Chapter 1: Introduction to Azure
What Azure is, how it organises resources, and how the global infrastructure is laid out. Read this once. The rest of the tutorial assumes the vocabulary lands here.
What is Microsoft Azure?
Microsoft Azure is Microsoft's cloud platform. It hosts 200+ services across a global network of data centres, from raw virtual machines to managed AI models. You pay for what you use, and you can spin up or tear down resources in minutes.
Cloud Computing Models
┌─────────────────────────────────────────────────────────────┐
│ Cloud Service Models │
├──────────────┬──────────────────────┬───────────────────────┤
│ IaaS │ PaaS │ SaaS │
│ (You manage │ (Platform manages │ (Everything managed) │
│ most) │ the runtime) │ │
├──────────────┼──────────────────────┼───────────────────────┤
│ Azure VMs │ App Service │ Microsoft 365 │
│ Disks │ Azure SQL Database │ Dynamics 365 │
│ VNets │ Azure Functions │ Azure DevOps (SaaS) │
│ │ AKS (managed K8s) │ │
└──────────────┴──────────────────────┴───────────────────────┘
| Model | You manage | Azure manages | Example |
|---|---|---|---|
| IaaS | OS, runtime, app, data | Hardware, networking, virtualisation | Azure VMs |
| PaaS | App code and data | OS, runtime, scaling, patching | App Service, Azure SQL |
| SaaS | Nothing (just configure) | Everything | Microsoft 365 |
| Serverless | Business logic only | Execution environment, scaling, billing | Azure Functions |
Deployment Models
- Public Cloud: Resources run on Microsoft's shared infrastructure. Most common.
- Private Cloud: Dedicated hardware for one organisation (Azure Dedicated Host).
- Hybrid Cloud: On-premises + cloud connected via Azure Arc, VPN, or ExpressRoute.
- Multi-Cloud: Azure workloads alongside AWS or GCP (increasingly common).
Why Azure?
- Enterprise integration: Deep ties to Active Directory, Microsoft 365, and Windows Server make migration easier for existing Microsoft shops
- Compliance portfolio: 100+ compliance certifications (ISO, SOC, HIPAA, FedRAMP, GDPR)
- Hybrid story: Azure Arc, Azure Stack, and ExpressRoute make hybrid deployments first-class citizens
- Developer ecosystem: Native GitHub integration, Visual Studio tooling, and strong .NET support
- AI & ML services: Azure OpenAI, Cognitive Services, and Azure ML are production-grade
- Global reach: 60+ regions worldwide, more than any other cloud provider
Azure Global Infrastructure
Regions
A region is a geographic area containing one or more data centres. Every resource you create is deployed to a region.
Key Regions (partial list):
├── Americas
│ ├── East US (Virginia) ← Most services launch here first
│ ├── East US 2 (Virginia)
│ ├── West US 2 (Washington)
│ ├── West US 3 (Arizona)
│ ├── Central US (Iowa)
│ └── Brazil South (São Paulo)
├── Europe
│ ├── West Europe (Netherlands)
│ ├── North Europe (Ireland)
│ ├── UK South (London)
│ └── Germany West Central (Frankfurt)
└── Asia Pacific
├── East Asia (Hong Kong)
├── Southeast Asia (Singapore)
├── Australia East (Sydney)
└── Japan East (Tokyo)
How to choose a region:
- Proximity to users: lower latency
- Compliance requirements: data sovereignty laws (e.g., EU data must stay in EU)
- Service availability: not all services are in all regions
- Pricing: prices vary by region (East US is typically cheapest)
- Paired regions: Azure pairs regions for disaster recovery (e.g., East US and West US)
Availability Zones
Within a region, Availability Zones (AZs) are physically separate data centres (different power, cooling, and networking) that protect against data centre failures.
Region: East US
├── Availability Zone 1 (Data centre A)
├── Availability Zone 2 (Data centre B)
└── Availability Zone 3 (Data centre C)
- Deploy VMs across zones to survive a full data centre outage
- Zone-redundant services (e.g., Azure SQL, Storage) replicate automatically across zones
- SLA increases: single VM = 99.9%, two VMs across zones = 99.99%
Availability Sets
For VMs in the same region but before AZ support existed, Availability Sets distribute VMs across:
- Fault Domains (FD): separate physical racks (power + network)
- Update Domains (UD): groups rebooted separately during planned maintenance
Prefer Availability Zones over Availability Sets for new workloads.
Azure's Organisational Hierarchy
Azure Account (Microsoft account / Entra ID tenant)
└── Management Groups (optional hierarchy for policies)
└── Subscriptions (billing + access boundary)
└── Resource Groups (logical container)
└── Resources (VMs, databases, storage...)
Subscriptions
A subscription is the billing and access boundary. One account can have many subscriptions.
Common patterns:
prod-subscription/dev-subscription/staging-subscription- Separate subscriptions per team or business unit
- Separate subscriptions to enforce cost limits (budgets per subscription)
Resource Groups
A resource group is a logical container for related resources. They share the same lifecycle: when you delete a resource group, everything inside is deleted too.
Best practices:
- Group resources by application and environment:
myapp-prod-rg,myapp-dev-rg - All resources in a group should share the same region (though cross-region is allowed)
- Use consistent naming conventions:
{project}-{env}-{region}-rg
# Create a resource group
az group create \
--name myapp-prod-rg \
--location eastus \
--tags environment=prod project=myapp
Management Groups
For large organisations with many subscriptions, Management Groups let you apply Azure Policy and RBAC across multiple subscriptions at once.
Root Management Group
├── Corp MG
│ ├── IT Subscription
│ └── Finance Subscription
└── Platform MG
├── Connectivity Subscription
└── Identity Subscription
Azure Services Landscape
Azure groups its 200+ services into categories:
| Category | Key Services |
|---|---|
| Compute | Virtual Machines, App Service, AKS, Container Instances, Functions |
| Storage | Blob, Files, Queue, Table, Disk |
| Databases | Azure SQL, Cosmos DB, PostgreSQL, MySQL, Redis Cache |
| Networking | VNet, Load Balancer, Application Gateway, Front Door, DNS, VPN Gateway |
| Identity | Microsoft Entra ID (Azure AD), RBAC, Key Vault, Managed Identity |
| DevOps | Azure DevOps, GitHub Actions, Container Registry, Artifact Registry |
| AI & ML | Azure OpenAI, Cognitive Services, Azure Machine Learning |
| Analytics | Synapse Analytics, Data Factory, Stream Analytics, Databricks |
| Monitoring | Azure Monitor, Application Insights, Log Analytics |
| Integration | Service Bus, Event Grid, Event Hub, Logic Apps, API Management |
| Security | Microsoft Defender for Cloud, Sentinel, DDoS Protection |
Core Azure Concepts
Tags
Tags are key-value metadata you apply to resources for cost tracking, automation, and organisation.
# Tag a resource group
az group update \
--name myapp-prod-rg \
--set tags.environment=prod tags.owner=teamname tags.costcenter=12345
Azure Policy
Policies enforce rules across your Azure environment, e.g., "all resources must have a costcenter tag", "VMs must use approved SKUs only", "resources can only be created in approved regions".
Locks
Prevent accidental deletion or modification:
# Prevent deletion of a resource group
az lock create \
--name DoNotDelete \
--resource-group myapp-prod-rg \
--lock-type CanNotDelete
# Prevent any changes (read-only)
az lock create \
--name ReadOnly \
--resource-group myapp-prod-rg \
--lock-type ReadOnly
Pricing & Cost Management
Azure uses a pay-as-you-go model with several saving options:
| Option | Discount | Commitment |
|---|---|---|
| Pay-As-You-Go | 0% (baseline) | None |
| Reserved Instances | Up to 72% | 1 or 3 years |
| Savings Plans | Up to 65% | 1 or 3 years (flexible) |
| Spot VMs | Up to 90% | None (evictable) |
| Dev/Test pricing | ~40-50% | Active Visual Studio subscription |
| Azure Hybrid Benefit | Up to 40% | Existing Windows/SQL licences |
Always use the Azure Pricing Calculator before committing to an architecture.
Azure vs Other Clouds
| Feature | Azure | AWS | GCP |
|---|---|---|---|
| Virtual machines | Azure VMs | EC2 | Compute Engine |
| Managed Kubernetes | AKS | EKS | GKE |
| Object storage | Blob Storage | S3 | Cloud Storage |
| PaaS web hosting | App Service | Elastic Beanstalk | App Engine |
| Serverless functions | Azure Functions | Lambda | Cloud Functions |
| Managed SQL | Azure SQL | RDS | Cloud SQL |
| NoSQL | Cosmos DB | DynamoDB | Firestore/Bigtable |
| Identity | Entra ID | IAM | Cloud IAM |
| CI/CD | Azure DevOps | CodePipeline | Cloud Build |
| Monitoring | Azure Monitor | CloudWatch | Cloud Monitoring |
| CDN | Azure Front Door | CloudFront | Cloud CDN |
Next Steps
Continue to 02-getting-started.md to create your Azure account, set up the CLI, and deploy your first resource.