My AZ-103 Study Notes (Work In Progress!)

13/11/2019

I am just starting out on my journey to try and pass AZ-103 – Microsoft Certified Azure Administrator. This area I am going to try and use as a scratchpad for anything of interest that I find so that I can refer back to them at a later stage – usually, this will be some nice little PowerShell snippets but may extend further out to include further info.

At this point, I do use Azure quite often on a daily basis, but my knowledge only extends to setting what I would consider being fairly small environments with no requirements for anything complex. By small I mean a customer with usually no more than 15 IaaS Windows VMs with normally a couple of VPNs between on-premises and Azure, some NSG’s, public IP addresses and that is about it! I have decided that enough is enough now, and I really need to learn Azure more in-depth.

If you are just starting out, I would highly recommend that you look at the study resource that Pixel Robots has created: https://pixelrobots.co.uk/2019/03/study-resources-for-the-az-103-microsoft-certified-azure-administrator/

Manage Azure subscription and resources (15-20%)

Manage Azure subscriptions

Assign administrator permissions

There isn’t much to add here – you just need to know the various permission objects that are available and the Notes that come with some of them. However, make sure to run through some of the permissions in the Azure portal so that you understand how they work.


Configure cost center quotas and tagging

Now, this bit I found really interesting. I had already implemented tagging on some Azure tenants, but never with PowerShell and I had no idea that you could use an Azure policy to enforce tagging rules and conventions! I had never even heard of Azure Policy (yeah I know…). This is really cool: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags#policies

To find a resource ID of a VM within Azure:

Get-AzResource -ResourceGroupName "RG-NAME" | Where-Object {$_.ResourceType -match "virtualmachine"}

We can then use that to find the tags for all VMs within a particular Resource Group:

(Get-AzResource -ResourceGroupName "RG-NAME" | Where-Object {$_.ResourceType -match "virtualmachine"}).Tags

In bash, this is done like the following (but I am not sure how to narrow it down to just those VMs that have a tag applied as I am not familiar with bash… yet!)

az resource list --resource-type Microsoft.Compute/virtualMachines --tag

Or a better one would be to get a list of resources that have a particular tag. But here is how to narrow it down to just VMs for example:

(Get-AzResource -ResourceGroupName "RG-Name" -Tag @{ CreatedBy="Robert Milner"} | Where-Object {$_.ResourceType -match "virtualmachine"}).Name

Bash example:

#Don't have one yet!

You can apply tags to a resource or resource group that has existing tags, but you must first retrieve the existing tags and add the new tags as otherwise, they will get overwritten.

$RGName = "ExampleRG-Group"
$tags = (Get-AzResourceGroup -Name $RGName).Tags
$tags.Add("Status", "Approved")
Set-AzResourceGroup -Tag $tags -Name $RGName

Bash example:

jsonrtag=$(az resource show -g ExampleRG-Group -n exampleVM --resource-type "Microsoft.Network/virtualMachines" --query tags)
rt=$(echo $jsonrtag | tr -d '"{},' | sed 's/: /=/g')
az resource tag --tags $rt Project=Redesign -g examplegroup -n exampleVM --resource-type "Microsoft.Network/virtualMachines"

JSON templates use a tags element

"tags": {
	"Dept": "Finance",
	"Environment": "Production"
	},

You can also apply tags to resources from the Resource Group, which is almost a parent and child configuration – but they will not auto-update as it only applies the tags when the resource is being deployed

"tags": {
		"Dept": "[resourceGroup().tags['Dept']]",
		"Environment": "[resourceGroup().tags['Environment']]"
	},

I haven’t documented applying tags via the portal web interface, as I am familiar with that part anyway. If you want to read up how to do this, here is the direct link: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags#portal


Configure Azure subscription policies at Azure subscription level

Azure Policy is a service that allows you to create, assign and manage policies to enforce rules on your resources to ensure that they stay compliant with corporate standards and SLAs.

For example, you can define a policy that will only allow certain SKUs of VMs to be built. Or specify that resources can only be deployed in certain regions (this, in particular, will be useful for me!)

Policy assignments are inherited to all child resources – so applying a policy at the resource group will apply to all resources within that resource group.

You can add multiple policy definitions under a policy initiative definition. It is a great way of grouping similar definitions under a single initiative.

Policy templates: https://docs.microsoft.com/en-us/azure/governance/policy/samples/


Analyze resource utilization and consumption

Create baseline for resources

  • Scalable alerting
    • Allows you to create tailored thresholds for hundreds of metric series at a time
    • Applies metrics to multiple resources – to all subscription resources if required
    • Can save a lot of time on management and creation
  • Smart Metric Pattern Recognition
    • Uses machine learning to detect patterns and changes over time
    • Adapts to metric behaviour
    • Designed to prevent noisy & wide thresholds
    • An alert using this will be a “real” alert!
  • Intuitive Configuration
    • Set up metric alerts using high-level concepts
    • No need for knowledge about the metric

If you want to have a go at create an Azure metric alert, here is the direct link: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-metric

You may also see the following alert when trying to get a new alert rule:

If you do, then you need to enable the Microsoft.Insights resource provider at the subscription level. You can find out how to do this by following the guide here: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-supported-services and enable Microsoft.Insights:

(30 minutes later…)

I have just finished having a play with Monitor alerts, and they are extremely useful and I cannot believe I have never used them before. My suggestion is to skim-read the rest of the text on the Microsoft page, and get stuck in doing some testing (I am using a test subscription!). The best way to learn is to do in my opinion.


Create and rest alerts

With this section, I would highly recommend that you read the MSFT article: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-metric, as that then prepares you for doing some practical work within that article!


Analyze alerts across subscription

Log search rules are defined by:

  • Log Query. The query that runs every time the alert rule fires.
  • Time Period. Specifies the time range for the query.
  • Frequency. Specifies how often the query should be run.
  • Threshold. The results of the log search are evaluated to determine whether an alert should be created.

Number of results alert rules create a single alert when the number of records returned by the search query exceed the specified threshold. Ideal of event logs, syslogs etc

Metric measurement alert rules create an alert for each object in a query with a value that exceeds a specified threshold and specified trigger condition. Unlike Number of results alert rules, Metric measurement alert rules work when analytics result provides a time series;

  • Aggregate function: Determines the calculation that is performed and potentially a numeric field to aggregate.
  • Group Field: A record with an aggregated value is created for each instance of this field, and an alert can be generated for each.
  • Interval: Defines the time interval over which the data is aggregated.
  • Threshold: The threshold for Metric measurement alert rules is defined by an aggregate value and a number of breaches. 

Analyze metrics across subscription

Azure Monitor collects and aggregates data from a variety of sources into a common data platform where it can be used for analysis, visualisation, and alerting.

Metrics, logs, and distributed traces are commonly referred to as the three pillars of observability.

Azure Monitor stores data from multiple sources together, and can stretch across multiple Azure subscriptions and tenants.

  • Metrics are numerical values that describe some aspect of a system at a particular point in time. E.g Timestamp of an alert
  • Logs are events that occurred within the system.
  • Distributed Traces are a series of related events that follow a user request through a distributed system.

A useful metrics and logs table comparing each side by side: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-platform#compare-azure-monitor-metrics-and-logs

Ability to stream data to external systems; a SIEM for example


Create action groups

Read and do some practical shiz! https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups


Monitor for unused resources

This is where Azure advisor comes into play – and this I have definitely used before 😊. It will scan your subscription and advise on:

  • High Availability
  • Security
  • Performance
  • Cost
  • Operational Excellence

Monitor spend

Get estimated services using the Azure calculator. If you haven’t used this yet, you really need to get to grips with it as otherwise you are going to struggle to price up a new Azure tenant or resources: https://azure.microsoft.com/pricing/calculator/

Cost analysis within the Azure portal is useful to see current costs broken down by service, location or subscription.

Azure Advisor may advise on using the auto-shutdown for VMs. Hmmm… not sure about that one myself, but yes it is one way to cut costs! But definitely turn on and review Azure Advisor recommendations. Reserved Instances might be on that it advises on – that is definitely worth looking at if you have a VM that is running 24x7x365 as it can potentially reduce the compute cost by about 50-60% over 3 years!


Report on spend

Here you can use the Azure portal to understand your Azure costs and spend. There is a PowerBI report available to EA customers, but at the time of writing this, they are supposed to be making this also available for those customers that are on CSP. I really hope this happens 🤞.

Again, go into the portal and get familiar with cost analysis!

(10 minutes later – I knew it was coming to CSP soon!)


Utilize Log Search query functions

Powerful query language; join data from multiple tables, aggregate large sets of data, and perform complex operations with minimal code.

Language is KQL (Kusto Query Language)

I really recommend to get hands-on with this and I would look at this as as a starting point: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal


View alerts in Log Analytics

This section details how you can use Log Analytics and connect it to systems like SCOM, Naggios and Zabbix but you can use Log Analytics alerts to create alert records directly in the repository. You may not have access to SCOM, Naggios and Zabbix so I would recommend that you get familiar with the Log Analytics alerts:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview

The doc is a bit old unfortunately and does not reflect the current state of alerts as it shows the classic portal for alerts but at least you get a nice high-level overview of what it looks like.