AZ-900 Course for 2020 - NOV 2020 Updates

6. Describe identity, governance, privacy, and compliance features (20- 25%)

So we're into the fifth section of the exam now that says to describe identity,governance, privacy, and compliance features. And that is worth 20% to 25% of the exam. This was split up from the security in the last video. On screen is a screenshot of the requirements, specifically from the exam changes document. So let's talk about the changes that relate to identity services. Once again, I'm not covering the stuff that was in the course already. One thing that has been added to this exam has been the concept of conditional access. So what is conditional access? Well, it's actually a feature of Azure Active Directory. And maybe it's better to explain it by showing some examples of different types of access. So example number one is that you've got a user who is attempting to log into your application from their desk, from within the company's office, and they did it yesterday and they'll do it again tomorrow. And so it's just a routine thing for them.

That's a type of access. Another type of access is that this user has not logged into this application for months. And it's the first time in four months or more that you've seen them. That's kind of a different type of access than the previous case. Another type of access is that the person is an administrator. They have super user privileges; they have the right to create users, change passwords, and they're trying to use the application from their phone. And they're not connected to the company's network, they're connected to their cellular network. And maybe another administrator is trying to log into the app, but they're not even in the same country or the same continent as your office. And so they're trying to login to the app from overseas. Now, all four of those are slightly different, and your application can actually treat them differently. So you can say the person who logs into the app from their office desk every day shouldn't make it difficult for them to login because it's routine and it's normal. But in the last case, where the administrative user is attempting to log in from overseas, it's unusual, it's not normal. And maybe you want to give some additional scrutiny to that. Maybe you want to make them prove who they are with an additional extra step.

Maybe you want to deny them access. So if you're trying to log in as an administrator from one mile from the office, that's denied. And so this is called conditional access. And so you have a number of signals: who they are, what rights they have, their physical location, what device they're using. And then you have these decisions where you can allow them access or you can allow them limited access. So maybe that administrator logs in as a regular user, they don't get the administrative functions, or you basically block access. Or you use multi-factor authentication to double check who they are. And then the enforcement is basically the assets that you're protecting. Kind of related to conditional access is the concept of multifactor authentication. Now, this was part of the course, but I'm kind of revising how I describe it. So, multifactor authentication is when you require two or more pieces of evidence in order to allow somebody to pass. And those pieces of evidence are known as "factors." And that's why it's multifactor authentication, two or more.

Now, in general, in security, we say that there are three factors. There is something that you know, something that's in your mind, something that's in your memory that can be written down on a piece of paper, that can be copied, put into an email. That is something, you know,there's something you have. In modern areas, this is typically a mobile phone, but it could also be a small dongle with a changing code, a USB stick, or something physical. And there's something about who you are. This could be your iris, your fingerprint. These things can't be changed. So we have to be very careful about relying on something that you are, because, again, you can't change your fingerprint, but you can change your password. So, those are the three factors generally. And so you want two unique pieces of evidence in order to call it multi factor.So that's the password, along with access to their email account and access to an application running on their phone.

So their password is considered one piece of evidence, but then you want to send me, text them a code. So you SMS them a code, which expires in five minutes. And that's the second piece of evidence. Hopefully, we've all seen these applications as we go online these days that are starting to require us to get the code from our email or get the code from our phone. There's even a Google Authenticator app, a Microsoft Hasan Authenticator app, things like that. So that's the second factor in multifactor authentication. If you require two or more pieces of evidence, that is almost exponentially more difficult for a hacker to break. So they can hack your password, but do they have access to your SMS messages? If they do, well, they've really owned their life, but it's also really, really hard. The next concept is single sign on, or SSO. So single sign on is this concept where you've got a user ID and password for your, let's say, Windows desktop, for your office computer.

And you use the same user ID and password on multiple applications, so you're not having to remember different IDs and different passwords. This also means when you update your password in one location, it's updated in all as well.Azure Active Directory does support synchronising, synchronising with your on-premises corporate Active Directory. And so the active directory is the source. It's the master source for your credentials, and it will copy those credentials to other places in the Azure ad. It's a very convenient benefit that you can use your work account for Dropbox for other applications. We didn't talk about resource tags. As a result, resource tags are the ability to add metadata to resources. So when you're doing a deployment, you can force certain data to be deployed alongside the resources. This is good for billing issues. Your accounting and finance departments would like this. It's good for support. Your operations team can look at the resource tags and see who needs to be notified.

Let's say they need to reboot a virtual machine, but we don't know who's going to be affected by that. Well, you could have a resource tag that says these are the people that need to be notified in advance. The other section of the requirements for privacy and compliance is governance. So one thing that's recently been added, has been around for a while, is this Cloud Adoption Framework. I believe it was deployed or published in 2016 or 2017, but now I'm seeing blog posts about it. I think Microsoft is putting a new focus on the Cloud Adoption Framework and it's been added as a requirement for this exam. So I'm not going to read all the documents and then split them back to you. I'm going to direct you to the Microsoft Cloud Adoption Framework website. It's definitely, if you're thinking about moving to the cloud, it is a collection of documentation, guidance, bestpractices, and some assessment tools that allow you to accelerate your adoption journey to the cloud. Pretty clear. So you can read up on it, what you need to know, what you should get in advance, how you should gather this information, and basically step-by-stepguides for preparing yourself to move to the cloud.

There are best practises in there, how to succeed. I took this diagram from Microsoft's website where it basically says it starts with defining a strategy. So understand why you want to move to the cloud, what you're expecting, what's the business use case? The business case has to be put together. Then you make a plan. So you start to get organisational alignment. You upskill, so you make sure everyone's trained properly. You put together the cloud adoption plan. At some point, you're ready to move to the cloud. And again, you may want to go through the assessment, get the best practices, figure out what your first project is to get to the cloud. You don't move your entire organisation to the cloud overnight. You do it one step at a time. And then there's the adoption phase, where you do the migration. Maybe you start to improve your processes,recode some of your things, use some of the services Microsoft makes available. Underlying most of that is a governance model, a methodology, benchmarking, and management, of course.

So go to the Cloud Adoption Framework website and you can see there it's a very complete site talking about what your situation is like. On this website, you're going to fall under one of these sorts of scenarios. Maybe you understand the concepts or you are trying to find brand new products. You're not migrating anything, or you are migrating something. The Kardadosh framework is sort of the how to start section of Azure. Now, my expectation is that for this exam, you don't need to have read through this and understand every page, but you need to know that it exists and what types of problems it's trying to solve. The next section of this is the privacy and compliance section. One of the things that's been added to this is the core tenants. This is another thing that's been around for a few years but just got added to the exam this month, obviously.

So Azure has this concept called the trustedCloud, and that's made up of security, privacy,compliance, resiliency, and protection of intellectual property. Obviously, the requirements say the tenants of security, privacy, and compliance, which are only the first three elements of the trusted cloud. So security. So, Azure itself is built with security in mind. There's never been a major hack of Azure that I'm aware of. There is sometimes where it goes down and needs to be self-inflicted, if you will. However, Azureself is quite secure, and their job is to provide us as clients with the tools we need to protect our own applications and data. So they protect their own foundation and anything we build. On top of that, they give us enough tools and guidance to protect ourselves. Another foundation of security is encryption. And now encryption is basically turned on at almost every level that I can think of. Virtual machines are encrypted by default.

All your database stuff is encrypted at rest. You can enable it and it is by default. I believe encryption in transit is the preferred method. So they give you all these tools and they also give you ways of protecting yourself. We just talked about Sentinel and the security center. These are tools that they're adding and adding for us to build a more secure platform for ourselves. The second tenet of Azure is privacy. So Microsoft says straight out, "Of course you own all your data in Azure." Azure will never peek at your data for any purpose. They're not going to use it for marketing; they're not going to advertise to you based on your data. You control where the data is, which country or geography it's stored in, and who has access to it. And you'll always be able to access your own data. That also makes sense as well, anytime, any reason. The third concept is compliance. So compliance encompasses all standards. I mean, Microsoft is compliant with over 90 international standards based on various things like ISO and things like that. And there are also country-specific standards. So the European Union, the United States, Canada, and all these countries in the world have their own data protection standards. And Microsoft follows more than 50 of them.

And there are even industry standards. So healthcare has a data protection standard. The government does. There are financial standards. And so Microsoft's in compliance with even those standards. The last two sections of this core are not mentioned in the exam. But we talked about this in the beginning section about high availability, disaster recovery, and back up. So, in the event of a disaster, Azure will work to recover as quickly as possible, recover themselves, and provide you with the tools to do the same. The final tenant of this is protecting international property. And what they're talking about is that if you build your solution on top of Azure's services, they protect you against frivolous lawsuits. So let's give the theoretical example that it turns out that Cosmos DB is infringing somebody's patent or trademark. Well, the person could come after you and say you're building on top of Cosmos DB, and I want a million dollars.

But Microsoft has their own IP advantage and a shared innovation initiative, and they will protect you against these types of lawsuits. And so, anything you build on top of AzureServices will not cause you to get sued because you're using potentially someone else's IP. Not that that could happen. I know this is a long video,but we're almost at the end here. A couple of new things were added to the requirements called online service terms. Honestly, I don't know why they added this to the requirements. You can see here that it is just the terms and conditions for use. As a result, in order to use their website, they must all agree to these terms. Again, I'm going to point you to them. I'm not going to read it and summarise it for you. I'm not a lawyer either, but this exists and it's a requirement of the exam. Another thing that was added to this exam is the Data Protection Addendum, which the exam requirements call the Data Protection Amendment for some reason.

But it's an addendum. And again, this is another term and condition. So they're basically talking about how they handle personal data, GDPR, data security, incident notification, and data retention. Everything around Azure's retention of data is located inside this document. It's kind of hard to find. I really had to poke around for it. But again, I can't imagine what Microsoft is going to test you about this. Just know that it exists. If there is a document that specifies exactly how Microsoft handles data in all these different cases, including HIPAA and the California Consumer PrivacyCopa, and the document exists, That's all you need to know. I suppose. Anyways, actually, that is, oh, that's the end of this section. So we are at the end of five sections. There's only one more section to go.

7. Describe Azure cost management and Service Level Agreements (10- 15%)

All right, so the last section of the course, section six, says to describe Azure cost management and service level agreements and is worth ten to fifteen percent of the exam. A reminder, this is the September 2020 update, and I'm only covering what's changed. The previous course that you've just watched does contain most of these topics, but in fact,for the service level agreements and it's coverage, there are only a couple of additional topics that we need to cover for the latest updates. So when it comes to planning and managing costs,we should talk about what's called spot pricing. So about a year ago, or a year and a bit, Microsoft introduced the ability to reserve a virtual machine for a discounted price for those machines that are not being used. Assume Microsoft has a large data centre with a million machines, a number of virtual machines that run on top of those machines, and not all of those machines are always in use.

They must have 90% plus utilization, I would imagine, but it's not 100. And so they're willing to let you use that virtual machine or a few virtual machines as long as someone else isn't requesting it. So as soon as somebody comes along willing to pay the posted price, they're going to tell your virtual machine, "Alright, time to go." We've got a paying customer coming along. So this reminds me a lot of what we see in other places, like these last minute travel websites. So you can book a trip to Mexico or pick an exotic destination for this coming weekend for a really cheap price because the plane is not full, the hotel is not full, and they need those things to be full in order to make a profit. So you can't book it on that website a month from now, but you can book it for this weekend and get a good deal. And that's the same thing as an azure spot. VM Also, you could go to a Broadway show and line up before the show. You can line up a couple of hours before the show starts,and if they have any tickets that are not sold by that time, they will give them to you at a great price as well. But there's always the chance you don't get a ticket. So if you're not first in line, then there are no tickets available. You have to go home or go somewhere else. You didn't get to see the show. So our spot VM is effectively that.

NEW AZ-900 Course for 2021 - Benefits of Cloud Computing

1. Benefits of Cloud Computing

The topic of the exam, which says, "Describe cloud concepts," is worth 20% to 25% of the exam score. So this is one of the larger exam requirements and we're going to get quite detailed on this so we can see on screen a screen capture of the requirements. You can find this on the Microsoft AZNine website if you download the Cloud SkillsPDF as I showed you previously. And we can see that there are three main subcategories. One is the benefits and considerations of using cloud services. The other is differences between categories of cloud services, and the last one is differences between types of cloud computing. So in this section of the course, we're going to go through these sections one by one and we're going to explain all of these concepts and hopefully turn all of these buzzwords into real things. So the first thing we're going to talk about is the benefits of cloud computing. Now you may have heard a lot of people talking about cloud computing and making it seem like it's a no-brainer that they move to the cloud. But we really do need to dive in and understand what is the benefit of moving to the cloud compared with having the servers in your own environment or even if you're working with a hosting partnerand your applications are hosted outside?

What is the difference between that and working with a cloud vendor such as Microsoft? Now there are many and, let's be honest, every person's situation and every company's situation is going to be different. And so, what might be important to you is not going to be important to the next person. But we're going to go through these benefits as I list them out, and I'll highlight the ones that I think a lot of people do find important. And again, it's going to be completely on. Your situation is going to be different than everyone else's. So the benefits in general can be tremendous cost savings, both in real dollars per month as well as for the accountants who are changing the way that they're accounting for your expenses. There's the agility that comes with being able to respond to the marketplace, to your competitors,to new products, and to customer demand.

There is an increased chance for availability. So if you do need to reboot the server for an upgrade or you have a local storm or something that's going to knock out the power in the cloud,a lot of these things get mitigated or can be mitigated. If you design them into your application design,you have the possibility of increased security. There's also the ability for you to deploy your applications around the world in countries where you don't even have offices but you have potential customers. And so you can deploy your applications into 610 or more regions of the world and it's just a click of the button for you, which is amazing. There's also, like I said,a range of services available. Not just virtual machines, not just Windows and Linux machines, but everything from AI and machinelearning to various types of databases, analytics services,big data, lots of things to choose from. You're not going to be able to get that easily from your partners unless you go and install software yourself, and then you have to manage it, etc. The final benefit will be the various types of tools you have to manage your environment. A lot of people really like working in the cloud environment in terms of monitoring servers, security tools, all of these sorts of things that are now dashboarded. It becomes very easy to work with a large range of servers and maybe even easier than the traditional virtualised environment on Prem.

2. Cost Benefits and Scaling

So let's get into detail on some of these benefits. Now the first one I mentioned was cost savings. The cost savings are going to be highly dependent on a number of factors. But if you were to compare the cost of running a server on premises, we're going to use the term "on premises" to refer to whether the server is running in a secure, environmentally controlled location in your own office or whether you're outsourcing that to a hosting environment. So if you're going to compare running a server in that environment to running it within Azure, there is going to generally be a cost savings. Now this isn't universally true at every end of the spectrum, but in general, Microsoft is going to be able to run a server much cheaper than you can. So they go out and procure servers at the cheapest possible price. In fact, they've designed their own hardware and then they go and put it in a location with really cheap electricity where cooling becomes a lot more expensive.

They have rates for the internet access that they have and, in general, they can buy, build, and maintain a server on a per-hour basis much cheaper than you can. And even though they have to mark up the prices to make a profit, they're still charging less than you might pay wholesale for this. So I would encourage you to use the pricingcalculator, the total cost of ownership type calculator. But the cost savings are real. So we talked about economies of scale. The fact that Microsoft is buying millions of these things. They can negotiate the best prices. They have employees, for instance, whose job it is to maintain these servers, and these people are maintaining tens of thousands of servers, or 1000 servers per person. So, while that may be an exaggeration, they are running servers at a scale that allows them to realise tremendous savings. If you look at the pricing for a server, you can get a four-core virtual machine for less than $200 a month.

So, if you ran the numbers on a four-server machine in your own environment, the pricing is quite competitive. The other types of cost savings, of course, when we're talking about agility, which we will do in a second, is that you can actually take steps to reduce your costs. So in the cloud, you can actually turn services off when you're not using them. You can scale down. You don't have to over provision resources like you do in your own environment because you know that you can grow into resources at a moment's notice. You don't have to purchase twice as many harddisks as you need because you know that if you need more storage, it's an automation that you can enable to have that more storage come online. Another thing we talked about is the ability to run servers all over the world. I'll call that global reach. It's just not practical or possible for most businesses to run an office in Europe when they themselves are located only in North America, just to run some servers or to make those relationships with hosting providers in Africa or South America. As a result, you'll frequently have your servers only running in North America, forcing your global customers to connect from wherever they are to your North American servers. As a result, the cloud enables you to scale your application deployments across the globe. Now your end users in those regions are going to feel the speed and performance improvements from that because their computers are not going to have to travel as far in order to make that connection.

The latency will be a lot lower. In addition, this gives you availability benefits such that if your location does have an outage, and from time to time, there are natural disasters, accidents, and other things that get in the way, even bad code deployments can bring your application down. But if you have it deployed to multiplegeographical regions, it adds a layer of protection that adds what's called availability. And so, talking about availability, the cloud in general should have higher availability than the servers that you're running. Now, availability as a concept is often expressed as a percentage, which means it's the percentage of the time that a system is up and able to do its work. And so you might think that 99.99% is a great level of availability. That is referred to as four nines in the industry. If you take that to the time level, that is 4 minutes per month of downtime. For most people, 4 minutes per month of downtime is a great level of availability.

And so this is the kind of thing that you can set up fairly easily even within a single Azure region using, for instance, availability zones, which we'll talk about in the future in this course. So you can set this up this 99 9%.Now you might ask, why can't it be 100%? Well, it's actually quite difficult to achieve actual 100% availability. There was a time not too long ago when I went to Google.com to do a search and it returned me an error. And I said to myself, "Wow, Google.com, one of the billion dollar companies on this planet, returned an error on their home page." Of course, a few minutes later it was back up. Facebook has gone down, Twitter has gone down, You name the application, the biggest billion dollar companies on the planet, they've all had a little bit of downtime every once in a while. In fact, you can do a search for Googleavailability metrics and you can find the times that they were down and it actually might surprise you.

So high availability is a target for some, but not for all. Some applications are internal only, and they're not going to be used very often at night or on weekends. And so you're not going to have a high availability target for an application that's only available nine to five Monday to Friday. Now, maybe you have additional requirements during those business hours, but every application is going to be different. But you can achieve high availability in the cloud through proper planning, and it's going to cost you, too. Another benefit of the cloud is scalability. So that's the ability to handle growth. So if you have an application and some celebrity were to tweet your URL, well, you're going to get a deluge of traffic. And is your application going to be able to handle that? Now, you might say, "Oh, right, the first few minutes are going to be difficult." Sometimes applications are not even designed to be able to handle it. So the ability to handle it is sort of the requirement here.

So on this diagram, it's kind of a rough diagram that I drew, but you can see that almost every system on the planet has some maximum. There are some things that can't handle more traffic, can't handle any more users, can't handle any more demand. And it could be at a disc level,a database level, a router level. There are many different failure points in an application. And scalability is the ability to add capacity and move that line. Next, we'll talk about a related concept to scalability, which is elasticity. So the elasticity is taking the ability of the system to grow and shrink and automating it. So scalability. Like I said, some applications are not even physically able to handle a certain maximum number of users. You'd basically have to reprogram that application because there's a bottleneck somewhere. But if you don't have that requirement, you have the ability to detect when traffic is higher and then be able to grow the system. This is a bit of an exaggerated diagram, but if you can imagine your celebrity linked to your application at the beginning of this graph, you will see the traffic come in and grow and grow and grow. And then, once the tweets are very ephemeral, and then a few hours later, traffic dies back down, well, you can add capacity. You add capacity, you pay for it. And then when the traffic dies down, you take back capacity and you save money on that. And this is a more efficient system that can save you money than just having your maximum capacity very high all the time.

3. Agility Benefits and Accounting

So another benefit of cloud computing is what we're going to call agility. Now the agility that we're referring to is basically the ability for you and your team to rapidly change your cloud computing setup based on changes in the market, changes to your environment, or some new projector idea that you have in store. Now I mentioned at the beginning of this course that cloud computing has the ability to have an idea. Begin programming against that and run your experiment. Maybe you are happy with the idea and you want to do it more formally. Or maybe this was an experiment that didn't work and you can basically delete it. So the ability to spin up a server and then play with that and then shut it down, ultimately, you're going to be charged only a few dollars at the end of the day for that. So some of the servers within the Microsoft environment are less than a dollar an hour. Let's say it would be a type of server you can get for $1 per hour for a really decent server. If you look at the Azure pricing for servers, you'll find that most development level servers are less than a dollar per hour.

And so if you can spin up a server, use it for 3 hours, shut it down, and it only cost you a dollar, $50 less than the cost of a candy bar, as they say, then that's actually a pretty agile system. As we were saying in the last video, you can add capacity to your production environments, and maybe you only need that extra capacity for half an hour. You've got a really critical time in the morning and at the end of the day, and so you add more servers, and that only comes in for those periods. And so that's the kind of flexibility that we're talking about. We don't often like to think about disasters, but it would be the responsible thing to do to talk about how easy it is to set up backup policies. And some of this stuff is given to you automatically. You don't even have to set anything up. It's going to come with it for things like AzureSQL database, which is going to have the ability to roll back snapshots, et cetera, automatically or as any of these virtual machines and other things, you're going to be able to set up backups very easily. And then let's say the worst thing happens: you have a power outage, this area goes down, you're able to basically get a duplicate copy of your environment running in another region, and there are tonnes of tools for that.

So disaster recovery is basically the ability to recover from a failure specific to an advanced period of time. Now the other corollary to that is that if you lose your system at 201 PM, How much data did you lose because you're not doing backups every second? It might be every five minutes or every 15 minutes or something. So you're going to be able to get back up and running, but potentially you're going to lose a little bit of that data. And so that's one of the key concepts of disaster recovery, and you can do that fairly easily and automatically in the cloud compared to running your own servers. Finally, I want to talk about what I was saying in the beginning about how accountants would love this. There's a concept called capital expenditure, or capex, and operational expenditure, or Opex. And, instead of making large capital purchases of servers and server rooms, you'll have to go out and buy a million dollars' worth of computers and a building to host them, essentially being billed monthly with no upfront costs. The accountants are going to look at that and say, "That's a big tax advantage." You can write off 100% of your operational expenditure. You're hopefully bringing in revenue that exceeds the cost of bringing in that revenue. Rather than investing a million dollars and hoping to make a profit on it in five or ten years, shifting to an operational expenditure model ties your success to your costs.

So capex, like I said, is the upfront money invested in typical onpremises data servers, any kind of thing where you're going to need a big pot of money, that's a conversation with the accounting department, the CFO, and Opexis where you have that budget in advance. You say, this project needs $100,000 a month to run the servers, and that is part of the budget. And so that just goes as expected. The bills come in, the bills get paid. It is not a capital investment; it is an operational expenditure. One thing that was added to this exam in November 2020 was the concept of consumption-based pricing. We should talk about that because when you buy a server, you buy it and you own it.

You do have the cost of electricity and you do have the cost of the internet. But generally, you're not paying for CPU cycles, you're not paying for data travelling across the network that you own. Moving to this operational expenditure model means that you're paying by the minute, paying by the hour, paying by the job, or paying by CPU utilization. Cloud computing has a fairly robust set of metrics for which they charge a fee, but this is frequently based on consumption. So unless you do some type of reservation where you pay in advance, you're basically going to either consume time or consume data. Gigabytes, network traffic, and storage are all charged for. And that's actually a beneficial model if you can cut back, if you can delete files, and if you can stop processes, and it'll save you money.

Study with ExamSnap to prepare for Microsoft Certified Azure Fundamentals Practice Test Questions and Answers, Study Guide, and a comprehensive Video Training Course. Powered by the popular VCE format, Microsoft Certified Azure Fundamentals Certification Exam Dumps compiled by the industry experts to make sure that you get verified answers. Our Product team ensures that our exams provide Microsoft Certified Azure Fundamentals Practice Test Questions & Exam Dumps that are up-to-date.