This is a consolidated all my training notes into what I thought would be a concise set of PowerPoint slides. However, due to the sheer number of subjects and the depth / detail of knowledge needed, I never completely finished the notes and it’s a hefty 58 slides long!! It broadly covers the three exams necessary to certify as a Microsoft MCSD: Azure Solution Architect (now becoming the MCSE: Cloud Platform and Infrastructure). - Exam 70-532: Developing Microsoft Azure Solutions - Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions - Exam 70-534: Developing Microsoft Azure Solutions Disclaimer– Please note that these notes are not necessarily everything you need. Some subjects are pretty sparse or even blank as I didn’t get round to making notes or didn’t need or want to...and the exams get changed and updated.

1. Azure Architecture
Certification Revision Sheets
Nicholas Rogoff
Twitter: @nrogoff
https://blog.nicholasrogoff.com
IMPORTATNT NOTE:
Microsoft Azure is constantly evolving and so do the topics tested in the exams. The
slides here were pretty accurate’ish as at January 2017, but check them for yourself!!
Disclaimer: I can not guarantee that the info here is correct, so don’t come back to me if you fail the
exams. These are MY notes and not in any way authoritative or complete, but hopefully helpful.

2. Azure Certification paths and Exams
• MCSD: Azure Solution Architect
• Require All Exams 70-532, 70-533, 70-534
• Retiring on March 31st 2017.
• MCSA: Cloud Platform
• Require 2 exams of: 70-532, 70-533, 70-534, 70-473, 70-475
• MCSE: Cloud Platform and Infrastructure
• Require: ‘MCSA: Cloud Platform’, plus 1 exam of: 70-532, 70-533, 70-534, 70-473, 70-
475, 70-744, 70-413, 70-414, 70-246, 70-247 (not already taken for MCSA)
*Red indicates the exams that these notes are focused on

3. Exam 70-532: Developing Microsoft Azure Solutions
• New Exam Objectives
• Here’s the full list of exam objectives for this November
22, 2016 exam update:
• Create and manage Azure Resource Manager virtual
machines (30 – 35%)
• Deploy workloads on Azure Resource Manager (ARM)
virtual machines (VMs) – Identify workloads that can and
cannot be deployed; run workloads including Microsoft
and Linux; create VMs
• Perform configuration management – Automate
configuration management by using PowerShell Desired
State Configuration (DSC) and VM Agent (custom script
extensions); configure VMs using a configuration
management tool such as Puppet or Chef; enable remote
debugging
• Configure ARM VM networking – Configure static IP
addresses, Network Security Groups (NSGs), DNS, User
Defined Routes (UDRs), external and internal load
balancing with HTTP and TCP health probes, public IPs,
firewall rules, and direct server return; design and
implement Application Gateway
• Scale ARM VMs – Scale up and scale down VM sizes;
deploy ARM VM Scale Sets (VMSS); configure ARM VMSS
auto-scale
• Design and Implement ARM VM storage – Configure disk
caching; plan for storage capacity; configure shared
storage using Azure File service; configure geo-replication;
implement ARM VMs with Standard and Premium Storage
• Monitor ARM VMs – Configure ARM VM monitoring;
configure alerts; configure diagnostic and monitoring
storage location
• Manage ARM VM availability – Configure multiple ARM
VMs in an availability set for redundancy; configure each
application tier into separate availability sets; combine the
Load Balancer with availability sets
• Design and Implement a storage and data strategy (25
– 30%)
• Implement Azure Storage blobs and Azure Files – Read
data; change data; set metadata on a container; store
data using block and page blobs; stream data using blobs;
access blobs securely; implement async blob copy;
configure Content Delivery Network (CDN); design blob
hierarchies; configure custom domains; scale blob storage
• Implement Azure storage tables and queues – Implement
CRUD with and without transactions; design and manage
partitions; query using OData; scale tables and partitions;
add and process queue messages; retrieve a batch of
messages; scale queues
• Manage access and monitor storage – Generate shared
access signatures, including client renewal and data
validation; create stored access policies; regenerate
storage account keys; configure and use Cross-Origin
Resource Sharing (CORS); set retention policies and
logging levels; analyze logs
• Implement Azure SQL Databases – Choose the
appropriate database tier and performance level;
configure and perform point in time recovery; enable geo-
replication; import and export data and schema; scale
Azure SQL databases
• Implement Azure DocumentDB – Create databases and
collections; query documents; run DocumentDB queries
• Implement Redis caching – Choose a cache tier;
implement data persistence; implement security and
network isolation; tune cluster performance
• Implement Azure Search – Create a service index; add
data; search an index; handle search results
• Manage identity, application, and network services (15
– 20%)
• Integrate an app with Azure Active Directory (AAD) –
Develop apps that use WS-federation, OAuth, and SAML-P
endpoints; query the directory by using graph API
• Design and Implement a communication strategy –
Implement Hybrid Connections to access data sources on-
premises; leverage S2S VPN and ExpressRoute to connect
to an on-premises infrastructure
• Design and Implement a messaging strategy – Develop
and scale messaging solutions using service bus queues,
topics, relays, event hubs, and notification hubs; monitor
service bus queues, topics, relays, event hubs and
notification hubs
• Develop apps that use AAD B2C and AAD B2B – Design
and implement .NET MVC, Web API, and Windows
Desktop apps that leverage social identity provider
authentication, including Microsoft account, Facebook,
Google+, Amazon, and LinkedIn; leverage AAD B2B to
design and implement applications that support partner-
managed identities
• Design and Implement Azure PaaS Compute and Web
and Mobile Services (25 – 30%)
• Design Azure App Service Web Apps – Define and
manage App Service plans; configure Web Apps settings,
certificates, and custom domains; manage Web Apps by
using the API, Azure PowerShell, and Xplat-CLI; implement
diagnostics, monitoring, and analytics; implement web
jobs; design and configure Web Apps for scale and
resilience
• Implement Azure Functions – Create Azure Functions;
implement a webhook Function; create an event
processing Function; implement an Azure-connected
Function
• Implement API Management – Create managed APIs;
configure API Management policies; protect APIs with rate
limits; add caching to improve performance; monitor APIs;
customize the Developer Portal
• Design Azure App Service API Apps – Create and deploy
API Apps; automate API discovery by using the
Swashbuckle; use Swagger API metadata to generate
client code for an API app; monitor API Apps
• Develop Azure App Service Logic Apps – Create a Logic
App connecting SaaS services; create a Logic App with B2B
capabilities; create a Logic App with XML capabilities;
trigger a Logic App from another app; create custom and
long-running actions; monitor Logic Apps
• Develop Azure App Service Mobile Apps – Create a
Mobile App; add offline sync to a Mobile App; add
authentication to a Mobile App; add push notifications to
a Mobile App
• Design and Implement Azure Service Fabric apps – Create
a Service Fabric application; build an Actors-based service;
add a web front-end to a Service Fabric application;
monitor and diagnose services; migrate apps from cloud
services; create, secure, upgrade, and scale Service Fabric
Cluster in Azure; scale a Service Fabric app
• It’s worth noting that the percentages (%) displayed in the
titles of the main exam objectives are the percentages of
the exam questions that will be on that topic area.

4. Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions
• New Exam Objectives
• Here’s the full list of exam objectives for this November 16, 2016 exam update:
• Design and implement Azure App Service apps (15–20%)
• Deploy Web Apps
• Define deployment slots; roll back deployments; implement pre- and post-
deployment actions; create, configure, and deploy packages; create App Service
plans; migrate Web Apps between App Service plans; create a Web App within
an App Service plan
• Configure Web Apps
• Define and use app settings, connection strings, handlers, and virtual
directories; configure certificates and custom domains; configure SSL bindings
and runtime configurations; manage Web Apps by using Azure PowerShell and
Xplat-CLI
• Configure diagnostics, monitoring, and analytics
• Retrieve diagnostics data; view streaming logs; configure endpoint monitoring,
alerts, and diagnostics; use remote debugging; monitor website resources
• Configure Web Apps for scale and resilience
• Configure auto-scale using built-in and custom schedules, configure by metric,
change the size of an instance, configure Traffic Manager
• Create and manage Azure Resource Manager Virtual Machines (20–25%)
• Deploy workloads on Azure Resource Manager (ARM) virtual machines (VMs)
• Identify workloads that can and cannot be deployed; run workloads, including
Microsoft and Linux; create VMs; connect to a Windows/Linux VM
• Perform configuration management
• Automate configuration management by using PowerShell Desired State
Configuration (DSC) and VM Agent (custom script extensions); configure VMs
using a configuration management tool, such as Puppet or Chef; enable remote
debugging
• Design and implement VM storage
• Configure disk caching, plan storage capacity, configure operating system disk
redundancy, configure shared storage using Azure File service, configure geo-
replication, encrypt disks, implement ARM VMs with Standard and Premium
Storage
• Monitor ARM VMs
• Configure ARM VM monitoring, configure alerts, configure diagnostic and
monitoring storage location
• Monitor ARM VM availability
• Configure multiple ARM VMs in an availability set for redundancy, configure
each application tier into separate availability sets, combine the Load Balancer
with availability sets
• Scale ARM VMs
• Scale up and scale down VM sizes, deploy ARM VM Scale Sets (VMSS), configure
ARM VMSS auto-scale
• Design and implement a storage strategy (20–25%)
• Implement Azure storage blobs and Azure files
• Read data, change data, set metadata on a container, store data using block
and page blobs, stream data using blobs, access blobs securely, implement
async blob copy, configure a Content Delivery Network (CDN), design blob
hierarchies, configure custom domains, scale blob storage
• Manage access
• Create and manage shared access signatures, use stored access policies,
regenerate keys
• Configure diagnostics, monitoring, and analytics
• Set retention policies and logging levels, analyze logs
• Implement Azure SQL Databases
• Choose the appropriate database tier and performance level; configure point-
in-time recovery, geo-replication, and data sync; import and export data and
schema; design a scaling strategy
• Implement recovery services
• Create a backup vault, deploy a backup agent, back up and restore data
• Implement an Azure Active Directory (15–20%)
• Integrate an Azure Active Directory (Azure AD) with existing directories
• Implement Azure AD Connect and single sign-on with on-premises Windows
Server 2012 R2, add custom domains, monitor Azure AD
• Configure Application Access
• Configure single sign-on with SaaS applications using federation and password
based, add users and groups to applications, revoke access to SaaS applications,
configure access, configure federation with Facebook and Google ID
• Integrate an app with Azure AD
• Implement Azure AD integration in web and desktop applications, leverage
Graph API
• Implement Azure AD B2C and Azure B2B
• Create an Azure AD B2C Directory, register an application, implement social
identity provider authentication, enable multi-factor authentication, set up self-
service password reset, implement B2B collaboration, configure partner users,
integrate with applications
• Implement virtual networks (10–15%)
• Configure virtual networks
• Deploy a VM into a virtual network; configure external and internal load
balancing; implement Application Gateway; design subnets; configure static,
public, and private IP addresses; set up Network Security Groups (NSGs), DNS at
the virtual network level, HTTP and TCP health probes, public IPs, User Defined
Routes (UDRs), firewall rules, and direct server return
• Modify network configuration
• Modify a subnet, import and export a network configuration
• Design and implement a multi-site or hybrid network
• Choose the appropriate solution between ExpressRoute, site-to-site, and point-
to-site; choose the appropriate gateway; identify supported devices and
software VPN solutions; identify networking prerequisites; configure virtual
networks and multi-site virtual networks
• Design and deploy ARM templates (10–15%)
• Implement ARM templates
• Author ARM templates; create ARM templates to deploy ARM Resource
Providers resources; deploy templates with PowerShell, CLI, and REST API
• Implement ARM templates
• Leverage service principals with ARM authentication, use Azure Active Directory
Authentication with ARM, set management policies, lock resources
• Implement ARM templates
• Secure resource scopes, such as the ability to create VMs and Azure Web Apps;
implement Azure role-based access control (RBAC) standard roles; design Azure
RBAC custom

5. Exam 70-532: Developing Microsoft Azure Solutions
• New Exam Objectives
• Here’s the full list of exam objectives for this November 16, 2016 exam update:
• Secure resources (20–25%)
• Secure resources by using managed identities
• Describe the differences between Active Directory on-premises and Azure
Active Directory (Azure AD), programmatically access Azure AD using Graph API,
secure access to resources from Azure AD applications using OAuth and OpenID
Connect
• Secure resources by using hybrid identities
• Use SAML claims to authenticate to on-premises resources, describe AD
Connect synchronization, implement federated identities using Active Directory
Federation Services (ADFS)
• Secure resources by using identity providers
• Provide access to resources using identity providers, such as Microsoft account,
Facebook, Google, and Yahoo!; manage identity and access by using Azure AD
B2C; implement Azure AD B2B
• Identify an appropriate data security solution
• Identify security requirements for data in transit and data at rest; identify
security requirements using Azure services, including Azure Storage Encryption,
Azure Disk Encryption, and Azure SQL Database TDE
• Design a role-based access control (RBAC) strategy
• Secure resource scopes, such as the ability to create VMs and Azure Web Apps;
implement Azure RBAC standard roles; design Azure RBAC custom roles
• Manage security risks by using an appropriate security solution
• Identify, assess, and mitigate security risks by using Azure Security Center,
Operations Management Suite, and other services
• Design an application storage and data access strategy (5–10%)
• Design data storage
• Design storage options for data, including Table Storage, SQL Database,
DocumentDB, Blob Storage, MongoDB, and MySQL; design security options for
SQL Database or Azure Storage
• Select the appropriate storage option
• Select the appropriate storage for performance, identify storage options for
cloud services and hybrid scenarios with compute on-premises and storage on
Azure
• Design advanced applications (20–25%)
• Create compute-intensive applications
• Design high-performance computing (HPC) and other compute-intensive
applications using Azure Services
• Create long-running applications
• Implement Azure Batch for scalable processing, design stateless components to
accommodate scale, use Azure Scheduler
• Integrate Azure services in a solution
• Design Azure architecture using Azure services, such as Azure AD, Azure App
Service, API Management, Azure Cache, Azure Search, Service Bus, Event Hubs,
Stream Analytics, and IoT Hub; identify the appropriate use of Azure Machine
Learning, big data, Azure Media Services, and Azure Search services
• Implement messaging applications
• Use a queue-centric pattern for development; select appropriate technology,
such as Azure Storage Queues, Azure Service Bus queues, topics, subscriptions,
and Azure Event Hubs
• Implement applications for background processing
• Implement Azure Batch for compute-intensive tasks, use Azure WebJobs to
implement background tasks, use Azure Functions to implement event-driven
actions, leverage Azure Scheduler to run processes at preset/recurring timeslots
• Design connectivity for hybrid applications
• Connect to on-premises data from Azure applications using Service Bus Relay,
Hybrid Connections, or the Azure Web App virtual private network (VPN)
capability; identify constraints for connectivity with VPN; identify options for
joining VMs to domains or cloud services
• Design Azure Web and Mobile Apps (5–10%)
• Design Web Applications
• Design Azure App Service Web Apps, design custom web API, offload long-
running applications using WebJobs, secure Web API using Azure AD, design
Web Apps for scalability and performance, deploy Azure Web Apps to multiple
regions for high availability, deploy Web Apps, create App Service plans, design
Web Apps for business continuity, configure data replication patterns, update
Azure Web Apps with minimal downtime, back up and restore data, design for
disaster recovery
• Design Mobile Applications
• Design Azure Mobile Services; consume Mobile Apps from cross-platform
clients; integrate offline sync capabilities into an application; extend Mobile
Apps using custom code; implement Mobile Apps using Microsoft .NET or
Node.js; secure Mobile Apps using Azure AD; implement push notification
services in Mobile Apps; send push notifications to all subscribers, specific
subscribers, or a segment of subscribers
• Design a management, monitoring, and business continuity strategy (20–25%)
• Design a monitoring strategy
• Identify the Microsoft products and services for monitoring Azure solutions;
leverage the capabilities of Azure Operations Management Suite and Azure
Application Insights for monitoring Azure solutions; leverage built-in Azure
capabilities; identify third-party monitoring tools, including open source;
describe Azure architecture constructs, such as availability sets and update
domains, and how they impact a patching strategy; analyze logs by using the
Azure Operations Management Suite
• Describe Azure business continuity/disaster recovery (BC/DR) capabilities
• Leverage the architectural capabilities of BC/DR, describe Hyper-V Replica and
Azure Site Recovery (ASR), describe use cases for Hyper-V Replica and ASR
• Design a disaster recovery strategy
• Design and deploy Azure Backup and other Microsoft backup solutions for
Azure, leverage use cases when StorSimple and System Center Data Protection
Manager would be appropriate, design and deploy Azure Site recovery
• Design Azure Automation and PowerShell workflows
• Create a PowerShell script specific to Azure, automate tasks by using the Azure
Operations Management Suite
• Describe the use cases for Azure Automation configuration
• Evaluate when to use Azure Automation, Chef, Puppet, PowerShell, or Desired
State Configuration (DSC)
• Architect an Azure Compute infrastructure (10–15%)
• Design ARM Virtual Machines (VMs)
• Design VM deployments leveraging availability sets, fault domains, and update
domains in Azure; select appropriate VM SKUs
• Design ARM template deployment
• Author ARM templates; deploy ARM templates via the portal, PowerShell, and
CL
• Design for availability
• Implement regional availability and high availability for Azure deployments

6. PowerShell
#Get Azure Powershell version
Get-Module -ListAvailable -Name Azure -Refresh
# Get Storage Account
Get-AzureStorageAccount
Get-AzureRmStorageAccount
# create a context for account and key
$ctx = New-AzureStorageContext storage-account-name storage-account-
key
# Set the default storage account (ARM)
Set-AzureRmCurrentStorageAccount -Name $strgName -ResourceGroupName
$strgName
# Set the current sub and storage (ASM)
Set-AzureSubscription -SubscriptionName $subName -
CurrentStorageAccountName $strgName
# Create a New Container
New-AzureStorageContainer –Name $name –Permission off
# Get Endpoints
$storageAcc.PrimaryEndpoints.Blob.ToString()
#get current context (ARM)
Get-AzureRmContext
#list available subscription (ARM)
Get-AzureRmSubscription
#Set context subscription (ARM)
Select-AzureRmSubscription -SubscriptionName "NR MSDN"
# Set Context storage account
Set-AzureRmCurrentStorageAccount -ResourceGroupName "vm-training" -
Name "hmsvmtraindsc"
General
• Portals
• Classic – Service Management Model (ASM)
• New – Azure Resource Management (ARM)
• Resource Groups can span regions
• Use Pricing Calculator to estimate costs
• Billing APIs
• RateCard API - Allows you to get a list of available azure resources along
with its estimated pricing information for various subscription types, such
as pay-as you-go, MSDN, BizSpark etc
• Resource Usage API - consumption
Azure - General

7. Azure Patterns
Cache-aside
Load data on demand into a cache from a data
store
Circuit Breaker
Handle faults that may take a variable amount
of time to rectify when connecting to a remote
service or resource. This pattern can improve
the stability and resiliency of an application
Competing Consumers Pattern
Enable multiple concurrent consumers to process
messages received on the same messaging channel.
Enables a system to process multiple messages
concurrently to optimize throughput, to improve
scalability and availability, and to balance the workload
Command and Query Responsibility
Segregation (CQRS)
Segregate operations that read data from operations that
update data by using separate interfaces. This pattern can
maximize performance, scalability, and security;
Event Sourcing Pattern
Use an append-only store to record the full series
of events that describe actions taken on data in a
domain, rather than storing just the current state,
so that the store can be used to materialize the
domain objects.
• Compute Resource Consolidation Pattern
• Valet Key Pattern
• External Configuration Store Pattern
• Federated Identity Pattern
• Gatekeeper Pattern
• Index Table Pattern
• Leader election Pattern
• Materialized view pattern
• Priority queue Pattern
• Queue-based load levelling Pattern
• Static Content Hosting Pattern

8. PowerShell - VMs
# Deploy using a Template
New-AzureRmResourceGroupDeployment -Name $name -ResourceGroupName
$resourceGroupName -TemplateUri $templateUri
#Modify caching on disks
Set-AzureRmOSDisk
Set-AzureRmDataDisk
New-AzureAclConfig
Set-AzureAclConfig
Set-AzureVMSize
e.g. Get-AzureVM –ServiceName “MyVM” | Set-AzureVMSize “Large” |
Update-AzureVM
General
• Resource Groups can span regions
• 2 Endpoint by default (1 external, 1 internal)
• Ports (3389 – Remote Desktop, 5986 – Remote PowerShell)
• Availability Sets
• Max update domains: 20 (5 default), Max Fault Domains: 3 (2 default)
• Max VMs = 50
• Affinity Groups (Keep resources together. Being phased out of Vnets)
• Scale Sets (no need to pre-provision, need to use Azure Resource Explorer to no.
deployed)
• Load Balance Sets – Classic VMs only and Standard and above
• VM Agent – installed by default when using gallery images.
• Extensions: DSC, Custom Script Extension, Visual Studio Release Manager
(DSC based), Octopus Deploy (DSC based),Docker Extension, Puppet
Enterprise, Chef client)
• Azure VMs not recommended for: Low volume limited growth or Regulated
environments.
• Disks
• OS Images – Base OS images for new VMs. Sys-
prepped/Generalized/ReadOnly. SATA
• Host caching on by default
• C: = OS (max 127GB)
• Disks – Writable for VMs. SCSI. 1TB Max
• Caching off by default
• D: (/dev/sdb on linux) = temp (not persistent),
• E,F,G…=Data disk
• Diagnostics
• Metrics ( Basic, Network, .NET, ASP.NET, SQL)
• Logs (System, Security, Application, Infrastructure, IIS, Boot)
Azure VMs - General

9. General
• A-Series (and Av2)
• Entry Level - Basic A0 to Standard A4 (A0 is oversubscribed on physical)
• High Memory Entry Level - Standard A5 to A7
• High Performance - Standard A8 to A11 (compute intensive). A8 & A9 have
2nd
NIC for remote direct memory access (RDMA) connectivity
• D-Series
• General purpose production - Standard D1 to D14
• Higher compute power, higher mem to core ratio, SSD for temp disk
• Dv2 – 35% faster, same mem & disk conf. 2.4GHz Xeon
• F-Series (and Fs)
• Standard F1, F2, F4, F8, F16, F1s, F2s, F4s, F8s, F16s
• Same CPU as Dv2, but lower mem to core ratio and per-hour list price.
• No, matches CPU cores. Fs-Series Optimized for Premium storage
• G-Series
• High memory and dense local storage - G1 to G5
• DS-Series
• General purpose production - Standard DS1 to DS14 – premium storage ssd
• GS-Series
• High memory and dense local storage - GS1 to GS5 – premium storage ssd
• N*-Series
• GPU by Nvidea
• H-Series
• Standard H8, H16, H8m, H16m, H8r, H16mr
• Next gen high performance. For HPC clusters. r, mr feature 2nd
Nic for
remote direct memory access (RDMA) connectivity
Azure VMs – Sizes…
Virtual Machine
Size
CPU
Cores
Memory Disk Space
for Local
Storage
Resources
Max
data
disks
Max data disk
throughput:
IOPS
Max NICs /
Network
bandwidth
ExtraSmall (A0) Shared 768 MB 20 GB 1 1x500 1 / low
Small (A1) 1 1.75 GB 225 GB 2 2x500 1 / moderate
Medium (A2) 2 3.5 GB 490 GB 4 4x500 1 / moderate
Large (A3) 4 7 GB 1000 GB 8 8x500 2 / high
ExtraLarge (A4) 8 14 GB 2040 GB 16 16x500 4 / high
A5 (high mem) 2 14 GB
A6 (high mem) 4 28 GB
A7 (high mem) 8 56 GB
A8 (high network) 8 56 GB 40 Gbit/s
InfiniBand
A9 (high network) 16 112 GB 40 Gbit/s
InfiniBand
Standard A0 - A4 using CLI and PowerShell

10. PowerShell - VMs
# Convert VHDX to VHD
Convert-VHD –Path c:testMY-VM.vhdx –DestinationPath c:testMY-
NEW-VM.vhd -VHDType Fixed
# Upload VHD to Azure
$urlOfUploadedImageVhd =
"https://mystorageaccount.blob.core.windows.net/mycontainer/myUpl
oadedVHD.vhd"
Add-AzureRmVhd -ResourceGroupName $rgName -Destination
$urlOfUploadedImageVhd -LocalFilePath
"C:UsersPublicDocumentsVirtual hard disksmyVHD.vhd“
# Set NIC ACL
?????
#
Add-AzureProvisioningConfig –Windows –AdminUsername $adminUser –
Password $adminPasword |
$webvm1 = New-AzureVMConfig –Name “Webvm1” –InstanceSize Small –
ImageName $vmimage
New-AzureVM –ServiceName $svcname –VMs $webvm1 –Location
$location
1. If Hyper-V then Prepare (complex)
2. SysPrep to Generalize a VM
1. %windir%system32sysprep | OOBE & Generalize & Shutdown
3. If VHDX then convert to VHD (see PowerShell ) or use Hyper-V manager (Action > Edit Disk >
Convert > VHD)
4. If local VM upload VHD (see PowerShell ). PowerShell will make disk fixed on upload.
Migrate a VM Process
1. Shut down the VM
2. Copy the VHD from source to destination storage account
3. Create an Azure Disk from Blob
4. Create new VM using Azure Disk
Azure VMs – Migrating and Deploying

11. PowerShell - VMs
# Publish DSC
Publish-AzureVMDscConfiguration
Publish-AzureRmVMDscConfiguration
# Set disk config (e.g. Caching)
Set-AzureOSDisk
Set-AzureDataDisk
General
• Desired State Configuration
• State Drift Control using Azure VM Agent, ARM templates, DSC, Chef (recipes, Knife
azure plug-in) and Puppet (Puppet master, puppet enterprise agent)
• The Azure DSC Extension takes in DSC configuration documents and enacts them on Azure VMs
• Custom Script Extension
• Logging
• Logs are placed in: C:WindowsAzureLogsPluginsMicrosoft.Powershell.DSC[Version
Number]
• Compile configuration into a MOF document
Azure VMs – Config and DSC
Configuration MyDscConfiguration
{
node (“localhost”)
{
WindowsFeature IIS
{
Ensure = “present” # Alternatively, to ensure the role is uninstalled, set Ensure to "Absent"
Name = “Web-Server” # Use the Name property from Get-WindowsFeature
}
File WebPage
{
Ensure = “Present”
DestinationPath = “c:inetpubwwwrootindex.html”
Force = $true
Type = “File”
Contents = ‘<html><body><h1>Hello!</h1></body></html>’
DependsOn = "[WindowsFeature]IIS" #ensures this runs after the IIS install
}
Log AfterWebPageCreation
{
# The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log
Message = "Finished adding the default web page"
DependsOn = "[File]WebPage" # This means run "WebPage" first.
}
}
}
Built-in Resources
• Archive Resource
• Environment Resource
• File Resource
• Group Resource
• Log Resource
• Package Resource
• Registry Resource
• Script Resource
• Service Resource
• User Resource
• WindowsFeature Resource
• WindowsProcess Resource
• NOT Networking!!

12. Migration
• Supported versions
• 2014, 2012, 2008 R2 and
templates
• Licensing - pay per hour
or migrate own license
(create own image)
• Best Practice
• Verify disk cache settings
on data disks
• Avoid using OS drives
• Put data and logs on
separate disks
• Use SQL Server File
Groups instead of Disk
Striping
• Consider using database
page compression to
reduce i/o
• Consider latency
between primary and
replica when choosing
sync mode
• Use availability sets
• Disable geo-replication
on storage account for
consistency
• Capacity is 20,000 IOPS
per Storage Account -
500 IOPS per disk
• SQL Always On Availability
(AOA). Enable Direct Server
Return on NLB!
SQL VMs

13. General
• Microsoft HPC Pack 2016 Templates
• Require a PFX certificate to secure comms between HPC Nodes. Upload
to Key Vault.
• Hybrid (Burst to cloud)
• On premise head must be joined to an AD domain
• HPC Pack installs a self signed certificate that can be uploaded to
Azure
• Create an ‘Azure Node’ template
Azure HPC Pack
PowerShell create cert: New-SelfSignedCertificate -Subject "CN=HPC Pack 2016
Communication" -KeySpec KeyExchange -TextExtension
@("2.5.29.37={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2") -CertStoreLocation
cert:CurrentUserMy -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(5)
https://docs.microsoft.com/en-us/azure/cloud-services/cloud-
services-setup-hybrid-hpcpack-cluster

14. PowerShell – Storage General
# Create New ARM Storage Account
New-AzureRmStorageAccount -ResourceGroupName
myResourceGroup -Name mystorageaccount -Location "West
US" -SkuName "Standard_LRS" -Kind "Storage"
# Get Storage Account
Get-AzureStorageAccount
Get-AzureRmStorageAccount
# create a context for account and key
$ctx=New-AzureStorageContext storage-account-name
storage-account-key
# Set the default storage account (ARM)
Set-AzureRmCurrentStorageAccount -Name $strgName -
ResourceGroupName $strgName
# Set the current sub and storage (ASM)
Set-AzureSubscription -SubscriptionName $subName -
CurrentStorageAccountName $strgName
# Create a New Container
New-AzureStorageContainer –Name $name –Permission off
# Get Endpoints
$storageAcc.PrimaryEndpoints.Blob.ToString()
# Get SAS Url
$sasUrl = New-AzureStorageContainerSASToken -Name
$blobContainerName -Permission rwdl -Context $ctx -
ExpiryTime (Get-Date).AddMonths(1) -FullUri
General
• Account Kind
• Blob
• Standard Performance only
• Access Tiers – Hot or cold
• General Purpose
• Performance
• Standard
• Premium
• SSDs - Currently only store vhdsUp to 64TB per VM
• 80,000 IOPS per VM, 50,000 IOPS per disk, 2GB per sec throughput
• ~5ms read/write latency (uncached), <1ms read latency (cached)
• Used by DS or GS series VMs (creates premium storage
automatically)
• Limited sizes: 128, 512, 1023 GiB
• Replication (once selected can’t change)
• LRS - Locally redundant - 3 reps, 1 data center
• ZRS - Zone-redundant - 3 reps across 2-3 data centers in 1 or 2 regions
• GRS - Geo-redundant - 6 reps in 2 regions
• RA-GRS - Read Access Geo - 6 reps in 2 regions, 2nd readable
• Azure Storage Explorer
Security
• HTTPS or SMB is encrypted. Can encrypt at rest.
• Storage Access Keys (2) – Full access
• Storage Access Policy (SAP) – Policies defined, can be revoked
• Shared Access Signatures (SAS) - Time limited, container or resource level
• URL - sv=storage version, st=start time, se=expiry, sr= resource type, sp=permissions, sip=ip range,
spr=protocol, sig= auth key
• Role-Based Access Control (RBAC) – admin controls
• Storage Diagnostics (Minimal, Verbose, Off)
Azure Storage - General Valid values for -SkuName are:
• Standard_LRS - Locally redundant storage.
• Standard_ZRS - Zone redundant storage.
• Standard_GRS - Geo redundant storage.
• Standard_RAGRS - Read access geo
redundant storage.
• Premium_LRS - Premium locally redundant
storage.

15. PowerShell – Storage General
# Get Storage Account
#set current sub and storage acc
Set-AzureSubscription -SubscriptionName $subName -CurrentStorageAccountName
$strgName
# set the default account ARM
Set-AzureRmCurrentStorageAccount -Name $strgName -ResourceGroupName $strgName
# Set Logging for Tables
Set-AzureStorageServiceLoggingProperty -ServiceType Table -LoggingOperations
Delete,Write -RetentionDays 35
Set-AzureStorageServiceLoggingProperty -ServiceType Blob -LoggingOperations All
-RetentionDays 35
Set-AzureStorageServiceLoggingProperty -ServiceType Queue -LoggingOperations
None -RetentionDays 35
Set-AzureStorageServiceLoggingProperty -ServiceType File -LoggingOperations
Read -RetentionDays 35
# ========== Blobs =============
Get-AzureStorageAccount -StorageAccountName
#Add new container
New-AzureStorageContainer -Name "MyContainer" -Permission Blob
New-AzureStorageContainer -Name "MyContainer" -Permission Container
New-AzureStorageContainer -Name "MyContainer" -Permission Off
SAS Patterns
Value-Key Pattern
Azure Storage – General cont…

16. PowerShell - Blobs
# Get Storage Account
Get-AzureStorageAccount
# Create a new container
New-AzureStorageContainer -Name $name -Permission Blob
# Copy
Start-AzureStorageBlobCopy
# Upload VHD
Add-AzureRmVHD
#Download a VHD
Save-AzureRmVHD
X-plat CLI
REM Upload to blob
azure storage blob upload --file "c:tempdemofile.txt" --container
"files" --blob "uploadedfile.txt" --connection-string
"DefaultEndpointsProtocol=https;AccountName=edxtrain1;AccountKey=JGp
glv3oxUmu3fgDln4aXK1ohDPfhL449WIU/vqdO1Vj5iQW6JAMjKsmgj792n8jwu0cQbr
EGZJBg5cY1Li2aQ==;"
REM Create a Storage Access Policy and Share Access Signature
$policy = New-AzureStorageContainerStoredAccessPolicy -Container
files -Policy downloadPolicy -Permission rdl -Context $context
$token = New-AzureStorageContainerSASToken -Name files -Policy
downloadPolicy -Context $context
General
• Block blobs (Max 200GB each), Append Blobs (like Block, but optimised for append, e.g.
logging), Page Blobs (Max 1TB, Good with high read/write, VHDs, 512 byte pages)
• All blobs must be in a container
• Private (default) (Off)
• Blob - Blobs can be read by anyone (Public) (Blob)
• Container – metadata read only (Container)
• Unlimited files and containers
• OS and Data disk s can be encrypted using Azure Disk Encryption
• Account Kind
• Blob (Standard Performance only - Access Tiers: Hot or Cold)
• General Purpose
• Performance
• Standard
• Premium (SSDs - Currently only store vhds, Use for Exchange, SQL Server Dynamix
etc.., Up to 64TB per VM, 80,000 IOPS per VM, 50,000 IOPS per disk, 2GB per sec
throughput, ~5ms read/write latency (uncached), <1ms read latency (cached),Used by
DS or GS series VMs (creates premium storage automatically), Limited sizes: 128, 512,
1023 GiB,Needs consideration -
• Replication
• LRS - Locally redundant - 3 reps, 1 data center | ZRS - Zone-redundant - 3 reps across 2-
3 Datacenters in 1 or 2 regions | GRS - Geo-redundant - 6 reps in 2 regions | RA-GRS -
Read Access Geo - 6 reps in 2 regions, 2nd readable
• Encryption
• Default off
• AzCopy
Azure Storage - Blobs
• ListBlobs()
• Can specify a prefix
• You can list blobs hierarchically, in a manner similar to traversing a file system, or in a flat
listing, where all blobs matching the specified prefix are returned by the listing operation.
• You can specify additional details to return with the listing, including copy properties,
metadata, snapshots, and uncommitted blobs.
• ListBlobsSegmented()
• Returns a mx of 5,000 items, Can specify a prefix, continuation token

17. PowerShell - Files
# Create new file share
$s = New-AzureStorageShare myshare –
Context $ctx
# Create a directory
New-AzureStorageDirectory –Share $s –Path
mydirectory
# Upload a local file
Set-AzureStorageFileContent –Share $s –
Source c:tempmyfile.txt
# Copy to a new directory
Start-AzureStorageFileCopy
Connect commands:
net use [drive letter] hmstrainingdefaultstore.file.core.windows.nettest1
/u:hmstrainingdefaultstore [storage account access key]
sudo mount -t cifs //hmstrainingdefaultstore.file.core.windows.net/test1 [mount point] -o vers=3.0,
username=hmstrainingdefaultstore,password=[storage account access key],
dir_mode=0777,file_mode=0777
General
• SMB 2.1 and 3.0 supported
• 1TB max file size
• Max size of File Share = 5TB, unlimited number of files
• Access URL
• https://<storage account
name>.file.core.windows.net/<share>/<directory>/<directories…>/<file>
• Accessible from anywhere by default
Azure Storage - Files

18. PowerShell - Files
# Create a directory
New-AzureStorageDirectory
.Net
Get SAS
public string GetSharedAccessSignature(
SharedAccessTablePolicy policy,
string accessPolicyIdentifier,
string startPartitionKey,
string startRowKey,
string endPartitionKey,
string endRowKey
)
tableKey = this.myTable.GetSharedAccessSignature(new
SharedAcessTablePolicy(),myPolicy,JonesM01,null,null,null);
Sample
CloudStorageAccount storageAccount = CloudStorageAccount.Parse
("DefaultEndpointsProtocol=https;AccountName=your_account;AccountKey=your_account_ke
y");
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();
CloudTable table = tableClient.GetTableReference("customers");
CustomerEntity customer = new CustomerEntity("Harp", "Walter");
customer.Email = "Walter@contoso.com";
customer.PhoneNumber = "425-555-0101";
TableOperation insertOperation = TableOperation.Insert(customer);
await table.ExecuteAsync(insertOperation);
TableOperation retrieveOperation = TableOperation.Retrieve<customerentity>("Harp",
"Walter");
TableResult result = await table.ExecuteAsync(retrieveOperation);
General
• NoSQL key/attribute store
• Schema-less
• Massively scalable
Azure Storage - Tables

19. PowerShell - Files
# Create a directory
New-AzureStorageDirectory
X-plat CLI
General
Azure Storage - Queues

20. PowerShell - Files
#
Start-OBRecovery –RecoverableItem $myItem –RecoveryOption
$secureString –Credential $cred
General
• Backup files from Windows to Azure
• Create backup Vault in geographic region
• Vault credentials replace certificates
• Backup Agent Required
• WABInstaller
• Requires Windows Identity Framework (WIF) and
PowerShell
• Agent Type
• Azure Backup Agent
• Windows Server and System Center Data Protection
Manager
• Windows Server Essentials
• Can install on Server 2008 R2 SP1 +, 64 bit Win 7+,
extension available for essentials 2012
Azure Backup Vault
Setting up Workflow
1. Configure Azure Backup Vault
2. Download vault credentials
3. Run MARSAgentInstaller.exe /m /q (m=check for updates)
4. Create a passphrase to encrypt and decrypt backups
5. Specify backup schedule

21. PowerShell - AAD
# Active
Get-Msoluser
New-Msoluser
Remove-msoluser
Restore-msoluser
Set-MsolUser
Set-MsolUserPassword
Set-MsolUserPrincipleName
Add-MsolGroupMember
Get-MsolGroup
Get-MsolGroupMember
New-MsolGroup
Remove-MsolGroup
Set-MsolGroup
Set-MsolDomainAuthentication
Convert-MsolFederatedUser
General
• Still uses classic portal
• <xyz>.onmicrosoft.com
• SSO, Multi-factor, RBAC, Device Registration
• Self-service password and group management
• Subscriptions
• Free – 500,000 objects, 10 apps per user SSO
• Standard – Free + No object limits, Application proxy apps, Groups, Self service,
branding, app proxy, SLA, 99.9%
• Premium – Standard + No SSO App limits, Service App integration templates, Self-
service app management, on-premise write back, multi-factor auth, identity
manager cal, cloud app discovery, connect health, privileged id management.
• Multi-Factor Authentication (MFA)
• Mobile App, Phone call, text, email, third party oath
• Available as stand-alone or AD Premium
• Can configure to skip on federated users on intranets and known subnets. Also to
suspend on remembered devices for x days
• Hybrid
• Extend - Add AD Server VM in Azure. New site. Global Catalog server.
• Synchronize – Azure AD Connect (DirSync, Azure AD Sync, FIM+AD Connector).
Simplest, password sync and write-back. Multi-forest, filtering objects and
attributes.
• Federated Trust with Azure AD
• AD FS to allow AzureAD to authenticate against internal AD.
• Azure AD Connect Health (supports ADFS, Sync and AD DS)
• SSO – Pre-integrated SaaS Apps (uses SAML federation)
• Cloud App Discovery – Premium only! find
users app usage.
• Federation – Passes on Authentication. No
local accounts. Claims based authentication.
• Security Token Services (STS)
Azure Active Directory

22. General
• Still uses classic portal
Azure Active Directory cont…
Convert-MsolDomainToFederated

23. App Endpoints
• Federation Metadata Document
• WS-Federation Sign-on
Endpoint
• SAML-P Sign-On endpoint
• SAML-P Sign-Out endpoint
• Microsoft Azure AD Graph API
endpoint
• OAuth 2.0 Token endpoint
• OAuth 2.0 Authorization
endpoint
Azure Active Directory cont… 2 Federation
• Powershell Convert-MsolDomainToFederated
• ITR (Issuance Transform Rule)
• Controls how claims are issued to a trusting relying
party
• By default, the ITR transforms the
WindowsAccountName, UPN and ImmutableID from
the claims provider so they can be used for tokens
• 2 rules created, unless ‘-SupportMultipleDomains’,
then 3.
• Rule 3 should be edited if subdomains needed
• IAR (Issuance Authorization Rule)
• Controls access to a trusting relying party. E.g.
Office365
• Defaults to “Permit Access to All Users”
Azure AD supports three different ways to sign in to applications:
•Federated Single Sign-On enables applications to redirect to Azure AD for user
authentication instead of prompting for its own password. This is supported for
applications that support protocols such as SAML 2.0, WS-Federation, or OpenID
Connect, and is the richest mode of single sign-on.
•Password-based Single Sign-On enables secure application password storage
and replay using a web browser extension or mobile app. This leverages the
existing sign-in process provided by the application, but enables an administrator
to manage the passwords and does not require the user to know the password.
•Existing Single Sign-On enables Azure AD to leverage any existing single sign-on
that has been set up for the application, but enables these applications to be
linked to the Office 365 or Azure AD access panel portals, and also enables
additional reporting in Azure AD when the applications are launched there.
General
• SSO Protocols
• SAML-P
• 3rd party vendors
• WS-Federation
• OpenID Connect
• OAuth2
• Graph Api
• https://graph.windows.net/{ten
ant_id}/{resource_id}/{resource
_path}?{api_version}
• ADAL??

24. Azure Active Directory cont… 3

25. General
• Modern Apps – APIs, Mobile Apps, Web Apps, IoT, Cognitive
• Web Apps, Mobile Apps, Logic Apps, API Apps, Functions (server-less)
• .Net, Python, node.js, PHP, Java
• App Service Plan - Defines Region, Scale count, Instance Size, SKU (Free,
Shared, Basic, Standard, Premium) Max 20 servers
• App Service Environment – premium service, private isolated, very high
scale and security, dedicated compute pools, Max 50 servers
• Dynamic Service Plan – for Azure Functions. Cost is a function execution
time, memory size and number of executions. 128MB to 1,536MB
• Azure Stack – own data center App Service fabric
• Cloud App Discovery – Premium only! find
users app usage.
• Federation – Passes on Authentication. No
local accounts. Claims based authentication.
• Security Token Services (STS)
Azure App Services

26. Azure App Services Plans capability
Free Shared
Host Basic Apps
Basic
More Features for
Dev / Test
Standard
Go Live with Web and
Mobile
Premium
Enterprise Scale and
Integration
Web, mobile, or API apps 10 100 Unlimited Unlimited Unlimited
Disk space 1 GB 1 GB 10 GB 50 GB 250 GB
Logic App Actions (per day) * 200 200 200 10,000 50,000
Maximum instances – – Up to 3 Up to 10 Up to 50
App Service Environments (req. min 6 cores) – – – – Supported
SLA – – 99.95% 99.95% 99.95%
Slots - - - 5 20
Auto-scale - - - Supported Supported
Backups /day - - - 2 50
Custom domains - Supported Supported Supported Supported
SSL Certs - - Unlimited SNI Unlimited SNI + 1 IP Unlimited SNI + 1 IP
Logic App Definitions 10 10 10 25 100

27. PowerShell
# Create App Service Plan
New-AzureRmAppServicePlan -Location "South Central US" -
ResourceGroupName DestinationAzureResourceGroup -Name
NewAppServicePlan -Tier Premium
# Create a Backup
New-AzureRmWebAppBackup -ResourceGroupName $resourceGroupName -
Name $appName -StorageAccountUrl $sasUrl
# Restore from backup
$backupList = $app | Get-AzureRmWebAppBackupList
$backup = $app | Get-AzureRmWebAppBackup -BackupId 10102
$backup | Restore-AzureRmWebAppBackup -Overwrite
# Clone an existing App (Premium Only)
$srcapp = Get-AzureRmWebApp -ResourceGroupName
SourceAzureResourceGroup -Name source-webapp
$destapp = New-AzureRmWebApp -ResourceGroupName
DestinationAzureResourceGroup -Name dest-webapp -Location
"North Central US" -AppServicePlan DestinationAppServicePlan -
SourceWebApp $srcapp
General
• Lock (CanNotDelete, ReadOnly)
• Swap Slots
• See below for which settings swap
• Kudu – Command Interface
• Extensions (application Insights, New Relic, Php Manager, Jekyll…)
• Deployment (FTP, Web Deploy, OneDrive, Dropbox, Kudu (can unzip), VSO,
Local Git, GitHub, Bitbucket, Azure CLI )
Azure App Services cont..

28. PowerShell
#
Get-AzureRmWebApp –Name $sitename
New-AzureRmWebApp -Name $sitename -AppServicePlan
$appServicePlan -ResourceGroupName $rgName -Location $loc
-ASEName $aseName -ASEResourceGroupName $aseRgName
Set-AzureRmWebApp -Name $sitename
Restart-AzureRmWebapp
Stop-AzureRmWebapp
Start-AzureRmWebapp
Remove-AzureRmWebApp
Get-AzureRmWebAppPublishingProfile -Name $sitename
-ResourceGroupName $rgName-OutputFile
.publishingprofile.txt
X-plat CLI
# App Service Plans
azure appserviceplan list --resource-group MyRG
azure appserviceplan create
azure appserviceplan show
azure appserviceplan config
azure appserviceplan delete
# Create, delete and list
azure webapp create --name ContosoWebApp --resource-group
ContosoAzureResourceGroup --plan ContosoAppServicePlan --
location "South Central US"
azure webapp delete --name ContosoWebApp --resource-group
ContosoAzureResourceGroup
azure webapp list --resource-group ContosoAzureResourceGroup
# Config, restart etc..
azure webapp config set
azure webapp config hostnames
azure webapp config appsettings
azure webapp restart
azure webapp stop
azure webapp start
# Get publishing profile
azure webapp publishingprofile --name ContosoWebApp --
resource-group MyGG
Azure App Services - Web Apps

29. Azure App Services - Mobile Apps
• Cross platform SDK
• Offline data and data sync (uses SQLite)
• Incl. Notification Hub (Push)
• Free (1M pushes, 500 active devices) | Basic (10M pushes,
200K Active Devices)| Standard (10M pushes, 10M Active
Devices, Rich telemetry, Bulk Operations, Scheduled, Multi-
tenancy)
• Require namespace Register App for Push Services (App
secret password and package SID)
• Tags
• Client Requested
• Automatically Added
• Broadcast | Unicast/Multicast | Segmentation (Tags)
• Templates
• Platform Notification System (PNS)
• Windows Phone (Windows Notification Service (WNS)) –
Tiles, Badges, Notifications
• iOS (Apple Push Notification Service (APNS))
FREE 1 BASIC STANDARD
Price2
Free
(up to 10 services /
month)
£11.17 / month
per unit
£104.34 /
month
per unit
API Calls2 500 K 1.5 M / unit 15 M / unit
Active Devices3 500 Unlimited Unlimited
Scale N/A Up to 6 units Unlimited units
Push Notifications
Notification Hubs Free
Tier included,
up to 1 M pushes
Notification Hubs
Basic Tier included,
up to 10 M pushes
Notification
Hubs Standard
Tier included,
up to 10 M
pushes
Real time messaging &
Web Sockets
Limited
350 / mobile
service
Unlimited
Offline
synchronizations
Limited Included Included
Scheduled jobs4 Limited 1 Job, 1
exec/hr
Included Included
SQL Database5
(required)
20 MB included for 1yr,
Standard rates apply
after
20 MB included for
1yr,
Standard rates
apply after
20 MB included
for 1yr,
Standard rates
apply after
CPU capacity 60 minutes / day Unlimited Unlimited
Outbound data transfer
165 MB per day (daily
Rollover)*
5GB per 30 days
Included
50GB per 30 days
Included
500GB per 30
days

30. Azure App Services - Mobile Apps cont…
• Incl. Notification Hub (Push)
• Free (1M pushes, 500 active devices) | Basic (10M pushes,
200K Active Devices)| Standard (10M pushes, 10M Active
Devices, Rich telemetry, Bulk Operations, Scheduled, Multi-
tenancy)
• iOS, Android, WNS,
• Require namespace Register App for Push Services (App
secret password and package SID)
• Tags
• Client Requested
• Automatically Added
• Broadcast | Unicast/Multicast | Segmentation (Tags/Tag
expression)
• Templates – Each device type can have multiple templates
• Platform Notification System (PNS)
• Services Supported
• Windows Notification Service (WNS) or Windows
Phone (MPNS) – Tiles, Badges, Notifications
• iOS (Apple Push Notification Service (APNS))
• Google Firebase Cloud Messaging (FCM), use Google
Cloud Messaging (GCM) in Notification Hub.
• Amazon (ADM)
• Baidu (Android China)

31. PowerShell
# Websites
Get-AzureWebsite $sitename
New-AzureWebsite $sitename –Slot staging –Location
“North Europe”
Publish-AzureWebsiteProject $sitename –Slot staging –
Package [path].zip
Show-AzureWebsite –Name $sitename –Slot staging
Switch-AzureWebsiteSlot –Name staing
Remove-AzureWebsite –Name $sitename –Slot staging
# Download log
Save-AzureWebSiteLog –Name $sitename
# View live stream
Get-AzureWebSiteLog –Name $sitename -Tail
X-plat CLI
# List command available for Websites
Call azure site –h
azure site list mysite
azure site create mysite –slot staging
azure site create --git mysite --slot staging
azure site swap staging
azure site delete mysite --slot staging
Azure site log download mysite
Azure site log tail mywebsite
General
• Slots only available in Standard or Premium
• Deploy using Portal, GitHub, VSO, FTP, OneDrive, DropBox
• Hosting Plans
• Free (1GB storage)
• Shared (Free + Custom Domains)
• Basic (instance sizes [mall, medium, large], 10GB, SSL, 3 instances)
• Standard (50GB, autoscaling, schedules, metrics (CPU,Instance),
Traffic Manager, 5 slots, 10 instances, daily backup)
• Premium (250GB, 20 Instances, 20 Slots, Backup 50 times per day,
BizTalk services)
• 64-bit only, Web sockets, SSL Certs, Custom domains (Shared too), SSL
Binding to custom domains, Add End Points, available in Basic or Standard
• Default domain azurewebsites.net - Awverify.
• Monitoring
• Endpoints (2 endpoints, 3 geographic locations, every 5 mins)
• Performance monitoring
• Diagnostics
• Application (lasts 12 hours), Web server (W3C extended log format),
Detailed error messages, failed request tracing (xml).
• Can FTP download logs
• Kudu – http://mysite.scm.azurewebsites.net
• Connection Strings
• .Net uses connectionStrings, not .Net Environment variables
Azure Websites (Classic)

32. PowerShell
#
X-plat CLI and batch
# List command available for Websites
Call azure site –h
cspack [DirectoryName][ServiceDefinition]
/role:[RoleName];[RoleBinariesDirectory]
/sites:[RoleName];[VirtualPath];[PhysicalPath]
/out:[OutputFileName]
cspack [DirectoryName][ServiceDefinition]
/out:[OutputFileName]
/role:[RoleName];[RoleBinariesDirectory]
/sites:[RoleName];[VirtualPath];[PhysicalPath]
/role:[RoleName];[RoleBinariesDirectory];[RoleAssemblyN
ame]
General
• Slots only available in Standard or Premium. Only two, staging and
production.
• Web Roles and Worker Roles (no public endpoints)
• 3 Deployment components
• Service Definition file (.csdef)
• Defines service model incl. what roles.
• Sites, InputEndpoints, InternalEndpoints,
ConfigurationSettings, Certificates, LocalResources, Imports,
Startup
• Diagnostics
• Service Configuration File (.cscfg)
• Configuration for the cloud service and roles, incl. number of
role instances.
• Instances, ConfigurationSettings, Certificates
• Can reconfigure cloud service by altering this after
deployment
• Network configuration (Specify Reserved IP <ReservedIP
name=“” />, VLAN <VirtualNetworkSite>)
• Uploaded separately from .cspkg
• Service Package (.cspkg)
• Contains application code and service definition file (.csdef)
• Generated from the .csdef
• Can deploy updates to 1 or all roles. Can use portal, VS
• CSPack.exe command line tool to create .cspkg
Azure Cloud Service (classic)

33. PowerShell
# New cache
New-AzureRmRedisCache -ResourceGroupName
$resourceGroupName -Name $cacheName -Location
"North Europe" -Sku $sku -Size 13GB -ShardCount 6
.Net
// connection refers to a previously configured ConnectionMultiplexer
IDatabase cache = connection.GetDatabase();
// NOTE:
// The object returned from the GetDatabase method is a
// lightweight pass-through object and does not need to be stored.
// Copy
ConnectionMultiplexer connection =
ConnectionMultiplexer.Connect("contoso5.redis.cache.windows.net,
abortConnect=false,ssl=true,password=...");
IDatabase cache = connection.GetDatabase();
// Perform cache operations using the cache object...
// Simple put of integral data types into the cache
cache.StringSet("key1", "value");
cache.StringSet("key2", 25);
// Simple get of data types from the cache
string key1 = cache.StringGet("key1");
int key2 = (int)cache.StringGet("key2");
// If key1 exists, it is overwritten.
cache.StringSet("key1", "value1");
string value = cache.StringGet("key1");
if (value == null)
{
// The item keyed by "key1" is not in the cache. Obtain
// it from the desired data source and add it to the cache.
value = GetValueFromDataSource();
cache.StringSet("key1", value);
}
General
• Only Premium tier supports clustering
• 99.9% SLA on Standard and Premium, Not Basic SKU
Azure Redis Cache
Pricing tier Size CPU cores Available bandwidth 1 KB Key size
Standard
cache sizes
Megabits per sec (Mb/s) /
Megabytes per sec (MB/s)
Requests per second
(RPS)
C0 250
MB
Shared 5 / 0.625 600
C1 1 GB 1 100 / 12.5 12200
C2 2.5 GB 2 200 / 25 24000
C3 6 GB 4 400 / 50 49000
C4 13 GB 2 500 / 62.5 61000
C5 26 GB 4 1000 / 125 115000
C6 53 GB 8 2000 / 250 150000
Premium
cache sizes
CPU cores
per shard
Requests per second
(RPS), per shard
P1 6 GB 2 1000 / 125 140000
P2 13 GB 4 2000 / 250 220000
P3 26 GB 4 2000 / 250 220000
P4 53 GB 8 4000 / 500 250000

34. PowerShell
# Active
G
X-plat CLI
General
• Tool: Service Bus Explorer
• Queues
• Topics
• Relay has now moved to a separate Azure Service
• Notification Hub has now moved to a separate Azure Services.
Azure Service Bus
Feature Basic Standard Premium
Queues y y y
Scheduled messages y y y
Topics – y y
Transactions – y y
De-duplication – y y
Sessions – y y
ForwardTo / SendVia – y y
Message Size 256 KB 256 KB 1 MB
Brokered connections included 100 1,000
1
1,000 per MU
Brokered connections (overage allowed) – (billable) Up to 1,000 per MU
Resource isolation N - Shared N - Shared y

35. General
• Add NuGet “Microsoft Azure Service Bus”
Azure Relay
ServiceHost sh = new ServiceHost(typeof(ProblemSolver));
sh.AddServiceEndpoint(
typeof (IProblemSolver), new NetTcpBinding(),
"net.tcp://localhost:9358/solver");
sh.AddServiceEndpoint(
typeof(IProblemSolver), new NetTcpRelayBinding(),
ServiceBusEnvironment.CreateServiceUri("sb", "namespace", "solver"))
.Behaviors.Add(new TransportClientEndpointBehavior {
TokenProvider =
TokenProvider.CreateSharedAccessSignatureTokenProvider("RootManageSharedAcces
sKey", "<yourKey>")});
sh.Open();
Console.WriteLine("Press ENTER to close");
Console.ReadLine();
sh.Close();
In the example, you create two endpoints that are on the same contract implementation. One is local and one is
projected through Service Bus. The key differences between them are the bindings; NetTcpBinding for the local
one and NetTcpRelayBinding for the Service Bus endpoint and the addresses.

36. PowerShell
#Creates a job in the Batch service.
New-AzureBatchJob
#Creates a pool in the Batch service.
New-AzureBatchPool
#Creates a Batch task under a job.
New-AzureBatchTask
General
• Fully managed HPC facility
• REST, .NET, Python, node.js, Java
• Schedules
• Pay for what you use
• App must have
• BatchAccountName
• BatchAccountKey
• BatchAccountUrl
• StorageAccontName & StorageAccountKey
Azure Batch
Step 1. Create containers in Azure Blob Storage.
Step 2. Upload task application files and input files to containers.
Step 3. Create a Batch pool.
3a. The pool StartTask downloads the task binary files
(TaskApplication) to nodes as they join the pool.
Step 4. Create a Batch job.
Step 5. Add tasks to the job.
5a. The tasks are scheduled to execute on nodes.
5b. Each task downloads its input data from Azure Storage, then
begins execution.
Step 6. Monitor tasks.
6a. As tasks are completed, they upload their output data to Azure
Storage.
Step 7. Download task output from Storage.

37. PowerShell
# Get an Azure Automation Credential
Get-AzureAutomationCredential – AutomationAccountName
$accName
New-AzureAutomationAccount
New-AzureAutomationCredential
New-AzureAutomationSchedule
New-AzureAutomationVariable
New-AzureAutomationCertificate
New-AzureAutomationConnection
New-AzureAutomationModule
New-AzureAutomationRunBook
Publish-AzureAutomationRunBook
Register-AzureAutomationScheduledRunbook
Start-AzureAutomationRunbook
Stop-AzureAutomationRunbook
Suspend-AzureAutomationRunbook
Register-AzureAutomationScheduledRunbook
Unregister-AzureAutomationScheduledRunbook
General
• Create a Run As account
Azure Automation

38. General
• Templates
• Limited to XML or JSON
• Use for cross-platform
• Use for Personalisation
• Need to Register Templates
Azure Notification
Template Expression Description
$(prop)
Reference to an event property with the given name. Property names are not case-sensitive. This
expression resolves into the property’s text value or into an empty string if the property is not present.
$(prop, n)
As above, but the text is explicitly clipped at n characters, for example $(title, 20) clips the contents of
the title property at 20 characters.
.(prop, n)
As above, but the text is suffixed with three dots as it is clipped. The total size of the clipped string and
the suffix does not exceed n characters. .(title, 20) with an input property of “This is the title line”
results in This is the title...
%(prop) Similar to $(name) except that the output is URI-encoded.
#(prop)
Used in JSON templates (for example, for iOS and Android templates).
This function works exactly the same as $(prop) previously specified, except when used in JSON
templates (for example, Apple templates). In this case, if this function is not surrounded by “{‘,’}” (for
example, ‘myJsonProperty’ : ‘#(name)’), and it evaluates to a number in Javascript format, for
example, regexp: (0|([1-9][0-9]*))(.[0-9]+)?((e|E)(+|-)?[0-9]+)?, then the output JSON is a number.
For example, ‘badge : ‘#(name)’ becomes ‘badge’ : 40 (and not ‘40‘).
‘text’ or “text” A literal. Literals contain arbitrary text enclosed in single or double quotes.
expr1 + expr2 The concatenation operator joining two expressions into a single string.

39. .Net
// Environment Variables in App Settings use:
System.Environment.GetEnvironmentVariable("mySetting",
EnvironmentVariableTarget.Process)
Azure Functions
General
• Languages (c#, f#, node.js, python, PHP, Batch, Bash, Exe)
• Uses WebJobs SDK, Supports Nuget, Supports oAuth providers
• 2 Plans
• Consumption and App Service (dedicated VM. Use for continuous functions)
• Project Files
• Appsettings.json (VS – Connection strings)
• Hosts.json (VS – Config behaviour of Azure Functions host)
• Function.json (Input and output bindings. Random GUID syntax for path = {rand-guid}
• Project.json (dependencies, NuGets)
• Run.csx (c# code)
• Triggers
• BlobTrigger - Process Azure Storage blobs when they are added to containers.
You might use this function for image resizing.
• EventHubTrigger - Respond to events delivered to an Azure Event Hub.
Particularly useful in application instrumentation, user experience or workflow
processing, and Internet of Things (IoT) scenarios.
• Generic webhook - Process webhook HTTP requests from any service that
supports webhooks.
• GitHub webhook - Respond to events that occur in your GitHub repositories.
For an example, see Create a webhook or API function.
• HTTPTrigger - Trigger the execution of your code by using an HTTP request.
• QueueTrigger - Respond to messages as they arrive in an Azure Storage queue.
For an example, see Create an Azure Function that binds to an Azure service.
(default 1 min polling)
• ServiceBusQueueTrigger - Connect your code to other Azure services or on-
premise services by listening to message queues.
• ServiceBusTopicTrigger - Connect your code to other Azure services or on-
premise services by subscribing to topics.
• TimerTrigger - Execute cleanup or other batch tasks on a predefined schedule.
For an example, see Create an event processing function.
• Integrations
• Azure DocumentDB, Azure Event Hubs ,Azure Mobile Apps (tables), Azure
Notification Hubs, Azure Service Bus (queues and topics), Azure Storage (blob,
queues, and tables) , GitHub (webhooks), On-premises (using Service Bus)

40. PowerShell
# Active
New-AzureRmLogicApp
Creates a logic app in a resource group.
X-plat CLI
General
• Triggers
• HTTP request
• Webhook
• Polling
• Batches and Looping
• SplitOn
• ForEach
• Until
• Functions integration
• Use Generic Webhook template
• Connectors that includes Salesforce, Office 365, Twitter, Dropbox, Google Services and
more
• Integration Accounts
Azure Logic Apps

41. PowerShell
# Active
X-plat CLI
General
• Encryption Options
• StorageEncrypted
• CommonEncryptionProtected
• EnvelopEncryptionProtected
• Dynamic Packaging (Standard or Premium)
• Encoders
• FLV (with H.264 and AAC codec)
• MXF
• GXF
• MPEG2
• MWV / ASF
• MP4 / ISMV
• .dvr-ms
• .MKV
• WAV
• QuickTime (.mov)
• …plus many more
Azure Media Services

42. PowerShell
# Active
GGeneral
• .exe, .cmd (Batch), .ps1 (PowerShell), .py (Python), .php (PHP), .js
(Node.js)
• How to run
• Continuous
• Do NOT use with schedule
• Scheduled (classic portal)
• Triggered / On Demand
• Use with schedule in Settings.job
• With or without web service
• Zip Deployment
• Settings.job contains schedules with CRON expression.
Root of Zip file
• {second} {minute} {hour} {day} {month} {day of the week}
• Every hour (0 0 * * * *), Every hour from 9AM to 5PM (0 0
9-17 * * *), at 9:30am every day (0 30 9 * * *) et 9:30am
every week day (0 30 9 * * 1-5), every 15 minutes (0 */15 *
* * *)
Azure WebJobs
.Net
// Example Queue Trigger
public static void Main()
{
JobHost host = new JobHost();
host.RunAndBlock();
}
public static void ProcessQueueMessage([QueueTrigger("webjobsqueue")]
string inputText,[Blob("containername/blobname")]TextWriter writer)
{
writer.WriteLine(inputText);
}

43. PowerShell
# Active
G
X-plat CLI
General
• DTU – Data Transaction Unit
Azure SQL

44. PowerShell
# Active
G
X-plat CLI
Migration
• Min Downtime
• SQL Server Transactional replication
• Some Downtime
• Deploy Wizard in SSMS Migration Wizard (DAC Package)
• SQL Azure Migration Wizard
• BACPAC contains both schema and data
• DAC packages contain ONLY schema
Elastic Database
• https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-scale-
introduction
• Elastic Database Client Library – Allow multi database management including shard
management
• Elastic Database Job – execute T-SQL that span multiple databases
Azure SQL cont…

45. PowerShell
# Get and Set Vnet config xml
Get-AzureVNetConfig -ConfigurationPath
c:tempoldconfig.xml
Set-AzureVNetConfig -ConfigurationPath
c:tempupdatedconfig.xml
#Create a new Vnet
$frontendSubnet = New-
AzureRmVirtualNetworkSubnetConfig -Name
frontendSubnet -AddressPrefix "10.1.1.0/24"
$backendSubnet = New-
AzureRmVirtualNetworkSubnetConfig -Name
backendSubnet -AddressPrefix "10.1.2.0/24"
New-AzureRmVirtualNetwork -Name "hms-train-
vnet-arm-1" -ResourceGroupName $rgName -
Location "North Europe" -AddressPrefix
"10.1.0.0/16" -Subnet $frontendSubnet,
$backendSubnet
General
• 50 per subscription per region
• CIDR Subnet Hosts in Azure = 2n-5 (normally 2n-2), ‘/29’ is smallest subnet
• Multiple NICs
• Can't make a VM multi NIC after deployment. Need to delete and redeploy
• D1 - 1 NIC, D2 - 2 NICs, D3 - 4 NICs, D4 - 8 NICS
• Access Control Lists (ACL)
• For endpoints only. Inbound only!) Not preferred, use NSGs.
• Network Security Groups (NSG)
• Can’t use if ACL’s. Remove ACL’s first
• Name, Direction, Priority, Access (allow or NOT), Source IP, Source port,
Destination IP, Destination Port, Protocol
• Subnet can only 1 NSG
• Applied to one or more VMs or subnet
• Subnet can only have 1 NSG applied
• Each NSG can have up to 200 rules
• Is associated to a region100 NSGs per region per subscription
• Default Tags (Internet, Virtual_network, Azure_loadbalancer)
• Do NOT Block 168.63.129.16 and port 1688!!
• UDR (Routing Tables)
• VPNs (Site-to-Site, VNet2Vnet, Point-to-Site, Express-Route (private network))
• Express-route – Exchange providers (layer 3, 200Mbps – 10Gbps, Site2Site, BGP
with client), Network Service Providers (10Mbps – 1Gbps, Any2Any, BGP with
telco)
• Max 30 VPN tunnels per VPN Gateway and 128 connections from clients
Azure Virtual Networks

46. PowerShell
# Create a PIP for the Gateway
$pip = New-AzureRmPublicIpAddress -
AllocationMethod Dynamic -ResourceGroupName
$rgName -Name "hms-train-gateway-1"
X-plat CLI
VPNs
• Site-to-Site, VNet2Vnet
• Max 10 tunnels, 100 Mbps (Basic and Standard) | 30 tunnels, 200 Mbps (High
Performance)
• Point-to-Site
• Max 128 connections, Secure Socket Tunneling Protocol (SSTP)
• Use makecert to create a self-signed root certificate (can’t use a CA)
• Import .ver file with private key to Azure
• Generate a client certificate for each client to install
• Download package from portal and then install client
• Express-Route (private network))
• Express-route – Exchange providers (layer 3, 500 Mbps – 10Gbps, Site2Site,
BGP with client), Network Service Providers (10 Mbps – 1Gbps, Any2Any, BGP
with telco)
• Max 30 VPN tunnels per VPN Gateway and 128 connections from clients
• Gateway SKUs – Basic (BGP & ExpressRoute not supported), Standard, High
Performance
• Considerations
• No overlapping IP address ranges
• Only 1 VPN gateway per VNet
Azure Virtual Networks - VPNs

47. PowerShell
# Active
# List reserved IPs
Get-AzureReservedIP
# Reserve a new IP address
New-AzureReservedIP -ReservedIPName
AGSReservedIP -Location "North Europe"
# List reserved IPs
Get-AzureReservedIP
#List all azure services
Get-AzureService
#allocate the ip to a service
Set-AzureReservedIPAssociation -
ReservedIPName AGSReservedIP -ServiceName
FFApi-VBTest
General
• Azure Load Balancer (Layer 4 – Transport Layer), Random network levelling. Health
probes (Custom for non 200ACK)
• Application Gateway (50 per subscription, max 10 instances each)
• SKUs: WAF and Standard
• Small (7.5Mbps / 35Mbps), Medium (10Mbps / 100Mbps), Large (50Mbps /
200Mbps)
• Firewall, Round Robin LB, Cookie session affinity, SSL offload, URL based content
routing, up to 20 websites consolidation, websocket support, health monitoring,
advanced diagnostics.
• Traffic Manager (Layer 7 – DNS based LB)
• Weighted (Round-robin)
• Performance (Performance/latency)
• Priority (DR/Failover)
Azure Virtual Networks cont…

48. PowerShell
# Active
# List reserved IPs
Get-AzureReservedIP
# Reserve a new IP address
New-AzureReservedIP -ReservedIPName
AGSReservedIP -Location "North Europe"
# List reserved IPs
Get-AzureReservedIP
#List all azure services
Get-AzureService
#allocate the ip to a service
Set-AzureReservedIPAssociation -
ReservedIPName AGSReservedIP -ServiceName
FFApi-VBTest
Advanced
• Peering – Connects 2 VNets in the same region through the Azure backbone
• Can use between subscriptions if both associated with same AD tenant
• Peering between ARM and ASM VNets can be done if both in same subscription
• Requirements
• Same region
• Non-overlapping IP address spaces
Azure Virtual Networks cont…

49. PowerShell
# List all
Get-Module –ListAvailable
# Install the Azure Resource Manager modules from the PowerShell Gallery
Install-Module AzureRM
# Install the Azure Service Management modules from the PowerShell Gallery
Install-Module Azure
# Get a list of cmdlets in the Azure module
Get-Command -Module Azure | Get-Help | Format-Table Name, Synopsis
# Get a list of cmdlets in the Resource Manager module
Get-Command -Module AzureRM | Get-Help | Format-Table Name, Synopsis
# Login (Classic)
Add-AzureAccount
# Login (ARM) alias is ‘Login-AzureRmAccount’
Add-AzureRmAccount
# Get a list of subscriptions
Get-AzureSubscription
Get-AzureRmSubscription
# Get Context (ARM)
Get-AzureRmContext
# Set the subscription for the session (ARM)
Select-AzureRmSubscription
# select default storage context
Set-AzureRmCurrentStorageAccount -ResourceGroupName $rgname -StorageAccountName
$strgname
# Remote PowerShell – Install certificate
.InstallwinRMCertAzureVM.ps1 –SubscriptionName $s –ServiceName $svc –Name $vm
# Retrieve the URI of the VM
$uri = Get-AzureRmUri –ServiceName $svc –Name $vm
# Execute a script remotely
$cred = Get-Credential
Invoke-Command –ConnectionUri $uri –FilePath ‘.deployad.ps1’ –Credentials
$cred
X-plat CLI
REM Set mode to ARM
Azure config mode arm
REM Set mode to Service Management Mode
Azure config mode asm
REM Login
Azure login
REM List subscriptions
Azure account list
REM Set Current Subscription
Azure account set "{name of subscription}"
REM Create Resource Group
Azure group create -n "{name}" -l "{location}"
PowerShell & x-plat CLI - General
• Use npm to install on
Linus
• Docker container
available for version
2.0

50. PowerShell - Files
# Active
G
X-plat CLI
General
• Azure Data Lake Store - A data repository that enables you to store any type of data in its
raw format without defining schema. The store offers unlimited storage with immediate
read/write access to it and scaling the throughput you need for your workloads. The store
is Hadoop Data File System (HDFS) compatible so you can use your existing tools.
• Azure Data Lake Analytics - An analytics service that allows you to run analysis jobs on
data. Analytics using Apache YARN to manage its resources for the processing engine. By
using the U-SQL query language you can process data from several data sources such as
Azure Data Lake Store, Azure Blob Storage, Azure SQL Database but also from other data
stores built on HDFS.
• Azure Data Lake HDInsight - An analytics service that enables you to analyze data sets on
a managed cluster running open-source technologies such as Hadoop, Spark, Storm &
HBase.
Azure Data Lake

51. PowerShell - Files
# Active
G
X-plat CLI
General
• 99.9% enterprise scale SLA
• Hadoop: Petabyte scale processing with Hadoop components like
• Hive (SQL on Hadoop) HiveQL,
• Apache Pig is a platform for creating programs for Hadoop by using a
procedural language known as Pig Latin
• Sqoop - tool designed to transfer data between Hadoop clusters and relational
databases. You can use it to import data from a relational database management
system (RDBMS) such as SQL Server
• HCatalog is a table and storage management layer for Hadoop that enables users
with different data processing tools — Pig, MapReduce — to more easily read and
write data on the grid
• HBase: Fast and scalable NoSQL Offering
• Storm: Allows the processing of infinite streams of data in real-time.
• Spark: Fast data analytics and cluster using in-memory processing.
• Interactive Hive (preview): Enterprise Data Warehouse with in-memory analytics using
Hive(SQL on Hadoop) and Long Live and Process (LLAP)
• R Server: Terabyte scale, provides enterprise grade R analytics used for machine learning
models.
• Kafka (preview): High throughput, low latency, real-time streaming platform, typically
used in streaming and IoT scenarios
• Mahout - One of the Microsoft HDInsight key components is Mahout, a scalable machine
learning library that provides a number of algorithms relying on the Hadoop platform
• Oozie - Apache Oozie is a workflow/coordination system that manages Hadoop jobs.
HDInsight

52. PowerShell - Files
# Active
GGeneral
• API Gateway (99.9% SLA, 99.95% SLA for Premium across two or more regions)
• Features - access control, rate limiting, monitoring, event logging, and response caching
• Groups – Administrators, Developers, Guests
• Policy Types (Access restriction, Advanced, Authentication, Caching, Cross domain,
Transformation)
API Management
Developer Standard Premium
Price £0.9652/day £13.78/day per unit £56.14/day per unit
API Calls (per unit)
32 K / day ( ~1 M /
month )
7 M / day ( ~217 M /
month )
32 M / day ( ~1 B /
month )
Data Transfer (per
unit)
161 MB / day
( ~5 GB / month )
32 GB / day
( ~1 TB / month )
161 GB / day
( ~5 TB / month )
Cache 10 MB 1 GB 5 GB
Scale-out None
4 units
Contact us for more
Unlimited
SLA No 99.9% 99.95%
Multi-Region
Deployment
No No Yes
Azure Active
Directory Integration
Unlimited User
Accounts
No
Unlimited User
Accounts
VPN Yes No Yes

53. Policy reference index
Access restriction policies
Check HTTP header
Limit call rate by subscription
Limit call rate by key
Restrict caller IPs
Set usage quota by subscription
Set usage quota by key
Validate JWT
Advanced policies
Control flow
Forward request
Log to Event Hub - Sends messages in
the specified format to a message
target defined by a Logger entity.
Retry
Return response
Send one way request
Send request
Set request method
Set status
Set variable
Trace
Wait
Authentication policies
Authenticate with Basic
Authenticate with client certificate
Caching policies
Get from cache
Store to cache
Get value from cache
Store value in cache
Remove value from cache
Cross domain policies
Allow cross-domain calls - Makes the
API accessible from Adobe Flash and
Microsoft Silverlight browser-based
clients.
CORS - Adds cross-origin resource
sharing (CORS) JSONP - Adds JSON
with padding (JSONP) support to an
operation or an API to allow cross-
domain calls from JavaScript browser-
based clients.
Transformation policies
Convert JSON to XML
Convert XML to JSON
Find and replace string in body
Mask URLs in content - Re-writes
(masks) links in the response body so
that they point to the equivalent link
via the gateway.
Set backend service
Set body
Set HTTP header
Set query string parameter
Rewrite URL - Converts a request URL
from its public form to the form
expected by the web service.
API Management – cont…

54. • Notifications Hub
• Autoscale
• Social Integration
• Offline Data Sync
• SQLLite
• IMobileServicesSyncT
able (.net),
MSSyncTable (IOS),
mClient.getSyncTable(
) (android)
• PushAsync, PullAsync,
updateAt
(Incremental Sync),
IMobileServicesSyncT
able.PurgeAsync
(clear local store)
Free Try for free
Shared Host
basic apps
Basic More
features for
Dev/Test
Standard Go live
with web and
mobile
Premium
Enterprise scale
and integration
Web, mobile or API apps 10 100 Unlimited Unlimited Unlimited
Disk space 1 GB 1 GB 10 GB 50 GB 250 GB
Logic App Actions (per
day) *
200 200 200 10,000 50,000
Maximum instances – – Up to 3 Up to 10 Up to 50
App Service
Environments (require
min. 6 cores)
– – – – Supported
SLA – – 99.95% 99.95% 99.95%
Service Plan Cores RAM DISK
F1 Shared 1GB 1GB
D1 shared 0.5GB 1GB
B 1,2,4 1.75, 3.5,7GB 10GB
S 1,2,4 1.75, 3.5,7GB 50GB
P 1,2,4,8 1.75, 3.5,7, 14GB 250GB
Mobile Apps

55. Azure Container Service
• Standard infrastructure for
Docker cluster
• Scale and orchestrate using
DC/OS, Docker Swarm, or
Kubernetes
• Saves about 6,000 lines of config
code
• Has no registry or other
customisation

56. Azure Service Fabric
• Provides fast deployment, Placement and
activation, high density, reliability, scaling, health
reporting, coordinated upgrades, service endpoint
discovery
• Programming models
• Guest executable (as-is code) plus
ServiceManifest.xml
• Reliable Services Model
• VS development using Fabric sdk. Package and deploy and
debug etc..
• Dynamic resource balancing based on actual usage.
• .Net or JavaScript?
• Stateful Programming model
• Reliable collections
• Reliable Queues
• Reliable …
• Application Manifest
• Cluster port: 19080

57. Azure Key Vault
• Tiers – Standard | Premium (incl. Hardware Security Module
(HSM) backed keys)
• Secrets
• Any sequence of bytes under 10KB. E.g. Passwords and connection
strings that can be encrypted, PFX file.
• AES key used to encrypt data
• Low latency
• Keys
• A cryptography key. RSA 2048.
• Can’t be read back, but can ask the service to decrypt using the key or
sign using a key.
• Use when security requirement is greater than performance.
• Advanced Access Policies
• Enable access to Azure VMs for deployment
• Enable access to Azure Resource Manager for template deployment
• Enable access to Azure Disk Encryption for volume encryption
• Access Policies
• Key & Secret Management
• Key Management
• Secret Management
• SQL Server Connector
• Admins & Consumers MUST have an Azure AD account incl.
applications.
• Url: https://{vaultname}.vault.azure.net/secrets/{secret
name}/{version [optional]}
PowerShell - Files
# Create key vault
New-AzureRmKeyVault -VaultName $kvName -ResourceGroupName
$rgName -Location $location -Sku Standard -
EnabledForDeployment -EnabledForTemplateDeployment -
EnabledForDiskEncryption
#Set Permissions to key vault for service
Set-AzureRmKeyVaultAccessPolicy -VaultName $kvName -
ResourceGroupName $rgName -ServicePrincipalName $spn -
PermissionsToKeys all -PermissionsToSecrets all -
PermissionsToCertificates all
#Gets key vaults.
Get-AzureRmKeyVault
#Adds a certificate to a key vault.
Add-AzureKeyVaultCertificate
# Creates a key in a key vault or imports a key into a key vault.
Add-AzureKeyVaultKey
#Gets the secrets in a key vault.
Get-AzureKeyVaultSecret
#Creates or updates a secret in a key vault.
Set-AzureKeyVaultSecret
#Updates attributes of a secret in a key vault.
Set-AzureKeyVaultSecretAttribute
#Deletes a secret in a key vault.
Remove-AzureKeyVaultSecret

58. Azure Key Vault cont…
Workflow with AAD
1. CSO creates Vault adds keys and authorizes AAD
users
2. CSO uploads a ‘Service Certificate’ (pfx incl. private
key) to Azure
3. Operator then creates App Instances (VMs)
4. Azure injects the Service Certificate into each VM
5. Now the App (which has used the same certificate as
it’s Auth in AAD) can retrieve and authorize against
AAD
6. AAD returns the Token
7. App can now access the Key Vault
Xplat-CLI - Files
# Create key vault
N
App Config Needed when NOT using certificate (app
or web.config or app settings)
• VaultUrl
• AAD AuthClientId
• AAD AuthClientSecret (Shared Key)

59. Stuff to do
• Azure Backup
• Azure Automation
• Azure Batch
• Service Bus
• HPC and HPC Pack
• BizTalk Hybrid Connection
• StorSimple
• Azure Key Vault
• Azure Media Services
• Microsoft Enterprise Library
Autoscaling Application Block
(WASABi)
• Hyper-V (MVMM)
• Check out neo4j
• Azure RMS
• Event Hubs
• Relay
• Hyper-V Replica