0% found this document useful (0 votes)

573 views218 pages

10979B ENU TrainerHandbook PDF

Uploaded by

shijonj5508

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

573 views218 pages

10979B ENU TrainerHandbook PDF

Uploaded by

shijonj5508

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 218

MCT USE ONLY.

STUDENT USE PROHIBITED

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

10979B
Microsoft Azure Fundamentals
MCT USE ONLY. STUDENT USE PROHIBITED
ii Microsoft Azure Fundamentals

Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, email address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product.
Links may be provided to third party sites. Such sites are not under the control of Microsoft and
Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or
any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of
transmission received from any linked site. Microsoft is providing these links to you only as a convenience,
and the inclusion of any link does not imply endorsement of Microsoft of the site or the products
contained therein.

© 2014 Microsoft Corporation. All rights reserved.

Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty
/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners.

Product Number: 10979B

Part Number: X19-81901

Released: 02/2015
MCT USE ONLY. STUDENT USE PROHIBITED
MICROSOFT LICENSE TERMS
MICROSOFT INSTRUCTOR-LED COURSEWARE

These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.

BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.

If you comply with these license terms, you have the rights below for each license you acquire.

1. DEFINITIONS.

a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.

b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.

c. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.

d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.

e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.

f. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.

g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.

h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy
Program.

i. “Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.

j. “MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.

k. “MPN Member” means an active Microsoft Partner Network program member in good standing.
MCT USE ONLY. STUDENT USE PROHIBITED
l. “Personal Device” means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.

m. “Private Training Session” means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.

n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.

o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Pre-
release course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.

2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy
per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.

2.1 Below are five separate sets of use rights. Only one set of rights apply to you.

a. If you are a Microsoft IT Academy Program Member:

b. If you are a Microsoft Learning Competency Member:

i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User attending the Authorized Training Session and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware provided, or
2. provide one (1) End User attending the Authorized Training Session with the unique redemption
code and instructions on how they can access one (1) digital version of the Microsoft Instructor-
Led Courseware, or
3. you will provide one (1) Trainer with the unique redemption code and instructions on how they
can access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure that each End User attending an Authorized Training Session has their own valid
licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized
Training Session,
v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training
Sessions,
viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is
the subject of the MOC title being taught for all your Authorized Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.
MCT USE ONLY. STUDENT USE PROHIBITED
c. If you are a MPN Member:
i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User attending the Private Training Session, and only immediately prior to the commencement
of the Private Training Session that is the subject matter of the Microsoft Instructor-Led
Courseware being provided, or
2. provide one (1) End User who is attending the Private Training Session with the unique
redemption code and instructions on how they can access one (1) digital version of the
Microsoft Instructor-Led Courseware, or
3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique
redemption code and instructions on how they can access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure that each End User attending an Private Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session,
v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed
copy of the Trainer Content that is the subject of the Private Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training
Sessions,
viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the
subject of the MOC title being taught for all your Private Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.

d. If you are an End User:

For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your
personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the
Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the
training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to
three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware.
You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.

e. If you are a Trainer.

i. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the
form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized
Training Session or Private Training Session, and install one (1) additional copy on another Personal
Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not
install or use a copy of the Trainer Content on a device you do not own or control. You may also
print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training
Session or Private Training Session.
MCT USE ONLY. STUDENT USE PROHIBITED
ii. You may customize the written portions of the Trainer Content that are logically associated with
instruction of a training session in accordance with the most recent version of the MCT agreement.
If you elect to exercise the foregoing rights, you agree to comply with the following: (i)
customizations may only be used for teaching Authorized Training Sessions and Private Training
Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of
“customize” refers only to changing the order of slides and content, and/or not using all the slides or
content, it does not mean changing or modifying any slide or content.

2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.

2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.

2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.

2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.

3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject

matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to the
other provisions in this agreement, these terms also apply:

a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.

b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.

c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.
MCT USE ONLY. STUDENT USE PROHIBITED
4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
• access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,
• alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,
• modify or create a derivative work of any Licensed Content,
• publicly display, or make the Licensed Content available for others to access or use,
• copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,
• work around any technical limitations in the Licensed Content, or
• reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.

5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.

6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.

7. SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it.

8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.

9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.

10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.

11. APPLICABLE LAW.

a. United States. If you acquired the Licensed Content in the United States, Washington state law governs
the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws
principles. The laws of the state where you live govern all other claims, including claims under state
consumer protection laws, unfair competition laws, and in tort.
MCT USE ONLY. STUDENT USE PROHIBITED
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that
country apply.

12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.

13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.

This limitation applies to

o anything related to the Licensed Content, services, content (including code) on third party Internet
sites or third-party programs; and
o claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.

It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.

Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.

Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en français.

EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute
utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie
expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.

LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES

DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages
directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres
dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.
Cette limitation concerne:
• tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers; et.
• les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité
stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.
MCT USE ONLY. STUDENT USE PROHIBITED
Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si
votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires
ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre
égard.

EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits
prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre
pays si celles-ci ne le permettent pas.

Revised July 2013

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals xi
MCT USE ONLY. STUDENT USE PROHIBITED
xii Microsoft Azure Fundamentals

Acknowledgments
Microsoft Learning would like to acknowledge and thank the following for their contribution towards
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.

Andrew J. Warren – Content Developer

Andrew J. Warren - Content Developer/Subject Matter Expert. Andrew Warren has more than 25 years of
experience in the IT industry, many of which he has spent teaching and writing. He has been involved as a
subject matter expert for many of the Windows Server 2012 courses, and the technical lead on many
Windows 8 courses. He also has been involved in developing TechNet sessions on Microsoft Exchange
Server. Based in the United Kingdom, he runs his own IT training and education consultancy.

Damir Dizdarevic – Subject Matter Expert/Content Developer

Damir Dizdarevic is an MCT, Microsoft Certified Solutions Expert (MCSE), Microsoft Certified Technology
Specialist (MCTS), and a Microsoft Certified Information Technology Professional (MCITP). He is a manager
and trainer of the Learning Center at Logosoft d.o.o., in Sarajevo, Bosnia and Herzegovina. He also works
as a consultant on IT infrastructure and messaging projects. Damir has more than 18 years of experience
on Microsoft platforms, and he specializes in Windows Server®, Exchange Server, security, and
virtualization. He has worked as a subject matter expert and technical reviewer on many Microsoft Official
Courses (MOC) courses on Windows Server and Exchange topics, and has published more than 400
articles in various IT magazines, such as Windows ITPro and INFO Magazine. He's also a frequent and
highly rated speaker on most of Microsoft conferences in Eastern Europe. Additionally, Damir is a
Microsoft Most Valuable Professional (MVP) for Windows Server, 7 years in a row. His technical blog is
available at http://dizdarevic.ba/ddamirblog.

Marcin Policht – Subject Matter Expert

Marcin Policht obtained his Master of Computer Science degree 18 years ago and has since then worked
in the Information Technology field, focusing primarily on directory services, virtualization, system
management, and database management. Marcin authored the first book dedicated to Windows
Management Instrumentation and co-wrote several others on topics ranging from core operating system
features to high-availability solutions. His articles have been published on ServerWatch.com and
DatabaseJournal.com. Marcin has been a Microsoft MVP for the last seven years.

Magnus Mårtensson – Technical Reviewer

Magnus completed his Masters in Computer Science in 1999 and has more than 15 years of development
consulting experience. From Sweden, he runs his own company, Martensson Consulting, which offers
expert Windows Azure strategic, architectural, and development advice all over northern Europe. Magnus
was the first Microsoft Azure MVP in Scandinavia and was awarded MVP of the Year in 2012. He is an
international speaker and has given multiple TechEd presentations. An avid community enthusiast, he is
one of the creators of the Global Windows Azure Bootcamp, an annual event that runs at over 130
locations worldwide on a single day. He has a great passion for learning and sharing his own knowledge.

Ronald Beekelaar – Technical Reviewer

Ronald Beekelaar is a long-time Hyper-V MVP and MCT. Ronald is a well-known trainer and presenter on
the topics of security, virtualization, Hyper-V, and Microsoft Azure. He is the founder of Virsoft Solutions,
which provides access to hosted online hands-on labs and demo environments for training centers,
Microsoft events, Microsoft product groups, and other customers. The hosted lab solution runs in Hyper-V
data centers and on Microsoft Azure.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals xiii

Contents
Module 1: Getting Started with Microsoft Azure
Lesson 1: What Is Cloud Computing? 1-2
Lesson 2: What Is Azure? 1-7
Lesson 3: Managing Azure 1-10
Lesson 4: Subscription Management and Billing 1-16
Lab: Use the Microsoft Azure Portal 1-23

Module 2: Virtual Machines in Microsoft Azure

Lesson 1: Create and Configure Virtual Machines 2-2
Lesson 2: Configure Disks 2-12
Lab: Create a Virtual Machine in Microsoft Azure 2-18

Module 3: Websites and Cloud Services

Lesson 1: Create and Configure Websites 3-2
Lesson 2: Deploy and Monitor Websites 3-8
Lesson 3: Create and Deploy Cloud Services 3-13
Lab: Websites and Cloud Services 3-21

Module 4: Virtual Networks

Lesson 1: Getting Started with Virtual Networks 4-2
Lesson 2: Creating a Virtual Network 4-6
Lesson 3: Implementing Point-to-Site Networks 4-9
Lab: Create a Virtual Network 4-13

Module 5: Cloud Storage

Lesson 1: Understand Cloud storage 5-2
Lesson 2: Create and Manage Storage 5-14
Lab: Configure Azure Storage 5-20

Module 6: Microsoft Azure Databases

Lesson 1: Understand Relational Database Deployment Options 6-2
Lesson 2: Create and Connect to SQL Databases 6-5
Lab: Create a SQL Database in Azure 6-12

Module 7: Azure Active Directory

Lesson 1: Overview of Azure AD 7-2
Lesson 2: Manage Authentication 7-12
Lab: Create Users in Azure Active Directory 7-17
MCT USE ONLY. STUDENT USE PROHIBITED
xiv Microsoft Azure Fundamentals

Module 8: Microsoft Azure Management Tools

Lesson 1: Azure PowerShell 8-2
Lesson 2: The Azure SDK and the Azure Cross-Platform Command-Line
Interface 8-8
Lab: Using Microsoft Azure Management Tools 8-12

Lab Answer Keys

Module 1 Lab: Use the Microsoft Azure Portal L1-1
Module 2 Lab: Create a Virtual Machine in Microsoft Azure L2-3
Module 3 Lab: Websites and Cloud Services L3-7
Module 4 Lab: Create a Virtual Network L4-11
Module 5 Lab: Configure Azure Storage L5-17
Module 6 Lab: Create a SQL Database in Azure L6-21
Module 7 Lab: Create Users in Azure Active Directory L7-25
Module 8 Lab: Using Microsoft Azure Management Tools L8-29
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course xv

About This Course

This section provides a brief description of the course, including audience, suggested prerequisites, and
course objectives.

Course Description
This course trains students on the basics of Microsoft Azure. It provides the underlying knowledge that
students will require when they evaluate Microsoft Azure as an administrator, developer, or database
administrator. This course lays the groundwork for further role-specific training in Azure, and also
provides the prerequisite knowledge for students wishing to attend course 20532: Developing Microsoft
Azure Solutions, or course 20533: Implementing Microsoft Azure Infrastructure Solutions.

Audience
This course is intended for IT professionals who have a limited knowledge of cloud technologies and want
to learn more about Microsoft Azure. The audience will include:
• Individuals who want to evaluate the deployment, configuration, and administration of services and
virtual machines using Microsoft Azure.

• Developers who want to evaluate the creation of Microsoft Azure solutions.

• Windows Server administrators who want to evaluate the migration of on-premises Active Directory
roles and services to the cloud.

• IT professionals who want to evaluate the use of Microsoft Azure to host web sites and mobile app
back-end services.
• Database administrators who want to evaluate the use of Microsoft Azure to host Microsoft SQL
Server databases.

Student Prerequisites
This course requires that students meet the following prerequisites:
• Professional experience in information technology.

• An understanding of websites.

• A basic understanding of Active Directory concepts such as domains, users, and domain controllers.

• A basic understanding of database concepts, including tables and simple queries.

Course Objectives
After completing this course, students will be able to:
• Describe the various Azure services, and access these services from the Azure portal.

• Create and configure virtual machines in Azure.

• Describe the Azure Websites service and Azure Cloud Services.

• Create and implement Azure networks.

• Create and configure cloud storage in Azure.

• Use databases to store data in Azure.

• Use Azure Active Directory (Azure AD), integrate applications with Azure AD, and manage
authentication.

• Manage an Azure subscription by using Azure PowerShell, Microsoft Visual Studio, and the Azure
command-line interface.
MCT USE ONLY. STUDENT USE PROHIBITED
xvi About This Course

Course Outline
The course outline is as follows:

Module 1, “Getting Started with Microsoft Azure" introduces students to cloud services and the various
Azure services. It describes how to use the Azure portal to access and manage Azure services, and to
manage Azure subscription and billing.
Module 2, “Virtual Machines in Microsoft Azure" describes how to use Azure to deploy virtual machines
on locally installed servers. It also explains the creation and configuration of virtual machines, and the
management of virtual machine disks by using Azure.
Module 3, “Websites and Cloud Services" explains how to create, configure, and monitor websites by
using Azure. It also describes the creation and deployment of Cloud Services on Azure.

Module 4, “Virtual Networks" describes Azure virtual networks and explains how to create them. It also
explains how to implement how to implement communications between your on-premises infrastructure
and Azure by using point-to-site networks.

Module 5, “Cloud Storage" describes the use of cloud storage and its benefits. It also explains how to
create, manage, and configure cloud storage in Azure.
Module 6, “Microsoft Azure Databases" describes the options available for storing relational data in
Azure. It also explains how to use Microsoft Azure SQL Database to create, configure, and manage SQL
databases in Azure.

Module 7, “Azure Active Directory" explains how to use Azure AD and Azure Multi-Factor Authentication
to enhance security. It explains how to create users, domains, and directories in Azure AD, and how to use
Multi-Factor Authentication and single sign-on (SSO).
Module 8, “Microsoft Azure Management Tools" introduces Azure PowerShell, and explains its use in
managing Azure subscriptions. It also describes the Azure Software Development Kit (SDK) and the Azure
cross-platform command-line interface, and explains their benefits and uses.
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course xvii

Course Materials
The following materials are included with your kit:

• Course Handbook: A succinct classroom learning guide that provides the critical technical
information in a crisp, tightly-focused format, which is essential for an effective in-class learning
experience.
o Lessons: Guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.

o Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.

o Module Reviews and Takeaways: Provide on-the-job reference material to boost knowledge
and skills retention.
o Lab Answer Keys: Provide step-by-step lab solution guidance, when it is needed.

Additional Reading: Course Companion Content on the http://www.microsoft.com

/learning/en/us/companion-moc.aspx Site: searchable, easy-to-browse digital content with
integrated premium online resources that supplement the Course Handbook.

• Modules: include companion content, such as questions and answers, detailed demo steps and
additional reading links, for each lesson. Additionally, they include Lab Review questions and answers
and Module Reviews and Takeaways sections, which contain the review questions and answers, best
practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios
with answers.

• Resources: include well-categorized additional resources that give you immediate access to the most
current premium content on TechNet, MSDN®, or Microsoft Press®.

Additional Reading: Student Course files on the http://www.microsoft.com

/learning/en/us/companion-moc.aspx Site: includes the Allfiles.exe, a self-extracting
executable file that contains all required files for the labs and demonstrations.

• Course evaluation: At the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.

o To provide additional comments or feedback on the course, send an email to

[email protected]. To inquire about the Microsoft Certification Program, send an
email to [email protected].
MCT USE ONLY. STUDENT USE PROHIBITED
xviii About This Course

Virtual Machine Environment

This section provides the information for setting up the classroom environment to support the business
scenario of the course.

Virtual Machine Configuration

To complete the labs, you will work on your computer to access Microsoft Azure. You do not require any
virtual machines on the local computer.

Software Configuration
This course requires a computer (physical, virtual, or cloud-based) that has the following capabilities and
software:

• Internet connectivity
• Internet Explorer 10

• Microsoft Visual Studio Express 2013 for Windows Desktop

• Microsoft SQL Server Management Studio Express

• Windows Web Platform Installer 5.0

• Visual Studio Express 2013 for Web with Microsoft Azure software development kit (SDK)

• Microsoft Azure SDK for .NET

Course Files
The files associated with the labs in this course are located in the C:\Labfiles\LabXX folder on the student
computers.

Classroom Setup
Each classroom computer will have the required software installed as part of classroom setup.

Microsoft Azure
This course contains labs which require access to Microsoft Azure. A Microsoft Learning Azure Pass will be
provided to facilitate access to Microsoft Azure. Details of how to acquire, set up, and configure your
Microsoft Azure access will be provided by your MCT.

You should be aware of some general best practices around use of the Microsoft Learning Azure Pass:

• Check the dollar balance of your Azure Pass within Microsoft Azure once you have setup your
subscription, and be aware of how much you are consuming as you proceed through the labs.

• Do not allow Microsoft Azure components to run overnight or for extended periods unless you need
to do so, as this will use up the pass dollar amount unnecessarily.

• Remove any Microsoft Azure created components or services such as storage, virtual machines, cloud
services, etc. after you are finished your lab to help minimize cost usage and extend the life of your
Microsoft Learning Azure Pass.

Note: You may use your own full or trial subscription if you wish, but note that the labs
have not been tested with all subscription types and, while unlikely, it is possible some variation
may exist due to some subscription limitations. Also, be aware that the scripts used in the labs will
delete any existing services or components present in Microsoft Azure under the subscription
that you use.
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course xix

Course Hardware Level

Where labs are being run locally, to ensure a satisfactory student experience, Microsoft Learning requires
a minimum equipment configuration for trainer and student computers in all Microsoft Certified Partner
for Learning Solutions (CPLS) classrooms in which Official Microsoft Learning Product courseware are
taught.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
1-1

Module 1
Getting Started with Microsoft Azure
Contents:
Module Overview 1-1

Lesson 1: What Is Cloud Computing? 1-2

Lesson 2: What Is Azure? 1-7

Lesson 3: Managing Azure 1-10

Lesson 4: Subscription Management and Billing 1-16

Lab: Use the Microsoft Azure Portal 1-23
Module Review and Takeaways 1-25

Module Overview
As organizations move their IT workloads to the cloud, IT professionals and developers must understand
the principles on which cloud-solutions are based, and learn how to deploy and manage cloud
applications, services, and infrastructure. Specifically, IT professionals and developers who plan to use
Microsoft Azure must learn about the services that Azure provides, and how to manage those services.

This module provides an overview of Azure, and it explains the various Azure services. It also describes
how to access these services from the Azure portal, and how to manage your Azure subscription and
billing.

Objectives
After completing this module, you will be able to:
• Describe cloud computing.

• Describe Azure and the various Azure services.

• Manage Azure services from the Azure portal.

• Manage your Azure subscription and billing.
MCT USE ONLY. STUDENT USE PROHIBITED
1-2 Getting Started with Microsoft Azure

Lesson 1
What Is Cloud Computing?
Cloud computing plays an increasingly important role in IT infrastructure. Therefore, IT professionals must
be aware of fundamental cloud principles and techniques. There are three main types of cloud computing
models: public, private, and hybrid. Each of these models provides different services based on your needs.
Before you move to a cloud-based model, you must decide which type best suits your needs.

This lesson introduces the cloud, and describes considerations for implementing cloud-based
infrastructure services.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe key principles of cloud computing.

• Identify the common types of cloud services.

• Describe public, private, and hybrid cloud solutions.

• Identify suitable uses for cloud services.

Overview of Cloud Computing

Cloud computing is a term that describes the
delivery and consumption of computing and
application resources from a remote location,
often but not necessarily over the Internet. Users
subscribe to cloud computing resources. Based
on their consumption of those resources, the
cloud computing provider charges the users.
The charge might be based on a number of usage
characteristics, such as the volume of storage
used, the power of virtual machines provisioned,
or other factors.

Cloud computing applications are typically

independent of an operating system, and they are available to users across a wide variety of devices. From
an administrative perspective, cloud computing infrastructure should:

• Be pooled.

• Be able to deliver multitenant services.

• Allow rapid scalability.

Most cloud solutions are built on virtualization technology, which abstracts physical hardware as a layer of
virtualized resources for processing, memory, storage, and networking. Many cloud solutions add further
layers of abstraction to define specific services that can be provisioned and used.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-3

Regardless of the specific technologies that organizations use to implement cloud computing solutions,
the National Institute of Standards and Technology has identified that the technologist exhibit the
following five characteristics:

• On-demand self-service. Cloud services are generally provisioned according to requirement, and
need minimal infrastructure configuration by the consumer. This enables users of cloud services
to quickly set up the resources they want, typically without having to involve IT specialists.
• Broad network access. Consumers generally access cloud services over a network connection, usually
either a corporate network or the Internet.

• Resource pooling. Cloud services can use a pool of hardware resources that consumers might share. A
hardware pool might consist of hardware from multiple servers that are arranged as a single logical
entity.

Note: As your use of resources increases, you might take on a greater proportion of the
hardware hosting your services until you have exclusive use of the physical server computer
hosting your resources.

• Rapid elasticity. Cloud services scale dynamically to obtain additional resources from the pool as
workloads intensify, and release resources automatically when they are no longer needed.

• Measured service. Cloud services generally include some sort of metering capability. Metering makes
it possible to track relative resource usage by the users, or subscribers of the services.
The advantages of cloud computing are:

• Managed datacenter. With cloud computing, your service provider can manage your datacenter. This
obviates the need for you to manage your own IT infrastructure. Cloud computing also enables you
to access computing services irrespective of your location and the hardware that you use to access
those services. Although the datacenter remains a key element in cloud computing, the emphasis is
on virtualization technologies that focus on delivering applications rather than on infrastructure.

• Lower operational costs. Cloud computing provides pooled resources, elasticity, and virtualization
technology. These factors help you to alleviate issues such as low system use, inconsistent
availability, and high operational costs. It is important to remember that with cloud computing,
you only pay for the services that you use; this can mean substantial savings on operational
costs for most organizations.
• Server consolidation. You can consolidate servers across the datacenter by using the cloud computing
model, because it can host multiple virtual machines on a virtualization host.

• Better flexibility and speed. When you use the cloud computing model with products such as System
Center 2012, you can increase resources’ flexibility and the speed of access to resources.
MCT USE ONLY. STUDENT USE PROHIBITED
1-4 Getting Started with Microsoft Azure

Cloud Services
Cloud services generally fall into one of the
following three categories:

• Software as a service (SaaS)

• Platform as a service (PaaS)

• Infrastructure as a service (IaaS)

SaaS
SaaS offerings consist of complete software
applications that are delivered as a cloud-based
service. Users can subscribe to the service
and use the application, normally through a web
browser or by installing a client-side app. Examples of Microsoft SaaS services include Microsoft Office
365, Skype, and Microsoft Dynamics CRM Online. The primary advantage of SaaS services is that they
enable users to easily access applications without the need to install and maintain them. Typically, users
do not have to worry about issues such as updating applications and maintaining compliance, because
the service provider handles these tasks

PaaS
PaaS offerings consist of cloud-based services that provide resources on which developers can build their
own solutions. Typically, PaaS encapsulates fundamental operating system (OS) capabilities, including
storage and compute, as well as functional services for custom applications. Usually, PaaS offerings
provide application programming interfaces (APIs), and configuration and management user interfaces.
Azure provides PaaS services that simplify the creation of solutions such as web and mobile applications.
PaaS enables developers and organizations to create highly-scalable custom applications without
having to provision and maintain hardware and OS resources. The main benefit PaaS provides to your
organization is that you can shift much, if not most of your infrastructure to the cloud, thus possibly
reducing management tasks and costs.

IaaS
IaaS offerings provide virtualized server and network infrastructure components that users can easily
provision and decommission as required. Typically, the management of IaaS facilities is similar to that
of on-premises infrastructure. IaaS facilities provide an easy migration path for moving existing
applications to the cloud.

A key point to note is that an infrastructure service might be a single IT resource—such as a virtual
server with a default installation of Windows Server 2012 R2 and SQL Server 2014—or it might be
a completely pre-configured infrastructure environment for a specific application or business process.
For example, a retail organization might empower departments to provision their own database servers
to use as data stores for custom applications. Alternatively, the organization might define a set of
virtual machine and network templates that it can provision as a single unit to implement a complete,
pre-configured infrastructure solution, including all the required applications and settings, for a branch
or store.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-5

Public, Private, and Hybrid Clouds

Cloud computing uses three main deployment
models:

• Public cloud. Public clouds are infrastructure,

platform, or application services that a cloud
service provider delivers for access and
consumption by multiple organizations. With
public cloud services, the organization that
signs up for the service does not have the
management overhead that the private
cloud model would require. This also means
that the organization has less control of the
infrastructure and services, because the
service provider manages this for the organization. In addition, the public cloud hosts the
infrastructure and services for multiple organizations (multitenant), so you might need to consider the
potential data sovereignty implications of this model.

• Private cloud. Individual organizations privately own and manage private clouds. Private clouds
offer benefits similar to those of public clouds, but are designed and secured for a single
organization’s use. The organization manages and maintains the infrastructure for the private
cloud in its datacenter. One of the key benefits of this approach is that the organization has complete
control over the cloud infrastructure and services that it provides. However, the organization also has
the management overhead and costs that are associated with this model.

• Hybrid cloud. In a hybrid cloud, a technology binds two separate clouds (public and private) together
for the specific purpose of obtaining resources from both. You decide which elements of your services
and infrastructure to host privately, and which to host in the public cloud.

Many organizations use a hybrid model when extending to the cloud; that is, they begin to shift
some elements of their applications and infrastructure to the cloud. Sometimes, an application and
its supporting infrastructure are shifted to the cloud, while the underlying database is maintained
within the organization’s own infrastructure. This approach might be used to address security
concerns with that particular database.
Microsoft cloud services provide technology and applications across all of these cloud computing models.
Some examples of Microsoft cloud services are:
• Microsoft public cloud services:
o Azure. Azure is a public cloud environment that offers PaaS, SaaS, and IaaS. Developers can
subscribe to Azure services and create software, which is delivered as SaaS. Microsoft cloud
services use Azure to deliver some of its own SaaS applications.

o Office 365. Office 365 delivers online versions of the Microsoft Office applications and online
business collaboration tools.

o Microsoft Dynamics CRM Online. Dynamics CRM Online is the version of the on-premises
Microsoft Dynamics CRM application that Microsoft hosts.

• Microsoft private cloud:

o Hyper-V in Windows Server 2012 R2 combines with System Center 2012 R2 to create the
foundation for building private clouds. By implementing these products as a combined solution,
you can deliver much of the same functionality that public clouds offer.
MCT USE ONLY. STUDENT USE PROHIBITED
1-6 Getting Started with Microsoft Azure

• The Microsoft hybrid cloud approach:

o Microsoft provides a number of solutions that support the hybrid cloud model, by enabling you
to:
 Back up an on-premises cloud application to a service provider.
 Manage, monitor, and move virtual machines between different clouds.
 Connect and federate directory services that allow your users to access applications that are
constructed across a combination of on-premises, service provider, and public cloud types.

Discussion: How Will Your Organization Use Cloud Computing?

Consider how the various cloud computing
scenarios might benefit your organization.
Be prepared to discuss this with the class.

Question: How will your organization use

cloud computing?
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-7

Lesson 2
What Is Azure?
Azure is the public cloud services offering from Microsoft. Microsoft datacenters deliver Azure
services over the Internet. Customers can subscribe to a variety of the Azure services that run in
these datacenters, typically at a cost lower than they might incur if they purchased or hosted their
own hardware, or built their own services and software.

Individuals, customers, and Microsoft partners can use several methods to access Azure–based services.
Partners have access to programs such as Microsoft Azure platform Cloud Essentials for Partners and
Cloud Accelerate. Both customers and partners can access resources through MSDN and through the
Microsoft BizSpark program, each of which provides a predefined amount of resources and services to
build solutions.

This lesson provides an overview of Azure and its services.

Lesson Objectives
After completing this lesson, you will be able to:
• Describe Azure.

• Describe the available Azure services.

Overview of Azure
Azure is a collection of cloud services that
you can use to build and operate cloud-based
applications and IT infrastructure. A global
network of datacenters host Azure services.
Microsoft technicians manage these data centers
on a 24-hour-a-day basis. Azure offers a 99.95
percent availability service level agreement (SLA)
for computing services.
Azure services enable you to:

• Create and operate cloud-based applications

by using a wide range of commonly used
tools and frameworks.

• Host workloads in the cloud on Azure PaaS services and IaaS infrastructure that comprise virtual
machines and virtual networks.
• Integrate cloud services with on-premises infrastructure.

To use Azure services, you require a subscription. You can sign up for a subscription as an individual or as
an organization, and then pay for the services you use on a usage-based cost basis.

Note: Microsoft Azure was formerly known as Windows Azure.

Additional Reading: To download the Microsoft Azure free trial, go to

http://go.microsoft.com/fwlink/?LinkID=517412.
MCT USE ONLY. STUDENT USE PROHIBITED
1-8 Getting Started with Microsoft Azure

Available Azure Services

There are four categories of Azure services:
compute, data services, app services, and network
services.

Compute
• Websites. You can use website services
to develop and deploy more secure and
scalable websites, including integration with
many source control technologies. Microsoft
Azure supports many languages including
ASP.NET (sometimes known as classic ASP),
PHP, Node.js, and Python. You can also
deploy a choice of SQL Server databases, or
deploy MySQL. There are several open source applications, templates, and frameworks available in
the Web App Gallery. These include CakePHP, DotNetNuke, Drupal, Django, Express, WordPress, and
Umbraco.

• Cloud services. Provides a platform that can host web applications and web services. Cloud services
use a modular architecture that allows you to scale your application to larger sizes while minimizing
costs.

• Virtual machines. You can build virtual machine instances from scratch, or by using templates. You
also can build them on your own site, and then transfer them to Azure (or the other way around).
Virtual machines can run a variety of workloads, including many Microsoft-certified workloads such as
SQL Server, SharePoint Server, and BizTalk Server.
• Mobile services. You can use these services to build mobile phone apps, including storage,
authentication, and notification services for Windows apps, Android apps, and Apple iOS apps.

• Batch Service. Provides cloud-scale job scheduling and compute management, and enables you to
make it easy to run large-scale parallel and high-performance computing (HPC) workloads in Azure.
You can use Batch to scale-out parallel workloads, manage the execution of tasks in a queue, and
enable applications to offload compute jobs in the cloud.

Data Services
• SQL Database. Azure includes a SQL Database offering. SQL Database provides interoperability, which
enables customers to build applications by using most development frameworks.
• Storage. You can use the storage service to create and manage storage accounts for blobs, tables, and
queues.

• Microsoft Azure HDInsight. Microsoft Azure HDInsight is the Hadoop-based solution from Microsoft.
Hadoop is used to process and analyze big data.

• Recovery services. You can back up directly to Azure. You can configure the cloud backups from the
backup tools in Windows Server 2012 R2, or from System Center 2012 R2.
• Machine Learning. Enables you to mine historical data with your computer systems to help predict
future trends.

• Stream Analytics. An event-processing engine that can help to collect real-time information from
your devices, sensors, infrastructure, applications, and data.
• StorSimple Manager. Helps provide primary storage, archive, and disaster recovery. Enables you to
optimize your total storage costs and provide for data protection within your enterprise.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-9

App Services
• Media Services. You can use media services to create, manage, and distribute media across a large
variety of devices such as Xbox, computers running the Windows operating system, MacOS, iOS, and
Android.

• Messaging. The Microsoft Azure Service Bus provides the messaging channel for connecting cloud
applications to on-premises applications, services, and systems.
• Microsoft Azure AD. This is a modern, Representational State Transfer-based (REST-based) service that
provides identity management and access control capabilities for cloud applications. It is the identity
service that is used across Microsoft Azure, Office 365, Microsoft Dynamics CRM Online, Windows
Intune, and other non-Microsoft cloud services. Microsoft Azure Active Directory (AD)
also can integrate with on-premises Active Directory deployments.

• Visual Studio Online. You can use Visual Studio online to create and manage team projects and
code repositories. Visual Studio online enables you to write and deploy a variety of different types
of apps, including those for Windows Phone and Windows Store, desktop apps, web apps, and web
services.
• CDN. The Azure Content Delivery Network (CDN) allows developers to deliver high-bandwidth
content by caching blobs and static content of compute instances at physical nodes throughout
the world.
• Scheduler. This provides a mechanism to schedule jobs within Azure.

• BizTalk service. This service provides supporting tools that allow developers to build solutions that
connect services and systems with disparate data formats and protocols.
• RemoteApp. Enables your users to access their apps remotely from their laptops, tablets, or phones.
The apps are centralized on Azure’s protected platform.

• Operational Insights. Provides you with search capabilities that enable root cause analysis and
automated troubleshooting across multiple data sources.

Network Services
• Microsoft Azure Virtual Network. You can use the Microsoft Azure Virtual Network (Virtual Network)
to create a logically isolated section in Microsoft Azure, and then connect it securely either to your
on-premises datacenter or to a single client machine, by using an IPsec connection.

Note: The next topic discusses Virtual Network in more depth.

• Microsoft Azure Traffic Manager. You can use Microsoft Azure Traffic Manager (Traffic Manager)
to load-balance inbound traffic across multiple Azure services. This helps ensure the performance,
availability, and resiliency of applications.

Note: Azure is continually being improved and enhanced, and new services are added on a
regular basis.

Additional Reading: For a full list of services currently available in Azure, go to the
Microsoft Azure website at http://go.microsoft.com/fwlink/?LinkID=517413.
MCT USE ONLY. STUDENT USE PROHIBITED
1-10 Getting Started with Microsoft Azure

Lesson 3
Managing Azure
Azure provides web-based portals in which you can provision and manage your organization’s Azure
subscriptions and services. These portals provide the initial environment in which you will work with
Azure, and it is important to know how to navigate and use the portals to manage Azure services.

Lesson Objectives
After completing this lesson, you will be able to:

• Explain how to use the Azure management portal.

• Explain how to use the preview Azure portal.

• Use the new Azure management portal preview.

• Describe the available client-based Azure management tools.

The Azure Portal

The existing Azure management portal is the
primary user interface for provisioning and
managing Azure services. It is implemented
as a web application, and it requires that
you sign in using a Microsoft account or an
organizational account that is associated
with one or more Azure subscriptions.

Additional Reading: To sign in to the Azure

management portal, go to
http://go.microsoft.com/fwlink/?LinkID=517414.

The Azure management portal consists of a page for each Azure service. It also includes an All Items page
in which you can view all provisioned services in your subscriptions, and a Settings page in which you can
configure subscription-wide settings.

Provisioning Services
You can provision a new instance of a service by clicking the New button on any page. Most services
provide a dialog box in which you can enter the user-definable settings for the service before creating it.
Service provisioning is performed asynchronously, and an indicator at the bottom of the page shows
current activity. You can expand this indicator to show a list of completed and in-process tasks.

Managing Services
Your provisioned services are listed on the All Items page and on each service-specific page. The list shows
the name, status, and service-specific settings for each service. You can click a service name in the list to
view the dashboard for that service instance, where multiple tabbed sub-pages enable you to view and
configure service-specific settings. In most cases, you make changes to a service by using the dynamic
toolbar of context-specific icons at the bottom of the sub-page.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-11

Adding Co-Administrators
When you provision an Azure subscription, you are designated automatically as the administrator
for that subscription, and you can manage all services and settings for the subscription. You can add
co-administrators in the Settings tab of the management portal by specifying the email address of each
user to whom you want to grant administrative privileges.

Note: The email account is the Microsoft account assigned to the user.

The Preview Azure Portal

Although the existing Azure management portal
still provides the primary user interface for
managing Azure services, a new version of the
portal is available in preview form. The Preview
Azure portal represents a significant change in the
way that developer and operations (dev/ops) tasks
are performed in Azure.

Additional Reading: To view the preview

Azure portal, go to http://go.microsoft.com
/fwlink/?LinkID=517415.

Note: You can accomplish most tasks in both the current portal and the Preview (new)
portal. However, the Preview portal does not include certain tasks, and you must perform these in
the existing portal. In addition, some new preview features are only available in the Preview
portal.

Portal Elements and Concepts

The Preview portal contains the following user interface (UI) elements:
• Startboard. The home page for your Azure environment, conceptually similar to the Start screen
in Windows. You can pin commonly used items to the Startboard to make it easier to navigate to
them. By default, the Startboard includes tiles that show global Azure service health, a shortcut to
the Azure gallery of available services, and a summary of billing information for your subscriptions.

• Blades. Panes in which you can view and configure details of a selected item. Each blade is displayed
as a pane in the user interface, and it often contains a list of services or other items that you can click
to open another blade. In this way, you can navigate through several blades
to view details of a specific item in your Azure environment.
• Hub Menu. A bar on the left side of the page, which contains the following icons:

o Home. Returns the page to the left so that the Hub Menu and Startboard are visible.

o Notifications. Opens a blade on which you can view notifications about the status of tasks.

o Browse. Provides a view of details of a service in your Azure environment.

o Active. Lists recent blades that you have viewed, enabling you to quickly navigate back to them.
MCT USE ONLY. STUDENT USE PROHIBITED
1-12 Getting Started with Microsoft Azure

o Billing. Provides details of charges and remaining credit for your subscriptions. Billing is also
available on a resource group basis.

o New. Enables you to create a new service in your Azure environment.

You can switch to the Preview portal from the existing portal by clicking your account name and then
clicking Switch to new portal. Conversely, to switch to the existing portal from the Preview portal, click
the Azure Portal tile in the Startboard.

Demonstration: Navigating the Portals

In this demonstration, you will see how to:

• Use the Azure management portal.

• Use the Preview Azure portal.

Demonstration Steps
Use the Azure Management Portal
1. Ensure that you are signed in to your local host.

2. Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in using the
Microsoft account that is associated with your Azure subscription.

3. On the left side of the page, note the pane that contains icons for each service. Then, at the bottom
of this pane, click SETTINGS (you may need to use the scroll bar for the pane).

4. On the settings page, on the SUBSCRIPTIONS tab, note the details of your subscription; click the
ADMINISTRATORS tab and verify that your Microsoft account is listed as the service administrator;
and then click the AFFINITY GROUPS tab and note that this is where you can add affinity groups to
your subscription.
5. In the services pane on the left, click STORAGE, and at the bottom of the page, click NEW. Then, in
the panel that appears, click QUICK CREATE, enter the following details, and click CREATE STORAGE
ACCOUNT:
o URL: Enter a unique valid value.

o LOCATION / AFFINITY GROUP: Select the location that is closest to your geographic location.
o REPLICATION: Locally Redundant.

6. At the bottom of the page, note the Active Progress indicator, which is animated to show that an
action is in progress.

7. On the storage page, wait for your storage account status to become Online. Then click the name of
your storage account.

8. On the page for your storage account, note the getting started information. Then view each of the
tabs for the storage account, noting that the context-aware tool bar at the bottom of the page
changes to reflect the current tab.

9. Click the Back icon on the left to return to the storage page. Then click ALL ITEMS and note that the
storage account is listed on this page.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-13

Use the Preview Azure Portal

1. At the top right of the Microsoft Azure management portal, click your Microsoft account name, and
then click Switch to new portal. This opens a new tab in Internet Explorer.

Note: If the Welcome to Microsoft Azure dialog box appears, click Get started.

2. When the new portal is loaded, view the tiles in the Startboard, noting the service health of the Azure
datacenters and the billing status for your subscription.
3. Click the Service health tile, and in the resulting Service health blade, note the status for the
individual Azure services, and then click Storage.

4. On the Storage blade, note the status for each region, and then click the region in which you
previously created a storage account.

5. Review the status of the storage service in your selected region, and then on the Hub menu, click
HOME. Note that the page scrolls to view the Startboard, but the blades that you opened remain
open.
6. In the Hub menu, click BROWSE, and then click Storage. Note that the currently open blades are
replaced with a new blade that shows your storage accounts.
7. On the Storage blade, click your storage account, and on the blade that is opened, view the details of
your storage account, noting that it has been assigned automatically to a resource group named
Default-Storage-SelectedRegion.

8. At the top of the blade for your storage account, click the Pin blade to Startboard icon, and note
that a tile for this blade is added to the Startboard.

9. On the Hub menu, click ACTIVE, and in the Active list, click Service health. Then close the ACTIVE
pane, and note that the blades you opened to check the status of the storage service in your selected
region are reopened.

10. On the Hub menu, click NEW, and in the New pane, click Website. Then in the Website blade, enter
the following settings, and click Create:

o URL: Enter a unique, valid URL

o WEB HOSTING PLAN: Use the default plan

o RESOURCE GROUP: Click the default resource group name, and then click Create a new
resource group. Then on the Create resource group blade, enter the name Demo-Web-App
and click OK.
o SUBSCRIPTION: Your subscription.

o LOCATION: Click the default location, and then select the location nearest to you.

o Add to Startboard: Selected

11. Wait for the website to be created, and then in the blade for the website (which opens automatically
after the website is created), note the information about the new website.

12. In Internet Explorer, switch to the tab containing the full Azure portal, and refresh the page. Note that
the website you created in the new portal is listed in the all items page.
MCT USE ONLY. STUDENT USE PROHIBITED
1-14 Getting Started with Microsoft Azure

Client Tools
The Azure portals provide a graphical user
interface for managing your Azure subscriptions
and services, and in many cases, these are
the primary management tools for service
provisioning and operations. However, it is
common to want to automate Dev/Ops tasks
by creating re-usable scripts, or to combine
management of Azure resources with
management of other network and infrastructure
services.

You can use Visual Studio, SQL Server

Management Studio, and Windows PowerShell to
manage some aspects of your Azure subscription and services.

Azure Tools for Visual Studio

Developers can use Azure Tools for Visual Studio to develop Azure projects. Examples include the
development of Azure cloud and mobile services, and ASP.NET web applications. Developers can
use the tools to run and debug projects locally before they publish them to Azure.

Additional Reading: The Azure Tools are part of the Azure SDK for .NET, which
you can download from Microsoft Azure Downloads: http://go.microsoft.com/fwlink
/?LinkID=517416.

SQL Server Management Studio

You can use SQL Server Management Studio to connect to an Azure SQL Database Server and manage it
in a way similar to how you manage SQL Server instances. The ability to manage SQL Server instances and
SQL Database servers by using the same tool is useful in hybrid IT environments. However, many of the
graphical designers in SQL Server Management Studio are not compatible with SQL Database, so you
must perform most tasks by executing Transact-SQL statements.

Note: You also can use the SQLCMD command-line tool to connect to Azure SQL Database
servers and execute Transact-SQL commands.

Windows PowerShell
Windows PowerShell provides a scripting platform for managing Windows. You can extend this platform
to a wide range of other infrastructure elements, including Azure, by importing modules of encapsulated
code called cmdlets.

Azure PowerShell is the primary PowerShell library for managing Azure services, and you can install it by
using the Microsoft Web Platform Installer.

Additional Reading: You can find a link to the latest version of Azure PowerShell at
http://go.microsoft.com/fwlink/?LinkID=517416.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-15

Azure PowerShell includes the following modules:

• Azure. A core set of cmdlets for managing Azure services.

• AzureResourceManager. A set of cmdlets for managing resource groups.

• AzureProfile. A set of cmdlets for managing authentication and execution context.

In many cases, you will need only the Azure PowerShell library. The Azure PowerShell module has a
dependency on the Microsoft .NET Framework 4.5, and the Web Platform Installer checks for this during
installation.

Note: If you plan to implement Active Directory (AD) in Azure, you can install the Azure AD
PowerShell library to manage users, groups, and other aspects of the directory from Windows
PowerShell. Before you can install the Azure AD module, you must install the Microsoft Online
Services Single Sign-In Assistant.

Azure Cross-Platform Command-Line Interface

The Azure cross-platform command-line interface provides a set of cross-platform commands that you
can use to manage your Azure subscription. It provides similar functionality as that found in the Azure
portal, including the ability to manage:
• Websites

• Virtual machines

• Mobile services
• SQL Database
MCT USE ONLY. STUDENT USE PROHIBITED
1-16 Getting Started with Microsoft Azure

Lesson 4
Subscription Management and Billing
It is important that you understand how to manage your subscription, including the billing for it. This
lesson describes the various Azure subscription options, explains how to manage subscription features,
and provides an overview of subscription billing.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe the available Azure subscriptions.

• Manage an Azure subscription.

• Understand current Azure subscription pricing.

• Explain the Azure pricing calculator.

• Navigate the Azure billing workspace.

• Use the Azure billing workspace.

Accounts, Subscriptions, and Administrative Roles

Your Azure subscription is related to your Azure
account and administrative roles. It is important
to understand the difference between accounts,
subscriptions, and administrative roles in Azure.

Accounts and Subscriptions

An Azure account determines how your Azure
usage is reported, and to whom it is reported.
A subscription enables you to organize your
access to your cloud services and resources.
A subscription helps you control how your
resource usage is reported, billed, and paid for.

Each of your subscriptions can have a different billing and payment setup. This enables you to have
different subscriptions and different plans by department, project, regional office, or other factor. Every
cloud service belongs to a subscription, and the subscription ID is often required for some operations.

Administrative Roles
There are three Azure administrative roles. These are:

• Account administrator. There is one account administrator for each Azure account. The account
administrator is allowed to access the Account Center. This enables the account administrator to
create subscriptions, cancel subscriptions, change billing for a subscription, or change Service
Administrator, among other tasks.

Note: The account administrator for a subscription is the only person who has access to the
Account Center. Account administrators do not have any other access to services in that
subscription.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-17

Additional Reading: You can access the Azure Account Center from the Microsoft website:
http://go.microsoft.com/fwlink/?LinkID=517417.

• Service administrator. There is one service administrator for each Azure subscription. The service
administrator is able to access the Azure Management Portal for all subscriptions in the account. By
default, the user account associated with this role is the same as the account administrator when your
subscription is created.

• Co-administrator. You can have up to 200 co-administrators for each Azure subscription. This role
has the same functions as the service administrator, but it cannot change the association of
subscriptions to Azure directories.

This table summarizes the differences between the three Azure administrative roles:

Administrative role Limit Summary

Account administrator One per Azure account Authorized to access the Account Center
(create subscriptions, cancel subscriptions,
change billing for a subscription, change
service administrator, and more).

Service administrator One per Azure subscription Authorized to access the Azure
Management Portal for all subscriptions
in the account. By default, same as the
account administrator when a
subscription is created.

Co-administrator 200 per subscription Same as service administrator, but cannot

change the association of subscriptions to
Azure directories.

Note: Role-based access control is available in the Preview Portal. Azure role-based access
control allows you to grant appropriate access to Azure AD users, groups, and services, by
assigning roles to them on a subscription or resource group or individual resource level. The
assigned role defines the level of access that the users, groups, or services have on the Azure
resource.

Additional Reading: You can find out more about Azure role-based access control here:
http://go.microsoft.com/fwlink/?LinkID=523800.

Signing in to Azure
To manage Azure, you must sign in using a User ID, which takes the form of an email address. There are
two types of User IDs:
• Microsoft accounts. These take the form of <user>@outlook.com, or <user>@hotmail.com or similar.

• Organizational accounts. These take the form <user>@contoso.onmicrosoft.com, or

<user>@contoso.com.

Organizational accounts are different from Microsoft accounts because they are sourced from Azure AD.
As a result, you have more options for managing organizational accounts. For example, you can
supplement organizational accounts with multi-factor authentication, which requires the user to enter
additional information to verify his or her identity. Generally, you should use organizational accounts
whenever you need to assign administrative access to Azure. Every Azure subscription has a default
directory that you can use to create organizational accounts.
MCT USE ONLY. STUDENT USE PROHIBITED
1-18 Getting Started with Microsoft Azure

Demonstration: Managing a Subscription

In this demonstration, you will see how to manage Azure subscriptions.

Demonstration Steps
1. Create a user in the default directory with the following settings:

o USER NAME: ChadC

o FIRST NAME: Chad

o LAST NAME: Corbitt

o DISPLAY NAME: Chad Corbitt

o ROLE: User

o Enable Multi-Factor Authentication: Not selected

2. Note the value for NEW PASSWORD.

3. As a backup, in the SEND PASSWORD IN EMAIL box, type the email address of your Azure
subscription.

4. In Internet Explorer, in the Microsoft Azure management portal, in the navigation pane, click
SETTINGS.

5. In the settings pane, click the ADMINISTRATORS tab.

6. At the bottom of the screen, click ADD.

7. In the Specify a co-administrator for subscriptions dialog box, in the EMAIL ADDRESS box, type
the USER NAME you recorded earlier.

8. Select the check box next to your subscription in the SUBSCRIPTION list below, and then click OK
(the check box).

Azure Pricing
At the time of writing, there are three pricing
options. These are:

• Pay-As-You-Go. Choose this option if you

want a flexible pricing plan. You only pay for
the services you use. You may cancel this
subscription at any time. You can only make
payments by using credit or debit cards. It is
important to note that usage quotas apply to
this plan, including limits on cloud services
and virtual machines, storage, and Active
Directory.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-19

Additional Reading: For further information about this plan, including usage quotas, visit
the Azure website: http://go.microsoft.com/fwlink/?LinkID=517418.

• Buy from a Microsoft Reseller. To work with the same resellers from whom you currently purchase
Microsoft software under the Open Volume License Program, you can select this option. You must
purchase Azure in Open credits from your vendor. You then can activate your subscription using
those credits. You can apply Azure in Open Licensing credits towards any Azure Service that is eligible
for monetary commitments, when purchased online. Services that are not eligible for use with
monetary commitments, such as Azure Rights Management Services and Azure Active Directory
Premium, cannot be procured using Azure in Open.

Additional Reading: For further information about this plan, visit the Azure website:
http://go.microsoft.com/fwlink/?LinkID=517419.

• Enterprise agreements. This option is best suited to large organizations that sign an Enterprise
Agreement and make an upfront commitment to purchase Azure services. Customers who select this
option can use the Enterprise Portal to administer their subscription. Customers are also billed
annually, based on their services usage. This can make it easier to accommodate unplanned growth.

Additional Reading: For more information about licensing Azure in the Enterprise, visit the
Azure website: http://go.microsoft.com/fwlink/?LinkID=517420.

Microsoft also provides a number of benefits to members of specific programs, such as MSDN, the
Microsoft Partner network, and BizSpark:
• MSDN. Members receive monthly credits toward their Azure subscription.

• Partner. Partners receive monthly credits toward their Azure subscription and receive access to
resources to help expand their cloud practice.
• BizSpark. Members receive monthly credits toward their Azure subscription.

Additional Reading: For more information about members’ benefits, visit the Microsoft
Azure website: http://go.microsoft.com/fwlink/?LinkID=517421.

Additional Reading: The Azure pricing website can be accessed at:

http://go.microsoft.com/fwlink/?LinkID=517422.
MCT USE ONLY. STUDENT USE PROHIBITED
1-20 Getting Started with Microsoft Azure

Pricing Calculator
When you plan the cost of your Azure
subscription, you can use the Microsoft Azure
pricing calculator. Within the calculator are nodes
for determining the cost of the various Azure
services. These are:

• Websites

• Virtual machines

• Mobile services

• Cloud services

• Data management

Additional Reading: To view the pricing calculator, go to

http://go.microsoft.com/fwlink/?LinkID=517423.

To calculate your Azure subscription cost, select the appropriate node, and then adjust the parameters of
the service that you require. You can configure the following parameters for each of the nodes:
• Websites. Select between Free, Shared, and Standard models, and then configure the required sites,
virtual machines, bandwidth, and support options to determine the cost.

• Virtual machines. Select between Windows, Linux, SQL Server, BizTalk Server, and Oracle Software
virtual machine types, and then configure the size, bandwidth, and support options.
• Mobile services. Choose between Free, Basic, and Standard mobile services, and then select the
appropriate SQL Server database size, the appropriate bandwidth, the notification hubs, and the
support options.
• Cloud services. Choose the size of your Web and Worker role instances, SQL database size,
bandwidth, and support options to determine the expected cost.

• Data management. Select between Locally redundant, Zone redundant, Geo redundant, and Read-
access Geo redundant options. You can then choose the appropriate level for import and export,
backup size, site recovery options, SQL database number and sizing, machine learning, cache options,
bandwidth, and support. The calculator will then determine the likely cost.

You can also use the full calculator node for more complex Azure subscriptions. This node enables you to
select individual services and their configuration options from across all available Azure services.
After you have selected and configured your Azure subscription services, you can proceed to purchase
and provision the subscription.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-21

Billing Workspace
You can view and manage the charges for your
Azure subscription from either the portal or the
Preview portal.

From within the portal, on the OVERVIEW tab, you

can view the following information:

• Subscription status. Shows the current

credit remaining, and a summary of billing
information. It also provides links to
additional information.

• Change payment method. Enables you to

change your preferred payment method for
the selected subscription.

• Download usage details. You can download your usage history into a CSV file. Selecting this option
moves the focus to the BILLING HISTORY tab.
• Edit subscription details. Enables you to change the subscription name and associated service
administrator email account name. We recommend that you rename the subscription using a name
that is meaningful to you or your organization. It also might be beneficial to assign a specific
administrator or co-administrator to handle billing.

• Change subscription address. You can change the subscription billing address.
• Cancel subscription. Enables you to cancel your subscription.

You can use the BILLING HISTORY tab to review previous usage and view your current status.

Note: You access the billing workspace from the main Azure portal. Click your account
name in the Azure portal window, click View my bill, and then select your subscription. To access
the billing workspace from the Preview portal, click BILLING in the navigation pane.

Additional Reading: For further information on interpreting your Azure bill, visit the Azure
website: http://go.microsoft.com/fwlink/?LinkID=517424.
MCT USE ONLY. STUDENT USE PROHIBITED
1-22 Getting Started with Microsoft Azure

Demonstration: Using the Billing Workspace

In this demonstration, you will see how to manage Azure billing.

Demonstration Steps
1. In Internet Explorer, at the top right of the Microsoft Azure management portal, click your Microsoft
account name, and then click View my bill. This opens a new tab in Internet Explorer. If prompted,
sign in using the Microsoft account credentials associated with your Azure subscription.

2. On the subscriptions page, click your subscription. Then review the summary of usage and billing
that is displayed.
3. At the top right of the Microsoft Azure management portal, click your Microsoft account name, and
then click Switch to new portal. This opens a new tab in Internet Explorer.

4. In the navigation pane, click BILLING.

5. In the Billing list, click your subscription name. A summary screen appears. If you receive an error, try
this step again.

6. Close Internet Explorer.

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-23

Lab: Use the Microsoft Azure Portal

Scenario
To start investigating the use of Microsoft Azure to provide cloud-based services, you have decided to
familiarize yourself with the Azure Portal.

Objectives
After completing this lab, you will be able to:

• Add a co-administrator to your Azure subscription.

• Display billing data for your Azure subscription.

Estimated Time: 20 minutes

Exercise 1: Add a Co-Administrator

Scenario
You will begin by adding a new co-administrator to your subscription.
The main tasks for this exercise are as follows:

1. Connect to the Azure Portal.

2. Add a co-administrator.

 Task 1: Connect to the Azure Portal

1. Sign in to your computer.
2. If necessary, start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in
using the Microsoft account that is associated with your Azure subscription.

 Task 2: Add a co-administrator

1. Create a user in the default directory with the following settings:
o USER NAME: ChadC

o FIRST NAME: Chad

o LAST NAME: Corbitt

o DISPLAY NAME: Chad Corbitt

o ROLE: User

o Enable Multi-Factor Authentication: Not selected

2. Note the value for NEW PASSWORD.

3. As a backup, in the SEND PASSWORD IN EMAIL box, type the email address of your Azure
subscription.

4. Make a note of the USER NAME for the newly created user. You will need this shortly.

5. In Internet Explorer, in the Microsoft Azure management portal, in the navigation pane, click
SETTINGS.

6. In the settings pane, click the ADMINISTRATORS tab.

7. At the bottom of the screen, click ADD.

MCT USE ONLY. STUDENT USE PROHIBITED
1-24 Getting Started with Microsoft Azure

8. In the Specify a co-administrator for subscriptions dialog box, in the EMAIL ADDRESS box, type
the USER NAME value you recorded earlier.

9. Select the check box next to your subscription in the SUBSCRIPTION list below, and then click OK
(the check box).

Results: After you complete this exercise, you should have successfully added a co-administrator to your
Azure subscription.

Exercise 2: View Billing Data

Scenario
You now will view associated billing information for your subscription.
The main tasks for this exercise are as follows:

1. View subscription usage.

2. View billing period.

 Task 1: View subscription usage

1. In Internet Explorer, at the top right of the Microsoft Azure management portal, click your Microsoft
account name, and then click View my bill.
2. If necessary, sign in with the Microsoft account associated with your subscription.

3. On the subscriptions page, click your subscription. Then review the summary of usage and billing
that is displayed.

 Task 2: View billing period

1. Download the usage details for your subscription.
2. Once you have reviewed the CSV file, close it.

3. Close the current Internet Explorer tab.

Results: After you complete this exercise, you should have successfully viewed your Azure subscription
billing data.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 1-25

Module Review and Takeaways

Review Questions
Question: What are the three categories of cloud services?

Question: What are the four Microsoft Azure service categories?

MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
2-1

Module 2
Virtual Machines in Microsoft Azure
Contents:
Module Overview 2-1

Lesson 1: Create and Configure Virtual Machines 2-2

Lesson 2: Configure Disks 2-12

Lab: Create a Virtual Machine in Microsoft Azure 2-18

Module Review and Takeaways 2-21

Module Overview
Microsoft offers several virtualization management technologies that your organization can use to resolve
problems that you may encounter when managing server computing environments. For example, server
virtualization can help reduce the number of physical servers, and provide a flexible and resilient server
solution. You can deploy virtual machines on your locally installed servers or in Microsoft Azure. In this
module, you will learn how to create and configure virtual machines, and how to manage their disks.

Objectives
After completing this module, you will be able to:
• Create and configure virtual machines in Microsoft Azure.

• Configure disks for virtual machines.

MCT USE ONLY. STUDENT USE PROHIBITED
2-2 Virtual Machines in Microsoft Azure

Lesson 1
Create and Configure Virtual Machines
Virtual machines provide many benefits over traditional physical machines. You can deploy virtual
machines on physical servers in your IT environment, or you can choose to deploy virtual machines
in Microsoft Azure. In this lesson, you will learn how to create, deploy, and configure virtual machines
in Microsoft Azure.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe the purpose and functionality of virtual machines.

• Describe Azure virtual machines.

• Describe how to create virtual machines from Azure VM Gallery.

• Create a virtual machine from the Azure Virtual Machines gallery.

• Configure and scale virtual machines.

• Configure a virtual machine from the Azure Portal.

• Describe how to connect to a virtual machine.

• Connect to a virtual machine.

Overview of Virtual Machines

In today’s information technology (IT)
environments, a virtual machine is an emulation
of a physical computer system. A virtual machine
acts like a software-based computer that runs
an operating system and applications. Virtual
machines are based on the computer architecture
and functions of a real or hypothetical computer.
The implementation of virtual machines may
involve specialized hardware, software, or a
combination of both.

Virtual machines function as normal computers.

Virtual machines that are hosted on the same
virtualization server are independent of one another. You can run multiple virtual machines that are using
different operating systems on a virtualization server simultaneously, provided the virtualization server has
enough resources.

Some of the most common reasons and scenarios for using virtual machines are:

• Implementing virtual machines to maximize hardware usage.

• Isolating services and programs.

• Consolidating servers.
• Simplifying server deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-3

Virtual Machine Hardware

With server virtualization, you can create separate virtual machines and run them concurrently on a single
server that is running Microsoft Hyper-V. These virtual machines are guests, while the computer that is
running Hyper-V is the virtualization server or the management operating system.

Virtual machines use virtual, or emulated, hardware. The management operating system, Windows
Server 2012 with Hyper-V, uses the virtual hardware to mediate access to actual hardware. For example,
you can map a virtual network adapter to a virtual network that you map to an actual network interface.
By default, virtual machines include the following simulated hardware:

• BIOS. This simulates the computer’s BIOS. On a stand-alone computer, you can configure various
BIOS-related parameters. On a virtual machine, you can configure some of the same parameters,
including:

o The boot order for the virtual machine’s virtual hardware.

o The device from which the virtual machine boots, such as from a DVD drive, Integrated Drive
Electronics (IDE), a legacy network adapter, or a floppy disk.

o Whether the NUM LOCK key is enabled at boot.

• Memory. You can allocate up 1 terabyte (TB) of memory resources to an individual virtual machine.
• Processor. You can allocate up to 64 virtual processors to a single virtual machine.

• IDE controller 0. A virtual machine can support only two integrated drive electronics (IDE) controllers
and, by default, two are allocated to each virtual machine. Each IDE controller can support two
devices.

You can connect virtual hard drives or virtual DVD drives to an IDE controller. You can use IDE controllers
to connect virtual hard disks and DVD drives to virtual machines that use any operating system that does
not support integration services.

• IDE controller 1. Enables deployment of additional virtual hard drives and DVD drives to the virtual
machine.
• SCSI controller. You can use a small computer system interface (SCSI) controller only on virtual
machines that have operating systems that support integration services.

• Synthetic network adapter. Synthetic network adapters represent computer network adapters. You
can only use synthetic network adapters with supported virtual machine guest operating systems.

• COM 1. Enables you to configure a connection through a named pipe.

• COM 2. Enables you to configure an additional connection through a named pipe.

• Disk drive. Enables you to map a virtual floppy disk image to a virtual disk drive.

You can add the following hardware to a virtual machine by editing the virtual machine’s properties, and
then clicking Add Hardware:
• SCSI controller

• Synthetic or legacy network adapter

• Fibre Channel adapter.

• RemoteFX 3D video adapter
MCT USE ONLY. STUDENT USE PROHIBITED
2-4 Virtual Machines in Microsoft Azure

Virtual Machine Generations

Most operating systems and programs that run in virtual machines are not aware that they are virtualized.
Using emulated hardware enables operating systems that are not virtualization-aware to run in virtual
machines. In machines that can run enlightened operating systems, Integration Services allow the virtual
machines to access synthetic devices, which perform better. With the broad adoption
of virtualization, many modern operating systems now include Integration Services.

Windows Server 2012 R2 changes all of this. It fully supports the existing type of virtual machines, and
names them collectively generation 1 virtual machines. It provides support for the new type of virtual
machines, named generation 2 virtual machines. Generation 2 virtual machines function as if their
operating systems are virtualization-aware. Because of this, generation 2 virtual machines do not have
the legacy and emulated virtual hardware devices found on generation 1 virtual machines. Generation 2
virtual machines use only synthetic devices. Advanced Unified Extensible Firmware Interface (UEFI) firm,
which supports Secure Boot, replaces BIOS-based firmware. Generation 2 virtual machines start from a
SCSI controller or by using the Pre-Boot EXecution Environment (PXE) on a network adapter. All
remaining virtual devices use virtual machine bus (VMBus) to communicate with parent partitions.
Generation 1 and generation 2 virtual machines have similar performance, except during startup and
operating system installation. The primary advantage of generation 2 virtual machines is that startup
and deployment are considerably faster. You can run generation 1 and generation 2 virtual machines
side-by-side on the same Hyper-V host.
You select the virtual machine generation when you create the virtual machine. You cannot change the
generation later.
Generation 2 virtual machines currently support only Windows Server 2012, Windows 8 (64-bit), and
newer 64-bit Windows operating systems. Therefore, generation 1 virtual machines, which support almost
any operating system, will remain in use for the foreseeable future. Generation 2 virtual machines do not
currently support Microsoft RemoteFX.
Question: How your organization uses virtualization? Did you implement any public or
private cloud solution with your virtualization solution?

What Are Azure Virtual Machines?

In addition to creating virtual machines on
your on-premises physical servers, you can
also create cloud-based virtual machines in
the Microsoft Azure environment. When you
create a virtual machine in the Microsoft Azure
environment, the virtual machine runs on
a Hyper-V server in one of the Microsoft
datacenters, while web-based and Windows
PowerShell management interfaces are provided
to the user. Virtual machines that run in Microsoft
Azure allocate resources from servers in the
Microsoft datacenter instead of your local
resources, but they are still accessible from your local network just like servers that are hosted locally.

In today’s enterprise environments, cloud-based services and especially virtual machines that run in
the cloud can be a very attractive solution for extending a datacenter and allocating some additional
resources when needed. The Azure platform provides numerous services that can either replace or
complement existing on-premises services. Cloud-based virtual machines, programs, and services can
also be useful when you have to provide proof-of-concept solutions for proposed projects. Rather than
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-5

purchase test hardware and deploy a proof-of-concept solution to it, you can deploy a cloud-based
virtual machine quickly, and then deploy the proof-of-concept solution to the virtual machine. Then, after
you validate the proof-of-concept solution, you can discard the virtual machine, or keep it, depending on
operational concerns. This solution is not only faster but also less expensive than buying the hardware for
the proof-of-concept solution, which you might opt to discard if the project is not approved.

Apart from using the Microsoft Azure environment for testing or proof-of-concept, there are several more
scenarios where you can benefit from running virtual machines in Microsoft Azure, such as:
• You can use virtual machines in Azure for development purposes. Microsoft Azure provides an
inexpensive and reliable platform that you can deploy within minutes and provide to your developer
team. You can also use additional services from Microsoft Azure, such as SQL Databases, Storage, or
ServiceBus to support your development environment.

• You can move your virtual machines from an on-premises Hyper-V deployment to Microsoft Azure.
For example, you can upload a virtual hard drive from your local environment and run it with virtual
machine in Microsoft Azure.

• You can extend your datacenter by using Microsoft Azure. By using this approach, you can deploy
several virtual machines in Microsoft Azure and connect them to your on-premises environment by
using Azure Virtual Networks.

Deploying Azure Virtual Machines

Deploying virtual machines in Microsoft Azure is somewhat different from deploying them on a local
Hyper-V environment. In the Hyper-V environment, you configure all properties of the virtual machine;
in the Microsoft Azure environment, you must choose between several preconfigured options for virtual
machine configuration. In addition, you have to decide if you are going to use your own .vhd file as an
image for the virtual machine or if you will use one of the platform images already present in Microsoft
Azure. When making this decision, you should also consider the licensing aspect.
When you create a new virtual machine instance by using the Azure management portal, you have three
options: create a virtual machine from the + NEW menu, create a virtual machine from the gallery, and
create a virtual machine based on your own image.
As an alternative, you can also use a .vhd file stored in VM Depot to create a new virtual machine. VM
Depot is a community-driven catalog of preconfigured operating systems, applications, and development
stacks that you can easily deploy to Microsoft Azure.

When you create a virtual machine, the portal allows you to specify the following options:
• Host name. This is the name of the computer.

• User name. This is the name of the local user account that you will use when you manage the server.

• Pricing/Deployment tier. You can use this option to configure the pricing tier that correlates to the
virtual hardware assigned to your virtual machine.

• Optional configuration. You use this option to configure some basic operating system settings such as
automatic updates; the availability set for the virtual machine; the network configuration, including
static IP address and virtual network; the storage account; and whether diagnostics should be on or
off.

• Resource group. The resource group is a container that groups objects together into a collection for
easier management.

• Subscription. If you have multiple Azure subscriptions, you can choose the subscription that will
include the virtual machine.

• Location. You can configure the location for the virtual machine to the most appropriate locale.
MCT USE ONLY. STUDENT USE PROHIBITED
2-6 Virtual Machines in Microsoft Azure

Specifically for Linux-based virtual machines in Microsoft Azure, you also can configure Secure Shell (SSH)-
based authentication.

After you configure these options, the portal creates a virtual machine with the settings that you have
specified. Note that, at this time, Microsoft Azure supports only generation 1 virtual machines. In the
Azure portal, you cannot manage virtual machine generation, but it is important to consider this when
you use the virtual machine image created on your local Hyper-V environment. IN addition, you can use
the Microsoft virtual machine converter to convert VMWare-based virtual machines to Hyper-V virtual
machines. After you convert these machines to Hyper-V format, you can move them to Azure, as
described later in this module.

Also, the Azure platform does not provide console access to a virtual machine, and most Azure VMs,
irrespective of size, have only one virtual network adapter, which means that they also can have only one
IP address.

When you run Azure VMs, you pay for the service on an hourly or per-minute basis. The price for the
specific virtual machine is based on the size, the operating system, and the additional software installed
on the virtual machine. Because your virtual machine allocates resources on the Azure platform, you
are charged when the virtual machine status is Running or Stopped, but you are not charged when the
machine is in Stopped (Deallocated) state. When you shut down the virtual machine from its operating
system, it will go into the Stopped state, and you will be charged for it, even if it is not running. The virtual
machine will only go into the Stopped (Deallocated) state when you shut it down from the Azure portal.
Some additional charges may appear for the storage that the virtual machine uses in addition to the
operating system disk.

Additional Reading: For more information on Azure virtual machines, go to:

http://go.microsoft.com/fwlink/?LinkID=517440.

Question: Do you foresee any scenario in which you will implement Azure VMs in your
organization? If not, why?

Create a Virtual Machine from the Gallery

If you do not want to use your own image file
to build an Azure virtual machine, you can create
a virtual machine from the gallery of available
images and virtual machines. The gallery provides
preinstalled images of various Microsoft and Linux
operating systems and products. For example, you
can select a basic Windows Server installation or a
specific product, which will be preinstalled with
the server. Some of the available Microsoft
products include:

• Windows Server

• Microsoft SharePoint

• Microsoft SQL Server

• Microsoft BizTalk Server

• Microsoft Visual Studio

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-7

If you are performing a Linux installation, you can select from multiple versions of the following
distributions:

• Ubuntu
• CentOS

• SUSE

• Oracle
• Puppet Labs

Finally, an installation can also be based on images or disks that you have previously uploaded to Azure.

After you have selected the operating system or image that you wish to deploy, the next step in the
gallery wizard asks for virtual machine configuration details. These details include:

• Operating system version release date

• Virtual machine name

• Deployment tier
• Virtual machine size

• Username
• Password
A key aspect of these configuration steps is the deployment tier and size of the instance. The Azure offer
consists of several virtual machine pricing tiers. For example, a basic deployment tier offers the following
sizes for general purpose use:

• A0 (shared core, 768 MB memory, 1 data disk)

• A1 (1 core, 1.75 GB memory, 2 data disks)

• A2 (2 cores, 3.5 GB memory, 4 data disks)
• A3 (4 cores, 7 GB memory, 8 data disks)

• A4 (8 cores, 14 GB memory, 16 data disks)

Besides basic tier, which offers the lowest monthly price, there is an additional tier for more demanding
services. The standard deployment tier includes the features of the basic deployment tier, in addition to
auto-scaling and load balancing, together with better performance compared to the basic tier. Both of
these features are not available in the basic deployment tier. These options are typically necessary for
memory-intensive services such as database services. Finally, there is a compute-intensive deployment
tier that offers all that the standard tier includes with some additional features. Note that the compute-
intensive deployment tier comes standard with a 40 gigabit (Gb) InfiniBand network, and Remote Direct
Memory Access (RDMA) support. For example, you can choose some of these tiers:

• A8 (8 cores, 56 GB memory, 16 data disks)

• A9 (16 cores, 112 GB memory, 16 data disks)

Microsoft updates tiers regularly, so we recommend that you review the current offer on the Azure
management portal.

After you have created a virtual machine instance, you can use two primary methods to connect and
manage the virtual machine:

• Windows PowerShell with the Azure module.

• Remote Desktop Protocol, initiated from within the Azure management portal.
MCT USE ONLY. STUDENT USE PROHIBITED
2-8 Virtual Machines in Microsoft Azure

Additional Reading: For more information on Virtual Machine and Cloud Service Sizes for
Azure, go to http://go.microsoft.com/fwlink/?LinkID=517441.

Demonstration: Create a Virtual Machine from the Gallery

In this demonstration, you will see how to create a virtual machine from the Azure Gallery.

Demonstration Steps

Create a virtual machine

1. Sign in to your Azure account on the Azure preview portal at https://portal.azure.com.

2. Create a new virtual machine by using the following settings:

o Operating system: Windows Server 2012 R2 Datacenter

o VM name: server<your_initials>-10979
o User name: server<your_initials>-admin

o Password: Moc1500!

o Pricing tier: A2
o Storage account: Create new by using default values

3. Select to create a virtual machine with these settings, and wait a few minutes until the virtual machine
is created.

Configure and Scale a Virtual Machine

After you create an Azure virtual machine, you use
the Azure management portal to perform further
configuration and administration of each virtual
machine.
When you click the virtual machine in the Azure
management portal, the tab-based interface for
management opens. Notice that this interface is
significantly different than the interface of virtual
machine properties in Hyper-V Manager, in the
following ways:

• On the Dashboard tab, you can see general

information about the virtual machine state
and configured options. In addition, here you can find quick links to some commonly used
configuration options.

• On the Monitor tab, you can find real-time information about the performance of critical components
of your virtual machine. You can monitor central processing unit (CPU), disk, and network resources.
• The Endpoints tab lets you configure connection endpoints for the virtual machine, which will be
discussed later in more detail.

• The Configure tab provides options for virtual machine configuration. On this tab, you can change
the virtual machine tier and size, and you can also configure the virtual machine availability options
by configuring an availability set.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-9

Availability Sets and Scaling

By configuring an availability set, you provide redundancy for an application that is running on one or
more virtual machines. When you put two or more virtual machines into the availability set, you ensure
that, during a planned or unplanned maintenance event, at least one virtual machine will be available
and meet the 99.95% Azure service level agreement (SLA). In practice, when you place two or more
virtual machines in the availability set, you inform the Microsoft Azure fabric controller that these virtual
machines are hosting the same service, and that they should not be taken down at the same time.
Besides, virtual machines that are part of an availability set are spread across different racks in the Azure
datacenter, which means that they have separate power supplies and switches.

The Azure platform controls these operations by using the Update Domain and Fault Domain objects.
Update Domain objects help the Azure platform to determine which virtual machines (or physical
hardware that hosts them) can or cannot be rebooted at the same time. Fault Domain objects define
he group of virtual machines that share a common power source and network switch. When you
configure up to five virtual machines in the same availability set, they will never all share the same
Fault Domain object.

Note: Do not confuse availability sets with high availability technologies such as failover
clustering or Network Load Balancing (NLB).

For an application running within virtual machines, you can also configure scaling. Before you configure
any scaling options, you must assign the virtual machines to the same availability set. You can scale your
application manually or you can set parameters to scale it automatically. Virtual machines that you assign
to the availability set are turned on in a scale-up action and turned off in a scale-down action. CPU core
usage affects application scaling. Larger virtual machines have more cores available. You can scale
applications within the core limits for your Azure subscription. For example, if you have an Azure
subscription that has a limit of 20 cores and you run an application with two medium-sized virtual
machines (which use four cores in total), you can only scale up the other cloud service deployments
in your subscription by 16 cores. All virtual machines in an availability set that you use in scaling an
application must be the same size.

Demonstration: Configure a Virtual Machine from the Portal

In this demonstration, you will see how to configure an Azure virtual machine.

Demonstration Steps
1. Open the Azure preview portal and browse to Virtual machines.

2. Click the virtual machine that you created in the previous demonstration. Show available options.

3. Open the Azure portal from the Azure preview portal. In the Azure portal, click on the virtual
machine created in previous demonstration.

4. Browse through the DASHBOARD, MONITOR, and ENDPOINTS tabs, and review the available
options.
5. On the CONFIGURE tab, change the size of the virtual machine to A1.

6. Save the changes.

MCT USE ONLY. STUDENT USE PROHIBITED
2-10 Virtual Machines in Microsoft Azure

Connect to a Virtual Machine

After you create a virtual machine on the
Microsoft Azure platform, you will probably
want to connect to it, and then perform further
administration tasks.

To log on to a virtual machine, you use credentials

that you specified when you created the virtual
machine. To make a connection to a virtual
machine, you can use the Remote Desktop client
software for Windows operating systems, or other
operating systems that support it. Alternatively,
you can use the Secure Shell (SSH) client for Linux
operating systems. For security reasons, you can
disable this type of communication to reduce the attack surface and instead use virtual private networks
(VPNs), which you will learn about later. You can also change the default port for connecting to Remote
Desktop.

You can connect to your Azure virtual machine directly from the Azure management portal by choosing
the Connect option after selecting a virtual machine. In case of a Windows virtual machine, you will
be prompted to download the .rdp file with the settings needed to make a connection to the virtual
machine. If you want to make an SSH connection, you can find SSH information such as the host name
and port number in the Management Portal by selecting the virtual machine and looking for SSH Details
in the Quick Glance section of the dashboard.

Besides using Remote Desktop Protocol (RDP) or SSH to connect to the virtual machine, you can also
specify a custom port and protocol to make a connection. To allow access to the virtual machine, you
need to create an endpoint. Two endpoints are created by default when you create a new virtual machine,
but you can create more by using the management portal.

Each virtual machine created by using an image from the Azure gallery comes with the local Windows
Firewall enabled. Windows Firewall is configured with inbound rules according to the default endpoints
created for the specific virtual machine. However, if you create additional endpoints later, you will also
have to create appropriate inbound rules on the local firewall on the virtual machine. In addition, if you
are using your custom image on an Azure virtual machine, you will have to set all firewall rules manually.

Note: If you forget the user name and password for the Azure virtual machine, you can
perform a password reset by using the VMAccess extension. You can enable this extension
during the wizard for creating an Azure virtual machine. Alternatively, you can also use the
Set-AzureVMaccessExtension cmdlet from Microsoft Azure PowerShell module to add this
extension after deploying the virtual machine. With this extension, you can also reset Remote
Desktop Access or Secure Shell (SSH) settings on a virtual machine. You will need to ensure
that you install the VM Agent feature as part of the virtual machine provisioning process. An
extension to the VM Agent is used to reset the built-in local Admin credentials and ensure that
Remote Desktop is enabled inside the VM.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-11

Troubleshooting Virtual Machine Connection Issues

If you have trouble connecting to a virtual machine in Microsoft Azure, you can try the following
troubleshooting steps:

• Ensure that you are using the correct user account. If you added a machine to the Active Directory
Domain Services (AD DS) domain, ensure that you are using the correct domain to sign in.

• Delete and recreate endpoint objects for RDP or SSH.

• Restart the virtual machine.

• If you are using a specific endpoint with custom values for port and protocol to connect, ensure that
your local firewall allows this connection.

Demonstration: Connect to a Virtual Machine

In this demonstration, you will see how to connect to an Azure virtual machine.

Demonstration Steps
Connect to a virtual machine by using Remote Desktop Connection
• Switch back to the Azure preview portal, click the newly created virtual machine, and then connect to
the virtual machine.

Validate functionality of a newly created virtual machine

1. Sign in to the virtual machine and navigate around the server configuration by viewing Server
Manager and File Explorer.
2. Disconnect the Remote Desktop Connection session when finished.
MCT USE ONLY. STUDENT USE PROHIBITED
2-12 Virtual Machines in Microsoft Azure

Lesson 2
Configure Disks
Each virtual machine uses disks to store data. You must configure at least one disk on each virtual
machine to store operating system files. You can add more disks to each virtual machine deployed
on-premises or in Microsoft Azure.

Virtual machines deployed in the Hyper-V environment use the .vhd or .vhdx virtual disk formats. In this
lesson, you will learn about virtual machine disks and how to manage them.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe virtual hard disks.

• Upload and attach disks to virtual machines.

• Describe how to configure new disks in Windows operating systems.

• Configure disks.

Overview of Virtual Hard Disks

A virtual hard disk is a file that represents a
traditional hard disk drive. You can configure
this file as a virtual hard disk with partitions and
an operating system. You can use virtual hard
disks on virtual machines, and you can mount
virtual hard disks as local volumes by using the
Windows Server 2012, Windows Server 2008 R2,
Windows 8, and Windows 7 operating systems.
Windows Server 2012 supports the boot from
virtual hard disk option. This enables you to
configure a computer to boot into a Windows
Server 2012 operating system that is deployed on
a virtual hard disk, or into certain editions of the Windows 8 operating system that are deployed on a
virtual hard disk. You can create a virtual hard disk by using:

• The Hyper-V Manager console.

• The Disk Management console.

• The DiskPart (diskpart.exe) command-line tool.

• The Windows PowerShell cmdlet New-VHD.

Note: Some editions of Windows 7 and Windows Server 2008 R2 also support booting
from virtual hard disk.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-13

Virtual Hard Disks in .vhd Format vs. Virtual Hard Disks in .vhdx Format
Virtual hard disks typically use the .vhd extension. Windows Server 2012 introduces a new type of
virtual hard disk that uses the .vhdx extension. Virtual hard disks with the .vhdx format have the
following benefits over virtual hard disks that were used in Hyper-V on Windows Server 2008 and
Windows Server 2008 R2:

• Virtual hard disks with the .vhdx format can be as large as 64 terabyte (TB), whereas virtual hard disks
with the .vhd format are limited to 2 TB.
• Virtual hard disks with the .vhdx format are less likely to become corrupt if the virtualization server
suffers an unexpected power outage.

• The .vhdx format supports better alignment when deployed to a large sector disk.

• Virtual hard disks with the .vhdx format can hold larger dynamic and differencing virtual hard disks.
This provides for better performance from the dynamic and differencing virtual hard disks.

You can convert a virtual hard disk with the .vhd format to the .vhdx format by using the Edit Virtual Hard
Disk Wizard. You might want to do this if you have upgraded a Windows Server 2008 or Windows Server
2008 R2 virtualization server to Windows Server 2012 or Windows Server 2012 R2. You can also convert a
virtual hard disk with the .vhdx format to the .vhd format.

Disks in Microsoft Azure

There are three types of virtual disks in Azure, which you can associate with virtual machines hosted in
Infrastructure as a Service (IaaS):
• Operating system disk. Each machine has an operating system disk attached. This disk is attached as a
serial ATA (SATA) drive and labeled with the letter C. It has a capacity of 127 GB. This disk contains
the operating system of the virtual machine. In the Azure infrastructure, each operating system disk
can be created in three copies, depending on the replication settings of the underlying storage
account, for redundancy, but this process is transparent to the user.
• Temporary disk. As with the operating system disk, this disk is created automatically during the
creation of the virtual machine. It has the same size as the operating system disk, and it is labeled with
the letter D. It is important to note that you should not use this disk for storing data. It is there to
provide temporary storage for applications and processes and to store data that you do not need to
keep, such as page or swap files. The temporary storage is present on the physical machine that is
hosting your virtual machine. In some scenarios, a virtual machine can move to a different physical
host machine, such as in a power failure. When this happens, your virtual machine is recreated
on the new host machine by using the operating system disk. Any data saved on the previous
temporary drive will not be migrated, and your virtual machine will be assigned a new temporary
drive. In addition, when you resize your virtual machine or when you shut it down temporarily,
storage will be deleted.

• Data disk. You should use this type of disk as data storage. Its maximum size is 1 TB, and you can
label it with the letter of your choice. Unlike the operating system disk, this disk is attached to the
SCSI interface of the virtual machine. This disk, along with an operating system disk, is stored in
an Azure Storage account as a page blob. You will discuss types of Azure storage in later modules.
Each disk type is based on the .vhd format. The number of data disks assigned to the virtual machine
that you choose from the gallery depends on the deployment and pricing tier that you choose.

You can use the Azure management portal or Windows PowerShell to attach disks to a virtual machine.
The Add-AzureDataDisk cmdlet can attach an existing data disk to a virtual machine or create a new
data disk for a virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
2-14 Virtual Machines in Microsoft Azure

You must consider the following factors when using virtual disks in Azure:

• Azure does not support the .vhdx format. All virtual disks must use the .vhd format.

• Azure does not support dynamically expanding disks. All virtual disks must be fixed disks.

• .vhd files remain in your storage account even if you remove them from a virtual machine or delete
the virtual machine. You must manually manage the .vhd files to minimize storage space waste.
Alternatively, you can use Windows PowerShell to manage the .vhd files automatically.

Uploading and Attaching Disks

If you want to attach a new data disk to your
virtual machine in Microsoft Azure, you can
do so by using the Azure management portal.
When you create a new disk, you must choose a
storage account and a container where your disk
will be stored, and you must specify a disk size in
GB. Azure disks that you can attach to the virtual
machines are stored as page blobs in Azure
Storage. Each storage account that you create
in your Azure subscription has specific scale
targets. If services in your virtual machine require
heavy disk I/O load through a virtual machine, it is
possible that you will reach the limits of these storage targets. A specific blob (which holds a single disk)
has a target of 60 megabytes (MB) per second.

To achieve better performance, we recommend that you use multiple disks across multiple storage
accounts. This will enable you to exceed account-specific storage scale targets.
You can also use a virtual disk from your on-premises computer, such as a server running Hyper-V
in Windows Server 2012. You can upload the .vhd file to Azure, and then attach it to a virtual machine.
Currently, Azure supports a maximum .vhd size of 999 GB. After you attach a disk to a virtual machine,
you must initialize it before use.
Many organizations use a custom operating system image for their computers. An image usually serves
as a template because it does not have specific settings like a configured virtual machine, such as the
computer name and user account settings. Also, in some more complex environments, you would use
a set of virtual machine images for a single service. You would typically manage these images by using
VMM in on-premises environments. For many organizations, multiple images handle client computers and
servers running different operating systems and applications. You can upload your customized images to
Azure so that you can deploy your images in Azure. To use your images in Azure, you must meet the
following prerequisites:

• You must download and install the Azure Windows PowerShell module on an on-premises computer.
The module contains the Add-AzureVHD cmdlet, which you will use to upload your custom images
to Azure.

• You must create a .vhd file containing your custom Windows operating system image. Note that
Azure does not support .vhdx files, but you can convert your existing .vhdx files to .vhd before you
upload them.

• Azure must support the operating system in the image. Azure supports images containing Windows
Server 2008 R2 and newer versions.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-15

When you are ready to begin, follow these high-level steps:

1. Launch Azure Windows PowerShell, and connect to Azure.

2. Run the upload command. For example, your system has the following parameters:

o The URL to the storage container is https://10979Bstorage01bs.blob.core.windows.net

/10979B-c1

o The container name is 10979B-c1

o The local path to the .vhd file is D:\Images\2012-R2-General.vhd

o The new .vhd file will be called "2012-R2-General.vhd"

You would run the following command to upload the image:

Add-AzureVhd -Destination "https://10979Bstorage01bs.blob.core.windows.net/10979B-

c1/Images/2012-R2-General.vhd" -LocalFilePath "D:\Images\2012-R2-General.VHD"

3. Add the image to your custom images list. You can add the image by using the Azure management
portal or by using Windows PowerShell. When the image is in the custom images list, it is available for
deployment when you create a new virtual machine.
You also have the option of using the VM Depot instead of uploading an image. The VM Depot contains a
large number of community-developed images that you can customize and use when you are creating
new VMs. However, the depot contains only non-Windows images, most of which are based on the Linux
operating system. Many of the images are based on their intended use. For example, you can find images
configured for blogging services and web servers. Community members provide and license the virtual
machine images on this site to you. Microsoft Open Technologies does not screen these images for
security, compatibility, or performance, and does not provide any license rights or support for them.

Configuring New Disks in a Windows Virtual Machines

When you attach a disk to the Azure virtual
machine, you can manage that disk in the same
way as you would manage a disk on the physical
machine or a virtual machine deployed locally on
your Hyper-V server.
Typically, you use Disk Management for managing
disks and volumes. When you first attach an
empty disk to the Azure virtual machine, you
should initialize it, and then create volumes.
Before creating volumes, you should choose
which type of disk you want to use. When
selecting a type of disk for your use in Windows
Server 2012, you can choose between basic and dynamic disks.

Basic Disks
All versions of the Windows operating system support basic storage, which uses partition tables.
A basic disk is one that you initialize for basic storage and that contains basic partitions such as primary
partitions and extended partitions. You can subdivide extended partitions into logical volumes.

By default, when you initialize a disk in the Windows operating system, the disk is configured as a basic
disk. It is easy to convert basic disks to dynamic disks without any data loss. However, when you convert a
dynamic disk to a basic disk, all data on the disk is lost.
MCT USE ONLY. STUDENT USE PROHIBITED
2-16 Virtual Machines in Microsoft Azure

Dynamic Disks
The Microsoft Windows 2000 Server operating system introduced dynamic storage. By using dynamic
storage, you can build fault-tolerant, redundant storage systems. You can also perform disk and volume
management without having to restart computers that are running Windows operating systems.

A dynamic disk is one that you initialize for dynamic storage and that contains dynamic volumes. You can
create a dynamic volume from free space on one or more disks. You can format the volume with a file
system and assign it a drive letter or configure it with a mount point.
Dynamic disks do not perform better than basic disks, and some programs cannot address data that
is stored on dynamic disks. For these reasons, you would not normally convert basic disks to dynamic disks
unless you need to use some of the additional volume configuration options that dynamic disks provide.

ReFS
In Windows Server 2012, besides being able to format volumes with file allocation table (FAT) or New
Technology File System (NTFS), you can also use Resilient File System (ReFS). ReFS is a new feature in
Windows Server 2012 that is based on the NTFS file system. It provides the following features and
advantages:
• Metadata integrity with checksums.

• Expanded protection against data corruption.

• Increased reliability, especially during a loss of power, over NTFS, which can experience corruption in
similar circumstances.
• Larger volume, file, and directory sizes.

• Redundancy for fault tolerance.

• Disk scrubbing for protection against latent disk errors.

• Resiliency to corruptions with recovery for maximum volume availability.

ReFS uses a subset of NTFS features, so it maintains backward compatibility with NTFS. Therefore,
programs that run on Windows Server 2012 can access files on ReFS, just as they would on NTFS.
However, an ReFS-formatted drive is not recognized when placed in computers that are running Windows
Server operating systems older than Windows Server 2012. You can use ReFS drives with Windows 8.1, but
not with Windows 8.

Windows Server 2012 also provides a new way to manage storage that is attached to the physical host or
a virtual machine, by implementing Storage Spaces technology. Storage Spaces is a storage virtualization
feature that Windows Server 2012 and the Windows 8 operating system include.
The Storage Spaces feature has two components:

• Storage pools. Storage pools are a collection of physical disks that have been aggregated into a single
logical disk so that you can manage the multiple physical disks as a single disk. You can use Storage
Spaces to add physical disks that have different sizes and interfaces to a storage pool.

• Storage spaces. Storage spaces are virtual disks created from free space in a storage pool. Storage
spaces have such attributes as resiliency level, storage tiers, fixed provisioning, and precise
administrative control.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-17

Demonstration: Configure Disks

In this demonstration, you will see how to attach a new data disk to an Azure virtual machine.

Demonstration Steps
1. In the Azure preview portal, browse to Virtual Machines.

2. Navigate to the virtual machine that you created in the first demonstration.
3. Open the Disks tile.

4. Ensure that you see only the operating system disk attached to the virtual machine.

5. In the Disks pane of Virtual machine properties, choose to attach new disk.
6. Select any available storage account.

7. Choose the vhds container.

8. Create a new data disk with a size of 5 GB.

9. After the disk is attached to the virtual machine, connect to it and verify that the disk appears in the
Disk Management console.

Discussion: Implementing Virtual Machines in Azure Solution

The previous topics covered the implementation
of Azure virtual machines. Unlike Hyper-V VMs
deployed locally, Azure virtual machines provide
greater flexibility and much more resources that
you can use when you need them.
You can deploy Azure virtual machines by using
several different approaches, and by using many
preconfigured templates with both Microsoft and
non-Microsoft platforms. Because Azure virtual
machines do not support classic high availability
technologies such as failover clustering, you
can use scaling and availability sets to increase
availability of the service hosted in the virtual machine.

To provide additional storage for Azure virtual machines, you use virtual hard disks in Azure. Each virtual
machine supports one or more data disks that you can add, depending on the deployment and pricing
tier that you choose. After you add a disk to the virtual machine, you can configure it just as you would
configure a disk attached on locally deployed virtual machines.
Discussion questions:

• Based on what you learned in this module, for what purpose would you choose Azure VM
deployment?

• Do you envision Microsoft Azure as a solution to extend your datacenter capabilities?

• What limitations do you see in adoption of virtual machines deployed in Azure?

MCT USE ONLY. STUDENT USE PROHIBITED
2-18 Virtual Machines in Microsoft Azure

Lab: Create a Virtual Machine in Microsoft Azure

Scenario
Orders at A. Datum Corporation have increased significantly. Currently, the order systems run on a server
that provides other in-house services. You have decided to use a dedicated server for your order systems.
Furthermore, this server needs to be able to cope with increasing workloads in the event of future
changes in order volume. With this in mind, you have decided to create an Azure-based server and
evaluate this as a host for the order systems.

Objectives
After completing this lab, you will be able to:

• Create a virtual machine.

• Attach a data disk to the virtual machine.

• Connect to a virtual machine.

Estimated Time: 40 minutes

Exercise 1: Create a Virtual Machine from the Gallery

Scenario
As a part of your task to evaluate server hosting in Microsoft Azure, you have to create a virtual machine
from the Azure gallery.

The main tasks for this exercise are as follows:

1. Select and create a virtual machine.

2. Verify virtual machine creation.

 Task 1: Select and create a virtual machine

1. Sign in to your Azure account on the Azure portal available at http://azure.microsoft.com. After
signing in, switch to a new Azure preview portal.
2. Create a new virtual machine by using the following settings:

o Operating system: Windows Server 2012 R2 Datacenter

o VM name: server<initials>-10979
o User name: server<initials>-admin

o Password: Moc1500!

o Location: Select the location that is closest to you

o Storage account: create new by using default values

3. Select to create a virtual machine with these settings, and then wait for a few minutes until the virtual
machine is created.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-19

 Task 2: Verify virtual machine creation

• Switch back to the Azure management portal, and then verify that the virtual machine is displayed
and has the Running status.

Results: After completing this exercise, you will have created and verified a Microsoft Azure virtual
machine.

Exercise 2: Verify the Functionality of the Virtual Machine

Scenario
After creating a virtual machine, you want to make an RDP connection to it and verify its properties.

The main tasks for this exercise are as follows:

1. View the properties of the virtual machine.

2. Connect to a virtual machine.

 Task 1: View the properties of the virtual machine

1. Open the Azure preview portal, click the HOME tab and then click to open the Azure portal.
2. In the Azure portal, click the virtual machine that you created in the previous demonstration.

3. Browse through the DASHBOARD, MONITOR, ENDPOINTS, and CONFIGURE tabs and review the
available options.

 Task 2: Connect to a virtual machine

1. Switch to the Azure preview portal.
2. Click Browse and then select the virtual machine created earlier.

3. Connect to the virtual machine from the Azure portal, sign in, and then navigate around the server
configuration by viewing Server Manager and File Explorer. Use the credentials that you defined for
the virtual machine in the previous exercise.

4. Disconnect the Remote Desktop Connection session when finished.

Results: After completing this exercise, you will have established a connection to the virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
2-20 Virtual Machines in Microsoft Azure

Exercise 3: Attach a Data Disk

Scenario
After creating a new virtual machine in Microsoft Azure, you want to add a new disk to store data.

The main tasks for this exercise are as follows:

1. View virtual machine disks.

2. Attach a data disk.

 Task 1: View virtual machine disks

1. In the Azure portal, browse to Virtual Machines.

2. Navigate to the virtual machine that you created in Exercise 1.

3. Open the Disks tile.

4. Ensure that you see only the operating system disk attached to the virtual machine.

 Task 2: Attach a data disk

1. In the Disks pane of Virtual machine properties, choose to attach a new disk.
2. Select the default storage account created during virtual machine creation.

3. Choose the vhds container.

4. Create a new data disk with a size of 5 GB.

5. After the disk is attached to the virtual machine, use Azure preview portal to connect to it.

6. Sign in to virtual machine with credentials defined in Exercise 1. Open Computer Management in
the virtual machine window, and verify that disk appears in the Disk Management console.
7. Use the Disk Management console to initialize the new disk and to make a volume on it.

Results: After completing this exercise, you will have attached a new disk to a virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 2-21

Module Review and Takeaways

Review Question
Question: Can you create generation 2 virtual machines in Microsoft Azure?

Best Practice
• Before creating Azure virtual machines, ensure that you are familiar with the pricing for the capacity
you need.

• Ensure that the size of your virtual machine will meet the needs of services that it hosts.

• Use availability sets when you host the same service in more than one virtual machine.

• Use data disks in different storage accounts to achieve better performance. Keep in mind that each
storage account has its limits per subscription.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
3-1

Module 3
Websites and Cloud Services
Contents:
Module Overview 3-1

Lesson 1: Create and Configure Websites 3-2

Lesson 2: Deploy and Monitor Websites 3-8

Lesson 3: Create and Deploy Cloud Services 3-13

Lab: Websites and Cloud Services 3-21

Module Review and Takeaways 3-25

Module Overview
Microsoft Azure provides a specialized website service that you can use to host any website without
having to configure a virtual machine or associated platform software. If you create an Azure website,
you can choose from a wide range of common web apps, including WordPress, Drupal, and Umbraco.
Alternatively, you can upload a custom web app from Microsoft Visual Studio 2013 or another web
developer tool.

To host applications in Azure, you can use platform as a service (PaaS) as an execution model. Cloud
services provide a platform that can host web apps and web services. Cloud services use a modular
architecture that enables you to scale your application to the largest desired sizes while possibly
minimizing costs. This module describes the Azure Websites service and Azure Cloud Services.

Objectives
After completing this module, you will be able to:

• Create and configure websites by using the Azure portal.

• Deploy and monitor websites on Azure.

• Create and deploy cloud services on Azure.

MCT USE ONLY. STUDENT USE PROHIBITED
3-2 Websites and Cloud Services

Lesson 1
Create and Configure Websites
In this lesson, you will learn about Azure Websites and how this differs from PaaS cloud services and web
apps hosted on Azure Virtual Machines. You also will learn how to create and configure Azure Websites.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe Azure Websites, and compare it with Azure Virtual Machines and Azure Cloud Services.
• Explain how to create a website by using the Azure portal.

• Explain how to configure and scale a website by using the Azure portal.

• Create and configure a website.

Comparing Azure Websites, Azure Virtual Machines, and Azure Cloud

Services
If you want to host a web app in Azure, you
can choose to use Azure Virtual Machines, Azure
Websites, or Azure Cloud Services. To select the
option that best suits your needs, consider the
level of control and scaling flexibility that you
require, and the languages and frameworks that
you want to use.

Azure Virtual Machines

Because virtual machines in Azure can include a
web server, such as Internet Information Services
(IIS) or the Apache HTTP Server, you can use
them to host web apps. This scenario is similar to
running a traditional web farm to host your web app, except that the servers are at Azure data centers
and not on-premises. Therefore, this is a common approach to migrating an on-premises web app into
Azure with as little modification as possible. You can host supporting servers, such as computers running
SQL Server, or host databases on other virtual machines, in the same infrastructure as a service (IaaS)
cloud service. When necessary, you can scale out the web app by using load balancing.

If you choose to host a web app in virtual machines, you have maximum control over the operating
system and supporting software. For example, you could install a specific version of PHP on Apache.
However, you must invest the time to update and maintain the infrastructure you create. If you want
to scale out the application, you must provision new virtual machines to host the new instances of the
application.

Azure Websites
Instead of using Azure Virtual Machines, you can choose to host your web app in the Azure Websites
service. Azure Websites is a fully managed PaaS cloud service that enables you to quickly build, deploy,
and scale enterprise-grade web apps.

Note: Azure Websites also supports Azure WebJobs. WebJobs enables you to schedule
regular jobs and batch jobs easily.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-3

Additional Reading: To read more about WebJobs, go to

http://go.microsoft.com/fwlink/?LinkID=517425.

After you create a new Azure website, you can either upload a custom web app or choose from a wide
range of popular general-purpose web apps, including Drupal, Word Press, and Umbraco. You can build
custom web apps to host in Azure Websites by using ASP.NET, Node.js, PHP, and Python.
You can scale up an Azure website by changing tiers. Scaling up increases the traffic a single instance of
the site can service. Alternatively, you can scale out by installing a website in multiple instances, and by
using Azure load balancing or Azure Traffic Manager to distribute traffic. However, you can only scale the
website as a single component. In addition, you cannot gain Remote Desktop Protocol (RDP) access to the
web server. You can use Azure SQL Database or SQL Server on a virtual machine to host an underlying
database.

Note: Azure Websites offers four tiers: Free, Shared (Preview), Basic, and Standard. Each tier
provides for differing numbers of websites, supports different storage capacities, and meets many
other performance-affecting criteria.

Additional Reading: To learn more about the four tiers, go to the Microsoft Azure
Websites Pricing Details webpage: http://go.microsoft.com/fwlink/?LinkID=517426.

Azure Cloud Services

You can also choose to build a web app as an Azure PaaS cloud service. A PaaS cloud service consists of at
least one web role, which includes the application’s user interface, and one or more worker roles, which
run background tasks. Because you can scale each role independently by specifying the number of role
instances, you have a large degree of control over scalability with PaaS cloud services. You can connect
to the web servers that host your PaaS cloud service by using RDP.

Note: The last lesson of this module discusses Azure Cloud Services.

Create a Website in the Portal

You can create your new Azure website in several
ways. You can use either of the Azure portals to
complete the task by using a graphical wizard.

If you use the Preview portal, you must configure

the options to create your website manually. If
you are using the portal, you can select among
three options to create your website:

• Quick Create. This option enables you to

configure the website options manually
during creation.

Note: This option is the one most similar to

using the Preview portal to create your website.
MCT USE ONLY. STUDENT USE PROHIBITED
3-4 Websites and Cloud Services

• Custom Create. If you plan to migrate an existing site, this option enables you to create or associate
a SQL database or MySQL database. Custom Create also provides you with the ability to specify
multiple source control options for your website deployment, such as GitHub or Microsoft Team
Foundation Server.

• From Gallery. This option enables you to create a new website with one of several frameworks, such
as WordPress. This is helpful, because you can quickly create your new website, which you can then
customize within the selected framework.

Creation Options
Whichever option you choose to create the website, you must configure a number of options during
creation. These options are:

• URL. This is the URL by which your website is known and accessed. You must specify a unique name.

• Web hosting plan. If you have an existing web hosting plan, you can select it. Alternatively, you can
choose to create a new web hosting plan.

Note: In the Preview portal, you can select from predefined hosting plans within the UI.

• Region. Azure has multiple global regions. When you deploy your website to any one region, it is
accessible globally on the Internet, but multiple regions provide for greater flexibility. For example,
you can deploy sites in regions that are closest to the users of that site.

Note: The Region field is referred to as Location in the Preview portal.

Configure and Scale a Website in the Portal

Once you have created your Azure website, you
can configure and scale it by using either portal.
The exact procedure varies, depending upon the
portal you use.

Using the Portal

From within the portal, on the navigation bar on
the left, click WEB SITES. In the results pane, select
the appropriate website. From the initial view, you
can see a summary of usage. You then can select
the appropriate tab to configure and manage the
website:

• Dashboard. Displays a summary of activity and options.

• Monitor. Provides detailed statistics about website usage, requests, and errors.
• WebJobs. Enables you to view and configure WebJobs.

Note: You can use WebJobs to script programs to run on your website.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-5

• Configure. Enables you to configure options for your website, including:

o General. This includes the .NET Framework version, PHP version, Java version, Python version,
managed pipeline mode, platform, web sockets, and AlwaysOn Availability Groups.
o Certificates. Enables you to configure and manage certificates used for SSL encryption.

o Domain names. You can assign your own custom website domain name. Azure initially assigns
one with the suffix azurewebsites.net. For example, if you used the name Contoso, the URL would
be Contoso.azurewebsites.net. If you want to use Contoso.com, you can configure that with the
domain names option.

o Secure Sockets Layer (SSL) bindings. Enables you to configure how you use SSL with your domain
names.

o Application diagnostics. You can enable and configure options for application logging.

o Site diagnostics. You can enable and configure options for web server logging.

o Default documents. Specifies which default documents are used on your website; for example,
Default.html and Index.htm.

o Virtual applications and directories. Enables you to define virtual directories and their relative
paths within your website.

Note: Some of these options only become available with certain scaling options.

• Scale. Scaling your Azure websites involves two actions:

o Changing your web hosting plan mode to a higher level of service, or tier.

o Configuring certain settings after you have switched to the higher level of service.

You can configure a number of website options to scale your website, including:
o Web hosting plan mode. This option allows you to choose between the Free, Shared, Basic, and
Standard hosting plan modes. Each of the plan modes supports a different set of features and
capabilities.
Plans in the Free and Shared modes run on a shared infrastructure with sites other customers
create. These sites will have strict quotas for resource utilization.

Plans in the Basic and Standard modes run on resources that are dedicated to your sites, and
have fewer restrictions.

o Capacity. This option enables you to define the instance count and size. Options available
depend upon the selected web hosting plan mode.
Plans in the Free and Shared modes support limited capacity tuning.
The Basic mode enables you to choose between three instance sizes:
 Small. Supports a single core with 1.75 gigabytes (GB) of memory.
 Medium. Supports two cores and 3.5 GB memory.
 Large. Supports four cores and 7 GB memory.
MCT USE ONLY. STUDENT USE PROHIBITED
3-6 Websites and Cloud Services

The Standard mode enables you to choose the same instance sized as basic, but additionally, you
can configure:
 A schedule for scaling.
 The scaling metric (none or CPU). If you choose CPU, you must configure the thresholds for
automatic scaling to occur and the number of resultant instances.
 The instance count.
• Linked Resources. You can use this option to link resources such as databases and storage to your
website.

• Backups. You can only back up the website in the standard web hosting plan. You can configure an
automated backup and an associated schedule.

Using the Preview Portal

The procedure and options available for configuring your website from the Preview portal are different.
From within the Preview portal, from the navigation bar on the left, click BROWSE, and then click
Websites. Select the appropriate website from the returned list in the Websites blade on the right. In
the blade for the selected website, you can view summary, monitoring, and usage data. On the toolbar,
click More. You can change and then reset the publish profile, get the publish profile, and change the
web hosting plan.

Note: You can also create a new web hosting plan. You can choose between several pricing
tiers to select the plan that best suits your requirements.

Demonstration: Creating and Configuring a Website

In this demonstration, you will see how to:

• Create a new website in Azure by using the preview portal.

• Browse the new website from the Preview portal.

• View scaling and configuration options in the portal.

Demonstration Steps
Create a new website in Azure by using the Preview portal
1. Start Internet Explorer, and browse to http://azure.microsoft.com.

2. Connect to the portal, and sign in by using the Microsoft account that is associated with your Azure
subscription.
3. Switch to new portal.

4. Add a new website.

5. Type a valid unique website name. For example, type Contoso####, where #### is a unique number.

Note: If the name is valid and unique, a green check mark displays.

6. Specify a location near you.

Note: The website creation process can take several minutes.

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-7

Browse the new website from the Preview portal

1. When the website creation is complete, in the website blade, click Browse. Internet Explorer shows
the default webpage.

2. Close the Internet Explorer tab, and then close the tab containing the new portal, keeping the portal
tab open.

View scaling and configuration options in the portal

1. In the Portal, refresh the webpage.

2. Select WEB SITES, and in the web sites pane, click your new website.

3. Scroll through the available options on the CONFIGURE tab.

4. Scroll through the available options on the SCALE tab.

5. Under web hosting plan mode, click STANDARD.

6. Under capacity, adjacent to SCALE BY METRIC, click CPU.

7. In the INSTANCE SIZE list, click Large (4 cores, 7 GB memory).

8. Click DISCARD.

9. Click the DASHBOARD tab.

10. Leave the portal open.

MCT USE ONLY. STUDENT USE PROHIBITED
3-8 Websites and Cloud Services

Lesson 2
Deploy and Monitor Websites
Once you have created your Azure website, you can create and publish the content that you want to
make available in the new website. You have several options for creating and publishing content to an
Azure website. After you have created and published the website content, you must deploy the website
to make it available to your users. This lesson describes the processes for creating, publishing, and
deploying website content to Azure websites. It also describes the options that you can use to monitor
those websites.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe the available options for creating Azure website content.

• Explain how to publish an Azure website by using Visual Studio.

• Explain the process of deploying an Azure website.

• Describe how to monitor websites in Microsoft Azure.

Options for Creating and Publishing Website Content

Using the Azure portal to create a website is
the start of the process for making the website
available and useful for its users. You also must
create and publish website content to your Azure
website.

There are several ways that you can create and

publish website content. These include the
following:

• Microsoft Visual Studio 2013. You can use

Visual Studio 2013 to write and deploy a
variety of different types of apps, including
those for Windows Phone and Windows
Store, desktop apps, web apps, and web services.

You can write the code by using a number of programming languages, including:

o Visual Basic

o Visual C#
o Visual C++

o Visual F#
o JavaScript

Additional Reading: Visual Studio 2013 is available in several different editions. For
more information about these editions, go to the Compare Visual Studio Offerings website:
http://go.microsoft.com/fwlink/?LinkID=517427.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-9

• Visual Studio Online. Available from the Preview portal, Visual Studio Online enables you to quickly
and easily develop and publish website content to Azure websites. It provides hosted source control,
work item tracking, collaboration, and a build service.

Note: You can find out more about Visual Studio Online at the Microsoft website:
http://go.microsoft.com/fwlink/?LinkID=523801.

• Microsoft WebMatrix. This tool is available for download from within the Azure portal. It enables you
to create, publish, and maintain your Azure websites. It supports a range of programming languages
and provides a simple interface for website deployment.
To create a website by using WebMatrix, start WebMatrix, and then sign into Azure with your
subscription account. You can then click the option New, and use a range of templates to create
and deploy your website, including:

o Empty site

o Starter site
o Bakery

o Photo gallery

o Personal site
Once you have created the website by using WebMatrix, you can easily publish it to your production
Azure website.

• The Azure website gallery. You can use the Gallery to create and publish your website content when
you create your Azure website. To do this, when you initially create your website in the Azure portal,
click the FROM GALLERY option. You can then select from a range of templates that best suit the
purpose of your website, including:
o App frameworks, such as Bottle, CakePHP, and Django
o Blogs, including Ghost, WordPress, and Orchard CMS

o Forums, such as phpBB and MonoX

o Galleries, including Gallery Server Pro

o Tools, like BugNET, OpenX, and Open Web Analytics

You can also select from many other website templates, including templates that are specific to
particular businesses. There is, for example, a coffee shop website template, a bakery template, and
templates for personal websites and photo galleries. Once you select the appropriate template, Azure
presents you with a wizard interface to complete the creation process.
MCT USE ONLY. STUDENT USE PROHIBITED
3-10 Websites and Cloud Services

Publish a Website from Visual Studio

Using Visual Studio to publish your website
involves the following high-level steps:

• Set up the development environment. To

use Visual Studio to publish your website
content, you must first install the Azure
software development kit (SDK). When you
install the Azure SDK, it will automatically
install Microsoft Visual Studio 2013 Express
for Web edition.

Note: You can also choose to install an

appropriate edition of Visual Studio 2013 manually.

• Create your app. To create the app, launch Visual Studio and choose to create a New Project. You can
then select the type of app that you wish to use on your website; for example, an ASP.NET web app.
The subsequent options that you must configure vary depending upon the type of app you initially
select, but might include:

o .NET Framework version

o Authentication options, such as:

 No authentication
 Individual user accounts
 Organizational accounts
 Windows Authentication
o Host in the cloud/Create remote resources. This option is different depending upon the edition
of Visual Studio. You can use this option to create the website during the publish process. It is
enabled by default. If you choose to create the website during publishing, you must define the
site name, region, and database options.

Note: It is not necessary for you to create your website within the Azure portal before you
create the app. Visual Studio can create your website when you publish it. Alternatively, you can
publish to an existing website.

• Deploy the app to Azure. After you have created your app, you can publish it to Azure by using the
Publish Web Wizard, which appears automatically. You must specify the server name and port, site
name, user credentials to authenticate with the website, and the destination URL.

Note: You can use the Preview option to view your website app before you actually publish
the app.

After you have published your website app, you will need to maintain the content. You can use Visual
Studio to make any required changes to the website app, and then publish those changes to the
production environment.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-11

Additional Reading: You can read more about how to use Visual Studio to publish
ASP.NET websites on the Get started with Azure Websites and ASP.NET webpage:
http://go.microsoft.com/fwlink/?LinkID=517429.

Deploy a Website with Web Deploy

Web Deploy is a technology with client-side and
server-side components that synchronizes both
content and configuration values with web
servers. We recommend that you use this tool
to deploy web apps to Azure websites.

When developing your Azure web app, you can

use Web Deploy to publish changes. Web Deploy
enables you to make these changes incrementally.
After you publish your app to a deployment
environment, Web Deploy lets you deploy
changes directly to the virtual machine that
is running the web role.

Note: It is not necessary to package and publish the entire Azure app every time you want
to update your website. Consequently, you can have your changes available in the cloud for
testing without waiting to publish your application to a deployment environment.

You can use Web Deploy to:

• Deploy websites from development environments to staging and production web servers.
• Migrate content from one web server to another.

Web Deploy is somewhat comparable to other deployment tools, such as FTP, RoboCopy, and XCOPY.

Note: FTP is an older but widely used protocol for uploading web apps to web servers.

Web Deploy offers a number of benefits over these other technologies, including:
• Speed. Web Deploy is faster than FTP.

• Security. Web Deploy supports publishing over HTTPS. It also supports configuring permissions on
files.

• Convenience. Web Deploy can publish databases to SQL Server, MySQL Server, and other databases.

• Integration. Web Deploy integrates with Visual Studio and WebMatrix.

Additional Reading: Read more about Web Deploy at

http://go.microsoft.com/fwlink/?LinkID=517430.
MCT USE ONLY. STUDENT USE PROHIBITED
3-12 Websites and Cloud Services

Monitoring Websites
Running websites consumes resources and incurs
costs. The websites also might generate errors,
if users request webpages that do not exist, for
example. You can use the Monitoring node within
the Azure portal to check resource consumption.
By doing this, you can better plan for increasing
or decreasing website usage.

From within the portal, select the appropriate

website, and then click on the MONITOR tab.
You can use the ADD METRICS option to enable
additional monitoring options. You can view the
following metrics in the chart on the Monitor
page:

• CPUTime. A measure of the website's CPU usage.

• Requests. A count of client requests to the website.

• Data Out. A measure of data that the website has sent to clients.
• Data In. A measure of data that the website has received from clients.

• Http Client Errors. Number of Http "4xx Client Error" messages sent.

• Http Server Errors. Number of Http "5xx Server Error" messages sent.

• Http Successes. Number of Http "2xx Success" messages sent.

• Http Redirects. Number of Http "3xx Redirection" messages sent.

• Http 401 errors. Number of Http "401 Unauthorized" messages sent.

• Http 403 errors. Number of Http "403 Forbidden" messages sent.

• Http 404 errors. Number of Http "404 Not Found" messages sent.

• Http 406 errors. Number of Http "406 Not Acceptable" messages sent.

Notifications
You can enable and receive notifications based on the selected website monitoring metrics. To enable
notifications, you must first configure a rule. You can do this on the MONITOR page for the selected
website. Click ADD RULE. You then can create and configure the rule to trigger an alert when the metric
you choose reaches a value that you specify. You can also choose to have an email sent when the alert is
triggered.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-13

Lesson 3
Create and Deploy Cloud Services
Azure provides three execution models for applications: Virtual Machines, Websites, and Cloud Services. In
this lesson, you will see how Azure Cloud Services differ from Azure Websites and Azure Virtual Machines.
You will also see how to configure Cloud Services and deploy the cloud service code your developers
create.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe Microsoft Azure Cloud Services.

• Describe how to create a cloud service in Microsoft Azure.

• Describe how to scale your Microsoft Azure Cloud Services.

• Deploy cloud services within Microsoft Azure.

• Discuss scenarios for implementing websites with Microsoft Azure.

What Are Cloud Services?

When you create an app and run it in Microsoft
Azure, the code and its configuration together
constitute an Azure cloud service. By creating a
cloud service in Azure, you are able to deploy a
multi-tier web app. You can define multiple roles
to distribute processing and enable flexible scaling
of your application.

Note: With a cloud service, although you

can interact with the underlying virtual machine,
Microsoft still manages the host and guest
operating systems of the virtual machine for
you. You can think of the cloud service as being stateless, whereas both Azure Websites and
Azure Virtual Machines are stateful.

Components of a Cloud Service

A cloud service consists of one or more web roles and/or worker roles, each of which has its own
application files and configuration. The following list defines the key characteristics and components
of an Azure cloud service:

• Cloud service role. Comprises application files and configuration data. A cloud service can have two
types of roles:

o Web role. Provides a dedicated IIS web server that hosts front-end web apps.
o Worker role. Apps hosted within worker roles can run asynchronous, long-running, or perpetual
tasks that require no user input or interaction.

• Role instance. A virtual machine on which your application code and role configuration run.
MCT USE ONLY. STUDENT USE PROHIBITED
3-14 Websites and Cloud Services

Note: A role can have multiple instances, defined in the service configuration file.

• Guest operating system. This is the operating system installed on the role instances (virtual machines)
on which your app code runs.

• Cloud service components. To deploy an app as a cloud service in Microsoft Azure, the following
three components are necessary:

o Service definition file. This file, known as a .csdef file, defines the service model.
o Service configuration file. The .cscfg file provides configuration settings for your cloud service and
individual roles.

o Service package. The .cspkg file contains your app code and the service definition file.
• Cloud service deployment. This is an instance of a cloud service deployed to the Azure staging or
production environment.

Note: You can maintain deployments in both staging and production.

• Deployment environments. Microsoft Azure offers two deployment environments for cloud services:
o A staging environment. An environment in which you can test your deployment before you
promote it to the production environment. In this environment, your cloud service's GUID
identifies it in URLs (GUID.cloudapp.net).
o A production environment. The production environment URL is based on the Domain Name
System (DNS) prefix assigned to your cloud service (for example, myservice.cloudapp.net).

Note: The two environments differ only in the virtual IP (VIP) addresses by which the cloud
service is accessed.

To promote a deployment in the staging environment to the production environment, you can swap
the deployments. You do this by switching the VIP addresses by which the two deployments are
accessed.
• Minimal versus verbose monitoring:

o Minimal monitoring uses performance counters gathered from the host operating systems for
role instances (virtual machines). This is enabled by default for a cloud service.
o Verbose monitoring collects extra metrics from performance data in the role instances. This
enables you to perform closer analysis of activities and problems that occur during app
processing.
• Azure Diagnostics. Enables you to collect diagnostic data from apps running in Azure.

Note: You must enable Azure Diagnostics for cloud service roles for verbose monitoring to
be available.

• Link a resource. To show your cloud service's dependencies on other resources, such as an Azure SQL
Database instance, you can link the resource to the cloud service.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-15

• Scale a cloud service. You can scale out a cloud service by increasing the number of role instances
(virtual machines) deployed for a role. Conversely, you can scale in a cloud service by decreasing role
instances.

• Azure service level agreement (SLA). This guarantees that, when you deploy two or more role
instances for every role, access to your cloud service is maintained at least 99.95 percent of the time.

Cloud Services vs. Azure Virtual Machines

Even though your applications run in virtual machines, Azure Cloud Services provide PaaS, not IaaS. Cloud
Services are therefore different from hosting your applications in Azure Virtual Machines. With Azure
Virtual Machines, you create and configure your application’s environment first, and then you deploy
your application into that environment.

With Cloud Services, the environment already exists. All you must do is deploy your application. With
Cloud Services, you provide a configuration file that tells Azure how many virtual machines you require
for your application; for example, two web role instances and three worker role instances. The Azure
platform creates those for you.

Note: You still define the size of those virtual machines; the options are the same ones that
Azure Virtual Machines offers. However, you do not explicitly create the virtual machines yourself.

Load Balancing
If your application begins to support a higher load, you can request more virtual machines. Azure creates
those additional instances. If the load on your application reduces, you can shut down those instances.
Although both Azure Websites and Azure Virtual Machines enable you to create web apps on Azure, the
main advantage of Azure Cloud Services is its ability to support multi-tier architectures that are more
complex.

Additional Reading: For a more detailed comparison of these components, visit the Azure
Web Sites, Cloud Services, and Virtual Machines comparison webpage:
http://go.microsoft.com/fwlink/?LinkID=517431.

Maintenance and Recovery

When you choose a cloud service, Azure maintains the underlying infrastructure. Microsoft Azure
performs the following tasks:

• Performs routine maintenance.

• Updates the operating systems.

• Attempts recovery from service and hardware failures.

Note: If you define at least two instances of every role, the maintenance tasks, including
your own service upgrades, are performed without any interruption in service.
MCT USE ONLY. STUDENT USE PROHIBITED
3-16 Websites and Cloud Services

Create and Deploy a Cloud Service

Before you can deploy your cloud service, you
must create the cloud service package and the
cloud service configuration file. You can use tools
in the Azure SDK to help you to prepare these
deployment files.

Additional Reading: You can download

the Azure SDK, and other relevant Azure tools,
from the Microsoft Azure Downloads webpage:
http://go.microsoft.com/fwlink/?LinkID=517416.

Creating a Cloud Service

If you do not have significant experience working with Azure Cloud Services, you can download templates
to help with the creation of the deployment files.

Additional Reading: The code samples are available at the Microsoft Azure code samples
webpage: http://go.microsoft.com/fwlink/?LinkID=517432.

After you have installed the Azure SDK, use the following procedure to create a cloud service:

1. Connect to the Azure portal.

2. Click NEW, COMPUTE, CLOUD SERVICE, and then QUICK CREATE.

Note: You can also create a cloud service by using the CUSTOM CREATE option, so that
you can choose the option to deploy a cloud service package during creation.

3. Enter the URL that your cloud service will use. The URL format for production deployments is
http://myURL.cloudapp.net.

4. Enter the Region or Affinity Group. This configures the geographic region or affinity group to which
you will deploy the cloud service.

Note: You must have already created the affinity group. To create an affinity group, in the
portal, open the Networks area, click Affinity Groups, and then click Create.

5. Finally, click Create Cloud Service.

Note: If any roles in your cloud service require a digital certificate for data encryption
using Secure Sockets Layer (SSL), and you have not uploaded the certificate, you must upload
the certificate before you can deploy your cloud service.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-17

Deploying a Cloud Service

After you have successfully created your cloud service, you must deploy it. Use the following procedure to
deploy your cloud service:

1. Connect to the Azure portal.

2. Click Cloud Services, and then select the cloud service that you want to deploy. Click Dashboard.

3. Click either Production or Staging. If you choose to use the Staging environment, you can test your
cloud service before you deploy it to the production environment.

Note: When you are ready to promote your staged cloud service to the production
environment, use Swap to redirect client requests to that deployment.

4. Click Upload, and then enter the following information:

a. Enter a Deployment Label.

b. Browse and select the service package file (.cspkg) for the cloud service.

c. Browse and select the service configure file (.cscfg) for the cloud service.
d. Select the Deploy even if one or more roles contain a single instance check box if your cloud
service includes any roles with only one instance.

Note: Azure only guarantees 99.95 percent access to the cloud service during maintenance
and service updates if every role has at least two instances.

5. Click OK.

After you perform the above steps, your cloud service should be available in either the production or
staging environment.

Scaling a Cloud Service

With the Azure portal, you can scale your cloud
service to adjust its performance. From the Scale
page of your cloud service, you can choose to
scale your application manually, or you can set
the appropriate parameters to have Azure
automatically scale the application for you.

You can scale applications that are running:

• Web roles. Add or remove web role instances

to accommodate the anticipated workload.
• Worker roles. Add or remove role worker role
instances to accommodate the workload.
MCT USE ONLY. STUDENT USE PROHIBITED
3-18 Websites and Cloud Services

Considerations for Scaling

Before you scale your application, consider the following factors:

• Core usage affects scaling. Larger role instances use more cores, but you can scale your application
only within the limit of cores for your subscription.
For example, if your subscription has a limit of 30 cores and you run an application with three
medium-sized virtual machines (a total of six cores), you can scale up other cloud service
deployments in your subscription by only 24 cores.

• Create a queue and associate the queue with a role or availability set. You must do this before you
can scale your application based on a message threshold.
• Deploy two or more role instances to enable high availability. You must ensure that you deploy your
application with two or more role instances or virtual machines to enable high availability for your
application.

Scaling Your Cloud Service

You can perform the following scaling actions for a cloud service:

• Manually scale an application running web roles or worker roles. If necessary, disable automatic
scaling, and then configure the instance count for each of the roles in your cloud service.

Note: You can only increase the number of instances used if the appropriate number of
cores are available to support those instances.

• Automatically scale an application running web roles, worker roles, or virtual machines. You can
configure automatic scaling based on two properties:
o CPU. If the average percentage of CPU usage goes above or below specified thresholds, Azure
creates or deletes role instances, or turns virtual machines on or off from an availability set.

o Queue. If the number of messages in a queue goes above or below a specified threshold, Azure
creates or deletes role instances, or Azure turns virtual machines on or off from an availability set.

Note: Automatic scaling is disabled by default for all roles.

• Scale linked resources. Typically, when you scale a role, it can be beneficial to scale any database
that your application is using. If you link the database to your cloud service, you can change the SQL
Database edition and resize the database as required. If you do not scale linked resources, you run
the risk of causing problems with the linked resource, such as capacity in a database.

• Schedule the scaling of your application. You can configure the following schedule options:
o No schedule. This enables your application to be scaled automatically at all times.

Note: No Schedule is the default option.

o Day and night. This option enables you to specify scaling for specific times of the day and night.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-19

Demonstration: Creating, Deploying, and Scaling a Cloud Service

In this demonstration, you will see how to:

• Create a new cloud service.

• Configure the cloud service.

• Scale the cloud service.

Demonstration Steps
Create a new cloud service
1. If necessary, open Internet Explorer, and browse to http://azure.microsoft.com, click Portal, and
then sign in by using the Microsoft account that is associated with your Azure subscription.

2. Create a new cloud service by using QUICK CREATE:

a. In the URL text box, type a valid unique cloud service name. For example, type
AdatumWeb####, where #### is a unique number. If the name is valid and unique, a
green check mark displays.

b. In the REGION OR AFFINITY GROUP list, click your local region, and then click CREATE CLOUD
SERVICE.

Configure the cloud service

1. Select the new cloud service, and select the CONFIGURE tab.
2. Upload a new production deployment:

a. In the Upload a package dialog box, in the DEPLOYMENT LABEL box, type Adatum App ####,
(where #### is the same number you typed earlier).
b. Select a local package file. Navigate to C:\Labfiles, and double-click AdatumAds.cspkg.
c. Select a local configuration file. Navigate to C:\Labfiles, and double-click
ServiceConfiguration.Cloud.cscfg.

Note: Deployment begins. This could take 10 to 15 minutes.

Scale the cloud service

1. Scale the cloud service:

a. Under adatumadswebrole, adjacent to SCALE BY METRIC, click CPU.

b. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

c. Drag the TARGET CPU slider bar so that maximum is 90.

d. Under adatumadsworkerrole, adjacent to SCALE BY METRIC, click CPU.

e. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

f. Drag the TARGET CPU slider bar so that the maximum is 90.
g. Click SAVE.

2. Close Internet Explorer.

MCT USE ONLY. STUDENT USE PROHIBITED
3-20 Websites and Cloud Services

Discussion: Implementing Websites in an Azure Solution

Azure Websites is the best choice for most of your
web apps, for a number of reasons:

• Both deployment and website management

are integrated into the platform.
• You can scale your sites quickly to handle
high-volume traffic.

• The built-in load balancing and Traffic

Manager help to provide high availability.

• You can move your existing websites to Azure

Websites quickly and easily with an online
migration tool.
• You can use an open-source app from the Web Application Gallery, or create a new site by using the
framework and tools of your choice.

However, in some situations, you may need a higher level of control over your web server environment.
As an example, you may require the ability to connect remotely into your server or to configure server
startup tasks. In such cases, Azure Cloud Services might be a better option. If you have an existing
application that requires substantial modifications to run in Azure Websites or Azure Cloud Services,
you should consider choosing Azure Virtual Machines in order to simplify migrating to the cloud.

Note: Consider that correctly configuring, securing, and maintaining Azure Virtual
Machines requires much more time and technical expertise compared with either Azure Websites
or Azure Cloud Services. If you are considering Azure Virtual Machines, make sure you take into
account the ongoing maintenance effort required to patch, update, and manage your virtual
machine environment.

Scenarios for Using Azure Websites

The following list introduces a variety of scenarios. As a class, discuss which platform might be suitable for
each scenario:
• You want a reliable way to host your corporate website that scales well and is globally available.

• You have an IIS6 application running on Windows Server 2003.

• You run a small business, and want an inexpensive way to host your site, but are concerned about
future growth.

• You are a graphic designer, and want to design and build websites for your customers.

• You are migrating your multi-tier application with a web front-end to the cloud.

• Your application depends on highly customized Windows or Linux environments and you want to
move it to the cloud.

• You have a line-of-business application that must connect to the corporate network.
Question: Based on what you learned in this module, for what purpose would you choose to
deploy Azure Websites?

Question: What limitations do you see in adoption of websites deployed in Azure?

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-21

Lab: Websites and Cloud Services

Scenario
You require a blog for the A. Datum Corporation website and decide that this would be an ideal time to
test the functionality of Microsoft Azure Websites. You also would like to test the use of Azure Cloud
Services to contain virtual machines.

Objectives
After completing this lab, the students will have:

• Created a WordPress website from the Gallery.

• Created a cloud service.

Lab Setup
Estimated Time: 35 minutes
Sign in to your classroom computer by using the credentials your instructor provides.

Before you start this lab, ensure that you have a trial Azure subscription.

Note: To complete the lab in this module, you must have completed the labs in all
preceding modules in this course.

Exercise 1: Create a WordPress Website

Scenario
Your users have suggested that they would like to be able to post blog articles to a corporate website.
You have decided to host this website on Azure. In this exercise, you will create a website to host
WordPress blogs, and then test the website by posting articles to the site.
The main tasks for this exercise are as follows:

1. Create a website.

2. Install WordPress.
3. Create a blog post.

 Task 1: Create a website

1. Start Internet Explorer, and browse to http://azure.microsoft.com, click Portal, and then sign in by
using the Microsoft account that is associated with your Azure subscription.

2. Create a new website to host your blog:

a. In the Azure portal, on the navigation pane, click WEBSITES.

b. Click NEW, and then click FROM GALLERY.

c. In the ADD WEB APP Wizard, on the Find Apps for Microsoft Azure page, click BLOGS.

d. In the A-Z list, click WordPress, and then click Next.

e. On the Configure Your App page, in the URL box, type AdatumBlog####, where #### is a
unique number. If your URL is unique, a green check mark displays.
f. Leave DATABASE and WEBSCALEGROUP configured with default values.
MCT USE ONLY. STUDENT USE PROHIBITED
3-22 Websites and Cloud Services

g. Select the appropriate REGION, and then click Next.

h. On the New MySQL Database page, accept the default name.

i. In the REGION list, click the appropriate region.

j. Select the I agree to ClearDB’s legal terms … check box, and then click Complete.

Note: Your website is created. This may take a few minutes.

 Task 2: Install WordPress

1. In the websites list, in the URL column, click the URL for your new website. Internet Explorer opens a
new tab and navigates to your new website.

2. On the WordPress website, in the languages list, click English (United States), and then click
Continue.
3. On the Welcome page, complete the Information needed section with the following information:

a. Site Title: AdatumMyBlog#### (where #### is a unique number)

b. Username: The email address associated with your Azure subscription.
c. Password, twice: Pa$$w0rd

d. Your E-mail: The email address associated with your Azure subscription.
4. Click Install WordPress.

 Task 3: Create a blog post

1. In Internet Explorer, on the Success webpage, click Log In:

a. In the Username box, type the email address associated with your Azure subscription.

b. In the Password box, type Pa$$w0rd.

c. Select the Remember Me check box, and then click Log In.

Note: If prompted by Internet Explorer to store the password for the website, click Not for
this site.

2. Create a new post:

a. In the Dashboard, click Write your first blog post.

b. On the Add New Post page, in the Enter title here box, type Welcome to the Adatum Blog.
c. In the main text box, type Welcome to the Adatum blog.

d. Click Publish.

3. View your new post.

4. Close the current tab in Internet Explorer, and return to the Azure portal tab.

Results: After you complete this exercise, you will have successfully created and configured an Azure
website to support WordPress blogs.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-23

Exercise 2: Create a Cloud Service

Scenario
You must now create an Azure cloud service. You will use the Azure portal to complete this task.

The main tasks for this exercise are as follows:

1. Create a cloud service.

2. Deploy a cloud service.

3. Verify a cloud service.

 Task 1: Create a cloud service

• Create a new cloud service by using QUICK CREATE:

a. In the URL text box, type a valid unique cloud service name. For example, type
AdatumWeb####, where #### is a unique number. If the name is valid and unique, a
green check mark displays.

b. In the REGION OR AFFINITY GROUP list, click your local region, and then click CREATE CLOUD
SERVICE.

 Task 2: Deploy a cloud service

1. Select the new cloud service and select the CONFIGURE tab.
2. Upload a new production deployment:

a. In the Upload a package dialog box, in the DEPLOYMENT LABEL box, type Adatum App ####
(where #### is the same number you typed earlier).
b. Select a local package file. Navigate to C:\Labfiles, and double-click AdatumAds.cspkg.
c. Select a local configuration file. Navigate to C:\Labfiles, and double-click
ServiceConfiguration.Cloud.cscfg.

Note: Deployment begins. This could take 10 to 15 minutes.

3. Scale the cloud service:

a. Under adatumadswebrole, adjacent to SCALE BY METRIC, click CPU.

b. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

c. Drag the TARGET CPU slider bar so that the maximum is 90.
d. Under adatumadsworkerrole, adjacent to SCALE BY METRIC, click CPU.

e. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

f. Drag the TARGET CPU slider bar so that maximum is 90.

g. Click SAVE.
MCT USE ONLY. STUDENT USE PROHIBITED
3-24 Websites and Cloud Services

 Task 3: Verify a cloud service

Note: It might take a few minutes for your website to display.

1. Review the list of cloud services in the Azure portal, and then click the URL for your cloud service. The
Adatum Ads webpage displays.

Note: The app is for demonstration purposes and is not completely functional.

2. Close Internet Explorer.

Results: After you complete this exercise, you will have successfully created, deployed, and configured an
Azure cloud service.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 3-25

Module Review and Takeaways

Review Questions
Question: What is the key difference between using Azure Websites and using an Azure
virtual machine with the IIS server role installed to host your website app?

Question: You want to create and publish your Azure website by using the Azure portal.
Which option should you select when creating the new website?
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
4-1

Module 4
Virtual Networks
Contents:
Module Overview 4-1

Lesson 1: Getting Started with Virtual Networks 4-2

Lesson 2: Creating a Virtual Network 4-6

Lesson 3: Implementing Point-to-Site Networks 4-9

Lab: Create a Virtual Network 4-13

Module Review and Takeaways 4-17

Module Overview
Microsoft Azure virtual networks are a critical component of most Azure deployments. With Azure virtual
networks, you can establish secure and reliable communication between Azure virtual machines and
between your data center and Azure. By using Azure virtual networks, you can effectively extend your
data center to Microsoft Azure.
In this module, you will learn how to create and implement Azure networks, and how to implement
communications between your on-premises infrastructure and Azure.

Objectives
After completing this module, you will be able to:

• Describe the purpose and functionality of Azure virtual networks.

• Create Azure virtual networks.

• Implement point-to-site networks.

MCT USE ONLY. STUDENT USE PROHIBITED
4-2 Virtual Networks

Lesson 1
Getting Started with Virtual Networks
You must be familiar with virtual networks before implementing them in Azure. In addition, it is important
that you determine whether your cloud deployment requires virtual networks. In this lesson, you will learn
about virtual networks and their proper implementation.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe virtual networks.

• Determine the need for a virtual network.

• Describe virtual network awareness.

What Are Virtual Networks?

When you deploy virtual machines in your
on-premises environment, you must create
virtual networks to enable the virtual machines
to communicate with each other. Depending on
your communication needs for virtual machines,
you can create private, internal, or external virtual
networks switches. By using these switches and
networks, virtual machines communicate with the
rest of your network, with other virtual machines,
and with the Microsoft Hyper-V host machine.

Deploying virtual machines in Microsoft Azure is

similar to deploying them on-premises. However,
because you do not deploy Azure virtual machines in your own data center, and because they are not
physically connected to your network infrastructure, you must connect these virtual machines to your
internal infrastructure first. By running software that your company’s employees use in Azure virtual
machines, you can make these applications as accessible as if they were running in your own data center.
By default, Azure virtual machines can communicate with each other, but network communication with
your on-premises infrastructure is not enabled, except for Remote Desktop Protocol (RDP) traffic.

You can address this issue is by creating a virtual private network (VPN) between your local network
infrastructure and Azure virtual machines. However, before you create a VPN connection, you must first
create an Azure virtual network, and assign virtual machines to it.

The Microsoft Azure virtual network represents a logical boundary around a group of virtual machines,
called a virtual network, in an Azure data center. After you create a virtual network in Azure, you can
establish a connection, protected with Internet Protocol security (IPsec), between this network and your
local network.

When creating Azure virtual networks, you can allocate IP addresses for the Azure virtual machines from
the same IP address space that you use in your own network. This greatly simplifies the deployment of the
Azure virtual machines (VMs) and the movement of the locally deployed virtual machines to the Microsoft
Azure platform. Because the connection between your local infrastructure and Azure virtual machines
happens on the IP level, the connection does not depend on an operating system running in the virtual
machines. After you establish this connection, the Azure virtual machines running in virtual networks look
like just another part of your organization’s network. As a result, virtual machines in Azure can also access
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 4-3

resources in your local network infrastructure. For example, you can run a service in an Azure VM that
uses data stored on your locally deployed storage.

Additional Reading: For more information on virtual networks, go to

http://go.microsoft.com/fwlink/?LinkID=517442.

The following image visually represents usage of Azure virtual networks and their connectivity with local
infrastructure.

FIGURE 4.1: ILLUSTRATION OF THE USAGE OF AZURE VIRTUAL NETWORKS AND

THEIR CONNECTIVITY WITH LOCAL INFRASTRUCTURE.

Note: An alternative way to connect your local network to the Azure network is to use
Azure ExpressRoute connectivity. This technology enables you to create private connections
between Azure data centers and on-premises infrastructure that. With ExpressRoute, you can
connect to Azure at an ExpressRoute partner colocation facility or connect to Azure directly from
your existing wide area network (WAN). ExpressRoute connections are not established over the
public Internet, and they offer higher security, more reliability, faster speeds, and lower latencies
than typical Internet connections.
MCT USE ONLY. STUDENT USE PROHIBITED
4-4 Virtual Networks

Determine the Need for Virtual Networks

Not every deployment of Azure virtual machines
requires the deployment of Azure virtual
networks. Whether you need an Azure virtual
network depends on what you are trying to do.
Because there is no universal design for Azure
virtual networks, it is important that you carefully
plan virtual network deployments for resources in
Azure. In general, your solution for networking in
Azure will fall into one of the following categories:
no virtual networks, cloud-only virtual network,
and cross-premise virtual network.

We recommend that you evaluate your need for

virtual networks before you deploy Azure virtual machines, because virtual machines and cloud services
configure their network settings during deployment. This means you cannot move your existing Azure
virtual machines into a virtual network that is are already deployed into a virtual network. However, you
can redeploy your virtual machines to connect them to proper virtual networks, which will cause some
downtime.
Depending on your usage scenario, you can create two types of virtual networks in Microsoft Azure.

If you do not plan to connect your Azure virtual machines to your local network infrastructure, you will
use cloud-only virtual network deployments. In this case, on-premises resources can access Azure virtual
machines only through connection endpoints. The Azure virtual machines can communicate
with each other and access the Internet.

To connect your internal data center to Azure virtual machines by using a secure connection, and to
provide two-way resource access between Azure VMs and an on-premises infrastructure, you create
a cross-premise virtual network. When creating a cross-premise virtual network, you must create a
gateway to your internal network. You must also consider IP addressing.

Virtual Network Awareness

Virtual machines deployed in a cloud utilize
virtual networks in Azure the most, but other
Azure services can also use them. Currently, virtual
networks created in Azure support cloud services
only. Cloud services in Azure that can use virtual
networks include cloud services and virtual
machines. A cloud service consists of one or more
web roles or worker roles, each with its own
application files and configuration. Azure websites
also support integration with the Azure virtual
networks. Integration between Azure websites and
the Azure virtual network enables your website to
access resources running in your virtual network. This includes the ability to access web services or
databases running on your Azure virtual machines. If your virtual network is connected to your on-
premises network, your Azure website will be able to access the on-premises systems through this
integration.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 4-5

In addition, within virtual networks, you can deploy cloud services with web and worker roles such as
those in Platform as a Service (PaaS). You do not have to change your application code for this. When you
configure your service, you should specify your virtual network name and the role/subnet mappings in the
network configuration section. However, once you deploy a service to a virtual network, you cannot move
it in and out of the virtual network. If you want to move the service, you will have to delete and then
redeploy the service.
MCT USE ONLY. STUDENT USE PROHIBITED
4-6 Virtual Networks

Lesson 2
Creating a Virtual Network
To create and use virtual networks, you should configure several configuration options. In this lesson, you
will learn about virtual network components and how to create virtual networks. Also, you will learn about
Microsoft Azure Traffic Manager.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe virtual network components.

• Create a virtual network.

• Describe the Microsoft Azure Traffic Manager.

Virtual Network Components

When you create a virtual network in the Azure
portal, you must configure several components
and properties. For cloud-only virtual networks,
configuration steps are simpler, because you do
not have to create a gateway to your on-premises
infrastructure. If you decide to have a cross-
premise virtual network, you must configure
additional elements.
When you start a wizard to create a new virtual
network, you first have to provide a network
name. You may choose any name, but it cannot
start with a number. After you select your virtual
network name, you should configure the Location parameter. You can configure the location by selecting
a region from the drop-down list. This location specifies where you want your virtual machines to reside
when you deploy them to the virtual network you are creating. For example, if you indicate that your
network is located in the South Central US region, each virtual machine that you assign to this network
will be located in this same region. It is not possible to change the region associated with your virtual
network after you create it.

After you configure your network location, you will have the option to configure Domain Name System
(DNS) servers for your network. By default, Azure provides name resolution for your virtual network.
However, if you have more advanced DNS requirements, or want to use dedicated DNS servers for
your Azure virtual machines, you have the option to configure DNS servers for each virtual network
you create.
If you do not want to connect your virtual network with an on-premises infrastructure, the only thing you
should configure for the Azure virtual network is the Virtual Network Address Space. When configuring
the Virtual Network Address Space, you specify the address space that you want to use within the virtual
network you create. You can choose between 10.0.0.0, 172.16.0.0, and 192.168.0.0 with variable length
subnet masks. You can also configure additional subnets within these address spaces. IP addresses from
ranges configured here will be dynamically assigned to your virtual machines. However, you cannot use
these IPs for connection endpoints on the Internet.

If you choose to connect your virtual network with your on-premises infrastructure, you must select point-
to-site or site-to-site connectivity options on the DNS Servers and VPN Connectivity page of the wizard. If
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 4-7

you choose to create site-to-site connectivity, you will have to configure an on-premises VPN device IP
address, and specify your local IP scope. For point–to-site connectivity, you must select the IP address
range that VPN clients will use.

Demonstration: Creating a Virtual Network

In this demonstration, you will see how to create an Azure virtual network.

Demonstration Steps
1. Sign in to your Azure subscription at https://manage.windowsazure.com.

2. Click Networks in the navigation pane.

3. Choose to create a new virtual network.

4. Name the network VNET1, and choose West US as the location.

5. Do not make changes to DNS Servers and Connectivity options.

6. Select 192.168.0.0/24 for Virtual Network Address Spaces and add one more subnet.

7. Add 172.16.0.0/16 address space.

8. Finish the Wizard and create a network.

Azure Traffic Manager

When you implement an application in Microsoft
Azure, you will want to provide efficient and fast
access to it for the end users. When deploying an
application in multiple Azure data centers (such
as when you deploy several virtual machines in
different Azure regions), you will want to direct
user request traffic across these data centers
so that users experience minimal latency.
To achieve this type of optimization, the Azure
platform provides a service called Azure Traffic
Manager. This service intelligently directs requests
from users across instances of an application
running in different Azure data centers.

When a user wants to access your application or a web site, the user’s machine will look up the DNS name
of your application. Queries for the IP address will go to Azure DNS servers. DNS in Azure will then search
for the Traffic Manager policy for the name that was received in a query. If it finds one, Azure Traffic
Manager calculates the most efficient connection for the specific user, based on policy, and directs the
user to the appropriate Azure data center.

When you create an Azure Traffic Manager policy for your application, there are three options that you
can configure to determine how Azure Traffic Manager behaves:
• Performance. If you choose this option, Traffic Manager sends all client requests to the data center
with the lowest latency from the user system. Usually, this will be the data center that is
geographically closest to the user.
MCT USE ONLY. STUDENT USE PROHIBITED
4-8 Virtual Networks

• Failover. If you choose this option, Traffic Manager directs all client requests to the data center that
you specify in the policy. If the data center is unavailable, Traffic Manager directs requests to other
data centers in the priority order defined by the policy.

• Round Robin. If you choose this option, Azure Traffic Manager equally distributes client requests
across all data centers in which the application is running.

Azure Traffic Manager periodically checks all instances of the application that it manages. It periodically
pings each copy of the application via an HTTP GET and records the response. If there is no response,
it stops directing users to that instance of the application until it reestablishes the connection.

Due to recent feature enhancements, Azure Traffic Manager offers support for endpoints external to
Azure. This means that you can use Azure to extend an existing on-premises or externally hosted
deployment. Also, the round-robin load-balancing method is enhanced to support weights, which
enables more control over traffic distribution between endpoints.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 4-9

Lesson 3
Implementing Point-to-Site Networks
In many scenarios, you might need to initiate a remote connection to the Azure virtual network. Azure
virtual networks give you the ability to initiate a secure point-to-site VPN connection from anywhere, by
using a software VPN client. In this lesson, you will learn about point-to-site VPN connections and how to
implement them.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe a point-to-site VPN connection.

• Describe the requirements for a point-to-site VPN connection.

• Set up a point-to-site VPN connection.

Overview of Point-to-Site VPN

By default, each virtual machine that you create in
Azure is accessible by an RDP or a secure shell
(SSH) connection. However, if you want to
establish a secure connection from your computer
(or from your local network resources) to the
Azure virtual network, you have to create
a VPN connection.
By setting up a point-to-site VPN connection,
you can create individual connections from client
computers that you want to connect to the Azure
virtual network. In site-to-site VPNs, you establish
a VPN connection throughout your whole local
network infrastructure, and you use a VPN device on your side. With point-to-site VPNs, you establish
a connection by using a software VPN client that you install on each machine from which you want to
initiate a connection to the Azure virtual network. This type of VPN connection does not require that you
have a VPN device. In addition, you do not need to have a static IP address assigned to the VPN client.
You can establish a point-to-site VPN connection manually by initiating a connection from the client.

Although site-to-site VPNs will probably be the ideal solution when you want to extend your data center
to Azure, there are some scenarios where point-to-site VPNs are more appropriate. For example, if you
want to configure just a few clients from your network to connect to the Azure virtual network, a point-
to-site VPN is the appropriate solution. In addition, point-to-site is best if you want to enable your clients
to connect to the Azure virtual network from remote locations, such as hotels or airports. If you do not
have an externally facing IPv4 IP address for your VPN device, you will also have to establish a point-to-
site connection.

Even when you have implemented a site-to-site VPN, you might need point-to-site VPN connections for
remote clients that require a connection to Azure. Because of this, point-to-site and site-to-site
configurations can exist concurrently.
MCT USE ONLY. STUDENT USE PROHIBITED
4-10 Virtual Networks

Overview of Requirements for Point-to-Site VPN

Although creating a point-to-site VPN connection
is simple, it does require that you configure
certain settings before beginning the process.

When you create a virtual network in the Azure

portal and select the option to enable point-to-
site connectivity, you will be required to configure
address space for IP addresses that you want
to assign to cross-premises clients connecting
through a point-to-site connection. This address
space must be from the private range 10.0.0.0/8,
172.16.0.0/12, or 192.168.0.0/16. You must ensure
that the range you select here does not overlap
with other virtual networks or networks on your local site.
Also, you will have to configure virtual network address space that the virtual network you are creating
will use. This network address space also should not overlap with address space that you use in your on-
premises environment.
Each point-to-site VPN requires that you configure a dynamic routing gateway. A point-to-site VPN
requires a gateway subnet. Only the virtual network gateway uses the gateway subnet.

You use certificates to perform authentication for the clients that are initiating a point-to-site VPN
connection. You must first create a root certificate and upload it to the Azure management portal.
Then you create client certificates used for authentication. You create these certificates manually by
using the makecert command line utility (part of Microsoft Visual Studio tools). Currently, you cannot
use an internal certification authority (CA) to generate these certificates, so you must use self-signed
certificates.

You must install a client certificate on each computer that you want to connect to the virtual network,
so you must generate a client certificate for each machine that you want to connect to the Azure virtual
network. You can generate certificates for all clients on a single machine, export them, and then import on
each client. It is important that you export certificates in .pfx format that includes the private key. The next
topic will cover the certificate generation process.

Based on generated certificates and the dynamic gateway, the Azure platform will generate VPN client
software that you should install on each machine that will be connecting to the Azure virtual network.
Currently, the Azure platform supports the following operating systems as clients:

• Windows 8.1 (32-bit and 64-bit)

• Windows 8 (32-bit and 64-bit)

• Windows 7 (32-bit and 64-bit)

• Windows Server 2012 R2 (64-bit only)

• Windows Server 2012 (64-bit only)

• Windows Server 2008 R2 (64-bit only)

You will choose to download the 32-bit or 64-bit VPN client. You can then manually install VPN client
software on each machine, or use a software distribution mechanism, such as Microsoft System Center
Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 4-11

Setting Up a Point-to-Site VPN

You can use the Azure management portal to
create a point-to-site VPN. If you have already
created virtual networks, you can enable them
for point-to-site connectivity. However, you might
have to change other configuration parameters.
Because of this, we recommend that you
configure point-to-site connectivity when you
create an Azure virtual network.

You would typically use the following process to

create and configure a virtual network with point-
to-site connectivity:
1. Create a virtual network. As the previous
lesson described, you should start the wizard for creating a new virtual network. During the
wizard, you should select the check box for enabling point-to-site VPN capability. You will see the
configuration page where you can configure address space for VPN clients, the virtual network
address space, and gateway subnet. If you enable point-to-site connectivity on an existing virtual
network, you will also have to configure these parameters.

2. Create a dynamic routing gateway. A gateway is a mandatory component for a point-to-site VPN
connection. You must enable a dynamic routing gateway after you create your virtual network with
point-to-site connectivity. It usually takes up to 15 minutes to create the gateway.
3. Create certificates. As described earlier, certificates are used for VPN authentication purposes. To
create a root self-signed certificate, you should issue the following command:

makecert -sky exchange -r -n "CN=RootCertificateName" -pe -a sha1 -len 2048 -ss My

"RootCertificateName.cer"

After you create the root certificate, you should upload it to Azure by using the Certificates tab in the
Network configuration pane. Then you should create client certificates. You use the same command-
line utility as for the root certificate, but with different parameters. For example:

makecert.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in

"RootCertificateName" -is my -a sha1

This command creates a client certificate in a user’s Personal store on the computer where you issue
this command. You can generate as many client certificates as needed by using this same command
and typing different values for ClientCertificateName. We recommend that you create unique client
certificates for each computer that you want to connect to the virtual network. After you create the
client certificates, you should export them in the .pfx format and import them on the client machines
that will be connecting to the network.

4. Download and install the VPN client software. After you configure a dynamic gateway and ertificates,
you will see a link to download a VPN client for a supported operating system. You should download
the appropriate VPN client (32-bit or 64-bit) and install it on client machines that will be initiating a
VPN connection. Ensure that you also install the client certificate from step 3 before you initiate the
VPN connection.
MCT USE ONLY. STUDENT USE PROHIBITED
4-12 Virtual Networks

Demonstration: Set Up a Point-to-Site VPN

In this demonstration, you will see how to create a point-to-site VPN connection.

Demonstration Steps
1. Open the Azure management portal and navigate to NETWORKS.

2. Open the configuration pane for VNET1.

3. Enable the Configure point-to-site connectivity option and save changes.

4. Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section.
Ensure that 10.0.0.0/24 is selected.

5. Create the C:\temp folder if it does not exist, and then open Developer Command Prompt for
VS2013 as administrator.

6. In the Command Prompt window, type makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a
sha1 -len 2048 -ss My "C:\temp\VNET1Cert.cer", and then press Enter. Do not close the Command
Prompt window.

7. Switch back to the Azure management portal, and click the CERTIFICATES tab on the VNET1 portal.
Upload the certificate that you just created and stored to C:\temp.

8. Restore the Command Prompt window. Type makecert.exe -n "CN=VNET1Client" -pe -sky
exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1, and then press Enter.
9. Switch back to the Azure portal and in the VNET1 configuration pane, on the DASHBOARD tab, click
to create gateway.

Discussion: Implementing Networks in Azure Solution

In this module, we discussed Azure virtual
networks. As you already know, Azure virtual
machines can communicate with each other
out of the box, but they communicate with your
on-premises infrastructure only through a virtual
private network (VPN) between your local network
infrastructure and Azure virtual network to which
VMs are assigned.
To establish VPN connection to your on-premises
computer or your on-premises network, you must
create a gateway on your Azure network and
define address spaces.
Think about implementation of Azure networks in your environment and answer the following discussion
questions:

1. If you decide to implement some of your services on the Azure platform, would you need Azure
virtual networks? If yes, which services you will need to integrate with Azure virtual networks?

2. What kind of VPN networks do you see as more appropriate to connect your environment to Azure –
site-to-site VPNs or point-tosSite VPNs?
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 4-13

Lab: Create a Virtual Network

Scenario
A. Datum Corporation is planning to create several cloud-based virtual machines. You want to create
a configurable network to control communication between these virtual machines. A. Datum wants to
evaluate ways to connect remote workers to cloud resources by using VPN. To address this requirement,
you decide to implement point-to-site VPNs.

Objectives
After completing this lab, you will be able to:

• Create a virtual network.

• Create a virtual machine from the Gallery.

• Add point-to-site connectivity.

Lab Setup
Estimated Time: 45 minutes

Sign in to your classroom computer by using the credentials your instructor provides.
You must have successfully completed the lab in module 1 before you start working on this lab.

Exercise 1: Creating a Virtual Network

Scenario
As a first step in deploying virtual network infrastructure, you want to create a new virtual network.

The main task for this exercise is as follows:

1. Create a virtual network.

 Task 1: Create a virtual network

1. Sign in to your Azure subscription on https://manage.windowsazure.com.

2. Select NETWORKS in the navigation pane.

3. Choose to create new virtual network.

4. Name the network VNET1, and choose West US as location. If you do not have West US as an
available option, choose the region that is closest to you.
5. Do not make changes to the DNS Servers and Connectivity options.

6. Select the IP range 192.168.0.0/24 as the range for Virtual Network Address Spaces. Add one more
subnet

7. Add the 172.16.0.0/16 address space.

8. Finish the wizard and create a network.

Results: After completing this exercise, you will have created a new virtual network.
MCT USE ONLY. STUDENT USE PROHIBITED
4-14 Virtual Networks

Exercise 2: Creating Virtual Machines from the Gallery

Scenario
After creating a virtual network, you want to assign virtual machines to it. You will create two virtual
machines and assign them to the VNET1 virtual network.

The main tasks for this exercise are as follows:

1. Create a virtual machine.

2. Create a second virtual machine.

3. Test virtual network connectivity.

 Task 1: Create a virtual machine

1. Open the Azure preview portal at https://portal.azure.com and sign in with the Microsoft account
associated with your Azure subscription.

2. Create a new virtual machine in the Azure preview portal with the following parameters:

o Host name: Server1

o User name: server1-admin

o Password: Moc1500!

o Pricing tier: Basic A1

o Virtual Network: VNET1

 Task 2: Create a second virtual machine

• Create a new virtual machine in the Azure preview portal with the following parameters:
o Host name: Server2

o User name: server2-admin

o Password: Moc1500!
o Pricing tier: Basic A1

o Virtual Network: VNET1

Note: While the virtual machines are provisioning, you can start working on Exercise 3, Task
1 to save some time. After the virtual machines have provisioned, you can perform task 3 from
this exercise.

 Task 3: Test virtual network connectivity

1. In the Azure preview portal, connect to the Server1 virtual machine by using an RDP connection.

2. Note the Internal IP address assigned to Server1.

3. In the Azure preview portal, connect to the Server2 virtual machine by using an RDP connection.
4. Note the Internal IP address assigned to Server2. Open Network and Sharing Center on Server2 and
enable Network discovery and file sharing.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 4-15

5. On the Server1 machine, open File Explorer and in the address bar, type \\IPaddressofServer2, and
then press Enter. Ensure that the server opens, which confirms that your servers can communicate via
virtual network VNET1.

Results: After completing this exercise, you will have created two new virtual machines and assigned them
to VNET1.

Exercise 3: Add Point-to-Site Connectivity

Scenario
After creating a virtual network and virtual machines, you want to enable point-to-site functionality on
existing virtual networks, and establish a VPN connection from your computer.
The main tasks for this exercise are as follows:

1. Add point-to-site connectivity.

 Task 1: Add point-to-site connectivity

1. Open the Azure management portal and navigate to NETWORKS.
2. Open the configuration pane for VNET1.

3. Enable the Configure point-to-site connectivity option and save changes.

4. Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section.
Ensure that 10.0.0.0/24 is selected.

5. Open File Explorer and create the C:\temp folder if it does not exist.

6. Open Developer Command Prompt for VS2013 as administrator.

7. In the command prompt window, type makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a
sha1 -len 2048 -ss My "C:\temp\VNET1Cert.cer", and then press Enter. Do not close the Command
Prompt window.
8. Switch back to the Azure management portal, and click the CERTIFICATES tab on the VNET1 portal.
Upload the certificate that you just created and stored to C:\temp.

9. Restore the Command Prompt window. Type makecert.exe -n "CN=VNET1Client" -pe -sky
exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1, and then press Enter.

10. Switch back to the Azure portal and in the VNET1 configuration pane, on the DASHBOARD tab, click
to create the gateway.

Note: This might take up to 15 minutes. At this point, you can go back and verify if the
virtual machines from Exercise 2 are created and running. If they are, you can perform Task 3
from Exercise 2.

11. After the gateway is created, download 64-bit VPN client from DASHBOARD and install it on the
classroom machine. Unblock the file that you downloaded before starting installation.

12. Initiate VPN connection by using VPN client and ensure that you can establish it.

13. Execute ipconfig command in command prompt and ensure that you have IP address from
10.0.0.0/24 scope assigned to PPP adapter VNET1.
MCT USE ONLY. STUDENT USE PROHIBITED
4-16 Virtual Networks

14. Open File Explorer and type \\IPAdddressofServer2\C$. Sign in as server2-admin with password
Moc1500!.

15. Ensure that you can access the C drive of Server 2 by using this VPN connection.
16. Disconnect from VNET1 and close all Remote Desktop Connection sessions

Results: After completing this exercise, you will have established a point-to-site connectivity.

Question: Which Azure portal you should use to create virtual networks?

Question: Can you assign virtual machines that you created earlier to the new virtual
network?
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 4-17

Module Review and Takeaways

Review Questions
Question: Is it mandatory to set up the Domain Name System (DNS) on your Azure virtual
network?

Question: If you have machines running Windows XP and Windows Vista, can you initiate a
point-to-site connection?

Best Practice
• Before you create any virtual networks, analyze your requirements and determine what type of virtual
network you need.

• Carefully plan address space for virtual networks, especially if you are going to implement cross-site
connectivity.
• Use point-to-site VPNs when you want to provide access from single computers at remote locations
to your Azure virtual network.

• Issue a separate client certificate for each client that will be using a point-to-site VPN.

Common Issues and Troubleshooting Tips

Common Issue Troubleshooting Tip

You do not see an option to download the

VPN client for a point-to-site connection.

The VPN client cannot establish a point-to-

site VPN connection.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
5-1

Module 5
Cloud Storage
Contents:
Module Overview 5-1

Lesson 1: Understand Cloud storage 5-2

Lesson 2: Create and Manage Storage 5-14

Lab: Configure Azure Storage 5-20

Module Review and Takeaways 5-22

Module Overview
As a part of the Microsoft Azure platform, Microsoft also offers storage that you can use for various
purposes. Cloud-based storage, available in Microsoft Azure, can reduce the size of your storage banks
and provide you more flexibility for managing your storage requirements. You can use storage in Azure
for virtual machines, but also for databases, tables, and message queueing. In this module, you will learn
about cloud storage in Microsoft Azure.

Objectives
After completing this module, you will be able to:
• Describe the features and benefits of cloud storage.

• Create and manage storage in Azure.

MCT USE ONLY. STUDENT USE PROHIBITED
5-2 Cloud Storage

Lesson 1
Understand Cloud storage
Before you implement and use cloud-based storage, it is important that you have a good understanding
of the available storage options and the storage types that you can use in Azure. Typically, you do
not manage and configure storage within the Azure platform the same way that you manage your on-
premises storage. Cloud-based storage is provisioned from your storage account, and you configure
it based on your needs. In this lesson, you will learn about cloud storage in Microsoft Azure.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe Azure storage.

• Describe blobs.

• Describe tables.

• Describe queues.
• Describe Azure File services.

• Describe storage replication options.

• Compare storage options.

• Describe Azure storage best practices.

Azure Storage Overview

Azure Storage is cloud-based storage that can
be quickly provisioned and used across a variety
of platforms, services, and applications. You can
use Azure Storage across all of the other Azure
services that require storage services, and other
services outside of Azure, such as your
applications deployed locally.
To use Azure storage, you must have a valid Azure
subscription, and you must create your storage
account. A storage account is a mandatory
component for all tasks that involve storage in
Azure. You create your storage account from the
Azure portal, or you can create it by using the REpresentational State Transfer (REST) application program
interface (API). The following lesson covers storage accounts and their management in more detail.

The Azure storage services include Blob storage, Table storage, Queue storage, and File storage.

• Blob storage can store any type of data, text or binary, such as media files, documents, installation
images, and other types.

• Table storage is a NoSQL key-attribute data store, which allows for rapid development and fast access
to large quantities of data.

• Queue storage provides reliable messaging between applications and workflow processing, and
communication between components of cloud services.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-3

• File storage offers shared storage for applications that use standard SMB 2.1 protocol. With file
storage, virtual machines can share data across application components through mounted shares,
and on-premises applications can access file data in a share through the File service REST API.

Types of Azure storage will be discussed with more detail in other topics in this lesson.

Typical Usage of Azure Storage

The flexibility of Azure storage enables you to use it in a wide range of scenarios. The following core uses
will help you understand Azure storage better.

• Building data-sharing applications. Social networks and applications are very popular and are
growing rapidly. These networks and applications both rely on data sharing, and they often need
to present data to people worldwide. This type of use is an excellent fit for Azure Storage because
Azure Storage is spread across worldwide datacenters.

• Big data storage and analysis. With the growth of social networks and smart homes, companies
and users have been generating increasing amounts of data. In some cases, this data becomes more
valuable after it has been analyzed. In recent years, big data services such as Hadoop have tried to
provide such services. Because Azure Storage is cloud-based, it can accommodate big data and can
help facilitate analysis of that data.
• Backups. Companies have to back up their data. A good practice is to back up your data to an off-site
location so that your data is safe in case of a local disaster. With Azure Storage, you can use Azure as
your off-site location. Not only can you back up your infrastructure and Azure services to Azure, but
you also can back up devices and other items to Azure—including smartphones and personal
computers.

Note that there are many other scenarios in which Azure can be a solution, especially infrastructure-based
scenarios that involve virtualization. Some of these scenarios will be covered in later lessons, demos, or
labs.

Existing Public Use of Azure Storage

Public use of Azure Storage is increasing. Everyday services that individuals access or consume might be
built on and delivered from Azure Storage, but the users might not always realize it. The following list
describes a few examples of public use of Azure Storage:
• Microsoft Xbox One. Xbox One has a feature that enables users to record in-game action as video
so that users can share game action with friends on social networks or on the Internet. This feature,
known as the Game DVR feature, uses Azure Storage. Other Xbox features also use the Azure Storage
blob storage, table storage, and queue storage features.

• Microsoft OneDrive. OneDrive is a cloud-based storage service for end users and organizations that
want to store files in the cloud and share files with others via the cloud easily. OneDrive is integrated
into Windows 8 and newer versions, which enables users to transfer files to the cloud storage by
simply right-clicking on a file and choosing to send it to OneDrive. OneDrive uses blob storage in
Azure.

• Bing. The search engine Bing uses blob storage, table storage, and queue storage in Azure. Azure
Storage is used in Bing to store Twitter and Facebook public status feeds that are sent to Bing, and
to provide Bing search results.

• Skype. The Skype service uses blob storage, table storage, and queue storage for Skype video
messaging.
MCT USE ONLY. STUDENT USE PROHIBITED
5-4 Cloud Storage

Azure Storage Pricing

Azure Storage pricing varies depending on how you use and configure the storage. Azure Storage pricing
is based on three elements:

• Storage capacity. Pricing varies widely based on the type of storage you use. At the time of writing
this course, prices in USD range from 2.2 cents per gigabyte per month to up to 12 cents per gigabyte
(GB) per month.
• Number of read and write operations to Azure Storage. The current price for storage transactions is
.0005 cents per 100,000 transactions.

• Amount of data transferred out of Azure, which is also called data egress. Note that data goes into
Azure at no charge. Data going out is charged per gigabyte, based on zones. The first 5 gigabytes of
data transferred out is free. Thereafter, data is charged at up to 25 cents (in U.S. dollars) per gigabyte
for lower use in the most expensive zone, and as low as five cents per GB for higher use in the least
expensive zone.

The region where the data is stored also affects Azure Storage pricing. Some regions are more expensive
than others. In addition, pricing is based on the type of storage. Pricing changes frequently.

Note: The prices shown above were current at the time we wrote this course.

Additional Reading: For the latest Azure Storage pricing, go to http://go.microsoft.com

/fwlink/?LinkID=517443.

It is important to notice that each storage account within Azure subscription has its limitations and
constraints. Before you design your Azure storage, and decide what to store in it, we recommend that
you read through the current documentation and learn about these limitations.

Additional Reading: For the latest information about storage limits, go to

http://go.microsoft.com/fwlink/?LinkId=524511.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-5

What Are Blobs?

A binary large object (blob) is commonly a type
of data that can be stored in a database but not
in the form defined by database. The blob data
type usually exists as plain binary data, such as
an image or media files.

Blob storage in Azure stores unstructured data,

similar to data that you would find on a file server.
It can store data such as documents, image files,
backups, and configuration data. Blobs are
organized into containers, with a capacity of up
to 500 terabytes (TBs) for each storage container.
Blobs are appropriate for general storage use.
Both blobs and containers can also have associated metadata. Metadata for a container or blob resource
is stored as name-value pairs associated with the resource. Metadata names must adhere to the naming
rules for C# identifiers. Blob storage supports snapshots and can be used with the content delivery
network (CDN). There are two types of blob storage:
• Block blobs. Block blobs are optimized for streaming audio and video. Also, most of the other file
types that you upload to your Azure Storage will be stored in block blobs. The maximum size of a
block is 4 megabytes (MBs) and the maximum size of a block blob is 200 GB. Each block from a single
blob is identified by a Block ID, and can also include an MD5 hash of the blob content. When you
upload a large file to a block blob, the file is divided into blocks, which can be uploaded concurrently
and then then combined together into a single file. This results in a faster upload time. Also, when
data modification is needed, blob data can be modified on the block level. This means that individual
blocks can be added to an existing blob. Alternatively, existing blocks can be replaced by other
blocks, and some specific blocks within a blob can be deleted.

• Page blobs. Page blobs are 512-byte pages. They are optimized for random read and write
operations. The maximum size of a page blob is 1 TB. Most commonly, this type of blob is used
to store virtual hard drives for virtual machines. Operating system drives in Azure virtual machines
use page blobs.

Currently, it is not possible to change the type of blob storage once you create it. There are several
scenarios in which you use blob storage in Azure. For example, you can use blob storage to share files
with clients or to offload some content from your web server. Also, blob storage in Azure provides
persistent data storage for Azure Cloud services because hard drives used in Cloud service instances
are not persistent.
To use blob storage, you must create one or more containers within your storage account. Storage
containers are created by using the Azure portal. All blobs are located in storage containers. An Azure
Storage account can contain an unlimited number of containers, but the total size of storage containers
cannot exceed 100TB.

Each blob can be accessed uniquely by using a URL in the following format:

http://<storage-account-name>.blob.core.windows.net/<container-name>/blob-name
MCT USE ONLY. STUDENT USE PROHIBITED
5-6 Cloud Storage

Microsoft provides several Software Development Kits (SDKs) and APIs that developers can use for
programmatically working with blob storage. At the time of writing this course, the following languages
and platforms are supported:

• .NET SDK / .NET API Reference

• Java SDK / Java API Reference

• PHP SDK

• node.js SDK
• Ruby SDK

• Python SDK
All the Azure services, including Storage, are based on a REST API over HTTP/HTTPS which means it is
possible to make your own calls from your code to that API.

FIGURE 5.1: AN EXAMPLE OF BLOB STORAGE

What Are Tables?

The term table, in the context of Azure, is used
to describe group of entities. Entity is a collection
of properties and values stored together in the
table. Entities that are present in the table do not
necessarily have the same structure or the same
schema.

Table storage, called Azure Tables in Azure, is

based on the NoSQL concept. NoSQL uses a
relational database without a typical relational
management database system or traditional
SQL-style tables. Instead, key/value pairs are
used in NoSQL. Table storage uses key-attribute
storage, meaning that all values in a table are stored with a property name. Table storage can
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-7

accommodate any number of tables, up to 200 TB per storage account. This type of storage is similar to
a database or an Excel spreadsheet because all of tables have collections of rows (in this context, entities)
and support manipulating and querying the data contained in the rows. The key differences between
table storage and a database is that there is no efficient way to represent relationships between different
data in table storage. In addition, there is no database schema to handle data-rules enforcement.

Table storage has the following features:

• The largest table can be 100 TB.

• The largest entity can contain up to 1 MB of data.

• Each entity can have up to 255 properties.

Entities in the table storage support the following data types: ByteArray, Boolean, DateTime, Double,
Guid, Int32, Int64, and String (up to 64 KB in size). Each entity created within table storage must have the
following properties defined: PartitionKey, RowKey, and TimeStamp. By using PartitionKey, you can group
entities in the table, while the RowKey is an identifier for each entity. PartitionKey and RowKey, combined,
uniquely identify an entity within a table. This type of identification is very similar to the primary key in
relational database. The TimeStamp property includes data about the last time of modification.

Storing and accessing data in Table storage is mostly be done from applications. Most applications use
the client library to store data to the tables, or call the REST API. With C# applications, you will need the
Azure Storage Library for .NET to create and manage tables. Code addresses tables in an account by using
this address format:
http://<storage account>.table.core.windows.net/<table>

FIGURE 5.2: AN EXAMPLE OF TABLE STORAGE

MCT USE ONLY. STUDENT USE PROHIBITED
5-8 Cloud Storage

What Are Queues?

Similar to Microsoft Message Queuing (MSMQ),
for instance, MSMQ Azure Queue storage
provides a mechanism for applications and
services to pass messages to each other
asynchronously. You can use Azure Queue
storage to store a large number of messages
that can be accessed from any location by
authenticated calls made by using HTTP or HTTPs.

A storage account can contain an unlimited

number of queues with up to 200 TB of storage
for each storage account. Individual messages are
limited to 64 KB, and a queue can contain millions
of messages, with the total number limited only by the total capacity of the storage account.

Queue storage often temporarily houses jobs or tasks for processing. For example, an online service to
translate documents from German to English could use queue storage so that all of the translation jobs
could be run asynchronously. The two most common uses for queue storage are:

• To pass messages from an Azure Web role to an Azure Worker role. A Web role is usually a website
or web application, often one that is running on the Windows Server operating system and Internet
Information Services (IIS), or on a non-Microsoft web server. A Worker role is typically a Windows
service or process that manages background processing tasks.
• To create a bucket of tasks to process asynchronously. The tasks are usually processed by the Worker
role.
Queues can be addressed by using the following URL format:
http://<storageaccount>.queue.core.windows.net/<queue>

FIGURE 5.3: AN EXAMPLE OF QUEUE STORAGE

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-9

What Is Azure File Services?

Azure File Services is a new service that provides
shared folder services to other Azure resources.
You can access files stored with Azure File Services
over the SMB 2.1 protocol by connecting to
<storage-account>.file.core.windows.net. The
endpoint is accessible over HTTPS or by using
standard Server Message Block (SMB) connectivity
methods, as follows:

• You can connect to shares by using the net

use command. To do this, you must first
configure your storage account and establish
the security context to run this command. For
example, to connect to a storage account named 10979 configured with Azure File Services, and a file
share named Share1, you could run the following command:

net use s: \\10979.file.core.windows.net\Share1

• You can connect to shares by using Windows PowerShell. The new Azure Files module for Windows
PowerShell has new cmdlets to support Azure File Services. It includes functionalities such as
downloading content from Azure Files shares and creating new shares. One of the new cmdlets
is Get-AzureStorageFileContent, which you can use to download content from a share.

• You can connect to shares by using REST APIs. The REST API includes many operations that are
beyond the scope of this course.

Note: The Azure File Services is currently in preview, and you must manually add it to an
account from the preview portal.

Azure File Services is one of several storage services in Azure. It is important to know when you should
use Azure Files in your application, and when you should use blob storage or disk storage. Often, an
organization will use all three storage methods. The following examples show common uses for Azure
Files, disk storage, and blob storage:
• Azure Files. Applications, services, and use cases that already rely on SMB are good candidates to use
Azure Files. When you migrate on-premises resources to the cloud, the transition may be smoother
if you maintain existing access methods such as SMB. Another potential use is shared administrative
tools and shared development tools. By placing shared tools into Azure Files, all administrators and
developers can quickly and easily access the tools from Azure virtual machines. Note that access to
Azure Files is restricted by region when using SMB 2.1, and that access is not restricted by region
when you use REST APIs.
• Disk storage. Disk storage is most often associated with virtual machines. When storage is required for
a single virtual machine, disk storage often is used. When you have shared storage requirements, disk
storage is not the right solution.
• Blob storage. You should use REST APIs with blob storage or any other supported SDK. Blob storage
provides flexibility because developers can use the APIs to develop custom solutions, and the storage
is available in any region. In addition, blob storage is the best choice when a large amount of storage
is required, because a single storage container can support up to 500 TB of data.
MCT USE ONLY. STUDENT USE PROHIBITED
5-10 Cloud Storage

When you name files and directories in Azure Files, keep in mind the following restrictions:

• Container names must be a valid Domain Name System (DNS) name between three and 63
characters.
• Acceptable characters are letters, numbers, and dashes (-).

• Container names must start and end with a number or letter, and they cannot start or end with a
dash.

• SMB share names must not be more than 80 characters long, and you cannot use any of the following
characters: \ / [ ] : | < > + = ; , * ? ".

• All other Unicode characters may be used in an SMB share name.

• Directory and file names also have the following restrictions:

o Names must be no more than 255 characters long.

o The following characters are not allowed in directory or file names: " \ / : | < > * ?.

Azure Files also supports SMB file locking when a file is open. The following options can be used by SMB
clients:

• None. Declines sharing of a file that is open. Any request to read, write, or delete the file will fail until
the file has been closed.
• Shared Read. Allows additional reads, often referred to as shared reads, to an already-open file.
However, writes and deletes will fail until the open file has been closed.
• Shared Write. Allows additional writes, often referred to as shared writes, to an already-open file.
However, deletes will fail until the open file has been closed.

• Shared Read/Write. Allows additional reads and writes to an already-open file. However, deletes will
fail until the open file has been closed.

• Shared Delete. Allows deleting of an already-open file.

Additional Reading: To download the new Azure Files module for Windows PowerShell,
go to http://go.microsoft.com/fwlink/?LinkID=398183.

Additional Reading: For more information about File Service REST APIs, go to
http://go.microsoft.com/fwlink/?LinkID=517444.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-11

Storage Replication Options

All storage accounts in Microsoft Azure are
stored on three locations that have transactionally
consistent copies in the primary datacenter.
This approach, which can be considered as local
redundancy, already provides an additional level
of availability for Azure storage, but you can also
enable geo-replication for your storage.
Locally redundant storage (LRS) stores three
copies of the data within a single region and
in a single facility. A facility is considered a
physical datacenter in a single region. In this
case, data is replicated synchronously.
Geo-redundant storage (GRS) stores six copies of the data across two regions in the same geography.
This is the default option when you create an Azure Storage Account. This means that the Microsoft Azure
storage data that you stored within your storage account is not only stored in the primary location that
you choose (as it is in LRS), but also is replicated in triplicate to another data-center in another region.
For example, if you select West US as your primary location for Azure storage, enabling geo-redundancy
also replicates your storage to the East US datacenter. You cannot choose locations for geo-redundancy.
Replication to the secondary location is performed asynchronously. Usually, the distance between the two
regions is at least a few hundred miles.
The third option for storage replication is zone redundant storage (ZRS). ZRS stores three replicas of your
data across two to three facilities. This replication technology is designed to keep all the three replicas
within a single region, but may span across two regions. ZRS currently only supports block blobs. ZRS
accounts do not have metrics or logging capability enabled at the time of writing this course.
The main reason to implement Azure storage replication is to facilitate disaster recovery. In case when
one Microsoft datacenter facility has a technical issue or is unavailable for any reason, a copy of the data
is available in another region. Microsoft datacenter staff will decide when to failover to the replicated data
in case of issues, to meet the service level agreement (SLA). Clients are not able to initiate a failover.
The following table compares the replication types currently available.

Locally Read-access geo-

Geo-redundant Zone redundant
redundant redundant

Redundancy Three copies Three copies Three copies of Three copies within a
within a single within a single data across single region and
region region and three multiple three additional
additional copies datacenters copies in secondary
in secondary within or across region
region regions. For block
blobs only

Read access to N/A No No Yes

replicas in
secondary
region

Availability 99.9% for all 99.9% for all 99.9% for all 99.9% for writes,
service level read/write read/write read/write 99.95% for reads.
agreement Data is read from
(SLA) secondary source if
primary one is
unavailable.
MCT USE ONLY. STUDENT USE PROHIBITED
5-12 Cloud Storage

Compare Storage Options

As we have explained in previous topics, Azure
storage provides different types of storage for you
to use, in various scenarios. This topic reviews the
available options for storage, and their typical
usage scenarios.

Blob storage contains unstructured data of various

types, such as documents, image or media files,
and virtual hard drives in virtual machines. You
can also use blob storage to publish your data to
external users via URL locations, or as internal
application storage. Some common usage
scenarios for blob storage are:

• Providing access to images, media files, and documents by using a web browser.
• Storing files for distributed access.

• Streaming audio and video.

• Providing backup and restore.

• Storing data for analysis.

• Storing virtual hard drives for Azure virtual machines.

Unlike blobs, Azure table storage works with structured, but non-relational data. It presents a NoSQL data
store that can accept calls from services inside Azure and from services outside the Azure environment.
The Azure table storage is scalable, and it can store large data sets.

Common scenarios of usage for Azure table store are:

• To store large amounts of structured data capable of serving web applications.

• To store data sets that do not require complex joins, foreign keys, or stored procedures, and that can
be denormalized for fast access.
• To query data quickly by using a clustered index.
• To access data by using the Open Data (OData) protocol and LINQ queries with WCF Data Service
.NET Libraries.
The Azure Queue storage stores messages that applications exchange. This type of storage also can be
accessed from any location by using HTTP or HTTPS protocols. Similar to Table storage, Queue storage
is very scalable and can store millions of messages.
Common usage scenarios for Queue storage include:

• To create a backlog of work to process asynchronously.

• To pass messages from an Azure Web role to an Azure Worker role.

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-13

Azure Storage Best Practices and Considerations

By following the best practices for using Azure
Storage, you can manage cost. The four factors
that will influence your costs are:

• Amount of storage used. Storage capacity,

which is the amount of data that is being
used by the blob, table, or queue, often is
determined by the requirements of the users
and the business systems.

• Replication options. The replication type is

also an important factor in cost because using
fewer copies of data can cost less. One way
to reduce cost is to create multiple storage
accounts that are individually tuned to the SLA requirements for each data type. For example, it
might not be important for non-critical data to be replicated to multiple regions. Therefore, the more
affordable option of using only locally redundant storage might be the best option for non-critical
data. However, you can use a separate storage account for critical data that allows geographically
redundant replicas of the data to be created.
• Number of storage transactions. The number of requests that are made against the storage, also
known as the number of storage transactions, is another important cost factor. Storage transactions
are typically charged for each 100,000 transactions made across all storage types, including blobs,
tables, queues, and files. Transactions are defined as both read and write operations to the Azure
Storage.

• Egress data from the storage region. The egress data from the storage region is another aspect of
Azure Storage pricing. If the Azure Storage is accessed by another service that is not running in the
same region, then egress data is sent out of that particular Azure Storage region. Therefore, you
should group services together in the same region to attempt to reduce or eliminate egress data
charges. In addition to using multiple storage accounts for replication types, you should also use
multiple storage accounts for each region. This gives you maximum flexibility while ensuring that
the data being used by a service or application remains as local as possible.
You can upload multiple blobs simultaneously to maximize the upload performance of blob storage.
The Azure Storage service has specific limits for ingress traffic, per storage account, per region, and per
replication configuration. By uploading multiple blobs simultaneously, you can maximize the
performance.

To maximize the performance of table storage, use JavaScript Object Notation (JSON) to transmit data to
the table service. JSON reduces the payload size, which in turn reduces the latency of the table storage.
The Azure Storage Client Library 3.0 supports JSON for table storage, and has been optimized specifically
for Azure Storage. Another best practice when you use table storage is to avoid repeatedly scanning the
tables. Azure Storage provides a clustered index, which is a combination of the PartitionKey and RowKey
that you can use to avoid table scans, which in turn increases latency. Therefore, we recommend that you
always use PartitionKey in each query you create.

You should also monitor your logs and metrics to ensure that performance, availability, and security meet
or exceed expectations.

Another best practice is to avoid using CreateIfNotExists repeatedly if you know that your queues,
containers, and tables are all created and will never be removed during the lifetime of the
application/deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
5-14 Cloud Storage

Lesson 2
Create and Manage Storage
Before you start to use Azure storage, you must first create your storage account and configure its
properties. Also, you must create appropriate storage containers for your data, and then choose
appropriate tools for managing data in your storage account or accounts. In this lesson, you will learn
how to create and manage storage in Azure.

Lesson Objectives
After you complete this lesson, you will be able to:

• Create and manage storage accounts.

• Create a blob.

• Create a blob by using Azure Web Storage Explorer.

• Create a table.

• Create and manage blobs and tables by using Microsoft Visual Studio.

Creating and Managing Storage Accounts

A storage account is an account that is created
in Azure to gain access to Azure Storage services.
Each storage account is secured by two 512-bit
access keys, which are created when the storage
account is created. A storage account is
connected to an Azure region and configured
for specific storage replication, such as locally
redundant storage (LRS). In a single Azure
subscription, you can have multiple storage
accounts, and you can use each one for a different
purpose, and you can configure each one with
different settings. Storage accounts provide
endpoints to access the storage services. The endpoints are unique URLs for accessing the storage
services.

You can create storage accounts by using a wizard from the Azure management portal. To quickly create
a storage account, you need to supply the following information:
• The URL. This is the unique name supplied for the storage account. The URL for your storage account
must be unique worldwide, and it always ends with *.core.windows.net.

• Location/Affinity Group. This is the regional datacenter or affinity group where the storage account
will be created.
• Subscription. This is the Azure subscription with which the storage account will be associated.

• Replication. This is the setting that determines whether your storage is locally redundant or
redundant across more than one datacenter. The options are Locally Redundant, Geo-Redundant,
or Read-Access Geo-Redundant. Note that Microsoft will soon introduce zone-redundant storage
(ZRS). ZRS stores the equivalent of three copies of your data across multiple datacenters.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-15

Microsoft continues to expand and revamp its datacenters and regions. For example, two new regions
have been announced for Australia. It is important to keep informed about the available regions so that
you can align them with your organizational regions. In addition, regions play a big role in security and
compliance. They help you meet organizational data security policies that might be based on region and
that must adhere to local laws.

After a storage account has been created, it can be used by four types of storage: blob storage, table
storage, queue storage, and files storage.

Tools for Managing Azure Storage

There are numerous tools and services in addition to the Azure management portal that you can use to
manage your Azure Storage. The most popular ones include:

• Azure Web Storage Explorer. This tool is a web-based storage management tool that is used mainly
for uploading and downloading content via a browser.
• AzCopy. This free downloadable command-line tool is designed for moving small-sized and medium-
sized amounts of data into and out of Azure. However, you should use the import/export service for
very large amounts of data that would take several days to transfer with AzCopy.
• Azure Software Development Kit (SDK) for .NET. Storage also can be managed by using the Azure
SDK for .NET or by using Azure Management Libraries for .NET. Developers can create containers,
upload blobs to a container, list blobs in a container, and delete blobs from a container by using the
Azure SDK for .NET.

• REST APIs for Azure. All Azure Storage can be managed by using REST APIs. Management can occur
over the Internet by using HTTP or HTTPS, and in Azure through Azure–hosted resources.
• Windows PowerShell. The Azure module for Windows PowerShell has dedicated management
cmdlets for Azure. You can perform the vast majority of Azure storage management tasks with
the Azure module. The cmdlets are organized into different groups such as Azure managed cache
cmdlets, Microsoft Azure SQL database cmdlets, and Azure profile cmdlets, most of which are outside
of the scope of this course.

• Import/Export service. The import service imports data from hard drives you ship to an Azure
datacenter into Azure Storage. The export service ships you your organization’s Azure Storage data
on a hard drive that you sent, empty, to an Azure data center. This service is useful when you transfer
the data over a network would be too expensive or otherwise impractical.

When you send data by using the import service, you must encrypt the data with BitLocker before
you ship it. The external hard drives must be 3.5-inch Serial Advanced Technology Attachment (SATA)
II/III, and can be no larger than 4 TB.
When you export data, you must provide a supported hard drive. All data will be encrypted before it
ships, and a BitLocker key will be provided through the management portal.

Additional Reading: To access the Azure Web Storage Explorer tool, go to

http://go.microsoft.com/fwlink/?LinkId=517528.

Additional Reading: For more information on Azure Storage Explorers, go

tohttp://go.microsoft.com/fwlink/?LinkID=517445.
MCT USE ONLY. STUDENT USE PROHIBITED
5-16 Cloud Storage

Creating a Blob
To create a blob, you must first create a
storage account, and also a container within
the storage account. You can use the Azure
portal to create containers in your storage
account. In the Azure preview portal, you should
select your storage account and then in the
storage account administration pane, you should
use Containers pane to create a new container.
Besides configuring the container name, you
can also configure access type for each storage
container. By default, each storage container
access is set to Private, which means that no
anonymous access will be allowed. You can also choose to enable blob list or access through anonymous
requests.

After you create a container in your storage account, you can start to upload or create blobs, tables, and
queues. You cannot use the Azure portal to upload blobs, but you can use alternative tools or code in
your application to do this.
For example, you can use the Azure Web Storage Explorer to upload files from your computer to the
storage container in your storage account. The files that you upload are saved as blobs. You can also use
this same tool to create a new container for blobs, and new tables and queues. To access your storage
account using Azure Web Storage Explorer, you need to use your storage account name and access key
for your storage account. Access keys and the storage account name are created when you first create
the storage account, and you can view them at any time by browsing to your storage account in Azure
preview portal, and then clicking on the Keys tile.

To access and manage your storage account and create blobs from Visual Studio, you should first
configure the connection string for Azure service configuration. For example, when you create a web
or a worker role that requires access to a private storage account, you should open Solution Explorer
n Visual Studio, and then in the roles folders, open the properties of your web role or worker role. You
should then choose the Settings tab and select to add new settings. For the new setting, you should
choose the Connection String type, and then type your storage account name and access key in the
Create Storage Connection String window.
If the application that you are working on is not Azure cloud service, then you can use .NET configuration
files, such as web.config and app.config, to configure a connection string for your storage account.

You store the connection string using the <appSettings> element as follows. Replace the account name
with the name of your storage account, and account key with your account access key:

To access Blob storage programmatically, you should first obtain an assembly that contains the Azure
storage management classes. You can use NuGet to get the Microsoft.WindowsAzure.Storage.dll
assembly. To do this, you should right-click your project in Visual Studio Solution Explorer, and choose
Manage NuGet Packages. Then you should search for WindowsAzure.Storage and install it. By using
this procedure, you will get all necessary Azure Storage package and dependencies. Alternatively, you
can install Azure SDK for .NET. This package also contains Microsoft.WindowsAzure.Storage.dll.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-17

In the code that you want to use to programmatically access Azure Storage, you should first add Azure
declarations at the top of the code. These declarations are:

using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Auth;
using Microsoft.WindowsAzure.Storage.Blob;

To represent your storage account, you can use CloudStorageAccount class. For Azure
project templates, or if you have reference to Microsoft.WindowsAzure.CloudConfigurationManager,
you can use the CloudConfigurationManager class to retrieve your storage connection string and
storage account information from the Azure service configuration. If you do not have reference to
Microsoft.WindowsAzure.CloudConfigurationManager, and you store your connection string data in
web.config or app.config files, you can use ConfigurationManager to retrieve the connection string.

To upload a file as a blob, by using code, you should get a container reference and use it to get block
blob reference. Once you have it, you can upload the data stream by using the UploadFromStream
method.

Additional Reading: For more information on how to use blob storage from the .NET
Framework, go to http://go.microsoft.com/fwlink/?LinkID=517446.

Demonstration: Creating a Blob and Using Azure Web Storage Explorer

In this demonstration, you will see how to manage a blob by using Azure Web Storage Explorer.

Demonstration Steps
1. Create another new container for the 10979s<yourinitials> storage account by using the following
settings:

o Name: 10979c<yourinitials>

o Access: Blob
2. Manage your access keys to view your primary access key, and then copy the key to Clipboard.

3. Create a new text file named storage-key.txt in your Documents folder.

4. Open the storage-key.txt file, and paste your primary access key into it.

5. Go to the Azure Web Storage Explorer page at http://azurestorage.azurewebsites.net

/login.aspx.

6. Sign in by using 10979s<yourinitials> as the account and the access key as the key.
7. Upload Alarm01.wav from the c:\Windows\media folder.

8. Upload splashscreen.contrast-white_scale-180.png from the c:\Program Files\Internet Explorer

\images folder.

9. In the file list, click http:// 10979s<yourinitials>.blob.core.windows.net/10979c<initials>

/splashscreen.contrast-white scale-180.png, and verify that you see a large Internet Explorer logo
graphic display in the browser window.

10. Close Internet Explorer.

MCT USE ONLY. STUDENT USE PROHIBITED
5-18 Cloud Storage

Creating a Table
To create a table in your storage account
container, you can use methods similar to
the ones you use to create blobs. You must
have a storage account created, and one or
more containers the storage account. Then, you
can use Azure Web Storage Explorer to create a
new table, and to insert data into the table you
created. You can use this same utility to execute
a query against your existing table.

You cannot use the Azure portal to create or

manage tables, create data, or execute queries.
If you want to create, access, and manage tables
programmatically, by using a Visual Studio project, you should perform the same procedure to configure
connections strings and add declarations at the top of your code, as with blobs. Also, you must have
Microsoft.WindowsAzure.Storage.dll assembly installed.

To create a table, by using a code, you should use CloudTableClient object. It lets you get reference
objects for tables and entities within the table. The following example code shows how to create a
CloudTableClient object and use it to create a new table. For this example, we assume that the application
that we work on is Azure Cloud Service, and that it uses a storage connection that is configured in Azure
application service configuration, as described in the preceding topic about blobs.

// Retrieve the storage account from the connection string.

CloudStorageAccount storageAccount = CloudStorageAccount.Parse(
CloudConfigurationManager.GetSetting("StorageConnectionString"));
// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();
// Create the table if it doesn't exist.
CloudTable table = tableClient.GetTableReference("people");
table.CreateIfNotExists();

Additional Reading: For more information on how to use Table storage from the .NET
Framework, go to http://go.microsoft.com/fwlink/?LinkID=517447.

Demonstration: Creating and Managing Blobs and Tables from Visual

Studio
Demonstration Steps
1. In VS Express 2013 for Web, in Solution Explorer, expand Bin folder under the Website1 project.
Ensure that you can see Microsoft.WindowsAzure.Storage.dll under Bin folder in Solution Explorer.
2. Scroll through the code of Default.aspx.cs and review parts of the code that are used for Azure
storage management.

3. Start project debugging in Visual Studio.

4. As a result, the Internet Explorer window will open with the application started.

5. In the Internet Explorer window, click Create a new Azure table. Then click Add an entry to the
Azure table. Then click Add a batch to the Azure table.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-19

6. Click Retrieve data from the Azure table. As a result, you should get a few lines of data in the
text box.

7. Click Create a new Azure blob container. Then click Upload data to the Azure blob container.
8. Click List content of the Azure blob container. As a result, you should get data in the text box.

9. Close Internet Explorer.

10. Open Azure Web Storage Explorer at http://azurestorage.azurewebsites.net/login.aspx, and

connect to your storage account.
11. Ensure that you can see the data that you uploaded by using code from Visual Studio.
MCT USE ONLY. STUDENT USE PROHIBITED
5-20 Cloud Storage

Lab: Configure Azure Storage

Scenario
You have a large quantity of archive files. The disks on which these files reside are reaching the end of
their life, and you would like this data to be globally available within A. Datum. To achieve that, you
decided to use Azure storage.

Objectives
After you complete this lab, you will be able to:

• Create an Azure Storage account.

• Create and manage a blob.

Lab Setup
Estimated Time: 30 minutes
Sign in to your classroom machine by using the credentials your instructor provides.

Students must have successfully completed the lab from Module 1 before starting this lab.

Exercise 1: Create an Azure Storage Account

Scenario
Before you start managing your data in Azure, you should first create a storage account and examine its
properties.
The main tasks for this exercise are as follows:

1. Create a storage account in Azure.

2. View the properties of your storage account.

 Task 1: Create a storage account in Azure

1. On the host computer, launch Internet Explorer, go to the Azure management portal at
https://portal.azure.com, and then sign in to your Azure account.
2. Create a new storage account by using the following information:

o URL: 10979s<yourinitials>

o Location: Select the location that is closest to you

o Pricing Tier: L(LRS)

 Task 2: View the properties of your storage account

1. On the Azure management portal, in the left pane, click BROWSE and then click Storage.

2. In the Storage pane, click the 10979s<initials> storage account.

3. In the 10979s<initials> pane, view the information available on the dashboard.

4. Near the top of the 10979s<initials> pane, click SETTINGS, and then click Properties to view the
properties of the storage account.

Results: After you complete this exercise, you will have created your Azure storage.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 5-21

Exercise 2: Create and Manage Blobs

Scenario
Now that you have created your storage account, you need to create a container and upload some blob
data to the container.

The main tasks for this exercise are as follows:

1. Add a container.

2. Add data to the container by using Azure Web Storage Explorer.

 Task 1: Add a container

• Create a new container for the 10979s<initials> storage account by using the following settings:

o Name: 10979c<initials>
o Access: Blob

 Task 2: Add data to the container by using Azure Web Storage Explorer
1. Open the Manage your key pane to access and view your primary access key, and then copy it to the
Clipboard.
2. Open File Explorer, and then create a new text file named storage-key.txt. Save the file in your
Documents folder.

3. Open the storage-key.txt file, and paste your primary access key into it.
4. Go to the Azure Web Storage Explorer page at http://azurestorage.azurewebsites.net
/login.aspx.

5. Sign in by using 10979s<initials> as the account and the access key as the key.
6. Upload Alarm01.wav from the c:\Windows\media folder.

7. Upload splashscreen.contrast-white_scale-180.png from the c:\Program Files

\Internet Explorer\images folder.

8. In the file list, click http://10979s<initials>.blob.core.windows.net/10979c<initials>

/splashscreen.contrast-white scale-180.png, and verify that you see a large Internet Explorer logo
graphic displayed in the browser window.

9. Close Internet Explorer.

Results: After completing this exercise, you will have created a blob container and uploaded the data.
MCT USE ONLY. STUDENT USE PROHIBITED
5-22 Cloud Storage

Module Review and Takeaways

Best Practice:

• Use multiple storage accounts for data that require different redundancy options.
• Use Azure File Services to facilitate data sharing.

• Use Azure Storage Explorer tools to simplify storage management.

Review Questions
Question: If you want to store installation image files to Azure storage, which type of
storage you should choose?

Question: Which service you should use to enable storage access by using SMB?
Question: If you choose geo-redundant storage to store your data, how many copies will
you have?

Tools
• Azure portal

• Azure Preview portal

• Visual Studio

• Azure Web Storage Explorer

MCT USE ONLY. STUDENT USE PROHIBITED
6-1

Module 6
Microsoft Azure Databases
Contents:
Module Overview 6-1

Lesson 1: Understand Relational Database Deployment Options 6-2

Lesson 2: Create and Connect to SQL Databases 6-5

Lab: Create a SQL Database in Azure 6-12

Module Review and Takeaways 6-15

Module Overview
Microsoft Azure offers a range of services that you can use to manage data. In particular, Azure provides
relational database management services. You can use these services to implement a relational data store
for applications without having to manage a database management system (DBMS) or the operating
system that supports it.
In this module, you will learn about the options available for storing relational data in Azure. You will also
learn how to use Microsoft Azure SQL Database, which you can use to create, configure, and manage SQL
databases.

Objectives
After completing this module, you will be able to:

• Describe options for relational database deployment in Azure.

• Create and connect to SQL databases in Azure.
MCT USE ONLY. STUDENT USE PROHIBITED
6-2 Microsoft Azure Databases

Lesson 1
Understand Relational Database Deployment Options
Microsoft Azure provides two basic methods of deploying relational database services: platform as a
service (PaaS) and infrastructure as a service (IaaS). The method you select will depend primarily on
the requirements of the applications that consume database content. However, you should also consider
factors such as manageability, ease of provisioning, cost, and compatibility. Compatibility is especially
relevant in migration scenarios. This lesson introduces the relational database services that are available in
Azure. It also describes considerations for choosing the best solution for specific application and business
needs.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe relational database services in Azure.

• Describe the key differences between an SQL database in Azure and a Microsoft SQL Server instance
running on an Azure IaaS virtual machine.

Review Relational Database Deployment Options

Most business applications rely on a relational
database to store their data. Data takes the
form of a collection of two-dimensional tables,
which represent real-life entities and relationships
between them. Table rows correspond to
individual instances of these entities, whereas
table columns describe their identifying
properties. By combining multiple interrelated
tables, you can express complex business
scenarios in a simple manner, and analyze their
characteristics to extract meaningful information
about them.

When you deploy relational databases to Azure, you can choose from a range of options for deployment.
All of these options pertain to distinct service and product types. Azure provides two basic types of
relational database services, each of which can support different product types:

• PaaS. This service allows you to focus on database-specific tasks by eliminating the required
management of the underlying database server platform. The two primary offerings in this category
are SQL Database and MySQL Database. SQL Database is based on Microsoft SQL Server technologies,
and MySQL Database is based on the ClearDB MySQL Database cloud service, which is available from
the Azure Store.

• IaaS. You can create Azure IaaS virtual machines that host an instance of a relational database
management system (RDBMS). This can include instances of SQL Server, MySQL, or any database
server such as Oracle that is supported on operating system platforms that you can deploy within
Azure IaaS virtual machines.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 6-3

Compare SQL Database with SQL Server in a Virtual Machine

When you use Azure to implement a Microsoft
SQL Server–based database, you can either deploy
it onto a Microsoft SQL Server instance running in
an Azure virtual machine or as an SQL database
in Azure. You can determine which of these two
solutions can best address your needs by studying
their differentiating characteristics:

• Manageability, maintenance, and cost. Azure

SQL Database constitutes a PaaS solution that
removes much of the overhead associated
with deploying and maintaining relational
databases systems. It is appealing due to its
minimized operational cost and simplified management. You can provision and manage SQL Server
instances running on Azure IaaS virtual machines in the same manner as their on-premises
counterparts, and their pricing includes the cost of the dedicated virtual machine.

• Feature parity with on-premises deployments of SQL Server. SQL Server instances running on Azure
IaaS virtual machines provide optimal compatibility with existing database applications. However,
Azure SQL Database does not provide support for:

o Common language runtime (CLR) and CLR-related objects

o Full-text search and related objects
o SQL Server Service Broker and related objects

o Extended stored procedures

o Defaults and rules

o Transparent data encryption and data compression

o Object Linking and Imbedding Database (OLE DB) or ADO connectivity

o Windows Authentication (only SQL Server Authentication is available)

• Clustered indexes. Every table in an SQL database in Azure should have a clustered index. While you
can create a table without it, you cannot insert any data until this condition is satisfied.
• SQL Server components. SQL Server instance–level components, such as SQL Server Agent, SQL Server
Analysis Services, SQL Server Integration Services, SQL Server Reporting Services, or Master Data
Services, require a SQL Server instance running within an Azure IaaS virtual machine. Other Azure
services, such as HD Insight, provide some of this functionality.

• The ability to make the relational database interact directly with other Azure services within the
same Azure virtual network. SQL Server instances running within an Azure IaaS virtual machine
can be located on the same Azure virtual network as IaaS or PaaS cloud services. However, with
SQL Database, network traffic always flows via its external endpoints. Depending on the intended
architectural design, this may be beneficial in providing an additional level of integration or isolation
in relation to other Azure services and public networks.
MCT USE ONLY. STUDENT USE PROHIBITED
6-4 Microsoft Azure Databases

• High availability and scalability. Azure supports high availability and scalability features, such as
AlwaysOn Availability Groups, database mirroring, SQL Server replication, or table partitioning, only
if you use a SQL Server instance running within an Azure IaaS virtual machine. However, you can
achieve an equivalent level of resiliency and elasticity with much less management overhead, even
if you cannot use these features. To do so, you can use the built-in characteristics of Azure SQL
Database service, such as geo-replication, point-in-time restore, service tiers (scaling up), or
federations (scaling out by partitioning data horizontally).

Additional Reading: For a comprehensive list of features that SQL databases support, go
to http://go.microsoft.com/fwlink/?LinkID=517433.

Additional Reading: For information about identifying and resolving database

compatibility issues by using SQL Server Data Tools, go to
http://go.microsoft.com/fwlink/?LinkID=517434.

SQL Database Resiliency and Scalability

Every SQL Database consists of three
synchronously replicated copies residing in
the same data center. In addition, higher pricing
tiers facilitate up to four sets of three copies of the
database. Each set is replicated asynchronously
from the primary region. The three copies of the
database within each set are then replicated
synchronously within the region.
All SQL Databases are backed up automatically,
with the full backups taking place weekly,
differential backups happening daily, and
transaction log backups performed every five
minutes. The corresponding Point In Time Restore window during which you can restore backups varies
from seven days to 35 days, depending on the pricing tier.
Vertical scaling of Azure SQL Database is almost instantaneous and is visible in the GUI in both portals.
This process involves changing the pricing tier and the performance level. The concept of SQL Database
pricing tiers is similar to the concept of pricing ties of other Azure services. The choice of a tier affects
the cost of the database and determines the SQL Database performance level, expressed in database
throughput units). A database throughput unit is a number representing the overall power of the
database engine resources, including processor, memory, and input/output.

Horizontal scaling requires more effort, because it relies on splitting data into separate sets and
integrating them through federations or sharding.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 6-5

Lesson 2
Create and Connect to SQL Databases
Azure SQL Database is a cloud-based SQL service that provides subscribers with a highly scalable platform
for hosting their databases. By using Azure SQL Database, organizations can avoid the cost and omplexity
of managing SQL Server installations, and quickly set up and start using database applications.

In this lesson, you will learn how to provision and connect to an Azure SQL Database.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe how to create and import SQL databases in Azure.

• Create a new SQL database by using the preview Azure portal.

• Create a new SQL database by using Copy in the Azure portal.

• Describe how to connect to an SQL database in Azure.

• Connect to an SQL database in Azure.

Creating and Importing SQL Databases

To understand the process of provisioning a
new SQL database in Azure, you must be familiar
with the foundations of its architectural model.
Azure SQL Database and the Azure logical
component—the server—are intrinsically
connected.

SQL database servers are logical servers that host

SQL databases. Each SQL database server has a
unique Domain Name System (DNS) name,
local administrator accounts, and firewall rules
restricting access to its databases. Such servers
host individual instances of Azure SQL Database,
in addition to the master database that stores server configuration data. Databases located in this logical
server are likely to be in different servers in the backend implementation, but all are accessible through
the same endpoint address.

The most straightforward way to provision an SQL database in Azure relies on the graphical interface of
the Azure portal and the preview Azure portal. These are management portals in which you can create a
database and specify an existing or new logical server in which to host the database. Alternatively, you
can first create a new logical server and add a new database afterwards. The Azure portal also allows for
managing content of any existing instances of SQL Database, including standard create, read, update, and
delete operations.

Note: You will learn more about these operations in upcoming demonstrations in this
module.

You can also use other methods to create and manage the content of SQL databases in Azure. These
methods involve the use of traditional administrative and development tools, such as SQL Server
MCT USE ONLY. STUDENT USE PROHIBITED
6-6 Microsoft Azure Databases

Management Studio, SQL Server Data Tools, Microsoft Visual Studio, or the sqlcmd command-line
tool. IT professionals can also leverage their scripting skills, because they can perform a majority of
the database management tasks by using cmdlets in the Azure PowerShell module.

Creating an SQL Database

When you create a database from the preview Azure portal, you must include the following information:

• A name for the database. The name must be unique on a per-server basis.
• The SQL Database pricing tier, which directly affects the cost of the database, and also determines the
following elements:

o Performance level, which is expressed in database throughput units (DTUs). A DTU is a number
representing the overall power of the database engine resources, including processor, memory,
and input/output.

o Maximum size to which the database can grow.

o Supported resiliency and scalability features, such as Point In Time Restore, Geo-Restore, or Geo-
Replication.

o Support for auditing.

• The collation that you want the database to apply. Collation defines the rules that determine how to
sort and compare data. You cannot change the collation after creating the database.

• The server on which to create the database. You can select an existing server that you have previously
created in the same subscription, or create a new server. The server name must be unique globally.

• The resource group in which to create the database and its server. If you select an existing server,
the database is automatically added to the existing resource group to which the server belongs. The
name of the resource group must be unique within the current subscription.

Creating a SQL Server Instance

You can create a server instance on its own, or as part of the process of creating a database. In scenarios
where you are provisioning new databases for applications, you typically create the server as part of
the process of creating the first database. However, in some cases, you might want to create the server
without any user databases, and then add databases to it later; for example, by migrating them from
an on-premises SQL Server instance. Each server must have a globally unique name. The fully qualified
domain name (FQDN) of the server is in the form <server_name>.database.windows.net; for example,
abcde12345.database.windows.net.

When you create a server, you must specify the following information:

• A globally unique server name (when using the Azure portal, this is generated automatically).

• A login name and password for the administrative account that you will use to manage the server.

• The geographical region of the Azure data center where the server should be located.
• Whether or not to allow any other Azure services to connect to the server. Enabling access from any
other Azure service creates a firewall rule that permits access from the IP address 0.0.0.0.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 6-7

Importing an SQL Database

A common method of creating a new SQL database in Azure or populating a newly created SQL database
is importing its content from another database, such as one that an on-premises SQL Server instance is
hosting. This might be necessary when migrating an on-premises application to the cloud. It may also be
necessary because developers created a database by using a full-fledged development instance of SQL
Server in preparation for deploying it to a production environment in SQL Database.

The import process must take into account two types of content. The first content type is the database
schema, which contains definitions of all database objects. The second content type is the actual data
stored in each of the database objects.
There are two primary techniques you can use to migrate both types of content from a SQL Server–hosted
database to Azure SQL Database:

• Generate Transact-SQL scripts that capture all objects and their data in your SQL Server database, and
then run them in Azure SQL Database to create exact replicas of all objects and their data.

• Export a data-tier application (DAC) from SQL Server in the form of a .bacpac file and import it into
Azure SQL Database. The .bacpac file contains both the schema and the existing data.
Of these two techniques, using a DAC is the simpler way to migrate the database. In addition, the Import
option, which is available when you create new databases by using the Azure portal, facilitates this
approach. You can export and import the DAC by using SQL Server Management Studio and the Azure
SQL Database management portal, or you can use a wizard in SQL Server Management Studio to
automate the entire process. The Export Data-Tier Application Wizard in SQL Server Management Studio
allows you to specify an Azure storage account as the destination for an exported package. The Import
Data-Tier Application Wizard enables you to specify an Azure storage account as the source for
a package that you want to import. This makes it easy to migrate a database from SQL Server to Azure
SQL Database in two stages, while using Azure Storage as an intermediary storage location for the DAC
package. Alternatively, you can use the Deploy Database Wizard to export a SQL Server database as a
DAC package and import it into an Azure SQL database server in a single operation.

Creating a SQL Database by Using Copy

You can easily copy your existing database within a SQL Server instance in Azure or between two
SQL Servers in Azure that belong to the same subscription. You can do so from the Azure portal, or by
running the corresponding T-SQL Statement. Such an approach is useful for performing an impromptu
backup of the source database prior to making changes to it, or for creating its replica for testing
purposes.

You can create a copy of an existing SQL Database by running the following T-SQL statement. Note that
you must execute this command while connected to the master database of the Azure SQL server that will
host the copy.

CREATE DATABASE T-SQL statement

CREATE DATABASE destination_database_name
AS COPY OF [source_server_name.]source_database_name

Demonstration: Creating a New SQL Database by Using the Preview Azure

Portal
In this demonstration, you will see how to:

• Create a SQL database in the preview Azure portal.

• Identify a SQL database and the SQL database server properties in the preview Azure portal.
MCT USE ONLY. STUDENT USE PROHIBITED
6-8 Microsoft Azure Databases

Demonstration Steps
Create a SQL database in the preview Azure portal
1. Sign in to the preview Azure portal from a classroom computer.

2. Create a new SQL database by specifying its name, a Blank Database source, the name of a new Azure
SQL Server instance in a data center of your choice, a new resource group, selecting the pricing tier,
and providing admin credentials.
3. Add the newly created SQL database to Startboard.

Identify a SQL database and the SQL database server properties in the preview Azure
portal
1. Examine database properties such as pricing tier, status, maximum size, collation, creation date, and
server name.

2. Display database connection strings that you can use to connect to the SQL database from ADO.NET,
Open Database Connectivity (ODBC), PHP, or Java Database Connectivity–based (JDBC-based)
applications.

3. Examine the properties of SQL Server in Azure, such as server name, location, server admin login, and
resource group.

4. Examine default firewall rules in SQL Server in Azure.

Demonstration: Creating a New SQL Database by Using Copy in the Azure

Portal
In this demonstration, you will see how to:
• Identify a SQL database and the SQL database server properties in the Azure portal.

• Create a new SQL database by using Copy in the Azure portal.

Demonstration Steps
Identify a SQL database and the SQL database server properties in the Azure portal
1. Connect to SQL Database by using the Azure portal.

2. Identify the FQDN and the port number of the SQL server hosting the SQL database. View the SQL
database connection strings for ADO.NET, ODBC, PHP, and JDBC.

3. Examine the dashboard data, including information identifying the database and its status, in addition
to Manage URL that you can use to connect to the database in the next demonstration.

4. Review SQL Database statistics, such as deadlocks, storage usage, and failed and successful
connections.

5. Examine scaling options, allowing switching between service tiers.

6. Review configuration options, including automated, interval-based export of the database to a

storage account, providing you with a custom backup functionality.
7. Take note of geo-replication disaster recovery capabilities.

8. Locate Azure SQL Server properties.

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 6-9

9. Take note of the ability to create an additional firewall rule allowing access to the server and
all of its databases from your current IP address. Keep in mind that you can also accomplish this
automatically when connecting to the database from the Azure portal, which will be part of the next
demonstration.

Create a new SQL database by using Copy in the Azure portal

1. From the Azure portal, use the Copy option of SQL Database.

2. Keep Internet Explorer open for the next demonstration.

Connecting to a SQL Database

The primary purpose of the SQL Database service
is to provide data storage for applications that
deliver specific business functionality. However,
SQL Database must also facilitate easy access to
developers who create these applications, and to
database administrators and development
operations staff who assist developers. This topic
reviews different means of providing such access.

While you typically handle the creation and

management of SQL Databases on the database
level by using the Azure portal and the preview
Azure portal or Windows PowerShell, the ability to
perform create, read, update, and delete operations on database content requires a different approach.
The approach to connecting to SQL databases in Azure is similar to the approach for working with on-
premises SQL Server-hosted databases, allowing the use of the following tools:
• SQL Server Management Studio. You can use SQL Server Management Studio to connect to an
Azure SQL Database server and administer it in a manner similar to the management of SQL Server
instances. In hybrid IT environments, it is convenient to use the same tool to manage on-premises
or Azure IaaS-based SQL Server instances and SQL Database servers. However, it is important
to keep in mind that the graphical designers in SQL Server Management Studio are mostly
incompatible with Azure SQL Database. Therefore, you will have to perform their respective tasks
by executing Transact-SQL statements that provide equivalent functionality.
• sqlcmd. You can use the sqlcmd command-line tool to connect to Azure SQL Database servers and
execute Transact-SQL commands.

• Visual Studio. Developers can use Visual Studio to create SQL databases and to manage and query
their content.

In addition, as mentioned earlier in this module, the Azure portal includes a link to the web-based SQL
Database management interface in which you can perform database development and management
tasks, including executing Transact-SQL commands. The new preview portal does not implement this
feature.

It is important to remember that you must configure SQL Server firewall settings in Azure to explicitly
allow incoming connections originating from a non-Azure location. Effectively, if you intend to use the
tools listed above from an on-premises environment, you will first need to modify Azure SQL Server
firewall settings by allowing connectivity from the public IP address of the perimeter network device
through which you connect to the Internet. The Azure portal allows you to identify this IP address easily
and even automates creation of the corresponding rule if you use the web-based SQL Database
management interface. On the other hand, connections originating from any Azure subscription are
MCT USE ONLY. STUDENT USE PROHIBITED
6-10 Microsoft Azure Databases

allowed by default. While you can change this setting, you should consider the impact of such an action
on connections from your Azure-hosted applications that rely on SQL Database for data store.

In order to connect to SQL Database programmatically, applications use connection strings, which
you can readily extract from either of the Azure management portals for individual instances of SQL
Database, as illustrated in the previous demonstrations in this module. Keep in mind that SQL databases
are not capable of leveraging Windows Authentication, so you will need to rely on security principals at
the SQL Server level and database level to control authentication and authorization.

Demonstration: Connecting to a SQL Database

In this demonstration, you will see how to:

• Connect to a SQL database by using the Azure portal, which includes a web-based SQL Database
management interface.
• Connect to a SQL database by using SQL Server Management Studio.
• Connect to a SQL database from an Azure website.

Demonstration Steps
Connect to a SQL database by using the Azure portal, which includes a web-based
SQL Database management interface
1. Automatically generate a firewall rule that allows you to connect to the target SQL Database from the
public IP address of your edge device.
2. Navigate and log on to the web-based SQL Database management interface.

3. Examine the interface from which you can execute T-SQL scripts, define tables, views, or stored
procedures, create new databases, or even deploy data-tier applications.
4. Log off from the web-based SQL Database management interface.

Connect to a SQL database by using SQL Server Management Studio

1. From your classroom computer, start SQL Server Management Studio.
2. From SQL Server Management Studio, connect to SQL Server in Azure.

3. Create a new table in the SQL database in Azure by running the T-SQL command from SQL Server
Management Studio.
4. Populate the content of the newly created table by running the T-SQL command from SQL Server
Management Studio.

5. Query the content of the newly populated table by running the T-SQL command from SQL Server
Management Studio.

6. Close SQL Server Management Studio without saving and close “Management Portal” Internet
Explorer page.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 6-11

Connect to a SQL database from an Azure website

1. In the Azure portal, navigate to the AdatumWebxxxx website you published in preparation for this
demonstration.

2. Note that there are no connection strings.

3. Browse to the website. The page will display in a new Internet Explorer tab, showing an error resulting
from the failed connection to the data source.

4. Close the Internet Explorer tab.

5. Note the <connectionStrings> element in the Web.config file of the AdatumWebxxxx website that
you published from VS Express 2013 for Web, and point out that it is not valid.
6. From the Azure portal, create a new connection string entry, replacing the server_name with the
name of the SQL Server created in the first demonstration of this module:

o NAME: SQLAzureConnection

o VALUE: Data Source=server_name.database.windows.net;Initial Catalog=demoDb;User

ID=Instructor;Password=Pa$$w0rd;Encrypt=true;Trusted_Connection=false;

o SQL Database
7. Save the newly configured connection string.
8. Browse to the website.

9. Verify that the Website page displays the content of the dbo.demoTable table in the testDB database.
10. Close all Internet Explorer pages and VS Express 2013 for Web.

Discussion: Implementing Azure SQL Database in an Azure Solution

Azure SQL Database can serve as a relational
data store for a variety of other Azure services,
including Websites, Cloud Services, applications
running in Azure virtual machines, or mobile
applications that leverage Azure mobile services.

An organization might be deploying an Azure

SQL Database to store data for an Azure website
supporting Sales personnel. The website would
rely on the connection string configuration that
includes Azure SQL Database user credentials
to access the database content.

Question: How will your organization use

Azure SQL Database?
MCT USE ONLY. STUDENT USE PROHIBITED
6-12 Microsoft Azure Databases

Lab: Create a SQL Database in Azure

Scenario
A. Datum Corporation is expanding rapidly, and its Public Relations department wants to expand
its Internet-facing website and support its database, through which it publishes press releases and
interfaces with external marketing partners. You have decided that this is an ideal time to test the
database capabilities of Azure.

Objectives
After completing this lab, you will be able to:

• Create an Azure SQL Database.

• Create a table in an Azure SQL Database.

• Query the content of a table in an Azure SQL Database.

Estimated Time: 20 minutes

Exercise 1: Create a New SQL Database in Azure and Configure SQL Server
Firewall Rules
Scenario
You start your tests by creating a test database to which you will subsequently add some test tables. You
will then populate the tables with sample data.
The main tasks for this exercise are as follows:

1. Create a new SQL database by using the preview Azure portal.

2. Configure a SQL Server firewall rule by using Azure portal.

 Task 1: Create a new SQL database by using the preview Azure portal
1. Sign in to the preview Azure portal from a classroom computer.
2. Create a new SQL database by specifying its name, specifying the name of a new Azure SQL Server in
a data center of your choice, specifying a new resource group, selecting the pricing tier, and
providing admin credentials:

o DATABASE NAME: testDB

o SERVER NAME: Any valid unique name

o SERVER ADMIN LOGIN: Student

o PASSWORD: Pa$$w0rd

o CONFIRM PASSWORD: Pa$$w0rd

o LOCATION: Any available region

o DATABASE SOURCE: Blank Database

o PRICING TIER: B Basic

o RESOURCE GROUP: testRG

3. Add the newly created SQL Database to Startboard.

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 6-13

 Task 2: Configure a SQL Server firewall rule by using Azure portal

1. Switch back to the Azure portal, and verify that the SQL DATABASES page lists the testDB database.

2. On the SERVERS tab, verify that the uniquely named server you created is listed, and then configure
it to allow the current public IP address of your edge device.

Results: After completing this exercise, you should have created a Microsoft Azure SQL Database named
testDB on a new server with a name of your choice. You will have also configured Microsoft SQL Server
firewall rules in Azure, which allow connectivity from your on-premises management tools and
applications to the newly created SQL database in Azure.

Exercise 2: Add Data to a SQL Database in Azure by Using SQL Server

Management Studio
Scenario
You created a test database. Now it is time to create a test table, populate it with sample data, and verify
that data has been added by using SQL Server Management Studio.

The main tasks for this exercise are as follows:

1. Add a table to a SQL database in Azure by using SQL Server Management Studio.
2. Add data to a table of a SQL database in Azure by using SQL Server Management Studio.

3. Query a table of a SQL database in Azure by using SQL Server Management Studio.

 Task 1: Add a table to a SQL database in Azure by using SQL Server Management
Studio
1. On your classroom computer, start SQL Server Management Studio.
2. From SQL Server Management Studio, connect to SQL Server in Azure by specifying the following
information:

o Server type: Database Engine

o Server name: server_name.database.windows.net

o Authentication: SQL Server Authentication

o Login: Student
o Password: Pa$$w0rd

3. If the connection attempt fails indicating that the client IP address is not allowed to access the server,
note the IP address on the error message. Next, switch to Internet Explorer, on the server page, click
ADD TO THE ALLOWED IP ADDRESSES, and then add the IP address you noted. Click Save and
connect again. Note that it might take up to five minutes for this change to take effect
MCT USE ONLY. STUDENT USE PROHIBITED
6-14 Microsoft Azure Databases

4. Create a new table in the SQL database in Azure by running the following T-SQL command from SQL
Server Management Studio.

CREATE TABLE dbo.testTable

(
id integer identity primary key,
dataval nvarchar(50)
);
GO

5. Leave the SQL Server Management Studio open for the next task.

 Task 2: Add data to a table of a SQL database in Azure by using SQL Server
Management Studio
1. Populate the content of the newly created table by running the following T-SQL command from SQL
Server Management Studio.

INSERT INTO dbo.testTable

VALUES
(newid());
GO 100

2. Leave the SQL Server Management Studio open for the next task.

 Task 3: Query a table of a SQL database in Azure by using SQL Server Management
Studio
1. Query the content of the newly populated table by running T-SQL command from SQL Server
Management Studio. To generate the command, right-click dbo.testTable, point to Script Table as,
point to SELECT To, and then click New Query Editor Window.

2. Close SQL Server Management Studio and Internet Explorer.

Results: After completing this exercise, you should have created a test table in the SQL database in Azure
named testDB on an existing SQL Server in Azure with a name of your choice, populated it with sample
data, and queried its content.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 6-15

Module Review and Takeaways

Review Question
Question: What should you consider when choosing between on-premises SQL Server, SQL
Server in an Azure virtual machine, and Azure SQL Database?

Tools
• SQL Server Management Studio. You can use SQL Server Management Studio to connect to an
Azure SQL Database Server and administer it in a manner similar to the management of SQL Server
instances. In hybrid IT environments, it is convenient to use the same tool to manage on-premises or
Azure IaaS-based SQL Server instances and SQL Database servers. However, it is important to keep in
mind that the graphical designers in SQL Server Management Studio are mostly incompatible with
SQL Database in Azure. Therefore, you will have to perform their respective tasks by executing
Transact-SQL statements that provide equivalent functionality.

• sqlcmd. You can use the sqlcmd command-line tool to connect to Azure SQL Database servers and
execute Transact-SQL commands.
• Visual Studio. Developers can use Visual Studio to create SQL databases and to manage and query
their content.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
7-1

Module 7
Azure Active Directory
Contents:
Module Overview 7-1

Lesson 1: Overview of Azure AD 7-2

Lesson 2: Manage Authentication 7-12

Lab: Create Users in Azure Active Directory 7-17

Module Review and Takeaways 7-20

Module Overview
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management
solution. Its primary purpose is to provide authentication and authorization when accessing cloud-based
resources. However, you can also leverage its functionality to protect on-premises applications. In both
cases, you can further streamline and enhance secure access to sensitive services and data by taking
advantage of Azure AD’s single sign-on (SSO), federation, and Microsoft Azure Multi-Factor
Authentication capabilities.

In this module, you will learn how to create users, domains, and directories in Azure AD, integrate
applications with Azure AD, and use Multi-Factor Authentication.

Objectives
After completing this module, you will be able to:
• Manage Azure AD objects.

• Manage authentication.
MCT USE ONLY. STUDENT USE PROHIBITED
7-2 Azure Active Directory

Lesson 1
Overview of Azure AD
Azure AD is a cloud-based identity and access management solution. It is also a directory services
solution. It allows you to provide secure access to both cloud-based and on-premises applications
and services.

In this module, you will learn about the basic characteristics of the identity management and directory
services of Azure AD. The module starts by introducing these characteristics in the context of Active
Directory Domain Services (AD DS) in order to compare these two technologies.

Lesson Objectives
After completing this lesson, you will be able to:

• Explain how AD DS works.

• Explain how to extend the scope of AD DS.

• Describe Azure AD.

• Create domains and users in Azure AD.

• Assign users to applications.

What Is AD DS?
AD DS forms the foundation of enterprise
networks that run Windows operating systems.
The core component of AD DS is its database,
which provides the store for all AD DS objects,
such as user accounts, computer accounts, or
group accounts. The database schema defines
object types, typically referred to as classes,
and their individual properties, or attributes. The
database organizes objects in a customizable,
logical hierarchy consisting of containers and
organizational units (OUs). The database offers
resiliency by supporting multiple replicas hosted
on servers, which are referred to as domain controllers. The database constitutes the authoritative source
of identity data for domain objects, which means that AD DS functions primarily as an identity provider.

Identity Data
Identity, in the context of our course, is a set of data that uniquely identifies an entity, such as a user
or a computer. Identity describes the characteristics of the entity. It also provides information about
the entity’s relationships to other entities, by using groups of which similar or associated entities are
members, for example. AD DS domain controllers verify the authenticity of the identifying data in a
domain through authentication. Authentication typically requires that a user or computer attempting to
authenticate provide a set of credentials to the authenticating domain controller. As the result of this
process, the authenticating domain controller grants that user or computer a token representing its status
and privileges to other domain members. The user or computer subsequently uses the token to obtain
access to resources such as file shares, applications, or databases hosted on domain computers, through
the process of authorization. Authorization is based on the implicit trust that each domain member
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 7-3

computer maintains with domain controllers. The process of joining the domain establishes
this trust, permanently adding an account representing that computer to the AD DS database.

Directory Service
In addition, AD DS, as the name indicates, functions as a directory service, facilitating lookups of the
content of the AD DS database. AD DS–aware applications, such as Microsoft Exchange, which rely on
AD DS to store their configuration and operational parameters, use this functionality extensively. A range
of Windows Server roles whose names include the Active Directory designation, such as Active Directory
Certificate Services (AD CS), Active Directory Rights Management Services (AD RMS), and Active Directory
Federation Services (AD FS) leverage the same functionality. The AD DS database also stores management
data, which is critical for administering user and computer settings through Group Policy processing.

AD DS Configuration
AD DS uses Domain Name Service (DNS) for advertising its services. Effectively, each AD DS domain has a
unique DNS domain name. While it is possible to use multiple, distinct DNS namespaces within the same
domain, this is rather uncommon.

Each AD DS domain exists within an AD DS forest. A forest can contain multiple domains. All domains
in the same forest share the same schema. They implicitly trust each other, extending the scope of
authentication, authorization, and directory services lookups to all objects in the entire forest. If you want
to provide the same functionality across multiple forests, you need to create trust relationships between
them.
AD DS offers a high degree of versatility and customizability, due to its multipurpose nature and
its intended operational model as a fully managed infrastructure component. You can delegate its
permissions down to an individual attribute of a single object. Its replicated, distributed database is
capable of scaling up to host millions of objects, and scaling out to support multinational enterprises
with data centers located across multiple continents. You can extend its schema to accommodate custom
object types, although it is important to note that schema extensions are not fully reversible.

Extending the Scope of AD DS

AD DS offers significant business and
technological benefits. However, AD DS has
been designed for on-premises, independently
managed deployments, and most of its
characteristics reflect this underlying premise.
Its authentication and authorization mechanisms
rely largely on having domain member computers
permanently joined to the domain. The
communication with domain controllers involves
protocols such as Lightweight Directory Access
Protocol (LDAP) for directory services lookups,
Kerberos for authentication, and Server Message
Block (SMB) for downloading Group Policy data. None of these protocols is suitable for Internet
environments.

Multi-tenancy is very difficult to implement within a single domain. While it is possible to provide a higher
level of autonomy by deploying additional domains within the same forests, or by deploying multiple
forests with trust relationships between them, such arrangements are complex to set up and manage.
AD DS enables you to implement the desired mix of efficiency, control, security, and flexibility within
corporate networks, but is not well suited for today’s open, Internet-facing world, dominated by cloud
services and mobile devices.
MCT USE ONLY. STUDENT USE PROHIBITED
7-4 Azure Active Directory

Extending AD DS Authentication
One way to address this shortcoming is to extend the capabilities of AD DS by using an intermediary
system that handles translation of AD DS on-premises constructs and protocols (such as tokens and
Kerberos) into their Internet-ready equivalents. The AD FS server role and Web Application Proxy server
feature of Windows Server provide this functionality. As a result, users, devices, and applications can take
advantage of the authentication and authorization features of AD DS without having to be part of
the same domain or a trusted domain.

Concerning device authentication, one example of such capabilities is the Workplace Join feature,
introduced in Windows Server 2012 R2, which leverages AD DS, AD FS, and Web Application Proxy.
Workplace Join facilitates the registration of devices that are not domain-joined in an AD DS database.
This provides additional authentication and authorization benefits, including SSO to on-premises web
applications, and support for conditional access control policies that consider whether an access request
originated from a registered device.

Federation Support
The primary feature that AD FS and Web Application Proxy facilitate is federation support. A federation
resembles a traditional trust relationship, but relies on claims (contained within tokens) to represent
authenticated users or devices. It relies on certificates to establish trusts and to facilitate secure
communication with an identity provider. In addition, it relies on web-friendly protocols such as HTTPS,
Web Services Trust (WS-Trust), Web Services Federation (WS-Federation), or OAuth to handle transport
and processing of authentication and authorization data. Effectively, AD DS, in combination with AD FS
and Web Application Proxy, can function as a claims provider, capable of authenticating requests from
web-based services and applications that are not able to, or not permitted to, access
AD DS domain controllers directly.

Azure IaaS
You can also extend AD DS into the cloud in a different manner—by deploying AD DS domain controllers
into virtual machines based on Azure infrastructure as a service (IaaS). However, it is critical to ensure that
you protect such domain controllers from unauthorized external access. You may use such deployments
to build a disaster recovery solution for an existing on-premises AD DS environment, to implement a test
environment, or to provide local authentication and authorization to Azure-hosted cloud services that are
part of the same virtual network.

Overview of Azure AD
The previous topics in this module described
the role of AD DS as an identity provider, a
directory service, and an access management
solution. They also presented several ways of
accommodating authentication and authorization
requirements of Internet-based applications and
services by extending the features included in
AD DS. Cloud-based identity providers natively
support the same functionality. Azure AD is an
example of such a provider.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 7-5

It might be easy to view Azure AD simply as a cloud-based counterpart of AD DS. However, while they
share some common characteristics, there are also several significant differences between them.

Primarily, Azure AD is implemented as a Microsoft-managed service that is part of the platform as a

service offering. It is not a part of core infrastructure that customers own and manage, or an IaaS offering.
While this implies that you have less control over its implementation, it also means that you do not have
to dedicate resources to its deployment or maintenance. You also do not have to develop additional
functionality natively unavailable in AD DS, such as support for Multi-Factor Authentication, because this
is a part of Azure AD functionality.

Types of Tiers
Azure AD constitutes a separate Azure service. Its most elementary form, which any new Azure
subscription automatically includes, does not incur any extra cost and is referred to as Free tier.
Some advanced identity management features require paid versions of Azure AD, offered in the
form of Basic and Premium tiers. Some of these features are also automatically included in Azure
AD instances generated as part of Office 365 subscriptions. In addition to differences in functionality,
the Free tier is a subject to the 500,000-object limit and does not carry out any service level agreement
(SLA) obligations. Both Basic and Premium tiers do not impose restrictions on the total number of
directory objects and are bundled with 99.9 percent uptime SLA.

Tenants
Unlike AD DS, Azure AD is multi-tenant by design, and is implemented specifically to ensure isolation
between its individual directories. It is the world’s largest multi-tenant directory, hosting well over a
million directory services instances, with billions of authentication requests per week. The term tenant
in this context typically represents a company or organization that signed up for a subscription to a
Microsoft cloud-based service such as Office 365, Windows Intune, or Microsoft Azure, which leverages
Azure AD but also includes individual users.

Directories
When you create your first Microsoft cloud service subscription, you will also automatically generate
a new Azure AD directory instance, also referred to simply as directory. The directory is assigned the
default DNS domain name, consisting of a unique name of your choice followed by the onmicrosoft.com
suffix. It is possible and quite common to add at least one custom domain name that utilizes the DNS
domain namespace that the tenant owns. The directory serves as the security boundary and a container of
Azure AD objects, such as users, groups, and applications. It is possible for a single directory to support
multiple cloud service subscriptions.

The Azure AD schema contains fewer object types than the schema of AD DS. Most notably, it does
not include definition of the computer class, since there is no process of joining computers to Azure AD.
However, it does facilitate device registration, similar to the Workplace Join feature of AD DS. It is also
easily extensible, and its extensions are fully reversible.

The lack of support for domain membership means that you cannot use Azure AD to manage computers
or user settings by using Group Policy Objects (GPOs). Instead, its primary strength lies in providing
directory services; storing and publishing user, device, and application data; and handling the
authentication and authorization of the users, devices, and applications. These features are effective
and efficient in existing deployments of cloud services such as Office 365, which rely on Azure AD as their
identity provider and support millions of users.
MCT USE ONLY. STUDENT USE PROHIBITED
7-6 Azure Active Directory

Azure AD Identity Models

Applications are represented in Azure AD by objects of the Application class and servicePrincipal class,
with the former containing an application definition and the latter constituting its instance in the current
Azure AD directory. Separating these two sets of characteristics allows you to define an application in one
directory and use it across multiple directories by creating a service principal object for this application in
each directory. This facilitates deploying applications to multiple tenants.

Delegation model
Due to its operational model as software as a service (SaaS), and its lack of both management capabilities
via Group Policy settings and support for computer objects, the delegation model in Azure AD is
considerably simpler than the same model in AD DS. In all three tiers, there are several built-in roles,
including Global Administrator, Billing Administrator, Service Administrator, User Administrator, and
Password Administrator. Each of these roles provides different levels of directory-wide permissions to its
objects. By default, the administrators of the subscription hosting the Azure AD instance are its Global
Administrators, with full permissions to all objects in their directory instance. Some of the management
actions are invoked from the Azure portal leverage groups, but their availability depends on the Azure AD
tier. For example, in Azure AD Free, users can gain access to a set of designated applications via Access
Panel.

Additional Reading: The Access Panel is available at http://go.microsoft.com/fwlink

/?LinkID=517436.

With Azure AD Basic, you can also grant such access based on the group membership. The Premium tier
further extends this functionality by offering delegated and self-service group management, allowing
users to create and manage their own groups, and request membership in groups created by others.

Role-based access control

The delegation model described above applies to the graphical interface available in the full Azure portal.
The Preview Portal offers a much more flexible and granular way of restricting management of Azure
resources by implementing role-based access control. This mechanism relies on three built-in roles: owner,
contributor, and reader. Each of these roles performs a specific set of actions on Azure resources that are
exposed via the Preview Portal, resources such as websites or SQL databases. You can grant the intended
access by associating an Azure AD object (such as a user, group, or service principal) with a role and a
resource appearing in the Azure Preview Portal. Note that this approach applies only to resources that are
available via the Preview Portal.

Azure AD does not include the organizational unit class, which means that you cannot arrange its objects
into a hierarchy of custom containers, frequently used in on-premises AD DS deployments. This is not a
significant shortcoming, because organizational units in AD DS are used primarily for Group Policy
scoping and delegation. Instead, you can accomplish equivalent arrangements by organizing objects
based on their attribute values or group membership.

Authenticating Access to Azure Web Applications by Using Azure AD

The process of implementing Azure AD support for custom applications is rather complex and beyond the
scope of this course. However, the Azure portal and Microsoft Visual Studio 2013 make the process of
configuring such support more straightforward.
In particular, you can enable Azure AD authentication for Azure websites directly from the CONFIGURE
page in the Azure portal. By designating the Azure AD directory instance, you can ensure that only users
with accounts in that directory will be able to access the website. It is possible to apply different
authentication settings to individual deployment slots.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 7-7

In the case of Visual Studio 2013, when developing web application projects, you can choose to configure
authentication based on organizational accounts, automatically register the application with Azure AD,
and assign its access level to directory content. When using older versions of Visual Studio, you must
register the application manually. You can do this by adding its unique identifier, referred to as App ID
Uniform Resource Identifier (URI), to the target Azure AD instance from the Azure portal.

Azure AD Federations
In Azure AD, AD DS federations have replaced trust relationships between domains and forests.
This allows for the integration of its directories with cloud services and for interaction with directory
instances of other Azure AD tenants and other identity providers. For example, such federation trust exists
between Azure AD and the Microsoft identity provider that hosts Microsoft accounts (formerly known as
Live ID accounts). This means that an Azure AD directory user account can directly reference an existing
Microsoft account, making it possible to use the latter to sign in to Azure AD. You can also use AD FS and
Web Application Proxy to establish such federations with on-premises AD DS deployments.

The use of federations eliminates dependency on AD DS protocols, such as Kerberos, which are best suited
for on-premises, LAN-based communication that for which trust relationships were designed. Instead, the
federation traffic travels over cloud-friendly HTTPS, carrying WS-Trust, WS-Federation, SAML, or OAuth
messages. Instead of using LDAP-based lookups, Azure AD queries rely on AD Graph application
programming interface (API).

Azure AD Identity Support

Due to its built-in capabilities as an identity provider and support for federations, Azure AD provides
flexibility in designing an identity solution for your organizational or business needs. This gives you
three high-level design choices:
• Fully delegating authentication and authorization to Azure AD. Effectively, this means that identity
data, including user credentials, resides only in the cloud. You can define the identities directly
in Azure AD, or source them from existing Microsoft accounts, based on the federation with the
Microsoft identity provider. You may prefer this choice if you do not have an existing or significant
on-premises AD DS deployment.
• Maintaining an on-premises authoritative source of the identity data in AD DS, which is synchronized
in regular intervals to Azure AD. This way, Azure AD can authenticate and authorize users, but you
retain control over their state on-premises. This approach simplifies application support of AD DS
users who are not operating on-premises. It is also suitable in scenarios where a large number of
AD DS users rely on Azure Cloud Services, such as Office 365, to access their applications.

• Taking advantage of the AD FS capabilities that this topic covered earlier. This involves forming
a federation between your on-premises AD DS and Azure AD. Authentication requests submitted
to Azure Cloud Services are redirected from the cloud to your on-premises AD DS via the AD FS
server. In effect, this allows you to provide authentication and authorization to cloud-based services
by using your on-premises AD DS. This approach is similar to the second one, but its distinct
advantage is support for SSO.
MCT USE ONLY. STUDENT USE PROHIBITED
7-8 Azure Active Directory

Active Directory Synchronization and Azure AD

To implement the synchronization process
that was mentioned when discussing Azure AD
identity support, you can use any of the three
currently available synchronization tools: Directory
Synchronization (DirSync), Azure Active Directory
Sync Services (AAD Sync), and Azure AD Connect
(AADConnect). These are tools that automatically
synchronize user accounts from on-premises
AD DS to Azure AD. When you use directory
synchronization, on-premises user information
populates automatically for use in Azure AD.
The user name synchronizes as part of the
synchronization process. This simplifies user sign-in by guaranteeing that the user name is the same for
authentication on-premises and in Azure AD.

The following are scenarios for using directory synchronization:

• Cloud-based users. In this scenario, directory synchronization synchronizes user account information
to Azure AD, but the password is configured separately for the cloud-based user account. When a
user password changes on-premises, there is no method for keeping the passwords synchronized,
which might cause user confusion. Azure AD performs authentication.

• Cloud-based users with Password Sync. In this scenario, directory synchronization synchronizes user
account information and passwords to Azure AD. This method ensures that passwords are the same in
Azure AD and on-premises AD DS, to avoid user confusion when signing in. Azure AD performs
authentication.
• Federated users. In this scenario, directory synchronization synchronizes user account information to
Azure AD. However, Azure AD uses identity information to redirect users to a security token service
(STS), such as AD FS, for authentication. The STS, not Azure AD, performs authentication. Because the
STS performs authentication on the on-premises user account, there is no user confusion due to
multiple passwords.

AD FS and Azure AD
As organizations move services and
applications to cloud-based services, it
is increasingly important that they provide
a simple authentication and authorization
experience to their users. Cloud-based
services add another level of complexity
to the IT environment, because they are
located outside the direct administrative
control of IT administrators, and they can
run on many different platforms.

You can use AD FS to provide an SSO experience

to users across various available cloud-based
platforms. For example, once users authenticate with AD DS credentials, they could then access Azure-
based services such as websites or Cloud Services, Microsoft online services that rely on Azure AD
authentication, such as Exchange Online or Microsoft SharePoint Online, and SaaS applications integrated
with Azure AD.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 7-9

This functionality requires the use of the directory synchronization tools to synchronize user account
information from the on-premises deployment to the corresponding Azure AD tenant.

The steps listed below describe the process of signing in to a browser-based SaaS application integrated
with Azure AD when using AD FS. The steps describe what happens when a user tries to access an Azure-
based SaaS application by using a web browser:

1. The user opens a web browser and sends an HTTPS request to the SaaS application.

2. The SaaS application determines that the user belongs to an integrated Azure AD instance. The SaaS
application provider redirects the user to the user’s Azure AD instance.

3. The user’s browser sends an HTTPS authentication request to the Azure AD instance.
4. If the user’s Azure AD account represents a federated identity, the user’s browser is redirected again
to the on-premises federation server.

5. The user’s browser sends an HTTPS request to the on-premises federation server.

6. If the user is logged on to the on-premises AD DS domain, the federation server will automatically
request the AD DS authentication based on the user’s existing Kerberos ticket. Otherwise, the user will
be prompted to authenticate with the on-premises AD DS.
7. The AD DS domain controller authenticates the user, and then sends the successful authentication
message back to the federation server.

8. The federation server creates the claim for the user based on the rules defined as part of AD FS
configuration. The federation server places the claims data in a digitally signed security token and
forwards it to the user’s browser.

9. The user’s browser forwards the security token containing claims to Azure AD.
10. Azure AD verifies the validity of the AD FS security token based on the existing federation trust. It
creates a new token for the purpose of accessing the SaaS application, and sends it back to the user’s
browser.
11. The user uses the Azure AD–issued token to access the SaaS application.

Demonstration: Creating Domains and Users

In this demonstration, you will see how to:
• Create a directory and a custom domain and view the verification DNS records.

• Create a user account.

• Associate an Azure AD instance with the current Azure subscription.

• Configure an Azure AD user as an Azure subscription co-administrator.

Additional Reading: For information on creating or editing users, go to

http://go.microsoft.com/fwlink/?LinkID=517437.
MCT USE ONLY. STUDENT USE PROHIBITED
7-10 Azure Active Directory

Demonstration Steps
Create a custom domain and view the verification DNS records
1. Start Internet Explorer and sign in to the full Azure portal by using the Microsoft account that is
associated with your Azure subscription.

2. Add a new directory with the following settings:

o NAME: Contoso

o DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g. contoso123456)

o COUNTRY OR REGION: United States

3. Add a custom domain called contoso.com.

4. Identify DNS records that you need to create, in order to verify the newly created domain.

Create a user account

1. Create a user in the default directory with the following settings:
o USER NAME: adam

o FIRST NAME: Adam

o LAST NAME: Brooks

o DISPLAY NAME: Adam Brooks

o ROLE: Global Administrator

o ALTERNATE EMAIL ADDRESS: an alternate email address. In this case, we are using the Microsoft
account associated with the current Azure subscription

o Enable Multi-Factor Authentication: Not selected

2. Note the value for NEW PASSWORD.

3. As a backup, in the SEND PASSWORD IN EMAIL box, type the email address of your Azure
subscription.

Change the Azure AD instance associated with the current subscription

1. Change the Azure AD instance associated with the current subscription from the Default or current
Azure AD instance to the newly created Contoso Azure AD.

2. Note any existing co-administrators that will be removed as a result of the change.

Configure an Azure AD user as an Azure subscription co-administrator

1. Add the user account of Adam Brooks as a co-administrator of the current subscription.

2. Keep the portal tab open in preparation for the next demonstration.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 7-11

Demonstration: Assigning Users to Applications

In this demonstration, you will see how to:

• Add a directory application.

• Assign a directory application to a user.

Demonstration Steps
Add a directory application
• Add the Microsoft OneDrive application to the directory.

Assign a directory application to a user

1. Assign the Microsoft OneDrive application to Adam Brooks with single sign-on enabled.

2. Type your email address and password to provide SSO to the application for the user.
MCT USE ONLY. STUDENT USE PROHIBITED
7-12 Azure Active Directory

Lesson 2
Manage Authentication
Azure AD enhances authentication security and simplifies user experience by supporting Multi-Factor
Authentication and SSO. In this module, you will learn how to implement and take advantage of both of
these features.

Lesson Objectives
After completing this lesson, you should be able to:

• Describe the benefits of Multi-Factor Authentication that Azure AD provides.

• Describe the benefits of SSO that Azure AD provides.

• Configure Multi-Factor Authentication and SSO in Azure AD.

• Access applications via Access Panel.

Multi-Factor Authentication
The purpose of Multi-Factor Authentication
is to increase security. Traditional, standard
authentication requires knowledge of logon
credentials, typically consisting of a user name
and the associated password. Multi-Factor
Authentication adds an extra verification that
relies on either having access to a device that
is presumably in the possession of the rightful
owner or having physical characteristics of that
person, in the case of biometrics. This additional
requirement makes it considerably more difficult
for an unauthorized individual to compromise the
authentication process.

Microsoft Azure Multi-Factor Authentication

Microsoft Azure Multi-Factor Authentication is integrated into Azure AD. It allows the use of a phone
as the physical device providing a means of confirming the user’s identity. The process of implementing
Multi-Factor Authentication for an Azure AD user account starts when a user with the global administrator
role enables the account for Multi-Factor Authentication from the Azure portal. At the next logon
attempt, the user is prompted to set up the authentication by selecting one of the following options:
• Mobile phone. Requires the user to provide a mobile phone number. The verification can be in the
form of a phone call (at the end of which, the user must press the pound key) or a text message.

• Office phone. Requires the specification of the OFFICE PHONE entry of the user’s contact info in
Azure AD. The administrator must preconfigure this entry and the user cannot modify or provide this
entry at the verification time.

• Mobile app. Requires the user to have a smart phone on which he or she must install and configure
the mobile phone app.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 7-13

App passwords
As part of the verification process, the user can also generate app passwords. This is because the use
of Multi-Factor Authentication is limited to authenticating access to applications and services via a
browser. Effectively, it does not apply to traditional desktop applications or modern apps, such as
Microsoft Outlook, Microsoft Lync, or mobile apps for email. The user can then assign randomly
generated app passwords to individual apps by using their configuration settings.

App passwords can be a potential security vulnerability. Therefore, as an administrator, you can prevent all
directory users from creating app passwords. You also can invalidate all app passwords for an individual
user if the computer or device where the apps are installed is compromised.
Once the verification process is complete, Multi-Factor Authentication status for the user changes from
enabled to enforced. The same verification process repeats during every subsequent authentication
attempt. The Additional security verification option appears in the Access Panel, reflecting the status
change. From the Access Panel, you can choose and configure a different verification mechanism
and generate app passwords. Generating app passwords is especially important, because without app
passwords assigned, desktop apps and modern apps that rely on authenticated access to Azure AD
will fail to connect to Cloud Services.

Additional Reading: To read more about Azure Multi-Factor Authentication, go to

http://go.microsoft.com/fwlink/?LinkID=517438.

SSO via Access Panel

SSO allows users to access applications without
having to provide their username and password.
These applications include software as a service
(SaaS) applications available from the Azure AD
application gallery, in addition to custom
applications developed in-house, which reside on-
premises or have been published to Azure AD.
This is accomplished by leveraging one of two
distinct abilities of Azure AD. The first facilitates
secure storage of user credentials and the second
relies on support for federated trusts with other
cloud services and identity providers.
A number of commercial applications with SSO capabilities (such as Office 365, Box, or Salesforce) are
preconfigured for integration with Azure AD and published in its application gallery.

Additional Reading: To view the Azure AD application gallery, go to

http://go.microsoft.com/fwlink/?LinkID=517439.

Once Azure AD administrators have assigned these applications to users and configured them for
SSO, they automatically appear in the Access Panel. Individual users can sign in to the Access Panel by
providing their Azure AD credentials. However, users will not be prompted for their credentials when
opening the Access Panel or launching its applications if Azure AD has already authenticated their
cloud or federated account.
MCT USE ONLY. STUDENT USE PROHIBITED
7-14 Azure Active Directory

You can use the following three mechanisms to implement SSO support:

• Password-based SSO with Azure AD storing credentials for each user of a password-based SSO
application. When Azure AD administrators assign a password-based SSO app to an individual user,
they have the option to enter app credentials on the user's behalf. If users change their credentials
after being assigned an app, they can update their stored credentials directly from the Access Panel.
In this scenario, when accessing a password-based SSO app, users first rely on their Azure AD
credentials to authenticate to the Access Panel. When a user launches an app, Azure AD transparently
extracts the user's app-specific stored credentials and securely relays them to
its provider as part of the browser's session.

• Azure AD SSO, with Azure AD establishing a federated trust with federation-capable SSO applications.
In this case, adding an application to the Azure AD directory involves creating a federated trust with
the application. Effectively, the application provider relies on the Azure AD directory to handle the
user's authentication, and considers the user authenticated when the user launches the application.
• Existing SSO with Azure AD leveraging an existing federated trust between the application and
an SSO provider, such as AD FS. This is similar to the second mechanism because there are no
separate application credentials involved. However, in this case, the application provider trusts
an identity provider other than Azure AD. The Access Panel application entry redirects the
authentication request to that provider.
Effectively, Azure AD serves as a central point of managing application authentication and authorization.

You can also use Azure AD SSO functionality to control access to on-premises applications or applications
developed in-house. The Azure portal facilitates both of these scenarios by creating required application-
related objects in Azure AD. On-premises applications require additional configuration, which includes
installation of the application proxy connector on-premises and enabling application proxy in Azure AD.

Demonstration: Configuring Multi-Factor Authentication

In this demonstration, you will see how to:

• Configure the Office Phone property for an Azure AD user account.

• Enable Multi-Factor Authentication for an Azure AD user account.

Demonstration Steps

Configure the Office Phone property for an Azure AD user account

1. Sign in to the Azure portal by using your Azure subscription.
2. Enter an OFFICE PHONE number for Adam Brooks.

Configure Multi-Factor Authentication for an Azure AD user account

1. Launch the multi-factor authentication service portal.
2. Enable Multi-Factor Authentication for Adam Brooks.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 7-15

Demonstration: Accessing Applications Through the Access Panel

In this demonstration, you will see how to:

• Authenticate as a user with Multi-Factor Authentication enabled.

• Access SSO applications via the Access Panel.

Demonstration Steps
Authenticate as a user with Multi-Factor Authentication enabled
1. Sign in to the Access Panel at https://myapps.microsoft.com by using the adam user account.

2. Change the temporary password assigned to the adam user account.

3. Configure Multi-Factor Authentication verification options for the adam user account.

Access SSO applications via the Access Panel

1. From the Access Panel, install Access Panel Extensions. This will close all Internet Explorer windows.
2. Sign in again to the Access Panel by providing adam user account credentials.

3. Authenticate by using Multi-Factor Authentication.

4. Launch the Microsoft OneDrive application from the Access Panel.

5. Sign out from Microsoft OneDrive and from the Access Panel.

6. Close Internet Explorer.

Discussion: Implementing Azure AD in an Azure Solution

As an identity and access management
solution, Azure AD provides a range of
features that integrate with other cloud and
on-premises services. As mentioned earlier,
it is straightforward to leverage Azure AD to
implement authentication for Azure Websites,
Cloud Services, and web applications running
in Azure virtual machines. By specifying the Azure
AD directory instance for any of these scenarios,
you can ensure that only users with accounts in
that directory will gain access.

Similarly, you have the ability to delegate

management of any Azure AD service accessible via the Preview Portal by employing role-based
access control (RBAC). You can also use Azure AD accounts when designating Service Administrator and
Co-Administrator of a subscription.
Azure AD offers additional authentication enhancements, including Multi-Factor Authentication
and single sign-on for access to SaaS applications or cloud-based Web applications, including both
management portals.
MCT USE ONLY. STUDENT USE PROHIBITED
7-16 Azure Active Directory

In addition, directory synchronization with AD DS makes it possible to sign in to cloud-based applications

by using on-premises credentials.

As shown in the slide graphic, an organization might be deploying a web app for sales personnel to
Azure. They can use Azure AD to authenticate user requests to the app, and may choose to implement
Multi-Factor Authentication when sales personnel access the app via a browser or a mobile device.

Question: How will your organization use Azure AD?

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 7-17

Lab: Create Users in Azure Active Directory

Scenario
Now that you have configured several services in Microsoft Azure, you need to create user accounts for
employees to access the services securely. In the long term, you plan to migrate existing organizational
accounts to Azure, but, initially, you want to test Azure AD with a separate Azure AD directory instance.

Objectives
After completing this lab, you will be able to:

• Create an Azure AD directory.

• Create users in an Azure AD directory.

Estimated Time: 30 minutes

Exercise 1: Create an Azure AD Directory

Scenario
To prepare for testing user management in Azure AD, you first need to create a new Azure AD directory.
You will use the Azure portal to accomplish this task.

The main task for this exercise is as follows:

1. Create an Azure AD directory.

 Task 1: Create an Azure AD directory

1. In Internet Explorer, browse to http://azure.microsoft.com and sign in to the Azure portal by using
the Microsoft account that is associated with your Azure subscription.
2. Create a new directory within the existing subscription with the following settings:

o DIRECTORY: Create new directory

o NAME: Adatum
o DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g. adatum123456)

o COUNTRY OR REGION: United States

Results: After completing this exercise, you will have created a new Microsoft Azure Active Directory
(Azure AD) directory by using the Azure portal.
MCT USE ONLY. STUDENT USE PROHIBITED
7-18 Azure Active Directory

Exercise 2: Create Users in Azure Active Directory

Scenario
To test Azure AD functionality, you already created a test directory. Now it is time to create test user
accounts, add an existing Microsoft Account, and configure that account as a Global Administrator of
the directory. You will use the Azure portal to accomplish this task.

The main tasks for this exercise are as follows:

1. Create users in an Azure AD directory.

2. Add a Microsoft account to an Azure AD directory.

3. Configure a user account as a Global Administrator of an Azure AD directory.

4. View Azure AD directory users and administrators.

 Task 1: Create users in an Azure AD directory

1. Create the following user in the Adatum directory:
o USER NAME: deanna

o FIRST NAME: Deanna

o LAST NAME: Ball

o DISPLAY NAME: Deanna Ball

o ROLE: User

o Enable Multi-Factor Authentication: Not selected

2. Note the value for NEW PASSWORD; as a backup, in the SEND PASSWORD IN EMAIL box, type the
email address of your Azure subscription.

3. Create the following user in the Adatum directory:

o USER NAME: kari

o FIRST NAME: Kari

o LAST NAME: Tran

o DISPLAY NAME: Kari Tran

o ROLE: Global Administrator

o Enable Multi-Factor Authentication: Not selected

4. Note the value for NEW PASSWORD; as a backup, in the SEND PASSWORD IN EMAIL box, type the
email address of your Azure subscription

 Task 2: Add a Microsoft account to an Azure AD directory

• Add an Azure AD user with the following settings:

o TYPE OF USER: User with an existing Microsoft account

o USER NAME: type the name of an existing Microsoft account that the instructor provided

o FIRST NAME: Leave blank

o LAST NAME: Instructor

o DISPLAY NAME: Instructor

o ROLE: User
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 7-19

 Task 3: Configure a user account as a Global Administrator of an Azure AD directory

• Configure the Instructor account as the Global Administrator of the Adatum Azure AD directory.

 Task 4: View Azure AD directory users and administrators

1. Use the USERS tab of the Adatum Azure AD directory to view all user accounts, including Microsoft
accounts that have been added to the directory.

2. Use the multi-factor authentication page to view members of built-in Azure AD organizational
roles.

Results: After completing this exercise, you will have used the Azure portal to create an Azure AD
directory user account, add a Microsoft Account to Azure AD directory and configure it as a Global
Administrator, and view the results of these actions.
MCT USE ONLY. STUDENT USE PROHIBITED
7-20 Azure Active Directory

Module Review and Takeaways

Review Question
Question: What are some benefits of using Azure AD as an identity provider?
MCT USE ONLY. STUDENT USE PROHIBITED
8-1

Module 8
Microsoft Azure Management Tools
Contents:
Module Overview 8-1

Lesson 1: Azure PowerShell 8-2

Lesson 2: The Azure SDK and the Azure Cross-Platform Command-Line

Interface 8-8

Lab: Using Microsoft Azure Management Tools 8-12

Module Review and Takeaways 8-15

Module Overview
The Microsoft Azure portals provide a graphical interface for managing your Azure subscriptions
and services. However, for certain management tasks and operations, the Azure portals might not
be the best management tools to use. Typically, as a developer, you might want to automate some
management tasks by creating reusable scripts, or combine management of Azure resources with
management of other network and infrastructure services. To enable you to manage Azure by using
a command-line interface, Microsoft provides Windows PowerShell and the Azure Cross-Platform
Command-Line Interface. In addition to these command-line tools, you can use Microsoft Visual Studio
2013 to manage aspects of your Azure subscription.

Objectives
After completing this module, you will be able to:
• Describe and use Windows Azure PowerShell to manage your Azure subscription.

• Describe and use Microsoft Visual Studio and the Azure Cross-Platform Command-Line Interface
to manage your Azure subscription.
MCT USE ONLY. STUDENT USE PROHIBITED
8-2 Microsoft Azure Management Tools

Lesson 1
Azure PowerShell
Windows PowerShell provides a scripting platform that you can use to manage Windows operating
systems. You can extend the Windows PowerShell platform to a wide range of other infrastructure
elements, including Azure, by importing modules of encapsulated code called cmdlets. This lesson
explores how you can use Windows PowerShell to connect to an Azure subscription, and provision
and manage Azure services.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe Windows PowerShell.

• Describe how to use Azure PowerShell.

• Explain how to manage Azure accounts and subscriptions by using the Azure PowerShell module.

• Install the Azure PowerShell module and connect to Azure by using the account credentials.

Introduction to Windows PowerShell

Windows PowerShell is a scripting language
and command-line interface that is designed to
help you perform day-to-day administrative tasks.
Windows PowerShell constitutes cmdlets that
you execute at a Windows PowerShell command
prompt, or combine into Windows PowerShell
scripts.
An increasing number of Microsoft products
have graphical interfaces that build Windows
PowerShell commands. These products allow you
to view the generated Windows PowerShell script
so that you can execute the task at a later time
without having to complete all of the steps in the GUI. The ability to automate complex tasks simplifies a
server administrator’s job and saves time.
You can extend Windows PowerShell functionality by adding modules. For example, the Azure
module includes Windows PowerShell cmdlets that are specifically useful for performing Azure–related
management tasks. Windows PowerShell includes features such as tab completion, which allows
administrators to complete commands by pressing the tab key rather than having to type the complete
command. You can learn about the functionality of any Windows PowerShell cmdlet by using the
Get-Help cmdlet.

Windows PowerShell cmdlets use a verb-noun syntax. Each noun has a collection of associated verbs. The
available verbs vary with each cmdlet’s noun.

Common Windows PowerShell cmdlet verbs include:

• Get

• New

• Set
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 8-3

• Restart

• Resume

• Stop

• Suspend

• Clear

• Limit

• Remove

• Add

• Show

• Write

You can view the available verbs for a particular Windows PowerShell noun by executing the following
command:

Get-Command -Noun NounName

You can view the available Windows PowerShell nouns for a specific verb by executing the following
command:

Get-Command -Verb VerbName

Windows PowerShell parameters start with a dash. Each Windows PowerShell cmdlet has its own
associated set of parameters. You can learn what the parameters are for a particular Windows PowerShell
cmdlet by executing the following command:

Get-Help CmdletName

You can determine which Windows PowerShell cmdlets are available by executing the Get-Command
cmdlet. The Windows PowerShell cmdlets that are available depend on which modules are loaded. You
can load a module by using the Import-Module cmdlet.

Introduction to Azure PowerShell

Before you can use Windows PowerShell to
manage Azure services, you must ensure that
Windows PowerShell is installed, and then you
must add the required Windows PowerShell
modules. There are two Windows PowerShell
libraries that you can install to manage Azure.

• Azure PowerShell. This is the primary

Windows PowerShell library for managing
Azure services, and you can install it using
the Microsoft Web Platform Installer.

Additional Reading: To view the link to

the latest version of Azure PowerShell, go to
http://go.microsoft.com/fwlink/?LinkID=517448.
MCT USE ONLY. STUDENT USE PROHIBITED
8-4 Microsoft Azure Management Tools

Azure PowerShell includes the following modules:

o Azure. A core set of cmdlets for managing Azure services.

o AzureResourceManager. A set of cmdlets for managing resource groups.

o AzureProfile. A set of cmdlets for managing authentication and execution context.

In many cases, this is the only Azure PowerShell library that you require. The Azure PowerShell
module has a dependency on the Microsoft .NET Framework 4.5, and the Web Platform Installer
checks for this during installation.
• Azure AD PowerShell. If you plan to implement Active Directory (AD) in Azure, you can install the
Azure AD PowerShell library to manage users, groups, and other aspects of the directory from
Windows PowerShell. Before you can install the Azure AD module, you must install the Microsoft
Online Services Single Sign-In Assistant.

Additional Reading: You can obtain both of these components from

http://go.microsoft.com/fwlink/?LinkID=517449.

Managing Azure Accounts and Subscriptions with Windows PowerShell

After you install the Azure PowerShell module,
you must connect it to the Azure subscriptions
that you want to manage with it. Connecting
to the Azure subscriptions requires that you
authenticate, and you can take two approaches
to accomplish this: Azure AD authentication and
certificate-based authentication.
• Azure AD Authentication. You can use
Azure AD authentication to sign in to an
Azure account using one of the following
types of credential:

o A Microsoft account associated with an

Azure subscription.
o An organizational account defined in Azure Active Directory.

To connect an Azure account to the local Windows PowerShell environment, you can use the
Add-AzureAccount cmdlet. This opens a browser window through which you can interactively
sign in to Azure by entering a valid user name and password.

Azure AD authentication is token-based, and after signing in, the user remains authenticated until the
authentication token expires. The expiration time for an Azure AD token is 12 hours, although you
refresh it in the Windows PowerShell session.

After you have authenticated, you can use the Get-AzureAccount cmdlet to view a list of Azure
accounts you have associated with the local Windows PowerShell environment, and you can
use the Get-AzureSubscription cmdlet to view a list of subscriptions associated with those
accounts. If you have multiple subscriptions, you can set the current subscription by using the
Set-AzureSubscription cmdlet with the name of the subscription that you want to use.

• Certificate-Based Authentication. Most tools for managing Azure support Azure AD authentication,
and we recommend that you use the authentication model. However, in some cases it might be more
appropriate to authenticate by using a management certificate. Certificate-based authentication is
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 8-5

appropriate, for example, when you use earlier versions of tools that do not support Azure AD
authentication, or when you use Windows PowerShell scripts that will run for long periods of time
during which an authentication token might expire.

Note: An Azure management certificate is an X.509 (v3) certificate that associates a

client application or service with an Azure subscription. You can use an Azure-generated
management certificate, or you can generate your own by using your organization’s public
key infrastructure (PKI) solution or a utility such as Makecert.

You can view the information and certificate for your Azure subscription by using the Get-
AzurePublishSettingFile cmdlet. This cmdlet downloads a .publishsettings file that contains
information and a certificate for your Windows Azure subscription.

Note: The downloaded file is used by the Import-AzureSubscription cmdlet and is an

XML file with a ".publishsettings" extension.

Using Azure PowerShell Cmdlets

After you have connected your Windows PowerShell environment to your Azure subscription, you
can use Azure cmdlets to view, provision, and manage Azure services. The Azure PowerShell library
provides two operational modes. In one mode, cmdlets from the Azure module are available, and in
the other mode, cmdlets from the AzureResourceManager module are available. Cmdlets from the
AzureProfile module are available in both modes.
To switch between modes, you can use the Switch-AzureMode cmdlet, which is defined in the
AzureProfile module.

Using the Switch-AzureMode cmdlet

# Switch to Resource Manager mode (activate the AzureResourceManager module)
Switch-AzureMode -Name AzureResourceManager

# Switch back to service manager mode (activate the Azure module)

Switch-AzureMode -Name AzureServiceManagement

Service Management Mode

By default, the Azure module is active and Azure PowerShell is in the Service Management mode. The
Azure module contains a comprehensive set of cmdlets, which you can use to view, create, and manage
individual Azure services in your subscription. For example, you can use the New-AzureWebsite cmdlet
to create an Azure website, or use the Get-AzureStorageAccount cmdlet to get a reference to an
existing storage account.

For a full list and summary description of the cmdlets in the Azure module, you can use the Windows
PowerShell Get-Command cmdlet. To display syntax for a specific Azure cmdlet, you can use the
Get-Help cmdlet.

Viewing information about Azure module cmdlets

# Get a list of cmdlets in the Azure module
Get-Command -Module Azure | Get-Help | Format-Table Name, Synopsis

# Get the syntax for a specific cmdlet

Get-Help New-AzureVM

# Get an example
Get-Help New-AzureVM –Example
MCT USE ONLY. STUDENT USE PROHIBITED
8-6 Microsoft Azure Management Tools

Resource Manager Mode

In Resource Manager mode, you can use Windows PowerShell to create and manage Azure resources in
resource groups. This approach makes it easier to manage related sets of resources as a unit. For example,
you could use the Get-AzureResourceGroup cmdlet to get a reference to an existing resource group, or
use the Remove-AzureResourceGroup cmdlet to remove a resource group and
all the resources that it contains.

You can use the Get-Command and Get-Help cmdlets to view information about the cmdlets in the
AzureResourceManager module.

Viewing information about AzureResourceManager cmdlets

# Switch to Resource Manager mode
Switch-AzureMode -Name AzureResourceManager

# Get a list of cmdlets in the AzureResourceManager module

Get-Command -Module AzureResourceManager | Get-Help | Format-Table Name, Synopsis

# Get the syntax for a specific cmdlet

Get-Help Remove-AzureResourceGroup

# Get an example
Get-Help Remove-AzureResourceGroup -Example

Note: The AzureResourceManager module is currently in preview, and it does

not support all the functionality in the Azure module. Additionally, you cannot use the
AzureResourceManager module in a certificate-based authentication session.

Demonstration: Installing the Azure PowerShell Module and Connecting to

Azure by Using Account Credentials
In this demonstration, you will see how to:
• Install the Windows PowerShell Azure module.

• Connect to your Azure subscription.

• Use Azure PowerShell cmdlets.

Demonstration Steps
Install Windows PowerShell Azure Module
• Download and install the Windows PowerShell modules for Azure from
http://azure.microsoft.com/en-us/downloads/.

Connect to your Azure subscription

1. Start the Windows PowerShell interactive scripting environment (ISE) as Administrator.

2. Add your Azure account to the local PowerShell environment by using Azure AD authentication.
When prompted, sign in using the Microsoft account associated with your Azure subscription:

Add-AzureAccount
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 8-7

Use Azure PowerShell Cmdlets

1. Verify that your account and subscription are connected to the local PowerShell environment:

Get-AzureAccount
Get-AzureSubscription

Note: If you have more than one subscription, you must select the Azure Pass subscription.
Run the following command:
select-azuresubscription -subscriptionName "Azure Pass"

2. Create a new website and view its properties. Substitute the #### with a random number.

New-AzureWebsite MySite####

Note: Tip: You can use the Test-AzureName –Website cmdlet to check for an unused
name.

get-AzureWebsite MySite####

3. Use the following commands to shut down any running virtual machines, services, or websites:

Get-AzureWebsite | stop-AzureWebsite
Get-AzureService | stop-AzureService

4. When you have finished, close Windows PowerShell ISE.

MCT USE ONLY. STUDENT USE PROHIBITED
8-8 Microsoft Azure Management Tools

Lesson 2
The Azure SDK and the Azure Cross-Platform Command-
Line Interface
The Azure Software Developers Kit (SDK) enables developers that are familiar with Visual Studio to
use these skills to develop apps, websites, web apps, and web services for Microsoft Azure. The Azure
Cross-Platform Command-Line Interface provides administrators with a scriptable command-line tool with
which they can administer their Microsoft Azure subscription and Azure services. This lesson discusses
these tools.

Lesson Objectives
After completing this lesson, you will be able to:

• Describe the components of the Azure SDK.

• Describe the Azure Cross-Platform Command-Line Interface.

• Explain how to install and use the Azure Cross-Platform Command-Line Interface.

What Is the Azure SDK?

The Azure Software Developers Kit (SDK) for .NET
is a group of Visual Studio tools, command-line
tools, runtime binaries, and client libraries that
your development team can use to develop, test,
and deploy apps that run in Azure.

Note: Developers can use Visual Studio

2013 to create a variety of apps: Windows Store
apps, Windows Phone apps, desktop apps, web
apps, and web services. Developers can code in
Visual Basic, Visual C#, Visual C++, Visual F#, and
JavaScript. Developers also can develop their apps
in different languages.

Note: You can download the SDK from the Azure Downloads page.

The Azure SDK for .NET installs the following products:

• Microsoft Visual Studio Express for Web. Provides you with tools to create standards-based websites
using ASP.NET. You can publish your web application directly to Azure from the IDE.

Note: If your local computer does not have Visual Studio installed, then the Azure SDK
installs Visual Studio Express for Web.

• Microsoft ASP.NET and Web Tools for Visual Studio. Enables you to work with your Azure-based
websites to:
o Publish web projects to Azure websites.

o Publish console application projects.

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 8-9

o Create Azure websites and Windows Azure SQL Database resources.

o Create Windows PowerShell deployment scripts.

o Manage and troubleshoot Azure Websites.

• Microsoft Azure Tools for Microsoft Visual Studio. Enables you to work with Azure Cloud Services and
virtual machines to:

o Create, open, and publish cloud service projects.

o Create deployment packages for cloud service projects.

o Create Azure virtual machines.

o Create Windows PowerShell scripts.

o View and manage cloud service project settings.

o View and manage cloud services, virtual machines, and Service Bus.

• Microsoft Azure Authoring Tools. Includes the following:

o The CSPack command-line tool for creating deployment packages.

o The CSEncrypt command-line tool for encrypting passwords that you can use to access cloud
service role instances using a remote desktop connection.
o Runtime binaries that cloud service projects require for communicating with their runtime
environment and for diagnostics.

• Microsoft Azure Emulator. Simulates the cloud service environment so that you can test cloud service
projects locally on your computer before you deploy them to Azure.

• Microsoft Azure Storage Emulator. Uses a SQL Server instance and the local file system to simulate
Azure Storage (queues, tables, and blobs), so that you can test locally.
• Microsoft Azure Storage Tools. Installs AzCopy, a command-line tool that you can use to transfer data
into and out of an Azure Storage account.

Note: AzCopy is a command-line utility designed for high-performance uploading,

downloading, and copying data to and from Microsoft Azure blob and file storage.

• Microsoft Azure Libraries for .NET. include:

o NuGet packages for Azure Storage, Service Bus, and Caching that are stored on your computer so
that Visual Studio can create new cloud service projects while it is offline.

Note: NuGet is the package manager for the Microsoft development platform.

o A Visual Studio plug-in that enables Azure In-Role Cache projects to run locally in Visual Studio.

Note: In-Role Cache allows you to host caching within your roles. This cache can be used
by any roles within the same cloud service deployment.

• LightSwitch for Visual Studio publishing add-on. You can use this add-on to publish LightSwitch
projects to Azure Websites.
MCT USE ONLY. STUDENT USE PROHIBITED
8-10 Microsoft Azure Management Tools

Note: Both the Visual Studio Updates and the Azure SDK for .NET include the LightSwitch
add-on. By installing the SDK, you can ensure that you have the latest version of the add-on.

Introduction to the Azure Cross-Platform Command-Line Interface

The Azure Cross-Platform Command-Line
Interface provides a set of cross-platform
commands that you use to work with the Azure
your Azure subscription. Azure Cross-Platform
Command-Line Interface provides much of the
same functionality found in the Azure portal,
such as the ability to manage websites, virtual
machines, mobile services, SQL Database, and
other services.

Additional Reading: To download the

Azure Cross-Platform Command-Line Interface, go
to http://go.microsoft.com/fwlink/?LinkID=517448.

After you have installed the Azure Cross-Platform Command-Line Interface, you must sign in to your
Azure subscription. You can either sign in by using an organizational account, or by downloading and
using a publish settings file.

Note: Using a publish settings file has security implications because the file is stored in
plain text and contains the information necessary to sign in to your subscription.

Use the following procedure to sign in by using an organization account:

1. Open Windows PowerShell.
2. Run the azure login command. You will be prompted for a username and password.

To sign in using a publish settings file, perform the following procedure:

1. Open Windows PowerShell.

2. Run the azure account download command.

Note: If you are not already connected to your Azure subscription, you will be prompted to
sign in.

3. A web browser window opens. You are prompted to download the publish settings file. This file has a
.publishsettings extension.

4. Run the azure account import [path to .publishsettings file] command.

You now can use the azure command from the Windows PowerShell command-line to manage your
Azure subscription.

Note: All commands must be preceded with the word azure.

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 8-11

You can manage Azure services easily from the command prompt. For example, you can manage your
websites by using the Azure Cross-Platform Command-Line Interface.

Use the following command to create a new website:

azure site create mywebsite

Use this command to list your websites:

azure site list

The following command will delete a named website:

azure site delete mywebsite

Demonstration: Installing and Using the Azure Cross-Platform Command-

Line Interface
In this demonstration, you will see how to:
• Install the Microsoft Azure cross-platform command-line tools.

• Use the Microsoft Azure cross-platform command-line tools.

Demonstration Steps
Install the Microsoft Azure cross-platform command-line tools
1. Switch to the Web Platform Installer 5.0 window.
2. Install the Microsoft Azure cross-platform command-line tools.

Use the Microsoft Azure cross-platform command-line tools

1. Open Windows PowerShell ISE.
2. Export the account information required to sign in to your Azure subscription.

Azure account download

3. Import the account information, and then sign in to your Azure subscription.

Azure account import filename

4. List all available websites within your subscription.

Azure site list

5. Stop the website:

Azure site stop MySite####

6. Close all open applications.

MCT USE ONLY. STUDENT USE PROHIBITED
8-12 Microsoft Azure Management Tools

Lab: Using Microsoft Azure Management Tools

Scenario
Much of your on-premises administration is automated with Windows PowerShell scripts, and you have
decided to test the use of Windows PowerShell and the Microsoft Azure cross-platform command-line
tools with Microsoft Azure to help to automate administrative tasks.

Objectives
After they complete this lab, the students will have:

• Installed and used Azure PowerShell.

• Installed and used the Azure cross-platform command-line tools.

• Shut down any running Azure websites, virtual machines, or services.

Lab Setup
Estimated Time: 20 minutes
Sign in to your local host computer by using the credentials your instructor provides.

Note: To complete the lab in this module, you must have completed the labs in Module 1
of this course.

Exercise 1: Use the Azure PowerShell Modules

Scenario
In this exercise, you will install and use the Windows PowerShell module for Microsoft Azure.
The main tasks for this exercise are as follows:

1. Install the Windows PowerShell Azure module.

2. Connect to your Azure subscription.
3. Use Azure PowerShell cmdlets.

 Task 1: Install the Windows PowerShell Azure module

• Download and install the Windows PowerShell modules for Azure from
http://azure.microsoft.com/en-us/downloads/.

 Task 2: Connect to your Azure subscription

1. Start the Windows PowerShell interactive scripting environment (ISE) as Administrator.

2. Add your Azure account to the local PowerShell environment by using Azure AD authentication.
When prompted, sign in by using the Microsoft account associated with your Azure subscription.

Add-AzureAccount
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 8-13

 Task 3: Use Azure PowerShell cmdlets

1. Verify that your account and subscription are connected to the local Windows PowerShell
environment:

Get-AzureAccount
Get-AzureSubscription

Note: If you have more than one subscription, you must select the Azure Pass subscription.
Run the following command:
select-azuresubscription -subscriptionName "Azure Pass"

2. Create a new website, and view its properties. Substitute the #### with a random number. Use the
same number in both commands.

New-AzureWebsite MySite####

Note: Tip: You can use the Test-AzureName –Website cmdlet to check for an unused
name.

get-AzureWebsite MySite####

3. When you have finished, leave Windows PowerShell ISE running.

4. In Internet Explorer, open a new tab and browse to http://azure.microsoft.com, click Portal, and
then sign in using the Microsoft account that is associated with your Azure subscription. Verify that
your website exists.

Results: After you complete this exercise, you will have successfully installed and used the Windows
PowerShell module for Microsoft Azure.

Exercise 2: Use the Azure Cross-Platform Command-Line Interface

Scenario
In this exercise, you will install and use the Microsoft Azure cross-platform command-line tools.

The main tasks for this exercise are as follows:

1. Install the Microsoft Azure cross-platform command-line tools.

2. Use the Microsoft Azure cross-platform command-line tools.

3. To prepare for the end of the course.

 Task 1: Install the Microsoft Azure cross-platform command-line tools

1. Switch to the Web Platform Installer 5.0 window.
2. Install the Microsoft Azure cross-platform command-line tools.
MCT USE ONLY. STUDENT USE PROHIBITED
8-14 Microsoft Azure Management Tools

 Task 2: Use the Microsoft Azure cross-platform command-line tools

1. Close Windows PowerShell ISE.

2. Reopen Administrator: Windows PowerShell ISE.

3. At the command prompt, type the following command, and then press Enter. This command
downloads the credentials that you need to connect to your Azure subscription.

Azure account download

Note: If you are prompted, sign in to your Azure subscription.

4. Internet Explorer is opened and you are prompted to download a file. This is your published settings
file. Click the down arrow next to Save, and then click Save As.

5. In the Save As dialog box, in the navigation pane, double-click Local Disk (C:), double-click Labfiles,
and then click Save.
6. Switch to Administrator: Windows PowerShell ISE.
7. At the command prompt, type the following command. This command imports the credentials that
you need to connect to your Azure subscription.

Note: When you type C:\labfiles\, Intellisense prompts you to select a file. Click the file you
created earlier and press Tab.

Azure account import C:\labfiles\

8. Press Enter to complete the import command.

9. At the command prompt, type the following command, and then press Enter.

Azure site list

10. At the command prompt, type the following command, and then press Enter. Substitute the ####
with the number you used in the last lesson to create your website.

Azure site stop MySite####

 Task 3: To prepare for the end of the course

1. In Windows PowerShell ISE, in the command windows, use the following commands to shut down any
running Azure virtual machines, services, or websites:

Get-AzureWebsite | stop-AzureWebsite
Get-AzureService | stop-AzureService

2. When you have finished, close Windows PowerShell ISE.

Results: After completing this exercise, you will have installed and used the Microsoft Azure cross-
platform command-line tools successfully.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals 8-15

Module Review and Takeaways

Review Question
Question: With Azure PowerShell, what is one advantage of using certificate authentication
over Azure AD authentication when you run long Windows PowerShell scripts?
MCT USE ONLY. STUDENT USE PROHIBITED
8-16 Microsoft Azure Management Tools

Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your learning experience.

Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential and will use your responses to
improve your future learning experience. Your open and honest feedback is valuable and appreciated.
MCT USE ONLY. STUDENT USE PROHIBITED
L1-1

Module 1: Getting Started with Microsoft Azure

Lab: Use the Microsoft Azure Portal
Exercise 1: Add a Co-Administrator
 Task 1: Connect to the Azure Portal
1. Ensure that you are signed in to your local host.

2. If necessary, start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in
using the Microsoft account that is associated with your Azure subscription.

 Task 2: Add a co-administrator

1. In Internet Explorer, in the Microsoft Azure management portal, click ACTIVE DIRECTORY.

2. In the active directory list, click the Default Directory.

3. Click USERS.

4. Click ADD USER.

5. In the Tell us about this user dialog box, enter the following settings, and then click Next:

o TYPE OF USER: New user in your organization

o USER NAME: ChadC

6. In the user profile dialog box, enter the following settings, and then click Next:

o FIRST NAME: Chad

o LAST NAME: Corbitt

o DISPLAY NAME: Chad Corbitt

o ROLE: User

o Enable Multi-Factor Authentication: Not selected

7. Click create.

8. On the Get temporary password page, note the value for NEW PASSWORD. As a backup, in the
SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription.

9. Click Complete.

10. Verify that the new user account has been created. Take note of the entry in the USER NAME
column. This user name will be required for the next part of this lab.

11. In Internet Explorer, in the Microsoft Azure management portal, in the navigation pane, click
SETTINGS.

12. In the settings pane, click the ADMINISTRATORS tab.

13. At the bottom of the screen, click ADD.

MCT USE ONLY. STUDENT USE PROHIBITED
L1-2 Getting Started with Microsoft Azure

14. In the Specify a co-administrator for subscriptions dialog box, in the EMAIL ADDRESS box, type
the USER NAME value you recorded earlier.

15. Select the check box next to your subscription in the SUBSCRIPTION list below, and then click OK
(the check box).

Results: After you complete this exercise, you should have successfully added a co-administrator to your
Azure subscription.

Exercise 2: View Billing Data

 Task 1: View subscription usage
1. In Internet Explorer, at the top-right of the Microsoft Azure management portal, click your Microsoft
account name and then click View my bill. This opens a new tab in Internet Explorer.
2. If prompted, sign in using the Microsoft account credentials associated with your Azure subscription.

3. On the subscriptions page, click your subscription. Then review the summary of usage and billing
that is displayed.

 Task 2: View billing period

1. Click Download usage details.

2. In the Summary screen, click Download Usage.

3. When prompted, click Open.

4. Depending on the installed software on your local computer, the file opens in Microsoft Excel. Review
the information and then close Excel. Do not save the worksheet.
5. Close the current Internet Explorer tab.

Results: After you complete this exercise, you should have successfully viewed your Azure subscription
billing data.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-3

Module 2: Virtual Machines in Microsoft Azure

Lab: Create a Virtual Machine in Microsoft
Azure
Exercise 1: Create a Virtual Machine from the Gallery
 Task 1: Select and create a virtual machine
1. Sign in to the classroom computer.

2. In Internet Explorer, browse to http://azure.microsoft.com, click Portal, and then sign in by using
the Microsoft account that is associated with your Azure subscription. Close any initial welcome
messages.
3. At the top right, click your Microsoft account name, and then click Switch to new portal. Then, in
the new tab that is opened, close any initial welcome messages for the new portal.
4. In the bottom left pane, click + NEW.

5. In the NEW pane, click Windows Server 2012 R2 Datacenter.

6. In the CREATE VM pane, type server<your_initials>-10979 in the HOST NAME field.

7. In the USER NAME field, type server<initials>-admin.

8. In the PASSWORD field, type Moc1500!.

9. Click PRICING TIER, click A2 STANDARD, and then click Select.

10. Click OPTIONAL CONFIGURATION.

11. In the Optional Config pane, click STORAGE ACCOUNT, click Create a storage account, and then in
the Storage account pane, review settings and click OK.

12. In the Optional Config pane, click NETWORK, and then in the Network pane, review settings without
making changes. In the Network pane, click OK, and then in the Optional Config pane, click OK.

13. Click LOCATION, and then select region that is closest to you.
14. In the CREATE VM pane, click Create.

15. Wait for a few minutes to allow the virtual machine creation to proceed and the storage to be written
to your storage account.

 Task 2: Verify virtual machine creation

1. In the left pane, click BROWSE, and then click Virtual Machines.
2. Ensure that the virtual machine that you created shows a status of Running. If the status is not
Running, wait a few minutes until the status changes to Running.

Results: After completing this exercise, you will have created and verified a Microsoft Azure virtual
machine.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-4 Virtual Machines in Microsoft Azure

Exercise 2: Verify the Functionality of the Virtual Machine

 Task 1: View the properties of the virtual machine
1. In the Azure preview portal, click BROWSE in the left navigation pane.

2. In the Browse pane, click Virtual machines.

3. In the Virtual machines pane, click serveryour_initials-10979.

4. In the server-yourinitials-10979 pane, review available options.

5. Click HOME.
6. On the HOME pane, click AZURE PORTAL.

7. On the Microsoft Azure portal, click VIRTUAL MACHINES.

8. Click the serveryour_initials-10979 virtual machine.

9. Click the DASHBOARD tab and review the available information and settings.

10. Click the MONITOR tab and review the available information about virtual machine performance.

11. Click the ENDPOINTS tab. Review available options for configuring connections to the virtual
machine.

12. Click the CONFIGURE tab. Review the available options but do not make any changes to the virtual
machine.

 Task 2: Connect to a virtual machine

1. In the Azure portal, click your user account in top right corner, and then click Switch to new portal.
If the new portal is already open, just switch to Microsoft Azure tab in Internet Explorer.
2. In the Azure preview portal, click BROWSE, and then click Virtual Machines.

3. Click the server<initials>-10971 virtual machine, and then click CONNECT in the top of the right
pane.

4. In the Internet Explorer notification popup, click Save, and then click Open.
5. In the Remote Desktop Connection window, click Connect.

6. In the Windows Security dialog box:

a. In User Name, type server<initials>-admin.

b. In Password, type Moc1500!.

c. Click OK.

7. In the Remote Desktop Connection window, click Yes.

8. Navigate around the server configuration and evaluate basic functionality, such as Server Manager
and File Explorer.
9. When finished, click the X in the upper right corner of the Remote Desktop Connection session to
disconnect.

10. In the Remote Desktop Connection window, click OK.

Results: After completing this exercise, you will have established a connection to the virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals L2-5

Exercise 3: Attach a Data Disk

 Task 1: View virtual machine disks
1. In the left pane of the Azure preview portal, click BROWSE, and then click Virtual Machines.

2. Ensure that the virtual machine that you created shows a status of Running.
3. Click the virtual machine that you created earlier.

4. In the server<yourinitials>-10979 pane, click All settings, and then click Disks.

5. In the Disks pane, review the available information and ensure that you see only OS DISK.

 Task 2: Attach a data disk

1. In the Disks pane, review the available information and ensure that you see only OS DISK.

2. Click Attach New.

3. In the Attach a new disk pane, click STORAGE CONTAINER.

4. In the Choose a container pane, click CHOOSE STORAGE ACCOUNT.

5. In the Storage account pane, click server<yourinitials>-10979.

6. In the Choose a container pane, click CHOOSE CONTAINER.

7. In the Storage container pane, click vhds.

8. In the Choose a container pane, click OK.

9. In the Attach a new disk pane, type 5 in the SIZE (GB) text box, and then click OK.

10. Wait for up to one minute and ensure that in the Disks pane, a new disk with capacity of 5 GB is
displayed.
11. Scroll left and in the server<yourinitials>-10979 pane, click CONNECT.
12. In the Internet Explorer notification popup, click Save, and then click Open.

13. In the Remote Desktop Connection window, click Connect.

14. In the Windows Security dialog box:
a. In User Name, type server<initials>-admin.

b. In Password, type Moc1500!.

c. Click OK.

15. In the Remote Desktop Connection window, click Yes.

16. After you have signed in to the virtual machine, in the Server Manager console, click Tools, and then
select Computer Management.
17. In the Computer Management console, click Disk Management.

18. In the Initialize Disk window, click OK.

19. Review the available disks in the Disk Management right pane, and ensure that you have one OS disk,
one temporary disk, and one new disk with capacity of 5 GB.

20. Right-click the new disk volume and select New Simple Volume.

21. In the New Simple Volume Wizard, accept the default values on all pages, and click Finish on the last
page. Click Cancel if prompted to format the volume.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-6 Virtual Machines in Microsoft Azure

22. Close the Computer Management console.

23. Click the X in the upper right corner of the Remote Desktop Connection session to disconnect. In the
Remote Desktop Connection window, click OK.

Results: After completing this exercise, you will have attached a new disk to a virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-7

Module 3: Websites and Cloud Services

Lab: Websites and Cloud Services
Exercise 1: Create a WordPress Website
 Task 1: Create a website
1. Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and then sign in by
using the Microsoft account that is associated with your Azure subscription.

2. In the Azure portal, on the navigation pane, click WEBSITES.

3. Click NEW, and then click FROM GALLERY.

4. In the ADD WEB APP Wizard, on the Find Apps for Microsoft Azure page, click BLOGS.

5. In the A-Z list, click WordPress, and then click Next.

6. On the Configure Your App page, in the URL box, type AdatumBlog####, where #### is a unique
number. If your URL is unique, a green check mark displays.

7. Leave DATABASE and WEBSCALEGROUP configured with default values.

8. Select the appropriate REGION, and then click Next.

9. On the New MySQL Database page, accept the default name.

10. In the REGION list, click the appropriate region.

11. Select the I agree to ClearDB’s legal terms … check box, and then click Complete.

Note: Your website is created. This may take a few minutes.

 Task 2: Install WordPress

1. In the websites list, in the URL column, click the URL for your new website. Internet Explorer opens a
new tab and navigates to your new website.

2. On the WordPress website, in the languages list, click English (United States), and then click
Continue.

3. On the Welcome page, complete the Information needed section with the following information:

o Site Title: AdatumMyBlog#### (where #### is a unique number)

o Username: The email address associated with your Azure subscription.

o Password, twice: Pa$$w0rd

o Your E-mail: The email address associated with your Azure subscription.
4. Click Install WordPress.

 Task 3: Create a blog post

1. In Internet Explorer, on the Success webpage, click Log In.

2. In the Username box, type the email address associated with your Azure subscription.

3. In the Password box, type Pa$$w0rd.

4. Select the Remember Me check box, and then click Log In.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-8 Websites and Cloud Services

Note: If prompted by Internet Explorer to store the password for the website, click Not for
this site.

5. In the Dashboard, click Write your first blog post.

6. On the Add New Post page, in the Enter title here box, type Welcome to the Adatum Blog.
7. In the main text box, type Welcome to the Adatum blog.

8. Click Publish.

9. Click View Post. Your new post in displayed.

10. Close the current tab in Internet Explorer, and return to the Azure portal tab.

Results: After you complete this exercise, you will have successfully created and configured an Azure
website to support WordPress blogs.

Exercise 2: Create a Cloud Service

 Task 1: Create a cloud service
1. In the Azure portal, click NEW.
2. Click COMPUTE, click CLOUD SERVICE, and then click QUICK CREATE.

3. In the URL text box, type a valid unique cloud service name. For example, type AdatumWeb####,
where #### is a unique number. If the name is valid and unique, a green check mark displays.
4. In the REGION OR AFFINITY GROUP list, click your local region, and then click CREATE CLOUD
SERVICE.

 Task 2: Deploy a cloud service

1. In the Azure portal, in the NAME list, click your new cloud service.
2. In the results pane, click the CONFIGURE tab.

3. Click UPLOAD A NEW PRODUCTION DEPLOYMENT.

4. In the Upload a package dialog box, in the DEPLOYMENT LABEL box, type Adatum App ####
(where #### is the same number you typed earlier).

5. Next to the PACKAGE box, click FROM LOCAL.

6. Navigate to C:\Labfiles, and double-click AdatumAds.cspkg.

7. Next to the CONFIGURATION box, click FROM LOCAL.

8. Navigate to C:\Labfiles, and double-click ServiceConfiguration.Cloud.cscfg.

9. Select both check boxes, and then click OK.

Note: Deployment begins. This could take 10 to 15 minutes.

10. When deployment is finished, click the SCALE tab.

11. Under adatumadswebrole, adjacent to SCALE BY METRIC, click CPU.

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals L3-9

12. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

13. Drag the TARGET CPU slider bar so that the maximum is 90.

14. Under adatumadsworkerrole, adjacent to SCALE BY METRIC, click CPU.

15. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

16. Drag the TARGET CPU slider bar so that the maximum is 90.

17. Click SAVE.

 Task 3: Verify a cloud service

Note: It might take a few minutes for your website to display.

1. On the SCALE page, in the navigation pane, click CLOUD SERVICES.

2. In the list of cloud services, in the URL column, click the URL for your cloud service.

3. The Adatum Ads webpage displays.

Note: The app is for demonstration purposes and is not completely functional.

4. Close the Adatum Ads Home Page tab.

5. Close Internet Explorer.

Results: After you complete this exercise, you will have successfully created, deployed, and configured an
Azure cloud service.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L4-11

Module 4: Virtual Networks

Lab: Create a Virtual Network
Exercise 1: Creating a Virtual Network
 Task 1: Create a virtual network
1. Sign in to the Azure management portal on https://manage.windowsazure.com.

2. In the left navigation page, scroll down and click NETWORKS.

3. Check if there are virtual networks already created. You might find some virtual networks that were
created in a previous module.

4. In the lower left corner of the screen, click NEW. In the navigation pane, click NETWORK SERVICES,
and then click VIRTUAL NETWORK.
5. Click CUSTOM CREATE to begin the configuration wizard.
6. In the CREATE A VIRTUAL NETWORK Wizard, on the Virtual Network Details page, type VNET1 in
the NAME text box.

7. In the LOCATION drop-down list, click West US. Click the arrow in the lower right corner.

Note: If you do not have West US as available region, choose the region that is closest
to you.

8. On the DNS Servers and VPN Connectivity page, review the available options, but do not make any
changes. Click the forward arrow in the lower right corner.

9. On the Virtual Network Address Spaces page, in the ADDRESS SPACE section, under STARTING
IP, type 192.168.0.0.

10. In the CIDR (ADDRESS COUNT) drop-down list, click /24 (256).

11. In the SUBNETS section, click add subnet and ensure that Subnet-2 is added.
12. Click add address space. In the second address space that is added, under STARTING IP, type
172.16.0.0.

13. In the CIDR (ADDRESS COUNT) drop-down list, choose /16 (65536).
14. Click the checkmark in the lower right corner to finish the wizard and create a virtual network. It will
take a few minutes for the network to be created.

Results: After completing this exercise, you will have created a new virtual network.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-12 Virtual Networks

Exercise 2: Creating Virtual Machines from the Gallery

 Task 1: Create a virtual machine
1. Browse to https://portal.azure.com, click Get Started on the Welcome to Microsoft Azure page
(if it appears), and then sign in by using the Microsoft account that is associated with your Microsoft
Azure subscription. Close any initial welcome messages, if they appear.

2. In the bottom left pane, click + NEW.

3. In the NEW pane, click Windows Server 2012 R2 Datacenter.

4. In the CREATE VM pane, type Server1 in HOST NAME.

5. Type server1-admin in USER NAME.

6. Type Moc1500! in the PASSWORD field.

7. For the PRICING TIER, ensure that Basic A1 is selected.

8. Click OPTIONAL CONFIGURATION.

9. In the Optional Config pane, click NETWORK, and then click VIRTUAL NETWORK.

10. In the Virtual Network pane, under Use an existing virtual network, select VNET1. Click OK on the
Network pane, and then click OK on the Optional Config pane.
11. On the CREATE VM pane, click Create.
12. Wait a couple of minutes to allow the virtual machine (VM) creation to finish.

 Task 2: Create a second virtual machine

1. In the bottom left pane in the Azure preview portal, click + NEW.
2. In the NEW pane, click Windows Server 2012 R2 Datacenter.

3. In the CREATE VM pane, type Server2 in HOST NAME.

4. Type server2-admin in USER NAME.

5. Type Moc1500! in the PASSWORD field.

6. For the PRICING TIER, ensure that Basic A1 is selected.

7. Click OPTIONAL CONFIGURATION.

8. In the Optional Config pane, click NETWORK, and then click VIRTUAL NETWORK.
9. In the Virtual Network pane, under Use an existing virtual network, select VNET1. Click OK on the
Network pane, and then click OK on the Optional Config pane.

10. On the CREATE VM pane, click Create.

11. Wait a couple of minutes to allow the VM creation to finish.

Note: While the virtual machines are provisioning, you can start working on Exercise 3,
Task 1 to save some time. After the virtual machines have provisioned, you can perform task 3
from this exercise.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals L4-13

 Task 3: Test virtual network connectivity

1. In the left pane of the Azure preview portal, click BROWSE, and then click Virtual Machines.

2. Ensure that the virtual machine that you created shows a status of Running. If the status is not
Running, wait a few minutes until the status changes to Running.
3. Click the Server1 VM, and then click CONNECT in the top of the left pane.

4. In the Internet Explorer notification popup, click Save, and then click Open.

5. In the Remote Desktop Connection window, click Connect.

6. In the Windows Security dialog box, click Use another account, and then use the following data to
connect:

o Type server1-admin in User name.

o Type Moc1500! in Password.

o Click OK.

7. In the Remote Desktop Connection window, click Yes. Minimize the Server1 window.

8. Repeat steps 1 through 7 for the Server2 machine (use server2-admin as the user name).
9. On the Server1 machine, note the Internal IP value shown on the desktop.

10. Switch to the Server2 machine and note the Internal IP value shown on the desktop.
11. On the Server2 machine, open File Explorer, in the left pane, right-click Network, and then click
Properties.

12. In the Network and Sharing Center window, click Change advanced sharing settings.
13. In the Advanced sharing settings window, under the Guest or Public section, below the File and
printer sharing section, click Turn on file and printer sharing, then click Save changes.

14. Close the Network and Sharing Center window.

15. On the Server1 machine, open File Explorer, in the address bar, type \\IPaddressofServer2, and
then press Enter.

Note: You should type the IP address of Server2 after \\.

16. On the Windows Security window, enter user name server2-admin and password Moc1500!, and
then click OK. Ensure that the server opens (it will be an empty window), which confirms that your
servers can communicate via virtual network VNET1.

Results: After completing this exercise, you will have created two new virtual machines and assigned them
to VNET1.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-14 Virtual Networks

Exercise 3: Add Point-to-Site Connectivity

 Task 1: Add point-to-site connectivity
1. Open the Azure management portal at https://manage.windowsazure.com.

2. In the left navigation page, click NETWORKS.

3. In the central pane, click VNET1.

4. Click the CONFIGURE tab.

5. In the point-to-site connectivity section, click the option Configure point-to-site connectivity.
6. Click SAVE in the lower part of the screen, and then click YES.

7. Wait for a few minutes for the network to be updated.

8. Click the VNET1 network, and then click the CONFIGURE tab.
9. Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section.
Ensure that 10.0.0.0/24 is selected.

10. Open File Explorer and create the C:\temp folder if it does not exist.
11. On your classroom computer machine, open the Developer Command Prompt for VS2013 as
administrator. If you cannot find this shortcut by using the Start pane, browse to
C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools\Shortcuts.
12. In the Command Prompt window, type makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a
sha1 -len 2048 -ss My "C:\temp\VNET1Cert.cer", and then press Enter. Do not close the command
prompt window.

13. Open File Explorer, navigate to C:\temp, and then ensure that the VNET1Cert certificate file is
created.
14. Switch back to the Azure management portal, and then click the CERTIFICATES tab on VNET1 portal.

15. Click UPLOAD A ROOT CERTIFICATE.

16. In the Upload Certificate window, click BROWSE FOR FILE.

17. In the Choose File to Upload window, browse to C:\temp, select the VNET1Cert file, and then click
Open.

18. Click the checkmark icon to upload a certificate.

19. Ensure that the certificate appears in the Azure portal.

20. Restore the Command Prompt window. Type the following command: makecert.exe -n
"CN=VNET1Client" -pe -sky exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1. Press Enter.

21. Switch back to the Azure portal, and then, in the VNET1 configuration pane, click the DASHBOARD
tab.

22. Click CREATE GATEWAY and when prompted, click YES. Wait until the gateway is created.

Note: This might take up to 15 minutes. At this point, you can go back and verify if virtual
machines from Exercise 2 are created and running. If they are, you can perform Task 3 from
Exercise 2.

23. In the Azure portal, click Networks, click VNET1, and then in the quick glance section of the
Dashboard page, click Download the 64-bit Client VPN Package.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals L4-15

24. When prompted, save the file to the C:\temp location. The name of the file will be similar to
“1c586c97-442b-4c85-9ea6-45a5d0c5d3a1. exe”. Close the warning prompt if it appears.

25. After the file downloads, navigate to C:\temp, right-click the file that you just downloaded, and then
click Properties.
26. In the Properties window, click Unblock, and then click OK.

27. Double-click the file. In the User Account Control window (if it appears), click Yes.

28. In the VNET1 window, click Yes and wait until the virtual private network (VPN) client installs.
29. On your classroom machine, click the network icon in the taskbar. In the connection pane, click
VNET1, and then click Connect.

30. In the VPN client window, click Connect, and then click Continue on the prompt window. Click Yes
in the User Account Control prompt window if it appears.

31. Ensure that the connection is established.

32. Open Command Prompt.
33. In the Command Prompt window, type ipconfig, and then press Enter.

34. Look for the Point-to-Point Protocol (PPP) adapter in the VNET1 section. Ensure that you have the IP
address from the 10.0.0.0/24 scope.
35. Open File Explorer, in the address bar, type \\IPaddressofServer2\C$, and then press Enter.

Note: You should type the IP address of Server2 after \\.

36. In the Windows Security window, enter the user name server2-admin and the password Moc1500!,
and then click OK. Ensure that the C drive of the Server2 opens, which confirms that your computer
can communicate by using a point-to-site VPN connection.
37. On your classroom machine, click the network icon in the taskbar. In the connection pane, click
VNET1, and then click Disconnect. Finally, close all Remote Desktop Connection sessions and
Internet Explorer.

Results: After completing this exercise, you will have established a point-to-site connectivity.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L5-17

Module 5: Cloud Storage

Lab: Configure Azure Storage
Exercise 1: Create an Azure Storage Account
 Task 1: Create a storage account in Azure
1. On the host computer, click Start, and then click the Internet Explorer icon.

2. In Internet Explorer, browse to the Azure management portal at https://portal.azure.com.

3. Sign in to your Azure account.

4. If a welcome window appears, click Get Started to close it.

5. In the bottom pane, on the left side, click + NEW.

6. In the New popup menu, click Everything.

7. Click Storage, cache, + backup, in the popup blade, under Storage and Cache, click Storage.
8. In popup Storage blade, click Create.

9. In the far right pane, in STORAGE, type 10979s<yourinitials>.

Note: Replace <initials> with your own initials. For example, if your name is Margo Ayers,
then the URL would be 10979sma. If the name is already in use, add a number after your initials
until the name is accepted. For the remainder of the demonstrations, use your initials in place of
<initials>.

10. Click PRICING TIER. In the Recommend pricing tiers, click L(LRS), and then click Select.
11. Click LOCATION. If the selected location is not the closest location to you, or a location is not
selected, click the location closest to you.
12. At the bottom of the Storage account pane, click Create to complete the creation. It might take few
minutes for the storage account to be created.

 Task 2: View the properties of your storage account

1. In the Azure portal, in the left pane, click BROWSE, and then click Storage.
2. In the Storage pane, click the 10979s<initials> storage account.

3. In the 10979s<initials> pane, view the information available on the dashboard.

4. In the 10979s<initials> pane, click SETTINGS, and then click Properties to view the properties of the
storage account.

5. Review the available properties of your storage account.

6. Close the Properties pane, close the Settings pane and leave the storage pane open.

Results: After you complete this exercise, you will have created your Azure storage.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-18 Cloud Storage

Exercise 2: Create and Manage Blobs

 Task 1: Add a container
1. In the Storage pane, click Containers.

2. In the Containers pane, click Add +.

3. In the Add a container pane, type 10979c<initials> in the NAME text box.

If the name is already in use, add a number after your initials until the name is accepted.

4. In the Access type settings, click Blob, and then click OK to complete the creation of the new
container.

5. Click the X icon in the upper right corner of the Containers pane to close it.

 Task 2: Add data to the container by using Azure Web Storage Explorer
1. In the 10979s<initials> pane, click KEYS.
2. In the Manage keys pane, copy the access key shown in PRIMARY ACCESS KEY to the clipboard.

3. Click the File Explorer icon on the taskbar.

4. In File Explorer, in the navigation pane, click Documents.

5. In the right pane, right-click an empty area, click New, and then click Text Document.

6. In the file name, replace New Text Document with storage-key, and then press Enter.

7. Double-click storage-key.txt. The file will open in Notepad. In Notepad, paste the access key that
you copied to the Clipboard in step 2 into the file.

8. Click File, and then click Save.

9. Close Notepad.

10. In the Manage keys pane, click the X to close the pane.

11. In Internet Explorer, press CTRL+N to open a new browser window.

12. In the Internet Explorer Address bar, type http://azurestorage.azurewebsites.net/login.aspx, and

then press Enter.

13. On the Azure Web Storage Explorer page, in Account, type 10979s<initials>, paste your access
key into the Key box, and then press Enter.

14. Click 10979c<initials>.

15. Click Browse.

16. In the Choose File to Upload window, double-click Computer, double-click Local Disk (C:), double-
click Windows, scroll down, and then double-click the media folder.

17. Click Alarm01.wav, and then click Open.

18. Click the Upload button to upload Alarm01.wav.
19. Click Browse.

20. In the Choose File to Upload window, double-click Computer, double-click Local Disk (C:), double-
click Program Files, double-click Internet Explorer, and then double-click the images folder.

21. Scroll down, click splashscreen.contrast-white_scale-180.png, and then click Open.

22. Click the Upload button to upload splashscreen.contrast-white_scale-180.png.

MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals L5-19

23. In the file list, click http://10979s<initials>.blob.core.windows.net/10979c<initials>

/splashscreen.contrast-white scale-180.png, and verify that you see a large Internet Explorer logo
graphic display in the browser window.

24. Close Internet Explorer.

Results: After completing this exercise, you will have created a blob container and uploaded the data.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L6-21

Module 6: Microsoft Azure Databases

Lab: Create a SQL Database in Azure
Exercise 1: Create a New SQL Database in Azure and Configure SQL Server
Firewall Rules
 Task 1: Create a new SQL database by using the preview Azure portal
1. Ensure that you are signed in to the classroom computer.

2. Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and then sign in by
using the Microsoft account that is associated with your Azure subscription.

3. At the top right, click your Microsoft account name, and then click Switch to new portal.

4. In the Hub vertical menu on the left, click New.

5. On the New blade, scroll down to and click the SQL Database entry.

6. In the SQL database blade, in the NAME box, type testDB.

7. Click SERVER, and then in the Server blade, click Create a new server.
8. In the New server blade, enter the following settings, and then click OK:

o SERVER NAME: Any valid unique name

o SERVER ADMIN LOGIN: Student

o PASSWORD: Pa$$w0rd

o CONFIRM PASSWORD: Pa$$w0rd

o LOCATION: Any available region

9. Click the SELECT SOURCE section and then click Blank Database.

10. Click the PRICING TIER section, click the B Basic pricing tier, and then click Select.
11. In the SQL database blade, click RESOURCE GROUP, and then in the Resource group blade, click
Create a new resource group.

12. In the Create resource group blade, in the NAME box, type testRG, and then click OK.

13. In the SQL database blade, ensure that Add to Startboard is selected, and then click Create. Then
wait for the SQL Database to be created.

 Task 2: Configure a SQL Server firewall rule by using Azure portal

1. In Internet Explorer, switch to the tab containing the Azure portal.

2. In the service pane on the left, click SQL DATABASES, and then verify that the testDB database you
created in the new portal is listed.

3. On the sql databases page, click SERVERS, and then verify that the uniquely named server you
created in the previous task is listed.

4. Click the server name, and then click CONFIGURE.

5. Note the CURRENT CLIENT IP ADDRESS, and click the ADD TO THE ALLOWED IP ADDRESSES
icon. At the bottom of the page, click Save.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-22 Microsoft Azure Databases

6. Click the new allowed ip addresses entry and change it to a more descriptive name that will allow
you to identify it in the future.

7. At the bottom of the page, click SAVE.

Exercise 2: Add Data to a SQL Database in Azure by Using SQL Server

Management Studio
 Task 1: Add a table to a SQL database in Azure by using SQL Server Management
Studio
1. On your classroom computer, start SQL Server Management Studio, and in the Connect to Server
dialog box, specify the following settings (replacing server_name with the unique name you specified
when creating your SQL Database server), and then click Connect:

o Server type: Database Engine

o Server name: server_name.database.windows.net

o Authentication: SQL Server Authentication

o Login: Student
o Password: Pa$$w0rd

2. If the connection attempt fails indicating that the client IP address is not allowed to access the server,
note the IP address on the error message. Next, switch to Internet Explorer, on the server page, click
ADD TO THE ALLOWED IP ADDRESSES, and then add the IP address you noted. Click Save and
connect again. Note that it might take up to five minutes for this change to take effect.

3. In SQL Server Management Studio, in Object Explorer, under the server name, expand Databases,
and then verify that the testDB database is listed.

4. Expand the testDB database, right-click its Tables folder, and then click New Table.

Note: This opens a Transact-SQL template that you can use to create a table. SQL Server
Management Studio has no graphical tools for creating SQL database objects in Azure.

5. Replace all Transact-SQL code in the template with the following code.

CREATE TABLE dbo.testTable

(
id integer identity primary key,
dataval nvarchar(50)
);
GO

6. On the toolbar, in the Available Databases list, ensure that testDB is selected, and then click
Execute.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals L6-23

7. In Object Explorer, expand the Tables folder and verify that dbo.testTable is listed (if not, right-click
Tables and click Refresh).

8. Leave the SQL Server Management Studio open for the next task.

 Task 2: Add data to a table of a SQL database in Azure by using SQL Server
Management Studio
1. Click New Query and enter the following Transact-SQL code in the new query pane. This code inserts
100 rows containing automatically generated globally unique identifier (GUID) values into the table.

INSERT INTO dbo.testTable

VALUES
(newid());
GO 100

2. On the toolbar, in the Available Databases list, ensure that testDB is selected. Click Execute.

3. Leave the SQL Server Management Studio open for the next task.

 Task 3: Query a table of a SQL database in Azure by using SQL Server Management
Studio
1. In Object Explorer, right-click dbo.testTable, point to Script Table as, point to SELECT To, and then
click New Query Editor Window. This generates a Transact-SQL query that retrieves data from the
table.
2. On the toolbar, in the Available Databases list, ensure that testDB is selected, and then click
Execute.
3. View the query results and verify that a table of id and dataval values is returned.

4. Close SQL Server Management Studio and Internet Explorer.

Module 7: Azure Active Directory

Lab: Create Users in Azure Active Directory
Exercise 1: Create an Azure AD Directory
 Task 1: Create an Azure AD directory
1. Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and then sign in by
using the Microsoft account that is associated with your Azure subscription.

2. In the navigation panel on the left, click ACTIVE DIRECTORY.

3. Click +NEW.

4. Click DIRECTORY.

5. Click CUSTOM CREATE.

6. In the Add directory dialog box, enter the following settings, and then select the Complete check
box:

o DIRECTORY: Create new directory

o NAME: Adatum
o DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g.
adatum123456); if you see a The domain is not unique message, change the numbers until you
see a green checkmark.
o COUNTRY OR REGION: United States

Results: After completing this exercise, you will have created a new Microsoft Azure Active Directory
(Azure AD) directory by using the Azure portal.

Exercise 2: Create Users in Azure Active Directory

 Task 1: Create users in an Azure AD directory
1. Click Adatum.
2. Click USERS.

3. Click ADD USER.

4. In the Tell us about this user dialog box, enter the following settings, and then click Next:
o TYPE OF USER: New user in your organization

o USER NAME: deanna

5. In the user profile dialog box, enter the following settings, and then click Next:

o FIRST NAME: Deanna

o LAST NAME: Ball

o DISPLAY NAME: Deanna Ball

MCT USE ONLY. STUDENT USE PROHIBITED
L7-26 Azure Active Directory

o ROLE: User

o Enable Multi-Factor Authentication: Not selected

6. Click create.

7. On the Get temporary password page, note the value for NEW PASSWORD; as a backup, in the
SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription.

8. Select the Complete check box.

9. Click ADD USER.

10. In the Tell us about this user dialog box, enter the following settings, and then click Next:

o TYPE OF USER: New user in your organization

o USER NAME: kari

11. In the user profile dialog box, enter the following settings, and then click Next:

o FIRST NAME: Kari

o LAST NAME: Tran

o DISPLAY NAME: Kari Tran

o ROLE: Global Administrator

o ALTERNATE EMAIL ADDRESS: type the email address of your Azure subscription
o Enable Multi-Factor Authentication: Not selected

12. Click create.

13. On the Get temporary password page, note the value for NEW PASSWORD; as a backup, in the
SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription.

14. Click Complete (check mark).

 Task 2: Add a Microsoft account to an Azure AD directory

1. Click ADD USER.
2. In the Tell us about this user dialog box, enter the following settings, and then click Next:

o TYPE OF USER: User with an existing Microsoft account

o MICROSOFT ACCOUNT: type the name of an existing Microsoft account that the instructor
provided

3. In the user profile dialog box, enter the following settings:

o FIRST NAME: Leave blank

o LAST NAME: Instructor

o DISPLAY NAME: Instructor

o ROLE: User
4. Click the checkmark in the lower right corner of the user profile dialog box.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals L7-27

 Task 3: Configure a user account as a Global Administrator of an Azure AD directory

1. In the Adatum directory, on the USERS tab, in the DISPLAY NAME column, click the Instructor
entry.

2. Make sure that the content of the PROFILE tab is displayed. Scroll down to the role section.
3. In the ORGANIZATIONAL ROLE list box, select Global Administrator.

4. Click SAVE.

5. Click the left arrow in the navigation pane to return to the main page of the Adatum Azure AD
directory.

 Task 4: View Azure AD directory users and administrators

1. Ensure that the USERS tab of the Adatum Azure AD page is selected.

2. Note that this allows you to view the list of user display names, user names, and the account type,
which in our case should include Windows Azure Active Directory or Microsoft Account.
3. To view all members of built-in Azure AD organizational roles, click MANAGE MULTI-FACTOR
AUTH.

4. If prompted to sign in, on the Sign-in page, use the Microsoft account that is associated with your
Azure subscription.

5. On the multi-factor authentication page, note that, by default, you can see all Sign-in allowed
users.
6. In the View drop-down list, select Global Administrators.

7. Verify that you can see all users that have been assigned the Global Administrator role.
8. Close Internet Explorer.

Module 8: Microsoft Azure Management Tools

Lab: Using Microsoft Azure Management
Tools
Exercise 1: Use the Azure PowerShell Modules
 Task 1: Install the Windows PowerShell Azure module
1. If necessary, sign in to your local computer.

2. Open Internet Explorer and navigate to http://azure.microsoft.com/en-us/downloads/.

3. On the Downloads webpage, and under Command-line tools, locate Windows PowerShell.

4. Beneath Windows PowerShell, click Install.

5. When prompted Do you want to run or save WindowsAzurePowerShell.3f.3f.3fnew.exe, click
Run.

Note: The actual filename might vary.

6. If prompted by User Account Control, click Yes.

7. In the Web Platform Installer 5.0 Wizard, click Install.

8. In the Web Platform Installer 5.0 dialog box, click I Accept.

9. When the installation is complete, click Finish. Leave the Web Platform Installer 5.0 window open.

 Task 2: Connect to your Azure subscription

1. On the task bar, right-click Windows PowerShell, and click Run ISE as Administrator. Click Yes
when prompted.

2. In the PowerShell ISE, in the command prompt pane, enter the following command to add an Azure
account to the local PowerShell environment.

Add-AzureAccount

3. When prompted, sign in by using the Microsoft account associated with your Azure subscription.

 Task 3: Use Azure PowerShell cmdlets

1. In the Windows PowerShell ISE, in the command prompt pane, enter the following command to view
the Azure accounts in your local Windows PowerShell environment, and verify that your account is
listed:

Get-AzureAccount

2. Enter the following command to view the subscriptions that are connected to the local PowerShell
session, and verify that your subscription is listed.

Get-AzureSubscription
MCT USE ONLY. STUDENT USE PROHIBITED
L8-30 Microsoft Azure Management Tools

Note: If you have more than one subscription, you must select the Azure Pass subscription.
Run the following command:
select-azuresubscription -subscriptionName "Azure Pass"

3. Enter the following command to create a new website. Substitute the #### with a random number.

New-AzureWebsite MySite####

Tip: You can use the Test-AzureName –Website cmdlet to check for an unused name.

4. Enter the following command to view your new website. Substitute the #### with the number you
used in step 3.

get-AzureWebsite MySite####

5. Do not close the Windows PowerShell ISE.

6. In Internet Explorer, open a new tab and browse to http://azure.microsoft.com, click Portal, and
then sign in using the Microsoft account that is associated with your Azure subscription.

7. In the navigation pane on the left, click WEBSITES, and verify that your new website has been
created.

8. Close the portal tab, but leave Internet Explorer open.

Results: After you complete this exercise, you will have successfully installed and used the Windows
PowerShell module for Microsoft Azure.

Exercise 2: Use the Azure Cross-Platform Command-Line Interface

 Task 1: Install the Microsoft Azure cross-platform command-line tools
1. Switch to the Web Platform Installer 5.0 window.

Note: If you accidentally closed the Web Platform Installer 5.0 window, switch to Start, and
then click Web Platform Installer 5.0.

2. Click the Products tab.

3. In the list, next to Microsoft Azure cross-platform command-line tools, click Add, and then click
Install.

4. In the Web Platform Installer 5.0 dialog box, click I Accept.

5. When the installation has completed, click Finish.

6. In the Web Platform Installer 5.0 window, click Exit.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft Azure Fundamentals L8-31

 Task 2: Use the Microsoft Azure cross-platform command-line tools

1. Close Windows PowerShell ISE.

2. On the task bar, right-click Windows PowerShell, and click Run ISE as Administrator. Click Yes
when prompted.
3. At the command prompt, type the following command, and then press Enter. This command
downloads the credentials that you need to connect to your Azure subscription.

Azure account download

Note: If you are prompted, sign in to your Azure subscription.

4. Internet Explorer is opened and you are prompted to download a file. This is your published settings
file. Click the down arrow next to Save, and then click Save As.
5. In the Save As dialog box, in the navigation pane, double-click Local Disk (C:), double-click Labfiles,
and then click Save.

6. Switch to Administrator: Windows PowerShell ISE.

7. At the command prompt, type the following command. This command imports the credentials that
you need to connect to your Azure subscription.

Note: When you type C:\labfiles\, Intellisense prompts you to select a file. Click the file you
created earlier and press Tab.

Azure account import C:\labfiles\

8. Press Enter to complete the import command.

9. At the command prompt, type the following command, and then press Enter.

Azure site list

10. At the command prompt, type the following command, and then press Enter. Substitute the ####
with the number you used in the last lesson to create your website.

Azure site stop MySite####

MCT USE ONLY. STUDENT USE PROHIBITED
L8-32 Microsoft Azure Management Tools

 Task 3: To prepare for the end of the course

1. Switch to the Windows PowerShell ISE.

2. Enter the following command to shut down any Azure websites that you are running.

Get-AzureWebsite | stop-AzureWebsite

3. Enter the following command to shut down any Azure services that you are running.

Get-AzureService | stop-AzureService

4. Close the Windows PowerShell ISE.

Results: After completing this exercise, you will have installed and used the Microsoft Azure cross-
platform command-line tools successfully.

Atlas of Endoscopic Ultrasonography 2nd Edition Instant DOCX Download
100% (14)
Atlas of Endoscopic Ultrasonography 2nd Edition Instant DOCX Download
14 pages
PF Application Form PDF
67% (3)
PF Application Form PDF
2 pages
Complete Download Selling in a Crisis: 55 Ways to Stay Motivated and Increase Sales in Volatile Times Jeb Blount PDF All Chapters
100% (2)
Complete Download Selling in a Crisis: 55 Ways to Stay Motivated and Increase Sales in Volatile Times Jeb Blount PDF All Chapters
47 pages
[FREE PDF sample] Nonlinear Systems in Heat Transfer Davood Domiri Ganji ebooks
100% (4)
[FREE PDF sample] Nonlinear Systems in Heat Transfer Davood Domiri Ganji ebooks
39 pages
Ansi MH1-2016
No ratings yet
Ansi MH1-2016
276 pages
20764C ENU TrainerHandbook
100% (1)
20764C ENU TrainerHandbook
532 pages
20466D ENU TrainerHandbook
No ratings yet
20466D ENU TrainerHandbook
450 pages
SAP SD S4 - Hana CVI
No ratings yet
SAP SD S4 - Hana CVI
64 pages
20778C ENU TrainerHandbook
100% (2)
20778C ENU TrainerHandbook
218 pages
10978A-ENU-TrainerHandbook
No ratings yet
10978A-ENU-TrainerHandbook
336 pages
10969B ENU TrainerHandbook
No ratings yet
10969B ENU TrainerHandbook
616 pages
20480A ENU TrainerHandbook
0% (2)
20480A ENU TrainerHandbook
627 pages
Module 21 - Consumer Protection - 014220
No ratings yet
Module 21 - Consumer Protection - 014220
198 pages
bamboo-systems-gha-ltd-terms-and-conditions
No ratings yet
bamboo-systems-gha-ltd-terms-and-conditions
11 pages
Giv Afm
100% (2)
Giv Afm
928 pages
The Making of a Modern Temple and a Hindu City: Kalighat and Kolkata Deonnie Moodie - Download the entire ebook instantly and explore every detail
No ratings yet
The Making of a Modern Temple and a Hindu City: Kalighat and Kolkata Deonnie Moodie - Download the entire ebook instantly and explore every detail
42 pages
Android Hacker s Handbook 1st Edition Joshua J. Drake download
No ratings yet
Android Hacker s Handbook 1st Edition Joshua J. Drake download
47 pages
21st Century Global Health Diplomacy instant download
No ratings yet
21st Century Global Health Diplomacy instant download
36 pages
PDF Glamour of Grammar A Guide to the Magic and Mystery The download
100% (1)
PDF Glamour of Grammar A Guide to the Magic and Mystery The download
13 pages
DP 100T01A ENU TrainerHandbook
No ratings yet
DP 100T01A ENU TrainerHandbook
146 pages
10967A ENU TrainerHandbook
100% (4)
10967A ENU TrainerHandbook
560 pages
Canon G4200 Manual - G4000ser - OnlineManual - Mac - EN - V01
No ratings yet
Canon G4200 Manual - G4000ser - OnlineManual - Mac - EN - V01
465 pages
1500-Lb. 120 Volt AC Electric Winch: Owner's Manual
No ratings yet
1500-Lb. 120 Volt AC Electric Winch: Owner's Manual
15 pages
10979F ENU TrainerHandbook
No ratings yet
10979F ENU TrainerHandbook
214 pages
flotherm_11_1_new_functionality
No ratings yet
flotherm_11_1_new_functionality
17 pages
Construction Proposal - Demolition
No ratings yet
Construction Proposal - Demolition
2 pages
Complete Download Nuclear Reactor: Physics and Engineering 1st Edition John C. Lee PDF All Chapters
100% (1)
Complete Download Nuclear Reactor: Physics and Engineering 1st Edition John C. Lee PDF All Chapters
62 pages
Leak Detection & Automatic Water Shut-Off System Installation and Operating Manual
No ratings yet
Leak Detection & Automatic Water Shut-Off System Installation and Operating Manual
2 pages
ASD 14 Service & Installation Manual
80% (10)
ASD 14 Service & Installation Manual
210 pages
RSG909R Hardware-Installation-Guide EN
No ratings yet
RSG909R Hardware-Installation-Guide EN
52 pages
10961C ENU Companion
No ratings yet
10961C ENU Companion
156 pages
10979A ENU Companion PDF
No ratings yet
10979A ENU Companion PDF
91 pages
Deviceinstaller User Guide: Part Number 900-310 Revision A 11/03
No ratings yet
Deviceinstaller User Guide: Part Number 900-310 Revision A 11/03
34 pages
2024 Q3 Colliers Singapore Industrial Market Report
No ratings yet
2024 Q3 Colliers Singapore Industrial Market Report
4 pages
Jhon Sales Contract
No ratings yet
Jhon Sales Contract
9 pages
Client Side Operation
No ratings yet
Client Side Operation
27 pages
Fina Soft
No ratings yet
Fina Soft
37 pages
20532D ENU TrainerHandbook
No ratings yet
20532D ENU TrainerHandbook
240 pages
20762C ENU TrainerHandbook PDF
100% (1)
20762C ENU TrainerHandbook PDF
636 pages
20466C ENU TrainerHandbook
No ratings yet
20466C ENU TrainerHandbook
438 pages
Instructions: 1) Part A Is Compulsory: 2) Answer Any FIVE Questions From Part B
No ratings yet
Instructions: 1) Part A Is Compulsory: 2) Answer Any FIVE Questions From Part B
3 pages
20764C ENU Companion PDF
No ratings yet
20764C ENU Companion PDF
192 pages
20487B ENU Companion
No ratings yet
20487B ENU Companion
211 pages
10990C ENU TrainerHandbook
No ratings yet
10990C ENU TrainerHandbook
374 pages
Page 1 of 1
No ratings yet
Page 1 of 1
1 page
20533C ENU TrainerHandbook
100% (1)
20533C ENU TrainerHandbook
588 pages
SAP Authorization - and Role
No ratings yet
SAP Authorization - and Role
15 pages
Simson Strong Wall Design Manual
100% (1)
Simson Strong Wall Design Manual
84 pages
20331B ENU TrainerHandbook
0% (1)
20331B ENU TrainerHandbook
564 pages
Curs Microsoft
No ratings yet
Curs Microsoft
695 pages
20464C ENU TrainerHandbook PDF
100% (1)
20464C ENU TrainerHandbook PDF
438 pages
20765C ENU TrainerHandbook
No ratings yet
20765C ENU TrainerHandbook
348 pages
20462D ENU TrainerHandbook PDF
100% (1)
20462D ENU TrainerHandbook PDF
500 pages
Loctite LB 8504: Technical Data Sheet
No ratings yet
Loctite LB 8504: Technical Data Sheet
2 pages
20765A ENU TrainerHandbook
0% (1)
20765A ENU TrainerHandbook
228 pages
20744B ENU Companion
No ratings yet
20744B ENU Companion
192 pages
24 e 2 We
No ratings yet
24 e 2 We
562 pages
20740B ENU TrainerHandbook
100% (1)
20740B ENU TrainerHandbook
614 pages
AZ 400T00A ENU TrainerHandbook
No ratings yet
AZ 400T00A ENU TrainerHandbook
713 pages
10135B ENU TrainerHandbook
No ratings yet
10135B ENU TrainerHandbook
817 pages
10987C 02
No ratings yet
10987C 02
27 pages
20464D ENU TrainerHandbook
No ratings yet
20464D ENU TrainerHandbook
450 pages
20331A ENU TrainerHandbook
No ratings yet
20331A ENU TrainerHandbook
566 pages
20741B ENU TrainerHandbook
No ratings yet
20741B ENU TrainerHandbook
568 pages
20761B-ENU-TrainerHandbook Querying
100% (1)
20761B-ENU-TrainerHandbook Querying
526 pages
203452A ENU TrainerHandbook PDF
100% (1)
203452A ENU TrainerHandbook PDF
584 pages
10324A-EnU MEDV TrainerHandbook
100% (2)
10324A-EnU MEDV TrainerHandbook
824 pages
10987C 05
No ratings yet
10987C 05
25 pages
20462C ENU TrainerHandbook PDF
No ratings yet
20462C ENU TrainerHandbook PDF
448 pages
10979C ENU TrainerHandbook
No ratings yet
10979C ENU TrainerHandbook
166 pages
Innerpages Students Corner Previous Exam Papers BSIT Jun 2013 PDF
No ratings yet
Innerpages Students Corner Previous Exam Papers BSIT Jun 2013 PDF
53 pages
10964C ENU TrainerHandbook PDF
100% (2)
10964C ENU TrainerHandbook PDF
688 pages
Form 10C Revised
No ratings yet
Form 10C Revised
4 pages
20465D ENU TrainerHandbook PDF
No ratings yet
20465D ENU TrainerHandbook PDF
290 pages
20743C ENU Companion
No ratings yet
20743C ENU Companion
179 pages
AGRI-VAC Model 5614 To 7816 Operator'S Manual and Parts Book
No ratings yet
AGRI-VAC Model 5614 To 7816 Operator'S Manual and Parts Book
94 pages
20743B ENU Companion
No ratings yet
20743B ENU Companion
174 pages
AZ-301T03A - Course Manual
No ratings yet
AZ-301T03A - Course Manual
93 pages
AZ 900T01A ENU TrainerHandbook
95% (22)
AZ 900T01A ENU TrainerHandbook
410 pages
Ingersoll Rand IRN15 IRN22 Manual
No ratings yet
Ingersoll Rand IRN15 IRN22 Manual
172 pages
2A ENU Companion PDF
No ratings yet
2A ENU Companion PDF
135 pages
20535A ENU TrainerHandbook
100% (1)
20535A ENU TrainerHandbook
264 pages
10961A ENU TrainerHandbook
No ratings yet
10961A ENU TrainerHandbook
416 pages
Windows2012 20410B ENU TrainerHandbook
67% (3)
Windows2012 20410B ENU TrainerHandbook
506 pages
10979D ENU TrainerHandbook
100% (1)
10979D ENU TrainerHandbook
176 pages
10992B ENU Companion PDF
No ratings yet
10992B ENU Companion PDF
82 pages
10967A ENU TrainerHandbook PDF
No ratings yet
10967A ENU TrainerHandbook PDF
560 pages
20533E ENU TrainerHandbook PDF
100% (1)
20533E ENU TrainerHandbook PDF
474 pages
A.J. Warren, C.J. Wordenskjold, D. Franklyn, J. Shackelford, S. Kukrilka - Course 20743A Upgrading Your Skills To MCSA Windows Server 2016 - 2016 PDF
No ratings yet
A.J. Warren, C.J. Wordenskjold, D. Franklyn, J. Shackelford, S. Kukrilka - Course 20743A Upgrading Your Skills To MCSA Windows Server 2016 - 2016 PDF
604 pages
6451B ENU Beta Trainer Handbook Volume1
No ratings yet
6451B ENU Beta Trainer Handbook Volume1
794 pages
6232BD ENU Trainer Handbook Vol1
No ratings yet
6232BD ENU Trainer Handbook Vol1
480 pages
AZ 100T01A ENU TrainerHandbook
No ratings yet
AZ 100T01A ENU TrainerHandbook
89 pages
Vega MFM PDF
No ratings yet
Vega MFM PDF
4 pages
AZ 103T00A ENU TrainerHandbook PDF
100% (3)
AZ 103T00A ENU TrainerHandbook PDF
403 pages
10215A-EnU Trainer Handbook Vol1
No ratings yet
10215A-EnU Trainer Handbook Vol1
522 pages
SnapLogic Second Edition
From Everand
SnapLogic Second Edition
Gerardus Blokdyk
No ratings yet
Active Directory Rights Management Services A Clear and Concise Reference
From Everand
Active Directory Rights Management Services A Clear and Concise Reference
Gerardus Blokdyk
No ratings yet