Microsoft AZ-104 Certification Exams - Identity: Azure Active Directory
Microsoft AZ-104 Certification Exams - Identity: Azure Active Directory

Category: Self-Service Password Reset

Getting a Subscription – Compliance and Cloud Governance

By

On 2021-04-20

In Deleting and Modifying Users, Exams of Microsoft AZ-104, Inviting Users, Managing Multiple Directories, Microsoft AZ-104 Certifications, Self-Service Password Reset

You can get a subscription from multiple channels. You might not be eligible for all the subscriptions listed here; the eligibility is dependent on the terms and conditions of the respective offers.

Enterprise Agreements (EAs)  EA customers will sign an agreement with Microsoft or Microsoft Partners and make an up-front monetary commitment to Azure. All usage incurred will be charged against the monetary commitment; when the commitment expires, the customer will start receiving invoices. You can make the prepayment again and continue using the services. The advantage of using EAs is that they offer more discounts than other offers as the customer is paying the amount up front. If your organization is looking for massive deployments in Azure and requires 99.95 percent monthly SLA, then an EA is the best option.

Web Direct  In web direct, customers can directly go to the Azure website and purchase a new subscription. If you prefer, you can sign up for a Free Trial subscription and upgrade if you are interested in continuing the service. You won’t be charged until you upgrade the subscription from Free Trial to Pay-As-You-Go. Once you upgrade, as the name implies, you will be charged as per the charges mentioned in the Azure public-facing documents. There are no discounts available for you in this case, and you will require a credit card to sign up for this subscription.

Reseller  Using the Open Licensing program, customers can buy tokens from resellers and sign up for an Azure-in-Open subscription. As a customer, you can buy a token for any amount you need; the charges incurred will be taken from this amount. When the amount is exhausted, you need to buy a new token and refill your account to avoid service interruption. This works like a prepaid cellular plan.

Partners  You can purchase an Azure subscription from partners, and they can help you with the cloud transformation. The partners will be your first point of contact for any Azure-related concerns as the agreement is signed between the partner and the customer. These types of subscriptions are called cloud solution provider (CSP) subscriptions, and every month you’ll receive an invoice from your partner based on your usage. Microsoft doesn’t play any role in the invoice generation as you don’t have any direct billing relationship with Microsoft. CSP subscriptions offer more discounts compared to the Pay-As-You-Go subscriptions and are ideal for organizations that don’t have the budget to make the up-front monetary commitment for an EA.

This is not the complete list of offers that are supported by Azure. There are other offers that come with credits for MSDN subscribers and Visual Studio subscribers. You can see all the available offers here:

https://azure.microsoft.com/en-in/support/legal/offer-details

Now that you have an idea about the common offers, let’s see how the metering or usage is done in these subscription offers.

Azure Cost Management – Compliance and Cloud Governance

By

On 2020-12-29

In Deleting and Modifying Users, Exams of Microsoft AZ-104, Inviting Users, Microsoft AZ-104 Certifications, Self-Service Password Reset, Users and Groups

Controlling your cloud expenditure is part of cloud governance, and you need tools to properly see the breakdown of the costs and track them. Azure Cost Management is the go-to tool for performing your billing administrative tasks and for monitoring costs. Opening Cost Management in the Azure portal will show some charts that explain your cloud spending, as shown in Figure 2.4.

FIGURE 2.4 Azure Cost Management views

Additionally, Azure Cost Management provides the following features:

  • Users can create budgets, and alerts can be triggered if the threshold is crossed.
  • Usage reports can be exported to a storage account for auditing purposes based on a schedule.
  • You can forecast future costs using predictive analytics.
  • You can ingest your AWS costs and analyze them on Azure.
  • Azure Cost Management can be integrated with Azure Advisor.
  • You can track Azure reservation usage and calculate potential savings.
  • You can track Azure Hybrid Benefit discounts.
  • Azure Cost Management has richer APIs that can be integrated with third-party tools for visualization.
  • Azure Cost Management has a Power BI connector for the easy export of data to Power BI dashboards (supported for EA/MCA customers only).

Administrators can leverage all the aforementioned features to improve the cost monitoring and cost optimization. Now, we will discuss some features that you can use to plan and control your cloud expenditure.

Plan and Control Expenses

If you navigate to Cost Management + Billing ➢ Cost Management in the Azure portal, you will see the tools that are required for planning and controlling your expenses. We are primarily focusing on the highlighted tools shown in Figure 2.5.

Let’s take a closer look at each of these tools.

Cost Analysis  This blade can be used for viewing and analyzing your cloud spending. There are different views (built-in views and custom views can be created), filters, and grouping options available in Cost Analysis that can be leveraged by administrators to perform a deep analysis of the cost. You can also decide the granularity and the timeframe for analysis. Timeframe options include monthly, quarterly, yearly, or even custom for customization. Figure 2.4 shows what the Cost Analysis blade looks like. You can export your Azure usage data to a storage account based on a schedule. These CSV files can be leveraged by third-party analytics and visualization tools for creating dashboards.

Cost Alerts  You can configure alerts that will notify administrators if the cost crosses the set threshold.

Budgets  Every project has budget constraints, and the Budgets feature in Cost Management will help organizations to meet this financial accountability. You can set up thresholds and trigger alerts using action groups when the usage exceeds a certain percentage of the budget set. You can also integrate budgets with automation workflows to shut down VMs automatically when the spending exceeds a certain limit.

FIGURE 2.5 Azure Cost Management highlighting tools

Advisor Recommendations  These recommendations are generated from Azure Advisor based on your usage. Azure Advisor uses machine learning on your usage to generate these recommendations. These recommendations include reservation purchases and downsizing underutilized VMs. You can directly remediate these issues and make your cloud more cost-effective.

Incorporating these tools in your environment can improve the cost planning and optimization.

Cost Saving Techniques – Compliance and Cloud Governance

By

On 2020-10-10

In Exams of Microsoft AZ-104, Inviting Users, Managing Multiple Directories, Microsoft AZ-104 Certifications, Self-Service Password Reset, Users and Groups

There are a set of services or techniques administrators can use to get the best out of their infrastructure.

Reservations  Reserved instances (RIs), or reservations, can be used by customers to save costs on selected services. Selected services include Azure Virtual Machine, SQL Database, Azure Cosmos DB, Azure SQL Managed Instance, and other services. You can pay for a one-year or three-year term for these services upfront or in a monthly manner. For certain services, Microsoft has extended the term to five years. Purchasing reservations will reduce the costs up to 72 percent over the Pay As You Go rates.

Azure Hybrid Benefit  You can bring your own Windows Server or SQL Server or Linux licenses to use on Azure Virtual Machine, Azure SQL Database, and Azure Managed Instances. If you have already purchased licenses with software assurance, you don’t have to pay for these licenses in Azure. Combining RI and Azure Hybrid Benefit can increase the savings.

Azure Credits and Dev/Test Subscriptions  It’s always recommended that you choose the right subscription to host your workloads. If you are testing or developing solutions, there are subscriptions with free credit that can be utilized rather than deploying your solutions in a production subscription and paying invoices. For example, if you are a Visual Studio Subscriber (Enterprise/Professional), you can get a subscription with free credits that gets renewed every month. If you have an EA, then you can use an EA Dev/Test subscription for testing and development. EA Dev/Test rates are cheaper than the production EA subscription. Similarly, Pay As You Go customers can purchase PAYG Dev/Test for development and testing purposes.

Azure Regions  The prices of Azure services vary from region to region; you can always deploy to a region that has a lower cost to save your spending. However, make sure that this decision is not affecting the performance or data residency requirements (if there are any).

Budgets  You already learned about budgets in the “Plan and Control Expenses” section. Having a budget will help you get notified whenever you are crossing the limits assigned to you; you can also take necessary actions to remediate this. Budgets plays a crucial role in accounting and cost tracking.

Pricing Calculator  In Azure, there are hundreds of services, and each service has several pricing tiers. It’s not possible for an administrator or an architect to remember all these pricings and calculate them. Using the Pricing Calculator, you can estimate the cost of any service in Azure. You can export it to Excel to share with your stakeholders or directly share the link for estimation. The Pricing Calculator can be accessed here:

https://azure.microsoft.com/en-in/pricing/calculator

We will now move on to resource groups.

Management Groups – Compliance and Cloud Governance

By

On 2020-03-20

In Deleting and Modifying Users, Exams of Microsoft AZ-104, Inviting Users, Managing Multiple Directories, Microsoft AZ-104 Certifications, Self-Service Password Reset, Users and Groups

When we were discussing accounts and subscriptions, you saw that an account can have multiple subscriptions. If you think of it from an organizational perspective, there will be multiple accounts, and there will be multiple subscriptions meant for different environments and workloads. Using management groups, you can logically group subscriptions. This way, management groups offer a new scope above the subscriptions, which can be used for granting access, assigning policies, and analyzing costs.

FIGURE 2.7 Managing resource groups using the Azure CLI

All access or policies assigned to the management group will be inherited to the subscriptions that are part of the management group. We will cover how access and policy management is performed later in this chapter. Figure 2.8 shows a sample hierarchy where management groups are used.

Management groups enable administrators to do the following:

  • They can logically group subscriptions into different containers.
  • They can apply policies and access a set of subscriptions easily.
  • Cost management can be scoped at the management group level for tracking the costs of multiple subscriptions in a single shot.
  • Budgets can be created at the management group level, which is ideal for teams and projects having multiple subscriptions.

Management groups can be created from the Azure portal, PowerShell, and the CLI. There will be a default management group that will be provisioned along with your tenant called the root management group. All new management groups will be created as children of this root management group.

Creating a management group is a straightforward process you can perform by searching and navigating to management groups in the Azure portal. You can click Add (refer to Figure 2.9) to add a new management group. In Figure 2.9, you could also see a couple of management groups created for demonstration purposes.

FIGURE 2.8 Understanding management groups

FIGURE 2.9 Creating management groups

Two parameters are required while you create a management group. The first one is Management Group ID; this identifier is used to denote the management group when you want to run commands against the management group. Second, you need to add a display name, which will act like a friendly name for your management group. Whenever you are making PowerShell, Azure CLI, or REST API calls, you will be using the identifier to point to the management group. Management Group ID cannot be modified once the management group is created.

While discussing management groups, you read that it can be leveraged to apply policies and grant access easily on a larger scope. Now, we will see what these policies are and what role they play in governance.

Page 2 of 2

Previous

Powered by Dianne & Theme by Diannehill