Demos, notes, links
- Exam
- Study Guide
- Case Studies
- Azure Charts
- Azure Icons
- Cloud Adoption Framework
- Cloud Adoption Journey
- Azure Migrate overview
- Learn: Cloud Adption Framework
- Well Architected Framework
- Learn materials
- GitHub Case Studies
- Control and organize Azure resources with Azure Resource Manager
- Describe core Azure architectural components
- Build a cloud governance strategy on Azure
- Introduction to the Microsoft Azure Well Architected Framework
- Management Groups
- Subscriptions decision guide
- What is ARM
- Resource naming convention
- Resource tagging
- Best practices: tagging
- Resource tagging patterns
| Tier | Access Latency | IOPS Characteristics | Notes |
|---|---|---|---|
| Hot | Lowest (milliseconds) | High and consistent | Ideal for frequent reads/writes |
| Cool | Slightly higher (still milliseconds) | Comparable to Hot | Best for infrequent access, backups |
| Cold | Millisecond-level | Similar to Hot/Cool | Optimized for rarely accessed data |
| Archive | Hours (rehydration required) | Not applicable until rehydrated | Offline tier; not suitable for active workloads |
🧠Key Insights
- Hot, Cool, and Cold tiers all offer millisecond-level latency and similar throughput and IOPS, making them suitable for online access.
- The main differences lie in availability SLAs, early deletion penalties, and costs—not raw performance.
- Archive tier is a different beast: it’s offline and requires rehydration (up to 15 hours) before access, so it’s not part of the IOPS conversation. Microsoft doesn’t publish exact IOPS numbers for each tier because performance is influenced by factors like blob size, concurrency, and region. But for most workloads, Hot, Cool, and Cold tiers behave similarly in terms of responsiveness.
- Learn module
- No case study
- Explore concepts of data analytics
- Data integration at scale with Azure Data Factory or Azure Synapse Pipeline
- Explore Azure Databricks
- Introduction to Azure Data Lake Storage Gen2
- Introduction to end-to-end analytics using Microsoft Fabric
| Platform | Core Purpose | Key Features | Integration & Use Cases |
|---|---|---|---|
| Azure Data Lake | Scalable storage for big data | - Hierarchical namespace - Hadoop-compatible - Tiered storage options |
- Stores structured & unstructured data - Used with Spark, Synapse |
| Azure Data Factory | Data integration & ETL orchestration | - 180+ connectors - Data pipelines - Mapping Data Flows |
- ETL/ELT workflows - Hybrid data movement - SSIS support |
| Azure Databricks | Advanced analytics & machine learning | - Apache Spark engine - Collaborative notebooks - ML & AI support |
- Big data processing - Real-time analytics - ML pipelines |
| Azure Synapse | Unified analytics & data warehousing | - Serverless & dedicated SQL pools - Spark integration - Data Explorer |
- BI, data warehousing - Real-time telemetry - SQL + Spark |
| Microsoft Fabric | End-to-end analytics platform | - OneLake unified storage - Copilot AI - Real-time & BI tools |
- Combines Synapse, Power BI, Data Factory - AI-powered insights |
| Platform | Pricing Model | Estimated Monthly Cost (Typical Usage) |
|---|---|---|
| Azure Data Lake | Pay-as-you-go (based on GB stored & ops) | - Hot: ~$0.15/GB - Cool: ~$0.02/GB - Archive: ~$0.002/GB |
| Azure Data Factory | Based on pipeline runs, DIU hours, data ops | - Orchestration: ~$1 per 1,000 runs - Data movement: ~$0.25/DIU-hour |
| Azure Databricks | VM + DBU (Databricks Unit) usage | - Jobs Compute: ~$0.30/DBU - All-Purpose: ~$0.55/DBU |
| Azure Synapse | Serverless (per query) or Dedicated (DWU) | - Serverless SQL: ~$5/TB processed - Dedicated SQL: ~$1.20/hour for DWU100 |
| Microsoft Fabric | Capacity-based (F SKUs) + OneLake storage | - F2: ~$262/month - F64: ~$8,409/month - OneLake: ~$0.023/GB |
- Azure Data Lake is best for scalable, secure storage of raw data.
- Azure Data Factory excels at orchestrating data movement and transformation.
- Azure Databricks is ideal for data scientists and engineers working on ML and big data.
- Azure Synapse Analytics offers a powerful hybrid of SQL and Spark for enterprise analytics.
- Microsoft Fabric unifies all these capabilities into a single, AI-powered platform with seamless integration.
Applications or processes running on Azure Arc-enabled servers can use system-assigned managed identities to obtain tokens for any Entra-protected resource. To set this up, install the Azure Connected Machine agent on your non-Azure server; behind the scenes it exposes a local identity endpoint that your code can call for tokens.
Documentation: https://learn.microsoft.com/en-us/azure/azure-arc/servers/managed-identity-authentication
You can run runbooks on on-prem machines under the authentication context of a Managed Identity. Configure a Hybrid Worker Group in your Automation Account, enable the account’s managed identity, install the Hybrid Worker agent on your on-prem VM, then target that group when you start the runbook. This lets your on-prem script call Azure services (Key Vault, Storage, etc.) without storing credentials.
Blog post: https://www.dcac.com/2023/11/27/azure-managed-identity-on-premises/
Learn how to extend Entra ID’s identity governance and secure remote access to AD-integrated and federation-based applications running on-prem. Topics include Application Proxy, lifecycle management for on-prem AD accounts, B2B collaboration, and unified governance for both cloud and on-prem apps.
Documentation: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/cloud-governed-management-for-on-premises
You can now configure a user-assigned managed identity as a federated credential on an Entra App registration. This establishes trust so that workloads running under that managed identity—across tenants—can request tokens for your multi-tenant app without secrets or certificates.
Announcing blog: https://devblogs.microsoft.com/identity/access-cloud-resources-across-tenants-without-secrets-ga/
Deep dive into system-assigned vs. user-assigned identities, how token acquisition and RBAC work for both control- and data-plane operations, and best practices for least-privilege and auditing.
Documentation: https://learn.microsoft.com/en-us/entra/architecture/service-accounts-managed-identities
Microsoft Secure Future Initiative
- Design a full-stack monitoring strategy on Azure
- Analyze your Azure infrastructure by using Azure Monitor logs
- Monitor your Azure virtual machines with Azure Monitor
- Monitor app performance
- AZ-700 Designing and Implementing Microsoft Azure Networking Solutions
- Architecture network infrastructure
- Distribute your services across Azure virtual networks
- Secure and isolate access using network security groups
- Learn module
- No case study
- Protect your virtual machines by using Azure Backup
- Disaster recovery and backup
- Back up and restore your Azure SQL database
- Protect your Azure infrastructure with Azure Site Recovery
- Design your site recovery solution in Azure
- Learn module
- No case study