Describe Azure management and governance

Question 1

Describe factors that can affect costs in Azure

Answer 1

• Resource type
• Consumption
• Maintenance
• Geography
• Subscription type
• Azure Marketplace

Question 2

Pricing calculator

Answer 2

The pricing calculator is designed to give you an estimated cost for provisioning resources in Azure. You can get an estimate for individual resources, build out a solution, or use an example scenario to see an estimate of the Azure spend. The pricing calculator’s focus is on the cost of provisioned resources in Azure.
With the pricing calculator, you can estimate the cost of any provisioned resources, including compute, storage, and associated network costs. You can even account for different storage options like storage type, access tier, and redundancy.

Question 3

TCO calculator

Answer 3

The TCO calculator is designed to help you compare the costs for running an on-premises infrastructure compared to an Azure Cloud infrastructure. With the TCO calculator, you enter your current infrastructure configuration, including servers, databases, storage, and outbound network traffic. The TCO calculator then compares the anticipated costs for your current environment with an Azure environment supporting the same infrastructure requirements.

Question 4

Microsoft Cost Management tool

Answer 4

Cost Management provides the ability to quickly check Azure resource costs, create alerts based on resource spend, and create budgets that can be used to automate management of resources.

Question 5

Cost analysis

Answer 5

Cost analysis is a subset of Cost Management that provides a quick visual for your Azure costs.
View the total cost in a variety of different ways, including by billing cycle, region, resource, and so on.

You use cost analysis to explore and analyze your organizational costs. You can view aggregated costs by organization to understand where costs are accrued and to identify spending trends.

And you can see accumulated costs over time to estimate monthly, quarterly, or even yearly cost trends against a budget.

Question 6

Cost alerts

Answer 6

Cost alerts provide a single location to quickly check on all of the different alert types that may show up in the Cost Management service.

The three types of alerts that may show up are:

• Budget alerts
• Credit alerts
• Department spending quota alerts.

Question 7

Budgets

Answer 7

A budget is where you set a spending limit for Azure. You can set budgets based on a subscription, resource group, service type, or other criteria.

Question 8

Tags

Answer 8

Resource tags are another way to organize resources. Tags provide extra information, or metadata, about your resources.

Question 9

Microsoft Purview

Answer 9

Microsoft Purview is a family of data governance, risk, and compliance solutions that helps you get a single, unified view into your data. Microsoft Purview brings insights about your on-premises, multicloud, and software-as-a-service data together.

Question 10

Microsoft Purview: risk and compliance

Question 11

Microsoft Purview: unified data governance.

Question 12

Azure Policy

Answer 12

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources. These policies enforce different rules across your resource configurations so that those configurations stay compliant with corporate standards.

Question 13

Azure policies - info

Answer 13

Azure Policy evaluates your resources and highlights resources that aren’t compliant with the policies you’ve created. Azure Policy can also prevent noncompliant resources from being created.

Azure Policies can be set at each level

Azure Policies are inherited

Question 14

Azure Policy initiatives

Answer 14

An Azure Policy initiative is a way of grouping related policies together. The initiative definition contains all of the policy definitions to help track your compliance state for a larger goal.

Question 15

Resource locks

Answer 15

A resource lock prevents resources from being accidentally deleted or changed.

Even with Azure role-based access control (Azure RBAC) policies in place, there’s still a risk that people with the right level of access could delete critical cloud resources.

Resource locks can be applied to individual resources, resource groups, or even an entire subscription.

Resource locks are inherited.

Question 16

Types of Resource Locks

Answer 16

• Delete means authorized users can still read and modify a resource, but they can’t delete the resource.
• ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

Question 17

manage resource locks?

Answer 17

You can manage resource locks from the Azure portal, PowerShell, the Azure CLI, or from an Azure Resource Manager template.

Question 18

Service Trust portal purpose

Answer 18

The Microsoft Service Trust Portal is a portal that provides access to various content, tools, and other resources about Microsoft security, privacy, and compliance practices.

The Service Trust Portal contains details about Microsoft’s implementation of controls and processes that protect our cloud services and the customer data therein.

Question 19

Azure portal

Answer 19

The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription by using a graphical user interface.

You can:
- Build, manage, and monitor everything from simple web apps to complex cloud deployments
- Create custom dashboards for an organized view of resources
- Configure accessibility options for an optimal experience

Question 20

Azure Cloud Shel

Answer 20

Azure Cloud Shell is a browser-based shell tool that allows you to create, configure, and manage Azure resources using a shell. Azure Cloud Shell support both Azure PowerShell and the Azure Command Line Interface (CLI), which is a Bash shell.

Question 21

Azure PowerShell

Answer 21

Azure PowerShell is a shell with which developers, DevOps, and IT professionals can run commands called command-lets (cmdlets). These commands call the Azure REST API to perform management tasks in Azure.
Cmdlets can be run independently to handle one-off changes, or they may be combined to help orchestrate complex actions such as:
- The routine setup, teardown, and maintenance of a single resource or multiple connected resources.
- The deployment of an entire infrastructure, which might contain dozens or hundreds of resources, from imperative code.

Question 22

Azure CLI

Answer 22

The Azure CLI is functionally equivalent to Azure PowerShell, with the primary difference being the syntax of commands. While Azure PowerShell uses PowerShell commands, the Azure CLI uses Bash commands.

The Azure CLI provides the same benefits of handling discrete tasks or orchestrating complex operations through code. It’s also installable on Windows, Linux, and Mac platforms, as well as through Azure Cloud Shell.

Due to the similarities in capabilities and access between Azure PowerShell and the Bash based Azure CLI, it mainly comes down to which language you’re most familiar with.

Question 23

Azure Arc

Answer 23

Arc lets you extend your Azure compliance and monitoring to your hybrid and multi-cloud configurations. Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Azure Arc provides a centralized, unified way to:
- Manage your entire environment together by projecting your existing non-Azure resources into ARM.
- Manage multi-cloud and hybrid virtual machines, Kubernetes clusters, and databases as if they are running in Azure.
- Use familiar Azure services and management capabilities, regardless of where they live.
- Continue using traditional ITOps while introducing DevOps practices to support new cloud and native patterns in your environment.
- Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions.

Question 24

Azure Resource Manager

Answer 24

Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. Anytime you do anything with your Azure resources, ARM is involved.

Question 25

Infrastructure as code

Answer 25

Infrastructure as code is a concept where you manage your infrastructure as lines of code. At an introductory level, it’s things like using Azure Cloud Shell, Azure PowerShell, or the Azure CLI to manage and configure your resources. As you get more comfortable in the cloud, you can use the infrastructure as code concept to manage entire deployments using repeatable templates and configurations.
ARM templates and Bicep are two examples of using infrastructure as code with the Azure Resource Manager to maintain your environment.

Question 26

ARM templates

Answer 26

By using ARM templates, you can describe the resources you want to use in a declarative JSON format.
With an ARM template, the deployment code is verified before any code is run.
This ensures that the resources will be created and connected correctly. The template then orchestrates the creation of those resources in parallel.

Question 27

Bicep

Answer 27

Bicep is a language that uses declarative syntax to deploy Azure resources. A Bicep file defines the infrastructure and configuration. Then, ARM deploys that environment based on your Bicep file. While similar to an ARM template, which is written in JSON, Bicep files tend to use a simpler, more concise style.

Question 28

Azure Advisor

Answer 28

Azure Advisor evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs. Azure Advisor is designed to help you save time on cloud optimization. The recommendation service includes suggested actions you can take right away, postpone, or dismiss.

Question 29

Azure Advisor categories

Answer 29

The recommendations are divided into five categories:
- Reliability is used to ensure and improve the continuity of your business-critical applications.
- Security is used to detect threats and vulnerabilities that might lead to security breaches.
- Performance is used to improve the speed of your applications.
- Operational Excellence is used to help you achieve process and workflow efficiency, resource manageability, and deployment best practices.
- Cost is used to optimize and reduce your overall Azure spending.

Question 30

Azure Service Health

Answer 30

Microsoft Azure provides a global cloud solution to help you manage your infrastructure needs, reach your customers, innovate, and adapt rapidly. Azure Service Health helps you keep track of Azure resource, both your specifically deployed resources and the overall status of Azure.

3 servics
- Azure Status
- Resource Status
- Resource Health

Question 31

Azure Service Health - Azure Status

Answer 31

Is a broad picture of the status of Azure globally.
Azure status informs you of service outages in Azure on the Azure Status page. The page is a global view of the health of all Azure services across all Azure regions.
It’s a good reference for incidents with widespread impact.

Question 32

Azure Service Health - Service Health

Answer 32

Provides a narrower view of Azure services and regions. It focuses on the Azure services and regions you’re using.

This is the best place to look for service impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Service Health experience knows which services and resources you currently use.

Question 33

Azure Service Health - Resource Health

Answer 33

Resource Health is a tailored view of your actual Azure resources. It provides information about the health of your individual cloud resources, such as a specific virtual machine instance.

Question 34

Azure Monitor

Answer 34

Azure Monitor is a platform for collecting data on your resources, analyzing that data, visualizing the information, and even acting on the results. Azure Monitor can monitor Azure resources, your on-premises resources, and even multi-cloud resources like virtual machines hosted with a different cloud provider.

Question 35

Azure Log Analytics

Answer 35

Azure Log Analytics is the tool in the Azure portal where you’ll write and run log queries on the data gathered by Azure Monitor.

Question 36

Azure Monitor Alerts

Answer 36

Azure Monitor Alerts are an automated way to stay informed when Azure Monitor detects a threshold being crossed. You set the alert conditions, the notification actions, and then Azure Monitor Alerts notifies when an alert is triggered. Depending on your configuration, Azure Monitor Alerts can also attempt corrective action.

Question 37

Application Insights

Answer 37

Application Insights, an Azure Monitor feature, monitors your web applications. Application Insights is capable of monitoring applications that are running in Azure, on-premises, or in a different cloud environment.

There are two ways to configure Application Insights to help monitor your application. You can either install an SDK in your application, or you can use the Application Insights agent. The Application Insights agent is supported in C#.NET, VB.NET, Java, JavaScript, Node.js, and Python.