AZ-104 V2 Study Cram

Jul 3, 2024

Take quiz

AZ-104 V2 Study Cram

Introduction

  • Updated version of the AZ-104 study cram.
  • Links to different sections of knowledge are provided in the description.
  • Ensure hands-on practice and review the study guide.
  • Theory coverage with practical recommendation for self-paced learning and hands-on activities.

Entra ID (Formerly Azure AD)

  • Identity provider from Microsoft.
  • Supports cloud protocols like OAuth 2.0, OpenID Connect, SAML, WS-Fed.
  • Uses HTTPS/TLS encryption.
  • Differences with on-prem Active Directory (AD) include handling protocols and internet communication.

Interaction With Entra ID

  • Uses Microsoft Graph for interaction, REST-based over HTTPS.
  • Flat structure compared to AD which has organizational units.
  • Features administrative units for granular permissions delegation.
  • Synchronization from AD to Entra ID using Entra Connect (Sync and Cloud Sync).

Entra ID Integration

  • Applications trust Entra ID for authentication and authorization.
  • Supports Azure, Microsoft 365, and third-party SaaS applications.

Users and Groups

  • Types of users: cloud accounts, hybrid accounts, and guests from other identity providers.
  • Group types: Security and Microsoft 365; membership can be dynamic or assigned.

Devices

  • Supports device registration and join for different levels of control and management.
  • Join for organization-owned devices; Register for personal devices accessing corporate resources.

Licenses

  • Various licenses based on features: Free, P1, P2, and Identity Governance add-on.
  • Self-service password reset available in P1 with right-back to on-premises.
  • Conditional Access requires P1.
  • Identity Protection and Privileged Identity Management require P2.

Roles and Permissions

  • Global administrator and other specific roles available in Entra ID.
  • Usage of administrative units for role application at a granular level.
  • Entra ID and Azure roles are separate with specific permissions and scopes.

Domain Management

  • Custom domains can be added after verification.
  • Subscriptions trust specific Entra ID tenants.
  • Company branding and user experience customization available.

Azure Cloud Structure

Clouds and Environments

  • Azure offers different clouds: Azure Commercial, Azure Government, and Azure China, each with unique URLs and tenant instances.

Regions and Availability Zones

  • Azure regions consist of multiple data centers often divided into Availability Zones (AZs).
  • Options for zonal and zone-redundant resources within a region.
  • Paired regions stay within the same geopolitical boundary, offering synchronization and failover capabilities.
  • Each subscription exposes only three Availability Zones, despite there potentially being more.
  • Recommendations for using multiple regions for disaster recovery.

Subscription and Management Groups

  • Subscriptions organize resources and enforce resource boundaries.
  • Management Groups (MGs) allow grouping of subscriptions for hierarchical management.
  • Root Management Group is the top-level default group.

Governance

  • Role-Based Access Control (RBAC), policies, and budgets can be applied at subscription and management group levels.
  • Built-in and custom policies manage resource creation and compliance.
  • Initiatives group multiple policies to streamline assignment and compliance tracking.

Costs

  • Azure is consumption-based, with tools like Cost Analysis and Azure Cost Management to monitor and manage spending.
  • Budgets enable setting financial limits and alerts based on usage.
  • Recommendations from Azure Advisor for cost optimization.
  • Azure Hybrid Benefit and Reservations/Savings Plans offer cost savings on existing and long-term resource commitments.

Resource Groups

  • Organize resources by lifecycle; resources within a Resource Group are often provisioned and decommissioned together.
  • Tagging for metadata management, filtering, and billing insight.
  • Tags do not inherit by default; policy can enforce tag inheritance if needed.

Virtual Networks (VNet)

Basics of VNet

  • Lives within a specific subscription and region.
  • Defined by one or more IPv4 and optional IPv6 CIDR ranges.
  • Subnets within VNet lose five IP addresses to standard networking functions.
  • Private IP allocation using DHCP.

Public IP

  • Public IPs associated with resources for internet access; migration to using standard public IPs is recommended.
  • Public IPs have standard and basic skus; standard is to be preferred for consistent static allocation.

VNet Peering

  • VNets within the same or different regions can be connected for resource communication.