Azure Overview
Microsoft Azure is the second-largest cloud platform, offering 200+ services across compute, networking, storage, databases, AI, and more. It’s especially strong in hybrid cloud and enterprise environments due to deep integration with Microsoft products (Active Directory, Office 365, Windows Server, SQL Server).
Many teams run hybrid workloads: Azure and on-premises or other clouds. Reliability practices (Kubernetes, Observability, Terraform) still apply; you standardize interfaces (APIs, identity, networking) and where observability lives.
Global Infrastructure
Section titled “Global Infrastructure”Azure is organized into Regions, Availability Zones, and Geographies:
Azure Global │ ┌─────────────────┼─────────────────┐ ▼ ▼ ▼ East US West Europe Southeast Asia (Virginia) (Netherlands) (Singapore) │ │ │ ┌──┼──┐ ┌──┼──┐ ┌──┼──┐ ▼ ▼ ▼ ▼ ▼ ▼ ▼ ▼ ▼ AZ1 AZ2 AZ3 AZ1 AZ2 AZ3 AZ1 AZ2 AZ3| Concept | What It Is |
|---|---|
| Region | A geographic area with one or more data centers (e.g. eastus, westeurope). Choose the region closest to your users. |
| Availability Zone (AZ) | Physically separate data centers within a region with independent power, cooling, and networking. Deploy across AZs for high availability. |
| Geography | A grouping of regions that respects data residency boundaries (e.g. “United States”, “Europe”, “Asia Pacific”). |
| Region pair | Two regions in the same geography paired for disaster recovery (e.g. East US ↔ West US). Azure prioritizes recovery for paired regions. |
Choosing a Region
Section titled “Choosing a Region”| Factor | Consideration |
|---|---|
| Latency | Pick the region closest to your users |
| Compliance | Data residency laws (e.g. EU data in westeurope or northeurope) |
| Service availability | Not all services are available in every region |
| Pricing | Varies by region (US regions are often cheapest) |
| Paired region | Consider the pair for DR planning |
Resource Organization
Section titled “Resource Organization”Azure has a unique hierarchy for organizing and billing resources:
┌──────────────────────────────────────────┐│ Azure AD Tenant (Entra ID) ││ (identity: users, groups, apps) ││ ││ ┌────────────────────────────────────┐ ││ │ Management Group (optional) │ ││ │ │ ││ │ ┌──────────────────────────────┐ │ ││ │ │ Subscription │ │ ││ │ │ (billing boundary) │ │ ││ │ │ │ │ ││ │ │ ┌────────────────────────┐ │ │ ││ │ │ │ Resource Group │ │ │ ││ │ │ │ (logical container) │ │ │ ││ │ │ │ │ │ │ ││ │ │ │ VM, DB, Storage, ... │ │ │ ││ │ │ └────────────────────────┘ │ │ ││ │ └──────────────────────────────┘ │ ││ └────────────────────────────────────┘ │└──────────────────────────────────────────┘| Concept | What It Is |
|---|---|
| Tenant | An Azure AD (Entra ID) instance. Represents your organization. One per company. |
| Management group | Optional grouping of subscriptions for policy and access control at scale. |
| Subscription | A billing and access boundary. Many companies use separate subscriptions for dev/staging/prod. |
| Resource group | A logical container for related resources (e.g. all resources for one app). Every resource belongs to exactly one resource group. |
Resource Groups
Section titled “Resource Groups”Resource groups are the fundamental organizational unit:
# Create a resource groupaz group create --name myapp-prod-rg --location eastus
# List resources in a groupaz resource list --resource-group myapp-prod-rg --output table
# Delete an entire group (and everything in it)az group delete --name myapp-dev-rg --yesBest practice: Group resources by application and environment (e.g. myapp-prod-rg, myapp-dev-rg). Deleting a resource group deletes everything inside it — useful for cleaning up dev/test environments.
Azure Portal and CLI
Section titled “Azure Portal and CLI”Azure Portal
Section titled “Azure Portal”The web UI at portal.azure.com. Provides a visual dashboard, resource creation wizards, and monitoring views. Good for exploration and one-off tasks.
Azure CLI
Section titled “Azure CLI”Command-line interface for scripting and automation:
# Install (macOS)brew install azure-cli
# Loginaz login
# Set default subscriptionaz account set --subscription "My Subscription"
# Common commandsaz vm list --output table # list VMsaz storage account list --output table # list storage accountsaz group list --output table # list resource groupsAzure PowerShell
Section titled “Azure PowerShell”Alternative to the CLI for Windows/PowerShell users:
Connect-AzAccountGet-AzVM | Format-Table Name, ResourceGroupName, LocationAzure Cloud Shell
Section titled “Azure Cloud Shell”A browser-based shell (Bash or PowerShell) with the CLI, PowerShell, Terraform, kubectl, and other tools pre-installed. No local setup needed — access from the portal.
Key Terminology
Section titled “Key Terminology”| Term | Meaning |
|---|---|
| Entra ID (Azure AD) | Identity and access management (users, groups, apps, SSO) |
| Subscription | Billing boundary — all resources belong to a subscription |
| Resource group | Logical container for related resources |
| ARM | Azure Resource Manager — the API layer for all Azure operations |
| ARM template / Bicep | Azure-native Infrastructure as Code (JSON templates or Bicep DSL) |
| VNet | Virtual Network — your isolated network in Azure |
| NSG | Network Security Group — firewall rules |
| AKS | Azure Kubernetes Service — managed Kubernetes |
| App Service | Managed PaaS for web apps (like Elastic Beanstalk) |
| Tags | Key-value labels on resources for organization and cost tracking |
Azure vs AWS — Service Mapping
Section titled “Azure vs AWS — Service Mapping”| Category | AWS | Azure |
|---|---|---|
| Compute (VMs) | EC2 | Virtual Machines |
| Serverless | Lambda | Azure Functions |
| Containers | ECS / EKS | ACI / AKS |
| Object storage | S3 | Blob Storage |
| Block storage | EBS | Managed Disks |
| Relational DB | RDS | Azure SQL / Azure Database for PostgreSQL |
| NoSQL | DynamoDB | Cosmos DB |
| Identity | IAM | Entra ID (Azure AD) + RBAC |
| Networking | VPC | VNet |
| Load balancer | ALB / NLB | Application Gateway / Azure Load Balancer |
| CDN | CloudFront | Azure CDN / Front Door |
| DNS | Route 53 | Azure DNS |
| Monitoring | CloudWatch | Azure Monitor / Log Analytics |
| IaC | CloudFormation | ARM templates / Bicep |
| CI/CD | CodePipeline | Azure DevOps Pipelines |
| Secrets | Secrets Manager | Key Vault |
| Message queue | SQS | Azure Queue Storage / Service Bus |
Topics in This Section
Section titled “Topics in This Section”Start with Identity (Entra ID and RBAC), then core infrastructure (compute, networking, storage), followed by databases, monitoring, and DevOps tooling.
- Identity and Access — Entra ID (Azure AD), RBAC, managed identities, and service principals.
- Compute — Virtual Machines, AKS (managed Kubernetes), and Azure Functions (serverless).
- Networking — VNets, subnets, NSGs, load balancers, Application Gateway, DNS, and peering.
- Storage — Blob storage, Azure Disk, Azure Files, and storage accounts.
- Databases — Azure SQL, Cosmos DB, and Azure Database for PostgreSQL/MySQL.
- Monitoring — Azure Monitor, Log Analytics, Application Insights, and alerts.
- DevOps on Azure — Azure DevOps (Repos, Pipelines, Boards) and GitHub integration.
- Service Bus and Event Grid — Service Bus queues and topics for enterprise messaging, and Event Grid for event-driven routing.
- Azure Policy and Governance — Azure Policy, management groups, Blueprints, resource locks, and compliance enforcement.
- Security Services — Defender for Cloud, Azure Firewall, DDoS Protection, WAF, Key Vault, and Sentinel.
- Cost Management — Cost Analysis, budgets, Azure Advisor, reservations, and optimization strategies.
- Event Hubs — High-throughput event streaming for telemetry, logs, and real-time analytics.
- API Management — API gateway, developer portal, rate limiting, authentication, policies, and versioning.
- Azure Cache for Redis — Managed Redis for caching, session storage, leaderboards, and rate limiting.