Describe Cost Management in Azure

Describe Factors that Can Affect Costs in Azure

Azure Shifts development costs from CapEx of building out and maintaining infrastructure and facilities, to an OpEx of renting infrastructure as you need it. The OpEx cost can be impacted by many factors:

  • Resource Type.
  • Consumption.
    • Azure supports both pay-as-you-go model as well as pre-reserved capacity model.
  • Maintenance.
    • Maintaining your cloud environment is key to control cost.
    • By keeping an eye on your resources and making sure you’re not keeping around resources that are not longer needed, you help control cloud costs.
  • Geography.
  • Subscription Type.
  • Azure Marketplace.

Compare the Pricing and Total Cost of Ownership calculators

  • Pricing Calculator .
    • Designed to give you an estimated cost for provisioning resources in Azure.
    • Get an estimate for individual resources, build out a solution, or use an example scenario to see an estimate of Azure spend.
  • TCO Calculator .
    • Designed to help you compare the costs for running an on-premises infrastructure compared to an Azure Cloud Infrastructure.
    • With TCO Calculator, you enter your current infrastructure configuration, including servers, databases, storage, and outbound network traffic.

Describe the purpose of tags

As your cloud usage grows, it’s increasingly important to stay organised. A good organisation strategy helps you understand your cloud usage and can help you manage costs.

One way to organise related resources is to place them in their own subscriptions. You can also use resource groups to manage related resources.

Resource tags are another way to organise resources. Tags provides extra information, or metadata about your resources. This metadata is useful for

  1. Resource Management.
  2. Tags enable you to locate and act on resources that are associated with specific workloads, environments, business units, and owners.
  3. Cost Management and Optimisation.
  4. Tags enable you to group resources so that you can report on costs, allocate internal cost centers, track budgets, and forecast estimated cost.
  5. Operations management.
  6. Tags enable you to group resources according to how critical their availability is to your business.
  7. This grouping helps you formulate service-level agreements (SLAs).
  8. Security.
  9. Tags enable you to classify data by its security level, such as public or confidential.
  10. Governance and regulatory compliance.
  11. Tags enable you to identify resources that align with governance or regulatory compliance requirements.
  12. Tags can also be part of your standards enforcement efforts.
  13. Workload Optimisation and Automation.
  14. Tags can help you visualise all of the resources that participate in complex deployments.

Example tagging structure

NameValue
AppNameThe name of application that the resource is part of
CostCenterThe internal cost center code.
OwnerThe name off the business owner who’s responsible for the resources.
EnvironmentAn environment name, such as “Prod”, “Test”, or “Dev”.
ImpactHow important the resource is to business operations, such as “Mission-critical”, “High-impact”, or “Low-impact”

Describe Features and Tools in Azure for Governance and Compliance

Describe the purpose of Microsoft Purview

  • Microsoft Purview is a family of data governance, risk and compliance solutions that helps you get a single, unified view into your data.
    • Automated data discovery
    • Sensitive data classification
    • End-to-end data lineage
    • Create a secure environment for data consumers to find valuable data.
    • Generate insights about how your data is stored and used.
    • Manage access to the data in your estate securely and at scale.

Describe the purpose of Azure Policy

  • Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources.
    • These policies enforce different rules access your resource configurations so that these configurations stay compliant with corporate standards.
  • Azure Policy enables you to define both individual policies and groups of related policies, known as initiatives.
  • Azure Policy evaluates your resources and highlights resources that aren’t compliant with the policies you’ve created, and prevent noncompliant resources from being created.
  • Azure Policies can be set at each level, enabling you to set policies on a specific resources, resource group, subscription, and so on.
  • Azure Policies are inherited, so if you set a policy at a high level, it will automatically by applied to all of the groupings that fall within the parent.

Azure Policy Initiatives

  • An Azure Policy Initiative is a way of grouping related policies together.
  • The Initiative definition contains all of the policy definitions to help track your compliance state of a large goal.

Describe the purpose of Resource Locks

  • A Resource Lock prevents resources from being accidentally deleted or changed.
  • Resource Lock prevent resources from being deleted, updated, depending on the type of lock.
  • Resource Lock can be applied to individual resources, resource groups, or even an entire subscription.
  • Resource Locks are inherited, meaning that if you place a resource lock on a resource group, all of the resources within the resource group will also have the resource lock applied.

There are two types of Resource Lock

  1. Delete. means authorised users can still read and modify a resource, but they cannot delete the resource.
  2. ReadOnly. means authorised users can read a resource, but they cannot delete or update the resources.
  3. Applying this lock is similar to restricting all authorised users to the permissions granted by the Reader one.

Describe the purpose of the Service Trust portal

  • Service Trust Portal is a portal that provides access to various content, tools, and other resources about Microsoft Security, privacy, and compliance practices.

You can access the Service Trust Portal via Microsoft Service Trust Portal .

Describe Features and Tools for Managing and Deploying Azure Resources

Describe the Azure Portal

Describe Azure Cloud Shell, including Azure CLI and Azure PowerShell

Describe the purpose of Azure Arc

Azure Arc provides a centralised, unified way to

  1. Manage your entire environment together by projecting your existing non-Azure resources into ARM.
  2. Manage multi-cloud and hybrid virtual machines, Kubernetes clusters, and databases as if they are running in Azure.
  3. Use familiar Azure services and management capabilities, regardless of where they live.
  4. Continue using traditional ITOps while introducing DevOps practices to support new Cloud and native patterns in your environment
  5. Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions.

Azure Arc can do outside of Azure

  1. Servers
  2. Kubernetes Clusters
  3. Azure Data services
  4. SQL Server
  5. Virtual Machines

Describe Azure Resource Manager (ARM), ARM Templates, and Bicep

Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update and delete resources in your Azure account.

By using ARM template, you can describe the resources you want to use in a declarative JSON format. With an ARM template, the deployment code is verified before any code is run.

Bicep is the language that uses declarative syntax to deploy Azure resources. A Bicep file defines the infrastructure and configuration. Then, ARM deploys the environment based on your Bicep file.

Describe Monitoring Tools in Azure

Describe the Purpose of Azure Advisor

Azure Advisor evaluates your Azure resources, and make recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

The recommendations are divided into five categories:

  1. Reliability.
  2. Security.
  3. Performance.
  4. Operational Excellence.
  5. Cost.

Describe Azure Service Health

Azure Service Health contains the following

  1. Azure Status . Broad picture of the status of Azure globally.
  2. Service Health . provides a narrower view of Azure services and regions. It focuses on the Azure services and regions you’re using.
  3. Resource Health. a tailed view of your actual Azure resources. It provides information about the health of your individual cloud resources, such as a specific virtual machine instance.

Describe Azure Monitor, including Azure Log Analytics, Azure Monitor Alerts, and Application Insights

Azure Monitor is a platform for collecting data on your resources, analysing that data, visualising the information, and even acting on the results.

Azure Monitor can monitor Azure resources, your on-premise resources, and even multi-cloud resources like virtual machine hosted with a different cloud provider.

Azure Log Analytics is to let you write and run log queries on the data gathered by Azure Monitor.

Azure Monitor Alerts are an automated way to stay informed when Azure Monitor detects a threshold being crossed.

Application Insights is an Azure Monitor feature, that monitors your Web Application.

Reference