Describe Azure management and governance

The Microsoft AZ-900: Microsoft Azure Fundamentals exam is designed for individuals who are new to cloud computing and Azure. It validates foundational knowledge of cloud concepts, Azure services, pricing models, security, compliance, and management tools. The exam is ideal for non-technical professionals, students, or those exploring a career in cloud technologies.

Cost Management in Azure

Cost management in Azure refers to the practices and tools used to monitor, analyze, and optimize cloud spending. It helps organizations control costs, allocate resources efficiently, and ensure they are getting the most value from their Azure investments.

Factors That Can Affect Costs in Azure

  1. Resource Type: Different services (e.g., VMs, storage, databases) have varying pricing models.
  2. Usage: Costs are often based on consumption (e.g., per hour, per GB).
  3. Region: Pricing varies by geographic region due to infrastructure and demand.
  4. Networking: Data transfer and bandwidth usage can incur additional costs.
  5. Licensing: Some services require additional software licenses.
  6. Reserved Instances vs. Pay-as-You-Go: Reserved instances offer discounts for long-term commitments, while pay-as-you-go is more flexible but potentially more expensive.

Pricing Calculator vs. Total Cost of Ownership (TCO) Calculator

  • Azure Pricing Calculator: Estimates the cost of specific Azure services based on usage, region, and configuration. It helps plan and budget for workloads.
  • TCO Calculator: Compares the total cost of running on-premises infrastructure versus Azure. It factors in hardware, software, power, and IT labor costs to show potential savings with Azure.

Cost Management Capabilities in Azure

Azure provides tools and features to manage costs effectively:

  1. Cost Analysis: Visualize and analyze spending patterns.
  2. Budgets: Set spending limits and receive alerts when thresholds are reached.
  3. Recommendations: Get cost-saving suggestions from Azure Advisor.
  4. Exporting Data: Export cost data for further analysis.
  5. Reservations: Commit to long-term usage for discounted rates.

Purpose of Tags

Tags are metadata labels assigned to Azure resources. They help:

  • Organize resources by department, project, or environment.
  • Track costs by grouping resources with the same tag.
  • Simplify management and reporting.

Features and Tools for Governance and Compliance

  1. Azure Policy: Enforces organizational rules and compliance standards across resources.
  2. Resource Locks: Prevents accidental deletion or modification of critical resources.
  3. Microsoft Purview: Provides data governance and compliance solutions, including data classification and risk management.
  4. Azure Blueprints: Simplifies compliance by deploying pre-defined environments.

Purpose of Microsoft Purview in Azure

Microsoft Purview is a unified data governance service that helps organizations manage and govern their on-premises, multi-cloud, and SaaS data. It provides:

  • Data discovery and classification.
  • Data lineage tracking.
  • Compliance and risk management.

Purpose of Azure Policy

Azure Policy ensures resources comply with organizational standards and regulations. It:

  • Enforces rules for resource creation and configuration.
  • Audits existing resources for compliance.
  • Automates remediation of non-compliant resources.

Purpose of Resource Locks

Resource locks prevent accidental deletion or modification of critical resources. They can be set to:

  • Read-Only: Prevents changes but allows reads.
  • Delete: Prevents deletion but allows modifications.

Features and Tools for Managing and Deploying Azure Resources

  1. Azure Portal: A web-based interface for managing Azure resources.
  2. Azure Cloud Shell: A browser-based shell for managing Azure resources using Azure CLI or PowerShell.
  3. Azure Arc: Extends Azure management capabilities to on-premises and multi-cloud environments.
  4. Infrastructure as Code (IaC): Automates resource deployment using templates (e.g., ARM templates).
  5. Azure Resource Manager (ARM): The deployment and management service for Azure resources.
  6. ARM Templates: JSON files that define the infrastructure and configuration for Azure resources.

Monitoring Tools in Azure

  1. Azure Advisor: Provides personalized recommendations to optimize Azure resources for cost, performance, security, and reliability.
  2. Azure Service Health: Tracks the health of Azure services and provides alerts for outages or maintenance.
  3. Azure Monitor: A comprehensive monitoring solution that includes:
    • Log Analytics: Collects and analyzes log data.
    • Azure Monitor Alerts: Notifies users of critical conditions.
    • Application Insights: Monitors the performance and usage of applications.

Sample Questions for Azure Management and Governance

Question 1:

What is Azure Policy primarily used for?

  • A) Monitoring resource performance
  • B) Enforcing organizational rules and compliance
  • C) Managing virtual machine backups
  • D) Creating virtual networks

Explanation: Azure Policy helps enforce organizational standards and assess compliance across Azure resources.

Question 2:

Which Azure service provides a centralized dashboard for monitoring and managing Azure resources?

  • A) Azure Monitor
  • B) Azure Resource Manager (ARM)
  • C) Azure Governance
  • D) Azure Portal

Answer: D) Azure Portal
Explanation: The Azure Portal is a web-based interface for managing and monitoring Azure resources.

Question 3:

What is the purpose of Azure Blueprints?

  • A) To automate virtual machine deployments
  • B) To define and deploy a repeatable set of Azure resources that adhere to organizational standards
  • C) To monitor network traffic
  • D) To manage user access to resources

Explanation: Azure Blueprints enable organizations to define and deploy compliant environments quickly and consistently.

Question 4:

Which tool is used to manage role-based access control (RBAC) in Azure?

  • A) Azure Active Directory (Azure AD)
  • B) Azure Security Center
  • C) Azure Policy
  • D) Azure Cost Management

Explanation: Azure AD is used to manage RBAC, which controls access to Azure resources.

Question 5:

What is the primary function of Azure Cost Management?

  • A) To monitor resource performance
  • B) To track and optimize cloud spending
  • C) To enforce security policies
  • D) To manage virtual machine backups

Explanation: Azure Cost Management helps organizations monitor, analyze, and optimize their cloud costs.

Question 6:

Which Azure service provides recommendations for improving security and compliance?

  • A) Azure Advisor
  • B) Azure Security Center
  • C) Azure Policy
  • D) Azure Monitor

Explanation: Azure Security Center provides security recommendations and threat protection for Azure resources.

Question 7:

What is the role of Azure Resource Manager (ARM) in Azure governance?

  • A) It provides a unified management layer for deploying and managing Azure resources
  • B) It monitors network traffic
  • C) It enforces compliance policies
  • D) It manages user access to resources

Explanation: ARM is the deployment and management service for Azure, enabling consistent governance and organization of resources.

Question 8:

Which Azure service helps identify unused or underutilized resources to reduce costs?

  • A) Azure Cost Management
  • B) Azure Advisor
  • C) Azure Monitor
  • D) Azure Policy

Explanation: Azure Advisor provides recommendations to optimize Azure resources, including cost savings by identifying unused or underutilized resources.

Question 9:

What is the purpose of Azure Management Groups?

  • A) To group multiple subscriptions for centralized management and governance
  • B) To monitor resource performance
  • C) To enforce network security policies
  • D) To manage virtual machine backups

Explanation: Azure Management Groups help organize subscriptions into containers for applying governance policies at scale.

Question 10:

Which Azure service provides insights into the health, performance, and availability of applications and infrastructure?

  • A) Azure Monitor
  • B) Azure Security Center
  • C) Azure Policy
  • D) Azure Cost Management

Explanation: Azure Monitor collects and analyzes telemetry data to provide insights into the performance and health of applications and infrastructure.