Azure: The Fundamentals

In my previous post, ‘Introduction to Cloud Computing’ I covered the very basics of Cloud Computing and the concepts you need to consider surrounding Cloud services and platforms.

This article is designed to give you an Introduction into one of the leading cloud computing service providers, Microsoft Azure.

This article will not cover the creation of services or any technical concepts, the aim is to familiarize yourself with Azure, how it works and some tips and tricks that will make your administration of Azure faster and easier in the future.


Management Portal

Microsoft Azure uses a UI called the Management Portal, accessible via The portal is used for the creation, administration and monitoring of Azure resources such as virtual machines and networks.

Prior to accessing the portal you will need an Azure Portal account, accounts can be created for free and Microsoft often give you free credit to use in your first month. The free credit is useful for having a play and running some labs without any costs to yourself.

When you have an Azure account, you need to be aware that a single Azure account can hold multiple subscriptions. Subscriptions are groups of services on Azure usually use by one company. Azure is billed per subscription not account.

Cloudy Tip: The Azure portal is not the only method to using Azure, you can also use PowerShell, Azure CLI and REST APIs without the need for any UI.

As you can see below, once opened the portal displays a list of available services down the left, this is not every service but the most commonly used. The Azure dashboard is fully customizable and multiple dashboards can be created. This is useful as you can create custom dashboard depending on your job role.



ARM (Azure Resource Manager)

Azure Resource Manager is the service used to provision resources within your subscription. ARM was first announced in 2014, before that the “Classic deployment “model was used to create resources.

ARM allows an admin to create resources much faster that the classic method with far less mistakes and issues. It is able to inspect resources when provisioning to ensure you have all the dependencies needed for that resource to run correctly.

When you create a resource in Azure, a resource provider creates and manages the resource. This provider can be accessed via one UI, the portal. In the past these providers would not be accessed via the portal but via resource specific API’s which made deployments far more complicated and issues harder to troubleshoot.

ARM deployment templates can also be used with the ARM deployment model. The templates are created using JSON and allow for a declarative design of resources in the JSON format. You can deploy anything from one VM to a whole environment using the ARM templates, allowing for much faster deployments and automation.



Azure regions are a set of datacentres, usually in groups of 3 or more, grouped by location and located all around the globe via a low-latency network. Whenever you deploy a resource or service in Azure, you have to choose what region to put that service in. Only a few resources such as DNS can be created without setting a region.

Usually the best region to choose is the one closest to your users and customers, as this will ensure performance is the best possible.

At the time of writing, Microsoft Azure has 54 regions worldwide and available in 140 countries. Azure also has secret regions used for governments, the locations of these secret regions are never disclosed for obvious security reasons.

Another concept regarding regions is Region Pairs. When using multi-region deployments, Region Pairs allow you to set a secondary region which can be used to failover in the event of the primary region having an outage

A further concept regarding regions and high-availability is availability zones. Availability zones are physical separate locations within a region. Each zone has a datacentre or multiple that are equipped with their own independent cooling, networking, power and other hardware. This allows you to run resources on more than one zone allowing customer to run critical apps with high availability in case one datacentre fails.


Resource Groups

Resource groups within Azure are used to group a collection of resources and services into one group. A common method is to group any resources that are involved in the same workflow oe application. For example, if you had various web apps in Azure, you would groups all the services that are used by one app and do the same for the other apps. Another example would be grouping all the resources of a VM such as NIC, Public IP and disks.

This allows for more efficient management and monitoring of resources as they are separated into logical groups. Similar to regions, almost every resource you create in Azure will need a resource group to be set. It is possible to move resources from one resource group to another.

Cloudy Tip:  Resource groups are very useful when de-provisioning services or applications in Azure. Instead of deleting and removing each separate resource, you can simple delete the resource group and this will remove all the resources within the group.

The image below shows the view you will have from the portal of each resource group you have created.


Roles & Permissions

In Azure, resource control is managed via Role-based access control (RBAC). Azure has over 70 built-in roles allowing different levels of access to specific resources.

For example, the “Security Manager” role allows an admin to manage all security components, policies and VMs.

When setting up new admin accounts in Azure, you should only grant them roles which match the type of work they will be completing, this creates a much securer environment and reduces accidental mistakes being made by admins with more access than they need.

Custom RBAC roles can also be created, this allow you to specify exactly what access a user is allowed. Custom roles use a security principal and a role definition to specify the permissions. These are useful when the built-in roles don’t match exactly what you need. For example, you may want to grant an admin access to control everything within a specific resource group, but no other group.

Cloudy Tip:  If you cannot find a role that suits your needs, create a custom RBAC role instead.


Services & Resources

Azure offers a huge list of resources and services that can be provisioned. I could write a huge post on each separate service, however as this is just an overview of Azure, I will briefly comment on some of the more commonly used resources.

Virtual Machines are one of the most common resources you can provision in Azure. You can create a VM, choose its OS, Memory, Disk, Network and Public IP amongst other settings. Virtual machines are a great place to start when learning Azure. If you have not done so already, create an Azure account and go ahead and create a Virtual machine. It’s very simple and fast.

Storage is another resource you can create in Azure. Azure offers many types of storage, some useful for creating file shares for users and other types can be used as disks for VMs amongst many other possible use cases. Depending on your needs and budget, disks can be anything from Premium SSD disks to a standard HDD disk.

Networking in Azure is a representation of your own network, but in the cloud. VNets (Virtual networks) and subnets can be created as with any traditional network. Conceptually VNets are the same as any office or home network, however VNets in Azure are software-defined networks built on physical network infrastructure. Connections can be created between resources, NSGs can be used to secure traffic, Load balancers can be used to distribute traffic for high availability and Remote gateways can be created for VPN connections.

Active Directory is also a resource you can create in Azure. It is a cloud based identity and access management system. Unlike the AD you host on-premises on server based Domain Controllers, Azure offers an AD service that resides on the Azure backbone and therefore requires very little setup.

Web Applications is another widely used resource, it allows you to use Azure as a website and web application hosting service. However, unlike traditional hosting services, you have greater control if you use Azure to host your apps. You also have the ability to use other Azure services alongside web apps, such as Load balancers and auto-scaling. Such a task outside of the cloud would require expensive hardware and extensive setup times.

The image below shows some, but not all of the resources and services available in Azure.




Microsoft Azure is an extremely powerful tool to provision resources and services in the cloud. I hope this article helped you in understanding how it works, what is possible and how it all comes together. I will go into more detail in future articles regarding various resources. If you would like more information regarding the fundamentals of Azure I recommend either reading the Official Docs or create your own free account and have a play.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top