AZ900:2024 Describe Azure management and governance (30–35%)

Disclaimer

This blog is part of a 3 part series covering the 2024 AZ900 study guide. While there is tremendous value in going through this blog even if you are not writing the exam , please be aware that the content is centered around the exam.

As with any exam , the curriculum and the course content will evolve over time , please pay attention to when this blog was written and take into account that the exam and its content may have changed.

At time of writing , you can find the official study guide here:

Study guide for Exam AZ-900: Microsoft Azure Fundamentals

Describe cost management in Azure

• Describe factors that can affect costs in Azure
• Compare the pricing calculator and the Total Cost of Ownership (TCO) Calculator
• Describe cost management capabilities in Azure
• Describe the purpose of tags

Factors That Can Affect Costs in Azure

1. Resource Types and Usage: Different resources (e.g., VMs, storage accounts, databases) have different pricing models. The cost is influenced by how much you use these resources and the specific configurations (e.g., size, region) you choose.
2. Region: Prices for Azure services can vary between regions. This variation is due to the cost of operating data centers in different geographical locations.
3. Reserved Instances: Committing to a resource for a one or three-year term can significantly reduce costs compared to pay-as-you-go pricing.
4. Scalability Choices: Auto-scaling settings can impact costs by automatically adjusting resources based on demand, potentially leading to savings during off-peak times.
5. Data Transfer Fees: Transferring data out of Azure data centers (egress) can incur costs, depending on the volume of data and the destination.

Pricing Calculator vs. Total Cost of Ownership (TCO) Calculator

• Pricing Calculator: This tool helps estimate the cost of Azure products and services based on your specific usage scenarios. It’s highly customizable, allowing you to select and configure the Azure resources you plan to use and providing an estimate of the monthly cost.
• Total Cost of Ownership (TCO) Calculator: The TCO Calculator goes a step further by comparing the cost of running your applications in Azure with the cost of running them on-premises. It considers various factors such as hardware, software, and operational costs over time, providing a long-term cost comparison.

Cost Management Capabilities in Azure

Azure offers several tools and features to help manage and optimize cloud spending:

1. Azure Cost Management + Billing: Provides tools to monitor, allocate, and optimize costs across your Azure and third-party cloud resources.
2. Budgets: Set spending thresholds that, when reached, can trigger alerts or even automate cost-saving measures.
3. Cost Analysis: Offers detailed insights and breakdowns of your spending to identify trends and potential savings areas.
4. Azure Advisor: Provides personalized recommendations on how to reduce costs by optimizing your Azure resources.

Purpose of Tags

Tags in Azure are key-value pairs attached to resources that allow you to categorize and manage them by assigning metadata. This is particularly useful for cost management for several reasons:

1. Cost Allocation: Tags can help you allocate costs by department, project, environment, or any custom categorization, facilitating more accurate budgeting and chargebacks.
2. Resource Management: They enable more efficient resource and cost tracking by allowing you to filter and group resources based on tags.
3. Automation: Tags can be used to automate the governance of resources, including cost-related policies.

Describe features and tools in Azure for governance and compliance

• Describe the purpose of Microsoft Purview in Azure
• Describe the purpose of Azure Policy
• Describe the purpose of resource locks

Microsoft Purview in Azure

Purpose: Microsoft Purview (formerly known as Azure Purview) is a unified data governance service that helps organizations manage and govern their on-premises, multi-cloud, and software-as-a-service (SaaS) data. Its primary purpose is to provide a comprehensive data landscape across the organization, enabling data discovery, classification, and end-to-end data lineage, which helps in understanding data origins, transformations, and movements. Microsoft Purview aids in compliance and risk management by ensuring that data policies are consistently applied and that data is managed in accordance with regulations and business requirements.

Azure Policy

Purpose: Azure Policy is a service designed to enforce organizational standards and to assess compliance at scale across resources in Azure. It allows the creation and management of policies that enforce rules over Azure resources, ensuring they comply with corporate standards and service level agreements (SLAs). Azure Policy can automatically remediate non-compliant resources, ensuring continuous compliance and governance. It’s instrumental in scenarios such as enforcing naming conventions, ensuring specific resource types are deployed in certain regions, or that all resources have specific tags applied. Azure Policy can also add restrictions on storage account SKUs, virtual machine instance types, and rules relating to tagging of resources and groups.

The Microsoft Service Trust Portal

The Microsoft Service Trust Portal is a resource for organizations to access detailed information on how Microsoft manages security, compliance, and privacy. It serves as a central repository where users can find documents, reports, and other materials related to Microsoft’s cloud services’ trustworthiness, including compliance certifications and audit reports. This portal is designed to help organizations meet their regulatory and compliance requirements by providing transparency into Microsoft’s cloud services’ security practices.

Resource Locks

Purpose: Resource locks provide a way to protect Azure resources from accidental deletion or modification. They can be applied to subscriptions, resource groups, and individual resources, offering an additional layer of protection. There are two types of locks: Read-only and Delete. A Read-only lock prevents any modifications to the resource, whereas a Delete lock ensures the resource cannot be deleted. These locks are particularly useful in production environments or wherever it’s critical to prevent changes that could lead to service interruptions or data loss.

Describe features and tools for managing and deploying Azure resources

• Describe the Azure portal
• Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell
• Describe the purpose of Azure Arc
• Describe infrastructure as code (IaC)
• Describe Azure Resource Manager (ARM) and ARM templates

Azure Portal

Description: The Azure Portal is a web-based, unified console that provides an intuitive graphical interface to manage Azure resources. It allows users to create, manage, and monitor everything from simple web apps to complex cloud deployments. The portal offers guided experiences for deploying and managing resources, comprehensive management of your billing and account, and a marketplace for third-party services.

Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell

Description: Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides a choice of two command-line experiences.

• Azure Command-Line Interface (CLI): A cross-platform toolset available for Windows, macOS, and Linux. It’s designed for managing and administering Azure resources from the command line, offering commands in a syntax that is easy to read and learn.
• Azure PowerShell: A module offering cmdlets to manage Azure resources directly from the PowerShell command line. Designed for the automation of tasks, it’s particularly useful for Windows users who are familiar with PowerShell scripting.

Azure Arc

Purpose: Azure Arc extends Azure’s management capabilities to resources located outside of Azure, whether on-premises, in other clouds, or at the edge. It enables users to manage these external resources as if they were native Azure resources, applying consistent policies, governance, and deploying services across their hybrid environment. This makes it easier to implement complex cloud strategies without being limited to resources located in Azure data centers.

Infrastructure as Code (IaC)

Description: Infrastructure as Code (IaC) is a key DevOps practice, involving the management and provisioning of infrastructure through code instead of through manual processes. It enables developers and IT professionals to automatically manage, monitor, and provision resources through scripts. IaC increases efficiency, reduces the potential for human error, and ensures consistent configurations at scale.

Azure Resource Manager (ARM) and ARM Templates

Description:

• Azure Resource Manager (ARM): The deployment and management service in Azure that provides a management layer allowing users to create, update, and delete resources in their Azure account. It offers management features such as access control, locks, and tags to secure and organize resources after deployment.
• ARM Templates: JSON files that define the resources you need to deploy for your solution. They allow for the declarative specification of all the resources to be deployed to Azure, enabling IaC for Azure services. ARM templates ensure that deployments are repeatable and consistent, and they support the deployment of complex, interdependent systems in a transparent manner.

Describe monitoring tools in Azure

• Describe the purpose of Azure Advisor
• Describe Azure Service Health
• Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights

Azure Advisor

Purpose: Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry to offer recommendations across five categories: high availability, security, performance, cost, and operational excellence. These recommendations help improve the efficiency, security, and performance of your Azure resources.

Azure Service Health

Purpose: Azure Service Health provides personalized alerts and guidance when Azure service issues affect you. It offers a comprehensive view of the health of Azure services, regions, and resources, helping you understand how service problems might impact your resources. Service Health also provides details on planned maintenance and changes that could affect the availability of your services, allowing for proactive planning and response.

Azure Monitor

Purpose: Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on. Key components include:

• Log Analytics: A tool within Azure Monitor that collects and analyzes data generated by resources in your cloud and on-premises environments. It enables complex queries across all collected data, helping you diagnose issues and understand trends in your environment.
• Azure Monitor Alerts: These alerts proactively notify you of critical conditions and potentially take corrective automated actions based on triggers from metrics or logs. Alerts can help you identify and address issues before they affect your users.
• Application Insights: An application performance management (APM) service for web developers on multiple platforms. It’s a feature of Azure Monitor, offering powerful analytics tools to diagnose issues and understand what users actually do with your app. It’s designed to help you continuously improve performance and usability.