Skip to content

Overview

Compute

Service name Service function
Batch Managed service for parallel and high-performance computing applications
Container Instances Run containerized apps on Azure without provisioning servers or VMs
Functions An event-driven, serverless compute service (FaaS)
Kubernetes Service AKS
Service Fabric Distributed systems platform. Runs in Azure or on-premises
Virtual Machine Scale Sets Scaling for Windows or Linux VMs
Virtual Machines Windows or Linux virtual machines (VMs)

Web

Service Name Description
API Management Publish APIs and control who can access the endpoints
App Service Managed service for hosting web apps (PaaS)
Notification Hubs Push notifications

Networking

Service name Service function
Application Gateway Load balancer that includes a WAF
Content Delivery Network CDN
DDoS Protection Protects Azure-hosted applications from DDOS attacks
DNS DNS
ExpressRoute Connects to Azure over high-bandwidth dedicated secure connections
Firewall Managed stateful firewall (HTTP, RDP, SSH, FTP)
Load Balancer Balances inbound/outbound connections to applications/service endpoints (w/in same region)
Network Security Groups Allow to filter network traffic to and from Azure resources in an Azure virtual network
Network Virtual Appliances (NVAs) Similar to hardware firewall appliances
Network Watcher Monitors and diagnoses network issues
Traffic Manager Distributes network traffic (via DNS) across Azure regions
Virtual Network Enables resources (i.e., VMs) to securely communicate with each other, the internet, and on-premises networks connections (single region)
Virtual WAN Creates a WAN connecting local and remote
VPN Gateway Access to Virtual Networks

Storage

Service name Service function
Blob storage
  • Storage service for very large (unstructured) objects, such as video files or bitmaps
  • Storage tiers: Hot / Cool (30 days) / Archive (180 days)
Disk storage Disks for virtual machines
File storage File shares that you can access and manage like a file server (SMB)
Queue storage A data store for queuing and reliably delivering messages between applications
Table storage A NoSQL store that hosts unstructured data independent of any schema

Databases

Service name Service function
Azure Database for MariaDB Managed MariaDB
Azure Database for MySQL Managed MySQL
Azure Database for PostgreSQL Managed PostgreSQL
Azure SQL Database Managed relational database (MSSQL)
Cache for Redis Cache
Cosmos DB Globally distributed NoSQL
Database Migration Service Migrates databases to the cloud
SQL Server on VMs Host enterprise SQL Server apps in the cloud
Synapse Analytics Managed data warehouse

DevOps

Service Name Description
Azure DevOps Development collaboration tools (pipelines, Git repositories, etc.)
Azure DevTest Labs On-demand Windows and Linux environments

Security

Service Name Description
Azure AD Cloud-based identity service (authn, SSO, identity services)
Azure Advanced Threat Protection (ATP)
  • Security solution that identifies, detects, and helps investigate advanced threats, compromised identities, and malicious insider actions
  • Components:
    • ATP portal: portal through which you can monitor and respond to suspicious activity
    • ATP sensors: installed directly on your domain controllers (to monitor its traffic)
    • ATP cloud service: runs on Azure infrastructure and is connected to Microsoft's intelligent security graph
Azure Information Protection (AIP) Solution that helps classify and optionally protect documents and emails by applying labels
Azure Key Vault Centralized cloud service for storing application secrets
Azure Policy
  • Create, assign and, manage policies which enforce different rules and effects over resources (think at AWS SCPs)
  • It focuses on resource properties (e.g., types or locations) during deployment and for already-existing resources (whereas RBAC focuses on user actions at different scopes)
  • It is a default-allow-and-explicit-deny system
  • Common policy definitions:
    • Allowed Storage Account SKUs (stock keeping units)
    • Allowed Resource Type
    • Allowed Locations
    • Allowed Virtual Machine SKUs
    • Not allowed resource types
Compliance Manager
  • Workflow-based risk assessment dashboard within the Service Trust Portal that enables to track, assign, and verify regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure
  • Compliance Manager is a dashboard that provides a summary of data protection and compliance stature and recommendations for improvement
Security Center
  • Monitoring service that provides threat protection both in Azure, and on-premises
  • The Free tier provides security policies, assessments, and recommendations while the Standard tier provides a robust set of features, including threat intelligence
  • It can:
    • Provide security recommendations based on your configurations, resources, and networks
    • Monitor security settings and automatically apply required security to new services as they come online
    • Continuously monitor all your services and perform automatic security assessments to identify potential vulnerabilities
    • Use machine learning to detect and block malware from being installed in your services and virtual machines
    • Analyze and identify potential inbound attacks and help to investigate threats and any post-breach activity which might have occurred
    • Just-In-Time access control for ports, reducing your attack surface by ensuring the network only allows traffic you require
Service Trust Portal (STP) Hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports (ISO, SOC, NIST, FedRAMP, GDPR) and other compliance-related information relevant to Microsoft's cloud services
Storage Service Encryption Azure storage automatically encrypts data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage
Trust Center Website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services

Monitoring

Service Name Description
Azure Monitor
  • Solution for collecting, analyzing, and acting on telemetry from cloud and on-premises environments
  • Collects:
    • Application monitoring data: Data about the performance and functionality of the code you have written, regardless of its platform
    • Guest OS monitoring data: Data about the operating system on which your application is running
    • Azure resource monitoring data: Data about the operation of an Azure resource
    • Azure subscription monitoring data: Data about the operation and management of an Azure subscription, as well as data about the health and operation of Azure itself
    • Azure tenant monitoring data: Data about the operation of tenant-level Azure services, such as Azure Active Directory
Azure Service Health
  • Suite of experiences that provide personalized guidance and support when issues with Azure services affect you
  • It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved
  • Azure Service Health can also help you prepare for planned maintenance and changes that could affect the availability of your resources
Resource Health
  • Helps diagnose and obtain support when an Azure service issue affects your resources
  • Gives a personalized dashboard of your resources' health, making it easier to understand if an SLA was violated
Azure Status Global view of the health state of Azure services

Big Data

Service Name Description
Azure Synapse Analytics Analytics service that brings together enterprise data warehousing and big data analytics
Azure HDInsight Analytics service for processing massive amounts of data (Spark, Hadoop, Kafka)
Azure Data Lake Analytics On-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights