Overview

Compute¶

Service name	Service function
Batch	Managed service for parallel and high-performance computing applications
Container Instances	Run containerized apps on Azure without provisioning servers or VMs
Functions	An event-driven, serverless compute service (FaaS)
Kubernetes Service	AKS
Service Fabric	Distributed systems platform. Runs in Azure or on-premises
Virtual Machine Scale Sets	Scaling for Windows or Linux VMs
Virtual Machines	Windows or Linux virtual machines (VMs)

Web¶

Service Name	Description
API Management	Publish APIs and control who can access the endpoints
App Service	Managed service for hosting web apps (PaaS)
Notification Hubs	Push notifications

Networking¶

Service name	Service function
Application Gateway	Load balancer that includes a WAF
Content Delivery Network	CDN
DDoS Protection	Protects Azure-hosted applications from DDOS attacks
DNS	DNS
ExpressRoute	Connects to Azure over high-bandwidth dedicated secure connections
Firewall	Managed stateful firewall (HTTP, RDP, SSH, FTP)
Load Balancer	Balances inbound/outbound connections to applications/service endpoints (w/in same region)
Network Security Groups	Allow to filter network traffic to and from Azure resources in an Azure virtual network
Network Virtual Appliances (NVAs)	Similar to hardware firewall appliances
Network Watcher	Monitors and diagnoses network issues
Traffic Manager	Distributes network traffic (via DNS) across Azure regions
Virtual Network	Enables resources (i.e., VMs) to securely communicate with each other, the internet, and on-premises networks connections (single region)
Virtual WAN	Creates a WAN connecting local and remote
VPN Gateway	Access to Virtual Networks

Storage¶

Service name	Service function
Blob storage	Storage service for very large (unstructured) objects, such as video files or bitmaps Storage tiers: Hot / Cool (30 days) / Archive (180 days)
Disk storage	Disks for virtual machines
File storage	File shares that you can access and manage like a file server (SMB)
Queue storage	A data store for queuing and reliably delivering messages between applications
Table storage	A NoSQL store that hosts unstructured data independent of any schema

Databases¶

Service name	Service function
Azure Database for MariaDB	Managed MariaDB
Azure Database for MySQL	Managed MySQL
Azure Database for PostgreSQL	Managed PostgreSQL
Azure SQL Database	Managed relational database (MSSQL)
Cache for Redis	Cache
Cosmos DB	Globally distributed NoSQL
Database Migration Service	Migrates databases to the cloud
SQL Server on VMs	Host enterprise SQL Server apps in the cloud
Synapse Analytics	Managed data warehouse

DevOps¶

Service Name	Description
Azure DevOps	Development collaboration tools (pipelines, Git repositories, etc.)
Azure DevTest Labs	On-demand Windows and Linux environments

Security¶

Service Name	Description
Azure AD	Cloud-based identity service (authn, SSO, identity services)
Azure Advanced Threat Protection (ATP)	Security solution that identifies, detects, and helps investigate advanced threats, compromised identities, and malicious insider actions Components: ATP portal: portal through which you can monitor and respond to suspicious activity ATP sensors: installed directly on your domain controllers (to monitor its traffic) ATP cloud service: runs on Azure infrastructure and is connected to Microsoft's intelligent security graph
Azure Information Protection (AIP)	Solution that helps classify and optionally protect documents and emails by applying labels
Azure Key Vault	Centralized cloud service for storing application secrets
Azure Policy	Create, assign and, manage policies which enforce different rules and effects over resources (think at AWS SCPs) It focuses on resource properties (e.g., types or locations) during deployment and for already-existing resources (whereas RBAC focuses on user actions at different scopes) It is a default-allow-and-explicit-deny system Common policy definitions: Allowed Storage Account SKUs (stock keeping units) Allowed Resource Type Allowed Locations Allowed Virtual Machine SKUs Not allowed resource types
Compliance Manager	Workflow-based risk assessment dashboard within the Service Trust Portal that enables to track, assign, and verify regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure Compliance Manager is a dashboard that provides a summary of data protection and compliance stature and recommendations for improvement
Security Center	Monitoring service that provides threat protection both in Azure, and on-premises The Free tier provides security policies, assessments, and recommendations while the Standard tier provides a robust set of features, including threat intelligence It can: Provide security recommendations based on your configurations, resources, and networks Monitor security settings and automatically apply required security to new services as they come online Continuously monitor all your services and perform automatic security assessments to identify potential vulnerabilities Use machine learning to detect and block malware from being installed in your services and virtual machines Analyze and identify potential inbound attacks and help to investigate threats and any post-breach activity which might have occurred Just-In-Time access control for ports, reducing your attack surface by ensuring the network only allows traffic you require
Service Trust Portal (STP)	Hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports (ISO, SOC, NIST, FedRAMP, GDPR) and other compliance-related information relevant to Microsoft's cloud services
Storage Service Encryption	Azure storage automatically encrypts data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage
Trust Center	Website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services

Monitoring¶

Service Name	Description
Azure Monitor	Solution for collecting, analyzing, and acting on telemetry from cloud and on-premises environments Collects: Application monitoring data: Data about the performance and functionality of the code you have written, regardless of its platform Guest OS monitoring data: Data about the operating system on which your application is running Azure resource monitoring data: Data about the operation of an Azure resource Azure subscription monitoring data: Data about the operation and management of an Azure subscription, as well as data about the health and operation of Azure itself Azure tenant monitoring data: Data about the operation of tenant-level Azure services, such as Azure Active Directory
Azure Service Health	Suite of experiences that provide personalized guidance and support when issues with Azure services affect you It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved Azure Service Health can also help you prepare for planned maintenance and changes that could affect the availability of your resources
Resource Health	Helps diagnose and obtain support when an Azure service issue affects your resources Gives a personalized dashboard of your resources' health, making it easier to understand if an SLA was violated
Azure Status	Global view of the health state of Azure services

Big Data¶

Service Name	Description
Azure Synapse Analytics	Analytics service that brings together enterprise data warehousing and big data analytics
Azure HDInsight	Analytics service for processing massive amounts of data (Spark, Hadoop, Kafka)
Azure Data Lake Analytics	On-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights