Azure Basics

This guide summarizes core Azure building blocks and best practices to help you get productive quickly and stay consistent across projects.

Core Concepts

Subscriptions: Billing and isolation boundary for resources.
Management groups: Group subscriptions for policy and RBAC at scale.
Resource groups: Logical containers for related resources with a shared lifecycle.
Regions & availability zones: Choose regions closest to users and use zones for high availability.
Identity (Microsoft Entra ID): Central identity provider for users, apps, and service principals.
Role-based access control (RBAC): Grant least-privilege access at subscription, RG, or resource scope.
Tags: Key/value labels for cost, ownership, environment; enforce via Policy.

Networking

Virtual networks (VNet) and subnets: Private IP space for your services.
Network Security Groups (NSG): Allow/deny inbound/outbound rules.
Private Endpoints: Private access to PaaS services over your VNet.
DNS: Azure DNS for zones; Private DNS for private endpoints.

Compute Options

App Service: PaaS for web apps and APIs; scales easily.
Azure Functions: Serverless, event-driven compute; pay-per-use.
Azure Container Apps: Microservices on containers without managing Kubernetes.
Azure Kubernetes Service (AKS): Managed Kubernetes for full control.
Virtual Machines (VMs): IaaS for lift-and-shift or custom needs.

Data & Storage

Azure SQL Database: Managed SQL Server engine.
Cosmos DB: Globally distributed NoSQL (multiple APIs).
PostgreSQL/MySQL flexible server: Managed relational databases.
Storage Account: Blob (objects), Files (SMB), Queues, Tables.

Monitoring & Security

Azure Monitor & Log Analytics: Metrics and centralized logs.
Application Insights: APM for apps, traces, requests, dependencies.
Defender for Cloud: Posture management and threat protection.
Key Vault: Secrets, keys, and certificates.

Infrastructure as Code (IaC)

Bicep/ARM: Native Azure templates; great for platform teams.
Terraform: Multicloud IaC; good for consistency across providers.

DevOps & CI/CD

Azure DevOps Pipelines or GitHub Actions for automation.
Use environments (dev/test/prod), approvals, and gated releases.

Cost Management

Budgets and alerts per subscription or RG.
Use tags like env, owner, costCenter to track spend.

Quickstart: CLI Setup

# Login and set subscription
az login
az account set --subscription "<subscription-name-or-id>"

# Create a resource group
az group create --name rg-demo --location eastus

# Example: Create a storage account (name must be globally unique)
az storage account create \
  --name demostorage$RANDOM \
  --resource-group rg-demo \
  --kind StorageV2 \
  --sku Standard_LRS \
  --https-only true