Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Azure Strategy and Implementation Guide, Fourth Edition
Azure Strategy and Implementation Guide, Fourth Edition

Azure Strategy and Implementation Guide, Fourth Edition: The essential handbook to cloud transformation with Azure , Fourth Edition

Arrow left icon
Profile Icon Pokkunuri Profile Icon Jack Lee Profile Icon Milgram Profile Icon Leonardo Profile Icon David Rendón +1 more Show less
Arrow right icon
$54.99
Paperback May 2021 228 pages 4th Edition
eBook
$26.99 $38.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Pokkunuri Profile Icon Jack Lee Profile Icon Milgram Profile Icon Leonardo Profile Icon David Rendón +1 more Show less
Arrow right icon
$54.99
Paperback May 2021 228 pages 4th Edition
eBook
$26.99 $38.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$26.99 $38.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Azure Strategy and Implementation Guide, Fourth Edition

2. Automation and governance in Azure

In the last chapter, we saw how infrastructure in the cloud works from not only a native but also a hybrid perspective. We will now take a look at how we can build resources in Azure. You can now go to the Azure portal and create any Azure resource; however, this can be very cumbersome without automation. Automation in Azure is accomplished through Azure DevOps and Azure Resource Manager (ARM) templates. We are strictly sticking to out-of-the-box Microsoft solutions, but there are quite a few other deployment and development tools available that can help you accomplish automation tasks. Once you've deployed your resources, you need to ensure they're secure.

In this chapter, we are going to cover the following:

  • Azure DevOps and why it is important
  • ARM templates and the different ways they can be used
  • Fundamentals and best practices of deploying Azure Infrastructure as Code (IaC)
  • Benefits and best practices for identity and access control in Azure
  • Azure governance

Before we dive into how you can accomplish automation and what it means to have IaC, let's get an overview of Azure DevOps and ARM templates to build a foundation for this automation approach.

Azure DevOps

While this chapter isn't about Azure DevOps, it's a good idea to begin with a fundamental understanding of what it brings to the table. Azure DevOps is both a developer tool and a business tool, as it can be the source of truth for your code base and a backlog of items that code needs to accomplish. Let's look at some of the options that it brings to the table, from which you can pick and choose:

  • Azure Repos allows you to either create a Git repository or Team Foundation Version Control to store your development source control.
  • Azure Pipelines, one of the critical processes we will use in this chapter for the artifacts we create, provides build and release services for continuous integration and delivery (CI/CD) of your apps.
  • Azure Boards helps deliver a product backlog to plan and track work, code defects, and other issues that may arise during your software development.
  • Azure Test Plans allows you to test the code within your repository and enables you to perform manual and exploratory testing, along with continuous testing.
  • Azure Artifacts provides the elements needed for your code to be packaged and deployed, such as NuGet resources usually shared with your CI/CD pipelines.

As you can see, Azure DevOps is Microsoft's tool for deploying and managing applications within Azure as part of the release management process. To learn more about Azure DevOps, you can head over to the documentation at https://docs.microsoft.com/azure/devops/user-guide/what-is-azure-devops?view=azure-devops.

Note

Azure DevOps is available for free with a five-user license, so feel free to have a look and explore how deployment in Azure works. Head to https://azure.microsoft.com/services/devops/ to create your free account.

Now that we've discussed some of the toolings at a very high level, let's take a look at ARM templates.

ARM templates

ARM templates are how your infrastructure is represented as code. ARM templates help teams take a more agile approach to deploying infrastructure in the cloud; it is no longer necessary to click deploy within the Azure portal to create your infrastructure. An ARM template is a mixture of a JSON file representing the configuration of your infrastructure and a PowerShell script to execute that template and create the infrastructure.

The real benefit of using the ARM template system is that it allows you to have declarative syntax. That means you can deploy a virtual machine and create the networking infrastructure that goes around it. Templates end up providing a process that can be run repeatedly in a very consistent manner. They manage the desired state of the infrastructure, meaning a template becomes the source of truth for those infrastructure resources. If you make changes to your infrastructure, you should do that through the templates.

The template deployment process can't be accomplished without orchestrating how the template process needs to run and what order it needs to run in. It is also useful to break these files into smaller chunks and allow them to be linked together or reused in different fashions with other templates. This can help with understanding and controlling your infrastructure while making it repeatable and stable. ARM templates are used in CI/CD pipelines and code deployment to build a suite of applications within the organization.

The following JSON file shows you how ARM templates are structured:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},
  "resources": [],
  "outputs": {}
}

As you can see, there are several important parts: parameters, variables, resources, and outputs. Let's discuss each of them briefly:

  • ARM template files should be parameterized, and there is a separate file for the parameters that maps to the parameters list in the JSON template file.
  • The variables portion is for variables used within this file. Variables are generally used for creating naming functions to help generate a naming convention that is already structured, and for building that structure to use input parameters to make the name.
  • The resources section is where all of the resources that you're trying to deploy with this ARM template are represented; these can range from virtual machines to websites.
  • Finally, the outputs section is anything you want to pass out of your ARM template to be used elsewhere, such as an SQL Server name, before running your SQL scripts.

Three files are created when you create an ARM template file within Visual Studio:

  • The first is the JSON file, which is the template that is represented in the preceding code.
  • The second is the JSON parameter input file, a file that can be changed with every deployment to match the environment you want to deploy.
  • The third is the PowerShell script used to execute the template. The PowerShell script accepts the resource group's inputs, the ARM template file, and the parameters file.

That was a quick overview of Azure DevOps and the files that are created when you create an ARM template. Let's see how Azure resources are deployed using these ARM templates.

Deploying Azure IaC

As we saw in the ARM templates section, we want to use ARM templates to deploy our infrastructure, as it fits in nicely with our CI/CD process. There are several ways to approach building out these templates.

One way is to create a monolithic template that contains all of the resources that you want to deploy. To make things a little more modular, you could use a nested template structure. Alternatively, you may want to take a more decoupled approach and create smaller templates that you can link together, making a highly usable and repeatable structure.

Let's take a look at each of these methods, starting with the monolithic view:

Monolithic view of an ARM template

Figure 2.1: Monolithic ARM template

As you can see in Figure 2.1, a monolithic ARM template deploys a UI front end with an API middle tier connected to the SQL database. In this process, we need to build out all of the dependencies within the JSON template. The SQL database is deployed before the API middle tier to use the connection string in the API application configuration. You would then deploy the UI layer with the API URL being used in the UI application configuration. The chaining of the deployment can work not only for deploying code but also helping with the configuration.

Alternatively, you could implement a nested template arrangement:

Nested ARM templates

Figure 2.2: Nested ARM templates

As you can see, this is similar to the structure in Figure 2.1. However, the templates within this structure are nested in separate file sections. This means that each template owns the resource within it that it's trying to deploy. This structure is similar to breaking out your C# code into manageable methods and actions. This follows the same deployment process as discussed in the monolithic scenario, but the files are nested.

The final structure is linked ARM templates:

The final structure—linked ARM templates

Figure 2.3: Linked ARM templates

As you can see, the templates are initially separate and decoupled from each other, and then we link them together in our release pipeline. Linked templates are similar to nested templates, except the files are external to the template and system, whereas the nested templates are included in the same scope as the parent template. This helps with reusability down the line, because the templates are separate files that can be linked to other deployment files.

We should note that with linked or nested templates, the deployment mode can only be set to Incremental. However, the main template can be deployed in Complete mode, so if the linked or nested templates target the same resource group, that combined deployment will be evaluated for a complete deployment; otherwise, it will deploy incrementally. To learn more about ARM deployment modes, visit https://docs.microsoft.com/azure/azure-resource-manager/templates/deployment-modes.

We've seen different ways of using these ARM templates to automate the deployment of infrastructure; now we turn to the benefits of doing so.

Benefits of Azure IaC

The main benefit of using IaC is automating the creation, updating, and configuration of different resources and environments. Automation takes the human element out of the picture while adding certain key benefits:

  • The ability to schedule automated deployments, helping your operations staff work fewer hours.
  • The ability to smoke test your automated deployments.
  • The ability to create a repeatable process.
  • Pure self-healing applications can be achieved.
  • The ability to roll back changes.
  • Resource Manager helps in tagging resources.
  • ARM takes care of the dependencies of resources in the resource group.

Automation at any point is the real key to using a platform like Azure, whether that is automating your infrastructure deployments or testing to ensure the stability of your production deployments.

In order to reap these benefits, we need to learn how to use ARM templates effectively.

Best practices

We want to take a quick look at some best practices to optimize ARM templates. But first, let's start by understanding what some of our template limits are.

Overall, the template can only be a maximum of 4 MB, and each parameter file is limited to 64 KB. You can only have 256 parameters, with 256 variables, containing 800 resources, 64 output values, and 24,576 characters in a template expression. As we've discussed, you can exceed some of these limits by using nested templates if your template gets too big, but Microsoft recommends that you use linked templates to help avoid these limits. In the following sections, we discuss some best practices for each component within an ARM template.

Parameters

The ARM template system within Azure DevOps resolves parameter values before deployment operations and allows you to reuse the template for different environments. It is essential to point out that each parameter must have a set data type value. You can find a list of these data types at https://docs.microsoft.com/azure/azure-resource-manager/templates/template-syntax#data-types.

Best practices

Microsoft recommends the following best practices for parameters:

  • It's best to minimize the use of parameters. As we pointed out at the beginning of the chapter, you should use variables for properties and only use parameters for the things you need to input.
  • It is recommended that you use camel casing for parameter names.
  • It is also recommended that you describe each parameter, so when other developers use the template they know what the parameters are.
  • Ensure that you use parameters for those settings that may change when the environment changes, such as capacity or app service names.
  • Ensure you name your parameters to make them easily identifiable.
  • Provide default values for parameters; this involves providing the smallest virtual machine skew size so non-production environments use smaller resources and other developers that use the template have a basic starting point.
  • If you need to specify optional parameters, avoid using empty strings as the default value and instead use a literal value. This helps to provide a naming structure for users of the template.
  • Try to use allowed values as little as possible, as these may change over time and can become difficult to update in your scripts.
  • Always use parameters for usernames and passwords or secrets to be set for each environment and not hardcoded in the template. You should also use a secure string for all passwords and secrets.
  • When you need to set a location for the resource you're deploying, set the default value to resourcegroup().location so the location value is set correctly within the resource group.

As you can see, parameters are very useful in the ARM template process because they allow us to be flexible with the environments we're trying to deploy. Remember to keep these templates as simple as possible with the applications or microservices you're trying to deploy.

Variables

Variables are also resolved before starting the deployment, and the resource manager replaces the variable with its determined value. Variables are useful in deriving complex naming within your template and allow you to only pass in the required parameters.

An example of this is an organization that uses a customer ID and depends on this for its naming convention to keep all deployed resources in Azure unique to that customer ID. In this case, you would create the customer ID as a parameter and then develop variables to generate names using your naming standard. You can find a list of acceptable data types for variables at https://docs.microsoft.com/azure/azure-resource-manager/templates/template-syntax#data-types.

Best practices

Microsoft recommends the following best practices for variables:

  • Remember to remove unused variables and files as they can be confusing.
  • Use camel casing for your variable names.
  • Use variables for values that you need more than once within your template.
  • Variable names must be unique.
  • For repeatable patterns of JSON objects, use the copy loop in variables.

Resources

The resources section of the ARM templates is reserved for resources that will be deployed or updated. ARM templates generally help derive the desired state of the resources within Azure. When changing Azure infrastructure, it is always a good practice to change your template first and then re-run it to change your Azure resources. All too often, organizations make changes on the portal but forget to change their ARM template, and then the next time they deploy these resources, they are deployed into the wrong state.

Best practices

Microsoft recommends the following best practices for resources:

  • Add comments to your resources so that others know their purpose.
  • Remember that there are quite a few resources that require unique names, so never hardcode your resource names.
  • When you add a password to a custom script extension, use the CommandToExecute property in the protected settings of Azure Resource Manager.

We now have a fundamental understanding of the elements within an ARM template. Our next focus will be identity and access control once your resources have been deployed.

Identity and access control

Before we dive in, it is good to realize that there is a shared responsibility between you and the cloud provider when it comes to security and securing your resources. It is essential to understand where your responsibility stops and the cloud provider steps in. Let's take a quick look at shared responsibility in Azure, as you can see in Figure 2.4:

Azure shared responsibility

Figure 2.4: Azure shared responsibility

Depending on the type of service you choose in Azure, your responsibilities will vary, as will those of the cloud provider. Note the differences between on-premises resources and the various Azure options. You can see that, regardless of any new responsibilities, you will always retain the responsibility for endpoints, account management, accounts, and data repositories you create in the cloud.

With Azure being a public-facing resource, security is at the forefront of its development. There is a wide range of tools and advisors within Azure that help you take advantage of Azure's different security tools and capabilities.

What are the security benefits of Azure?

Organizations' on-premises security groups only have limited resources (team members and tools) to view exploits and attackers. One of the benefits of using a platform like Azure is that you can offload those responsibilities to the provider in the cloud and gain a more efficient and intelligent approach to your organization's threat plane without the need to bring in physical resources.

One of the most significant benefits of Azure is that when you create a tenant, it comes with Azure AD behind it, which allows you to start from a security perspective in Azure. Azure AD is used to lock down all of the services and resources within Azure. You can also use Azure AD to secure your applications or create Business to Customer (B2C) or Business to Business (B2B) ADs to house your client information.

Helpful tools in Azure

There are several security and audit solutions built into Azure to strengthen your security posture, which can be viewed in the Azure portal through the security and audit dashboard from your home screen. Here are some helpful tools in Azure to assist you and your organization:

  • We mentioned earlier that Azure Resource Manager helps keep everything in one place for deploying, updating, and deleting resources within your solution to support coordinated operations.
  • Azure also offers Application Performance Management (APM), which is referred to as Application Insights. Application Insights gives you the ability to monitor your applications within Azure and detect performance anomalies.
  • Azure Monitor allows you to visualize your infrastructure for your activity log and the individual diagnostic logs for your Azure resources.
  • Azure Advisor is like a personalized cloud concierge to help you optimize your cloud resources. This service can help detect security and performance issues within your applications.
  • Azure Security Center helps prevent, detect, and respond to different threat planes for your applications within Azure. It helps provide security monitoring and policy management across all of your other subscriptions.

Best practices

Here are some Azure security best practices recommended by Microsoft:

  • Use Azure AD for central security control and identity management in Azure. This will make management and integration more streamlined.
  • Try to keep your Azure AD instances to a single source of truth.
  • If you have an on-premises AD, it is recommended that you integrate it with Azure AD, using Azure AD Connect for a single sign-on experience.
  • If you use Azure AD Connect to sync your on-premises AD with Azure, turn on password hash synchronization in case the main resource goes offline or is deprecated.
  • Remember that you can use Azure AD for authentication in your new applications, and this can be accomplished through Azure AD directly, B2B, or B2C.
  • Use management groups to control your access to subscriptions. This helps with centralized management, over needing to worry about Azure Identity and Access Management (IAM) in each subscription.
  • Use Conditional Access for your support personnel so that they can elevate their permissions when needed in Azure, rather than having access all the time.
  • Block legacy protocols that aren't used to stop attack planes.
  • It is recommended you use self-service password resets for your users if you're using Azure AD for your applications and you want to ensure you monitor this process.
  • If you are using Azure AD Connect, ensure that your cloud policies match your on-premises policies.
  • Enable multi-factor authentication for your organization if possible.
  • If you wish to provide built-in roles in Azure, ensure that you maintain role-based access over rule-based access, as rule-based access can be very cumbersome to manage in the long run.
  • Ensure that you give the least privileged access to those logging in to Azure, so that when an account is compromised, its access is limited.
  • Define at least two emergency access accounts, just in case the organization admin operation team members' accounts get compromised.
  • Ensure you control locations where resources are created for your organization if you also wish to monitor suspicious activities within your Azure AD tenant actively, as there may be data restrictions in different regions.
  • Ensure you use authentication and authorization for your storage accounts.
  • Review and apply improvements to your best practices over time.

Now that we have an understanding of security in Azure, we can review how to use Azure governance.

Azure governance

Azure governance is defined as the processes and mechanisms that are used to maintain control of your applications and resources in Azure. They are the strategic priorities involved in planning your initiatives within your organization. Azure governance is provided in two services: Azure Policy and, as we will discuss in Chapter 7, Offers, support, resources, and tips to optimize cost in Azure, Azure Cost Management.

The purpose of Azure Policy is to organize your operational standards and to assess your compliance. Azure Policy regulates compliance, security, costs, and management while implementing governance for consistency of your resources. Everything that we see in Azure is governed by these policies, which contain business rules in JSON format and policy definitions. The schema for these policy definitions can be found at https://schema.management.azure.com/schemas/2019-09-01/policyDefinition.json.

What are the benefits?

Azure governance and Azure Policy help with building and scaling your applications while maintaining a level of control. This helps create guardrails and assists with deploying entirely governed environments throughout your organization's subscription using Azure Blueprints. As we will discuss in Chapter 7, Offers, support, resources, and tips to optimize cost in Azure, it also assists in managing costs by providing insights into your spending to maximize your cloud investment. In addition, Azure governance offers the following benefits:

  • Helps with audit and enforcement of your policies for any Azure service
  • Helps encourage accountability throughout the organization while monitoring spending
  • Creates compliant environments, including resources, policies, and access control
  • Helps ensure compliance with external regulations via built-in compliance controls

In the following sections, we'll look in detail at some of the features and services available via Azure governance, namely Azure management groups, Azure Policy, Azure Blueprints, Azure Graph, and Azure Cost Management and Billing.

Azure management groups

Azure management groups help manage your Azure subscriptions by grouping them and taking actions against those groups. They allow you to define security, policies, and typical deployments via blueprints. They help create a hierarchical view of your organization so that you can efficiently manage your subscriptions and resources:

Hierarchical representation of Azure management groups

Figure 2.5: Azure management groups

As you can see in Figure 2.5, there is a simple separation between production and non-production. We should understand from this illustration that each management group has a root or parent that every hierarchical structure inherits from. You can create a global structure at the root, or you can create a production or non-production policy in either one of the branches.

Azure Policy

Azure Policy was put in place to help enforce asset compliance in organizational standards within Azure. Common uses of Azure Policy are implementing governance for resources consistency, security, costs, and management. Like everything in Azure, Azure policies are in JSON format, and you add business rules for policy definitions to help simplify the management of these rules.

Azure policies can be applied to Azure resources in different life cycles or during an ongoing compliance evaluation. These can be used as a control mechanism to deny changes or to log them. The difference between Azure Policy and Azure rule-based access control (RBAC) is that your policy does not restrict Azure actions. This means a combination of Azure RBAC and Azure policy provides the full scope of security in Azure.

The following best practices are recommended by Microsoft:

  • When you use Azure policies, it's always good to start with an audit policy rather than a denial policy, as setting a denial policy may hinder automation tasks when creating the resources.
  • When creating your definitions, consider your organizational hierarchies. Creating higher-level definitions such as at the management group or subscription level is recommended.
  • Create and assign initiative definitions or policy sets even for the smallest policy definitions.
  • It is good to remember that once an initial assignment is evaluated, all policies within that initiative are evaluated as well.
  • You should think about using policies to help control your infrastructure, like requiring antivirus to be installed on all virtual machines or not allowing specific sizes of virtual machines to be created in a non-production environment. To gain a better understanding of Azure policy definition structure, you can learn more at https://docs.microsoft.com/azure/governance/policy/concepts/definition-structure.

Azure Blueprints

Azure Blueprints enables technology groups to develop a repeatable set of Azure resources that support an organization's patterns, requirements, and standards. Blueprints are a great way to orchestrate the deployment of various resources, such as role assignments, policies, ARM templates, and resource groups. Azure Blueprints is an extension of ARM templates, which are designed to help with environment setup, and Azure Blueprints uses templates to accomplish this goal.

Azure Resource Graph

Azure Resource Graph was created to extend ARM templates' capabilities to help explore resources even across subscriptions. Azure Resource Graph queries allow you to search for complex results from resources that have been deployed in Azure. Azure Resource Graph is the query system that supports the search in Azure. The query language is based on the Kusto Query Language, which is also used by Azure Data Explorer, so it may be new to you and take a little bit of getting used to.

You need the appropriate rights in Azure RBAC to see the resources—this is the read permission. If you don't get any results returned in Azure when you use Azure Resource Graph, check your read permission first.

Azure Resource Graph is free to use, but it's throttled to ensure the best experience for everyone.

Azure Cost Management and Billing

Azure Cost Management and Billing was created to help analyze, manage, and optimize the costs of your workloads in Azure. It was introduced to help businesses reduce their risk of potential waste and inefficiencies as they migrate to the cloud. Azure Cost Management and Billing does the following:

  • Assists in paying your bills
  • Generates monthly invoices containing cost and usage data that can be downloaded
  • Sets spending thresholds
  • Analyzes your costs proactively
  • Identifies opportunities to optimize spending for your workloads in Azure

We will cover this in more depth in Chapter 7, Offers, support, resources, and tips to optimize cost in Azure, since individuals and organizations manage cost streams differently in Azure.

Summary

As you can see from this chapter, Azure and Azure DevOps have significant synergies. It is essential to create a repeatable, stable way to deploy your code and infrastructure to the cloud. While learning how to deploy this infrastructure to the cloud, we needed to understand why ARM templates are used. This led us to discuss some of the fundamentals and best practices around deploying this infrastructure to leverage our code or applications. We looked at exactly how we need to secure resources and our applications through identity and access control. This brought us to understanding how to create governance in Azure to ensure consistency and compliance.

Azure creates a lot of frameworks that allow you to digest the things that you need to leverage to ensure your applications are secure and complete. It is also good to remember that as you approach Azure, you should approach it from an automation perspective. An organization should develop compliance, Azure governance, and best practices that work across the organization while minimizing its business risk.

Now that we have built a foundation, in the next chapter, we will move on to how we can modernize applications.

Important links

Left arrow icon Right arrow icon

Key benefits

  • Get to grips with the core Azure infrastructure technologies and solutions
  • Develop the ability to opt for cloud design and architecture that best fits your organization
  • Cover the entire spectrum of cloud migration from planning to implementation and best practices

Description

Microsoft Azure is a powerful cloud computing platform that offers a multitude of services and capabilities for organizations of any size moving to a cloud strategy. This fourth edition comes with the latest updates on cloud security fundamentals, hybrid cloud, cloud migration, Microsoft Azure Active Directory, and Windows Virtual Desktop. It encapsulates the entire spectrum of measures involved in Azure deployment that includes understanding Azure fundamentals, choosing a suitable cloud architecture, building on design principles, becoming familiar with Azure DevOps, and learning best practices for optimization and management. The book begins by introducing you to the Azure cloud platform and demonstrating the substantial scope of digital transformation and innovation that can be achieved with Azure's capabilities. The guide also acquaints you with practical insights into application modernization, Azure Infrastructure as a Service (IaaS) deployment, infrastructure management, key application architectures, best practices of Azure DevOps, and Azure automation. By the end of this book, you will have acquired the skills required to drive Azure operations from the planning and cloud migration stage to cost management and troubleshooting.

Who is this book for?

This book is designed to benefit Azure architects, cloud solution architects, Azure developers, Azure administrators, and anyone who wants to develop expertise in operating and administering the Azure cloud. Basic familiarity with operating systems and databases will help you grasp the concepts covered in this book.

What you will learn

  • Understand core Azure infrastructure technologies and solutions
  • Carry out detailed planning for migrating applications to the cloud with Azure
  • Deploy and run Azure infrastructure services
  • Define roles and responsibilities in DevOps
  • Get a firm grip on Azure security fundamentals
  • Carry out cost optimization in Azure
Estimated delivery fee Deliver to Thailand

Standard delivery 10 - 13 business days

$8.95

Premium delivery 5 - 8 business days

$45.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : May 14, 2021
Length: 228 pages
Edition : 4th
Language : English
ISBN-13 : 9781801077972
Vendor :
Microsoft
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Thailand

Standard delivery 10 - 13 business days

$8.95

Premium delivery 5 - 8 business days

$45.95
(Includes tracking information)

Product Details

Publication date : May 14, 2021
Length: 228 pages
Edition : 4th
Language : English
ISBN-13 : 9781801077972
Vendor :
Microsoft
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 166.97
Azure Strategy and Implementation Guide, Fourth Edition
$54.99
The Azure Cloud Native Architecture Mapbook
$62.99
Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond
$48.99
Total $ 166.97 Stars icon
Banner background image

Table of Contents

9 Chapters
1. Introduction Chevron down icon Chevron up icon
2. Automation and governance in Azure Chevron down icon Chevron up icon
3. Modernizing with hybrid cloud and multicloud Chevron down icon Chevron up icon
4. Cloud migration: Planning, implementation, and best practices Chevron down icon Chevron up icon
5. Enabling secure, remote work with Microsoft Azure AD and WVD Chevron down icon Chevron up icon
6. Security fundamentals to help protect against cybercrime Chevron down icon Chevron up icon
7. Offers, support, resources, and tips to optimize cost in Azure Chevron down icon Chevron up icon
8. Conclusion Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact [email protected] with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at [email protected] using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on [email protected] with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on [email protected] within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on [email protected] who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on [email protected] within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela