Table of Contents
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
Part I: Develop for Azure
Chapter 1: Azure Storage Ecosystem: Overview and Development with Azure Blob Storage
General Information about Azure Storage
Types of Azure Storage
Azure Container (Blob) Storage
Block Blobs
Append Blobs
Page Blobs
Azure Table Storage
Designing Your Data
Azure Queue Storage
Azure File Storage
Blob Storage
Storage Account Performance Tiers
Standard Tier
Premium Tier
Storage Account Redundancy
Locally Redundant Storage (LRS)
Zone-Redundant Storage (ZRS)
Geo-Redundant Storage (GRS)
Geo-Zone-Redundant Storage (GZRS)
Geo-Redundant Storage with Read Access (GRS-RA)
Geo-Zone-Redundant Storage with Read Access (GZRS-RA)
Read-Access Storage and Development of Your Applications
Blob Storage Tiers
Hot Storage
Cool Storage
Archive Storage
Automation of Tier Placement
Storage Access
Public Access
Private Access
Shared Access Signature (SAS) Tokens
Individual (Ad Hoc) Tokens
Policy-issued Tokens
Working with the Azure Storage SDK
Working with Azure Storage from Code Using the .Net SDK
Creating the Account
Getting Connected to the Account
Creating a Container
Uploading a Blob
Listing All the Blobs
Downloading a Blob
Modifying the Blob Metadata
Deleting a Blob
Deleting a Container
Review Your Learning
Complete the AZ-204: Develop Solutions that Use Blob Storage Learning Path
Chapter Summary
Chapter 2: Develop Solutions That Use Cosmos DB
Why Choose Azure Cosmos DB?
Azure Cosmos DB Hierarchy
Choosing the Correct API
Cosmos DB for MongoDB
Cosmos DB for Apache Cassandra
Cosmos DB for Table
Cosmos DB for Apache Gremlin (Graph)
Cosmos DB for PostgreSQL
Cosmos DB for NoSQL
Capacity Mode
Provisioned Throughput
To Share or Not To Share; That Is the Question
Serverless
Autoscaling
Global Distribution
Consistency Levels
Strong Consistency
Bounded Staleness
Session Consistency
Consistent Prefix
Eventual
Networking
Backup Policy
Encryption
Partitioning
Logical Partitions
Physical Partitions
Partition Keys
High Cardinality for Write-Heavy Workloads
Utilizing Your Query Filter as the Partition Key for Read-Heavy Workloads
Indexing in Cosmos DB
Cosmos DB Change Feed
Utilizing .NET with Azure Table Storage and Cosmos DB via the Cosmos DB SDK
Azure Table Storage
Compose the Client
Create a Table
Add an Item to Table Storage
Get an Item from Storage
Delete Items
Azure Cosmos DB (Table API)
Table Storage to Cosmos DB
Azure Cosmos DB (SQL API)
Connect to the Cosmos DB Account
Create and Delete Databases
Create and Delete Containers
Insert and Update Items
Query the Data via Code
Using a Point Read
Using the Query Item Iterator
Using the LINQ Version of the Iteration for Query Syntax
Delete Items from the Container
Review Your Learning
Complete the AZ-204: Develop Solutions That Use Azure Cosmos DB
Chapter Summary
Part II: Develop Azure Compute Solutions
Chapter 3: Implement Infrastructure as a Service (IaaS) Solutions
Virtual Machines
Azure Physical Architecture
Fault Domains
Update Domains
Availability Zones
Azure Regions
Azure Sovereign Regions
Deploying an Azure Virtual Machine
Creating a Virtual Machine: The Basics
Availability Options
Security, Image, and Architecture
Virtual Machine Size
Port Rules
Hybrid Licensing
Disks
Networking
Management
Monitoring
Advanced
Final Checks
Restricting and Allowing Network Access to a Virtual Machine
Effective Security Rules
Implementing Desired State Configuration on an Azure Virtual Machine
Azure Resource Manager (ARM) Templates and Bicep for Infrastructure as Code (IaC)
Template Structure
VS Code for Templates
ARM Templates
Resources
Validating ARM Templates
Deploying ARM Templates
Parameters
Variables
Outputs
Functions
Bicep Templates
A Quick Bicep Example
Final Thoughts about Template Deployments
Incremental Deployments
Complete Deployments
Review Your Learning
Optional Training: Complete the Original First Two AZ-204: Implement Infrastructure as a Service Solutions Modules (no longer a the learning path for AZ-204 as of April 2023)
Chapter Summary
Chapter 4: Create Azure App Service Web Apps
Before Getting Started
Creating an Azure App Service
App Service Plans
Pricing Tier
Operating System
Redundancy
App Services
Name Your Application
Publish Type
Code
Docker Container
Static Web Application
Runtime Stack
App Service Plan
Deployment
Automated Deployments
Manual Deployments
Networking
Monitoring
After Provisioning
Deployment Slots
Create a Deployment Slot
Swap Slots
Simple Traffic Load-Balancing/Routing
Automated Deployment Using the Deployment Slot’s Publish Profile
Additional Services
Deploy an Azure SQL Instance
Configuration
Application Settings and Connection Strings
Connection Strings
Application Settings
General Settings
Default Documents
Path Mappings
Scaling
Autoscaling
Manual Scaling
Additional Settings and Configurations
Networking
Inbound IP Address
Outbound IP Addresses
Certificates and TLS/SSL
A Few Things Not Covered in this Chapter
Review Your Learning
Complete the Azure App Service Web Apps Learn Modules
Chapter Summary
Chapter 5: Azure Container Ecosystem: Azure Container Registry, Azure Container Instances, and Azure Container Apps
Four Important Things to Know About Containers
Containers Are for Everyone
Containers Are Not Microservices or Cloud-Native Applications
Containerized Applications Are Agnostic to Their Hosting Platform
Containers and the Container Ecosystem Have a Steep Learning Curve
Hosting Containers in Azure
Windows Subsystem for Linux (WSL)
Docker
Images
Containers
Azure Container Registry
Service Tiers
Basic
Standard
Premium
Additional Information
Image Storage
Deploy an Azure Container Registry
Push an Image to the Container Registry
Log in to Your Registry from Your Local Machine
Tag Your Image with Your Registry Name and a Version Number
Push Your Tagged Image to the Registry
Automated Build Tasks
Azure Container Instances
Deploy from the Container Registry
Deploying with the AZ CLI
Deploying from the Portal
Networking
Restart Policy and Environment Variables
Container Groups
Group Deployment via a YAML File
Group Deployment via Docker Compose
Persistent File Shares
Containers in Azure App Services
Additional Services
Azure Kubernetes Service
Azure Container Apps
Review Your Learning
Complete the Three AZ-204: Implement Containerized Solutions Modules
Chapter Summary
Chapter 6: Implement Azure Functions
A Quick History of Azure Functions
Creating an Azure Function
Name the Function App
Publish
Runtime Stack
Operating System (OS)
Hosting Plans
Backing Storage
Networking
Monitoring
Deployment Options
Slots
Creating the Application Code
Create the Function App
Function Apps and Functions
Triggers
HTTP Triggers
Timer Triggers
Azure Service-Based (or Third-Party) Triggers
Authorization Levels
Anonymous
Function
Admin
System
User
The Default HTTP Trigger Function
.NET 7 Changes
GetTopMovies Function
Deploy the Function App
Right-Click and Publish from Your Local Environment
Deploying with CI/CD
Test the Function App
Bindings
Create a Function with an Input Binding to Blob Storage
Modify the Function to Parse and Push Data to Cosmos DB with an Output Binding
The function.json File
WebJobs vs. Functions
Durable Functions
Task Hubs
Storage Resources
Durable Orchestrations
Durable Function Types
Orchestrator Functions
Activity Functions
Entity Functions
Client Functions
Patterns
Function Chaining
Fan-out/Fan-In
Async HTTP APIs
Monitor
Human Interaction
Aggregator
Review Your Learning
Complete the AZ-204: Implement Azure Functions
Chapter Summary
Part III: Implement Azure Security
Chapter 7: Implement User Authentication and Authorization
Multi-Factor Authentication (MFA)
Conditional Sign-in/Risky Sign-in Detection
Authentication and Authorization
Primary Authorization Roles in Azure
The Reader Role
The Contributor Role
The User Access Administrator Role
The Owner Role
Requiring Authentication
Identity Providers
Integrated Providers
Creating a New App Registration
Supported Account Types
Authentication Settings
Permissions
Delegated Permissions
Application Permissions
Required Sign-In
Consent on Behalf of Your Organization
Leverage the Microsoft Identity in Your Application
Create an Additional App Registration
Add a Redirect URI to the App Registration
Add a Client Secret to the App Registration
Add a NuGet Package
Add the Authentication Code to the Application
Add Configuration Values to App Service and Slot
Register the Users
Service Principals
Leverage a Service Principal in GitHub Actions
Add Federated Credentials
Managed Identities
Authorization Flows
Authorization Code
Client Credentials
Device Code
Implicit
Integrated Windows
Interactive and Non-Interactive
On-Behalf-Of
Username/Password
Shared Access Signatures
Identity and Authorization in Applications
Create the App Registration
Working with the Microsoft Authentication Library (MSAL)
Build the Application
Set the Scopes
Get Your Access Token
Print the Token
Run and Grant Permissions
Working with the Microsoft Graph SDK
Build the Application
Set the Scopes
Create Device Code Credential
Create the Graph Service Client
Get the Me Object
Review Your Learning
Complete the AZ-204: Implement User Authentication and Authorization
Chapter Summary
Chapter 8: Implement Secure Cloud Solutions
Managed Identities
System-Assigned Identities
User-Assigned Identities
Azure Key Vault
Centralized Storage
Azure Key Vault Tiers
Standard Key Vault
Premium Key Vault
Data Retention
Access Policy
Network Access
Data Encryption
Keys, Secrets, and Certificates
Keys
Secrets
Certificates
Access Policies
Create an Access Policy
Connect to Azure Key Vault From Azure App Service
Configure the Application to Read From Key Vault
Azure Application Configuration
Centralized Configuration
Azure Managed Service
Creating a New Azure App Configuration
Networking
Data Encryption
Create a System-Managed Identity
Customer-Managed Key
Keys and Values
Labels
Feature Flag Management
Create a Feature Flag
Feature Flag Configuration
Connecting an App Service Web Application to an Azure Application Configuration
Configure the Security Settings
Add a New Role Assignment
Update the Azure App Service Configuration
Update the Application Code to Connect to Azure App Configuration
Review the Application
Connect to Azure Key Vault Through Azure Application Configuration
Make the Code Change
Update Azure App Configuration
Review Your Learning
Complete the AZ-204: Implement Secure Cloud Solutions
Chapter Summary
Part IV: Monitor, Troubleshoot, and Optimize Azure Solutions
Chapter 9: Implement Caching for Solutions
Benefits of Caching
Data Stored in Local Memory
Retrieve and Mutate Data Quickly
Server Offload, High Throughput
Benefits of Delivering Static Content via the CDN
Higher Throughput
Resiliency
Server Offload
Azure Content Delivery Network (CDN)
CDN Profiles
Limitations
Azure Front Door CDN
Creating a Microsoft Standard CDN Profile
Product Offerings
Create an Endpoint
Caching Rules
Global Caching Rules
Custom Caching Rules
Query String Caching
Ignore Query Strings
Bypass Query String Caching
Cache Unique Query Strings
Time to Live (TTL)
Purging Content
Point of Presence (PoP)
Order of Operations
Pre-Loading Content
Geo-Filtering Content
Interact with the Azure CDN via .NET Code
Caching for Optimization
Redis Cache
Azure Cache for Redis
Cache Types
Open Source Redis
Basic Cache
Standard Cache
Premium Cache
Enterprise Redis
Enterprise Cache
Enterprise Flash Cache
Caching Patterns
Data Cache (Cache-Aside)
Content Cache
Session Store
Messaging
Transactions
Networking
Clustering
Redis Commands
Working with Redis Cache via .NET
Redis Connection String Information
Create the Connection Multiplexer and Connect
Create the Database Object
Run the Commands
PING/PONG
StringSet
StringGet
Store Serialized JSON
List All Clients
Additional Commands Not Shown
Cache-Aside in an ASP.Net MVC Application
Utilize User Secrets
Inject Redis Cache into the Application
Review the Controller Code
Run the Code
Additional Resources
Review Your Learning
Complete the AZ-204: Integrate Caching and Content Delivery Within Solutions
Chapter Summary
Chapter 10: Troubleshoot Solutions by Using Metrics and Log Data
Azure Monitor
Metrics
Logs
Traces
Changes
Different Components of Azure Monitor
Insights
Visualizations
Tools for Analysis
Ability to Respond
Integrations
Utilizing Application Insights
Implementing Application Insights in .NET
Ensuring Application Insights Telemetry Is Injected
Reviewing Live Metrics
Requests
Dependencies
Exceptions
Page Views/Server Performance
User/Session Counts
Live Tracking of Trace, Event, and Exceptions
Client-Side JavaScript and AJAX Requests
Performing Availability Tests
URL Tests (Classic Test)
Standard Test
Custom Testing with TrackAvailability()
Application Map
Kusto Queries
Log-Based Metrics
Pre-Aggregated Time-Series
Creating an Alert Based on a Query
Signals
Action Groups
Notification Methods
Create the Query
Set the Alert Condition
Create the Actions
Set the Basics
Set the Notifications
Configure the Actions
Details
Visualization Tools
Power BI
Third-Party Solutions/Grafana
Workbook
Azure Dashboard
Create a Dashboard Based on a Query
Complete the AZ-204: Instrument Solutions to Support Monitoring and Logging
Review Your Learning
Chapter Summary
Part V: Connect to and Consume Azure Services and Third-Party Services
Chapter 11: Implement API Management
Overview
Prerequisites
Resource Group
Log Analytics Workspace
Application Insights
Creating an APIM Instance
APIM Basics Tab
APIM SKUs (Tiers/Offerings)
Consumption (99.95 Percent SLA)
Developer (no SLA)
Basic (99.95 Percent SLA)
Standard (99.95 Percent SLA)
Premium (99.95 or 99.99 Percent SLA)
APIM Monitoring Tab
APIM Scale Tab
APIM Managed Identity
APIM Virtual Network Tab
APIM Protocol Settings
The API Gateway
Entry Point for All Requests
Gateway Routing
Benefits of a Centralized Gateway
Route Aggregation
Decouple Backend Services from Clients
SSL Termination (SSL Offload)
Reduced Attack Surface
Logging and Monitoring
Response Caching
Validation of Tokens and/or Certificates
Administering APIs in the Azure Portal
APIs
Create an API
Products
Create a Product
Subscriptions
Create Two Subscriptions
Send a Request
Developer Portal
Public API Documentation
Groups
Expose APIs via Products to Groups
Register Developers
Default Groups
Administrators
Developers
Guests
Custom Groups
Utilizing Policies
Inject/Decorate Information in Request/Response
Rate Limit
Conditional Policies
IP Address Restrictions
Validate Certificates
Issuer (Certificate Authority)
Thumbprint
Subject
Validate Against Uploaded Certificates
Validate by JWT
Which Is Better (JWT or Certificates)?
Mock Responses for Testing
Authenticate to the Backend
Review Your Learning
Complete the AZ-204: Implement API Management Learn Module
Chapter Summary
Chapter 12: Develop Event-Based Solutions
Event Hub vs Event Grid
Azure Event Hubs
Event-Driven Architecture
Producer
Receiver
Partition
Consumer
Consumer Group
Checkpointing
Client
Creating an Event Hub Namespace in Azure
Throughput Units (TU)
Processing Units (PU)
Capacity Units
Offerings (SKUs/Tiers)
Basic
Standard
Premium
Dedicated
Advanced Settings
Networking
Creating a Data Lake Storage Account and Container
Creating an Event Hub in Azure
Event Hub Capture
Time Window (Minutes)
Size Window (MB)
Emit Empty Files
Capture Provider
Azure Storage Container
File Name Formats
Review and Create the Event Hub
Working Against an Event Hub with .NET
.NET Client for Sending Events to the Hub
Shared Access Signatures
Data Roles
Owner
Sender
Listener
.NET Event Producer
Set the ConnectionString and Name in Secrets.json
Code to Produce Events
.NET Event Consumer
Create Another Container
Update User Secrets for the Client Application
Consume Events
Azure Event Grid
Producers
Consumers
Concepts
Events
Sources
Topics
Subscriptions
Handlers
Event Schema
ID
Topic
System Topics
Custom Topics
Subject
Type
Time
Data
Versions (Data/Metadata)
Subscribing to Topics
Filtering Data
Filter by Subject
Filter by Type
Filter by Conditions
Event Delivery
Retry Policies
Error Codes that Immediately Cancel Retry
Maximum Number of Attempts
Maximum TTL
Dead-Letter
Responding to an Event with a Logic App
Leverage the Storage Account
Add a Subscription
Modify the Subscription
Modify the Logic App
Test the Logic App Event Handler
Review the Logic App Data
Review Your Learning
Complete the AZ-204: Develop Event-Based Solutions
Chapter Summary
Chapter 13: Develop Message-Based Solutions
Overview
First In/First Out (FIFO)
Load Leveling
Loose Coupling
Working with Azure Storage Queue
When to Use Azure Storage Queue
Azure Storage Queue Features
Access via HTTP/HTTPS
Message Size (64 KB)
Massive Amounts of Messages (>80 GB)
Storage Queue URL
Operations
Lease the Queue Message
Renew the Lease
Delete the Message
At-Most-Once
Message Retention
Working with Storage Queue in .NET
Create an Azure Storage Queue
NuGet Packages
Get the Connection String
Compose the Client
Send Messages to the Queue
Peek at the Messages
Update a Message in the Queue
Receive but Leave the Messages
Extend the Lease
Delete Messages from Storage Queue
Delete the Queue
Working with Azure Service Bus
Tiers
Basic
Standard
Premium
Advanced Tab
Networking
When to Use Azure Service Bus
Features
Message Size (Up to 256 KB or 100 MB)
Sessions (Long-Polling and Guaranteed FIFO)
Duplicate Detection
Transactions
Opaque Binary Payload
Auto-Forwarding
Dead-Lettering
Batching
Auto-Delete on Idle
At-Most-Once Delivery
At-Least-Once Delivery
Filtering
Queues and Topics
Queues
Receive Mode
Receive and Delete
Peek Lock
Working with Service Bus Queue in .NET
Configure a Queue
Shared Access Policies
Update User Secrets
Publish Messages to the Queue
Service Bus Explorer
Receive Messages from the Queue with a Consumer
Process Messages
The Code to Process Messages
Complete the Processing
Topics
Pub/Sub
Filtering
Working with Service Bus Topics in .NET
Get Started with the Administration Project
Root-Level Administrator Token
Set Secrets for the Administrator Project
Commands from the Admin Program
Execute the Administration Program
Publish Messages
Producer and Consumer Tokens
Send Messages
Run the Program
Consume Messages
Update the Secrets
Compose the Hierarchy
Receive All Messages
Run the Program for All Movies
Repeat the Run for Each Subscription
Review Your Learning
Complete the AZ-204: Develop Message-Based Solutions Learn Module
Chapter Summary
Book Wrap-Up
Appendix A: Answers to the “Review Your Learning” Questions and Additional Links
Chapter 1: Azure Storage
Review Your Learning
Learn Modules
AZ-204: Develop Solutions That Use Blob Storage Learning Path
Chapter 2: Cosmos DB and Table Storage
Review Your Learning
Learn Modules
AZ-204: Develop Solutions That Use Azure Cosmos DB
Chapter 3: Infrastructure as a Service (IaaS) Solutions
Review Your Learning
Learn Modules
AZ-204: Implement Infrastructure as a Service Solutions (Modules 1 and 2)
Chapter 4: Azure App Service Web Apps
Review Your Learning
Learn Modules
Complete the Azure App Service Web Apps Learn Modules
Chapter 5: Azure Container Ecosystem (Container Registry and Container Instances)
Review Your Learning
Learn Modules
AZ-204: Implement Infrastructure as a Service Solutions Modules (Modules 3 and 4)
Learn Modules for Optional/Additional Learning
Chapter 6: Implement Azure Functions
Review Your Learning
Learn Modules
AZ-204: Implement Azure Functions
Chapter 7: Implement User Authentication and Authorization
Review Your Learning
Learn Modules
AZ-204: Implement User Authentication and Authorization
Chapter 8: Implement Secure Cloud Solutions
Review Your Learning
Learn Modules
AZ-204: Implement Secure Cloud Solutions
Chapter 9: Implement Caching for Solutions
Review Your Learning
Learn Modules
AZ-204: Integrate Caching and Content Delivery Within Solutions
Chapter 10: Troubleshoot Solutions by Using Metrics and Log Data
Review Your Learning
Learn Modules
AZ-204: Instrument Solutions to Support Monitoring and Logging
Chapter 11: Implement API Management
Review Your Learning
Learn Modules
AZ-204: Implement API Management
Chapter 12: Develop Event-Based Solutions
Review Your Learning
Learn Module
AZ-204: Develop Event-Based Solutions
Chapter 13: Develop Message-Based Solutions
Review Your Learning
Learn Modules
AZ-204: Develop Message-Based Solutions
Conclusion
Index