book

The Azure Cloud Native Architecture Mapbook - Second Edition

Name: The Azure Cloud Native Architecture Mapbook - Second Edition
Author: Stéphane Eyskens
ISBN: 9781805805052

by Stéphane Eyskens

December 2025

Intermediate to advanced

436 pages

10h 58m

English

Packt Publishing

Read now

Unlock full access

Preface
Who this book is forWhat this book coversTo get the most out of this bookGet in touchFree Benefits with Your BookHow to Unlock
Part 1: Building the Foundations
Getting Started as an Azure Architect
Free Benefits with Your BookGetting to know architectural dutiesEnterprise architectsDomain architectsSolution architectsData architectsTechnical architectsSecurity architectsInfrastructure architectsPlatform architectsApplication architectsAzure architectsArchitects versus engineersGetting started with the essential cloud vocabularyCloud service models mapInfrastructure as a servicePlatform as a serviceFunction as a serviceContainers as a serviceDatabase as a serviceXaaS or *aaS (anything as a service)Introducing Azure architecture mapsHow to read a mapUnderstanding the key factors of a successful cloud journeyDefining the vision with the right stakeholdersDefining the strategy with the right stakeholdersStarting implementation with the right stakeholdersPractical scenarioThe driversStrategySummaryGet This Book’s PDF Version and Exclusive Extras
Solution Architecture
Technical requirementsThe solution architecture mapZooming in on the different workload typesUnderstanding SoEsUnderstanding systems of recordUnderstanding systems of insightUnderstanding systems of intelligenceUnderstanding systems of integrationZooming in on containerizationLooking at cross-cutting concerns and non-functional requirementsLearning about monitoringLearning about factories (CI/CD)Learning about identityLearning about securityLearning about networkingLearning about governance/complianceRetiring or retired servicesSolution architecture use caseUse case scenarioUsing keywordsUsing the solution architecture map against the requirementsBuilding the target reference architectureUnderstanding the gaps in our reference architectureReal-world observationsSummaryGet This Book’s PDF Version and Exclusive Extras
Infrastructure Design
Technical requirementsThe Azure infrastructure architecture mapZooming in on networkingLooking at the hybrid connectivity optionsLooking at the most common architecturesHub-and-spoke topologiesHub-and-spoke methodsLooking at the routing optionsLooking at the DNS optionsZooming in on monitoringZooming in on high availability and disaster recoveryHigh availabilityDisaster recoveryZooming in on HPCZooming in on Azure’s hybrid solutionsKey advice from the fieldGlobal API platform use case (PaaS)First analysisDrawing board and detailed explanationsHub-and-spoke use case (IaaS)First analysisDrawing board and detailed explanationsDeploying and testing the solution in your tenantSummaryGet This Book’s PDF Version and Exclusive Extras
Working with Azure Kubernetes Service (AKS)
Technical requirementsThe AKS architecture mapZooming in on fundamental architectural concepts and the essential Kubernetes resource typesZooming in on networkingZooming in on cluster management and deploymentZooming in on scaling and monitoringZooming in on high availability and disaster recoveryZooming in on the main add-ons, extensions, and optionsKey advice from the fieldUse case – multi-tenant SaaS on AKSScenario and first analysisDiagramsCode samplesPlatform teamworkApplication teams workSummaryGet This Book’s PDF Version and Exclusive Extras
Working with Other Container Services
Technical requirementsA quick look at Azure Container Instances (ACI)A quick look at Azure Web App for Containers (AWC)A quick look at Azure Function Containers (AFC)A quick look at Azure Red Hat OpenShift (ARO)A quick look at Azure Container Apps (ACA)Extensive comparison between container servicesUse case – microservicesScenario and first analysisDiagramsCode samplesTesting the solutionSummaryGet This Book’s PDF Version and Exclusive Extras
Developing and Designing Applications with Azure
Technical requirementsWhat does it mean to be a cloud-native developer?The Azure application architecture mapZooming in on the local development experienceZooming in on core services and concepts that developers must masterZooming in on some cloud-native application design patterns and architecture stylesUse case – serverless invoice processing pipelineDiagramsCode samplesTesting the solutionSummaryGet This Book’s PDF Version and Exclusive Extras
Part 2: Designing Intelligent and Secure Architectures
Data Architecture
Technical requirementsThe Azure Data Architect mapZooming in on data platform capabilitiesData ingestionData processingData storage (raw)Serving and data visualizationOther data capabilitiesPatterns to servicesZooming in on HTAPZooming in on miscellaneous data aspectsInfrastructure enablersOperational database systemsGovernanceUse case – smart fridge monitoring in retail storesDiagramsCode samplesTesting the solutionSummaryGet This Book’s PDF Version and Exclusive Extras

Artificial Intelligence Architecture
Technical requirementsThe Azure AI Architecture MapZooming in on traditional AI servicesMachine learningNatural language processingOptical character recognition, vision, and document extractionOther AI capabilitiesZooming in on generative AIGenAI enablersModel capabilitiesInfrastructure enablersEmbeddings generation, vector databases, and hybrid searchZooming in on AI patterns and use casesRetrieval augmentation generationCache augmentation generationTool-augmented generationModel context protocolAgentic AIAI gateway through APIMUse case – AI-driven rule management for tax data processingDiagramsSummaryGet This Book’s PDF Version and Exclusive Extras
Security Architecture
Technical requirementsIntroducing cloud-native securityLaying the foundations for cloud securityThe Azure Security Architecture MapZooming in on data securityUnderstanding encryption mechanisms and capabilitiesPreserving data integrityEnsuring proper data governanceZooming in on identityIntroducing the main solutions used for IDAM and CIAMIntroducing authentication, authorization, and Conditional Access policiesIntroducing common protocols such as OIDC, OAuth 2.0, and SAMLUnderstanding OIDC endpoints and mapping them to Entra IDUnderstanding token types, lifetime, revocation, and Entra ID limitationsGrasping the different authorization flows and token acquisition mechanismsGetting up to speed with token validation and access control mechanismsIntroducing PAM and red tenant architecturesZooming in on CSPMWorking with Azure Policy in practiceExploring Foundational and Defender CSPM plansZooming in on CWPPZooming in on DevSecOpsZooming in on SecOpsZooming in on appliances and CASB solutionsDiving deeper into WAF policiesDiving deeper into Azure FirewallCASB solutions in a nutshellSummaryGet This Book’s PDF Version and Exclusive Extras
Closing Thoughts and Next Steps
Get This Book’s PDF Version and Exclusive Extras
Unlock Your Exclusive Benefits
Unlock this Book’s Free Benefits in 3 Easy StepsStep 1Step 2Step 3Need help?
Other Books You May Enjoy
Index

Content preview from The Azure Cloud Native Architecture Mapbook - Second Edition

9 Security Architecture

Security is a foundational pillar of any cloud architecture, and in Azure, it encompasses a broad set of capabilities and shared responsibilities across identity, data, infrastructure, and operational practices. In this chapter, we explore the key aspects of securing solutions on Azure, focusing on Identity and Access Management (IDAM) through Entra ID and modern authentication protocols; data security through encryption, classification, and governance; and Cloud Security Posture Management (CSPM), as well as Cloud Workload Protection Platforms (CWPPs), to ensure continuous compliance and threat visibility.

We will also cover DevSecOps practices, including Static Application Security Testing (SAST) and Dynamic Application ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

The Azure Cloud Native Architecture Mapbook

Publisher Resources

ISBN: 9781805805052

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Azure Cloud Native Architecture Mapbook - Second Edition

by Stéphane Eyskens

9

Security Architecture

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.