Azure Fundamentals Part 2

4 min readJun 1, 2024


Microsoft Learn Sandbox

The Microsoft Learn Sandbox is a free, temporary environment provided by Microsoft for learners to practice and experiment with Azure services. It comes pre-configured with the necessary tools and resources, allowing learners to focus on building and experimenting with Azure solutions.

Learn Sandbox can be practiced through interfaces like Azure PowerShell, Bash CLI, Azure CLI interactive mode, and the Azure portal.

Azure PowerShell is a set of modules that provides cmdlets to manage Azure resources directly from the command line. When using the Microsoft Learn Sandbox, Azure PowerShell can be used to create, monitor, and manage Azure resources in a safe and temporary environment. Some example commands to execute are “az version,” “help,” “get-date,” and “az upgrade.”

Bash CLI allows the use of Azure CLI with Bash, providing an efficient way to automate and execute Azure tasks.

az interactive” cmd can be used from Bash CLI/power shell to change to interactive mode. Auto-completion, syntax highlighting, and on-the-fly documentation are the key features of this mode. Start typing commands and use the tab key to see suggestions and auto-complete options. Commands can be executed as in regular CLI mode.

The Azure Portal is a web-based, unified console that provides a graphical user interface for managing Azure resources and services. It is designed to simplify the deployment, management, and monitoring of Azure resources. Users can perform a wide range of tasks, including creating virtual machines, managing storage, configuring networks, and monitoring resource usage.

Key features of the Azure portal include GUI, resource management, monitoring and alerts, dashboards and customization, role-based access control, cost management and billing, and marketplace.

You can access the Azure portal through

Core Architecture of Azure

The core architecture of Azure includes physical infrastructure and management infrastructure.

Physical infrastructure: Physical infrastructure for Azure starts with data centers. These datacenters are grouped into azure regions or azure availability zones. These help to achieve resiliency and reliability for business.

An Azure region is a set of data centers deployed within a specific geographic location, where Microsoft Azure services are available. Each region contains one or more data centers connected through a low-latency network.

Availability zones are distinct locations within an Azure region engineered to be isolated from failures in other zones. They offer a high-availability solution within a single region, ensuring that data and applications remain available and resilient to failures.

Availability zones are primarily designed for VMs, managed disks, load balancers, and SQL databases. Azure services that support availability zones fall into three categories:

· Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).

· Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).

· Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

Azure region pairs are strategically defined pairs of Azure regions within the same geographic area, which are designed to provide enhanced availability and disaster recovery. Each Azure region is paired with another region at least 300 miles away to ensure that they are isolated from regional disasters like earthquakes, floods, or power outages.

Azure management infrastructure

The management infrastructure includes Azure resources and resource groups, subscriptions, and accounts.

A resource is the basic building block of Azure. Virtual Machines (VMs), virtual networks, databases, cognitive services, etc. are all considered as resources within Azure.

Azure resource groups are logical containers that hold related Azure resources, allowing organized and unified management of resources. They enable easier deployment, monitoring, and access control of grouped resources, simplifying resource management and lifecycle operations.

Azure subscriptions are a unit of management, billing, and scale. Subscriptions allow logically organize your resource groups and facilitate billing.

There are two types of subscription boundaries:

· Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.

· Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.

Azure management groups

Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called management groups and apply governance conditions to the management groups.

The following diagram shows an example of creating a hierarchy for governance by using management groups.

Important facts about management groups:

· 10,000 management groups can be supported in a single directory.

· A management group tree can support up to six levels of depth. This limit doesn’t include the root level or the subscription level.

· Each management group and subscription can support only one parent.