The course is part of this learning path
AZ-900 Exam Prep
This short course covers some additional topics you should review before taking the Microsoft AZ-900 exam.
Congratulations on making it all the way through this learning path. If you’re preparing to write the Microsoft AZ-900 exam, bear in mind that although we’ve covered all of the major topics in the exam guide, there are a few details that weren’t covered. I’ll go over them briefly here.
When you create, modify, or delete a resource, your request goes through a service called Azure Resource Manager, or ARM for short. Most of the time, you don’t even think about the fact that ARM is handling your request. But if you want to automate resource deployments, then you can use something called an ARM template, which is a really helpful tool. For example, suppose you’ve created a template to deploy a particular type of virtual machine. Then, whenever you need to create a VM with those characteristics, you can just specify the template, and voila, it takes care of all of the details for you.
Although there are billions of computers connected to the internet, they’re dwarfed by the number of other devices connected to the internet, such as smart thermostats or power meters. This is often referred to as the Internet of Things or IoT.
Microsoft offers a suite of services to help organizations connect, monitor, and control IoT devices. The simplest way to get started is to use Azure IoT Central, which is a fully managed SaaS solution that takes care of the technical details for you. It lets you create IoT applications without writing any code.
If you need something more customized, then you can integrate your applications with Azure IoT Hub. It’s a service that handles secure communications with thousands, or even millions, of IoT devices. In fact, it’s the service that IoT Central uses behind the scenes.
Another hot technology these days is artificial intelligence or AI. You’ve probably heard about the amazing advances in AI that have enabled computers to do everything from language translation to facial recognition to beating humans at games like chess and Go.
Even though AI seems like it must be incredibly complex, the basic idea is fairly simple. The most common method is called machine learning. The way it works is you feed lots of real-world data into a program and the program tries to make generalizations about the data. This is known as training a model. It then uses these generalizations to make predictions when it’s given new data. For example, it can look at movies you’ve watched in the past and predict which new movies you’d like to watch now. That’s how Netflix makes its recommendations.
Microsoft offers lots of different AI services. If you’re new to AI, then the best place to start is Azure Cognitive Services. This is a collection of pre-built artificial intelligence tools. These services let you add AI capabilities to applications even if you don’t know anything about machine learning.
They’re grouped into five categories: vision, speech, language, anomaly detection, and search. For example, the vision category includes the Computer Vision API, which can classify images, and the Face API, which can detect faces in images.
If you have some basic knowledge of machine learning, then you might want to try Azure Machine Learning Studio. It lets you train and deploy machine learning models without any coding, using a drag-and-drop interface. I highly recommend it for learning the basics of machine learning.
It does have its disadvantages, though. It’s a closed system, which means you have no control over what machine learning framework you can use, where your models get trained, or where they get deployed, in most cases. It also has limited scalability, so it’s not suitable for large projects.
That’s why Microsoft created a new solution called Azure Machine Learning Services. It gives you full control over every stage of the machine learning process. You can use any Python-based machine learning framework, such as TensorFlow or PyTorch, train models using services such as Azure Databricks, and deploy models using services such as Azure Kubernetes Service. For large-scale projects, Azure Machine Learning Services is usually the best solution.
The rest of the topics I’m going to cover deal with security, privacy, compliance, and trust.
Even though Azure virtual networks already had a firewall-like feature called network security groups, Microsoft released a new service called Azure Firewall. The advantage of using Azure Firewall is that it’s more feature-rich. For example, you can tell it to allow outbound traffic only to certain domain names. NSGs can’t do that. They only allow you to specify IP addresses, not entire domains. An Azure Firewall is centralized, so it works across virtual networks and even across subscriptions.
Sometimes firewalls aren’t enough, such as when your application gets hit by a distributed denial of service, or DDoS, attack. This is when a large number of computers send requests to your servers simultaneously with the intention of taking down your application. To help combat these attacks, Microsoft offers Azure DDoS Protection in two tiers. The Basic tier is enabled automatically. It mitigates common DDoS attacks using the same technology that protects Microsoft’s own online services. The Standard tier provides protection against additional types of DDoS attacks, but there is a monthly charge for it.
Unlike DDoS attacks, most hacker attacks are intended to get inside your systems rather than take them down. One service you can use to help deal with these attacks is Azure Advanced Threat Protection or ATP. Azure ATP monitors user activities and looks for anomalies. For example, if an attacker seizes control of a user account, they’ll probably try to gain access to internal resources or other accounts. This sort of activity can often be spotted by ATP, which will send an alert to your administrators. It can also inform administrators of potential weaknesses in your account security before you’re compromised by an attacker.
Even if you do a good job of protecting your systems from attackers, your legitimate users might accidentally reveal confidential information. Azure Information Protection, or AIP, can help with that. AIP lets you label information as confidential, either manually or using rules you create. This, alone, will help keep people from inadvertently sending confidential information outside of the organization, but you can also configure AIP to actually prevent it from happening. For example, if someone attaches a confidential document to an email and then tries to send that email to a person outside of the company, AIP can stop the email from being sent.
To enforce a wide variety of governance policies, you can use the Azure Policy service. For example, suppose your company has a European division that is legally required to store its data only in European data centers. You could create a policy that only allows SQL Database instances to be created in European regions and assign that policy to the resource group for that division of the company. You’d also need to create similar policies for other data storage services, such as SQL Data Warehouse and Data Lake Storage.
Now suppose you need to assign the same policies to a number of different resource groups or subscriptions. To make it easier, you can group related policies into what’s called an initiative and then assign that initiative to various subscriptions, resource groups, and management groups.
Since security, privacy, compliance, and trust are responsibilities that your organization shares with its service providers, Microsoft provides lots of resources to help you understand how they take care of their side of the arrangement.
The Microsoft Privacy Statement “explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.” This actually applies to all of Microsoft’s services, not just Azure. To save you some typing, I put all of the links from this video in the transcript below.
The Trust Center contains a collection of links to resources about how Microsoft handles security, privacy, compliance, and transparency.
The Service Trust Portal is focused specifically on compliance. For example, it has links to Azure audit reports for regulatory standards like SOC, FedRAMP, and ISO27001. These will be helpful if your organization is going through these compliance audits. There’s also a link to a site called “Compliance Manager”.
This is a great tool that helps you achieve compliance. It creates assessments for different Microsoft services. It shows how compliant your organization is and how compliant Microsoft is for a particular area. For example, here’s a GDPR assessment for Office 365. You’ll notice that Microsoft Managed Actions is at 100%, which is always the case. In this example, Customer Managed Actions is at 0%. To find out how to move your organization into compliance, you can click on the assessment, and it will bring up a list of steps to complete. In most cases, you’ll need to upload evidence of your compliance. The main value of the Compliance Manager is that it helps you organize and track your compliance efforts.
If you’re involved in cloud solutions for the US government, then be aware that Microsoft provides Azure Government services that are in physically isolated data centers and networks. Azure Government is available to US government agencies at the federal, state, and local levels, as well as to their partners. To use these services, your organization has to meet eligibility requirements.
For German customers, Microsoft offers Azure Germany, which meets the applicable data security regulations for that country.
That’s it for additional topics for the AZ-900 exam. If you have any questions or comments, please let us know.
Thanks and good luck on the exam!
Microsoft Privacy Statement: https://privacy.microsoft.com/privacystatement
Microsoft Trust Center: https://www.microsoft.com/trustcenter
Microsoft Service Trust Portal: https://servicetrust.microsoft.com/
About the Author
Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).