Enhance your career as an Azure architect with cutting-edge tools, expert guidance, and resources from industry leaders Azure is a sophisticated technology that requires a detailed understanding to reap its full potential and employ its advanced features. This book provides you with a clear path to designing optimal cloud-based solutions in Azure, by delving into the platform's intricacies.
You’ll begin by understanding the effective and efficient security management and operation techniques in Azure to implement the appropriate configurations in Microsoft Entra ID. Next, you’ll explore how to modernize your applications for the cloud, examining the different computation and storage options, as well as using Azure data solutions to help migrate and monitor workloads. You’ll also find out how to build your solutions, including containers, networking components, security principles, governance, and advanced observability. With practical examples and step-by-step instructions, you’ll be empowered to work on infrastructure-as-code to effectively deploy and manage resources in your environment.
By the end of this book, you’ll be well-equipped to navigate the world of cloud computing confidently. This book is an indispensable resource for Azure architects looking to develop cloud-based services along with deploying and managing applications within the Microsoft Azure ecosystem. It caters to professionals responsible for crucial IT operations, encompassing budgeting, business continuity, governance, identity management, networking, security, and automation. If you have prior experience in operating systems, virtualization, infrastructure, storage structures, or networking, and aspire to master the implementation of best practices in the Azure cloud, then this book will become your go-to guide.
Author(s): David Rendón, Brett Hargreaves, Sarah Kong,
Edition: 1
Publisher: Packt Publishing
Year: 2023
Language: English
Pages: 446
Cover
Title Page
Copyright and Credits
Foreword
Contributors
Table of Contents
Preface
Part 1 – Effective and Efficient Security Management and Operations in Azure
Chapter 1: Identity Foundations with Azure Active Directory and Microsoft Entra
Protecting users’ identities and securing the value chain – the importance of IAM in decentralized organizations
Authentication and authorization in Azure
Engaging and collaborating with employees, partners, and customers
The significance of digital identities in the modern IT landscape
Modernizing your IAM with Microsoft Azure AD
Life cycle management
Leveraging the Microsoft Cloud Adoption Framework
Azure AD terminology, explained
Securing applications with the Microsoft identity platform
Securing cloud-based workloads with Microsoft Entra’s identity-based access control
Azure AD
Microsoft Entra Permissions Management
Microsoft Entra Verified ID
Microsoft Entra workload identities
Microsoft Entra Identity Governance
Microsoft Entra admin center
Summary
Chapter 2: Managing Access to Resources Using Azure Active Directory
Understanding the need for IAM
Understanding Azure AD (now Microsoft Entra ID)
Exploring the Microsoft Entra ID editions
Microsoft Entra ID Premium P2
Understanding the capabilities of Microsoft Entra ID
Task 1 – creating a new Azure AD tenant using the Azure portal
Task 2 – creating and configuring Azure AD users
Task 3 – creating an Azure AD group with dynamic membership
Hybrid identity – integrating your on-premises directories (Azure AD Connect sync and cloud sync)
Azure AD Connect sync
Azure AD Connect cloud sync
Azure AD Application Proxy
Azure AD Conditional Access
Azure AD PIM
Assigning roles in PIM
Summary
Chapter 3: Using Microsoft Sentinel to Mitigate Lateral Movement Paths
Understanding the Zero Trust strategy
Understanding lateral movement
Leveraging Microsoft Sentinel to improve your security posture
Collecting data
Detecting threats
Investigating anomalies
Responding to incidents
Enabling Microsoft Sentinel
Global prerequisites
Enabling Microsoft Sentinel using the Bicep language
Enabling Microsoft Sentinel using the Azure portal
Setting up data connectors
Mitigating lateral movements
An Office 365 impersonation following a suspicious Azure AD sign-in
Suspicious inbox manipulation rules set following suspicious Azure AD sign-in
Summary
Part 2 – Architecting Compute and Network Solutions
Chapter 4: Understanding Azure Data Solutions
Technical requirements
Understanding Azure storage types
Structured data
Unstructured data
Semi-structured data
Azure storage accounts
Understanding Azure database options
Azure SQL
Azure Cosmos DB
Creating a Cosmos DB account
Summary
Chapter 5: Migrating to the Cloud
Technical requirements
Understanding migration options
Managing servers
Update management
VM backups
Modernizing applications
Scale sets
Azure App Service/Web Apps
Further modernization
Migrating data
Summary
Chapter 6: End-to-End Observability in Your Cloud and Hybrid Environments
Understanding the importance of a monitoring strategy
Working on an effective monitoring strategy
Azure Monitor – a comprehensive solution for observability and efficiency
Components
Data sources
Consumption
Summary
Chapter 7: Working with Containers in Azure
Understanding cloud-native applications
Understanding the difference between virtual machines and containers
Terminology
Azure Container Instances
Working with Azure Container Instances
Creating the Azure Container Registry instance
Pushing a container image to ACR
Creating an Azure Container Instance
Deploying Azure Container Instance for web app
Creating Azure Container Apps
Summary
Further reading
Chapter 8: Understanding Networking in Azure
Connectivity in Azure
Design considerations for VNets
Exercise 1 – design and implement a virtual network in Azure
Enabling cross-virtual-network connectivity
Using service chaining to direct traffic to a gateway
The hub-spoke network topology in Azure
Azure virtual NAT
Hybrid networking
Azure VPN Gateway
Site-to-site VPN connections
Point-to-site VPN connections
Azure Virtual WAN
ExpressRoute
Decision tree on network topology
Load balancing
Load balancing non-HTTP(S) traffic
Load balancing HTTP(S) traffic
Network security
Azure DDoS protection
Azure Firewall
Exercise 2 – Azure Firewall – implement secure network access using the Bicep language
Azure WAF
Summary
Chapter 9: Securing Access to Your Applications
Technical requirements
Designing for security
Securing traffic
SQL database firewalls
Web application VNet integration
Azure Firewall
Application Gateway
Azure Front Door
What to use and when?
Configuring network-level security
Testing and securing the app
Creating an Azure application gateway
Securing keys and secrets
Using managed identities
Summary
Part 3 – Making the Most of Infrastructure-as-Code for Azure
Chapter 10: Governance in Azure – Components and Services
Planning a comprehensive cloud governance strategy
Understanding Azure governance
Azure governance – components and services
Management groups
Azure Policy
Azure Blueprints
Azure Resource Graph
Microsoft Cost Management
Microsoft Cost Management components
Summary
Chapter 11: Building Solutions in Azure Using the Bicep Language
Unlocking the benefits of IaC with Azure Resource Manager
Authoring Bicep files
Bicep file structure
Working with parameters
Parameter data types
Bicep modules
Previewing Azure deployment changes using what-if
Summary
Chapter 12: Using Azure Pipelines to Build Your Infrastructure in Azure
Understanding the relationship between continuous integration, continuous delivery, and pipelines
Understanding Azure Pipelines
Configuring Azure DevOps
Configuring Azure Repos
Importing a repository into Azure Repos
Configuring a build pipeline in Azure DevOps using the Classic Editor
Configuring a release pipeline in Azure DevOps using the Classic Editor
Configuring Azure Pipelines with YAML
Summary
Chapter 13: Continuous Integration and Deployment in Azure DevOps
DevOps transformation – achieving reliable and efficient software development through CI and CD practices
CI in Azure DevOps using the Classic Editor
CD in Azure DevOps
CI/CD baseline architecture using Azure Pipelines
Building a multistage YAML pipeline
Configuring a new project in Azure DevOps
Configuring CI/CD pipelines with YAML
Summary
Chapter 14: Tips from the Field
Azure governance
Azure monitoring
Identity management and protection
Azure networking
Azure containers
Summary
Index
Other Books You May Enjoy
