โ˜๏ธ Start Here

Azure Cloud โ€”
The Mental Model

Every concept explained like you're 15. No jargon without explanation. Built for your developer background with practical examples.

What Is Cloud Computing? (The Big Picture)
CORE
Before cloud: Every company had a server room. Like owning a generator for your house. Expensive, you manage everything, even when idle. Cloud: Microsoft runs the servers. You rent what you need. Like connecting to the electricity grid โ€” you pay for what you use, they handle the power plant.

3 Service Models:

๐Ÿ—๏ธ IaaS โ€” Infrastructure as a Service
You get: raw servers, storage, networking. YOU install OS, runtime, apps. Like renting an empty building. Azure VM, VNet
๐Ÿ  PaaS โ€” Platform as a Service
You get: a managed runtime. YOU just deploy your code. Like renting a furnished apartment. App Service, Azure Functions
๐Ÿ“ฑ SaaS โ€” Software as a Service
You get: a complete product. Just use it. Like staying in a hotel. Microsoft 365, GitHub
โ˜๏ธ Serverless
You get: run code without thinking about servers. Pay per execution, not per hour. Azure Functions, Logic Apps
Azure = Microsoft's cloud. It's #2 globally (behind AWS), but #1 in enterprise because it integrates with Microsoft's products (Office 365, Active Directory, Windows). If your company uses Microsoft products, Azure is often the default choice.
Regions, Availability Zones & Resource Groups
GEOGRAPHY
Region: Azure has data centers in 60+ regions worldwide โ€” India Central, East US, West Europe, etc. Like post office sorting centers in each city. Availability Zone: Multiple physical data centers within one region. If one floods, others still run. Resource Group: A folder that groups related Azure resources together for billing and management.
Resource Group structureconcept
MyApp-Production (Resource Group)
โ”œโ”€โ”€ myapp-webapp (App Service)
โ”œโ”€โ”€ myapp-db (SQL Database)  
โ”œโ”€โ”€ myapp-storage (Storage Account)
โ”œโ”€โ”€ myapp-cache (Redis)
โ””โ”€โ”€ myapp-vault (Key Vault)

// All resources share lifecycle, region, billing tags
// Delete the resource group โ†’ deletes EVERYTHING in it
Azure Subscription & Management Hierarchy
STRUCTURE
Like a company's org chart: Management Group = the corporation, Subscription = a department with its own budget, Resource Group = a project within that department, Resource = individual tools/services used.
Management Group
Groups subscriptions. Set policies across all.
Subscription
A billing unit. One company may have Dev + Prod subscriptions.
Resource Group
Logical container for related resources.
Resource
Actual service: VM, DB, Storage, etc.
Compute

Compute Services

"Compute" = things that run your code. Azure has 4 main ways to run code, each with different tradeoffs.

Azure Virtual Machines (VM)
IaaS
Renting a full computer in the cloud. You choose: how many CPUs, how much RAM, what OS (Windows/Linux), and pay by the hour. You're responsible for installing software, patches, security.

When to use: Legacy apps that need specific OS, full control over environment, lift-and-shift of on-premise servers.

VM Key Concepts
  • VM Size โ€” Standard_B2s (2 vCPU, 4GB RAM) to massive GPU machines
  • VM Scale Sets โ€” Auto-scale VM count based on CPU/traffic demand
  • Availability Set โ€” Spread VMs across physical racks (prevent single point of failure)
  • Managed Disks โ€” OS and data disks, backed by Azure (SSD or HDD)
  • Azure Bastion โ€” Secure SSH/RDP access WITHOUT exposing public IP
Create VM โ€” Azure CLIbash
# Create a Linux VM
az vm create \
  --resource-group MyRG \
  --name MyVM \
  --image UbuntuLTS \
  --admin-username azureuser \
  --generate-ssh-keys \
  --size Standard_B2s

# Open port 80 for web traffic
az vm open-port --resource-group MyRG --name MyVM --port 80
Azure App Service
PaaS
Like an apartment vs. building your own house. App Service manages the OS, runtime (Node, Python, .NET), server patches, scaling. You just push your code and it runs. Perfect for web APIs!

When to use: Web apps, REST APIs, Angular frontends, .NET/Node/Python backends. This is what you'd deploy your Angular app or a Python ML API to.

App Service Features
  • Deployment slots โ€” staging slot, then swap to production with ZERO downtime
  • Auto-scale โ€” scale out (more instances) automatically based on CPU/requests
  • Custom domains + free SSL certificates (Let's Encrypt)
  • App Service Plan โ€” the underlying compute you pay for (F1=Free, B1=Basic, P1=Premium)
  • CI/CD built-in โ€” connect GitHub, push code โ†’ auto-deploys
Deploy Node.js API to App Servicebash
# Create App Service Plan
az appservice plan create \
  --name MyPlan --resource-group MyRG \
  --sku B1 --is-linux

# Create web app
az webapp create \
  --name myapi-prod \
  --resource-group MyRG \
  --plan MyPlan \
  --runtime "NODE|18-lts"

# Deploy from local git
az webapp deployment source config-local-git \
  --name myapi-prod --resource-group MyRG
Azure Functions โ€” Serverless
SERVERLESS
Imagine a light switch that only powers on when you flip it, and turns off immediately after. Azure Functions run your code ONLY when triggered โ€” an HTTP request, a timer, a message in a queue. You pay only for the milliseconds it runs, not 24/7.

Perfect for: Event-driven code, scheduled tasks (cron jobs), webhooks, data processing pipelines, background jobs.

Function Triggers
  • HTTP Trigger โ€” runs when someone calls a URL (like a REST endpoint)
  • Timer Trigger โ€” cron schedule (every day at 9am, every 5 minutes)
  • Blob Trigger โ€” runs when file uploaded to Azure Storage
  • Queue Trigger โ€” runs when message added to Azure Queue/Service Bus
  • Event Grid Trigger โ€” runs in response to Azure events
Azure Function โ€” HTTP + TimerPython
import azure.functions as func
import logging

# HTTP Trigger โ€” becomes a REST endpoint
@app.route(route="predict", methods=["POST"])
def predict(req: func.HttpRequest) -> func.HttpResponse:
    data = req.get_json()
    result = ml_model.predict(data['features'])
    return func.HttpResponse(json.dumps({'prediction': result}))

# Timer Trigger โ€” runs every day at 9am UTC
@app.timer_trigger(schedule="0 0 9 * * *")
def daily_report(timer: func.TimerRequest):
    logging.info('Running daily report...')
    generate_report_and_email()
Azure Kubernetes Service (AKS)
CONTAINERS
Docker containers are like shipping containers โ€” standardized boxes that run anywhere. Kubernetes (K8s) is the shipping port that manages thousands of containers: which ships carry which containers, auto-replacing broken ones, scaling up when busy. AKS is Azure's managed K8s.

When to use: Microservices, complex multi-container apps, when you need fine-grained control over scaling and deployment strategies.

Key K8s Concepts
  • Pod โ€” smallest unit, one or more containers running together
  • Deployment โ€” manages pods, rolling updates, rollbacks
  • Service โ€” stable IP/DNS name for a group of pods
  • Ingress โ€” HTTP routing rules, like an nginx config for all your services
  • ConfigMap / Secret โ€” inject config/secrets into pods without hardcoding
Azure Container Instances (ACI)
CONTAINERS
Run a single Docker container without setting up K8s. Like renting a taxi for one ride vs. buying a fleet. Perfect for one-off tasks, batch jobs, or quick testing. Pay per second.
Run ML model as containerbash
# Run your Python ML API as a container, instantly az container create \ --resource-group MyRG \ --name ml-api \ --image myregistry.azurecr.io/ml-model:latest \ --cpu 2 --memory 4 \ --ports 8000 \ --environment-variables MODEL_PATH=/models/v2
Storage

Storage Services

Azure has multiple storage types because different data needs different storage. Files โ‰  Tables โ‰  Blobs โ‰  Queues.

Azure Blob Storage
OBJECT STORE
Like a massive Google Drive for your app. Store any file: images, videos, PDFs, ML model files, backups, CSV datasets. "Blob" = Binary Large Object. Massively scalable, cheap, globally accessible via URL.
Blob Storage Tiers (by cost vs access speed)
  • Hot โ€” frequently accessed data, highest storage cost, lowest access cost
  • Cool โ€” infrequently accessed, lower cost, slightly slower
  • Archive โ€” rarely accessed, cheapest storage, hours to retrieve
Blob Storage โ€” Python SDKPython
from azure.storage.blob import BlobServiceClient

client = BlobServiceClient.from_connection_string(conn_str)
container = client.get_container_client("ml-datasets")

# Upload a file (e.g., CSV dataset)
with open("dataset.csv", "rb") as f:
    container.upload_blob("data/dataset.csv", f, overwrite=True)

# Download it
blob = container.get_blob_client("data/dataset.csv")
data = blob.download_blob().readall()

# Generate a temporary shareable URL (SAS Token)
from azure.storage.blob import generate_blob_sas, BlobSasPermissions
from datetime import datetime, timedelta
sas = generate_blob_sas(account_name, container_name, blob_name,
    account_key=key, permission=BlobSasPermissions(read=True),
    expiry=datetime.utcnow() + timedelta(hours=1))
url = f"https://{account_name}.blob.core.windows.net/{container_name}/{blob_name}?{sas}"
Azure Storage Account โ€” 4 Services in One
STORAGE
A Storage Account is like a building with 4 different types of offices inside. You can use all 4 or just the ones you need.
๐Ÿ“ฆ Blob Storage
Files, images, videos, datasets, backups. Access via URL.
๐Ÿ“‹ Table Storage
NoSQL key-value store. Cheap, simple. Like a massive spreadsheet in the cloud.
๐Ÿ“ฌ Queue Storage
Message queue for decoupling services. App writes message, worker reads and processes it.
๐Ÿ—‚๏ธ File Storage
SMB network file share. Mount it on VMs like a drive (Z:\ drive on Windows).
Create storage account โ€” CLIbash
az storage account create \
  --name mystorageaccount \
  --resource-group MyRG \
  --location eastus \
  --sku Standard_LRS \    # Locally Redundant = 3 copies in 1 datacenter
  --kind StorageV2        # Latest version, supports all 4 types

# Redundancy options:
# LRS โ€” 3 copies, same datacenter (cheapest)
# ZRS โ€” 3 copies across 3 Availability Zones (same region)
# GRS โ€” LRS + copies in paired region (disaster recovery)
Azure CDN & Static Web Hosting
CDN
A CDN (Content Delivery Network) is like a chain of warehouses near customers. Instead of shipping everything from one factory in the US to customers in India, you pre-stock a warehouse in Mumbai. When an Indian user requests your Angular app, it comes from Mumbai โ€” much faster!

For Angular apps: Build with ng build โ†’ upload to Blob Storage โ†’ enable Static Website โ†’ add Azure CDN in front โ†’ users get your app in milliseconds globally.

Deploy Angular app to Azure Storage + CDNbash
# 1. Build Angular app ng build --configuration production # 2. Upload to blob storage (with web hosting enabled) az storage blob upload-batch \ --source dist/my-app \ --destination '$web' \ --account-name mystaticsite # 3. Get the URL az storage account show \ --name mystaticsite \ --query "primaryEndpoints.web" # โ†’ https://mystaticsite.z13.web.core.windows.net
Networking

Networking in Azure

How Azure resources talk to each other and to the internet โ€” securely.

Virtual Network (VNet) & Subnets
NETWORK
A VNet is a private, isolated network in Azure โ€” like your company's private office building floor. No one outside can enter unless you explicitly let them in. Subnets are different rooms on that floor (one for web servers, one for databases, one for backend services).
VNet structureconcept
MyApp-VNet (10.0.0.0/16) โ”œโ”€โ”€ Frontend-Subnet (10.0.1.0/24) โ€” App Service, Load Balancer โ”œโ”€โ”€ Backend-Subnet (10.0.2.0/24) โ€” APIs, Functions โ””โ”€โ”€ DB-Subnet (10.0.3.0/24) โ€” SQL, Redis โ€” NO internet access # Resources in same VNet talk freely # NSG (Network Security Group) = firewall rules per subnet # DB-Subnet NSG: only allow traffic FROM Backend-Subnet on port 1433
Load Balancer & Application Gateway
TRAFFIC
Load Balancer: Like a traffic cop at a busy intersection โ€” distributes incoming cars (requests) across multiple lanes (server instances). Application Gateway: Smarter traffic cop that also checks IDs โ€” it's a Layer 7 (HTTP/HTTPS) load balancer with Web Application Firewall (WAF).
Azure Load Balancer
Layer 4 (TCP/UDP). Simple round-robin or hash distribution. Fast, cheap.
Application Gateway
Layer 7 (HTTP). URL-based routing, SSL termination, WAF. More features.
Azure Front Door
Global CDN + Load Balancer + WAF. Routes users to nearest healthy region.
Traffic Manager
DNS-based routing across regions. Route to nearest/fastest endpoint.
Private Endpoint & Service Endpoint
SECURITY
Service Endpoint: Add a shortcut from your VNet to an Azure service (like SQL DB) that bypasses the public internet. Traffic stays on the Microsoft backbone. Private Endpoint: Give the Azure service a PRIVATE IP inside your VNet. Now SQL DB looks like it's physically in your network โ€” no public IP at all. Much more secure.
Private Endpoint is the gold standard for security. Your storage account, Key Vault, SQL Database all get private IPs in your VNet. No exposure to the internet whatsoever. This is what enterprise apps use.
Identity

Identity & Access Management

Who is allowed to do what in Azure. The most important security topic.

Azure Active Directory (Azure AD / Entra ID)
IDENTITY
Azure AD is like the security reception desk for your entire company. Everyone (users, apps, services) must sign in here. It issues ID badges (tokens). Other services call the reception desk to verify the badge. It's SSO for everything Microsoft.
Key Concepts
  • Tenant โ€” your organization's Azure AD instance (one per company)
  • User โ€” a person with email + password in Azure AD
  • Service Principal โ€” an identity for an APP (not a person) to authenticate
  • Managed Identity โ€” an automatic identity for Azure services (no password needed!)
  • App Registration โ€” register your app to use Azure AD for login (OAuth2/OIDC)
Managed Identity โ€” secure, no passwords!Python
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

# No password, connection string, or API key anywhere in code!
# The VM/Function/App Service has an identity, Azure validates it
credential = DefaultAzureCredential()

# Access Key Vault using managed identity
kv_client = SecretClient(
    vault_url="https://myvault.vault.azure.net",
    credential=credential
)
secret = kv_client.get_secret("db-connection-string")
print(secret.value)  # Got it without any hardcoded credentials!
RBAC โ€” Role-Based Access Control
RBAC
Like hotel key cards โ€” a cleaner's keycard opens rooms but not the vault. A guest's card opens their own room. A manager's card opens everything. RBAC in Azure: you assign roles to users/services at different scopes.
Built-in Roles (most common)
  • Owner โ€” full access including managing who else has access
  • Contributor โ€” create/modify resources, but can't manage access
  • Reader โ€” view resources only, no changes
  • Storage Blob Data Contributor โ€” read/write blobs only
  • Key Vault Secrets User โ€” read secrets only (not keys or certificates)
Assign RBAC role โ€” CLIbash
# Give a user "Reader" access to a resource group
az role assignment create \
  --assignee [email protected] \
  --role Reader \
  --resource-group MyRG

# Give a Function App's managed identity access to Key Vault
az role assignment create \
  --assignee {managed-identity-object-id} \
  --role "Key Vault Secrets User" \
  --scope /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.KeyVault/vaults/{vault}
Secrets

Azure Key Vault

The secure place to store all your passwords, API keys, certificates, and connection strings. Never hardcode secrets in code again.

Key Vault โ€” Secrets, Keys & Certificates
VAULT
Key Vault is a bank safety deposit box for your app. You never write the combination (password) on a sticky note (in code). Instead, you put secrets IN the vault and your app retrieves them at runtime using its ID badge (Managed Identity).
๐Ÿ”‘ Secrets
Passwords, API keys, connection strings. Store and retrieve by name. Versioned. "db-password" โ†’ "P@ssw0rd123"
๐Ÿ—๏ธ Keys
Cryptographic keys for encryption/signing. Keys never leave the vault โ€” you send data IN, get encrypted data back.
๐Ÿ“œ Certificates
TLS/SSL certificates. Auto-renewal, no more "certificate expired" incidents.
๐Ÿ”’ HSM
Hardware Security Module โ€” physically tamper-proof key storage for max security (Premium tier).
Key Vault โ€” full workflowPython + bash
# 1. Store a secret via CLI
az keyvault secret set \
  --vault-name myapp-vault \
  --name "openai-api-key" \
  --value "sk-xxxxxxxxxxxxxxxx"

# 2. Give your app's managed identity access
az keyvault set-policy \
  --name myapp-vault \
  --object-id {app-managed-identity-id} \
  --secret-permissions get list

# 3. App reads secret at runtime โ€” Python
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

credential = DefaultAzureCredential()
client = SecretClient("https://myapp-vault.vault.azure.net", credential)

openai_key = client.get_secret("openai-api-key").value
# Use it โ€” never stored in code or environment variables!

# App Service: reference Key Vault in app settings
# @Microsoft.KeyVault(SecretUri=https://vault.azure.net/secrets/name/version)
Databases

Azure Database Services

Azure has managed versions of every popular database. "Managed" means Azure handles backups, patches, HA, scaling.

Azure SQL Database
SQL
Fully managed SQL Server in the cloud. You just run queries โ€” Azure handles: automatic backups every 5-35 days, automatic failover if the server crashes, automatic patching, built-in threat detection.
Purchasing Models
  • DTU model โ€” simpler, fixed bundles (Basic/Standard/Premium)
  • vCore model โ€” choose exact CPUs and RAM, more flexible
  • Serverless โ€” auto-scales compute, pauses when idle (save cost!)
  • Hyperscale โ€” up to 100TB, read replicas
Azure Cosmos DB
NOSQL
The world's biggest, most globally distributed NoSQL database. Like having a copy of your database on every continent, all staying in sync within milliseconds. Used by most Fortune 500 companies for global apps.

APIs supported: NoSQL (documents), MongoDB, Cassandra, Gremlin (graph), Table. You pick your preferred API and it works.

When to use Cosmos DB
  • Global apps needing <10ms reads anywhere in the world
  • Variable/schema-less data (JSON documents)
  • Massive scale (millions of requests/second)
  • IoT telemetry, social media feeds, gaming leaderboards
Azure Cache for Redis
CACHE
Your database is like a library โ€” great for storing everything, but slow to fetch. Redis is like sticky notes on your desk โ€” the 10 things you access most often, RIGHT THERE, instantly. Cache frequently accessed data in Redis, drastically reducing DB load and response times.
Redis cache pattern โ€” PythonPython
import redis
r = redis.from_url(os.getenv("REDIS_URL"))

def get_user(user_id: str):
    # 1. Check cache first
    cached = r.get(f"user:{user_id}")
    if cached:
        return json.loads(cached)

    # 2. Cache miss โ€” fetch from DB
    user = db.query("SELECT * FROM users WHERE id=?", user_id)

    # 3. Store in cache for 5 minutes
    r.setex(f"user:{user_id}", 300, json.dumps(user))
    return user
Messaging

Messaging & Event Services

Decouple your services. Instead of calling each other directly (tight coupling), services communicate via messages or events.

Azure Service Bus
MESSAGING
Enterprise-grade message broker. Like a courier service between departments in a company: Service A drops a package (message) at the courier. Service B picks it up when ready. Even if B is offline for 2 hours, the package waits. Messages are guaranteed to be delivered exactly once.
Queue vs Topic
  • Queue โ€” one sender, one receiver (point-to-point, competitive consumers)
  • Topic + Subscriptions โ€” one sender, many receivers (pub/sub, fan-out)
  • Dead Letter Queue โ€” failed messages go here for inspection/retry
  • Sessions โ€” guarantee ordering for a specific customer's messages
Azure Event Hub & Event Grid
EVENTS
Event Hub: A data pipeline for massive volume of events. Like a high-speed conveyor belt at Amazon's warehouse โ€” millions of packages per second. Used for telemetry, clickstreams, IoT sensor data. Kafka-compatible. Event Grid: React to Azure events. When someone uploads a file to Blob Storage, automatically run a Function. When a VM is deleted, send a Slack notification. Infrastructure events โ†’ code reactions.
Event Hub
Big data streaming. Millions of events/sec. 1 to 90 day retention. Kafka protocol.
Event Grid
Reactive to Azure events. HTTP push to subscribers. Low volume, event-driven.
Service Bus
Enterprise messaging. Guaranteed delivery, ordering, dead-lettering.
Storage Queue
Simple, cheap. Max 64KB message. Basic at-least-once delivery.
AI

Azure AI & Cognitive Services

Pre-built AI models as APIs โ€” no ML knowledge required to USE them. This connects directly to your ML learning.

Azure OpenAI Service
OPENAI
GPT-4, DALL-E, Whisper โ€” accessed via Azure's infrastructure with enterprise security, private networking, GDPR compliance, SLAs. Same models as OpenAI.com but with Azure's security wrapper. Your data doesn't train their models.
Azure OpenAI โ€” PythonPython
from openai import AzureOpenAI

client = AzureOpenAI(
    azure_endpoint="https://myapp.openai.azure.com",
    api_key=os.getenv("AZURE_OPENAI_KEY"),  # or Managed Identity!
    api_version="2024-02-01"
)

response = client.chat.completions.create(
    model="gpt-4",  # your deployment name
    messages=[
        {"role": "system", "content": "You are a helpful assistant."},
        {"role": "user", "content": "Explain machine learning simply."}
    ]
)
print(response.choices[0].message.content)
Azure ML Studio & Machine Learning
ML
Azure ML is a complete platform for ML teams: create datasets, train models (on GPU clusters), track experiments, register models, deploy them as REST APIs, monitor them in production. The entire ML lifecycle in one place.
Azure ML Key Components
  • Workspace โ€” the container for everything ML in your project
  • Compute Clusters โ€” auto-scale GPU/CPU VMs for training
  • Experiments โ€” track model training runs (hyperparams, metrics, artifacts)
  • Model Registry โ€” versioned models with metadata
  • Endpoints โ€” deploy a model as a REST API (managed online endpoint)
  • Pipelines โ€” chain data prep โ†’ training โ†’ evaluation โ†’ deployment
Deploy ML model as API โ€” PythonPython
from azure.ai.ml import MLClient from azure.identity import DefaultAzureCredential ml_client = MLClient(DefaultAzureCredential(), subscription, rg, workspace) # Register trained model model = ml_client.models.create_or_update(Model( path="./model", name="fraud-detector", version="2" )) # Deploy as online endpoint deployment = ManagedOnlineDeployment( name="v2", endpoint_name="fraud-api", model=model, instance_type="Standard_DS3_v2", instance_count=1 ) ml_client.online_deployments.begin_create_or_update(deployment)
Azure Cognitive Services (AI APIs)
COGNITIVE
Pre-built AI you can call via REST API โ€” no training required. Like buying a calculator vs. building one. Microsoft trained these models, you just call the API.
๐Ÿ‘๏ธ Computer Vision
Analyze images, detect objects, OCR text from images, describe photos
๐Ÿ’ฌ Language
Sentiment analysis, entity extraction, key phrase, language detection, summarization
๐Ÿ—ฃ๏ธ Speech
Speech-to-text, text-to-speech, real-time transcription, speaker diarization
๐Ÿ” Document Intelligence
Extract structured data from invoices, receipts, contracts, forms (formerly Form Recognizer)
DevOps

Azure DevOps & CI/CD

Automate everything from code commit to production deployment.

Azure DevOps โ€” All Services
DEVOPS
Azure DevOps is like a complete factory management system for software: from accepting raw materials (code) to delivering finished products (deployed apps) through quality control (testing) and automated assembly lines (CI/CD pipelines).
๐Ÿ“‹ Boards
Work items, sprints, Kanban boards, backlogs. Like Jira.
๐Ÿ“ฆ Repos
Git repositories. Like GitHub.
๐Ÿ”„ Pipelines
CI/CD automation. Build, test, deploy on every push.
๐Ÿงช Test Plans
Manual + automated testing management.
Azure Pipelines โ€” YAML CI/CD for Angular + Python APIYAML
trigger:
  branches:
    include: [main]

stages:
- stage: Build
  jobs:
  - job: BuildAngular
    steps:
    - task: NodeTool@0
      inputs: { versionSpec: '18.x' }
    - script: |
        npm ci
        npm run build -- --configuration production
    - publish: dist/my-app
      artifact: angular-build

  - job: BuildPythonAPI
    steps:
    - script: pip install -r requirements.txt
    - script: pytest tests/ -v
    - script: docker build -t myapi:$(Build.BuildId) .

- stage: Deploy
  dependsOn: Build
  condition: succeeded()
  jobs:
  - deployment: DeployToProduction
    environment: production
    strategy:
      runOnce:
        deploy:
          steps:
          - task: AzureWebApp@1
            inputs:
              azureSubscription: 'MyAzureConnection'
              appName: 'myapp-api'
              package: '$(Pipeline.Workspace)/drop/*.zip'
Monitoring

Monitoring & Observability

"If you can't measure it, you can't improve it." Azure Monitor is the central hub for all observability.

Azure Monitor & Application Insights
MONITOR
Azure Monitor: The mission control center โ€” collects metrics and logs from ALL Azure resources. CPU of your VM, error rate of your API, storage usage. Application Insights: Smart APM (Application Performance Monitoring) for your code. Automatically tracks requests, exceptions, dependencies, response times โ€” without you adding log statements everywhere.
Application Insights gives you
  • Live Metrics โ€” see requests/sec and failures in real time
  • Transaction Search โ€” trace every individual request end-to-end
  • Failures โ€” which endpoints fail, what exceptions are thrown
  • Performance โ€” slowest requests, external dependencies (SQL, HTTP calls)
  • Users โ€” page views, sessions, geographic breakdown
  • Alerts โ€” notify on Slack/email when error rate > 5%
Add App Insights to Python APIPython
from applicationinsights import TelemetryClient tc = TelemetryClient(os.getenv("APPINSIGHTS_KEY")) # Track custom events tc.track_event("ModelPrediction", {"model_version": "v2"}, {"confidence": 0.95}) # Track exceptions try: result = model.predict(data) except Exception as e: tc.track_exception() tc.flush() raise # For FastAPI โ€” use opencensus-ext-azure (auto-instruments everything) from opencensus.ext.azure.trace_exporter import AzureExporter from opencensus.trace.samplers import ProbabilitySampler
Log Analytics & KQL Queries
LOGS
Log Analytics is like Google for your logs. All logs from all services flow into one place. You query them with KQL (Kusto Query Language) โ€” like SQL but optimized for time-series log data.
KQL โ€” common queriesKQL
// Top 10 most common errors in last 24h
exceptions
| where timestamp > ago(24h)
| summarize count() by outerMessage
| order by count_ desc
| take 10

// Average API response time by endpoint
requests
| where timestamp > ago(1h)
| summarize avg(duration) by name
| order by avg_duration desc

// Find slow SQL queries
dependencies
| where type == "SQL" and duration > 1000
| project timestamp, name, duration, data
Cost

Pricing & Cost Management

Cloud costs can surprise you. Understand pricing models and how to keep bills low.

Pricing Models
PRICING
Pay-as-you-go
No commitment. Pay per second/GB/request. Most expensive per unit but zero lock-in.
Reserved Instances
Commit to 1 or 3 years upfront. Save 40-72% vs pay-as-you-go for predictable workloads.
Spot/Low Priority VMs
Unused capacity, up to 90% discount. Azure can reclaim at any time โ€” use for batch jobs.
Azure Hybrid Benefit
Bring your own Windows Server / SQL Server licenses. Save 40%+.
Cost Saving Tips
  • Auto-shutdown dev/test VMs outside business hours
  • Use Azure Functions (serverless) instead of always-on VMs for intermittent work
  • Set budgets and alerts in Cost Management before you overspend
  • Delete unused resources (orphaned disks, old snapshots, unused IPs)
  • Use Cool/Archive blob tiers for infrequently accessed data
  • Azure Advisor โ€” free recommendations on cost, security, performance
Azure Pricing Calculator (calculator.azure.com) lets you estimate costs before you build. Azure Cost Management shows your actual spending by service, resource group, and tag. Set a budget alert at 80% of your monthly limit to avoid surprises.
Certification Path
CERTS
Azure certifications are like driving licenses โ€” they prove to employers you know the concepts. They're internationally recognized and often required for senior cloud roles.
Recommended Path for You
  • AZ-900: Azure Fundamentals โ€” concepts, no technical depth (start here if new)
  • AZ-104: Azure Administrator โ€” VMs, networking, storage, identity (3yr devs)
  • AZ-204: Azure Developer โ€” Functions, App Service, Cosmos DB, APIs โ† MOST RELEVANT
  • AZ-305: Azure Architect โ€” design solutions end-to-end
  • AI-102: Azure AI Engineer โ€” Cognitive Services, Azure ML

For your background (3yr dev, learning ML): Start with AZ-204 (Developer) โ€” it covers exactly what you'll use: App Service, Functions, Cosmos DB, Key Vault, Storage, identity. Then AI-102 to combine cloud + ML knowledge.