Microsoft Azure Fundamentals Step By Step

This document provides information and guidance on how to develop integrated and formative assessments for
Microsoft Azure Fundamentals.

Focus on basic modules, help you understand what you need to do and calculate the cost of deploying the necessary infrastructure.

Modules include
Module 2: Describe core Azure Services
Module 3: Describe core solutions and management tools on Azure
Module 4: Describe general security and network security features
Module 5: Describe identity, governance, privacy, and compliance features
Module 6: Describe Azure cost management and service level agreements

Before doing the lab, please follow the naming convention below

Resource GroupVM NameUsernamePasswordStorage AccountPolicy NameVirtual network
rghybrid0xvmhybrid0xhybrid0x!@34QWerASdf sahybrid0xazphybrid0xvnethybrid0x

Module 2: Describe core Azure Services

  1. Create a virtual machine in Azure

Azure virtual machines (VMs) can be created through the Azure portal. This method provides a browser-based user interface to create VMs and their associated resources.

In this walkthrough, we will create a virtual machine in the Azure portal, connect to the virtual machine, Connect RDP and test.

Note: Take time during this walk-through to click and read the Informational icons.

Task 1: Create a virtual machine in Azure

In this lab, we will configure to backup an On-Premise Server using Azure Backup service via Windows Admin Center. Firstly, we will create a Resource Group to hold all the resources that we create later in this lab.

1.1 Sign-in to the Azure portal: Azure portal with user and password:

– User: xxx@myianlabs.onmicrosoft.com – Password: <password that you are provided>

1.2 From the All services blade in the Portal Menu, search for and select Resource group,

1.2 Click Create

1.4 In Create a resource group, enter information like below:

– Resource Group: rghybrid01

– Choose Region: (Asia Pacific) Southeast Asia

Then click Review + create

1.5 Click Create

1.6 Click Go to resource group to review the Resource group that you have just created.

1.7 We can see the Resourcegroup that we have just created

Now we create a Virtual machine and store it into the resource group above.

1.8 From the All services blade in the Portal Menu, search for and select Virtual machines,

1.10 In Create a virtual machine, on Basics tab. Leave the Subscription as default and select rghybrid01 (or follow step 1.1 to 1.8 above to create a new resource group)

1.12 In Instance detail, enter and select the below information:

Virtual machine name:vmhybrid01
Region:(Asia Pacific) Southeast Asia
Image:“Windows Server 2019 Datacentre – Gen2”
Size:Standard_D2s_v3 – 2 vpcus, 8GB memory

1.12 Under Administrator account, enter

Username: hybrid01

Password: !@34QWerASdf

1.13 In the Public inbound ports select “Allow selected ports” And leave the “Select inbound port “as default RDP (3389)

1.14 Under Licensing >>

– Check “Would you like to use an existing Windows Server license?”

– and check “I confirm I have an eligible Windows Server license with software Assurance…” and

– Click Next: Disk >

1.15 In Disks tab,under Disk options change the OS disk type as “Standard HDD (local-redundant storage) and click “Next: Networking >”

1.16 In Networking tab, leave all value as default >> click “Next: Management >

Note: you can create a new virtual network if needed by click “Create new”. But in this lab, we will use the default virtual network generated by system

1.17 In Management tab, leave all value as default >> click “Next: Advanced>

1.18 In Advanced tab, leave all value as default >> Click “Next: Tags >”

1.19 In Tags tab, leave it as default and click “Review + Create

1.20 At “Review + create”, review all the settings and Click Create

1.21 Wait for the Virtual machine created and click “Go to resource

1.22 Now you can see the Virtual machine that you have just created

Task 2: Connect to the virtual machine

2.1 From the All services blade in the Portal Menu, search for and select Virtual machines

2.2 Click on Virtual machinesthat we have justcreated (vmhybrid01)

2.3 In Virtual machines, click Connect and select RDP

2.4 Click Download RDP File and open file myhybrid01.rdp

2.5 Click Connect

2.6 Enter username and password that you created inTask1 – Step 1.12

2.7 Click Yes

2.8 Now you are connected to virtual machine directly.

Module 3: Describe core solutions and management tools on Azure

1.Implement Azure Functions

Azure Functions is a cloud service available on-demand that provides all the continually updated infrastructure and resources needed to run your applications. You focus on the pieces of code that matter most to you, and Functions handles the rest. Functions provides serverless compute for Azure

Task 3 Implement Azure Functions

3.1 In the Search bar at the top of the portal, search for and select Function App

3.2 Click Create

3.3 Select Resource Group: rghybrid01

3.4 Enter the function App name: fnchybrid01. And select the follow options: 

PublishCode
Runtime stack.Net
Version3.1
VersionEast Asia

3.5 In Hosting tab,leave all the Hosting options as default and click “Next: Networking >”

3.6 In Networking tab,leave all the Networking options as default and click “Next: Monitoring >”

3.7 In Monitoring tab,leave all the Monitoring options as default and click “Next: Tag >”

3.8 In Tag tab,leave all the Tag as default and click “Next: Review + create >”

3.9 Click create

3.10 Click “Go to resource”

3.11 Click Browse orcopythe URL and paste into the browser.

3.12 Now you can easily create a Function Application.

Module 4: Describe general security and network security features

1. Secure network traffic

After completing this module, you’ll be able to:

  • Configure network security groups to filter network traffic to and from Azure resources within a Microsoft Azure virtual network.

Task 4: Review outbound and configure network security group

In this lab, you will be preventing internet access from inside the Virtual machine by creating an Outbound policy to block Internet access. The virtual machine can still access from the external via remote desktop.

4.1 From the All services blade, select Virtual machines

4.1 In virtual machine list, select Virtualmachines vmhybrid01 that you have just created at Moudule1 – Task22

4.3 In the Virtual machine Page, under Settings >> Click Networking

4.4 Under Inbound port rules >> Click vmhybrid01-nsg

4.5

From here you can see all the settings for Network security group.

Under Settings, you can select the “Inbound security rules” and “Outbound security rules

In the right-panel, you can see the detail rules for inbound and outbound.

4.6 Under Settings >> click Inbound Security Rules

Currently the RDP port 3389 is existed. This is the result of what we have done at Module 2-Task1.13

Now we are going to create an outbound rule to block access internet from inside the virtual machine.

4.7 From the left menu, under Settings of Network Security Group, select Outbound security rules

4.8 Click Add

4.9 Under “Add outbound security rule”, select the below information:

SourceAny
Source port ranges*
DestinationService Tag
Destination service tagInternet
ServiceCustom
Destination port rages*
ProtocolAny
ActionDeny
Priority310
NameDeny-Access-Internet

4.10 In the console, wait for a few second and click Refresh to see the new rule called Deny-Access-Internet

4.11 Follow the step from Module 2, Task2, Step 2.1 to 2.8 to connect to the Virtual machine again

Open Internet Explorer and connect to Microsoft.com. You now cannot access to internet anymore.

Module 5: Describe identity, governance, privacy, and compliance features

  1. Resource Group manager

As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.

You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.

  • CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
  • ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

Task 5: Add a Lock to the resource group and test deletion

In this lab, we are going to create a lock to protect the resource from accidental deletion. 

5.1 From the All services blade, search for and select. Resource Group

Note: you can search for “Resource group” and select from there.

5.2 Click Resource group rghybrid01

5.3 In Resource group, under Settings >> click Locks

5.4 From the console (on the right) click Add

5.5 Under Add lock enter the below value/settings:

Lock namergLock
Lock typeDelete

Note: you can change the lock type to Read-only if you want.

5.6 Now our Resource group is protected to be deleted

Task 6: Test by deleting a resource in the resource group

In the lab, we will test the resource lock by deleting the resource group to see what will happen. 

6.1 In the Azure portal, click to select Resource group 

6.2 Click rghybrid01

6.3 In Overview page, click Delete Resource group

6.4 In “Are you sure…” enter resource group name: rghybrid01 >> click Delete

6.5 A pop-up on the right-conner will show that the rghybrid01 is locked and can’t be deleted

So you can’t delete a resource group when it was locked.

Note: You can test the same for all resources inside this resource group. All resources are protected to prevent deleted.

6.6 In the Resource group rghybrid01, under the Resources >> select vmhybrid01

6.7 Click Delete

6.8 In Delete Resources type “yes” and then click Delete

6.9 There will be a error pop up in the right-conner said that “Please remove the lock and try again

So, once you enable the Locks, you cannnot delete the resource group or any resource in the resource group.

Task 7: Remove the resource lock

To remove the locks for the resource group, please follow the step below:

7.1 In the Azure portal, navigate to the resource group

7.2 Click resource group created

7.3 In table Resource group, Click Locks

7.4 Click Delete

2. Create an Azure Policy

Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. These business rules, described in JSON format, are known as policy definitions. To simplify management, several business rules can be grouped together to form a policy initiative (sometimes called a policySet).

Task 8: Create a Policy assignment

In this lab, we are using Azure Policy to limit the location where users can deploy a new resource.

8.1 From the All services blade, search for and select Policy

8.2 In the Policy page > under Authoring >> Click Assignments

8.3 Under Policy |Assignments >> Click Assign policy

8.4 In the Assign policy, under Scope

8.5 In Scope select the Resource Group that you created in Module 2 – Task 1, step 1.5 (in my lab it’s rghybrid01)

8.6 Under the Basics

8.7 In the Available Definitions, Search for “Allowed Locations’  

And then select “Allowed locations” from the search result >> click Select

8.8 Review

8.9 In the Assign Policy >> Click Parameters

8.10 In the Parameters, select Allowed locations and then search for “Southeast Asia” >> click to select “Southeast Asia”   >> click Review + create

8.10 Click Create

8.12 In Policy console we can see

Task 9: Test Allowed location policy

Now we are going to test the policy be creating a storage account in different location. The policy will prevent us to create this new resource if we select any location but “Southeast Asia”.

9.1 In the Azure Portal, from the All services blade, search for and select Storage accounts

9.2 Click Create

9.3 Under the Create a storage account > Basic tab

> under Instance details > select Region:  if you select any region but (Asia Pacific) Southeast Asia then it will show the red error “Policy validation error. See detail below

9.4 If you select (Asia Pacific) Southeast Asia, then the error will be removed and you can create a new storage account

So, in this lab, we apply Azure Policy to prevent user to create a resource out of the location that we want

Module 6: Describe Azure cost management and service level agreements

1. Pricing calculator

Azure Pricing Calculator is a tool you can use to gain real-time cost estimates for your services. You can customize these estimates with personal configurations for greater accuracy, and can access and modify the estimates through a central dashboard

Task 10: Pricing calculator

In this lab, we are going to use Pricing calculator to estimate the cost for the resources that we plan to deploy in Azure.   

10.1 In a browser, navigate to the Azure Pricing Calculator webpagehttps://azure.microsoft.com/en-us/pricing/calculator/

10.2 In the Products page > click Virtual Machines > click View

10.3 Select the below information that match with your plan:

RegionSoutheast Asia
Operating systemWindows
TypeOS Only
TierStandard
CategoryALL
Instance SeriesALL
InstanceDefault
Virtual machines10
HoursDefault

Note: depend on your selection, the Monthly cost will change accordingly.

10.4 Under Support: leave as default and

Click Export if you want to download an excel file.

Click Save if you want to keep this calculator in your account so that you can use it later

Click Share if you want to share the calculator report for other Click Purchase options to purchase directly from Microsoft or from Azure partner.  

Task 11: Review the pricing estimate

In this task, I select Export to excel file and view the report from there.

11.1 Click Export

11.2 Save and open file

11.3 Review tab calculator

2. Use the Total Cost Ownership (TOC) Calculator

12.1 In a browser, navigate to the Total Cost of Ownership (TCO) Calculator page

12.2 To add details of your on-premises server infrastructure, click + Add server workload

12.3 Fill name server

12.4 Workload, select type

12.5 Environment, select type

12.6 OS, select type

12.7 OS license, select type

12.8 Select number of Server

12.9 Select Ram and Core(s)

12.10 Review

12.11 Leave the Database as default

12.12 In tab Storage, click Add storage

12.13 Select type: Storage type, Disk type, Capacity, Backup, Archive

12.14 In the Networking pane, add bandwidth >> Click Next

12.15 Click Review all the assumptions and click Next

12.16 Review the Azure cost saving recommendations and visualization

12.17 To save or print a PDF copy of the report, click Download

12.18 We can have a comparation between on-premises cost and Azure cost