What is Azure Virtual Machines?

Azure Virtual Machines is an on-demand, scalable cloud-computing resource. It includes all resources
like physical machine such as processors, memory, storage, and networking resources.

How to take RDP of virtual machines?

1. Linux  SSH Port 22

2. RDP RDP port 3389
3. Basion

Which Resources need to create a VM?

1. Resource Group, Resource Group to contain the VM. When you create a new VM, you can either
use an existing resource group or create a new one.
2. A virtual machine that provides CPU and memory resources
3. An Azure Storage account to hold the virtual hard disks
4. Virtual disks to hold the OS, applications, and data
5. A virtual network (VNet) to connect the VM to other Azure services or your on-premises
hardware
6. A network interface to communicate with the VNet
7. An optional public IP address so you can access the VM

How about the incoming and outgoing traffic from the VM?

By default, new VMs are locked down. Apps can make outgoing requests, but the only inbound traffic
allowed is from the virtual network (e.g., other resources on the same local network) and from Azure
Load Balancer (probe checks).

What about Opening ports in Azure VMs? Or which port can open during create the VM?

There are two steps to adjusting the configuration to support different protocols on the network. When
you create a new VM, you have an opportunity to open a few common ports (RDP, HTTP, HTTPS, and
SSH). However, if you require other changes to the firewall, you will need to adjust them manually.

How many ways to open the port for the VM?

The process for this involves two steps:

1. Create a network security group.

2. Create an inbound rule allowing traffic on the ports you need.

1. What are options in the management tab?

 Boot diagnostic: - it automatically enabled
 Enable OS guest diagnostics.
 System assigned managed identity: - A system assigned managed identity enables Azure
resources to authenticate to cloud services (e.g. Azure Key Vault) without storing
credentials in code. Once enabled, all necessary permissions can be granted via Azure
role-based access control. The lifecycle of this type of managed identity is tied to the
 lifecycle of this resource. Additionally, each resource (e.g. Virtual Machine) can only
have one system assigned managed identity.
 Login with Azure AD: - Use your corporate Active Directory credentials to log in to the
VM, enforce MFA, and enable access via RBAC roles.
 Enable auto-shutdown
 Enable backup
 Enable Disaster Recovery: - Azure Site Recovery helps to keep your virtual machines
running during outages. Enable it to replicate your virtual machine to a secondary Azure
region.
 Guest OS updates: -
2. What are options in the management tab?
 Extensions: - Extensions provide post-deployment configuration and automation.
 Custom data: - Pass a script, configuration file, or other data into the virtual machine
while it is being provisioned. The data will be saved on the VM in a known location.
 Enable user data: - Pass a script, configuration file, or other data that will be accessible
to your applications throughout the lifetime of the virtual machine. Don't use user data
for storing your secrets or passwords.
 Azure Dedicated Host: - Azure Dedicated Hosts allow you to provision and manage a
physical server within our data centers that are dedicated to your Azure subscription. A
dedicated host gives you assurance that only VMs from your subscription are on the
host, flexibility to choose VMs from your subscription that will be provisioned on the
host, and the control of platform maintenance at the level of the host.
 Proximity placement group: - Proximity placement groups allow you to group Azure
resources physically closer together in the same region.
 VM generation: - Generation 2 VMs support features such as UEFI-based boot
architecture, increased memory and OS disk size limits, Intel® Software Guard
Extensions (SGX), and virtual persistent memory (vPMEM).
3. What are options in the networking tab?
 Virtual Network
 Subnet
 Public IP
 NIC Network Security Group
 Public inbound ports
 load balancer
4. What Load balancing settings of VM?
 Application Gateway is an HTTP/HTTPS web traffic load balancer with URL-based
routing, SSL termination, session persistence, and web application firewall.
 Azure Load Balancer supports all TCP/UDP network traffic, port-forwarding, and
outbound flows.
5. What are options in the Disk tab?
 OS disk types
 Disk Encryption types
 enable ultra disk compatibiltiy
 Additional Disk attach
  Select manage disk and unmanaged disk
6. How many disks are show when create a VM?
 Premium SSD: - it best for production and provide local redundant copy.
 Standard SSD: - best for web server, lightly used enterprise application, dev/ test.
 Standard HDD: - Best for backup, non-critical and not frequently access data.
7. How many disks encryption show, when create a VM?
 Default, encryption at-rest with a platform managed key
 encryption at-rest with costumer managed key
 double encryption with platform managed key and costumer managed key
8. What are settings of the VM?
A. Networking: - we can do network related setting of a VM such as:
 Attach and detach network interface.
 Add inbound and outbound rule.
 Add application security group
 Add load balancing
 We can check effective rules
 We can troubleshoot VM connection issues.

B. Connect: - We can take RDP with RDP, SSH, Bastion.

C. Disk: - We can manage disk related settings such as: -
 Migrate to managed disks
 Encryption
 Add additional disk
 Enable ultra disk compatibility.
D. Windows Admin Center: - You can now use Windows Admin Center (preview) in the
Azure portal to manage the Windows Server operating system inside an Azure VM.
Manage operating system functions from the Azure portal as well as work with files in
the VM without using Remote Desktop or PowerShell.
E. Size: -we can change the size of the VM.
F. Security
G. Advisor
H. Extensions
I. Continuous delivery: - Continuous delivery in Azure DevOps simplifies setting up a
robust deployment pipeline for your application. By default, this configures a release
 pipeline to deploy your application updates to this virtual machine. You can extend the
deployment pipeline by linking it to a build pipeline.
Do you need to provision additional Azure resources, run scripts, upgrade your
application, or run additional validation tests? You can easily customize this deployment
automation to handle any other operations your application needs to perform during
deployment.
J. Availability Scaling: - Set up and manage virtual machines for high availability and
scalability to minimize impact due to unplanned hardware maintenance, unexpected
downtime, and planned maintenance.
 Fault domain
 Update domain
 Availability set
 Virtual machine scale set
K. Configuration:-
Just in time VM access: - A just-in-time access enables you to lock down inbound traffic
to your VM by allowing access for only a limited time. The just-in-time feature is
available as part of the Azure Security Center standard tier.
Licensing: - Azure hybrid benefit, Window server license.
Azure Dedicated Hosts: - Azure Dedicated Hosts allow you to provision and manage a
physical server within our data centers that are dedicated to your Azure subscription. A
dedicated host gives you assurance that only VMs from your subscription are on the
host, flexibility to choose VMs from your subscription that will be provisioned on the
host, and the control of platform maintenance at the level of the host.
User data: - Pass a script, configuration file, or other data that will be accessible to your
applications throughout the lifetime of the virtual machine. Don't use user data for
storing your secrets or passwords
L. Identity: -
 System assigned: - A system assigned managed identity is restricted to one per
resource and is tied to the lifecycle of this resource. You can grant permissions
to the managed identity by using Azure role-based access control (Azure RBAC).
The managed identity is authenticated with Azure AD, so you don’t have to
store any credentials in code.
 User assigned: - User assigned managed identities enable Azure resources to
authenticate to cloud services (e.g. Azure Key Vault) without storing credentials
in code. This type of managed identities are created as standalone Azure
resources, and have their own lifecycle. A single resource (e.g. Virtual Machine)
can utilize multiple user assigned managed identities. Similarly, a single user
assigned managed identity can be shared across multiple resources (e.g. Virtual
Machine).
9. What are operation settings of A VM?
A. Bastion: - Configure bastion service.
B. Auto Shutdown: - configure auto shutdown seclude
C. Backup: - configure auto backup seclude
 D. Disaster recovery: You can replicate your virtual machines to another Azure region for
business continuity and disaster recovery needs. You can conduct periodic DR drills to
ensure you meet the compliance needs. The VM will be replicated with the specified
settings to the selected region so that you can recover your applications in the event of
outages in source region.
E. Gust Host updates: - You can configure host updates.
F. Inventory
G. Change tracking
H. Configuration management
I. Polices
J. Run command
10. What are monitoring settings of A VM?
A. Insights
B. Alerts
C. Metrics
D. Diagnostic Settings
E. Logs
F. Connection Monitor
G. Workbooks
11. What are monitoring settings of A VM?
A. Resource Health
B. Boot Diagnostics
 Screen Shot
 Serial log
C. Reset password
D. Redeploy and Reapply
 Redeploy: - Try redeploying your virtual machine, which will migrate it to a new
Azure host. If you continue, the virtual machine will be restarted and you will
lose any data on the temporary drive. While the redeployment is in progress,
the virtual machine will be unavailable.
 Reapply: - Try reapplying your virtual machine’s state. This operation will rerun
VM provisioning and help solve the VM failed state, in case when VM
provisioning failed while executing a previous VM action.
E. Serial console
F. Connection troubleshoot: - we can test inbound and outbound connectivity.