Chapter 1: Introduction to Azure
What is Microsoft Azure?
Microsoft Azure is a cloud computing platform offering 200+ services (from raw virtual machines to managed AI models) hosted across Microsoft's global network of data centres. You pay only for what you use (consumption-based billing), and you can scale resources up or down in minutes without buying physical hardware.
Cloud Computing Models
┌─────────────────────────────────────────────────────────────┐
│ Cloud Service Models │
├──────────────┬──────────────────────┬───────────────────────┤
│ IaaS │ PaaS │ SaaS │
│ (You manage │ (Platform manages │ (Everything managed) │
│ most) │ the runtime) │ │
├──────────────┼──────────────────────┼───────────────────────┤
│ Azure VMs │ App Service │ Microsoft 365 │
│ Disks │ Azure SQL Database │ Dynamics 365 │
│ VNets │ Azure Functions │ Azure DevOps (SaaS) │
│ │ AKS (managed K8s) │ │
└──────────────┴──────────────────────┴───────────────────────┘
| Model | You manage | Azure manages | Example |
|---|---|---|---|
| IaaS | OS, runtime, app, data | Hardware, networking, virtualisation | Azure VMs |
| PaaS | App code and data | OS, runtime, scaling, patching | App Service, Azure SQL |
| SaaS | Nothing (just configure) | Everything | Microsoft 365 |
| Serverless | Business logic only | Execution environment, scaling, billing | Azure Functions |
Deployment Models
- Public Cloud: Resources run on Microsoft's shared infrastructure. Most common.
- Private Cloud: Dedicated hardware for one organisation (Azure Dedicated Host).
- Hybrid Cloud: On-premises + cloud connected via Azure Arc, VPN, or ExpressRoute.
- Multi-Cloud: Azure workloads alongside AWS or GCP (increasingly common).
Why Azure?
- Enterprise integration: Deep ties to Active Directory, Microsoft 365, and Windows Server make migration easier for existing Microsoft shops
- Compliance portfolio: 100+ compliance certifications (ISO, SOC, HIPAA, FedRAMP, GDPR)
- Hybrid story: Azure Arc, Azure Stack, and ExpressRoute make hybrid deployments first-class citizens
- Developer ecosystem: Native GitHub integration, Visual Studio tooling, and strong .NET support
- AI & ML services: Azure OpenAI, Cognitive Services, and Azure ML are production-grade
- Global reach: 60+ regions worldwide, more than any other cloud provider
Azure Global Infrastructure
Regions
A region is a geographic area containing one or more data centres. Every resource you create is deployed to a region.
Key Regions (partial list):
├── Americas
│ ├── East US (Virginia) ← Most services launch here first
│ ├── East US 2 (Virginia)
│ ├── West US 2 (Washington)
│ ├── West US 3 (Arizona)
│ ├── Central US (Iowa)
│ └── Brazil South (São Paulo)
├── Europe
│ ├── West Europe (Netherlands)
│ ├── North Europe (Ireland)
│ ├── UK South (London)
│ └── Germany West Central (Frankfurt)
└── Asia Pacific
├── East Asia (Hong Kong)
├── Southeast Asia (Singapore)
├── Australia East (Sydney)
└── Japan East (Tokyo)
How to choose a region:
- Proximity to users: lower latency
- Compliance requirements: data sovereignty laws (e.g., EU data must stay in EU)
- Service availability: not all services are in all regions
- Pricing: prices vary by region (East US is typically cheapest)
- Paired regions: Azure pairs regions for disaster recovery (e.g., East US and West US)
Availability Zones
Within a region, Availability Zones (AZs) are physically separate data centres (different power, cooling, and networking) that protect against data centre failures.
Region: East US
├── Availability Zone 1 (Data centre A)
├── Availability Zone 2 (Data centre B)
└── Availability Zone 3 (Data centre C)
- Deploy VMs across zones to survive a full data centre outage
- Zone-redundant services (e.g., Azure SQL, Storage) replicate automatically across zones
- SLA increases: single VM = 99.9%, two VMs across zones = 99.99%
Availability Sets
For VMs in the same region but before AZ support existed, Availability Sets distribute VMs across:
- Fault Domains (FD): separate physical racks (power + network)
- Update Domains (UD): groups rebooted separately during planned maintenance
Prefer Availability Zones over Availability Sets for new workloads.
Azure's Organisational Hierarchy
Azure Account (Microsoft account / Entra ID tenant)
└── Management Groups (optional hierarchy for policies)
└── Subscriptions (billing + access boundary)
└── Resource Groups (logical container)
└── Resources (VMs, databases, storage...)
Subscriptions
A subscription is the billing and access boundary. One account can have many subscriptions.
Common patterns:
prod-subscription/dev-subscription/staging-subscription- Separate subscriptions per team or business unit
- Separate subscriptions to enforce cost limits (budgets per subscription)
Resource Groups
A resource group is a logical container for related resources. They share the same lifecycle: when you delete a resource group, everything inside is deleted too.
Best practices:
- Group resources by application and environment:
myapp-prod-rg,myapp-dev-rg - All resources in a group should share the same region (though cross-region is allowed)
- Use consistent naming conventions:
{project}-{env}-{region}-rg
# Create a resource group
az group create \
--name myapp-prod-rg \
--location eastus \
--tags environment=prod project=myapp
Management Groups
For large organisations with many subscriptions, Management Groups let you apply Azure Policy and RBAC across multiple subscriptions at once.
Root Management Group
├── Corp MG
│ ├── IT Subscription
│ └── Finance Subscription
└── Platform MG
├── Connectivity Subscription
└── Identity Subscription
Azure Services Landscape
Azure groups its 200+ services into categories:
| Category | Key Services |
|---|---|
| Compute | Virtual Machines, App Service, AKS, Container Instances, Functions |
| Storage | Blob, Files, Queue, Table, Disk |
| Databases | Azure SQL, Cosmos DB, PostgreSQL, MySQL, Redis Cache |
| Networking | VNet, Load Balancer, Application Gateway, Front Door, DNS, VPN Gateway |
| Identity | Microsoft Entra ID (Azure AD), RBAC, Key Vault, Managed Identity |
| DevOps | Azure DevOps, GitHub Actions, Container Registry, Artifact Registry |
| AI & ML | Azure OpenAI, Cognitive Services, Azure Machine Learning |
| Analytics | Synapse Analytics, Data Factory, Stream Analytics, Databricks |
| Monitoring | Azure Monitor, Application Insights, Log Analytics |
| Integration | Service Bus, Event Grid, Event Hub, Logic Apps, API Management |
| Security | Microsoft Defender for Cloud, Sentinel, DDoS Protection |
Core Azure Concepts
Tags
Tags are key-value metadata you apply to resources for cost tracking, automation, and organisation.
# Tag a resource group
az group update \
--name myapp-prod-rg \
--set tags.environment=prod tags.owner=teamname tags.costcenter=12345
Azure Policy
Policies enforce rules across your Azure environment, e.g., "all resources must have a costcenter tag", "VMs must use approved SKUs only", "resources can only be created in approved regions".
Locks
Prevent accidental deletion or modification:
# Prevent deletion of a resource group
az lock create \
--name DoNotDelete \
--resource-group myapp-prod-rg \
--lock-type CanNotDelete
# Prevent any changes (read-only)
az lock create \
--name ReadOnly \
--resource-group myapp-prod-rg \
--lock-type ReadOnly
Pricing & Cost Management
Azure uses a pay-as-you-go model with several saving options:
| Option | Discount | Commitment |
|---|---|---|
| Pay-As-You-Go | 0% (baseline) | None |
| Reserved Instances | Up to 72% | 1 or 3 years |
| Savings Plans | Up to 65% | 1 or 3 years (flexible) |
| Spot VMs | Up to 90% | None (evictable) |
| Dev/Test pricing | ~40-50% | Active Visual Studio subscription |
| Azure Hybrid Benefit | Up to 40% | Existing Windows/SQL licences |
Always use the Azure Pricing Calculator before committing to an architecture.
Azure vs Other Clouds
| Feature | Azure | AWS | GCP |
|---|---|---|---|
| Virtual machines | Azure VMs | EC2 | Compute Engine |
| Managed Kubernetes | AKS | EKS | GKE |
| Object storage | Blob Storage | S3 | Cloud Storage |
| PaaS web hosting | App Service | Elastic Beanstalk | App Engine |
| Serverless functions | Azure Functions | Lambda | Cloud Functions |
| Managed SQL | Azure SQL | RDS | Cloud SQL |
| NoSQL | Cosmos DB | DynamoDB | Firestore/Bigtable |
| Identity | Entra ID | IAM | Cloud IAM |
| CI/CD | Azure DevOps | CodePipeline | Cloud Build |
| Monitoring | Azure Monitor | CloudWatch | Cloud Monitoring |
| CDN | Azure Front Door | CloudFront | Cloud CDN |
Next Steps
Continue to 02-getting-started.md to create your Azure account, set up the CLI, and deploy your first resource.