==============================================================================================
AZURE LEARNING NOTES ADMINISTRATOR
==============================================================================================
Skills measured / Functional groups
----------------------------------------------------------------------------------------------
++ Manage Azure identities and governance (20-25%)
++ Implement and manage storage (15-20%)
++ Deploy and manage Azure compute resources (20-25%)
++ Implement and manage virtual networking (15-20%)
++ Monitor and maintain Azure resources (10-15%)
----------------------------------------------------------------------------------------------
https://learn.microsoft.com/en-us/training/paths/az-104-administrator-prerequisites/
----------------------------------------------------------------------------------------------
https://learn.microsoft.com/en-us/training/paths/az-104-manage-identities-governance/
----------------------------------------------------------------------------------------------
https://learn.microsoft.com/en-us/training/paths/az-104-manage-storage/
----------------------------------------------------------------------------------------------
https://learn.microsoft.com/en-us/training/paths/az-104-manage-compute-resources/
----------------------------------------------------------------------------------------------
https://learn.microsoft.com/en-us/training/paths/az-104-manage-virtual-networks/
----------------------------------------------------------------------------------------------
https://learn.microsoft.com/en-us/training/paths/az-104-monitor-backup-resources/
----------------------------------------------------------------------------------------------
https://learn.microsoft.com/en-us/credentials/certifications/azure-administrator/renew/
----------------------------------------------------------------------------------------------
https://learn.microsoft.com/en-us/credentials/certifications/resources/study-guides/az-104
==============================================================================================
AZ-104 Azure Administrator Study List : John Savill's Technical Training : YT /@NTFAQGuy
----------------------------------------------------------------------------------------------
https://www.youtube.com/playlist?list=PLlVtbbG169nGlGPWs9xaLKT1KfwqREHbs
==============================================================================================
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
==============================================================================================
+ "A" DNS records ensure a site resolves a URL even if VM IP address changes
+ Access Key Rotation: storageAccount: AK allows to access Container|share|Table|Queue
+ Access Key Rotation: AKneedsUpdate;SASneedsUPD(signedW/AK) < only portal Access Remains
+ Administrative Units > RBAC > departments|boundaries|scope_management_permissions
+ Application Security Groups (ASG) > VMs same VNET < combined with NSG
+ ASG > associate NICs > used within a NSG to apply Network Security Rules > group VMs
+ Availability Sets > UpdateDomains > min#VMs_available > distrVMs > calc 1FDdown w/ mostVMs
+ Availability Zones > 3 per Azure region > Applies to VMSS VM Scale Sets
+ Azure AD Group > dynamic membership rule > user.properties
+ Azure Backup > EnhancedBackupPolicy > VM > more than once a day (e.g.:each12Hs) < RSV
+ Azure Backup > highest VM backup frequency = Every day
+ Azure Backup > Scale up APP service plan first if Backup Options not available in WebAPP
+ Azure Backup > STDpolicy > VM > retention_period(instantRecoverySnapshots)=5daysMAX
+ Azure Backup Reports > 1CreateLOGanalyticsWorkspace > 2ConfigureDiagnosticSettings/Vault
+ Azure Backup Server > MARS > Az Recovery Services Agent > BKP specific files+folders
+ Azure Bastion deploy > dedicated subnet AzureBastionSubnet same VNET /26/25/24 +publicIP
+ Azure Bastion Hosts > deploy 1 per VNET per Azure region > R1VNET1=1host;R1VNET2=1host
+ Azure Container Registry image -> 1.installDocker 2.AuthDocker 3.PullIMG>ACR>VM (run)
+ Azure Firewall deploy > Create new Subnet for VNET > better CTRL+isolation > SecurityPLCY
+ Azure Private DNS zone <-> VNET > Auto Registration ON > VM > PTR record privIP auto add
+ Azure Storage Account Blob Container Authorization types = Azure AD | Storage Key | SAS
+ Azure VM+VNET1 resolve privDNS(+Arecord) > DNS_zone: Add Virtual Network Link
+ Azure Web App runtimes -> 1 App service plan per runtime type : .NET ASP.NET PHP etc
----------------------------------------------------------------------------------------------
+ Backup Vault > create 1st to backup Azure Managed Disk /BKPplcy/
----------------------------------------------------------------------------------------------
+ CD / Continuous Delivery for VM > first Create Azure DevOps Organization > CI/CD
+ Container instance > deploy to emptySubNET or SubNETw/APPcontainer + CONTNR_GROUP < VNET
+ Container Instances > connect_to_VNET < same Azure Region < Netw visibility/availability
+ Customer-managed keys > encryption for blob+file+table+queue (Blob+File)byDefault
----------------------------------------------------------------------------------------------
+ Data WareHouse Workloads > mission critical > Mv2-Series|M-series > vCoreCounts++ MEM++
+ Deploy Docker Image containing APP -> Deploy Azure APP Service + Azure Container Registry
+ Deployment Slots > 5 slots STD APP Service plan > Scale UP APP service plan for ++slots
+ Deployment Slot Swap > APPsettings f/APPm slot / slot.overvw.conf.swap.prev.slot_swap_prev
+ DNS A record maps hostname to IP (resolves) / CNAME maps hostname-to-hostname /
----------------------------------------------------------------------------------------------
+ Encryption Scopes : key scoped to Container or individual Blob : secured boundaries
----------------------------------------------------------------------------------------------
+ Fault Domains > --platform-fault-domain-count > Availability Sets > configureFD
+ File Level Restore = VMs if not encrypted < ADE VMs < recover full VM (noFileFolderLevel)
+ File Rehydrate+movetoHOT(lastmodifNOTRESET):moveBlobtoCool/Archive:since_rehydrate:24Hs
----------------------------------------------------------------------------------------------
+ GiTHUB integration > GITHUB_sourceCODErepository for AzWebAPP > use Deployment Center
+ GiTHUB Actions > integrate WebAPP > modify Runtime Stack
----------------------------------------------------------------------------------------------
+ KeyVault Authentication > User assigned managed indentity + System assigned managed ident
----------------------------------------------------------------------------------------------
+ Minimize Costs > APP service plan size = "Dev / Test F1"
----------------------------------------------------------------------------------------------
+ NSG > can be attached to VNsubnet and/or NIC in a VM < Network Security Group
+ NSG > highest priority for inbound security rules = 100 ( # between 100 & 4096 )
----------------------------------------------------------------------------------------------
+ Orchestration Mode > Scale Sets > CHGorchMode f/ multVMmachineTypes O.M.(UNIF->FLEX)
----------------------------------------------------------------------------------------------
+ Password Protection > EnforcedCustList=[...]+CustBannedPWDList=companydomain/C0mp4nyD0m4iN
+ Persistent Storage > Azure Container Instance > Docker image > AzStorageAccount+FileShare
+ Proximity Placement Group > AzResources_Single_Region > VM & Disk (IP also) [VNETexcluded]
+ Publish Web App -> select Code instead of DockerContainer to select runtime stack
----------------------------------------------------------------------------------------------
+ Recovery Services Vault > create RSV first (VM/AzureBackUP) then STOrepl.BKPplcy.TRGGbkp
+ Recovery Services Vault > location dependent > create a vault for each region
+ Recovery Services Vault > upto 32TB(256TBcombined) < VMlimits
+ Report Reader Role > can be assigned to = User + system-assigned managed identity for VM
+ Rotate the keys > Storage account > CHG keys used to access > all users w/access > in
+ Runtime Stack > 1 APP service plan per runtime stack
----------------------------------------------------------------------------------------------
+ Service Endpoint > ensures VM can access Storage Account via Azure Backbone
+ Service Endpoints > Existing Azure Firewall stops working > switch from pubIP to privIP
+ Service TAGs > resources that can use = NSG > inbound tags > outbound tags > VMnetSecRule
+ Service TAGs > used to secure allowed inbound traffic > Source Security Rule < NSG
+ Shared Access Signature (SAS) > access Storage Account via Azure Storage Explorer
+ Shared Access Signature (SAS) > provide time-limited access to Storage Account.
+ SMB protocol settings > authentication > storage Account Key (NTLMv2)mountAZfileshare
+ Soft Delete > Azure Backups protection > VMs + File_Shares + SQL_servers
+ Storage Account Lifecycle Management:BlockBlobs+AppendBlobs(GPv2|PREMblockblob|BlobStorAcct)
+ Storage File Data SMB Share Reader Role (FileShare) > Azure Portal/STOacct/AADauthSettings
+ Store Container Image into Azure Container Registry > URL > myregistry.azurecr.io
----------------------------------------------------------------------------------------------
+ User Administrator Role > Azure AD role > Assign Licenses + Reset Passwords
+ User Administrator Role > principle least privilege > Admin can create Access Reviews
----------------------------------------------------------------------------------------------
+ VM resize > disks:Preserved;APPrunningState:Preserved_afterReBoot;
+ VNET > Settings > DNS servers > Default(Azure-provided)/Custom > VM resolve privDNSzone
+ VNET Peering > Same Azure Region Same SUBSC | Same Region diff SUBSC | diff SUBSC
----------------------------------------------------------------------------------------------
+ Web App -> staging slots per APP : 5=STD / 20=Premiumv1-3=Isolated / 0=Basic=Free=Shared
+ WebJobs > run Windows/Docker_onWindows > WebJobs are not supported for APPservice Linux
==============================================================================================
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
==============================================================================================