Chapter 11: Protecting the Azure Environment

Problems happen, so it makes sense to ensure your Azure environment is protected and is recoverable. It’s a shared responsibility, Microsoft provides the tools, but you need to implement processes to take care of Disaster Recovery (DR), protect storage accounts, VMs, App Services, Azure SQL Databases etc.

There’s a look at the core security features in Azure. This covers Microsoft Defender, which gives a centralised dashboard covering your Azure environment, with scores for security, regulatory compliance etc. Microsoft provides solutions to identified problems, often as simple as running supplied code or clicking the buttons provided. 

There’s a helpful look at alerts, which can often highlight problems before they become critical. There’s a walkthrough on how to create a Key Vault for storing keys, credentials etc. Useful walkthroughs are provided on backing up and restoring storage blobs.

Next, details are provided on protecting VMs, including using Azure Recovery Service. Walkthroughs are provided on backing up and restoring VMs.

The chapter ends with a look at protecting your databases. Core to this are backups (Full, Differential, and transaction logs). You can configure the backup retention policy. Details are given on how to restore both a SQL database, and a Cosmos database.

Overall, a useful chapter with helpful walkthroughs. With a useful reminder that Microsoft will supply the tools, but you must implement your protection policies.

Chapter 12: Managing Identity and Access with Azure Active Directory

Authentication (who you are) and authorization (what you can do) are fundamental to the working of IT systems. Azure Active Directory (AAD) allows the authentication of users, and this can be synchronization with on-premise AD. The chapter provides walkthroughs on how to create an AAD group, and an AAD user. Typically, users are assigned to groups, and groups are assigned access permissions.

Details are given on configuring Role-Based Access Control (RBAC), this authorization model shows what resources users or groups can access. Various useful walkthroughs are provided on implementing built-in RBAC, AAD roles, and adding an account to an AAD role. 

The chapter ends with a look at using Multi-factor authentication (MFA), in which after entering your logon details, you provide another means of identification (e.g. email, phone number). There’s a walkthrough on setting up MFA.

This was a useful chapter, giving plenty of access/security-based walkthroughs for you to follow along with.

Chapter 13: Implementing Azure Governance

Managing resources can be difficult, especially in the dynamic environment that Azure provides. For example, it is very easy to scale up a VM from 2 CPUs to 20 CPUs, with a concomitant increase in performance, and price! Various mechanisms exist to monitor and control your resources.

Tags allow name/value pairs to be added to a resource (e.g. ENVT: DEV). These can be used for auditing and accounting, allowing costs to be split between business departments. Walkthroughs are provided on applying tags to resource groups and resources. Examples are provided on adding tags via the Azure Portal and programmatically (e.g. Azure PowerShell). Useful tag reports can be created.

Next, there’s a look at Azure Policy, this provides rules for company policy. For example, it can prevent a VM being deployed to an unauthorised region. The section continues with a look at the lifecycle of a policy.

The chapter ends with a look at Azure Advisor. This tool provides excellent advice on: cost, security, reliability, operational excellence, and performance. Details of any underlying problems are given, often with their solution (this can be as easy an clicking on a button to fix the problem).

This chapter provided a useful look at some Azure tools and methods that can help you record what resources are being used, together with helpful means of control. Azure Advisor is VERY useful and should be inspected regularly.

Chapter 14: Discovering DevOps in Microsoft Azure

Like everyone else, Microsoft has moved into the DevOps area. DevOps methods are used to plan, build, test, and deploy Azure solutions. 

There’s a look at some of the Azure DevOps tools by function: planning (e.g. Azure Board), development (github), deployment (Azure pipelines), operations (Azure Monitor). Github is examined further as a means of collaborating between members of a distributed teams. Azure DevOps and Github are very similar, with the former having the advantage of being integrated into the Azure.

The chapter ends with a brief walkthrough of the Azure DevTest Labs, which aim to automate the entire software lifecycle.

This chapter takes a holistic view of the use of DevOps within the software lifecycle, together with an overview of the various DevOps tools used.

Chapter 15: Monitoring Your Azure Environment

Monitoring your environment allows you to create baselines, manage usage costs, and troubleshoot and fix issues. 

The chapter opens with a look at Azure Monitor, a free tool that collects and logs metrics. The Azure Monitor Activity Log can be used to view recent changes (e.g. database resize), and filters can be applied to limit the output. The author recommends VM boot diagnostics are enabled, to help diagnose VM problems.

Next, there’s a look at Azure Log Analytics, this can aggregate your logs into a Log Analytics Workspace, and Kusto queries (KQL) can be run against the logs. There’s a useful walkthrough of creating a log workspace, together with an overview of KQL.

There’s a look at monitoring and tweaking your Azure spending. I do wonder why this wasn’t included in a previous chapter that looked at costs. Small cost can add up, especially in a dynamic Azure environment. Some Cost management & Billing tools are examined, including the Cost Analysis tool (where you can view past, current, and future costs by resource). There’s a helpful walkthrough on setting up a cost alert for a given budget.

The chapter ends with a look at Azure Advisor (also discussed in a previous chapter), with its advice on cost related matters.

This is an important chapter. Problems happen, so knowing where to go and what tools might assist you can be invaluable. There are good walkthroughs on the main Azure monitoring tools, usage of Azure Log Analytics, and Azure Advisor is great tool to identifying and giving instructions/hints on how to fix problems. It would be nice to have more detail on Application Insights, another very useful tool.