Gbit/s Infini. Band A 9 16 112 GB 40 Gbit/s Infini. Band Each Persistent Data Disk Can be up to 1 TB with up to 16 disks per VM https: //azure. microsoft. com/en-us/blog/azure-introduces-new-disks-sizes-up-to-4 tb/ http: //azure. microsoft. com/en-us/pricing/details/virtual-machines/

Best Practices see more azure config mode arm azure vm quick-create Custom VM Image Prepare and Upload the Image Create a VM running Windows. Create a VM running Linux

1. Sysprep OOBE Generalized Add-Azure. VMImage Linux on Azure Endorsed QEMU Read more KVM

Base OS image for new Virtual Machines Sys-Prepped/Generalized/Read Only Created by uploading or by capture Writable Disks for Virtual Machines Created during VM creation or during upload of existing VHDs. See About Disks and Images See “How to Attach a Disk”

PS DSC To Automate VM Processes To Automate VM Config Chef Prevent configuration drift Puppet Build, Deploy Manage = Lifecycle See “About Azure VM Configuration settings” & “Manage Images Using Power. Shell”

Combine with Load Balancer to increase resiliency aka. ms/Azure/availability See Azure Limits!

Physical groups of resources Same rack, Server, Power Source, Network Switch Fabric spreads across min 2 fault domains Availability Set spreads VMs across 3 Fault Domains Logical groups of resources to be updated together Host OS updates honour service update domains Specified and configured in service definition Default of 5 (up to 20) Only 1 rebooted at a time Fabric Controller spreads role instances across Update Domains and Fault Domains Read more

host caching Host caching - off by default Host-caching is ON by default Power. Shell: Set-Azure. RMOSDisk Azure. RMData. Disk host-cache Set- 3 copies by default 6 copies

GRS is recommended over ZRS or LRS for maximum durability. by default allows read access at secondary when primary region becomes unavailable. NOTE: Once selected, can’t change!

See monitor, diagnose and troubleshoot Microsoft Azure Storage

possible metrics http: //aka. ms/Azure/VMSS

Power. Shell | Desired State Configuration | Extensions e. g. Custom, Puppet, Chef, Octopus 1 Public 1 Private IP | w/in Cloud Service | Use for RDP, PS Remote, SSH Security Enhancement | Permit/Deny | Per Endpoint Only | By Power. Shell or Mgt Portal Protects against rack failure | OS Updates LRS (Single Region) | ZRS (Across 2 -3 facilities within or across 2 regions) | GRS (3 x’s in 2 regions)

Block blobs Page Blobs AZCopy FORMAT = https: //{storage account}. blob. core. windows. net{blob container} KNOW /Pattern, Source, Dest

SMB and REST aka. ms/Azure/Files Azure File Share (Paa. S)

• Azure VMs can “net use” to a share • SMB Features NOT supported • • Windows (Create. File, Read. File, Write. File, …) CRTs (fopen, fread, fwrite, …). Net (File. Stream. Read, File. Stream. Write, …) Many more

How To Store Why use This? Azure Files • SMB Interface, Client Libraries and REST • Lift & Shift an Application which already uses the native file system APIs to share data between it and other applications running in Azure. • Store Development and Debugging Tools for use by many VMs Azure Blobs • Client Libraries and REST • Want APP to support Streaming and Random Access Scenarios • Access Application Data from Anywhere Azure Data Disks • Client Libraries and REST • Lift and Shift applications that use native file system APIs to read and write data to persistent disks. • Store data that is not required to be accessed from outside the virtual machine to which the disk is attached.

Ad Hoc SAS controlled by Stored Access Policy Delegated access Blobs, Queues, Tables URI format permissions specified time | signedidentifier specifies Stored Access Policy Best Practice to use with SAS 5 policies per Container Share Access Signatures, Pt 1 | Stored Access Policies

Minimal Verbose Blob Table Queue Off blob container $logs Blob svc API Read more on logs! See Monitor Storage Account

Geo-Restore & Point in Time BACPAC Storage Account | Use Export Data-tier Application Wizard Automated Exports & Also Can Import/Export using REST API DAC package BACPAC both schema and data, DAC packages only schema SSDT Read More

Vault Credentials Win Server Azure geographic region Passphrase does not DNS/Net. BIOS Start-OBRecovery -Recoverable. Item $Final. Item -Recovery. Option $secure. String -Credential $cstrial See Configure Azure Back Up to back up Windows Server Also Azure Backup Overview

64 bit 2012 R 2, 2012, 2008 R 2 SP 1 7, 8, 8. 1 Update Roll up 2 Azure Backup Agent Windows Server and System Center Data Protection Manager Windows Server Essentials See Install Backup Agent and upload vault credential Also Administer Azure Backup with Windows Power. Shell

Block Blobs (Sequential IO) up to 200 GB each | Page Blobs (Random Access) up to 1 TB Delegated Access | Limit Permissions to Blobs, Queues, Tables | URI format wperms & spec. time For Blobs, Tables and Queue Services | Off , Minimal, Verbose - > per Storage operations BACPAC contains both schema and data | DAC packages contain only schema Servers 2012 R 2, 2012, 2008 R 2 SP 1, 64 bit Win 7, 8, 8. 1, Ext available - Server 2012 Essentials

Synchronization Active Directory *Write back of attributes to support cloud first and co-existence Identity Sync with password hash sync User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory Federation Identity Sync Active Directory AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory AD FS

SAML-P, WS-Federation, Open. ID Connect

http: //myapps. microsoft. com contosobuild. com Read more…

REST API Endpoint CRUD operations must register APP with AAD Query an Azure AD directory using the Graph API

• • • • • aka. ms/Azure/B 2 C

1. Arvind can choose not to create account. If not, the invitation remains unredeemed. 2. b 2 btest 074. onmicrosoft. com is the tenant domain and contoso. com is an email verified domain. Arvind_btbtest 074. com#EXT#@. . . msonline-setup. com (host tenant) aka. ms/Azure/B 2 CB arvind@b 2 btest 074. com B 2 btest 074. onmicrosoft. com (dynamic tenant) 3. Admin can DNS verify the b 2 btest 074. com domain and take over this dynamic tenancy. 4. When the tenant is taken over the domain changes to DNS verified. 5. Tenant can choose to keep existing cloud passwords for the users or configure On Prem federation if available.

Azure AD B 2 B Collaboration Azure AD B 2 C What is it for? IT Pros providing access to their organization’s data and applications to partner organizations and collaborators. Developers working on Consumer- & citizen-facing mobile & web apps that reach out to the customer, and citizens directly. Who is it for? Partner users that are acting *on behalf of*, i. e. as representatives or employees of their organization. Consumers and citizens that are acting as themselves. Manageability Access reviews, email verification, allowlist/denylist, etc… govern access to host application and resources. Self-Serve. Users manage their own profiles. Discoverability Partner users are discoverable and can see other users from their own organization (subject to policy). Consumers and citizens are invisible to other consumers and citizens. Privacy and consent are paramount.

Consider this Product Azure AD Multitenant Saa. S app Azure AD B 2 B Azure AD B 2 C If I need to provide A service to businesses Partner access to my A service to apps consumers And I am similar to Pharm Distribution Imaging company Sports Franchise Deploying an App for… Practice Management Supplier extranet Soccer Fans Targeting… Doctor’s offices Approved Business Partners Anyone with email Accessible when Customer admin consents My admin invites The consumer signs up

Azure AD Sync | FIM 2012 R 2 Get-Azure. RMDeployment -Service. Name yourservicename | Select Url

aka. ms/Azure/VNet aka. ms/Azure/DMZ

Test-Azure. RMStatic. VNet. IP –VNet. Name Test. VNet –IPAddress 192. 168. 4. 7 see all PS Examples Existing virtual networks that have been configured for an affinity group cannot use ILB Read More

Virtual Network Internet Load Balancer Virtual Network Azure Load Balancer Internet 1. UDR 2. BGP (w/ER) 3. System Route Read Associating NSGs aka. ms/Azure/NSG

Within VNet, VM to Internet, through peering & GWs Force tunnel to internet or on-premises Use Network Virtual Appliance (NVA) Direct subnet traffic up the layers 1. UDR 2. BGP (w/ER) 3. System Route See also Create UDR using a Template aka. ms/Azure/UDR

Tier Standard | WAF SKU Size Small | Medium | Large Instance Count Starts at 2 Create a Custom Health Probe Configure SSL Offloading aka. ms/Azure/App. Gateway

Used for NIC (ARM), VM (ASM Only) & Subnets (ASM/ARM) | Create with Power. Shell, CLI, Rest API Add-Azure. RMInternal. Load. Balancer watch some videos

aka. ms/Azure/ARM aka. ms/Azure/RBAC

ARM World Class Templates Proven Practices

aka. ms/Azure/Policies

aka. ms/Azure/RBAC/Custom

October Refresh of the OD

Manage Containers with Azure Container Services (ACS) Deploy a Kubernetes cluster in ACS; create and manage container images; scale applications using Docker, DC/OS, Swarm, or Kubernetes; configure for open-source tooling; migrate container workloads to and from Azure; monitor Kubernetes by using Microsoft Operations Management Suite (OMS); implement Azure Container Registry

Manage Azure Operations Enhance cloud management with automation Implement Power. Shell runbooks; integrate Azure Automation with Web Apps; create and manage Power. Shell Desired State Configurations (DSC); import DSC resources; generate DSC node configurations; monitor and automatically update machine configurations with Azure Automation DSC

Collect and analyze data generated by resources in cloud and on-premises environments. Collect and search across data sources from multiple systems; build custom visualizations; visualize Azure resources across multiple subscriptions; transform Azure activity data and managed resource data into an insight with flexible search queries; monitor system updates and malware status; track server configuration changes by using Azure Log Analytics

Manage Azure Identities Monitor on-premises identity infrastructure and synchronization services with Azure AD Connect Health Monitor AD FS proxy and web application proxy servers; setup email notifications for critical alerts; generate utilization reports; monitor Sync Engine; monitor domain controllers; monitor replication Manage domains with Azure Active Directory Domain Services Join Azure virtual machines to a domain, securely administer domain-joined virtual machines by using Group Policy; migrate on-premises apps to Azure; handle traditional directory-aware apps along with Saa. S apps

Integrate with Azure Active Directory (Azure AD) Implement Azure AD Connect and single sign-on with on-premises Windows Server 2012 R 2; add custom domains; monitor Azure AD, MFA, config Windows 10 with Azure AD domain join; Implement Azure AD integration in web and desktop applications; leverage Microsoft Graph API

Implement Azure AD B 2 C and Azure AD B 2 B Create an Azure AD B 2 C Directory; register an application; implement social identity provider authentication; enable multi-factor authentication; set up self-service password reset; implement B 2 B collaboration; configure partner users; integrate with applications

App Services PDF Virtual Machines PDF Azure Storage PDF Azure AD PDF Virtual Networks PDF Azure Resource Manager PDF

https: //myignite. microsoft. com/evaluations https: //aka. ms/ignite. mobileapp