Microsoft AZ-104 Certification Exams - Identity: Azure Active Directory
Microsoft AZ-104 Certification Exams - Identity: Azure Active Directory

Category: Deleting and Modifying Users

Subscription Metering – Compliance and Cloud Governance

By

On 2021-02-05

In Deleting and Modifying Users, Exams of Microsoft AZ-104, Inviting Users, Managing Multiple Directories, Microsoft AZ-104 Certifications, Users and Groups

All offers provided by Azure are meant for unique needs and requirements. For people who want to test the services there is a Free Trial, for students there is Azure for Students, and finally for enterprise deployments we have different paid subscription offers like EA, Pay As You Go, etc., which provide service level agreements (SLAs). The most commonly used subscription types are these:

  • Free subscription
  • Pay-As-You-Go
  • Enterprise Agreement
  • Azure for Students

Azure Free Subscription  You can get a $200 credit to spend on any Azure service for the first 30 days. You have to upgrade your Free Trial if you exhaust your credits or when you complete the trial period (whichever happens first). Along with the credit, you will get selected popular Azure services free for the first 12 months and 25+ services always free. However, this benefit will be applied only if you upgrade to a paid subscription. Signing up for a Free Trial will require a credit card; this is only for the verification purposes, and you will not be charged unless you upgrade to the paid subscription.

Azure Pay-As-You-Go Subscription  Once you upgrade your Free Trial subscription, your subscription will be converted to a Pay-As-You-Go (PAYG) subscription. In PAYG, you will be receiving invoices monthly based on your consumption. However, this will not be from the first to the last of the month; the billing cycle is dependent on what date you started the PAYG usage. PAYG is ideal for individuals to small businesses; even some large organizations use PAYG. However, there are no discounts applied like with EAs.

Azure Enterprise Agreement  Customers can buy cloud services and software licenses under one single agreement. These customers are also eligible for discounts on services, licenses, and software assurance. The targeted audience for this is enterprise organizations. Customers need to pay the cost upfront to Microsoft as a monetary commitment, and the consumption will be deducted from this prepayment.

Azure for Students  As the name suggests, this subscription is ideal for students who want test or develop solutions in Azure for learning purposes. Students will receive $100 as a credit that is valid for 12 months. Along with the credit, there will be free services that users can leverage. Students need to verify their student status using a university email address to activate this subscription. Also, Azure for Students doesn’t require a credit card.

So far, you have seen the different offer types that are available in Azure and how customers can choose one that suits their needs. You have also seen how usage is computed in each offer; now you will see how you can leverage Azure Cost Management in monitoring and optimizing cloud expenditure.

Azure Cost Management – Compliance and Cloud Governance

By

On 2020-12-29

In Deleting and Modifying Users, Exams of Microsoft AZ-104, Inviting Users, Microsoft AZ-104 Certifications, Self-Service Password Reset, Users and Groups

Controlling your cloud expenditure is part of cloud governance, and you need tools to properly see the breakdown of the costs and track them. Azure Cost Management is the go-to tool for performing your billing administrative tasks and for monitoring costs. Opening Cost Management in the Azure portal will show some charts that explain your cloud spending, as shown in Figure 2.4.

FIGURE 2.4 Azure Cost Management views

Additionally, Azure Cost Management provides the following features:

  • Users can create budgets, and alerts can be triggered if the threshold is crossed.
  • Usage reports can be exported to a storage account for auditing purposes based on a schedule.
  • You can forecast future costs using predictive analytics.
  • You can ingest your AWS costs and analyze them on Azure.
  • Azure Cost Management can be integrated with Azure Advisor.
  • You can track Azure reservation usage and calculate potential savings.
  • You can track Azure Hybrid Benefit discounts.
  • Azure Cost Management has richer APIs that can be integrated with third-party tools for visualization.
  • Azure Cost Management has a Power BI connector for the easy export of data to Power BI dashboards (supported for EA/MCA customers only).

Administrators can leverage all the aforementioned features to improve the cost monitoring and cost optimization. Now, we will discuss some features that you can use to plan and control your cloud expenditure.

Plan and Control Expenses

If you navigate to Cost Management + Billing ➢ Cost Management in the Azure portal, you will see the tools that are required for planning and controlling your expenses. We are primarily focusing on the highlighted tools shown in Figure 2.5.

Let’s take a closer look at each of these tools.

Cost Analysis  This blade can be used for viewing and analyzing your cloud spending. There are different views (built-in views and custom views can be created), filters, and grouping options available in Cost Analysis that can be leveraged by administrators to perform a deep analysis of the cost. You can also decide the granularity and the timeframe for analysis. Timeframe options include monthly, quarterly, yearly, or even custom for customization. Figure 2.4 shows what the Cost Analysis blade looks like. You can export your Azure usage data to a storage account based on a schedule. These CSV files can be leveraged by third-party analytics and visualization tools for creating dashboards.

Cost Alerts  You can configure alerts that will notify administrators if the cost crosses the set threshold.

Budgets  Every project has budget constraints, and the Budgets feature in Cost Management will help organizations to meet this financial accountability. You can set up thresholds and trigger alerts using action groups when the usage exceeds a certain percentage of the budget set. You can also integrate budgets with automation workflows to shut down VMs automatically when the spending exceeds a certain limit.

FIGURE 2.5 Azure Cost Management highlighting tools

Advisor Recommendations  These recommendations are generated from Azure Advisor based on your usage. Azure Advisor uses machine learning on your usage to generate these recommendations. These recommendations include reservation purchases and downsizing underutilized VMs. You can directly remediate these issues and make your cloud more cost-effective.

Incorporating these tools in your environment can improve the cost planning and optimization.

Management Groups – Compliance and Cloud Governance

By

On 2020-03-20

In Deleting and Modifying Users, Exams of Microsoft AZ-104, Inviting Users, Managing Multiple Directories, Microsoft AZ-104 Certifications, Self-Service Password Reset, Users and Groups

When we were discussing accounts and subscriptions, you saw that an account can have multiple subscriptions. If you think of it from an organizational perspective, there will be multiple accounts, and there will be multiple subscriptions meant for different environments and workloads. Using management groups, you can logically group subscriptions. This way, management groups offer a new scope above the subscriptions, which can be used for granting access, assigning policies, and analyzing costs.

FIGURE 2.7 Managing resource groups using the Azure CLI

All access or policies assigned to the management group will be inherited to the subscriptions that are part of the management group. We will cover how access and policy management is performed later in this chapter. Figure 2.8 shows a sample hierarchy where management groups are used.

Management groups enable administrators to do the following:

  • They can logically group subscriptions into different containers.
  • They can apply policies and access a set of subscriptions easily.
  • Cost management can be scoped at the management group level for tracking the costs of multiple subscriptions in a single shot.
  • Budgets can be created at the management group level, which is ideal for teams and projects having multiple subscriptions.

Management groups can be created from the Azure portal, PowerShell, and the CLI. There will be a default management group that will be provisioned along with your tenant called the root management group. All new management groups will be created as children of this root management group.

Creating a management group is a straightforward process you can perform by searching and navigating to management groups in the Azure portal. You can click Add (refer to Figure 2.9) to add a new management group. In Figure 2.9, you could also see a couple of management groups created for demonstration purposes.

FIGURE 2.8 Understanding management groups

FIGURE 2.9 Creating management groups

Two parameters are required while you create a management group. The first one is Management Group ID; this identifier is used to denote the management group when you want to run commands against the management group. Second, you need to add a display name, which will act like a friendly name for your management group. Whenever you are making PowerShell, Azure CLI, or REST API calls, you will be using the identifier to point to the management group. Management Group ID cannot be modified once the management group is created.

While discussing management groups, you read that it can be leveraged to apply policies and grant access easily on a larger scope. Now, we will see what these policies are and what role they play in governance.

Azure Policy – Compliance and Cloud Governance

By

On 2020-01-15

In Deleting and Modifying Users, Exams of Microsoft AZ-104, Microsoft AZ-104 Certifications

You can create, assign, and manage policies using the Azure Policy service. To ensure that the organizational standards and compliance controls are met, you can enforce rules and affect your resources using policies. Azure Policy constantly runs evaluations or scans on your resources to make sure they are compliant. If not, these will be reported in a well-presented dashboard for administrators to act on as required.

Azure Policy can stop new resources from breaking the compliance requirements. However, the existing resources will still be evaluated and reported if they are noncompliant, and we can remediate the noncompliance. Azure Policy cannot delete resources that are noncompliant.

Key features of Azure Policy include the following:

Compliance and Enforcement  You can leverage the built-in policies or build custom policies to ensure that the compliance requirements are met. Since the policy is enforced, users will not be able to deploy resources that break your policies.

Apply Policies at Scale  You can apply policies at the management group level so that the policy is inherited to all subscriptions that are part of the management group. Even if you add a new subscription to the management group, the policy is automatically inherited. Thus, you can make sure all existing and new subscriptions stay compliant.

Mitigation and Remediation  Since the resources are continuously evaluated by Azure Policy whenever there is deviation from the compliance policies, administrators can remediate and make sure your environment is 100 percent compliant. The remediation can be automated as well.

There are lot of built-in policies that come with the Azure Policy service. Nevertheless, administrators can always build custom policies to match your organizational requirements. Some of the use cases of Azure policies are as follows:

  • Control the resource types that your organization can deploy to Azure. This policy can stop users from deploying expensive services like ExpressRoute, Cosmos DB, etc., unless an exception is provided.
  • Restrict the deployment of virtual machines to a specific set of SKUs. This will help in controlling users from creating expensive VM SKUs, thus avoiding billing impact.
  • Limit the deployment of resources to selected regions only. This will help in meeting your data residency requirements.
  • Enforce required tags and its value to resources during deployment. We haven’t covered resource tags yet; once we cover them, you will get an idea about the purpose of tags and the advantage of this policy.
  • Audit that Azure Backup service is enabled for all virtual machines. This will ensure that Azure Backup service is enabled, which can be useful to recover VMs from catastrophic failures.

Let’s see how we can implement a policy in Azure.

Page 2 of 2

Previous

Powered by Dianne & Theme by Diannehill