305 Flashcards
Describe what an Azure Tenant is?
An Azure Tenant is a container for managing identity and security for an organization. It refers to the instance of Azure Active Directory (Azure AD) that is specific to an organization and allows them to manage users, groups, roles, and applications, as well as integrate with external service.
A tenant in Azure is a container for management groups, subscriptions, resource groups, and resources.
Describe what an Azure Subscription is?
- An Azure Subscription is a container for Resource Groups and Resources and is a container for RBAC and Costs
- An Azure Subscription is a container for resources, and it is linked to an Azure account for billing purposes. Subscriptions define the boundaries for billing, resource allocation, and administrative control. It is also where policies and role-based access control (RBAC) are applied to manage resource access and governance.
Is it possible to associate a subscription with two Azure Tenants?
No, an Azure Subscription can only be associated with a single Tenant.
- Is it possible to associate three Azure Subscriptions with one Azure Tenants?
Yes, an Azure Tennant can have many subscriptions associated with it.
List all the Azure Identity types available in Azure Entra Id?
Users
Managed Identity
Service Principles
Groups
Device Identities
When would you use Managed identity?
When you wnat a service in Azure to access another service in Azure.
Describe a use case where you would use an Azure Entra ID Service Principle?
Where you have an Application that wants to access Azure Resources.
You create an Azure Service Principle by registering the application with Azure Entra ID and then making the Azure Entra ID Service principle assocated with the application. The service principle is then used by using the Service principle with RBAC to assign privileges to access Azure resources.
Describe what an Azure Entra ID User is?
An Azyre Entra ID User is either an internal or external user. Internal users are users thet are Members, and external users are Guests. Internal users belong to the Azure Entra Id domain or part pf the on-prem domain thet is synced with Azure Entra ID.
What is an Azure dynamic group?
An Azure Entra ID Group is a container for Users and Devices; this container can be assigned roles for both Azure Entra ID and Azure resources.
Describe what an Azure Entra ID Group is used for?
An Azure Entra ID Group is a container for both Devices and users to manage these Users and Devices as groups, where roles for both Azure Entra ID and Azure Resources can be assigned. This type of group is what we call an assigned group, meaning its manually managed by an administrator.
I require a way to manage groups of users automatically. When a user is created in Azure Entra ID, the user is automatically assigned to one of several groups. Each group represents an organization’s departments; we have accountancy, manufacturing, and HR. The user should be assigned to the relevant group based on properties like department. How can we achieve this?
We can set up dynamic groups for the departments in our organization and have the
Can I use dynamic groups on a standard subscription?
No. Azure Active Directory (Azure AD) Premium P1 or Premium P2 subscription.
What is the topmost level in Azure?
Azure teanant?
Can I assign a subscription to more than a single tenant?
No, a subscription can only be assigned to a single tenant.
How cna I have Azure SQL prefrom multi-master writes?
You can’t, but you could opt for CosmoDB.
Can I associate two subscriptions with a single tenant?
Yes, 100%
I want to create a group of users to whom I can assign permissions. How can I do this?
Use Azure Group under Entra ID.
I have an application, and I wnat to ab able to access Azure services; what do I require to access the Azyre service?
Register the application with Azure Entra ID and set up a service principle.
What is an assigned group in Azure
Admin or owner decides on membership; you manually control the member shop
I have added groups of users, and I want an easy way to automatically sign off on permissions for these groups; how can I do this?
Use dynamic groups and set up the attributes to automatically add new users to the dynamic group, then assign permission to the group.
What is a security group?
It depends. There are two types of security groups in Azure: an Azure network security group and an Azure ID security group.
What is a hybrid environment?
A hybrid environment consists of one or more Azure accounts and one or more on-prem data centers or locations.
What is a hybrid identity?
Is an identity that is used in both in Azure and on-prem
What is Azure AD B2B Connect (Entra ID B2B Connect)
It enables you toy use external identities by connecting with
What is Azure Domain Services (Entra Domain Services)
You need to establish a trust relationship with another Microsoft Entra External ID what services would you use?
B2B direct connect
What is Entra ID B2B direct connect?
Azure B2B (Business-to-Business) is a feature within Azure Active Directory (Azure AD) that allows organizations to securely share their applications and services with guest users from any other organization
Where would you use Entra ID B2B direct connect?
What are external identities in the context of Entra ID B2B direct connect?
An external identity in the context of Entra ID B2B direct connect is an identity thet gets invited from an external Microsoft Entra ID, and will be added to Azure Entra ID as a guest. And as they are a guest, they do not automatically have any rights to access resources, they will have to be explicitly granted access to resources.
List the types of identity groups types in Azure?
Internal identity, external identity, hybrid identity
What is a hybrid identity?
A hybrid identity services both on-prem and Azure Entra ID and enables the identity to be shared between on-prem and Azure of a seamless login experience.
What is an internal identity?
An internal Azure identity is an identity thet is part of Azure Entra ID and is one of three identities: a user, a service principle, and a managed identity.
What is an external identity?
An external identity can be a B2B identity or B2C
What is a service principle used for?
What is a managed identity?
What is a managed identity used for?
For external Azure identities, what types of external identitiesare supported?
Microsoft accounts, like Outlook, Hotmail or live
I have an individual contractor, and what to give them access to resources in my Azure tenant; how can I do this without setting up a new internal account?
You can invite them using their Microsoft account, outlook, life, or Hotmail.
How can I allow an external school to access resources in my Azure tenant?
If the school already has a Microsoft account for students, they can be added as an external identity.
I wnat to provide an external user with temporary access to an internal application; how can I do this?
You can use B2B Email one-time password OTP. This sends the user a one-time password in their email to sue, and when they log in, they get access; the password is time-limited.
How can I enable users in another organization with an Entra ID to access resources in my Azure Tennant?
You can use Azure B2B direct connect to allow access by creating a cross-tenant.
I wnat to use external B2B to invite users to access resources in my Azure tenant; what types of users can I ask?
Any email using the time-limited OTP. Entra ID, Facebook, Google, Microsoft
I wnat to ass en external orgnization team to access resources in my Azure Tennant; how can I do this?
You can use B2B Connect and cross-tenant access. You add an organization by using the domain name or tenant ID. Azure search will find the tenant for you to add.
I want my team in my orgnization, who has an Azure Entra ID set up and is using it already, to access resources in another organization’s Azure account; what do I need to have the other organizations do to give me?
You will wnat another orgnization to give your organization access to resources by inviting you to access using the B2B connect using the cross-tenant setup, using your domain name or tenant ID; they will ten have to assign permissions to access resources
When external users are added to your Azure Entra ID, what type of user are they?
The users are of type HUEST.
When external users are added to your Azure Entra ID, what access do they have as default?
They have no access to any resources. If RBAC has been used to allow guests access to a resource, then the newly added guests will have access to this resource.
Is it possible to give tenant access in both directions for Azure Entra ID in two tenants?
Yes
I am intending giving access to external identities using B2B external identities, but I wnat to ensure they have been authenticated using MFA; how can I accomplish this?
You can use ‘Conditional Access Policies’ to require an external user to use MFA; this can be configured
When using Azure Entra ID external cross-tenant settings, what are inbound settings?
They are the settings thet control how
Where in Azure are the settings for external identities located?
In Azure Entra ID
What are Azure Entra ID external cross-tenant settings?
There are several settings in the Azure Entra ID external identities under cross-tenant settings that enable you to control both incoming and outgoing access.
What are the default settings for outbound for Azure Entra ID external cross-tenant?
- By default, there is no restriction on which users can be invited to collaborate with external tenants. However, specific configurations can be applied later.
The default setting allows all applications to be used in cross-tenant scenarios. This means your users can access apps in other tenants unless specific restrictions are configured.
I want to ensure that the orgnization users do not collaborate with other Azure tenants; how can I do this?
What are the default settings for inbound Azure Entra ID external cross-tenant?
- B2B Collaboration - External Users and Groups: All allowed: External users from other Azure Entra tenants can collaborate with your users without any restrictions. This allows external users to be invited into your tenant as guests and access resources like SharePoint, Teams, or other applications that support B2B collaboration.
B2B Collaboration—Applications: All allowed: Explanation: External users from other tenants can use your organization’s applications if they are given appropriate permissions. This setting enables applications within your tenant to be accessed by users from external tenants.
-B2B Direct Connect - Applications: All blocked: Applications within your tenant cannot be accessed via B2B Direct Connect by users from external tenants. This blocks real-time direct connections for specific applications, enhancing security by limiting access to only internal users or specifically allowed external users.
Trust Settings: N/A (Disabled): This indicates that no special trust settings are applied to external tenants by default. For instance, your tenant does not automatically trust other tenants’ Multi-Factor Authentication (MFA) or compliant device settings. Any trust configurations must be set up explicitly in the organizational settings tab.
What is Azure Entra ID cross-tenant sync?
Azure Azure Entra ID cross-sync will enable you to add an external Azure Entra ID so they you can push
Your orgnization is acquiring an org called JetPack; they have an Azure tenant; how best to merge this tenant from an Azure Entra ID perspective to allow their users access resources in your organization’s current Azure tenant?
Use Azure Cross-Tenant Sync to enable users to be synced across tenants.
What service would you use in Azure to enable external individual users to get access to my resources
Azure B2B connect.
I have an organization called Koke, which purchased a company called Kepsi. I want Koke users to access Azure resources in Koke. How can I do this using Azure Entra ID, and what are the steps to set it up?
You can use Azure Entra ID Sync to sync the users in Kepsi into Koke. You must configure Azure Entra ID cross-tenant setting and cross-tennant sync to set this up.
Cross-tenant settings for Kepsi: set koke.com and set outbound access with Trust-suppress user consent.
Cross-tenant settings for Koke: set kepsi.com and set inbound access with Trust-suppress user consent, cross-tenant sync-> allowed
Cross-tenant sync for Kepsi: provisioned automatic, perform mapping of attributes
I have an organization called Koke, which purchased a company called Kepsi. I want Koke users to access Azure resources in Koke. How can I do this using Azure Entra ID?
You cna use Azure Entra ID Sync to sync the users in Kepsi into Koke.
Azure Entra ID cross-tenant sync: are syncs real-time?
No, it is every 40 minutes by default, but you can change this. But you can create a group and have users mapped as thet are created or altered.
Azure Entra ID cross-tenant sync, what are mappings?
When configuring Azure Entra ID cross-tenant sync, you map the attributes between tenants.
Azure Entra ID cross-tenant sync, can you see the sync logs?
Ues they are availab in the browser, API, CLI.
What is the hierarchy for RBAC in Azure?
Management group -> Subscriptions -> Resource groups -> Resources
Why use a resource group?
To group resources with the same life cycle.
If I create a policy to limit resource groups to regions, have I limited the resources to the same area?
No, because resources are separate from the resource group and do not have to be in the same region as the resource group.
Can you follow resource groups?
No, they are a single-flast structure
When we need to control access to resource based on conditions like locations, what can we be using?
Azure Entra ID Conditional Access Policy
What is a scope?
A management group, subscriptions, resource group, resource
Can you use tags with policy?
Yes
How can you limit the location for resources to be deployed?
Azure policy
What is Azure identity protection?
Azure Identity Protection service that detects and mitigates identity-related risks using machine learning and threat intelligence. It helps protect user accounts by monitoring for suspicious activities and enforcing risk-based conditional access policies. The service provides automated responses, detailed security insights, and integrates with other Azure security tools.
Can I use Azure identity protection by subscribing to a P1 license?
No, it is a P2 feature.
I want to enforce when a user is outside the local network and tries to login in, thet they get asked to use MFA but not on the local network; how can I achieve this?
Use conditional access policies thet are part of Azure Entra ID.
I want to detect and understand risky users on my Azure Entra ID; I want to be able to report and view on a dashboard the risky users across the enterprise; how can I achieve this
Use Identity protection, and sign up for a P2 subscription for Identity Protection. It has a dashboard to view risky users across the enterprise.
I want to detect and understand risky logins on my Azure Entra ID, and I want to be able to report on and view risky users across the enterprise on a dashboard.
Use Identity Protection, and sign up for a P2 subscription for Identity Protection. It has a dashboard to view risky logins across the enterprise.
What are the four pillars associated with identity protection?
- Identify risk (Reporting)
- Enforcement (Enforce on risk) (conditional access)
- Investigate risk (Logs and information)
- Remediate risk (automatic, administrator)
Explain Azure Entra ID Identity Protection in the context of risk.
In the context of risk for Azure EntraID Identity Protection, it is when sign-in occurs, credential compromise,
I need a machine-learning solution to identify risky behaviors in users signing in to Azure Entra ID. What solution could I use?
Azure Entra ID Identity Protection uses machine learning to understand what is typical for a user sign-in and uses it to detect what is not regular sign-in.
I am concerned about identity compromise, such as users’ passwords being sold on the fast web. How could I protect my users in Azure Entra ID?
Azure Entra ID Identity Protection leverages Microsoft’s Threat Intelligence network, which continuously monitors and collects data from various sources, including the dark web. This data is used to identify compromised credentials and other security threats.
What happens when Azure Entra ID Identity Protection detects compromised credentials from the dark web?
When Azure Entra ID Identity Protection detects compromised credentials from the dark web, it flags the affected user accounts. It can automatically trigger responses such as requiring a password change, enforcing multi-factor authentication (MFA), or blocking access until the issue is resolved.
Does Azure Entra ID Identity Protection proactively scan the dark web for specific user credentials?
No, Azure Entra ID Identity Protection does not proactively scan the dark web for specific user credentials.
Instead, it relies on data collected by Microsoft’s Threat Intelligence network, which includes compromised credentials found on the dark web.
How does Azure Entra ID Identity Protection use dark web information to protect identities?
Azure Entra ID Identity Protection uses information from the dark web to identify when user credentials have been compromised. It then applies risk-based policies to protect the affected accounts, such as requiring additional verification or blocking access to prevent unauthorized use.
Is it correct to say that Azure Entra ID Identity Protection only protects users when their information is on the dark web?
o, this is not correct. While Azure Entra ID Identity Protection uses information from the dark web as one source of threat intelligence, it also protects users by analyzing various other risk signals, such as unusual sign-in activity, and implementing risk-based policies.
What is the role of Microsoft’s Threat Intelligence network in Azure Entra ID Identity Protection?
Microsoft’s Threat Intelligence network plays a crucial role in Azure Entra ID Identity Protection. It gathers and analyzes data from numerous sources, including the dark web, to detect potential security threats and help protect user identities.
Can Azure Entra ID Identity Protection take automated actions based on dark web information?
Yes, Azure Entra ID Identity Protection can take automated actions, such as enforcing password resets, blocking access, or requiring MFA, based on detecting compromised credentials from the dark web or other risk indicators.
What type of risks is Azure Entra ID Identity Protection looking for when a user signs in?
- Anomily Detection (Sign in, user activities) (Sign-in)(real-time)
- Known attack patterns
- Leaked credentials (User)
- Anonymous IP address
- Atypical travel (Sign-in) (Offline)
- Malware-linked IP address
- Unfamiliar sign-in property (Sign-in) (Realtime))
What are the types of detection periods for Azure Entra ID Identity Protection?
- Real-time (Signin risk)
- Offline (24hrs) (User risk)
What time frame is used for user risk for Aure Entra ID Identity Protection?
Offline (24hs): Like user risk being leaked creds
What time frame is used for sign-in risk for Aure Entra ID Identity Protection?
Real-time: When the user tries to sign in, the risk is evaluated, and if action is required, like denying, it will be taken.
Azure Azure Entra ID
How do we take enforcement actions?
We use conditional access
I wnat to have the ability to review users’ access for Azure; I also want the ability to take action if there are issues found; how can I achieve this?
Use Azure Entyra ID and access reviews
What is the service called thet we can use to protect our identities?
Azure Identity Protection
What license do I need for identity protection?
L2
What is the core of what identity protection provides?
-Sign-in protection
–Has creds been leaked
–Is the user using anonymous IP
–Impossible travel
–Sign-in from an infected device
–Sign-in from IP with suspicious traffic
–Sign-in from an unfamiliar location
-User action protection
What can you use when you get an even from Identity Protection?
You can use risk policies to block, or you can ask the user to use MFA
What are the two policy types associated with identity protection?
Sign-in risk policy
Users risk policy
Are Azure Entra ID Identity Protection Users risk policies in real-time?
No, there are 24hrs
Are Azure Entra ID Identity Protection Sign-in risk policies in real-time?
Yes
What can we do when we find an Azure Entra ID Identity Protection risk policy has been activated?
Block sign-in
Endorce users change password
MFA
I have a group of users, and I want to ensure that if they attempt to sign in from a location thet would not be typical, they are blocked; how can I do this?
Use conditional address.
I wnat to have a situation where if users’ activities are identified as a risk by Microsoft thet, they are reported to me; how can I do this?
I can use Azure Entra ID Identity Protection and its reporting capabilities.
I wnat to have a situation where if users sign in and are identified as a risk by Microsoft thet, they are reported to me; how can I do this?
I can use Azure Entra ID Identity Protection and its reporting capabilities.
I wnat to have a user use MFA when they log in for a location other than the office; how can I do this?
Conditional access policy
I wnat external users always to use MFA to access my resources; how can I do this?
Conditional access policy
I wnat to prevent access from untrusted or high-risk geographical regions by blocking?
Conditional access policy
I wnat to block access when blocking a user’s access or require step-up authentication (MFA) if they are flagged for risky behavior.
Conditional access policy
How cna i, Allow personal devices to access corporate email or data but enforce conditions like MFA or limited app access (e.g., blocking the download of files from SharePoint)?
Conditional access policy
When using conditional access, what signal types are they?
Location
Country
Device
Browser
Risk
I wnat to add several countries where I can have users use MFA and another set of countries thet are blocked users if accessed from; how can I do this?
Add the countries in Azure Entra ID Conditional access and then use them in the conditional access policy.
I wnat to add a IP range and have users blocked if access comes from this range; how can I do this?
Add the ip range in Azure Entra ID Conditional access and then use them in the conditional access policy.
How do I create an Azure Entyra ID conditional access policy?
Name, All Users, Group of users (Guests (as in external), Directory roles, users and groups),
When creating an Azure Entyra ID conditional access policy, I want to exclude users from it. Is this possible?
Under the Exclude Users tab, you can select users and groups to be excluded from the policy.
I wnat to ensure that my most privileged users have to request access when using these privileges; how can I do this?
Setup Privilege Identity management (PIM)
How cna I have it thet when Jim who has global admin privileges, is not working, he does not have their privileges?
Setup Privilege Identity management (PIM)
I wnat to get notified when a user with global admin is using these privileges; how can I do this?
Setup Privilege Identity management (PIM)
How can I remove privileges when they are not needed?
Access reviews
How can I schedule a review of users, roles, apps, and guests who have unneeded privileges and automatically remove them?
Access reviews
If i wnat to use Access reviews, what license do I need?
P2
I wnat users to review their access every month; how can I do this?
Using the Azure Entra ID, privileged Identity management and use review.
After users perform a review, what options do you have for those who did not respond?
No change
Remove access
Approve access
Take recommendations
I want a solution where I can have groups of users prefrom their security review each month; how can I do this?
Azure Entra ID Identity Governanence Access Reviews
What types of services has Azure for containers?
Container instance
Kubernetes
Cloud apps
How do we create a container?
Usine DOCKERFILE
What is a dockerfile?
FROM nginx:alpine
WORKDIR /usr/share/nginx/html
COPY ./index.html ./
How do I create a docker image?
Using a docker file?
Where do i store a docker image?
Azure image registry
Why use a docker image?
Because it an easy way to package content for docker or kubernetes
Why use container instances?
Fast and straightforward to get running and easy to manage small, simple individual running container instances.
When using container instances, can you persist files?
You would have to use Azure file share and mount a volume.
When using container instances, are containers isolated?
Yes, but you can use a container group thet will share resources if required.
How can two containers share resources and run on the same host when using a container instance?
Use a container group, and this will schedule the containers on the same host and share resources.
What types of networking have container instances available?
None (batch), private( private network), public(public network)
What container registry types are available in container instances?
Quick images
Axure container registry
Docker Huv or other registry
I wnat to use managed disks with my container images; what options do I have?
Azure kubernetes service, it supports managed disks
Can I use Azure Files with Azure Kubernetes?
Yes
I wnat to have a job run periodically; what options do I have?
Azure Batch
Azure APP service using WebJobs
What is required to allocate how much cost and size to app services?
App service plan
I require both Windows and Linux containers. Can I use app services?
Yes, app services provide for Windsows and Linux containers.
What types of pricing is available for app services?
Shared: Container runs on same compute as other customers
Dedicated: Runs on dedicated compute
Isolated: Deployted to customers’ own network
What types of functionality do you get with Azure App Service?
Scale-out
Scale-up
Private networking
Public networking
File storage
Database
Redis (cache)
What databases are supported with app service?
Postgres
MySql
MsSql
CosmoDB
I require different environments for dev, test, and prod. I want to use containers; what are my options? I also wish for fully managed services.
You cna use the fully managed app services thet have deployment slots that will allow you to deploy prod, qa, and prod using containers.
I require different environments for dev, test, and prod. I want to use containers; what are my options? I also wish for fully managed services. I must have each environment with its own configuration.
You cna use the fully managed app services thet have deployment slots that will allow you to deploy prod, qa, and prod using containers. Slots have their configuration for each slot.
I require different environments for dev, test, and prod. I want to use containers; what are my options? I also wish for fully managed services. I must have each environment with its configuration. I must also be able to switch slots and automatically have the scale of the system to the production size?
You cna use the fully managed app services thet have deployment slots that will allow you to deploy prod, qa, and prod using containers. Slots have their configuration for each slot. App services have slots, also called staging, thet can be switched and will automatically scaled out to the required size.
I am using containers and wnat to bleed over traffic from staging to production. What services in Azure should I run my containers on?
App services enable splitting traffic between staging and production.
When using the Apop service, how are the staging site rules added?
A -staging as in -<name> is used</name>
What is Azure Batch?
Fully managed HPC cluster and scheduling infrastructure.
There is no need to schedule an installation and manage
Devs can
When using Azure Batch, what do we get as a virtual construct?
Batch account
What are the elements that make up the batch account?
Account
Scheduler
Nodes/Node Pool
What storage can you access with Azure Batch?
Azure Blob
Azure Files
Azure Disks
Azure Auto Storage
What is Azure Batch Auto Storage
Azure Batch can automatically provision blob storage containers associated with your batch account. It’s often used to manage job input/output data for batch jobs automatically.
How do I deliver an application to Azure batch?
Through the API, using one of the supported application types, python, node, C#, PowerShell
What is the first thing you create when using Azure batch?
An Azure batch account
I wnat to access my batch account from my private network, my private network is connected to azure v rt using express route, how can I do this?
Use a service endpoint, service endpoint enables a private connection from a private vNET to a service, including Azure Batch
When setting up an Azure Batch, what constructs would you use?
Application
Pools
Jobs
Job schedules
What do you pay for with Azure jobs?
Time
What is Azure Cycle Cloud?
Azure CycleCloud helps manage High-Performance Computing (HPC) clusters in Azure, enabling users to easily create, configure easily, and scale resources. It supports popular HPC schedulers like SLURM and PBS Pro, offering autoscaling based on workload demand. The tool simplifies cloud HPC management, integrates with Azure services like Monitor and Cost Management, and is ideal for data-heavy fields like genomics(MS Learn)(Microsoft Azure.
Where can I find conditional access policies?
Entra ID -> Security -> Protect - > Conditional access
I wnat to use conditional access policies; what license do I need?
P1
What do Azure functions, web jobs, apps, and websites run on?
App service plan
I want to have isolated hosts; what do I need to create?
App Service Environment is a single-tenant environment.
What is an isolated host for Azure app service
It is a single-tenant App Service Environment.
I wnat to access to my Azure storage from my VM on a private vNET; how can I do this?
Use the Service endpoint to access all Azure Storage Accounts
Use a private endpoint to access only a single account
I wnat to access my Azure storage from my VM using a private IP; how can I do this?
Use a private service endpoint. The private service endpoint will connect to a single Azure storage account and get an IP and NIC in the vNET to access it.
I wnat my application in a private vNET with no public network access, to access all my Azure storage accounts; how can I do this?
Use Azure service endpoint; Azure service endpoint gives access to all Azure storage accounts.
What am I connecting from and to when I create an Azure Service EndPoint?
From a vNET to a whole service like an Azure Storage account
When I create an Azure Service Endpoint, is the IPO address of the service private?
No, it uses the Azure public IP, but traffic is over the Azure network.
When I create an Azure Private Endpoint, is the IP address of the service private?
Yes, the endpoint is private, and it appears to be a NIC in your vNET
When I create an Azure Private Endpoint, can you access all storage accounts, for example?
No, it is a one-to-one relationship; you can only access a single account.
When I create and use Azure Private Endpoint, are they free?
No, you pay per hour and GB
When I create and use Azure Service Endpoint, are they free?
Yes
I have an on-prem local network application called the Kola app that I would like to make available to my users who work from home. How can I do this without using a VPN or having a user connect to the local network?
Azure Entra ID App Proxy enables me to expose any application but use Azure Entra ID to secure it.
I am using Azure App service but do not have a VPN or Expressroute connection to Azure; I want to present an endpoint on my on-prem network from an application running on Azure App Service. How can I do this
Azure App Service Hybrid Connections enables you to install the software locally and create an endpoint for your app service locally on-prem.
I have an on-prem local network application called the Kola app that I would like to make available to my users who work from home. I will use Azure AD App Proxy; what do I need to install on-prem?
Several proxies for scale and availability.
I have an on-prem local network application called the Kola app that I would like to make available to my users who work from home. The Kola app requires Kerberos. Also, I do not have a VPN or Expressroute to Azure. I want to expose this application to my remote users behind a secure Azure login. How can I do this?
You can use Azure Enbtra AD App Proxy, which is installed on-prem and connects to Azure Entra ID. It can proxy the application to remote users and ensure that the users have logged in using their Azure Entra ID credentials.
I have an on-prem local network application called the Kola app that I would like to make available to my users who work from home. The Kola app has its identity management. Also, I do not have a VPN or Expressroute to Azure. I want to expose this application to my remote users behind a secure Azure login. How can I do this?
You can use Azure Enbtra AD App Proxy, installed on-prem and connects to Azure Entra ID. It can proxy the application to remote users and provide passthrough for auth.
When using Azure Enbtra AD App Proxy, what is my first step?
Install the agent connector on-prem for Azure Enbtra AD App Proxy; you create a group of connectors.
What is a connector group in Azure App Proxy?
Agent connectors groups enable me to separate different apps on my on-prem network.
I wnat to deploy a single container and use the least resources and the least management, but I require deploying the instance so it is available in a vNET; what is my best portion?
Azure container instance, this is the least resources and lowest cost and is least management, and you can configure it for PRIVATE networking using a vNET.
Can I use a container register with container instances?
Yes
Can I use public networking with container instances
Yes
When using app services, what are the three types of pricing?
Shared
dedicated
Isolated
I require a way to deploy containers, and I want simple management of containers in a PaaS service. What is the best solution?
App Container Services
What types of plans have we for azure functions?
Consumption (Pay-As-You-Go)
Flex Consumption
Function premium
App Service (Both Functions and Web Apps on same plan)
Container App Environment
What is the name of pay as you go plan?
Consumption
I am going to be using Azure functions, and I require the use of vNET. Can I use the consumption plan?
- No, the consumption plan does not support vNETS.
- But we now have a new plan called Flex Consumption thet will support events
- Or you can use a premium plan
I intend to use Azure Function and Web Apps on the same project in the UK to help control a power station; what is the best plan to keep the cost to a minimum?
With both Functina and Web Apps on the same project, it may be best to use the app service plan thet enables the same plan to be used for both.
I am using a consumption plan for my Azure function. I am concerned about the timeout. What is the default timeout?
5min default, 10min max.
I am using a premium plan for my Azure function and am concerned about the timeout. What is the default timeout?
30min default, unlimited with configuration.
I want to make sure thet when using Azure Functions, I have pre-warmed instances. I intend to use the consumption plan; do I need to make any changes to my approach?
Yes, you will need to switch plans. The consumption plan does not support pre-warming, so you will need to use premium or flex consumption.
I am using Azure functions and wnat to use vNET; I intend to use a consumption plan; do I need to change my approach?
Yes, you will need to switch plans. The consumption plan does not support vNET, so you must use premium or flex consumption.
Are dedicated plans for App Services and Functions dedicated for your use only, meaning you are on an isolated host?
No, dedicated means you are on a shared host with dedicated resources not shared with any one else.
When using App Services and Functions, what plan is the most cost-effective for production?
use a non-dedicated plan
When should you choose a Consumption Plan for Azure Functions?
Choose a Consumption Plan when you have sporadic workloads, want to pay only for actual usage, and don’t need constant running of your functions.
In Azure Appservice and Functions; What is the main advantage of using a Dedicated (App Service) Plan for Azure Functions?
The main advantage is having dedicated VM instances, which provide better performance, more features, and the ability to run functions continuously.
In Azure Appservice and Functions, which scenario would you opt for an Isolated (App Service Environment)
Choose an Isolated Plan when you need the highest level of security, network isolation, and dedicated infrastructure for mission-critical applications with high compliance requirements.
In Azure Appservice and Functions, Which plan should you choose if you have an application with unpredictable traffic patterns and want to minimize costs?
The Consumption Plan is ideal for this scenario, as it automatically scales based on demand, and you only pay for the resources you use.
In Azure Appservice and Functions: When would you consider upgrading from a Consumption Plan to a Dedicated Plan for Azure Functions?
In Azure Appservice and Functions; Which plan would be most suitable for a high-traffic e-commerce website that requires consistent performance?
A Dedicated (App Service) Plan would be suitable, as it provides dedicated resources and consistent performance for high-traffic applications.
In Azure Appservice and Functions; Your application needs to comply with strict data residency requirements and must be completely isolated from other customers; which plan should you choose
The Isolated (App Service Environment) Plan is the best choice for strict compliance and complete isolation requirements.
In Azure Appservice and Functions; hich plan would you recommend for a small business website with moderate, consistent traffic?
Dedicated (App Service) Plan with a Basic or Standard tier would be suitable for a small business website with moderate, consistent traffic.
In Azure Appservice and Functions; When is it most cost-effective to use a Consumption Plan for Azure Functions?
It’s most cost-effective for applications with intermittent usage, where functions don’t need to run continuously, and when you want to pay only for actual execution time.
In Azure Appservice and Functions, If you need to run background processing tasks continuously alongside your web application, which plan should you choose?
Choose a Dedicated (App Service) Plan, as it allows you to run continuous WebJobs and background tasks alongside your web application on the same VM instances.
In Azure Appservice and Functions, what type of plans do we have?
Non-dedicated
Dedicated
Isolated
In Azure Appservice and Functions, what is a non-dedicated plan?
The plan is using shared resources, best suited
In Azure Appservice and Functions, what type of plans do we have?
In Azure Appservice and Functions, what type of plans do we have?
In Azure Appservice and Functions, what is a non-dedicated plan best suited to?
Sporadic or unpredictable workloads
Event-driven application
Small-scale or low-traffic applications
Development and testing
Cost optimization:
I wnat to use Azure Appservice and Functions in a dev environment. What plan should I use?
non -dedicated
In Azure Appservice and Function, what is the Azure name for a non-dedicated plan?
Consumption plan
In Azure Appservice and Function, what is the Azure name for a dedicated plan?
Basic
Standard
Premium
PremiumV2
PremiumV3
In Azure Appservice and Function, what is an isolated plan giving you?
App Service Environment
You are using the Azure app service. Recently, a newly pushed app to production caused outages; what could you do to fix this?
Use Azure app service deployment slots