Even though I took the Azure Fundamentals exam a long time ago, I think it is always helpful and important to repeat the Azure basics. Believe or not, a lot of (IT) folks still have to learn the foundations and hopefully this summary is helpful for some of you.
If you are looking for the full AZ-104 study guide: https://www.cloud13.ch/2023/10/31/az-104-study-guide-microsoft-azure-administrator/
Microsoft has datacenter around the world. If you go to https://datacenters.microsoft.com/globe/explore one can see and explore Azure’s global infrastructure. This means that the Azure cloud consists of hundreds of unique physical buildings all over the globe to provide compute, storage, networking, and many other services.
A specific set of datacenters deployed within a latency-defined perimeter is called a region. Each region comes with a different pricing and service availability.
Azure services deployed to Azure regions are list here: https://azure.microsoft.com/en-us/explore/global-infrastructure/products-by-region/?products=all
Paired and Unpaired Regions
Many regions also have a paired region. Paired regions support certain types of multi-region deployment approaches. Some newer regions have multiple availability zones and don’t have a paired region. You can still deploy multi-region solutions into these regions, but the approaches you use might be different.
Regions without a pair will not have geo-redundant storage (GRS). Such regions follow data residency guidelines to allow for the option to keep data resident within the same region. Customers are responsible for data resiliency based on their Recovery Point Objective or Recovery Time Objective (RTO/RPO) needs and may move, copy, or access their data from any location globally. In the rare event that an entire Azure region is unavailable, customers will need to plan for their Cross Region Disaster Recovery.
The table below lists Azure regions without a region pair:
|Austria||Austria East (Coming soon)|
|Spain||Spain Central (Coming soon)|
Each region has multiple availability zones (AZ) which allow customers to distribute their infrastructure and workloads/applications across different datacenters for resiliency and high availability (=reliability) purposes.
Note: If you know which apps do not need 100% high availability during certain periods of time, you can optimize costs during those non-critical periods.
Zonal and Zone-redundant Services
There are two ways that Azure services use availability zones:
Zonal resources are pinned to a specific availability zone. You can combine multiple zonal deployments across different zones to meet high reliability requirements. You’re responsible for managing data replication and distributing requests across zones. If an outage occurs in a single availability zone, you’re responsible for failover to another availability zone.
Zone-redundant resources are spread across multiple availability zones. Microsoft manages spreading requests across zones and the replication of data across zones. If an outage occurs in a single availability zone, Microsoft manages failover automatically.
Azure services support one or both of these approaches. Platform as a service (PaaS) services typically support zone-redundant deployments. Infrastructure as a service (IaaS) services typically support zonal deployments.
Azure Edge Zones
These small-footprint extensions of Azure are place in population centers that are far from Azure regions.
Azure public MEC integrates Azure Compute and edge-optimized Azure services with the mobile operator’s public 5G network connectivity. Use the solution to rapidly develop and deliver a broad array of low-latency applications and solve critical business problems at the operator edge.
SLA on Azure
Microsoft commits to defined uptime numbers for different services:
99.99% compute availability monthly. Zone-redundant Azure VMs
99.99% identity availability monthly. Azure Active Directory authentications
99.995% database availability monthly. Zone-redundant Azure SQL deployments
99.99999999999999% object durability annually. Objects in an Azure geo-zone-redundant storage account
100% Azure DNS availability monthly. All valid Azure DNS requests guaranteed to receive a response
More information can be found here: https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1
Subscriptions, Licenses, Accounts and more
To keep it simple, I’ll copy the information from here: https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide
An organization represents a business entity that is using Microsoft cloud offerings, typically identified by one or more public Domain Name System (DNS) domain names, such as contoso.com. The organization is a container for subscriptions.
A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption.
- Microsoft’s Software as a Service (SaaS)-based cloud offerings (Microsoft 365 and Dynamics 365) charge per-user license fees.
- Microsoft’s Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud offerings (Azure) charge based on cloud resource consumption.
User accounts for all of Microsoft’s cloud offerings are stored in a Microsoft Entra tenant, which contains user accounts and groups. A Microsoft Entra tenant can be synchronized with your existing Active Directory Domain Services (AD DS) accounts using Microsoft Entra Connect, a Windows server-based service. This is known as directory synchronization.
Summary of the Hierarchy
Here is a quick recap:
An organization can have multiple subscriptions
A subscription can have multiple licenses
Licenses can be assigned to individual user accounts
User accounts are stored in a Microsoft Entra tenant
What is Microsoft Entra ID?
Microsoft Entra ID, formerly known as Azure Active Directory (AAD), is a cloud-based identity and access management service that enables your employees access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.
Microsoft has renamed Azure Active Directory (Azure AD) to Microsoft Entra ID for the following reasons: (1) to communicate the multicloud, multiplatform functionality of the products, (2) to alleviate confusion with Windows Server Active Directory, and (3) to unify the Microsoft Entra product family.
Microsoft Entra ID is the new name for Azure AD. The names Azure Active Directory, Azure AD, and AAD are replaced with Microsoft Entra ID.
- Microsoft Entra is the name for the product family of identity and network access solutions.
- Microsoft Entra ID is one of the products within that family.
- Acronym usage is not encouraged, but if you must replace AAD with an acronym due to space limitations, use ME-ID.
Microsoft Entra ID also helps them access internal resources like apps on your corporate intranet, and any cloud apps developed for your own organization.
To learn the differences between Active Directory and Microsoft Entra ID, see Compare Active Directory to Microsoft Entra ID.
What are the Microsoft Entra ID licenses?
Microsoft Online business services, such as Microsoft 365 or Microsoft Azure, use Microsoft Entra ID for sign-in activities and to help protect your identities. If you subscribe to any Microsoft Online business service, you automatically get access to Microsoft Entra ID Free.