Resource Manager

The infrastructure for your application is typically made up of many components – maybe a virtual machine,
storage account, and virtual network, or a web app, database, database server, and third-party services. These
components are not separate entities; instead they are related and interdependent parts of a single entity. You
want to deploy, manage, and monitor them as a group.

Azure Resource Manager enables you to work with the resources in your solution as a group. You can deploy,
update, or delete all the resources for your solution in a single, coordinated operation. You use a template for
deployment and that template can work for different environments such as testing, staging, and production.
Resource Manager provides security, auditing, and tagging features to help you manage your resources after
deployment.

Consistent management layer

Resource Manager provides a consistent management layer to perform tasks through Azure PowerShell, Azure
CLI, Azure portal, REST API, and client SDKs. All capabilities that are available in the Azure portal are also
available through Azure PowerShell, Azure CLI, the Azure REST APIs, and client SDKs. Functionality initially
released through APIs will be represented in the portal within 180 days of initial release.

Choose the tools and APIs that work best for you - they have the same capability and provide consistent results.

The following image shows how all the tools interact with the same Azure Resource Manager API. The API
passes requests to the Resource Manager service, which authenticates and authorizes the requests. Resource
Manager then routes the requests to the appropriate resource providers.

Benefits
Resource Manager provides several benefits:

 You can deploy, manage, and monitor all the resources for your solution as a group, rather than handling
these resources individually.
 You can repeatedly deploy your solution throughout the development lifecycle and have confidence
your resources are deployed in a consistent state.
 You can manage your infrastructure through declarative templates rather than scripts.
 You can define the dependencies between resources so they're deployed in the correct order.
 You can apply access control to all services in your resource group because Role-Based Access Control
(RBAC) is natively integrated into the management platform.
 You can apply tags to resources to logically organize all the resources in your subscription.
 You can clarify your organization's billing by viewing costs for a group of resources sharing the same
tag.

Guidance
The following suggestions help you take full advantage of Resource Manager when working with your
solutions.

 Define and deploy your infrastructure through the declarative syntax in Resource Manager templates,
rather than through imperative commands.
 Define all deployment and configuration steps in the template. You should have no manual steps for
setting up your solution.
 Run imperative commands to manage your resources, such as to start or stop an app or machine.
 Arrange resources with the same lifecycle in a resource group. Use tags for all other organizing of
resources.

Terminology
If you're new to Azure Resource Manager (ARM), there are some terms you might not be familiar with.

 resource - A manageable item that is available through Azure. Some common resources are a virtual
machine, storage account, web app, database, and virtual network, but there are many more.
 resource group - A container that holds related resources for an Azure solution. The resource group can
include all the resources for the solution, or only those resources that you want to manage as a group. You
decide how you want to allocate resources to resource groups based on what makes the most sense for your
organization.
 resource provider - A service that supplies the resources you can deploy and manage through Resource
Manager. Each resource provider offers operations for working with the resources that are deployed. Some
common resource providers are Microsoft.Compute, which supplies the virtual machine resource,
Microsoft.Storage, which supplies the storage account resource, and Microsoft.Web, which supplies
resources related to web apps.
 ARM template - A JavaScript Object Notation (JSON) file that defines one or more resources to deploy
to a resource group. It also defines the dependencies between the deployed resources. The template can be
used to deploy the resources consistently and repeatedly.
 declarative syntax - Syntax that lets you state “Here is what I intend to create” without having to write
the sequence of programming commands to create it. The Resource Manager template is an example of
declarative syntax. In the file, you define the properties for the infrastructure to deploy to Azure.

Resource providers
Each resource provider offers a set of resources and operations for working with an Azure service. For example,
if you want to store keys and secrets, you work with the Microsoft.KeyVault resource provider. This resource
provider offers a resource type called vaults for creating the key vault.

The name of a resource type is in the format: {resource-provider}/{resource-type}. For example, the key vault
type is Microsoft.KeyVault/vaults.
✔️Before getting started with deploying your resources, you should gain an understanding of the available
resource providers. Knowing the names of resource providers and resources helps you define resources you
want to deploy to Azure. Also, you need to know the valid locations and API versions for each resource type.

Resource Group Deployments

Resources can be deployed to any new or existing resource group. Deployment of resources to a resource group
becomes a job where you can track the template execution. If deployment fails, the output of the job can
describe why the deployment failed. Whether the deployment is a single resource to a group or a template to a
group, you can use the information to fix any errors and redeploy. Deployments are incremental; if a resource
group contains two web apps and you decide to deploy a third, the existing web apps will not be removed.
Currently, immutable deployments are not supported in a resource group. To implement an immutable
deployment, you must create a new resource group.

Considerations
Resource Groups are at their simplest a logical collection of resources. There are a couple of small rules for
resource groups.

 Resources can only exist in one resource group.

 Resource Groups cannot be renamed.
 Resource Groups can have resources of many different types (services).
 Resource Groups can have resources from many different regions.

Creating resource groups

There are some important factors to consider when defining your resource group:

 All the resources in your group should share the same lifecycle. You deploy, update, and delete them
together. If one resource, such as a database server, needs to exist on a different deployment cycle it should
be in another resource group.
 Each resource can only exist in one resource group.
 You can add or remove a resource to a resource group at any time.
 You can move a resource from one resource group to another group.
 A resource group can contain resources that reside in different regions.
 A resource group can be used to scope access control for administrative actions.
 A resource can interact with resources in other resource groups. This interaction is common when the
two resources are related but don't share the same lifecycle (for example, web apps connecting to a
database).

When creating a resource group, you need to provide a location for that resource group. You may be wondering,
“Why does a resource group need a location? And, if the resources can have different locations than the
resource group, why does the resource group location matter at all?” The resource group stores metadata about
the resources. Therefore, when you specify a location for the resource group, you're specifying where that
metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular
region.

✔️By scoping permissions to a resource group, you can add/remove and modify resources easily without
having to recreate assignments and scopes.

Resource Manager Locks

A common concern with resources provisioned in Azure is the ease with which they can be deleted. An over-
zealous or careless administrator can accidentally erase months of work with a few clicks. Resource manager
locks allow organizations to put a structure in place that prevents the accidental deletion of resources in Azure.

 You can associate the lock with a subscription, resource group, or resource.
 Locks are inherited by child resources.

Lock types
There are two types of resource locks.

 Read-Only locks, which prevent any changes to the resource.

 Delete locks, which prevent deletion.

✔️Only the Owner and User Access Administrator roles can create or delete management locks.

Moving Resources
Sometimes you may need to move resources to either a new subscription or a new resource group in the same
subscription.
When moving resources, both the source group and the target group are locked during the operation. Write and
delete operations are blocked on the resource groups until the move completes. This lock means you can't add,
update, or delete resources in the resource groups, but it doesn't mean the resources are frozen. For example, if
you move a virtual machine to a new resource group, an application accessing the virtual machine experiences
no downtime.

Limitations
Before beginning this process be sure to read the Move operation support for resources page. This page details
what resources can be moved between resources groups and subscriptions.

Implementation
To move resources, select the resource group containing those resources, and then select the Move button.
Select the resources to move and the destination resource group. Acknowledge that you need to update scripts.

✔️Just because a service can be moved doesn’t mean there aren’t restrictions. For example, you can move a
virtual network, but you must also move its dependent resources, like gateways.

Removing Resources and Resource Groups

Use caution when deleting a resource group. Deleting a resource group deletes all the resources contained
within it. That resource group might contain resources that resources in other resource groups depend on.

Using PowerShell to delete resource groups

To remove a resource group use, Remove-AzResourceGroup. In this example, we are removing the
ContosoRG01 resource group from the subscription. The cmdlet prompts you for confirmation and returns no
output.
Remove-AzResourceGroup -Name "ContosoRG01"

Removing Resources
You can also delete individual resources within a resource group. For example, here we are deleting a virtual
network. Notice you can change the resource group on this page.

Resource Limits
Azure provides the ability to observe the number of each network resource type that you've deployed in your
subscription and what your subscription limits are. The ability to view resource usage against limits is helpful to
track current usage, and plan for future use.

 The limits shown are the limits for your subscription.

 If you need to increase a default limit, there is a Request Increase link. You will complete and submit
the support request.
 All resources have a maximum limit listed in Azure limits. If your current limit is already at the
maximum number, the limit can't be increased.

Demonstration - Resource Manager

In this demonstration, we will work with the Azure Resource Manager.

Note: Only the Owner and User Access Administrator roles can manage the locks on the resources.

Manage resource groups in the portal

1. Access the Azure portal.

2. Create a resource group. Remember the name of this resource group.
3. In the Settings blade for the resource group, select Locks.
4. To add a lock, select Add. If you want to create a lock at a parent level, select the parent. The currently
selected resource inherits the lock from the parent. For example, you could lock the resource group to apply
a lock to all its resources.
5. Give the lock a name and lock type. Optionally, you can add notes that describe the lock.
6. To delete the lock, select the ellipsis and Delete from the available options.

Manage resource groups with PowerShell

1. Access the Cloud Shell.

2. Create the resource lock and confirm your action.
New-AzResourceLock -LockName <lockName> -LockLevel CanNotDelete
-ResourceGroupName <resourceGroupName>
3. View resource lock information. Notice the LockId that will be used in the next step to delete the lock.
Get-AzResourceLock
4. Delete the resource lock and confirm your action.
Remove-AzResourceLock -LockName <Name> -ResourceGroupName <Resource Group>
5. Verify the resource lock has been removed.
Get-AzResourceLock

✔️Configure resource locks, move resources across resource groups, and remove resource groups are part of
the certification exam.

Azure Portal
The Azure Portal let's you build, manage, and monitor everything from simple web apps to complex cloud
applications in a single, unified console.
 Search resources, services, and docs.
 Manage resources.
 Create customized dashboards and favorites.
 Access the Cloud Shell.
 Receive notifications.
 Links to the Azure documentation.

✔️You can access the portal at https://portal.azure.com.

Azure Mobile App

The Azure Mobile App helps you keep track of your resources while on-the-go:
 Stay connected to the cloud and check status and critical metrics anytime, anywhere. With the
Azure mobile app, you don't need to be in front of your computer to keep an eye on your Azure resources
such as VMs and web apps. Stay connected no matter where you are from your iOS or Android mobile
device.
 Diagnose and fix issues quickly with Azure Mobile. Check for alerts, view metrics, and take
corrective actions to fix common issues. Restart a web app or connect to a VM directly. Be agile and
respond to issues faster with the Azure mobile app.
 Run commands to manage your Azure resources. Want to use the command line? Run ad hoc Azure
CLI or PowerShell commands from the Azure mobile app. Stay in control of your resources and take
corrective actions, like starting and stopping VMs and web apps.

Demonstration - Azure Portal

In this demonstration, you will explore the Azure portal.
Help and Keyboard Shortcuts

1. Access the Azure Portal.

2. Click the ? Help and Support icon on the top banner.
3. Select Launch Guided Tour and click Start Tour. Review the help information.
4. Select Keyboard Shortcuts and read through the available shortcuts. Do any seem of interest?
5. Close the Help page, and hold G and press D to go your Dashboard.

Customizing your experience

1. Examine the icons next to the Dashboard drop-down. For example, New Dashboard, Upload, Download,
Edit, and Clone.
2. Click New Dashboard.
3. Practice adding, pinning, moving, resizing, and deleting tiles.
4. Click Done customizing to save your edits.
5. Select the Settings icon on the top banner. Experiment with different color themes. Apply your changes.
6. Practice reordering your Favorites list. Do this by holding and dragging list items up or down.
7. Notice how clicking a Favorite takes you to that page.
8. Click the Cost Management and Billing blade. Pin your Subscription information to your Dashboard.
9. Visit the Dashboard and make any arrangement changes you like.
10. Use the search textbox at the top of the page.
11. Type resource and notice context matches are provided.
12. Select Resource groups and then click + Add.
13. Review and create your first resource group.

Azure Cloud Shell

Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. It provides the
flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash
experience, while Windows users can opt for PowerShell.

Cloud Shell enables access to a browser-based command-line experience built with Azure management tasks in
mind. Leverage Cloud Shell to work untethered from a local machine in a way only the cloud can provide.
Azure Cloud Shell features
 Is temporary and requires a new or existing Azure Files share to be mounted.
 Offers an integrated graphical text editor based on the open-source Monaco Editor.
 Authenticates automatically for instant access to your resources.
 Runs on a temporary host provided on a per-session, per-user basis.
 Times out after 20 minutes without interactive activity.
 Requires a resource group, storage account, and Azure File share.
 Uses the same Azure file share for both Bash and PowerShell.
 Is assigned one machine per user account.
 Persists $HOME using a 5-GB image held in your file share.
 Permissions are set as a regular Linux user in Bash.

Demonstration - Cloud Shell

In this demonstration, we will experiment with the Cloud Shell.

Configure the Cloud Shell

1. Access the Azure Portal.

2. Click the Cloud Shell icon on the top banner.
3. On the Welcome to the Shell page, notice your selections for Bash or PowerShell. Select PowerShell.
4. The Azure Cloud Shell requires an Azure file share to persist files. As you have time, click Learn more
to obtain information about the Cloud Shell storage and the associated pricing.
5. Select your Subscription, and click Create Storage.
Experiment with Azure PowerShell

1. Wait for your storage to be created and your account to be initialized.

2. At the PowerShell prompt, type Get-AzSubscription to view your subscriptions.
3. Type Get-AzResourceGroup to view resource group information.

Experiment with the Bash shell

1. Use the drop-down to switch to the Bash shell, and confirm your choice.

2. At the Bash shell prompt, type az account list to view your subscriptions. Also, try tab completion.
3. Type az resource list to view resource information.

Experiment with the Cloud Editor

1. To use the Cloud Editor, type code .. You can also select the curly braces icon.
2. Select a file from the left navigation pane. For example, .profile.
3. Notice on the editor top banner, selections for Settings (Text Size and Font) and Upload/Download files.
4. Notice on the ellipses (...) on the far right for Save, Close Editor, and Open File.
5. Experiment as you have time, then close the Cloud Editor.
6. Close the Cloud Shell.

Azure PowerShell
Azure PowerShell is a module that you add to Windows PowerShell or PowerShell Core to enable you to
connect to your Azure subscription and manage resources. Azure PowerShell requires PowerShell to function.
PowerShell provides services such as the shell window and command parsing. Azure PowerShell adds the
Azure-specific commands.

For example, Azure PowerShell provides the New-AzVm command that creates a virtual machine inside your
Azure subscription. To use it, you would launch the PowerShell application and then issue a command such as
the following command:

New-AzVm `
-ResourceGroupName "CrmTestingResourceGroup" `
-Name "CrmUnitTests" `
-Image "UbuntuLTS"
...

Azure PowerShell is also available two ways: inside a browser via the Azure Cloud Shell, or with a local
installation on Linux, macOS, or the Windows operating system. In both cases, you have two modes from with
to choose: you can use it in interactive mode in which you manually issue one command at a time, or in
scripting mode where you execute a script that consists of multiple commands.

What is the Az module?

Az is the formal name for the Azure PowerShell module containing cmdlets to work with Azure features. It
contains hundreds of cmdlets that let you control nearly every aspect of every Azure resource. You can work
with the following features, and more:

 Resource groups
 Storage
 VMs
 Azure AD
 Containers
 Machine learning

This module is an open source component available on GitHub.

Note: You might have seen or used Azure PowerShell commands that used an -AzureRM format. In December
2018 Microsoft released for general availability the AzureRM module replacement with the Az module. This
new module has several features, notably a shortened cmdlet noun prefix of -Az, which replaces AzureRM.
The Az module ships with backwards compatibility for the AzureRM module, so the -AzureRM cmdlet format
will work. However, going forward you should transition to the Az module and use the -Az commands.

✔️Bookmark the Azure PowerShell Reference

PowerShell Cmdlets and Modules

A PowerShell command is called a cmdlet (pronounced “command-let”). A cmdlet is a command that
manipulates a single feature. The term cmdlet is intended to imply that it is a small command. By convention,
cmdlet authors are encouraged to keep cmdlets simple and single purpose.

The base PowerShell product ships with cmdlets that work with features such as sessions and background jobs.
You add modules to your PowerShell installation to get cmdlets that manipulate other features. For example,
there are third-party modules to work with ftp, administer your operating system, and access the file system.

Cmdlets follow a verb-noun naming convention; for example, Get-Process, Format-Table, and Start-Service.

There is also a convention for verb choice. You can use Get-Verb to retrieve examples, such as:

 get retrieves data.
 set inserts or updates data.
 format formats data.
 out directs output to a destination.

Cmdlet authors are encouraged to include a help file for each cmdlet. The Get-Help cmdlet displays the help
file for any cmdlet. For example, you could get help on the Get-ChildItem cmdlet with the following
statement:

Get-Help Get-ChildItem -detailed

Cmdlets are shipped in _modules. A PowerShell module is a DLL file that includes the code to process each
available cmdlet. You load cmdlets into PowerShell by loading the module containing them. You can get a list
of loaded modules using the Get-Module command:

Get-Module

This will output something like the following code:

ModuleType Version Name

ExportedCommands
---------- ------- ----
----------------
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-
Computer, Add-Content, Checkpoint-Computer, Clear-Con...
Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member,
Add-Type, Clear-Variable, Compare-Object...}
 Binary 1.0.0.1 PackageManagement {Find-
Package, Find-PackageProvider, Get-Package, Get-Pack...
Script 1.0.0.1 PowerShellGet {Find-
Command, Find-DscResource, Find-Module, Find-RoleCap...
Script 2.0.0 PSReadline {Get-PS

Demonstration - Working with PowerShell

In this demonstration, we will install Azure Az PowerShell module. The Az module is available from a global
repository called the PowerShell Gallery. You can install the module onto your local machine through
the Install-Module command. You need an elevated PowerShell shell prompt to install modules from the
PowerShell Gallery.

Note: If at any time you receive errors about running scripts is disabled be sure to set the execution policy. Set-
ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine

Install the Az module

1. Open the Start menu, and type Windows PowerShell.

2. Right-click the Windows PowerShell icon, and select Run as administrator.
3. In the User Account Control dialog, select Yes.
4. Type the following command, and then press Enter. This command installs the module for all users by
default. (It's controlled by the scope parameter.) AllowClobber overwrites the previous PowerShell module.
Install-Module -Name Az -AllowClobber

Install NuGet (if needed)

1. Depending on the NuGet version you have installed you might get a prompt to download and install the
latest version.
2. If prompted, install and import the NuGet provider.

Trust the repository

1. By default, the PowerShell Gallery isn't configured as a trusted repository for PowerShellGet. The first
time you use the PowerShell Gallery, you will be prompted.
You are installing the modules from an untrusted repository. If you trust
this repository, change its InstallationPolicy value by running the Set-
PSRepository cmdlet. Are you sure you want to install the modules from
PSGallery'?
2. As prompted, install the modules.

Connect to Azure and view your subscription information

1. Connect to Azure.
Connect-AzAccount
2. When prompted provide your credentials.
3. Verify your subscription information.
Get-AzSubscription

Create resources

1. Create a new resource group. Provide a different location if you like. The name must be unique within
your subscription. The location determines where the metadata for your resource group will be stored. You
 use strings like “West US”, "North Europe", or “West India” to specify the location; alternatively, you can
use single word equivalents, such as westus, northeurope, or westindia. The core syntax is:
New-AzResourceGroup -name <name> -location <location>
2. Verify your resource group.
Get-AzResourceGroup
3. Remove your resource group. When prompted, confirm.
Remove-AzResourceGroup -Name Test

Azure CLI
Azure CLI is a command-line program to connect to Azure and execute administrative commands on Azure
resources. It runs on Linux, macOS, and Windows, and allows administrators and developers to execute their
commands through a terminal or a command-line prompt, (or script!) instead of a web browser. For example, to
restart a VM, you would use a command such as the following:

az vm restart -g MyResourceGroup -n MyVm

Azure CLI provides cross-platform command-line tools for managing Azure resources. You can install this
locally on computers running the Linux, macOS, or Windows operating systems. You can also use Azure CLI
from a browser through Azure Cloud Shell.

In both cases, Azure CLI can be used interactively or through scripts:

 Interactive. First, for Windows operating systems, launch a shell such as cmd.exe, or for Linux or
macOS, use Bash. Then issue the command at the shell prompt.
 Scripted. Assemble the Azure CLI commands into a shell script using the script syntax of your chosen
shell. Then execute the script.

Azure CLI lets you control nearly every aspect of every Azure resource. You can work with resource groups,
storage, VMs, Azure Active Directory (Azure AD), containers, machine learning, and so on.

Commands in the CLI are structured in groups and subgroups. Each group represents a service provided by
Azure, and the subgroups divide commands for these services into logical groupings. For example,
the storage group contains subgroups including account, blob, storage, and queue.

So, how do you find the particular commands you need? One way is to use az find. For example, if you
want to find commands that might help you manage a storage blob, you can use the following find command:

az find -q blob

If you already know the name of the command you want, the --help argument for that command will get you
more detailed information on the command, and for a command group, a list of the available subcommands. For
example, here's how you can get a list of the subgroups and commands for managing blob storage:

az storage blob --help

✔️Bookmark the Azure CLI Reference.

Demonstration - Working with Azure CLI

In this demonstration, we will install and use the CLI to create resources.

Install the CLI on Windows

You install Azure CLI on the Windows operating system using the MSI installer:

1. Go to https://aka.ms/installazurecliwindows, and in the browser security dialog box, click Run.

2. In the installer, accept the license terms, and then click Install.
3. In the User Account Control dialog, select Yes.

Verify Azure CLI installation

1. You run Azure CLI by opening a Bash shell for Linux or macOS, or from the command prompt or
PowerShell for Windows.
2. Start Azure CLI and verify your installation by running the version check:
az --version

Note: Running Azure CLI from PowerShell has some advantages over running Azure CLI from the Windows
command prompt. PowerShell provides more tab completion features than the command prompt.

Login to Azure

1. Because you're working with a local Azure CLI installation, you'll need to authenticate before you can
execute Azure commands. You do this by using the Azure CLI login command:
az login
2. Azure CLI will typically launch your default browser to open the Azure sign-in page. If this doesn't
work, follow the command-line instructions and enter an authorization code at https://aka.ms/devicelogin.
3. After a successful sign in, you'll be connected to your Azure subscription.

Create a resource group

1. You'll often need to create a new resource group before you create a new Azure service, so we'll use
resource groups as an example to show how to create Azure resources from the CLI.
2. Azure CLI group create command creates a resource group. You must specify a name and location.
The name must be unique within your subscription. The location determines where the metadata for your
resource group will be stored. You use strings like “West US”, "North Europe", or “West India” to specify
the location; alternatively, you can use single word equivalents, such as westus, northeurope, or westindia.
The core syntax is:
az group create --name <name> --location <location>

Verify the resource group

1. For many Azure resources, Azure CLI provides a list subcommand to view resource details. For
example, the Azure CLI group list command lists your Azure resource groups. This is useful to verify
whether resource group creation was successful:
az group list
2. To get a more concise view, you can format the output as a simple table:
az group list --output table
3. If you have several items in the group list, you can filter the return values by adding a query option. Try
this command:
az group list --query "[?name == '<rg name>']"

Template Advantages
An Azure Resource Manager template precisely defines all the Resource Manager resources in a deployment.
You can deploy a Resource Manager template into a resource group as a single operation.
Using Resource Manager templates will make your deployments faster and more repeatable. For example, you
no longer have to create a VM in the portal, wait for it to finish, and then create the next VM. Resource
Manager takes care of the entire deployment for you.

Template Benefits
 Templates improve consistency. Resource Manager templates provide a common language for you and
others to describe your deployments. Regardless of the tool or SDK that you use to deploy the template, the
structure, format, and expressions inside the template remain the same.
 Templates help express complex deployments. Templates enable you to deploy multiple resources in
the correct order. For example, you wouldn't want to deploy a virtual machine prior to creating an operating
system (OS) disk or network interface. Resource Manager maps out each resource and its dependent
resources, and creates dependent resources first. Dependency mapping helps ensure that the deployment is
carried out in the correct order.
 Templates reduce manual, error-prone tasks. Manually creating and connecting resources can be
time consuming, and it's easy to make mistakes. Resource Manager ensures that the deployment happens
the same way every time.
 Templates are code. Templates express your requirements through code. Think of a template as a type
of Infrastructure as Code that can be shared, tested, and versioned similar to any other piece of software.
Also, because templates are code, you can create a “paper trail” that you can follow. The template code
documents the deployment. Most users maintain their templates under some kind of revision control, such
as GIT. When you change the template, its revision history also documents how the template (and your
deployment) has evolved over time.
 Templates promote reuse. Your template can contain parameters that are filled in when the template
runs. A parameter can define a username or password, a domain name, and so on. Template parameters
enable you to create multiple versions of your infrastructure, such as staging and production, while still
utilizing the exact same template.
 Templates are linkable. You can link Resource Manager templates together to make the templates
themselves modular. You can write small templates that each define a piece of a solution, and then combine
them to create a complete system.
 Templates simplify orchestration. You only need to deploy the template to deploy all of your
resources. Normally this would take multiple operations.

Template Schema
ARM templates are written in JSON, which allows you to express data stored as an object (such as a virtual
machine) in text. A JSON document is essentially a collection of key-value pairs. Each key is a string, whose
value can be:

 A string
 A number
 A Boolean expression
 A list of values
 An object (which is a collection of other key-value pairs)

A Resource Manager template can contain sections that are expressed using JSON notation, but are not related
to the JSON language itself:

{
"$schema": "http://schema.management.azure.com/schemas/2019-04-
01/deploymentTemplate.json#",
"contentVersion": "",
 "parameters": {},
"variables": {},
"functions": [],
"resources": [],
"outputs": {}
}

Element
Required Description
name

Location of the JSON schema file that describes the version of the
$schema Yes
template language. Use the URL shown in the preceding example.

Version of the template (such as 1.0.0.0). You can provide any

value for this element. Use this value to document significant
contentVersion Yes changes in your template. When deploying resources using the
template, this value can be used to make sure that the right
template is being used.

Values that are provided when deployment is executed to

parameters No
customize resource deployment.

Values that are used as JSON fragments in the template to

variables No
simplify template language expressions.

functions No User-defined functions that are available within the template.

resources Yes Resource types that are deployed or updated in a resource group.

outputs No Values that are returned after deployment.

For more information, Understand the structure and syntax of Azure Resource Manager Templates.

Template Parameters
In the parameters section of the template, you specify which values you can input when deploying the
resources. The available properties for a parameter are:

"parameters": {
"<parameter-name>" : {
"type" : "<type-of-parameter-value>",
"defaultValue": "<default-value-of-parameter>",
"allowedValues": [ "<array-of-allowed-values>" ],
"minValue": <minimum-value-for-int>,
"maxValue": <maximum-value-for-int>,
"minLength": <minimum-length-for-string-or-array>,
"maxLength": <maximum-length-for-string-or-array-parameters>,
"metadata": {
"description": "<description-of-the parameter>"
}
}
}
Here's an example that illustrates two parameters: one for a virtual machine's (VM's) username, and one for its
password:

"parameters": {
"adminUsername": {
"type": "string",
"metadata": {
"description": "Username for the Virtual Machine."
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine."
}
}

✔️You're limited to 256 parameters in a template. You can reduce the number of parameters by using objects
that contain multiple properties.

Template Variables
This template section is where you define values that are used throughout the template. Variables can help make
your templates easier to maintain. For example, you might define a storage account name one time as a variable,
and then use that variable throughout the template. If the storage account name changes, you need to only
update the variable once.

Here's an example that illustrates a few variables that describe networking features for a VM:

"variables": {
"nicName": "myVMNic",
"addressPrefix": "10.0.0.0/16",
"subnetName": "Subnet",
"subnetPrefix": "10.0.0.0/24",
"publicIPAddressName": "myPublicIP",
"virtualNetworkName": "MyVNET"
}

Template Functions
This section is where you define procedures that you don't want to repeat throughout the template. Similar to
variables, functions can help make your templates easier to maintain.

When defining a user function, there are some restrictions:

 The function can't access variables.

 The function can only use parameters that are defined in the function. When you use the parameters
function within a user-defined function, you're restricted to the parameters for that function.
 The function can't call other user-defined functions.
 The function can't use the reference function.
 Parameters for the function can't have default values.
Here's a function that creates a unique name. You could use this function when creating resources that have
globally unique naming requirements.

"functions": [
{
"namespace": "contoso",
"members": {
"uniqueName": {
"parameters": [
{
"name": "namePrefix",
"type": "string"
}
],
"output": {
"type": "string",
"value": "[concat(toLower(parameters('namePrefix')),
uniqueString(resourceGroup().id))]"
}
}
}
}
],

Template Resources
This section is where you define the Azure resources that make up your deployment.

Here's an example that creates a public IP address resource.

{
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"apiVersion": "2018-08-01",
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[parameters('dnsLabelPrefix')]"
}
}
}

The type of resource is Microsoft.Network/publicIPAddresses. The name is read from the

variables section. The location, or Azure region, and domainNameLabel are provided from
the parameters section. The IP address will be dynamically allocated.

Because resource types can change over time, apiVersion refers to the version of the resource type you want
to use. As resource types evolve, you can modify your templates to work with the latest features.

Template Outputs
This section is where you define any information you'd like to receive when the template runs. For example,
you might want to receive your VM's IP address or fully qualified domain name (FQDN), information you do
not know until the deployment runs.

Here is the structure of an output definition:

"outputs": {
"<output-name>": {
"condition": "<boolean-value-whether-to-output-value>",
"type": "<type-of-output-value>",
"value": "<output-value-expression>",
"copy": {
"count": <number-of-iterations>,
"input": <values-for-the-variable>
}
}
}

Here's an example that illustrates an output named hostname. The FQDN value is read from the VM's public IP
address settings:

"outputs": {
"hostname": {
"type": "string",
"value":
"[reference(variables('publicIPAddressName')).dnsSettings.fqdn]"
}
}

✔️It is a good practice to comment your templates. For inline comments, you can comment a single line with //.
You can comment a block of lines with /* ... */. This can vary across different tools so be sure to check what
works for you.

QuickStart Templates
Azure Quickstart templates are Resource Manager templates provided by the Azure community.
Templates provide everything you need to deploy your solution, while others might serve as a starting point for
your template. Either way, you can study these templates to learn how to best author and structure your own
templates.

 The README.md file provides an overview of what the template does.

 The azuredeploy.json file defines the resources that will be deployed.
 The azuredeploy.parameters.json file provides the values the template needs.

✔️Take a few minutes to browse the available templates. Anything of interest?

Demonstration - QuickStart Templates

In this demonstration, we will explore QuickStart templates.

Explore the gallery

1. Start by browsing to the Azure Quickstart Templates gallery. In the gallery you will find a number of
popular and recently updated templates. These templates work with both Azure resources and popular
software packages.
2. Browse through the many different types of templates that are available.
3. Are there are any templates that are of interest to you?

Explore a template

1. Let's say you come across the Deploy a simple Windows VM template.

Note: The Deploy to Azure button enables you to deploy the template directly through the Azure portal if you
wish.

Note: Scroll-down to the Use the template PowerShell code. You will need the TemplateURI in the next
demo. Copy the value. For example,
https://raw.githubusercontent.com/Azure/azure-quickstart-
templates/master/101-vm-simple-windows/azuredeploy.json
2. Click Browse on GitHub to navigate to the template's source code on GitHub.
3. Notice from this page you can also Deploy to Azure. Take a minute to view the Readme file. This helps
to determine if the template is for you.
4. Click Visualize to navigate to the Azure Resource Manager Visualizer.
5. Notice the resources that make up the deployment, including a VM, a storage account, and network
resources.
6. Use your mouse to arrange the resources. You can also use your mouse's scroll wheel to zoom in an out.
7. Click on the VM resource labeled SimpleWinVM.
8. Review the source code that defines the VM resource.
 The resource's type is Microsoft.Compute/virtualMachines.
 Its location, or Azure region, comes from the template parameter named location.
 The VM's size is Standard_A2.
 The computer name is read from a template variable, and the username and password for the VM
are read from template parameters.
9. Return to the QuickStart page that shows the files in the template. Copy the link to the azuredeploy.json
file.

✔️You will need the template link in the next demonstration.

Demonstration - Run Templates with PowerShell

In this demonstration, we will create new Azure resources using PowerShell and Resource Manager templates.

Connect to your subscription

1. If you are working with a local install of the PowerShell, you'll need to authenticate before you can
execute Azure commands. To do this, open the PowerShell ISE, or a PowerShell console as administrator,
and run the following command:
Connect-AzAccount
2. After successfully signing in, your account and subscription details should display in the PowerShell
console window. You must now select either a subscription or context, in which you will deploy your
resources. If only one subscription is present it will set the context to that subscription by default. Otherwise
you can specify the subscription to deploy resources into by running the following commands in sequence:
Get-AzContext
Set-AzContext -subscription < your subscription ID >

Create the resource group

1. You'll often need to create a new resource group before you create a new Azure service or resource.
We'll use resource groups as an example to show how to create Azure resources from Azure PowerShell.
2. The Azure PowerShell New-AzResourceGroup command creates a resource group. You must specify a
name and location. The name must be unique within your subscription, and the location determines where
the metadata for your resource group will be stored. You use strings such as West US, North Europe, or
West India to specify the location. Alternatively, you can use single word equivalents, such as westus,
northeurope, or westindia.
3. Create the resource group into which we will deploy our resources using the following commands.
New-AzResourceGroup -Name < resource group name > -Location < your nearest
datacenter >

Deploy the template into the resource group

1. Deploy the template with this command.
$templateUri = <location of the template from the previous demonstration>
New-AzResourceGroupDeployment -Name rg9deployment1 -ResourceGroupName rg9
-TemplateUri $templateUri
2. You will be prompted to enter values for:
 Adminusername. For example, azureuser.
 Password. Any compliant password will work, for example Passw0rd0134.
 DnsLabelprefix. This is any unique DNS name, such as your initials and random numbers.
3. To make scripts free of manual input, you can create a .ps1 file, and then enter all the commands and
inputs. You could use parameter values in the script to define
the username, password and dnslabelprefix values, and then run the PowerShell file without input. Use the
file build.ps1 as an example of how you can do this.

Note: In the previous example, we called a publicly available template on GitHub. You could also call a local
template or a secure storage location, and you could define the template filename and location as a variable for
use in the script. You can also specify the mode of deployment, including incremental or complete.

Verify the template deployed

1. Once you have successfully deployed the template, you need to verify the deployment. To do this, run
the following commands:
Get-AzVM
2. Note the VM name, then run the following command to obtain additional VM details:
Get-AzVM -Name < your VM name i.e. SimpleWinVM > -resourcegroupname < your
resource group name >
3. You can also list the VMs in your subscription with the Get-AzVM -Status command. This can also
specify a VM with the -Name property. In the following example, we assign it to a PowerShell variable:
$vm = Get-AzVM -Name < your VM name i.e. SimpleWinVM > -ResourceGroupName
< your resource group name >
4. The interesting thing is that this is an object you can interact with. For example, you can take that object,
make changes, and then push changes back to Azure with the Update-AzVM command:
$ResourceGroupName = "ExerciseResources"
$vm = Get-AzVM -Name MyVM -ResourceGroupName $ResourceGroupName
$vm.HardwareProfile.vmSize = "Standard_A3"

Update-AzVM -ResourceGroupName $ResourceGroupName -VM $vm

Note: Depending on your datacenter location, you could receive an error related to the VM size not being
available in your region. You can modify the vmSize value to one that is available in your region.

✔️PowerShell's interactive mode is appropriate for one-off tasks. In our example, we'll likely use the same
resource group for the lifetime of the project, which means that creating it interactively is reasonable.
Interactive mode is often quicker and easier for this task than writing a script and then executing it only once.

Lab 03a - Manage Azure resources by Using the Azure Portal

Lab scenario
You need to explore the basic Azure administration capabilities associated with provisioning resources and
organizing them based on resource groups, including moving resources between resource groups. You also want
to explore options for protecting disk resources from being accidentally deleted, while still allowing for
modifying their performance characteristics and size.
Objectives
In this lab, we will:

 Task 1: Create resource groups and deploy resources to resource groups.

 Task 2: Move resources between resource groups.
 Task 3: Implement and test resource locks.

✔️Consult with your instructor for how to access the lab instructions and lab environment (if provided).

Lab 03b - Manage Azure resources by Using ARM Templates

Lab scenario
Now that you explored the basic Azure administration capabilities associated with provisioning resources and
organizing them based on resource groups by using the Azure portal, you need to carry out the equivalent task
by using Azure Resource Manager templates.

Objectives
In this lab, you will:

 Task 1: Review an ARM template for deployment of an Azure managed disk.

 Task 2: Create an Azure managed disk by using an ARM template.
 Task 3: Review the ARM template-based deployment of the managed disk.

✔️Consult with your instructor for how to access the lab instructions and lab environment (if provided).

Lab 03c - Manage Azure resources by Using Azure PowerShell

Lab scenario
Now that you explored the basic Azure administration capabilities associated with provisioning resources and
organizing them based on resource groups by using the Azure portal and Azure Resource Manager templates,
you need to carry out the equivalent task by using Azure PowerShell. To avoid installing Azure PowerShell
modules, you will leverage PowerShell environment available in Azure Cloud Shell.

Objectives
In this lab, you will:

 Task 1: Start a PowerShell session in Azure Cloud Shell.

 Task 2: Create a resource group and an Azure managed disk by using Azure PowerShell.
 Task 3: Configure the managed disk by using Azure PowerShell.

✔️Consult with your instructor for how to access the lab instructions and lab environment (if provided).

Lab 03d - Manage Azure resources by Using Azure CLI

Lab scenario
Now that you explored the basic Azure administration capabilities associated with provisioning resources and
organizing them based on resource groups by using the Azure portal, Azure Resource Manager templates, and
Azure PowerShell, you need to carry out the equivalent task by using Azure CLI. To avoid installing Azure
CLI, you will leverage Bash environment available in Azure Cloud Shell.

Objectives
In this lab, you will:

 Task 1: Start a Bash session in Azure Cloud Shell.

 Task 2: Create a resource group and an Azure managed disk by using Azure CLI.
 Task 3: Configure the managed disk by using Azure CLI.

✔️Consult with your instructor for how to access the lab instructions and lab environment (if provided).

Module 03 Review Questions

Review Question 1
You are creating a new resource group to use for testing. Which two of the following parameters are required
when you create a resource group with PowerShell or the CLI? Select two.

 Location

 Name

 Region

 Subscription

 Tag

Explanation

Location and Name are required by PowerShell (New-AzResourceGroup) and the CLI (az group create).

Check Answers

Review Question 2
Which of the following is not true about the Cloud Shell?

 Authenticates automatically for instant access to your resources.

 Each user account can be assigned multiple machines.

 Provides both Bash and PowerShell sessions.

 Provides an editor.
 Requires an Azure file share.

Explanation

Each user account can be assigned multiple machines, is not true. The cloud shell is assigned one machine per
user account.

Check Answers

Review Question 3
You are managing Azure locally using PowerShell. You have launched the app as an Administrator. Which of
the following commands would you do first?

 Connect-AzAccount

 Get-AzResourceGroup

 Get-AzSubscription

 New-AzResourceGroup

Explanation

Connect-AzAccount. When you are working locally you are not automatically logged in to Azure. So, the first
thing you should do is to connect to Azure and provide your credentials.

Check Answers

Review Question 4
You have a new Azure subscription and need to move resoures to that subscription. Which of the following
resources cannot be moved? Select one.

 Key vault

 Storage account

 Tenant

 Virtual machine

Explanation

Tenant. A tenant cannot be moved between subscriptions.

Check Answers

Review Question 5
Which of the following is not an element in the template schema? Select one.

 Functions

 Inputs

 Outputs

 Parameters

Explanation

Inputs. Inputs is not a part of the template schema.

Check Answers

Review Question 6
Which of the following best describes the format of an Azure Resource Manager template? Select one.

 A Markdown document with a pointer table

 A JSON document with key-value pairs

 A TXT document with key-value pairs

 An XML document with element-value pairs

Explanation

A JSON document with key-value pairs. An Azure Resource Template is a JSON document with key-value
pairs.

Check Answers

Review Question 7
You are reviewing your virtual machine usage. You notice that you have reached the limit for virtual machines
in the US East region. Which of the following provides the easiest solution? Select one.

 Add another resource group

 Change your subscription plan

 Request support increase your limit

 Resize your virtual machines to handle larger workloads

Explanation
Request support increase your limit. If you need to increase a default limit, there is a Request Increase link. You
will complete and submit the support request.

Check Answers

Additional Study
Microsoft Learn provides self paced skills training on a variety of topics. These Learn modules cover the
content you have just learned. You can search for additional modules by product, role, or level.

 Core Cloud Services - Manage services with the Azure portal

 Control and organize Azure resources with Azure Resource Manager
 Build Azure Resource Manager templates
 Automate Azure tasks using scripts with PowerShell
 Manage virtual machines with the Azure CLI