Azure Fundamentals Part 3 Summary

This is a summary of Azure Fundamentals part 3: Describe core solutions and management tools on Azure, one of the longer learning paths in the Azure Fundamentals series. The first of its seven modules is “Introduction to Azure fundamentals”, which is repeated in every learning path. The rest cover a number of different services spanning areas such as AI, source control and project management, observability, serverless, IoT, and different tools to interact with Azure.

This particular learning path uses a tedious format where each module discusses a couple of services, provides criteria to decide which to use, and then takes a while analysing those criteria for different use cases. This summary should save a lot of time if you’re preparing for the exam.

AI Services

This section is a summary of the Choose the best AI service for your needs module.

Approaches to AI:

  • Deep learning: based on neural networks. (The module doesn’t give this more than a brief mention.)
  • Machine learning: train a model and use it to make predictions.

AI services on Azure:

  • Azure Machine Learning: gives complete control to train a model using your own data. You can test it and then use it via a web API endpoint to make predictions.
  • Azure Cognitive Services: pre-built machine learning models covering:
    • Language: process natural language to identify meaning or sentiment
    • Speech: speech-to-text and text-to-speech, as well as translation and speaker recognition.
    • Vision: analyse pictures, videos and other visual content.
    • Decision: personalised recommendations (Azure Cognitive Services Personalizer), content moderation, and detection of anomalies in time-series data.
  • Azure Bot Service: used to develop chatbots. People can interact with these via text, interactive cards, and speech.

Source Control and Project Management

This section is a summary of the Choose the best tools to help organizations build better solutions module.

Azure DevOps Services is an offering similar to the Atlassian stack or GitHub, where you get Git repositories, task management, CI/CD, and more. Formerly known as (the dreaded) Team Foundation Server (TFS), this is now a SaaS product that includes:

  • Azure Repos: Git repositories
  • Azure Boards: task management, JIRA-style
  • Azure Pipelines: CI/CD
  • Azure Artifacts: hosts artifacts to be fed into later stages of a pipeline (e.g. testing or deployment)
  • Azure Test Plans: automated test tool that runs as part of a CI/CD pipeline

GitHub needs no introduction, but was acquired by Microsoft and so it can now be considered as an alternative to Azure DevOps. It remains popular for open-source projects with public repositories and communities built around them. GitHub Actions can be used to automate workflows, for example to implement CI/CD.

Compared to GitHub, Azure DevOps is more intended for enterprise development, and it has heavier project management and reporting tools as well as finer-grained access control.

Azure DevTest Labs is used to automate the provisioning and teardown of pre-configured environments (containing VMs or other resources) to test builds.


This section is a summary of the Choose the best monitoring service for visibility, insight, and outage mitigation module.

Azure Advisor provides recommendations to make best use of Azure and minimise costs, across the following categories:

  • Reliability
  • Security
  • Performance
  • Cost
  • Operational Excellence

Azure Monitor is use to ingest and analyse log and metric data from various sources. The data can also be used to trigger logic based on particular events. Application Insights is a service that collects telemetry from applications, and uses Azure Monitor under the hood.

Azure Service Health is a personalised view of Azure services, regions and resources that affect you. It helps you keep up to date with and find detailed information about:

  • Service issues
  • Planned maintenance
  • Health advisories (e.g. service retirements and breaking changes)

Working with Azure

This section is a summary of the Choose the best tools for managing and configuring your Azure environment module.

The Azure portal is a web-based user interface used to manage Azure resources. It is friendly for new users, but is not a good choice if you need to automate tasks.

The Azure mobile app supports iOS and Android, and is handy to manage Azure resources remotely when a computer is not available. You can use it to:

  • Monitor health and status of Azure resources
  • Check and fix issues
  • Restart a web app or VM
  • Run Azure CLI or Azure PowerShell commands

Azure PowerShell and the Azure CLI are both used to script interactions with Azure (or execute one-off tasks), via commands which call the Azure REST API underneath. Both provide the same automation benefits and are available for Windows, Linux, Mac, or within Azure Cloud Shell. The only difference is the syntax, where proficient Windows users might prefer Azure PowerShell, whereas the Azure CLI is based on Bash which is more familiar to Linux and Mac users.

ARM templates are a declarative way of describing the resources that need to be deployed using JSON. The ARM template is verified before execution, and creation of resources occurs in parallel while taking dependencies between them in consideration (i.e. they are created in the right order). If an error occurs, it’s easier to rollback everything than with shell scripts. ARM templates are a repeatable way to deploy entire environments.

Note: Azure PowerShell and Azure CLI scripts can trigger ARM templates, and vice versa.


This section is a summary of the Choose the best Azure serverless technology for your business scenario module.

Azure Functions can execute a single function.

  • They run in response to an event, such as a timer, HTTP request, or a new message on a queue.
  • They can be written in different programming languages including C#, Python, JavaScript, TypeScript, Java, and PowerShell.
  • They scale automatically.
  • They accrue charges only while they are running, based on number of executions and running time of each execution.
  • By default, they are stateless (they don’t normally keep state between executions).
  • Durable Functions are an extension allowing state to be preserved, and are used for more complex workflows involving multiple functions.
  • You just write the code and don’t manage any underlying infrastructure.

Azure Logic Apps:

  • Are a low-code/no-code service for automation and business integrations.
  • Are designed in a web-based designer.
  • Have triggers (events) that trigger actions (logic) via connectors.
  • Over 200 connectors are available to work with existing systems such as Salesforce, SAP, Oracle DB, etc.
  • You can also write your own connectors.
  • Billed based on number of executions and the type of connectors used.

Azure Functions and Azure Logic Apps can call each other.

Internet of Things (IoT)

This section is a summary of the Choose the best Azure IoT service for your application module.

IoT gathers data from devices in a backend system for processing and analysis. In this space, devices usually gather physical data via sensors, such as temperature or GPS. The devices can also be issued commands or have their firmware upgraded via an administrative portal.

Azure IoT Hub acts as a central message hub, allowing the backend IoT application and the devices to communicate in both directions. This includes command and control, where devices are controlled and issued commands directly. IoT Hub also tracks events such as device creation, failures and connections.

Azure IoT Central is another service providing a UI or dashboard on top of IoT Hub. It is a more complete solution and comes with starter templates to quickly get up and running, without writing any code (except for that which would run on the devices themselves).

Azure Sphere is an end-to-end IoT solution suitable for scenarios requiring the highest levels of security. This is based on three items:

  • The Azure Sphere micro-controller unit (MCU) which runs the operating system and processes signals from attached sensors.
  • A customised Linux OS that handles the security service and can run the vendor’s software.
  • Azure Sphere Security Service (AS3) ensures the security of the device by enforcing certificate-based authentication when the device connects to Azure, and checks for tampering. It also pushes any OS or other software updates to the device.

Devices based on Azure Sphere can talk to other Azure IoT services once they have been authenticated by AS3.