book

Azure Architecture Explained

by David Rendón, Brett Hargreaves

September 2023

Intermediate to advanced

446 pages

10h 35m

English

Packt Publishing

Read now

Unlock full access

ForewordContributorsAbout the authorsAbout the reviewers
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
Protecting users’ identities and securing the value chain – the importance of IAM in decentralized organizationsAuthentication and authorization in AzureEngaging and collaborating with employees, partners, and customersThe significance of digital identities in the modern IT landscapeModernizing your IAM with Microsoft Azure ADLife cycle managementLeveraging the Microsoft Cloud Adoption FrameworkAzure AD terminology, explainedSecuring applications with the Microsoft identity platformSecuring cloud-based workloads with Microsoft Entra’s identity-based access controlAzure ADMicrosoft Entra Permissions ManagementMicrosoft Entra Verified IDMicrosoft Entra workload identitiesMicrosoft Entra Identity GovernanceMicrosoft Entra admin centerSummary
Understanding the need for IAMUnderstanding Azure AD (now Microsoft Entra ID)Exploring the Microsoft Entra ID editionsMicrosoft Entra ID Premium P2Understanding the capabilities of Microsoft Entra IDTask 1 – creating a new Azure AD tenant using the Azure portalTask 2 – creating and configuring Azure AD usersTask 3 – creating an Azure AD group with dynamic membershipHybrid identity – integrating your on-premises directories (Azure AD Connect sync and cloud sync)Azure AD Connect syncAzure AD Connect cloud syncAzure AD Application ProxyAzure AD Conditional AccessAzure AD PIMAssigning roles in PIMSummary
Understanding the Zero Trust strategyUnderstanding lateral movementLeveraging Microsoft Sentinel to improve your security postureCollecting dataDetecting threatsInvestigating anomaliesResponding to incidentsEnabling Microsoft SentinelGlobal prerequisitesEnabling Microsoft Sentinel using the Bicep languageEnabling Microsoft Sentinel using the Azure portalSetting up data connectorsMitigating lateral movementsAn Office 365 impersonation following a suspicious Azure AD sign-inSuspicious inbox manipulation rules set following suspicious Azure AD sign-inSummary
Technical requirementsUnderstanding Azure storage typesStructured dataUnstructured dataSemi-structured dataAzure storage accountsUnderstanding Azure database optionsAzure SQLAzure Cosmos DBCreating a Cosmos DB accountSummary
Technical requirementsUnderstanding migration optionsManaging serversUpdate managementVM backupsModernizing applicationsScale setsAzure App Service/Web AppsFurther modernizationMigrating dataSummary
Understanding the importance of a monitoring strategyWorking on an effective monitoring strategyAzure Monitor – a comprehensive solution for observability and efficiencyComponentsData sourcesConsumptionSummary

Understanding cloud-native applicationsUnderstanding the difference between virtual machines and containersTerminologyAzure Container InstancesWorking with Azure Container InstancesCreating the Azure Container Registry instancePushing a container image to ACRCreating an Azure Container InstanceDeploying Azure Container Instance for web app Creating Azure Container AppsSummaryFurther reading
Connectivity in AzureDesign considerations for VNetsExercise 1 – design and implement a virtual network in AzureEnabling cross-virtual-network connectivityUsing service chaining to direct traffic to a gatewayThe hub-spoke network topology in AzureAzure virtual NATHybrid networkingAzure VPN GatewaySite-to-site VPN connectionsPoint-to-site VPN connectionsAzure Virtual WANExpressRouteDecision tree on network topologyLoad balancingLoad balancing non-HTTP(S) trafficLoad balancing HTTP(S) trafficNetwork securityAzure DDoS protectionAzure FirewallExercise 2 – Azure Firewall – implement secure network access using the Bicep languageAzure WAFSummary
Technical requirementsDesigning for securitySecuring trafficSQL database firewallsWeb application VNet integrationAzure FirewallApplication GatewayAzure Front DoorWhat to use and when?Configuring network-level securityTesting and securing the appCreating an Azure application gatewaySecuring keys and secretsUsing managed identitiesSummary
Planning a comprehensive cloud governance strategyUnderstanding Azure governanceAzure governance – components and servicesManagement groupsAzure PolicyAzure BlueprintsAzure Resource GraphMicrosoft Cost ManagementMicrosoft Cost Management componentsSummary
Unlocking the benefits of IaC with Azure Resource ManagerAuthoring Bicep filesBicep file structureWorking with parametersParameter data typesBicep modulesPreviewing Azure deployment changes using what-ifSummary
Understanding the relationship between continuous integration, continuous delivery, and pipelinesUnderstanding Azure PipelinesConfiguring Azure DevOpsConfiguring Azure ReposImporting a repository into Azure ReposConfiguring a build pipeline in Azure DevOps using the Classic EditorConfiguring a release pipeline in Azure DevOps using the Classic EditorConfiguring Azure Pipelines with YAMLSummary
DevOps transformation – achieving reliable and efficient software development through CI and CD practicesCI in Azure DevOps using the Classic EditorCD in Azure DevOpsCI/CD baseline architecture using Azure PipelinesBuilding a multistage YAML pipelineConfiguring a new project in Azure DevOpsConfiguring CI/CD pipelines with YAMLSummary
Azure governanceAzure monitoringIdentity management and protectionAzure networkingAzure containersSummary
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Overview

Discover the essential principles for designing and deploying effective cloud solutions using Microsoft Azure in 'Azure Architecture Explained.' This comprehensive guide unlocks advanced Azure techniques, from security management and application modernization to infrastructure-as-code. By following our step-by-step instructions, you will acquire the confidence to architect robust cloud-based solutions.

What this Book will help me do

Learn advanced security management techniques for cloud environments.
Master application modernization using Azure's computation and storage solutions.
Gain expertise in deploying and managing infrastructure-as-code with Azure Bicep.
Build scalable networks and secure components tailored for Azure.
Develop comprehensive Azure solution architectures tailored for business needs.

Author(s)

David Rendón and Brett Hargreaves are seasoned cloud architects with extensive real-world experience designing enterprise-grade solutions on Microsoft Azure. Their combined expertise spans decades in IT operations, software development, and cloud architecture. They are known for their approachable writing style and dedication to simplifying complex topics for learners of all levels.

Who is it for?

This book is crafted for professionals striving to excel in designing and managing solutions within the Azure ecosystem. Ideal for Azure architects and IT professionals responsible for security, networking, and automation in their organizations. Readers should have foundational knowledge of IT and cloud computing to fully benefit from this resource. Learn to apply best practices in Azure architecture to achieve career success.