Index
A
access control 178–184, 310–321. See also security
access policies 338
Shared Access Signatures 180–182
Virtual Network Service Endpoints 183–184
access control lists (ACLs) 193
access panel extension 368
ACE. See access control entries
ACLs. See access control lists
ACR. See Azure Container Registry
ACS. See Azure Container Services
Active Directory (AD) 311, 469
registering application in 311–313
Active Directory Federation Services (ADFS) 469
activity log alerts 119, 122–123
activity reports 479
AD. See Active Directory
Adaptive application controls 357–358
Add-AzureRmAccount cmdlet 66
Add-AzureRmVirtualNetworkPeering cmdlet 221
Add-AzureRmVirtualNetworksubnetConfig cmdlet 237
Add-AzureRmVmssExtension cmdlet 134
ADFS. See Active Directory Federation Services
alerts 39
based on log search queries 461
critical, email notifications for 476–477
Allow Gateway Transit option 258–259
Antimalware Assessment management solution 462–463
append blobs 158
application delivery controller (ADC) 232
Application Gateway (App Gateway)
cookie-based session affinity 233
deployment into virtual networks 234
design and implementation 285–286
end to end SSL 233
internal load balancers and 262
load balancing 233
secure sockets layer (SSL) offload 233
sizes 234
URL-based content routing 234
web application firewall 233
application gateways 266
Application Insights 6, 35–39, 111, 116–117
application logs 115
applications. See also Web Apps
Adaptive application controls 357–358
adding users and groups to 369–370
deploying to web apps 14
directory-aware 485
Enterprise 369
health check pages 49
integration with Azure AD 495–496
integration with Azure AD B2B 510–511
LOB 130
migrating on-premise to Azure 485
registering, in Azure AD 311–313
registering with Azure AD B2C 502–504
service principals and 315
virtual 27
application settings
App Service Certificate 344–346
App Service Certificates 23–24
App Service Environments (ASE) 4
app service plans
CLI 6
PowerShell 5
apt-get package manager 170
ARM template files 294
ARM template parameter files 294
artifact files 295
ASC. See Azure Security Center
ASE. See App Service Environments
ASN. See Autonomous System Numbers
AS numbers 247
ASR. See Azure Site Recovery
async blob copy service 164–170
social identity provider 503–505
storage account 178
automation 446
integrating, with Web Apps 428–431
Autonomous System Numbers (ASN) 243
Autoscale 134
availability
managing, with Load Balancer 128–129
availability sets 231
Average Response Time metric 34
az account list-locations command 207
az ad app create command 312
az ad sp create command 313
AzCopy
async blob copy 167
blob and container management 163
az group create command 70, 309
az group deployment create command 309
az image command 97
az image list command 72
az lock create command 321
az network application-gateway address-pool
command 286
az network application gateway command 239
az network command 239
az network lb command 282
az network nic create command 72
az network nic update command 274
az network nsg create command 72
az network public-ip create command 72
az network rule create command 72
az network vnet create command 71, 207
az network vnet peering list command 221
az network vnet subnet create command 71, 207
az policy assignment create command 319
az provider list CLI command 298
az role definition command 324
az role definition create command 329
az storage account create command 71
az storage blob generate-sas command 182
az storage container create command 161
Azure Active Directory 469
adding application to 364
Editions 369
integrating on-premises AD with 485–496
integration in web and desktop applications 495–496
Microsoft Graph API and 496
Multi-Factor Authentication 488–493
registering application in 311–313
Azure AD. See Azure Active Directory
Azure AD B2C (business to consumer) 371–377
Azure AD Business to Business (B2B) 469, 497
application integration 510–511
collaboration implementation 508–510
partner users configuration 508–510
Azure AD Business to Consumer (B2C) 469, 497–508
enabling multi-factor authentication 506
registering application 502–504
Self-Service Password Reset 507
social identity provider authentication 503–505
Azure AD Connect 469, 485, 487–488
Azure AD Connect Health 470–479
activity reports 479
ADFS and web application proxy server
monitoring 477–478
domain controller monitoring 473–476
email notifications for critical alerts 476–477
security reports 479
sync engine and replication monitoring 470–473
utilization reports 479
Azure AD Domain Services 469, 479–485
joining Azure virtual machines to 482–483
on-premise app migration 485
VM management using Group Policy 484
Azure AD tenant 495
Azure AppService Web Apps. See Web Apps
Azure Automation. See automation
Azure Automation DSC service 88
Azure Backup
backup and restore data 383–387
encryption passphrase 382
Azure Cloud Shell 61, 73, 82, 206
Azure Container Registry (ACR) 142–144, 149
Azure Container Services (ACS) 57, 138–150
Kubernetes cluster in 145
managing containers with 146–148
open-source tooling configuration 138–139
scaling applications in 148–149
Azure Diagnostics agent 119
Azure Diagnostics Extension 112
Azure Disk Encryption 105
Azure Domain Services
adding and managing devices 493–495
Azure Fabric Controller 59
Azure files
hierarchy 168
use cases 169
connecting to, outside of Azure 108–110
Azure Key Vault 19, 24, 179–180, 302, 336–342
certificate management 342–344
Azure Log Analytics. See Log Analytics
Azure Managed Disks 126
Azure Monitor 111
Azure portal
App Gateway creation in 234–236
app service plan creation in 4–5
ARM template deployment in 309
automation account creation in 416–417
availability set creation in 127
Azure AD B2C tenant creation in 497–502
Azure File Share creation in 106
blob and container management in 159–160
configuration of VMs as backend pool in 285–286
deployment slot creation in 8–9
diagnostics configuration 114–117
DNS settings configuration in 212, 268–269
enabling diagnostic logs in 28
gateway subnet creation in 210–211
handler mappings configuration in 26
load balancer creation in 277–280
Log Analytics workspace creation in 443
migrating web app to separate app service plan in 15
public IP address creation with 266–267
Recovery Services vault in 378–379
static private IP addresses with 263
swapping deployment swaps in 11–13
using custom script extension 88
viewing streaming logs in 32–33
virtual machine creation in 60–66
virtual machine scale set creation in 132–134
virtual network creation in 201–204
VNet-to-VNet connections in 251–257
Azure private peering 244
Azure public peering 244
Azure resource connectivity 200
Azure Resource Manager (ARM)
private IP addresses 261
functions 299
virtual machine resource 302–308
virtual network resources 296–299
virtual machines
VNets
Azure Security Center (ASC) 346–363
data collection 347
email notifications 349
enabling protection for non-Azure computers 350
Identity and Access solution 358–359
preventing security threats with 351–359
recommendations 358
responding to security threats with 359–363
security policy 348
Threat intelligence detection capability 362–363
Azure Site Recovery (ASR) 393–412
Hyper-V virtual machine protection 402–408
Recovery Plan 401
Unified Setup and vault credential 398
virtual machine protection 408–412
VMWare and physical machine protection 394–402
async blob copy service 164–170
Azure Storage Diagnostics 185–188
Azure Storage Explorer 162, 167–168, 182–183
Azure Storage Service Encryption 104–105
Azure Storage Service Encryption (SSE) 191
Azure-to-Azure Site Recovery 408–412
Azure Traffic Manager
Azure Virtual Networks (VNets) 199–292
communication strategy 287–289
configuration 199–239, 251–260
connecting, using VNet peering 217–222
gateway subnets 210
introduction to 199
network security groups 222–230
service chaining 250
virtual machine deployment into 230–232
az vm availability-set create command 72, 128
az vm disk attach command 99
az vm extension set command 90
az vm generalize command 97
az vm list-vm-resize-options command 132
az vmss create command 137
az vmss update-instances command 137
az vm unmanaged-disk command 99
B
backend pools 129, 130, 278–279, 285–286
BGP routing protocol 243
account types 157
async blob copy service 164–170
CacheControl property of 174
CDN endpoints and 172
encryption 191
time-to-live (TTL) period 173
types 158
Blob Storage account 94
block blobs 158
BMC. See baseboard management controller (BMC)
boot diagnostics 112, 117–118, 119
Bring Your Own Device (BYOD) policy 493
brute-force attacks 359
C
CacheControl HTTP header 173
Capacity Planner for Hyper-V Workloads 403–404
CDN. See Content Delivery Network
certificate authorities 23
certificate authority (CA) 343
certificate management 342–344
certificates 342
App Service Certificate 344–346
SAML signing 365
Change Tracking management solution 463–466
CIFS. See Command Internet File System
cifs-utils package 170
Classless Inter-Domain Routing (CIDR) 200
CLI. See Command Line Interface
client-side telemetry data 39
cloud computing 1
cloud identity 469
cloud management
cloud services 351
CLR. See Common Language Runtime (CLR)
Cmdkey.exe 170
CNAME records 21, 22–23, 52, 176, 177
Command Line Interface (CLI) 1
application settings configuration 20
app service plan creation 6
ARM template deployment 309–310
availability set creation 128
Azure File Share creation 107
blob and container management 161–162
configuring VMs as backend pools 286
deployment slot creation 10
DNS settings configuration 213–214, 270
enabling diagnostic logs 29
load balancer creation 282–283
NSG creation 274
NSG creation and association 230
public IP addresses 268
resizing VM 132
retrieving diagnostic logs 32
static private IP addresses 264
swapping deployment slots 14
viewing streaming logs 33
virtual machine scale set creation 137
virtual network creation 206–208
VM image creation 97
web app creation 8
Common Internet File System (CIFS) 106
communication strategy 287–289
community sourced runbooks 419
Conditional Access Policy 490
configuration
Azure Storage Diagnostics 185–188
Content Delivery Network 170–176
handler mappings 26
private static IP addresses 261–264
social identity providers 376–377
virtual applications and directories 27
virtual machine scale sets 132–137
virtual networks 199–239, 251–260
Virtual Network Service Endpoints 183–184
for scalability and resilience 42–51
configuration automation 432–441
Configuration Server 396, 397–398, 399–400
connections
connection strings
application settings and 18–20
connectivity. See also network connectivity
containers 156
Azure Container Registry 142–144
Azure Container Services 138–150
migrating workloads 149
troubleshooting 150
Containers Monitoring Solution 149–150
Content Delivery Network (CDN) 2–16
pricing tiers 171
profile creation 171
versioning assets with 174–176
content routing
URL-based 234
continuous integration/continuous delivery (CI/CD) workflow 433
Contributor built-in role 324–326
ConvertTo-SecureString cmdlet 110, 342
cookie-based session affinity 233
copyIndex() function 300
CPU Percentage 35
creation, renaming, updating, and deletion (CRUD) operations 457
credentials
on-premises 486
associating with web apps 22
configuration, for web apps 20–22
customer-managed DNS settings 213
custom resource policy 317–318
Custom Script Extension 82, 88–91
custom security alerts 360–362
custom visualizations
D
data
querying. See queries
data analysis. See Log Analytics
database as a service (DBaaS) 354
data churn 394
data disks 95
data encryption. See encryption
data protection 335–336. See also security
DCs. See domain controllers
debugging
default tags 225
deployment
applications 14
deployment script files 294
deployment slots
cloning existing 9
creating
in CLI 10
production 8
CLI 14
with PowerShell 13
Desired State Configuration (DSC) 432–441
monitor and update machine configurations
with 436–441
configurations
creating 432
managing 433
node configurations
nodes
registration options 436
resources
built-in 434
custom 434
Desired State Configuration (DSC) extension 82, 83–88
DevOps principles 433
diagnostic logs
locations 30
in PowerShell 32
using FTP 30
using Site Control Manager 30–31
diagnostics
Azure Storage Diagnostics 185–188
guest operating system 112
Linux, enabling and configuring 118–119
DigiCert 343
directories
virtual 27
Direct Server Return (DSR) 283–284
Disable-AzureRmTrafficManagerEndpoint cmdlet 52
disaster recovery. See recovery services
disks
managed 126
mounting 104
VM 95
DNS names 48
DNS records
updating 48
docker-compose command 140
Docker containers 6
Domain Controller (DC) 213
domain controllers (DCs)
Domain Naming Service (DNS) 211–214
domains
custom, configuration of 20–22
DPM protection agent 380
DSR. See Direct Server Return
dynamic IP addresses 261
E
elastic scale 42
email notifications 349
encryption
keys, create and import 336–342
passphrase, Azure Backup 382
Enterprise applications 369
enterprise Azure scaffold 316
error messages 28
event categories 122
event log data 115
Event Tracing for Windows (ETW) 115–116
External ASEs 4
F
failed requests
logs style sheet file 30
tracing 28
federation
with public consumer identity providers 371–377
federation-based single sign-on 363–366
files
change tracking 464
hierarchy 168
purging 175
file shares
file system permissions 193–195
firewalls 201
network 353
web application firewall 233
FTP client
for retrieving log files 30
Fully Qualified Domain Name (FQDN) 211, 265
G
gateway subnets 210–211, 252–253
generate-ssh-keys parameter 71
geo-redundant storage (GRS) 94
Geo-Redundant Storage (GRS) 392–393
Get-AzureKeyVaultCertificateOperation cmdlet 343, 344
Get-AzureRmApplicationGatewayBackendAddressPool cmdlet 286
Get-AzureRmApplicationGateway cmdlet 286
Get-AzureRmLocation cmdlet 204
Get-AzureRmNetworkInterface cmdlet 263, 269, 273, 286
Get-AzureRmRemoteDesktopFile cmdlet 80
Get-AzureRmResourceGroup cmdlet 67, 204
Get-AzureRmResourceProvider cmdlet 298
Get-AzureRmStorageAccount cmdlet 67
Get-AzureRmStorageAccountKey cmdlet 110
Get-AzureRmStorageKey cmdlet 165
Get-AzureRmStoragerAccountKey cmdlet 107
Get-AzureRmTrafficManagerProfile cmdlet 51
Get-AzureRmVirtualNetwork cmdlet 230
Get-AzureRMVirtualNetwork cmdlet 237
Get-AzureRmVirtualNetworkPeering cmdlet 221
Get-AzureRmVM cmdlet 99
Get-AzureRmVMImageOffer cmdlet 69
Get-AzureRmVMImagePublisher cmdlet 69
Get-AzureRmVMImageSku cmdlet 69
Get-AzureRmVMSize cmdlet 131
Get-AzureRmWebAppSlot cmdlet 10
Get-AzureStorageBlobCopyState cmdlet 166
Get-AzureWebsiteLog cmdlet 33
Get-PhysicalDisk cmdlet 103
GlobalSign 343
Group Policy Objects (GPOs) 484
groups
adding to applications 369–370
GRS. See geo-redundant storage
guest operating system diagnostics 112
H
handler mappings 26
hard disk drives (HDDs) 63
hardware security modules (HSMs) 180, 336
HCM. See Hybrid Connection Manager
health check pages 49
host caching 99
hot access tier 157
HSMs. See hardware security modules
HTTP GET requests 37
HTTP probe 276
HTTP probes 129
HTTPS traffic 233
hub and spoke network topology 320
hybrid cloud 239
Hybrid Connection Manager (HCM) 288
hybrid network connectivity 239–259
Hyper-V 58
Hyper-V-based workloads 402–408
Hyper-V hosts 407
I
identity infrastructure 470–479
Azure Active Directory 485–496
Azure AD Connect Health 470–479
Azure AD Domain Services 479–485
social identity provider authentication 503–505
ILB ASEs 4
Import-AzureKeyVaultCertificate cmdlet 343
Independent Software Vendors (ISV) 495
Infrastructure as a Service (IaaS) 351
infrastructure-as-code (IaC) assets 433
internal load balancer (ILB) 4
internal load balancers (ILBs) 262
Internet connectivity 200
Internet-facing load balancers 266
IP addresses
allocation of 262
default tags 225
dynamic 261
private 261
IP address spaces 247
IPSec VPN 240
J
JavaScript Object Notation (.json) files 77
Just in time (JIT) VM access 352–353
K
certificate management 342–344
clusters 145
Kubernetes API endpoints 138
L
large scale sets 132
LCM. See Local Configuration Manager
line of business (LOB) applications 130
Linux agent 60
Linux-based virtual machines
connect and mount Azure File from 110
custom script extension with 89–91
diagnostics, enabling and configuring 118–119
Linux distributions
load balancers 128–129, 233, 262, 266, 275–283
Local Configuration Manager (LCM) 433, 436
locally redundant storage (LRS) 94
connecting Activity Log to 457–458
data sources
malware status monitoring with 462–463
monitoring system updates with 459–461
server configuration change tracking in 463–466
visualizing Azure resources across multiple
subscriptions 456–457
writing activity data to 457–459
Log Analytics query language 361
log files. See also diagnostic logs
retrieving
using FTP 30
using Site Control Manager 30–31
Logic Apps 121
Login-AzureRmAccount cmdlet 66, 204
LRS. See locally redundant storage
M
machine configurations 436–441
makecert.exe 80
man-in-the-middle attacks 80
MARS. See Microsoft Azure Recovery Services
Master Target Server 396
Memory Percentage 35
metadata
metric-based scale conditions 44–45
Microsoft Azure AppService Web Apps. See Web Apps
Microsoft Azure Datacenter
IP ranges 225
Microsoft Azure Linux Agent (waagent) 59–60, 95
Microsoft Azure Recovery Services (MARS) agent 380–382
Microsoft Graph API 496
Microsoft Monitoring Agent (MMA) 446–448
Microsoft peering 244
migration
lift and shift 106
on-premises apps to Azure 485
workloads 149
MMA. See Microsoft Monitoring Agent
Mobility service extension 396, 409
monitoring
clusters 150
Most attached resources 359
multi-factor authentication (MFA) 488–493, 506
multi-phase deployment swaps 11, 12–13
Multiprotocol Label Switching (MPLS) 242
multi-site network connectivity 239–259
multi-step web tests 37
N
net use command 110
on-premises 260
VNet-to-VNet connections 251–256
network interface (NIC) 268–270
network security groups (NSGs) 208, 209, 222–230, 270–278, 353, 391
default tags 225
Network Security Groups (NSGs) 4
Network Watcher 111
New-AzureKeyVaultCertificateOrganizationDetails cmdlet 343
New-AzureKeyVaultCertificatePolicy cmdlet 343
New-AzureRmADApplication cmdlet 312
New-AzureRmAppServicePlan cmdlet 5
New-AzureRmAutomationCertificate cmdlet 427
New-AzureRmAutomationVariable cmdlet 428
New-AzureRmAvailabilitySet cmdlet 68, 128
New-AzureRmImage cmdlet 97
New-AzureRmImageConfig cmdlet 97
New-AzureRmKeyVault cmdlet 339
New-AzureRmNetworkInterface cmdlet 69
New-AzureRmNetworkSecurityGroup cmdlet 68, 273
New-AzureRmNetworkSecurityGroup PowerShell
cmdlet 229
New-AzureRmNetworkSecurityRuleConfig
cmdlet 68, 229, 273
New-AzureRmOperationalInsightsWorkspace
cmdlet 444
New-AzureRmPolicyDefinition cmdlet 318
New-AzureRmPublicIpAddress cmdlet 267
New-AzureRMPublicIpAddress cmdlet 237
New-AzureRmResourceGroup cmdlet 67, 204, 308, 338
New-AzureRmResourceGroupDeployment
cmdlet 79, 308
New-AzureRmResourceLock cmdlet 321
New-AzureRmRoleDefinition cmdlet 329
New-AzureRmStorageAccount cmdlet 67
New-AzureRmTrafficManagerEndpoint cmdlet 51
New-AzureRmTrafficManagerProfile cmdlet 50
New-AzureRmVirtualNetwork cmdlet 205, 213
New-AzureRmVirtualNetworkSubnetConfig
cmdlet 67, 205
New-AzureRmVMConfig cmdlet 69, 70
New-AzureRmVmssConfig cmdlet 134
New-AzureRmWebApp cmdlet 7
New-AzureRmWebAppSlot cmdlet 9–10
New-AzureStorageAccount cmdlet 164
New-AzureStorageBlobSASToken cmdlet 181
New-AzureStorageContainer cmdlet 160–161, 165
New-AzureStorageContext cmdlet 107, 165
New-AzureStorageShare cmdlet 107
New-PSDrive cmdlet 110
New-SelfSignedCertificate cmdlet 80
New-VirtualDisk cmdlet 103
NIC. See network interface
NSGs. See network security groups
O
OAuth2 protocol 312
OMS. See Operating Management Suite; See Operations Management Suite
OMS Gateway 442
OMS Portal 461
on-premises connectivity 201, 260
on-premises credentials 486
on-premises environment
data collection in 442
on-premises infrastructures 287
operating system disks 95
Operations Management Suite (OMS) 149–150, 378
Organization Units (OUs) 484
Owner built-in role 324
owning groups 195
P
page blobs 158
password-based single sign-on 366–368
passwords
Self-Service Password Reset 507
synchronization 482
permissions 311
Personal Information Exchange (.pfx) files 23
ping tests 38
platform as a service (PaaS) 354
Platform-as-a-Service (PaaS) 1
point-to-site virtual private network (VPN) 240–241
port reuse 283
PowerShell
App Gateway creation in 236–238
application settings configuration in 20
app service plan creation in 5
ARM template deployment using 308
automation account creation using 417
availability set creation with 128
Azure File Share creation with 107–108
blob and container management with 160–161
configuring VMs as backend pools with 286
connect and mount Azure File using 110
Custom Script Extension 82, 88–91
deployment slot creation with 9–10
Desired State Configuration 432–441
DNS settings configuration with 213–214, 269
enabling diagnostic logs with 29
load balancer creation with 280–282
Log Analytics workspace creation with 444
public IP address creation using 267–268
Recovery Services vault with 379
resizing VM with 131
retrieving diagnostic logs with 32
static private IP addresses with 263–264
swapping deployment slots with 13
Traffic Manager profile creation with 50
unmanaged VM image creation with 96–97
viewing streaming logs in 33
virtual machine scale set creation with 134–136
virtual network creation in 204–205
VNet peering with 221
web app creation in 7
PowerShell cmdlets. See also specific cmdlets
Azure 1
PowerShell Gallery 423
primary keys 179
private static IP addresses
proactive diagnostic alerts 39
Process Server 396
production deployment slot 8
ProvisionVMAgent parameter 69, 83
public IP addresses 261, 264–268
Publish-AzureRmVMDscConfiguration cmdlet 85
Q
R
RAID 0 disk striping 103
RBAC. See role based access control
read-access geo-redundant storage (RA-GRS) 94
Read Access-Geo Redundant Storage (RA-GRS) 393–394
Recover Data Wizard 384
recovery services
backup and restore data 383–387
Recovery Services Agent 403–404, 407
redundancy 125
Register-AzureRmAutomationDscNode cmdlet 437
registry change tracking 464
remote debugging
remote desktop protocol (RDP) 79–80, 359
Remove-AzureRmPolicyDefinition cmdlet 318
Remove-AzureRmTrafficManagerEndpoint
cmdlet 51–52
resizing
resource policies
built-in 316
resource schemas 296
role-based access control 192–195
role based access control (RBAC) 95
role-based access control (RBAC) 322–330
standard roles, implementing 322–328
route tables 208
Run As accounts 417
Runbook Gallery 418
S
SAML 2.0 363
SAML signing certificates 365
SAN. See subject alternative name
Save-AzureRmVMImage cmdlet 96
Save-AzureWebsiteLog cmdlet 32
scaling
virtual machine scale sets 132–137
schedule-based scale conditions 46–47
schedules
$schema property 305
SCOM. See System Center Operations Manager;
See System Center Configuration Manager
secondary keys 179
secure shell (SSH) protocol 81–82
secure sockets layer (SSL)
end to end 233
secure sockets layer (SSL) offload 233
security 335–377. See also access control
authentication 371
multi-factor authentication 488–493, 506
network security groups 270–274, 391
security policy 348
security reports 479
Self-Service Password Reset 507
self-signed SSL certificates 80
server configuration changes 463–466
Server Messaging Block (SMB) protocol 106
Server Name Indication (SNI) 25
Service Bus Relay 288
service chaining 250
Service Health 39
service level agreements (SLAs) 125
Set-AzureKeyVaultCertificateIssuer cmdlet 344
Set-AzureKeyVaultSecret cmdlet 342
Set-AzureRmApplicationGatewayBackendAddressPool cmdlet 286
Set-AzureRmNetworkInterface cmdlet 263, 269, 273
Set-AzureRmOsDisk cmdlet 98
Set-AzureRmVirtualNetwork cmdlet 237
Set-AzureRmVirtualNetworkSubnetConfig cmdlet 230
Set-AzureRmVMCustomScriptExtension cmdlet 89
Set-AzureRmVMDataDisk cmdlet 99
Set-AzureRmVMOperatingSystem cmdlet 69, 80, 81, 83
Set-AzureRmVMOSDisk cmdle 99
Set-AzureRmVMOSDisk cmdlet 98
Set-AzureRmVMSourceImage cmdlet 69
Set-AzureRmWebApp cmdlet 20, 29
Set-AzureStorageAccount cmdlet 164
Set-AzureStorageBlobContent cmdlet 161
Set-AzureStorageServiceLoggingProperty cmdlet 186
Set-AzureStorageServiceMetricsProperty cmdlet 186
shadow IT system 315
Shared Access Signature (SAS) 180–182
shared access signature (SAS URL) 88
Site Control Manager (Kudu) 30–31
Site Recovery Deployment Planner (SRDP) 394
Site Recovery Provider 403–404, 405–406
site-to-site (S2S) virtual private networks
240–242, 247, 287
SLAs. See service level agreements
SMB. See Server Messaging Block
social identity provider authentication 503–505
social identity providers 376–377
social media accounts 469
software as a service (SaaS) applications 485
solid state disks (SSDs) 63
SQL Server Always On Availability Groups 284
SSDs. See solid state disks
SSL certificates
App Service Certificates and 23–24
self-signed 80
Standard Azure Storage account 100–101
standard certificates 23
Start-AzureStorageBlobCopy cmdlet 164–165, 166
Azure Storage Diagnostics 185–188
async blob copy service 164–170
redundancy type 379
storage accounts
accessing content from CDN instead of 172–173
blob 157
entities and hierarchy relationships 156
root container 157
types 157
zone replicated 164
Storage Explorer
blob and container management with 162
stored access policies 182–183
storage pools 103
Storage Spaces 103
subject alternative name (SAN) 23
subnets
deleting 209
properties 209
subscription policies 311
subscriptions 248
visualizing resources across multiple 456–457
super users 194
support devices 247
Swap-AzureRmWebAppSlot cmdlet 13
Sync Error 476
synchronization services 470–479
sysprep.exe tool 96
System Center Configuration Manager (SCOM) 442
System Center Operations Manager (SCOM) 38
System Center Virtual Machine Manager (SCVMM) 404–405
System Update Assessment management solution 459–461
T
TCP probe 276
telemetry data 39
TemplateParameterFile parameter 79
TemplateParameterObject parameter 79
TemplateParameterUri parameter 79
temporary disks 95
Thales nShield family 180
Threat intelligence detection capability 362–363
time-to-live (TTL) period 173
top-AzureRmVM cmdlet 73
trace data 115
traffic encryption/decryption 233
traffic filtering 201
Transport Layer Security (TLS) 342
U
unmanaged disks 95
update-AzureRmVM cmdlet 99
Update-AzureRmVmssInstance cmdlet 137
URL-based content routing 234
URLs
Azure Automation 420
Usage location 489
user defined routes (UDRs) 214–217, 274–275
users
adding to applications 369–370
utilization reports 479
V
variables
vault credentials 380
vCenter/vSphere server 400–401
virtual appliances 274
virtual applications
configuration 27
virtual CPUs (vCPUs) 63
virtual directories
configuration 27
virtual hard disks (VHDs) 95
virtual hard disk (VHD) files 67
virtual machine scale sets (VMSS) 57, 95, 129, 132–137
upgrading 137
virtual machines (VMs) 57
agents 83
ARM
ASR Azure to Azure protection 408–412
Azure Container Services 138–150
configuring as backend pools for App Gateway 285–286
connecting to Log Analytics workspace 444–446
deployment into virtual network 230–232
enabling static private IP addresses on 263–264
GPOs with 484
Hyper-V
name resolution 268
public IP addresses 266
redundancy for 125
snapshots 391
stopping 73
account replication 94
disks 95
workloads
virtual network resources 296–299
virtual networks. See Azure Virtual Networks
Virtual Network Service Endpoints (VSPE) 178, 183–184
virtual private networks (VPNs)
devices 248
support devices and software solutions 247
Visual Studio Cloud Explorer 91
Visual Studio Code 295
Visual Studio Community 2017 295
VMs. See virtual machines
VMSnapshotLinux extension 380, 386
VMSS. See virtual machine scale sets
VNet peering 217–222, 248–250, 251, 257–259
VNets. See Azure Virtual Networks
VNet-to-VNet connections 251–257
VPN Gateways 246–247, 253–255, 260, 266
VPNs. See virtual private networks
W
WAF. See web application firewall
web application firewall (WAF) 233, 353, 355–357
web applications
integration with Azure AD 495–496
Azure Traffic Manager for 47–51
for scale and resilience 42–52
handler mappings 26
virtual applications and directories 27
in CLI 8
in PowerShell 7
deploying application to 14
deployment slots
diagnostic logs
integrating Azure Automation with 428–431
introduction to 1
migration to separate App Service Plan 15–16
monitoring 27
app service plan resources 34–35
with Application Insights 35–39
multiple deployments of 47
Web-Asp-Net45 feature 83
webhooks 121
Web-Server role 83
web servers
web tests alerts 39
wildcard certificates 23
Windows Management Framework version 5 (WMF 5) 438
Windows PowerShell. See PowerShell
Windows Remote Management (WinRM) 80–81
Windows Server 2003 58
Windows virtual machines
diagnostics, enabling and configuring 112–118
WinRMHttp 80
WinRMHttps 80
workloads
migrating 149
on virtual machines
WS-Federation 363
X
xPSDesiredStateConfiguration module 84
Y
yum package manager 170
Z
zone redundant storage (ZRS) 94
zone-replicated storage accounts 164