IL - Architecting an Enterprise Cloud

Course Overview

A successful migration to Azure begins with ensuring your team has setup Azure subscriptions, security, policies, connectivity, cost management, operations and monitoring correctly using best practices and proven guidance. Ensuring workloads are properly architected for PaaS or IaaS is critical as a misconfiguration could delay or rollback part of your cloud migration. In this course, we will discuss architecture and governance best practices and patterns to help prepare your organization for a digital transformation to Microsoft Azure.

Topics will include:

  • Azure Subscription Management
  • Using the Azure EA Portal
  • Infrastructure and PaaS Architecture best practices
  • Managing subscriptions at scale using Management Groups
  • Controlling risk using Azure Policy
  • Role Based Access Control (RBAC)
  • Auditing and Monitoring with Azure Monitor and Log Analytics
  • Cost Management overview
  • Building best practices and reusable intellectual property (including Azure Blueprints)
  • Setting up a Center of Excellence within your organization

Course Details
  • Duration: 3 Days
  • Level: 400

Who this course is designed for
  • Cloud Architects
  • Operations and Support

  • Infrastructure Planning: Understand best practices for enabling enterprise connectivity and infrastructure as a service deployment and configuration
  • Resource Organization: Understanding best practices for organizing and tagging resources
  • Role Based Access Control: setting up role-based access control using a least privileged approach, including creating and using custom roles as needed.
  • Configuring Azure Resource Manager Policies: Allowing specific regions, creating a service catalog, configuring SKUs
  • Management Groups: Understand how to implement management groups to allow control of role-based access control and policies across subscriptions for enterprise level governance
  • Subscription Auditing: Understanding the various tools and services available for monitoring and auditing changes to your Azure Subscriptions
  • Cost Monitoring and Charge Back: how much are you spending in a single subscription, vs multiple subscriptions, how to implement charge back
  • Monitoring and Operations: understand which services and tools are available for monitoring and managing workloads ranging from IaaS to PaaS in Azure
  • Managing Reusable IP: understand best practices for creating and organizing assets such as templates, scripts, and code for maximum reusability and management
  • Providing access to Azure: learn how to setup a “sandbox” in Azure to allow teams to experiment and learn without risking production systems and controlling costs
  • Attendees should have a solid foundation in Microsoft Azure prior to attending the course


Architecting Azure Infrastructure as a Service

In this module, attendees will learn best practices and patterns for enabling hybrid connectivity as well as deploying workloads using Azure IaaS. 
Azure Governance Introduction In this module, attendees will understand some of the key reasons behind the need for implementing governance and an introduction to the tools available to help manage their enterprise cloud. 

Resource Organization

In this module, attendees will learn best practices for organizing resources within their organization. 

Topics will include: 
When to create a subscription and how to organize subscriptions using the Azure EA portal. 
Understanding cross subscription connectivity patterns
Best practices for creating resource groups and which resource groups to create resources in.
When to create tags and apply to resources for organizational and tracking purposes 

Role Based Access Control

In this module, attendees will learn the ins-and-outs of Role Based Access Control (RBAC). 

Topics will include:
Understanding the available built-in roles, 
How to view and understand what permissions each role can do 
When and how to create and use custom roles. 
Manage roles using the Azure portal and the command line tools.

Resource Manager Policies

In this module, attendees will understand how to author custom policies and policy templates to enforce compliance in their Azure Subscriptions. 

Topics will include:
Understand policy capabilities 
How to author policies for topics such as service catalog, regions and SKU support
How to monitor for policy failures
How to deploy across one or more subscriptions

Management Groups

In this module, attendees will learn how to use Azure Management Groups to manage role based access control (RBAC) and Azure Policies to implement governance controls across multiple subscriptions for enterprise level control.

Cost Management

In this module, attendees will learn how to use the Azure Cost Management feature to track spending across their Azure subscriptions.

Topics will include: 
How to monitor spending by resource and subscription
How to create spending forecasts 
How to control access to spending data
Create spending alerts
How to implement chargeback 

Auditing and Change Management

In this module, attendees will learn where to find and monitor data from various aspects of their Azure subscriptions. 

Topics will include an introductory overview of the following Azure services: 
Activity Log
Security Center
Log Analytics
Network Watcher
Azure AD Reporting

Operations and Automation in Azure

In this module, attendees will learn how to use services in Azure to monitor their services and solutions and to compose solutions that will effectively alert and trigger actions based on the established parameters. This module will discuss using the following services and solutions: 

Monitoring - Azure Monitor, Log Analytics, Security Center, Application Insights, Network Watcher 
Automation - Chef, Puppet, PowerShell DSC, Logic Apps, Event Grid

Managing Reusable IP 

In this module, attendees will learn best practices for building an IP repository in their organization for versioning templates, scripts, sample code as well as 
Extending Azure for Learning

Training Options

Dedicated Delivery

This course can be delivered dedicated to your team either virtually or onsite. A dedicated delivery allows deeper discussion with your team and our instructor on projects and workloads that are specific to your environment.

Customized Delivery

This course can be customized by adding or removing topics, going deeper on specific topics, or by customizing the delivery schedule to make it easier for your team to attend the training.

Contact a Cloud Training Specialist

Back to the Schedule

Course Schedule