Category: Architecture

Study Guide for AZ-305: Part 1 – Design a Governance Solution

Hello friends,

As you might already know, a new AZ-305 exam for Azure Architects has been officially released a few days ago!!!

I would like to take this opportunity and help all my students and followers with preparation for this important exam.

My plan is to create a blog post series that cover official and community learning materials in addition to the Microsoft Learn, self-paced learning modules.

Table of content (blog series)

This exam is focused on designing cloud and hybrid solutions on Microsoft #Azure, and was made with #architects in mind 😏


A list of helpful reference materials that will complement your four Microsoft Learn AZ-305: XXX learning paths on the official learning site are screenshotted below for your references πŸ™‚

What is the Cloud Governance ?

The Cloud Governance is a framework that guides how end users make use of cloud services by defining and creating policies to control costs, minimize security risks, improve efficiency and accelerate deployment. It’s imperative to have good cloud governance because it’s a foundational element to your cloud practice that provides the ability to scale and be successful.

In short, the governance in Azure is one aspect of Azure Management. This includes the tasks and processes required to maintain your business applications and the resources that support them. Azure has many services and tools that work together to provide complete management. 

What you can do with Azure Governance?

  • Enforce and audit your policies for any Azure service
  • Create compliant environments using Azure Blueprints, including resources, policies, and role-access controls
  • Ensure that you’re compliant with external regulations by using built-in compliance controls
  • Monitor spend and encourage accountability across your entire organization

The references below are taken from official Microsoft docs and focused on designing Azure governance solutions.

Build Enterprise Agile Azure Governance Foundation

Part 1: Design a governance solution

The references below are taken from official Microsoft docs and focused on designing Governance solutions in Azure. You could also find it helpful to check the Microsoft docs and learning paths with [Tutorials] belowΒ πŸ™‚

This collection of links is gathered with a focus on the exam objectives of the AZ-305 certification exam.

How to protect your resource hierarchy
Cloud governance guides
What are Azure management groups
Azure subscription and service limits, quotas, and constraints
What is Azure Resource Manager
Lock resources to prevent unexpected changes
Use tags to organize your Azure resources and management hierarchy

Azure Policy
What is Azure Policy?
Azure Policy built-in policy definitions
Azure Policy built-in initiative definitions
What is Azure role-based access control (Azure RBAC)?
Organize and manage multiple Azure subscriptions
Recommended policies for Azure services
What are Azure management groups?
[Tutorial] Describe core Azure architectural components
[Tutorial] Microsoft Cloud Adoption Framework for Azure
Governance in the Microsoft Cloud Adoption Framework for Azure
Define your tagging strategy

Summary

Thank you for visiting the AZ-305 Study Guide and checking the Part 1 – Design a Governance solution.

The next one will be Part 2: Design Authentication and Authorization Solutions.

What is MCAS and why would you need it?

Hello cloud marathoners,

The MCAS (Microsoft Cloud App Security) πŸ›‘οΈπŸ” – helps to identify and combat cyberthreats across all your cloud services. This is a cloud access security broker (CASB) that provides multifunction visibility, control over data travel, and sophisticated analytics.

Here is a high level architecture diagram from Microsoft docs.

What are the main benefits of this cloud service?

Here are the main three benefits ot brings alone:
βœ”οΈ Discovery & Manage your apps
βœ”οΈ Govern access to apps and resources
βœ”οΈ Check compliance on your cloud apps

Check out this detailed level architecture ofΒ #appsecurityΒ inΒ Microsoft Azure β„’Β πŸ‘

MCAS – Microsoft Cloud App Security.


What are the main use cases for your business?

βœ”οΈ Shadow IT Discovery & Control
βœ”οΈ Secure Access
βœ”οΈ Security Poster Management
βœ”οΈ Threat Protection
βœ”οΈ Information Protection
βœ”οΈ User & Entity Behavioral Analytics

Another beauty of above architecture lies in a fact that you could easily integrate this model with third party SaaS apps, all listed on a diagram.

Thank you Matt Soseman for bringing this diagram  #SharingIsCaring❀️️

Fᴏʟʟᴏᴑ ᴍᴇ 🎯 α΄€Ι΄α΄… become α΄€Β #cloudmarathonerΒ β›…πŸƒβ€β™‚οΈπŸƒβ€β™€οΈ – 𝐋𝐄𝐓’𝐒 π‚πŽπππ„π‚π“ πŸ‘

#microsoftazure
#MCAS#securitymanagement
#OAuth#secureaccess #appsec
#threatprotection
#securityengineering
#bestpractices
#continuouslearning

What are the Microsoft Azure’s Multi-Cloud and Cross-Platform Capabilities?

Hello cloud marathoners,

There are many security and multi-cloud capability services under Microsoft Azure umbrella of services. In this post, I will reference the Microsoft documentation to clarify those capabilities on high-level.
I hope this post will clarify intent and purpose of these capabilities for you.

Important: Please zoom into a infographic – as it is of a high quality and can be very informative in understanding the article.

Microsoft’s cross-platform or cloud security starts with endpoints and cloud visibility and controls: namely Endpoint management and Cloud Security Posture Management (CSPM) that provides insight across your multi-cloud and on-premises datacenter estate as well as Cloud Workload Protection capabilities

Next are the SIEM and XDR Strategy – where Microsoft provides integrated capabilities for the Security Operations / SOC to get the broad and deep visibility needed to rapidly detect, hunt for, and respond/recover to threats across clouds and platforms.

The following capability on the infographic is – Infrastructure Extended Detection and Response (XDR). These capabilities are provided through set of services, namely Azure Defender, Azure Arc, Microsoft 365 Defender with number of features combined under the suit of services.

Next set of capabilities are Identity Enablement and Security – where Azure Active Directory provides comprehensive solutions, including Zero Trust access control that explicitly verifies trustworthiness of devices (via XDR) and users via native UEBA, Threat Intelligence and analytics.

And finally, Information Protection capabilities – utilize the Microsoft Information Protection and Azure Purview services that provide a full lifecycle approach to discovering, classifying, protecting, and monitoring structured and unstructured data as your organization generates and leverages more data. These capabilities provide insights to drive mission completion and competitive advantage.

What would be your approach?
Please, share in the comments section πŸ‘
#SharingIsCaring❀️️

Important: Please zoom into the infographic – as it is of a high quality and can be very informative in understanding this article.

#microsoftazure
#multicloud
#crossplatform
#endpointmanagement
#SOC
#securityengineering
#identityaccessmanagement

Get started with data transformation services in Azure – Global Azure 2021

Azure Global 2021 event in mid-April 2021

Hello friends,
I am back again, this time with another follow-up announcement of a second Global Azure 2021 session in Azure Data focus area, for ALL of you!

I am truly excited to present the following session on April 17th, live from my broadcasting studio in East Cost:)

This session will be a deep dive into different data movement scenarios using first-class tooling in Azure data echo-system and Azure Data Factory (ADF). We will learn about handy new features and data connectors, while copying and transforming datasets from a Data Lake and SQL Relational Database storages. Thus, tune in to learn about latest developments in Microsoft Azure data transformation services.

In my second session, I will share following journey with you:

Abstract of the upcoming session provided below πŸ˜‰

We will learn about what is ETL and ELT stands for in data world, and how Azure Data Factory (ADF) service could help you. Along the way, we will look into inner-workings and fundamentals of a cloud-based ETL and data integration service that allows you to create data-driven workflows for orchestrating data movement and transforming data at scale.

Finally, we will conclude the session with ADF demo and Q&A

TheCloudMarathoner πŸ™‚

Please let me know, what topics are you interested in?

What is a good service to perform data transformation in Azure?πŸ€”

Hello friends and data marathoners!


I am excited to annonce my next Cloud Lunch and Learn tech meetup session with you.

During the previous session, you have learned about how to up-skill existing data and SQL skills with the new Data engineering mindset πŸ‘ŒπŸ‘

Updated: Check out the recorded event session on YouTube: https://youtu.be/h3AaL9AhuXI

I am glad to invite you all – to learn how to get started with Data Transformation services inΒ Microsoft Azure β„’Β 


Thanks you πŸ™ Cloud Lunch and Learn for organizing this session.

Event detail: 24 March @ 18:00 UTC
Open registration πŸ‘‰ https://lnkd.in/dNb5vUr#SharingIsCaring❀️

Fᴏʟʟᴏᴑ ᴍᴇ 🎯 α΄€Ι΄α΄… κœ±α΄›α΄€Κ€α΄› Κα΄α΄œΚ€ α΄„ΚŸα΄α΄œα΄… ☁ α΄Šα΄α΄œΚ€Ι΄α΄‡Κ – 𝐋𝐄𝐓’𝐒 π‚πŽπππ„π‚π“ πŸ‘
#microsoftazure#CloudLunchLearn#azuredata#upskilling#cloud#dataengineering#datatransformation#gettingstarted#continuouslearning

Why “Start small and Expand” approach is good for your company business?

As cloud☁️ journey matures, each company 🏨 knows that service
requirements and needs will be changing. As cloud providers add new features and products, the new market opportunities and possibilities will rise.

There are several reasons why you would want to pursue the cloud landing zones. Using the start small and expand landing zone, you could get started with cloud adoption at a low-risk pace, and build up the security, governance, and regulatory policies over time.

As a benefit, with “start small and expand” you can use Azure Resource Manager templates and Azure Policy to create a CI/CD pipelines for subscriptions with Azure Blueprints.

As an ongoing improvement effort, you could expand and improve the landing zone with the Cloud Adoption Framework enterprise-scale design guidelines from Microsoft Azure β„’

Get started by learning “What is an Azure landing zone?” πŸ‘‰ https://lnkd.in/eD7xtWV #SharingIsCaring❀️

Fᴏʟʟᴏᴑ 🎯 theΒ #cloudmarathonerΒ β›…πŸƒβ€β™‚οΈπŸƒβ€β™€οΈ on LinkedIn α΄€Ι΄α΄… 𝐋𝐄𝐓’𝐒 π‚πŽπππ„π‚π“ πŸ‘

Journey 2 RE-certification: AZURE SOLUTIONS ARCHITECT EXPERT

Over the weekend, I had a scheduled proctored exam AZ-301 Microsoft Azure Architect Design. Passing it would re-certify my credentials in Microsoft Certified: Azure Solutions Architect Expert, but most importantly up-skill my knowledge in recent changes of Microsoft Azure.

Actually, the first pre-requisite Expert Architect Technologies exam which I had, earlier in May, was not easy at all. The content of exam is quite BIG, in comparison what it used to be 2 years ago. It turned out to be true underestimate from me, when i failed my first attempt. The good or bad thing about this failed exam was the score – 679. I missed it with just one correct answer. Ah…

Anyway, repetition is the mother of perfection. If there is true perfection, it’s about getting ready, and doing something over and over again. Well, on the second attempt I was able to pass AZ-300 Microsoft Azure Architect Technologies much easier… If you curious about the score, it was in upper 900’s (where max is 1000).

Overall, Microsoft Expert exams are much harder (probably 3x times) to get prepared than the Associate one. Thus, I was pretty excited and nervous while going for the next exam Architect Design πŸ™‚ It turned out well this time, as I used those skills in my day-2-day work, so no surprises there…

By the way, the Microsoft also announced new exams (AZ-303 and AZ-304) for the Azure Solutions Architect certification. They are all in beta for now and there are no online training material yet. You can check these exams here Microsoft official post.

Earning the Azure Solutions Architect Expert certification demonstrates skills and knowledge to advise stakeholders and translate business requirements into secure, scalable, and reliable solutions. Candidates have advanced experience and knowledge across various aspects of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data management, budgeting, and governance – managing how decisions in each area affects an overall solution.

Microsoft Learn

There is an informative blog post by Chris Pietschmann, about the state of the current Microsoft Expert exams and how they are structured, if you are new to the Microsoft role based certifications i would recommend to have a look.

There is an informative blog post by Chris Pietschmann, about the state of the current Microsoft Expert exams and how they are structured, if you are new to the Microsoft role based certifications i would recommend to have a look.

Turning attention back to current Azure Architect exams, with a small detour, there are multiple overlapping topics between those two Expert exams. Completing one of them greatly help with the second one, as they share certain exam objectives.

Now, the list my study guides consisted from the followings:

Congrats to everyone, who already got the Azure Solutions Architect Expert badge and certifications! This is a good thing to accomplish.

For those who are planning to go with Azure Architect pass, I wish good luck in preparing and getting it done. It is going to be an interesting journey, a lot to learn, much more to practice and up-skill yourself to be better prepared for your next challenge!

Hopefully, my journey will be a tiny encouragement wave to start your own.

  • Feel free to comment on what exam preparation approach do you follow?
  • What challenges are you facing or already overcome?
  • What helped and what did not – in setting up yourself for a journey?

Thank you and May The 4TH Be With You!