Microsoft Azure AZ-103 Tips , Hints and Notes Part 1

During my study for AZ-103 Exam, I take some notes and hints from the resources, materials, and videos I study from it and from some exam templates, based on that I need to share this points with you and I hope it will be useful for all of us and the series will be around 4 or 5 parts. The first part related to “Manage Azure Subscription and Resources” in the part of today I will list some important articles I write it in this subject and around 20 points as notes related to the same subject

For more information about other Azure posts and articles, all of them are collected in one link ➡️  HERE ✅

keep following me for the upcoming parts in Azure Tips, Hints, and Notes series.

Manage Azure Subscription

1. Azure Subscription Administrator Roles Types
2. Manage Azure Policy Using PowerShell

Manage Azure Subscription and Resources Tips

• The Contributor Role can manage all resources and add resources to a resource group. ➡️ (  https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles)
• The Logic APP Contributor Role lets you Manage logic APP, but not access to them it provides access to view it and update a logic APP. ➡️ (https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app)
• DevTest Labs User role only lets you connect, start, restart, and shutdown virtual machines in your Azure DevTest Labs.
  The Logic App Contributor role lets you manage the logic app, but not access to them. It provides access to view, edit, and update a logic app.
  References:
  ➡️ https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles  ➡️ https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app
• In Azure Log Analytics IF you need to do search a term in Specific table add-in (table name) just after search operator Ex: Search In (Event) “Error”
• You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.
  The region in which your app runs are the region of the App Service plan it’s in. However, you cannot change an App Service plan’s region.
  References:
  ➡️ https://docs.microsoft.com/en-us/azure/app-service/app-service-plan-manage
• Availability Set Fault domain and Update domain >> Use two fault domains.
  2 or 3 is max value, depending on which region you are in.
  Use 20 for platformUpdateDomainCount
  Increasing the update domain (platformUpdateDomainCount) helps with capacity and availability planning when the platform reboots nodes. A higher number for the pool (20 is max) means that fewer of their nodes in any given availability set would be rebooted at once.
  References:
  ➡️ https://www.itprotoday.com/microsoft-azure/check-if-azure-region-supports-2-or-3-fault-domains-managed-disks ➡️ https://github.com/Azure/acs-engine/issues/1030
• Assign a role to a user –
  -Sign in to the Azure portal with an account that’s a global admin or privileged role admin for the directory.
  – Select Azure Active Directory, select Users, and then select a specific user from the list.
  – For the selected user, select the Directory role, select Add role, and then pick the appropriate admin roles from the Directory roles list, such as Conditional access administrator.
  – Press Select to save.
  References:
  ➡️ https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal
• Cloud-init.txt -Cloud-init.txt is used to customize a Linux VM on the first boot up. It can be used to install packages and write files, or to configure users and security. No additional steps or agents are required to apply your configuration.
• The az VM create command -Once Cloud-init.txt has been created, you can deploy the VM with az VM create cmdlet, sing the custom-data parameter to provide the full path to the cloud- init.txt file. ➡️ https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-automate-vm-deployment
• When you are configuring Azure Alert and the section of an alert action group, we have rate limit thresholds as below No more than 1 SMS every 5 minutes & Voice: No more than 1 Voice call every 5 minutes. & Email: No more than 100 emails in an hour. & Other actions are not rated limited. https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-rate-limiting For Example About How you can create Alert on Azure SQL for Deadlock as example Check this Post ➡️ https://mostafaelmasry.com/2020/04/19/create-deadlock-alert-on-microsoft-azure-sql/
• Before you upload a Windows virtual machines (VM) from on-premises to Microsoft Azure, you must prepare the virtual hard disk (VHD or VHDX). Azure supports only generation 1 VMs that are in the VHD file format and have a fixed-sized disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized ➡️ https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image?toc=%2fazure%2fvirtual-machines%2fwindows%2ftoc.json
• Azure DNS supports importing and exporting zone files by using the Azure command-line interface (CLI). Zone file import is not currently supported via Azure PowerShell or the Azure portal. ➡️ https://docs.microsoft.com/en-us/azure/dns/dns-import-export
• As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role. ➡️ https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
• Tags applied to the resource group are not inherited by the resources in that resource group. ➡️ https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
• IF you have Azure AD and You purchase 10 Azure AD Premium P2 licenses for the tenant IF you need to ensure that 10 users can use all the Azure AD Premium features. You should assign a license. (Portal AD ==> Users==> Choose User ==> Licenses ==> Assign License) ➡️ https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/license-users-groups
• The advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard, Advisor is also great for security, high availability, operational excellence, and performance suggestions. ➡️ https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations
• Load Balancer LB Basic SKU doesn’t allow flexibility in Availability Sets ➡️ https://docs.microsoft.com/en-us/azure/load-balancer/concepts-limitations#skus
• With the latest update, customers can specify daily, weekly, monthly, and yearly retention policies. Customers can now retain their data for up to 99 years in Azure! If you are using tapes to address your long term retention needs – this release provides a compelling value prop to use Azure to address your backup and long term retention ➡️ https://azure.microsoft.com/en-us/blog/new-features-in-azure-backup-long-term-retention-offline-backup-seeding-and-more/
• When you want to delete the resource you first need to delete the lock on the resource or the resource depended on this resource you need to delete it.
• The IT Services manager Connector (ITSMC) Allows you to Connect Azure and a supported It Service management (ITSM) Product/Services, Such as the Microsoft system center service manager with ITSMC, you can create work items in ITSM tool, based on your azure Alerts (metric Alerts, Activity log alerts and log analytics alerts) ➡️ https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-overview
• IDFIX Directory Synchronization Error Remediation Tool used to perform discovery and remediation of identity objects and their attributes in an on-premises active directory environment in preparation for migration to Azure Active directory, IDIFX tool is intended for the active directory administrators responsible for directory synchronization with Azure Active directory. Download IDFIX Directory Synchronization Error Remediation Tool  ➡️ https://www.microsoft.com/en-us/download/details.aspx?id=36832
• Every Azure AD Directory Comes with an initial domain name in the form of domainname.onmicrosoft.com the initial domain name cannot be changed or deleted but you can add your corporate domain name to Azure AD as well ➡️ https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain