# AZ-104: Microsoft Azure Administrator ## Study Guide Notes # Azure Active Directory (AD) Management ## AD Users and Groups Understanding user and group management is vital, including bulk operations which are commonly performed using CSV files. ### Bulk Operations - Get comfortable with the structure and fields required in CSV files for bulk operations. - Learn the PowerShell cmdlets and Azure CLI commands used to perform these operations. ## AD Devices Devices can be registered with Azure AD to enable various organizational features and security controls. ### Device Management - Identify which types and operating systems of devices can be registered with Azure AD. - Understand the differences between Azure AD registered, Azure AD joined, and Hybrid Azure AD joined devices. ## Hybrid Azure AD Join Hybrid Azure AD Join is used for devices that need to be connected to both on-premises Active Directory and Azure Active Directory. ### Usage Scenarios - Determine the conditions where Hybrid Azure AD Join is more appropriate than Azure AD Join. - Familiarize with the Group Policy (GP) requirements for Hybrid Azure AD Join. ## Self-Service Password Reset (SSPR) SSPR allows users to reset their passwords without administrative intervention, reducing the workload on support staff. ### Considerations for SSPR - Know how to configure password writeback, which is necessary for on-premises AD integration with SSPR. ## Command Line Tools Command-line interfaces offer powerful ways to manage Azure services, automate tasks, and script operations. ### PowerShell and Azure CLI - Review and understand the common PowerShell cmdlets and Azure CLI commands for managing Azure AD. - Practice creating and executing scripts to automate routine Azure AD tasks. # Azure Governance ## Resource Hierarchy The Azure resource hierarchy is a structured layout of how resources are organized and managed in Azure. It follows the order: - **Management Group**: Collections of subscriptions that can be managed together. - **Subscription**: A logical container for billing, reporting, and tracking resource usage. - **Resource Group**: A container that holds related resources for an Azure solution. - **Resource**: Individual instances like VMs, databases, and more, within a Resource Group. ## Role-Based Access Control (RBAC) RBAC is crucial for managing access to Azure resources. - **Review Custom Roles**: Evaluate and refine custom role definitions to ensure they align with organizational needs. - **JSON Format**: Improve understanding of JSON formatting to accurately define custom roles and policies. - **Permission Assignment**: Aim to assign permissions at the highest level possible, then use specific roles to grant more granular permissions where necessary. - **Group Management**: It's recommended to add groups to RBAC roles and then users to groups rather than directly adding users to RBAC roles for easier management. ## Locks and Tags Locks and tags are used for different purposes in Azure: - **Locks**: Provide a mechanism to control the modification and deletion of Azure resources. - They are inherited from the parent resource but only affect the management layer. - Can be removed by Owners and Access Managers if necessary. - **Tags**: Serve as labels to organize resources for various purposes like reporting and policy enforcement. - Not inherited by default, but policies can enforce inheritance of specific tags (e.g., CostCenter tags). ## Cost Management Managing costs in Azure involves budgets and alerts. - **Budgets and Alerts**: Keep track of spending and get notified if spending exceeds predefined thresholds. ## Policy Management Azure policies enforce organizational standards and assess compliance at scale. - **Policies and Initiatives**: - Dive deeper into JSON syntax to effectively create and manage policies and initiatives in Azure. ## Command Line Interface (CLI) The CLI is a powerful tool for managing Azure resources. - **PowerShell and Azure CLI Commands**: - Review and understand the common PowerShell cmdlets and Azure CLI commands for managing Azure resources. # Tyler's Idea for Budget Management - **Problem Statement**: Budget notifications are currently only sent via email, which can be cumbersome and confusing for users. - **Proposed Solution**: Create a custom dashboard that integrates with PowerApps or another tool to display changes in budgets more interactively. - **Features**: - **Visibility**: Show what has changed in the budget directly on the dashboard. - **User Actions**: Allow users to accept new budgets, request further details, or dismiss notifications. - **Alerts**: Trigger alerts when the forecasted or actual cost of a CostCenter or Project exceeds 20% of the previous period's budget. - **Dashboard Link**: Include a link in the alert to a dashboard where users can compare and contrast spending against previous periods. - **Action Buttons**: - **Increase Budget**: Option to increase the budget by 25%. - **More Details**: Link to a detailed cost analysis for the alerted scope. - **Ignore**: Dismiss the alert for the month if the cost overrun is due to a known anomaly or temporary spike. - **Benefit**: This approach aims to streamline budget management and improve user engagement with financial tracking and accountability. # Azure Storage Accounts Azure Storage Accounts provide scalable cloud storage for all types of data. They support high availability and redundancy with a comprehensive set of security features. ## Blob Storage Blob storage is optimized for storing massive amounts of unstructured data, such as text or binary data. ### Use cases: - Serving images or documents directly to a browser - Storing files for distributed access - Streaming video and audio - Storing data for backup and restore, disaster recovery, and archiving ## File Storage Azure Files offers fully managed file shares in the cloud that are accessible via the industry-standard SMB protocol. ### Use cases: - Migrating on-premises file shares to Azure - Storing shared settings for cloud applications - Diagnostic data logs ## Table Storage Table storage is a service that stores large amounts of structured data. It's a NoSQL data store for semi-structured data. ### Use cases: - Storing datasets that don't require complex joins, foreign keys, or stored procedures - Quickly querying data using a clustered index ## Queue Storage Queue storage provides reliable messaging for workflow processing and for communication between components of cloud services. ### Use cases: - Communication between web role and worker role instances - Ordering the processing of messages ## Access Keys Access keys are used to authenticate against Azure Storage services securely. ### Best practices: - Regenerate access keys periodically - Use Shared Access Signatures for more granular control ## Shared Access Signatures (SAS) SAS is a secure way to provide granular permissions to Azure Storage resources without exposing account keys. ### Scenarios: - Providing limited access to resources - Restricting what actions can be performed - Limiting access to a specific time range ## Role-Based Access Control (RBAC) RBAC allows you to manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. ### Implementation: - Apply RBAC roles to manage permissions on storage accounts - Use built-in roles or define custom roles # Network Access Controls who can access Azure Storage account data. ## Public Access Allows the data in your storage account to be accessed over the internet by anyone who has the URL. ## Private Access Restricts access to data within your storage account to only authorized users or networks. # Azure File Sync Azure File Sync synchronizes files across multiple Windows Servers and Azure Files. ### Benefits: - Centralizing file services in Azure storage - Minimizing local storage infrastructure # Tools ## Azure Storage Explorer A graphical tool that allows you to manage Azure Storage Accounts and visualize your data. ## AzCopy A command-line utility designed to copy data to/from Azure Storage using simple commands with optimal performance. ## Import/Export Jobs A service that enables you to transfer large amounts of data to and from Azure Storage. ## Data Box An offline data transfer solution for transferring large amounts of data to Azure, using physical devices. # CLI Examples ## PowerShell (PS) and Command-Line Interface (CLI) Commands Azure provides powerful scripting environments through PowerShell and Azure CLI to automate tasks. ### PowerShell Example: ```powershell Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" ``` ### Azure CLI Example: ```bash az storage account list --output table ```