Understanding Microsoft Azure

Microsoft Azure is a comprehensive cloud

computing platform that delivers a wide range of
services over the internet. From virtual machines
and storage to databases and networking, Azure
empowers organizations to build, deploy, and
manage applications without investing in physical
infrastructure.
Virtualization

Virtualization is the process of creating a software-

based version of physical resources such as servers,
operating systems, storage, or networks. This
technology is the foundation that makes cloud
computing possible.
How Azure Uses It
Azure leverages virtualization to run multiple virtual
machines on a single physical server, maximizing
efficiency and resource utilization.
Real-World Analogy
Think of one physical computer acting like many
computers simultaneously—similar to running multiple
apps on your smartphone at the same time. Each app
operates independently, sharing the same hardware.
Virtual Machine (VM)

What Is a VM? Azure VMs The Rental Model

A Virtual Machine is a Azure Virtual Machines Using an Azure VM is like
software-based computer allow you to run renting a fully-equipped
that runs an operating Windows or Linux computer online instead of
system and applications operating systems in the buying one—you get
just like a physical cloud without purchasing instant access without the
computer, but without the physical hardware or upfront cost or
physical hardware. managing data centers. maintenance burden.
API (Application Programming Interface)

APIs in Azure

An API is a set of rules and protocols

that allows two software applications to
communicate with each other
seamlessly. APIs are the invisible
bridges that connect different systems.
Azure APIs enable applications to
programmatically create VMs, store
data, access services, and automate
cloud operations without manual
intervention.
 Regions

What Are Regions?

Examples The Bank Branch Analogy
Regions are specific
Azure has regions like Central
geographical locations around Think of regions as branches
India, East US, West Europe,
the world where Azure of a bank in different cities—
and many more—over 60
operates data centers. Each each serves local customers
regions globally, ensuring low
region is a separate physical with the same core services but
latency and data residency
location with one or more data operates independently.
compliance.
centers.
Availability Zones

Availability Zones are physically separate data centers

within the same Azure region. Each zone has
independent power, cooling, and networking
infrastructure to ensure maximum resilience.

How It Works in Azure

Within a single region, you might have Zone 1, Zone 2,
and Zone 3. If one zone experiences an outage, your
applications continue running in another zone without
interruption.
The School Building Analogy
If one school building loses electricity, classes
seamlessly continue in another building on campus. The
education never stops, just like your cloud services.
Scalability

01 02
Understanding Scalability Scaling in Azure

Scalability is the ability of a When user demand increases,

system to handle increased Azure allows you to quickly add
workload by adding more more virtual machines, increase
resources—either horizontally storage capacity, or enhance
(more machines) or vertically network bandwidth to maintain
(more powerful machines). performance.
Elasticity

What Is Elasticity? Azure's Elastic Approach

Azure automatically scales resources up during
Elasticity means automatically peak business hours when traffic is high, then
increasing or decreasing cloud scales them back down at night when demand
decreases—optimizing both performance and cost.
resources based on real-time
The Seasonal Analogy
demand. Unlike manual scaling,
elasticity happens dynamically Think of electricity usage that automatically
increases during hot summer months for air
without human intervention. conditioning, then naturally reduces in cooler
winter months. The system adapts to need.
 Agility

Speed of Deployment Minutes, Not Weeks The Food Delivery Analogy

Agility is the ability to quickly With Azure, you can launch Ordering food online for
deploy, modify, and scale fully-configured servers and immediate delivery instead of
buying ingredients and cooking
applications without lengthy applications in minutes rather from scratch—you get what you
procurement processes or than the weeks or months need, fast.
hardware setup delays. required for traditional
infrastructure.
High Availability (HA)
High Availability ensures that systems and applications
remain accessible and operational for the vast majority
of the time—typically 99.9% uptime or higher. This
means minimal downtime even during failures.
Azure's HA Strategy
Azure achieves high availability through redundant
virtual machines, load balancing, and distribution across
multiple Availability Zones. If one component fails,
another immediately takes over.
The Backup Connection
Having two internet connections at home ensures that if
one connection fails, the other keeps you online. Azure
applies this same principle across its entire
infrastructure.
Authentication and Authorization
 Zero Trust
1. First introduced by the Forrester alum John Kindervag in 2009, the zero trust
approach centers on the idea that trust is a vulnerability and you should “never
trust, always verify”.
2. Zero trust assumes that you need to treat all users as “untrusted” by default and
only grant access to your valuable assets to authenticated and verified users —
and only to the extent needed to perform their particular tasks.
3.
Zero trust is intended to stop both external attacks and insider threats, thus,
limiting the potential damage to your organization.
4. Zero trust is an architectural approach that requires all users, whether inside or
outside your organization’s network, to be authenticated and authorized.

Origin: [Link]
© Syteca
Microsoft Entra
Microsoft Entra is a family of identity and network access products. It lets
organizations implement a Zero Trust security strategy and create a trust fabric
that verifies identities, validates access conditions, checks permissions, encrypts
connection channels, and monitors for compromise.
 Microsoft Entra ID
Microsoft Entra ID (formerly Azure Active Directory) is Microsoft’s cloud-based identity and access
management service.
It helps organizations control who can sign in and what they can access.
What Does Microsoft Entra ID Do?
11️⃣Authentication (Who are you?)Verifies user identity using:Username & password OTP (Multi-Factor
Authentication)
2️⃣Authorization (What can you do?) Grants access based on roles and permissions
Where is Entra ID Used?
Microsoft Azure, Microsoft 365 (Outlook, Teams), Cloud applications
One login gives access to multiple services (Single Sign-On).
Users
Normal User (Member User)
1. A regular internal user
2. Belongs to your organization
Characteristics
Uses organization email (or created username)
Can be assigned roles.
Can create resources if role allows
A normal user (member) is an internal user of the organization
with access based on assigned roles.
Guest User
1. An external user.
2. Invited from outside the organization
Characteristics
Uses external email (Gmail, Yahoo, etc.)
Limited by default
Access only to shared resources
A guest user is an external user who is given limited access to Azure
resources.
Resource Groups
1. A Resource Group is a logical container in Azure that holds related resources such as
virtual machines, storage accounts, and networks.
2. Organize resources by project or application
3. Apply access control (RBAC) at one place
4. Monitor, manage, and delete resources together
5. Simplify cost tracking
Example
A resource group named RG-StudentProject may contain:
1 Virtual Machine, 1 Storage Account, 1 Virtual Network, All related to one project.
Characteristics of Resource
Group
Resource group is logical, not physical
Each resource belongs to one resource group only
Resource group has a region
Resources inside can be in different regions
Deleting a resource group deletes all resources in it
Contd.
•A Resource Group is mandatory before creating:

•Virtual Machine

•Storage Account

•Virtual Network

•Deleting a Resource Group deletes everything inside it

•Resource Group has a region, but resources inside can be in different regions
Rules for naming Resource
Groups
RG-<ProjectName>-<Environment>
Examples:
RG-StudentLab-Dev
RG-AIProject-Test
RG-CloudClass-Prod
Rules:
No spaces
Use hyphen -
Meaningful names