AZ 103 Microsoft Azure Administrator

Course AZ 103
Manage Azure Subscriptions and Resources [Course Details...]
Implement and Manage Storage [Course Details...]
Deploy and Manage Virtual Machines [Course Details...]
Configure and Manage Virtual Networks [Course Details...]
Manage Identities [Course Details...]

1
Manage Azure Subscriptions and Resources
[] [] [] []
Course Outline
Module 1: Manage Azure Subscriptions
Assign administrator permissions
Configure cost center quotas and tagging
Configure Azure subscription policies at Azure subscription level
Module 2: Analyze Resource Utilization and Consumption

Configure diagnostic and settings on resource
Create baseline for resources
Create and rest alerts
Analyze alerts across subscription
Analyze metrics across subscription
Create action groups
Monitor for unused resources
Monitor spend
Report on spend
Utilize Log Search query functions
View alerts in Log Analytics
Module 3: Manage Resource Groups

Use Azure policies for resource groups
Configure resource policies
Identify auditing requirements
Implement and set tagging on resource groups
Move resources across resource groups
Remove resource groups
Module 4: Manage role based access control (RBAC)

Create a custom role
Configure access to Azure resources by assigning roles
Configure management access to Azure, troubleshoot RBAC, implement RBAC policies, assign RBAC Roles
Lab: Manage Azure Subscriptions and Resources

 Configure delegation of provisioning and management of Azure resources.
 Verify delegation by provisioning Azure resources.
After completing this module, students will be able to:
 Configure delegation of provisioning and management of Azure resources by using built-in Role-Based (RBAC) roles
and built-in Azure policies.
 Verify delegation by provisioning Azure resources as a delegated admin and auditing provisioning events.
2
Implement and Manage Storage
[] [] [] []
Course Outline
Module 1: Create and Configure Storage Accounts
Configure network access to the storage account.
Create and configure storage account
Generate and shared access signature
Install and use Azure Storage Explorer
Manages access keys
Monitor activity log by using Log Analytics
Implement Azure storage replication
Module 2: Import and Export Data to Azure

Create export from Azure job.
Create import into Azure job.
Use Azure Data Box.
Configure and use Azure blob storage
Configure Azure content delivery network (CDN) endpoints
Module 3: Configure Azure Files

Create Azure file share
Create Azure File Sync service
Create Azure sync group
Troubleshoot Azure File Sync
Module 4: Implement Azure Backup

Configure and review backup reports
Perform backup operation
Create Recovery Service Vault
Create and configure backup policy
Perform a restore operation
Lab : Implement and Manage Storage

 Prepare the lab environment.
 Implement and use Azure Blob storage.
 Implement and use Azure File storage.
After completing this module, we will be able to:
 Implement and use Blob storage.
 Implement and use File storage.

3
Deploy and Manage Virtual Machines
[] [] [] []
Course Outline
Module 1: Create and Configure a VM for Windows and Linux
Configure High Availability.
Configure Monitoring, networking, storage and virtual machines size.
Deploy and configure scale sets
Module 2: Automate Deployment of VM

Modify Azure Resource Manager (ARM) template.
Configure location of new VMs.
Configure VHD template
Deploy from template
Save a deployment as ARM template
Deploy Windows and Linux VMs
Module 3: Manage Azure VM

Add data discs.
Add network interfaces.
Automate configuration management by using PowerShell Desired State Configuration (DSC) and VM Agent by using custom script
extensions
Manage VM sizes; move VMs from one resource group to another
Redeploy VMs
Module 4: Manage VM Backup

Configure VM backup.
Define backup policies
Implement backup policies
Perform VM restore
Azure Site Recovery
Lab : Deploy and Manage Virtual Machines

 Deploy virtual machines.
 Configure networking setting for virtual machines.
 Configure Azure virtual machine scale sets.
 Deploy Azure VMs by using the Azure portal, Azure PowerShell, and Azure Resource Manager templates.
 Configure networking settings of Azure VMs running Windows and Linux operating systems.
 Deploy and configure Azure VM scale sets.
4
Configure and Manage Virtual Networks
[] [] [] []
Course Outline
Module 1: Create Connectivity between Virtual Networks
Create and configure VNET peering
Create and configure VNET to VNET
Verify virtual network connectivity
Create virtual network gateway
Module 2: Implement and Manage Virtual Networking

Configure private and public IP addresses, network routes, network interface, subnets and virtual networks.
Module 3: Configure Name Resolution

Configure Azure DNS.
Configure custom DNS settings.
Configure private and public DNS zones
Module 4: Create and configure a Network Security Group (NSG)

Create security rules.
Associate NSG to a subnet or network interface
Identify required ports.
Evaluate effective security rules
Module 5: Implement Azure Load Balancer

Configure internal load balancer, configure load balancing rules, configure public load balancer, and troubleshoot load balancing.
Module 6: Monitor and Troubleshoot Virtual Networking

Monitor on-premises connectivity, use Network resource monitoring, use Network Watcher, troubleshoot external networking,
troubleshoot virtual network connectivity
Module 7: Integrate on Premises Network with Azure Virtual Network

Create and configure Azure VPN Gateway, create and configure site to site VPN, configure Express Route, verify on promises
connectivity, troubleshoot on premises connectivity with Azure
Lab : Configure and Manage Virtual Networks

 Prepare the lab environment.
 Configure VNet peering.
 Implement custom routing.
 Validating service chaining.
 Configure VNet peering.
 Implement custom routing.
 Validate service chaining.

5
Manage Identities
[] [] [] []
Course Outline
Module 1: Manage Azure Active Directory (AD)
Add custom domains.
Add AD Join
Configure self-service password reset
Manage multiple directories
Module 2: Manage Azure Active Directory Objects (Users, Groups and Devices)
Create users and groups.
Manage user and group properties
Manage Device settings
Perform bulk user updates
Manage guest accounts
Module 3: Implement and Manage Hybrid Identities

Install Azure AD Connect, including password hash and pass-through synchronization.
Use Azure AD Connect to configure federation with on-premises Active Directory Domain Service (AD DS)
Manage Azure AD Connect
Manage Password sync and password writeback
Module 4: Lab - Implement multi-factor authentication (MFA)

Configure user accounts for MFA, enable MFA by using bulk update, configure fraud alerts, configure bypass options, configure
trusted IPs, and configure verification methods.
Course AZ-100T01-A: Managing Subscriptions and Resources

[] []
Module 1: Managing Azure Subscription

Project Synopsis:
 Overview of Azure Subscriptions
 Billing
 Azure Policy
After completing this module, students will be able:
 Manage Azure subscriptions and billing, and implement Azure policies.
Overview of Azure Subscription

An active agreement with Microsoft which is needed to provision resources in Microsoft Azure. Every subscription also has a
trust relationship with an Azure AD instance. This means that it trusts that directory to authenticate users, services and devices.
A subscription will only trust one directory, but we can have multiple subscriptions trust the same directory.
Every resource provisioned in Azure is a child-resource to an Azure subscription. If the subscription is expired or stops, then
those child-resources also stop.
 Associate or add an Azure subscription to your Azure Active Directory tenant
An Azure subscription has a trust relationship with Azure Active Directory (Azure AD), which means that the subscription trusts
Azure AD to authenticate users, services, and devices. Multiple subscriptions can trust the same Azure AD directory, but each
subscription can only trust a single directory.
If your subscription expires, you lose access to all the other resources associated with the subscription. However, the Azure AD
directory remains in Azure, letting you associate and manage the directory using a different Azure subscription.
All of your users have a single home directory for authentication. However, your users can also be guests in other directories.
You can see both the home and guest directories for each user in Azure AD.
[When you associate a subscription to a different directory, users that have roles assigned using role-based access control (RBAC) will lose
their access. Classic subscription administrators (Service Administrator and Co-Administrators) will also lose access.
Additionally, moving your Azure Kubernetes Service (AKS) cluster to a different subscription, or moving the cluster-owning subscription to a
new tenant, causes the cluster to lose functionality due to lost role assignments and service principals rights. For more information about
AKS, see Azure Kubernetes Service (AKS).]
Before you begin

Before you can associate or add your subscription, you must perform the following tasks:
1. Review the following list of changes and how you might be affected:
 Users that have been assigned roles using RBAC will lose their access
 Service Administrator and Co-Administrators will lose access
 If you have any key vaults, they'll be inaccessible and you'll have to fix them after association
 If you have a registered Azure Stack, you'll have to re-register it after association
Sign in using an account that:
 Has an Owner role assignment for the subscription. For information about how to assign the Owner role,
see Manage access to Azure resources using RBAC and the Azure portal.
 Exists in both the current directory that's associated with the subscription and in the new directory that's where
you want to associate the subscription going forward. For more information about getting access to another
directory, see How do Azure Active Directory admins add B2B collaboration users?.
Make sure you're not using an Azure Cloud Service Providers (CSP) subscription (MS-AZR-0145P, MS-AZR-0146P, MS-AZR-
159P), a Microsoft Internal subscription (MS-AZR-0015P), or a Microsoft Imagine subscription (MS-AZR-0144P).
To associate an existing subscription to your Azure AD directory

1. Sign in and select the subscription you want to use from the Subscriptions page in Azure portal.
2. Select Change directory.
3. Review any warnings that appear, and then select Change. The directory is changed for the subscription and you get a
success message.
4. Use the Directory switcher to go to your new directory. It might take up to 10 minutes for everything to show up
properly.
Changing the subscription directory is a service-level operation, so it doesn't affect subscription billing ownership. The Account
Admin can still change the Service Admin from the Account Center. To delete the original directory, you must transfer the
subscription billing ownership to a new Account Admin. To learn more about transferring billing ownership, see Transfer
ownership of an Azure subscription to another account.
Post association steps

After you associate a subscription to a different directory, there might be additional steps that you must perform to resume
operations.
1. If you have any key vaults, you must change the key vault tenant ID. For more information, see Change a key vault tenant
ID after a subscription move.
2. If you have registered an Azure Stack using this subscription, you must re-register. For more information, see Register
Azure Stack with Azure.
Billing
 Understand your Microsoft Azure bill

To understand your Azure bill, compare your invoice with the detailed daily usage file and the cost management reports in the
Azure portal.
For an explanation of how billing works in the Azure Cloud Solution Provider (Azure CSP) program, including the billing cycle,
pricing, and usage, see Azure CSP Billing Overview.
If there's a charge on your invoice that you want more information about, you can compare usage and costs with the usage file
or with the Azure portal.
Option 1: Compare usage and costs with usage file
The detailed usage CSV file shows your charges by billing period and daily usage. To get the file, see Get your Azure billing
invoice and daily usage data.
Your usage charges are displayed at the meter level. The following terms mean the same thing in both the invoice and the
detailed usage file. For example, the billing cycle on the invoice is the same as the billing period shown in the detailed usage
file.
Invoice (PDF) Detailed usage (CSV)
Billing cycle Billing Period
Name Meter Category
Type Meter Subcategory
Resource Meter Name
Region Meter Region
Consumed Consumed Quantity
Included Included Quantity
Billable Overage Quantity
The Usage Charges section of your invoice has the total value for each meter that was consumed during your billing period.
To see a daily breakdown of this charge, go to the Daily Usage section of the CSV. Filter for Scheduler under Meter Category.
You can see which days the meter was used and how much was consumed. The Resource and Resource group information is
also listed for comparison. The Consumed values should add up to what's shown on the invoice.
To get the cost per day, multiply the Consumed amounts with the Rate value from the Statement section.
Option 2: Compare the usage and costs in the Azure portal
The Azure portal can also help you verify your charges. To get a quick overview of your invoiced usage and charges, view the
cost management charts.
1. In the Azure portal, go to Subscriptions.

2. Select your subscription > Cost analysis.
3. Filter by Timespan.
4. To continue the previous example, you see a usage charge for the Azure Scheduler service.
5. Select that row to see the daily cost breakdown.
To learn more, see Prevent unexpected costs with Azure billing and cost management.
External services billed separately
External services, or marketplace charges, are for resources that have been created by third-party software vendors. Those
resources are available for use from the Azure marketplace. For example, a Barracuda Firewall is an Azure marketplace
resource offered by a third-party. All charges for the firewall and its corresponding meters appear as external service charges.
External service charges are billed separately. The charges don't show up on your Azure invoice. To learn more, see Understand
your Azure external service charges.
Resources billed by usage meters
Azure doesn't directly bill based on the resource cost. Charges for a resource are calculated by using one or more meters.
Meters are used to track a resource’s usage throughout its lifetime. These meters are then used to calculate the bill.
For example, when you create a single Azure resource, like a virtual machine, it has one or more meter instances created.
Meters are used to track the usage of the resource over time. Each meter emits usage records that are used by Azure to
calculate the bill.
For example, a single virtual machine (VM) created in Azure may have the following meters created to track its usage:
 Compute Hours
 IP Address Hours
 Data Transfer In
 Data Transfer Out
 Standard Managed Disk
 Standard Managed Disk Operations
 Standard IO-Disk
 Standard IO-Block Blob Read
 Standard IO-Block Blob Write
 Standard IO-Block Blob Delete
When the VM is created, each meter begins emitting usage records. This usage and the meter's price is tracked in the Azure
metering system.
Pay your bill
If you set up a credit card or a debit card as your payment method, the payment is charged automatically within 10 days after
the billing period ends. On your credit card statement, the line item would say MSFT Azure.
To change the credit or debit card that's charged, see Add, update, or remove a credit or debit card for Azure.
If you pay by invoice, send your payment to the location listed at the bottom of your invoice.
To check the status of your payment, create a support ticket.
Tips for cost management

 Estimate costs by using the:
o Azure pricing calculator
o Total cost of ownership calculator
o Detailed pricing information for each service
 Review your usage and costs regularly in the Azure portal.
 Understand your Azure Enterprise Agreement bill

Azure customers with an Enterprise Agreement receive an invoice when they exceed the organization's credit or use services
that aren't covered by the credit.
Your organization's credit includes your monetary commitment. The monetary commitment is the amount your organization
paid upfront for usage of Azure services. You can add monetary commitment funds to your Enterprise Agreement by contacting
your Microsoft account manager or reseller.
Invoices for most customers
This section doesn't apply to Azure customers in Australia, Japan, or Singapore. If you are in one of those countries,
see Invoices for other customers.
You receive an Azure invoice when one of the following occurs during your billing cycle:
 Service overage: Your organization's usage charges exceed your credit balance.
 Charges billed separately: The services your organization used aren't covered by the credit. You're invoiced for the
following services regardless of your credit balance:
o Canonical
o Citrix XenApp Essentials
o Citrix XenDesktop
o Registered User
o Openlogic
o Remote Access Rights XenApp Essentials Registered User
o Ubuntu Advantage
o Visual Studio Enterprise (Monthly)
o Visual Studio Enterprise (Annual)
o Visual Studio Professional (Monthly)
o Visual Studio Professional (Annual)
 Marketplace charges: Azure Marketplace purchases and usage are not covered by your organization's credit. So, you're
invoiced for Marketplace charges regardless of your credit balance. In the Enterprise Portal, an Enterprise Administrator
can enable and disable Marketplace purchases.
Review charges for most customers
This section doesn't apply to Azure customers in Australia, Japan, or Singapore. If you are in one of those countries, see Review
charges for other customers.
To review and verify the charges on your invoice, you must be an Enterprise Administrator. For more information,
see Understand Azure Enterprise Agreement administrative roles in Azure. If you don't know who the Enterprise Administrator
is for your organization, contact support.
Your invoice shows all of your Azure usage, followed by any Marketplace charges. If you have a credit balance, it is applied to
Azure usage.
Compare your combined total amount shown in the Enterprise portal in Reports > Usage Summarywith your Azure invoice. The
amounts in the Usage Summary don't include tax.
1. Sign in to the Enterprise portal.

2. Select Reports.
3. On the top right-hand corner of the tab, switch the view from M to C and match the period on the invoice.
4. The combined amount of Total Usage and Azure Marketplace should match the Total Extended Amount on your invoice.
5. To get more details about your charges, go to Download Usage.
Invoices for other customers

This section only applies to Azure customers in Australia, Japan, or Singapore.
You receive one or more Azure invoices when the following occurs:
 Service overage: Your organization's usage charges exceed your credit balance.
 Charges billed separately: The services your organization used aren't covered by the credit. You're invoiced for the
following services regardless of your credit balance:
o Canonical
o Citrix XenApp Essentials
o Citrix XenDesktop
o Registered User
o Openlogic
o Remote Access Rights XenApp Essentials Registered User
o Ubuntu Advantage
o Visual Studio Enterprise (Monthly)
o Visual Studio Enterprise (Annual)
o Visual Studio Professional (Monthly)
o Visual Studio Professional (Annual)
 Marketplace charges: Azure Marketplace purchases and usage are not covered by your organization's credit and are billed
separately. In the Enterprise Portal, an Enterprise Administrator can enable and disable Marketplace purchases.
When you have charges due for service overages and charges that are billed separately during the billing period, you get one
invoice. It includes both types of charges. Marketplaces charges are always invoiced separately.
Review charges for other customers
This section only applies if you are in Australia, Japan or Singapore.
To review and verify the charges on your invoice, you must be an Enterprise Administrator. For more information,
see Understand Azure Enterprise Agreement administrative roles in Azure. If you don't know who the Enterprise Administrator
is for your organization, contact support.
Review service overage invoice
Compare your total usage amount in the Enterprise portal in Reports > Usage Summary with your service overage invoice. The
service overage invoice includes usage that exceeds your organization's credit, and/or services that aren't covered by the
credit. The amounts on the Usage Summary don't include tax.

2. Select Reports.
4. The Total Usage amount should match the Total Extended Amount on your service overage invoice.
5. To get more information about your charges, go to Download Usage > Advanced Report Download. The report doesn't
include taxes or charges for reservations or marketplace charges.
The following table lists the terms and descriptions shown on the invoice and on the Usage Summary in the Enterprise portal:
Invoice term Usage Summary Description

term
Total Extended Total Usage The total pre-tax usage charge for the specific period
Amount before the credit is applied.
Commitment Commitment The credit applied during that specific period.
Usage Usage
Total Sale Total Overage The total usage charge that exceeds your credit
amount. This amount doesn't include tax.
Tax Amount Not applicable Tax that applies to the total sale amount for the
specific period.
Total Amount Not applicable The amount due for the invoice after the credit is
applied and tax is added.
Marketplace invoice
This section only applies if you are in Australia, Japan or Singapore.
Compare your Azure Marketplace total on Reports > Usage Summary in the Enterprise portal with your marketplace invoice. The
marketplace invoice is only for Azure Marketplace purchases and usage. The amounts on the Usage Summary don't include tax.

2. Select Reports.
4. The Azure Marketplace total should match the Total Sale on your marketplace invoice.
5. To get more information about your usage-based charges, go to Download Usage. Under Marketplace Charges,
select Download. This report doesn't include taxes or show one-time purchases.
 Understand the charges on your Microsoft Customer Agreement's invoice
You can understand the charges on your invoice by analyzing the individual transactions.
In the billing account for a Microsoft Customer Agreement, an invoice is generated each month for every billing profile. The
invoice includes all charges from the previous month. You can view your invoices in the Azure portal. For more information,
see download invoices for a Microsoft Customer Agreement.
This article applies to a billing account for a Microsoft Customer Agreement. Check if you have access to a Microsoft Customer
Agreement.
View transactions for an invoice in the Azure portal
1. Sign in to the Azure portal.

2. Search on Cost Management +Billing.
3. Select All transactions from the left side of the screen. Depending on your access you may have to select a billing account
or a billing profile, then select All transactions.
4. The All transactions page displays the following information:
Column Definition
Date The date of transaction
Invoice ID The identifier for the invoice on which the transaction got billed. If you submit a support
request, share the ID with Azure support to expedite your support request
Transaction The type of transaction like purchase, cancel, and usage charges
type
Product The category of product like compute for Virtual machines or database for Azure SQL
family database
Product sku A unique code identifying the instance of your product
Amount The amount of transaction
Invoice The transaction shows up on this section of billing profile's invoice
section
Billing profile The transaction shows up on this billing profile's invoice
5. Search on invoice ID to filter the transactions for the invoice.

View transactions by invoice sections
Invoice sections let you organize the costs on a billing profile's invoice. For more information, see understand invoice section.
When an invoice is generated, charges for all the sections in the billing profile reflect on the invoice.
Once you have identified the charges for an invoice section, you can view the transactions in the Azure portal to understand
the charges.
1. Go to the All transactions page in the Azure portal to view transactions for an invoice. For more information, see view
transactions for an invoice in the Azure portal.
2. Filter by invoice section name to view transactions for the invoice section.
Understand pending charges to estimate your next invoice

In the billing account for a Microsoft Customer Agreement, until the charges are invoiced, they are estimate and considered
pending. You can view pending charges in the Azure portal to estimate your next invoice. The pending charges are estimate and
don't include tax so the actual charges on your next invoice will vary from the pending charges.
View summary of pending charges

3. Select a billing profile. Depending on your access, you may have to select a billing account. From the billing account,
select Billing profiles then select a billing profile.
4. Select Summary tab from the top of the screen.
5. The charges section display the month-to-date and last month's charges.
The month-to-date charges are the pending charges for the current month and are billed when the invoice is generated for the
month. If the invoice for last month is still not generated, then last month's charges are also pending and will reflect on your
next invoice.
View pending transactions
Once you identify pending charges, you can understand the charges by analyzing the individual transactions that contributed to
the charges. At this point, pending usage charges are not displayed on the All transaction page. You can view the pending usage
charges on the Azure subscriptions page. For more information, see view pending usage charges

4. Select All transactions from the left side of the screen.
5. Search for pending. Use the Timespan filter to view pending charges for current or last month.
View pending usage charges

4. Select All subscriptions from the left side of the screen.
5. The Azure subscriptions page displays current and last month's charges for each subscription in the billing profile. The
month-to-date charges are the pending charges for the current month and are billed when the invoice is generated for the
month. If the invoice for last month is still not generated, then last month's charges are also pending.
Analyze your Azure usage charges

Use the Azure usage and charges csv file to analyze your usage-based charges. You can download the file either for an invoice
or for pending charges. For more information, see get your Azure billing invoice and daily usage data.
View detailed usage by invoice section
You can filter the Azure usage and charges file to reconcile the usage charges for your invoice sections.
The following steps walk you through reconciling compute charges for the Accounting Dept invoice section:
Invoice PDF Azure usage and charges CSV

Accounting Dept invoiceSectionName
Usage Charges - Microsoft Azure Plan productOrderName
Compute serviceFamily
1. Filter the invoiceSectionName column in the CSV file to Accounting Dept.

2. Filter the productOrderName column in the CSV file to Microsoft Azure Plan.
3. Filter the serviceFamily column in the CSV file to Microsoft.Compute.
View detailed usage by subscription
You can filter the Azure usage and charges csv file to reconcile usage charges for your subscriptions. To view all subscriptions in
a billing profile, see view pending usage charges.
Once you identify charges for a subscription, use the Azure usage and charges csv file to analyze the charges.
Filter the subscriptionName column in the Azure usage and charges CSV file to WA_Subscription to view the detailed usage
charges for WA_Subscription.
Pay your bill

Instructions for paying your bill are shown at the bottom of the invoice. Learn how to pay.
If you've already paid your bill, you can check the status of the payment on the Invoices page in the Azure portal.
Check access to a Microsoft Customer Agreement

Check the agreement type to determine whether you have access to a billing account for a Microsoft Customer Agreement.

2. Search on Cost Management + Billing.
3. If you have access to just one billing account, select Properties from the left-hand side. You have access to a billing
account for a Microsoft Customer Agreement if the billing account type is Microsoft Customer Agreement.
4. If you have access to multiple billing accounts, check the type in the billing account column. You have access to a billing
account for a Microsoft Customer Agreement if the type for any of the billing accounts is Microsoft Customer Agreement.
 View and download your Microsoft Azure invoice
For most subscriptions, you can download your invoice from the Azure portal or have it sent in email. If you're an Azure
customer with an Enterprise Agreement (EA customer), you can't download your organization's invoices. Invoices are sent to
whoever is set up to receive invoices for the enrollment.
Only certain roles have permission to view invoices, like the Account Administrator or Enterprise Administrator. To learn more
about getting access to billing information, see Manage access to Azure billing using roles.
If you have a Microsoft Customer Agreement, you must be a billing profile Owner, Contributor, Reader, or Invoice manager to
get your invoices. To learn more about billing roles for Microsoft Customer Agreements, see Billing profile roles and tasks.
Download your Azure invoices (.pdf)

For most subscriptions, you can download your invoice from the Azure portal. If you have a Microsoft Customer Agreement,
see Download invoices for a billing profile.
Download invoices for an individual subscription
1. Select your subscription from the Subscriptions page in the Azure portal as a user with access to invoices.
2. Select Invoices.
3. Click Download Invoice to view a copy of your PDF invoice. If it says Not available, see Why don't I see an invoice for the
last billing period?
4. You can also view your daily usage by clicking the billing period.
For more information about your invoice, see Understand your bill for Microsoft Azure. For help managing your costs,
see Prevent unexpected costs with Azure billing and cost management.
Download invoices for a Microsoft Customer Agreement
Invoices are generated for each billing profile in the Microsoft Customer Agreement. You must be a billing profile Owner,
Contributor, Reader, or Invoice manager to download invoices from the Azure portal.

3. Select a billing profile. Depending on your access, you might need to select a billing account first.
4. Select Invoices.
5. In the invoice grid, find the row of the invoice you want to download.
6. Click on the ellipsis (...) at the end of the row.
7. In the download context menu, select Invoice.
If you don't see an invoice for the last billing period, see Why don't I see an invoice for the last billing period?
Get your invoice in email (.pdf)

You can opt in and configure additional recipients to receive your Azure invoice in an email. This feature may not be available
for certain subscriptions such as support offers, Enterprise Agreements, or Azure in Open. If you have a Microsoft Customer
agreement, see Get your billing profile invoices in email.
Get your subscription's invoices in email
1. Select your subscription from the Subscriptions page. Opt in for each subscription you own. Click Invoices then Email my
invoice.
2. Click Opt in and accept the terms.
3. Once you've accepted the agreement, you can configure additional recipients. When a recipient is removed, the email
address is no longer stored. If you change your mind, you need to re-add them.
If you don't get an email after following the steps, make sure your email address is correct in the communication preferences
on your profile.
Opt out of getting your subscription's invoices in email
You can opt out of getting your invoice by email by following the steps above and clicking Opt out of emailed invoices. This
option removes any email addresses set to receive invoices in email. You can reconfigure recipients if you opt back in.
Get your Microsoft Customer Agreement invoices in email
If you have a Microsoft Customer Agreement, you can opt in to get your invoice in an email. All billing profile Owners,
Contributors, Readers, and Invoice managers will get the invoice by email. Readers cannot update the email invoice preference.

4. Under Settings, select Properties.
5. Under Email Invoice, select Update email invoice preference.
6. Select Opt in.
7. Click Update.
Opt out of getting your Microsoft Customer Agreement invoices in email
You can opt out of getting your invoice by email by following the steps above and clicking Opt out. All Owners, Contributors,
Readers, and Invoice managers will be opted out of getting the invoice by email, too. If you are a Reader, you cannot change
the email invoice preference.
Why don't I see an invoice for the last billing period?
There could be several reasons that you don't see an invoice:
 It's less than 30 days from the day you subscribed to Azure.
 The invoice isn't generated yet. Wait until the end of the billing period.
 You don't have permission to view invoices. If you have a Microsoft Customer Agreement, you must be the billing profile
Owner, Contributor, Reader, or Invoice manager. For other subscriptions, you might not see old invoices if you aren't the
Account Administrator. To learn more about getting access to billing information, see Manage access to Azure billing using
roles.
 If you have a Free Trial or a monthly credit amount with your subscription that you didn't exceed, you won't get an invoice
unless you have a Microsoft Customer Agreement.
Check your access to a Microsoft Customer Agreement


 Understand terms on your Microsoft Azure invoice
The invoice provides a summary of your charges and provides instructions for payment. It’s available for download in the
Portable Document Format (.pdf) from the Azure portal or can be sent via email. For more information, see How to get your
Azure billing invoice and daily usage data.
A few things to note:

 If you're using a free trial subscription, you can get your detailed usage information from the Azure portal but you don't
have an invoice.
 Up to 24 hours of usage at the end of the previous billing period may show up in your current invoice.
 Charges listed on billing statements for international customers are for estimation purposes only. Banks may have
different costs for the conversion rates.
Detailed terms and descriptions of your invoice

The following sections list the important terms that you see on your invoice and descriptions for each term.
Account information
The account information section of the invoice is on the top of the first page and shows information about your profile and
subscription.
Term Description
Customer PO No. An optional purchase order number, assigned by you for tracking
Invoice No. A unique, Microsoft generated invoice number used for tracking purposes
Billing cycle Date range that this invoice covers
Invoice date Date that the invoice was generated, typically a day after end of the Billing cycle
Payment method Type of payment used on the account (invoice or credit card)
Bill to Billing address that is listed for the account
Subscription offer Type of subscription offer that was purchased (Pay-As-You-Go, BizSpark Plus, Azure Pass,
(“Pay-As-You-Go”) etc.). For more information, see Azure offer types.
Account owner email The account email address that the Microsoft Azure account is registered under.
To change the email address, see How to change profile information of your Azure account
such as contact email, address, and phone number.
Understand the invoice summary
The Invoice Summary section of the invoice lists the total transaction amounts since your last billing period, and your current
usage charges.
The Subscription name (“Production Storage”) is the name of the subscription for this invoice.
Understand the previous charges
The previous balance, payments, and outstanding balance section of the invoice summarizes transactions since your last billing
period.
Term Description
Previous balance The total amount due from your last billing period
Payments Total payments and credits applied to your last billing
period
Outstanding balance (from previous Any credits or remaining balance in your account since
billing cycle) your last billing period
Understand the current charges
The Current Charges section of the invoice shows details about your monthly charges for the current billing period.
Term Description
Usage Usage charges are the total monthly charges on a subscription for the current
charges billing period
Discounts Service discounts applied to your current billing period
Adjustments Miscellaneous credits (Free Usage, Credits, etc.) or outstanding charges applied
to your current billing period.
For example, if you have the Visual Studio Enterprise with MSDN offer, you see a
monthly credit. If you cancel your subscription, you see any monthly usage
charges that exceed the monthly credit that you get with your subscription offer.
The charges incur at the start of your current billing period until the subscription
cancellation date.
Sold to and payment instructions
The following table describes the sold to and payment instructions shown on the second page of your Invoice.
Term Description
Sold to Profile address that's on the account.
If you need to change the address, see How to change profile information of
your Azure account such as contact email, address, and phone number.
Payment Instructions on how to pay depending on payment method (such as by credit
instructions card or by invoice).
Usage Charges
The Usage charges section of the invoice displays meter level information on your charges.
The following table describes the usage charges column headers shown on your Invoice.
Term Description
Name Identifies the top-level service for the usage
Type Defines the Azure service type that can affect the rate
Resource Identifies the unit of measure for the meter being consumed
Region Identifies the location of the datacenter for certain services that are priced based on datacenter
location
Consumed The amount of the meter used during the billing period
Included The amount of the meter that is included at no charge in your current billing period
Billable Shows the difference between the Consumed Quantity and the Included Quantity. You're billed for
this amount. For Pay-As-You-Go offers with no amount included with the offer, this total is the same
as the Consumed Quantity
Rate The rate you're charged per billable unit
Value Shows the result of multiplying the Overage Quantity column by the Rate column. If the Consumed
Quantity doesn't exceed the Included Quantity, there is no charge in this column.
Sub-Total The sum of all your charges pre-tax for this billing period
Grand Total The sum of all your charges after tax for this billing period
 Understand terms on your Microsoft Customer Agreement invoice
Agreement.
Your invoice provides a summary of your charges and instructions for payment. It’s available for download in the Portable
Document Format (.pdf) from the Azure portal or can be sent via email. For more information, see View and download your
Microsoft Azure invoice.
Invoice terms and descriptions

The following sections list important terms that you see on your invoice and descriptions for each term.
Invoice summary
The Invoice Summary is on the top of the first page and shows information about your billing profile and how you pay.
Term Description
Sold to Address of your legal entity, found in billing account properties
Bill to Billing address of the billing profile receiving the invoice, found in billing profile properties
Billing Profile The name of the billing profile receiving the invoice
P.O. number An optional purchase order number, assigned by you for tracking
Invoice number A unique, Microsoft-generated invoice number used for tracking purposes
Invoice date Date that the invoice is generated, typically five to 12 days after end of the Billing cycle. You can
check your invoice date in billing profile properties.
Payment terms How you pay for your Microsoft bill. Net 30 days means you pay within 30 days of the invoice date.
Billing summary
The Billing Summary shows the charges against the billing profile since the previous billing period, any credits that were
applied, tax, and the total amount due.
Term Description
Charges Total number of Microsoft charges for this billing profile since the last billing period
Credits Credits you received from returns
Azure credits Azure credits that are automatically applied to Azure charges each billing period
applied
Subtotal The pre-tax amount due
Tax The type and amount of tax that you pay, depending on the country of your billing profile. If you don't
have to pay tax, then you won't see tax on your invoice.
Estimated total The estimated total amount you saved from effective discounts. If applicable, effective discount rates are
savings listed beneath the purchase
Invoice sections
For each invoice section under your billing profile, you'll see the charges, the amount of Azure credits applied, tax, and the total
amount due.
Total = Charges - Azure Credit + Tax
Details by invoice section
The details show the cost for each invoice section broken down by product order. Within each product order, cost is broken
down by the type of service. You can find daily charges for your products and services in the Azure portal and Azure usage and
charges CSV. To learn more see Understand the charges on your invoice for a Microsoft Customer Agreement.
The total amount due for each service family is calculated by subtracting Azure credits from Credits/charges and adding Tax:
Term Description
Unit price The effective unit price of the service (in pricing currency) that is used to the
rate the usage. This is unique for a product, service family, meter, and offer.
Qty Quantity purchased or consumed during the billing period
Charges/Credits Net amount of charges after credits/refunds are applied
Azure Credit The amount of Azure credits applied to the Charges/Credits
Tax rate Tax rate(s) depending on country
Tax amount Amount of tax applied to purchase based on tax rate
Total The total amount due for the purchase
How to pay
At the bottom of the invoice, there are instructions for paying your bill. You can pay by check, wire, or online. If you pay online,
you can use a credit/debit card or Azure credits, if applicable.
Publisher information
If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice.


3. If you have access to just one billing account, select Properties from the left-hand side. You have access to a billing account
for a Microsoft Customer Agreement if the billing account type is Microsoft Customer Agreement.
 View and download your Azure usage and charges
If you're an EA customer or have a Microsoft Customer Agreement, you can download Azure usage and charges in the Azure
portal. For other subscriptions, go to the Azure Account Center to download usage.
Only certain roles have permission to get Azure usage information, like the Account Administrator or Enterprise Administrator.
To learn more about getting access to billing information, see Manage access to Azure billing using roles.
If you have a Microsoft Customer Agreement, you must be a billing profile Owner, Contributor, Reader, or Invoice manager to
view your Azure usage and charges. To learn more about billing roles for Microsoft Customer Agreements, see Billing profile
roles and tasks.
Download usage from the Account Center (.csv)
1. Sign into the Azure Account Center as the Account Administrator.
2. Select the subscription for which you want the invoice and usage information.
3. Select BILLING HISTORY.
4. You can see your statements for the last six billing periods and the current unbilled period.
5. Select View Current Statement to see an estimate of your charges at the time the estimate was generated. This
information is only updated daily and may not include all your usage. Your monthly invoice may differ from this estimate.
6. Select Download Usage to download the daily usage data as a CSV file. If you see two versions available, download
version 2.
Only the Account Administrator can access the Azure Account Center. Other billing admins, such as an Owner, can get usage
information using the Billing APIs.
For more information about your daily usage, see Understand your bill for Microsoft Azure. For help managing your costs,
see Prevent unexpected costs with Azure billing and cost management.
Download usage for EA customers
To view and download usage data as a EA customer, you must be an Enterprise Administrator, Account Owner, or Department
Admin with the view charges policy enabled.

2. Search for Cost Management + Billing.
3. Select Usage + charges.
4. For the month you want to download, select Download.
Download usage for your Microsoft Customer Agreement

If you have a Microsoft Customer Agreement, you can download your Azure usage and charges for your billing profile. You
must be a billing profile Owner, Contributor, Reader, or Invoice manager to download the Azure usage and charges CSV.
Download usage for billed charges

4. Select Invoices.
5. In the invoice grid, find the row of the invoice corresponding to the usage you want to download.
7. In the download context menu, select Azure usage and charges.
Download usage for pending charges
You can also download month-to-date usage for the current billing period. These usage charges that have not been billed yet.

4. In the Overview blade, find the download links beneath the month-to-date charges.
5. Select Azure usage and charges.
Check your access to a Microsoft Customer Agreement


2. Search on Cost Management + Billing
 View the tax documents for your Microsoft Customer Agreement
View and download tax documents

You must be the Owner, Contributor, Reader, or Invoice Manager of the billing profile to view and download tax documents. To
learn more about billing roles for Microsoft Customer Agreements, see Billing profile roles and tasks.

2. Select a billing profile.
3. Select Invoices.
4. In the invoice grid, find the row of the invoice corresponding to the tax document you want to download.
6. Select Tax document. Depending on the country of your billing profile, you might see more than one tax document per
invoice.


 Understand your Azure billing for external service charges
External services are published by third party software vendors in the Azure marketplace. For example, SendGrid is an external
services that you can purchase in Azure, but is not published by Microsoft.
When you provision a new external service or resource, a warning will appear:
[Important: External services are published by companies that are not Microsoft, but sometimes Microsoft products are also categorized as
external services.]
How external services are billed

 External services are billed separately. They are treated as individual orders within your Azure subscription. The billing
period for each service is set when you purchase the service. Not to be confused with the billing period of the subscription
under which you purchased it. You also receive separate bills and your credit card is charged separately.
 Each external service has a different billing model. Some services are billed in a pay-as-you-go fashion while others use a
monthly based payment model. You need a credit card for Azure external services, you can't buy external services with
invoice pay.
 You can't use monthly free credits for external services. If you are using an Azure subscription that includes free credits,
they can't be applied to external service bills. Use a credit card to purchase external services.
View external service spending and history in the Azure portal

You can view a list of the external services that are on each subscription within the Azure portal:
1. Sign in to the Azure portal as the account administrator.

2. In the Hub menu, select Subscriptions.
3. In the Subscriptions blade, select the subscription that you want to view, and then select External services.
4. You should see each of your external service orders, the publisher name, service tier you bought, name you gave the
resource, and the current order status. To see past bills, select an external service.
5. From here, you can view past bill amounts including the tax breakdown.
View external service spending for Enterprise Agreement (EA)

customers
EA customers can see external service spending and download reports in the EA portal. See Azure Marketplace for EA
Customers to get started.
Manage payment methods for external service orders

Update your payment methods for external service orders from the Account Center.
[If you purchased your subscription with a Work or School account, contact support to make changes to your payment method.]
1. Sign in to the Account Center and navigate to the marketplace tab

2. Select the external service you want to manage
3. Click Change payment method on the right side of the page. This link brings you to a different portal to manage your
payment method.
4. Click Edit info and follow instructions to update your payment information.
Cancel an external service order

If you want to cancel your external service order, delete the resource in the Azure portal.
 Get started with your billing account for a Microsoft Customer Agreement
A billing account is created for each agreement you sign with Microsoft to use Azure. You use your billing account to manage
billing and track costs. You can have access to multiple billing accounts. For example, you might have signed up for Azure for
your personal projects. You could also have access to Azure through your organization's Enterprise Agreement or Microsoft
Customer Agreement. For each of these scenarios, you would have a separate billing account.
Agreement.
Understand billing account

Your billing account for the Microsoft Customer Agreement contains one or more billing profiles that let you manage your invoices and
payment methods. Each billing profile contains one or more invoice sections that let you organize costs on the billing profile's invoice.
Roles on the billing account have the highest level of permissions. By default, only global administrators on your organization’s
Azure Active Directory get access to the billing account. These roles should be assigned to users that need to view invoices, and
track costs for your entire organization like finance or IT managers. For more information, see billing account roles and tasks.
Understand billing profiles

Use a billing profile to manage your invoice and payment methods. A monthly invoice is generated for Azure subscriptions and
other products purchased using the billing profile. You use the payments methods to pay the invoice.
A billing profile is automatically created for your billing account. You can create new billing profiles to set up additional
invoices. For example, you may want different invoices for each department or project in your organization.
You can also create invoice sections to organize costs on a billing profile's invoice. Charges for Azure subscriptions and products
purchased for an invoice section show up on the section. The billing profile's invoice includes charges for all invoice sections.
Roles on the billing profiles have permissions to view and manage invoices and payment methods. Assign these roles to users
who pay invoices like members of the accounting team in your organization. For more information, see billing profile roles and
tasks.
Monthly invoice generated for each billing profile
A monthly invoice is generated on the invoice date for each billing profile. The invoice contains all charges for previous month.
You can view the invoice, download documents and change setting to get future invoices by email, in the Azure portal. For more information,
see download invoices for a Microsoft Customer Agreement.
Invoices paid through payment methods
Each billing profile has its own payment methods that are used to pay its invoices. The following payment methods are supported:
Type Definition
Azure credits Credits are automatically applied to the total billed amount on your invoice to calculate the
amount that you need to pay. For more information, see track Azure credit balance for your
billing profile.
Check or wire You can pay the amount due for your invoice either through check or wire transfer. The
transfer instructions for payment are given on the invoice
Control Azure Marketplace and Reservation purchases by applying policies
Apply policies to control purchases made using a billing profile. You can set policies to disable purchase of Azure Reservations and
Marketplace products. When the policies are applied, subscriptions created for the invoice sections in the billing profile can't be
used to purchase Azure Reservations and Marketplace products.
Allow users to create Azure subscriptions by enabling Azure plans
Azure plans are automatically enabled when you create a billing profile. All invoice sections in the billing profile get access to these
plans. Users with access to the invoice section use the plans to create Azure subscriptions. They can't create Azure subscriptions
unless an Azure plan is enabled for the billing profile. The following Azure plans are supported in billing accounts for Microsoft
Customer Agreement:
Plan Definition
Microsoft Azure Allow users to create subscriptions that can run any workloads. For more information,
Plan see Microsoft Azure Plan
Microsoft Azure Allow Visual Studio subscribers to create subscriptions that are restricted for development or
Plan for Dev/Test testing workloads. These subscriptions get benefits such as lower rates and access to exclusive
virtual machine images in the Azure portal. For more information, see Microsoft Azure Plan for
DevTest
Understand invoice sections

Create invoice sections to organize the costs on a billing profile's invoice. For example, you may need a single invoice for your
organization but want to organize costs by department, team, or project. For this scenario, you have a single billing profile
where you create an invoice section for each department, team, or project.
When an invoice section is created, you can give others permission to create Azure subscriptions for the section. Any usage
charges and purchases for the subscriptions are then reflected on the appropriate section of the invoice.
Roles on the invoice section have permissions to control who creates Azure subscriptions. Assign these roles to users who set
up Azure environment for teams in our organization like engineering leads and technical architects. For more information,
see invoice section roles and tasks.


Course AZ-100T02-A: Implementing and Managing Storage

[] []
Course AZ-100T03-A: Deploying and Managing Virtual Machines
[] []
Module 1: Overview of Azure Machines
Project Synopsis:
 Azure Virtual Machines Overview
 Planning Considerations
Azure Virtual Machines Overview

Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically,
we choose a VM when we need more control over the computing environment than the other choices offer. This article gives
we information about what we should consider before we create a VM, how we create it, and how we manage it. An Azure VM
gives we the flexibility of virtualization without having to buy and maintain the physical hardware that runs it. However, we still
need to maintain the VM by performing tasks, such as configuring, patching, and installing the software that runs on it.
Azure virtual machines can be used in various ways. Some examples are:
Development and test – Azure VMs offer a quick and easy way to create a computer with specific configurations required to
code and test an application.
Applications in the cloud – Because demand for wer application can fluctuate, it might make economic sense to run it on a VM
in Azure. We pay for extra VMs when we need them and shut them down when we don’t.
Extended datacenter – Virtual machines in an Azure virtual network can easily be connected to wer organization’s network.
The number of VMs that wer application uses can scale up and out to whatever is required to meet wer needs.
 Planning Considerations
There are always a multitude of design considerations when we build out an application infrastructure in Azure. These aspects
of a VM are important to think about before we start:
 The names of wer application resources

 The location where the resources are stored
 The size of the VM
 The maximum number of VMs that can be created
 The operating system that the VM runs
 The configuration of the VM after it starts
 The related resources that the VM needs
 Naming
A virtual machine has a name assigned to it and it has a computer name configured as part of the operating system. The name
of a VM can be up to 15 characters.
If we use Azure to create the operating system disk, the computer name and the virtual machine name are the same. If we
upload and use wer own image that contains a previously configured operating system and use it to create a virtual machine,
the names can be different. We recommend that when we upload wer own image file, we make the computer name in the
operating system and the virtual machine name the same.
 Locations
All resources created in Azure are distributed across multiple geographical regions around the world. Usually, the region is
called location when we create a VM. For a VM, the location specifies where the virtual hard disks are stored.
 VM Size
The size of the VM that we use is determined by the workload that we want to run. The size that we choose then determines
factors such as processing power, memory, and storage capacity. Azure offers a wide variety of sizes to support many types of
uses. Azure charges an hourly price based on the VM’s size and operating system. For partial hours, Azure charges only for the
minutes used. Storage is priced and charged separately.
 VM Limit
Wer subscription has default quota limits in place that could impact the deployment of many VMs for wer project. The current
limit on a per subscription basis is 20 VMs per region. Limits can be raised by filing a support ticket requesting an increase
 Operating System Disk and Images
Virtual machines use virtual hard disks (VHDs) to store their operating system (OS) and data. VHDs are also used for the images
we can choose from to install an OS. Azure provides many marketplace images to use with various versions and types of
Windows Server operating systems. Marketplace images are identified by image publisher, offer, sku, and version (typically
version is specified as latest). Only 64-bit operating systems are supported. For more information on the supported guest
operating systems, roles, and features, see Microsoft server software support for Microsoft Azure virtual machines .
 Extensions
VM extensions give wer VM additional capabilities through post deployment configuration and automated tasks.
These common tasks can be accomplished using extensions:
 Run custom scripts – The Custom Script Extension helps we configure workloads on the VM by running wer script
when the VM is provisioned.
 Deploy and manage configurations – The PowerShell Desired State Configuration (DSC) Extension helps we set up DSC
on a VM to manage configurations and environments.
 Collect diagnostics data – The Azure Diagnostics Extension helps we configure the VM to collect diagnostics data that
can be used to monitor the health of wer application.
Resource Required Description

Resource Group Yes The VM must be contained in a
Resource group.
Storage account Yes The VM needs the storage account to
Store its virtual hard disks.
Virtual network Yes The VM must be a member of a virtual
Network.
Public IP address No The VM can have a public IP address
assigned to it to remotely access it.
Network interface Yes The VM needs the network interface to
communicate in the network.
Data disks No The VM can include data disks to
expand storage capabilities.
Module 2: Creating Virtual Machines

Project Synopsis:
 Overview of the Virtual Machine Creation Overview
 Creating Virtual Machines in the Azure Portal
 Creating Virtual Machines (PowerShell)
 Creating Virtual Machines using ARM Templates
Overview of the Virtual Machine Creation Overview

We have several choices for creating wer VM. The choice that we make depends on the environment we are in.
This table provides information to get we started creating wer VM.
METHOD ARTICLE
Azure portal Create a virtual machine running Windows using the portal
Templates Create a Windows virtual machine with a Resource Manager template
Azure PowerShell Create a Windows VM using PowerShell
Client SDKs Deploy Azure Resources using C#
REST APIs Create or update a VM
Azure CLI Create a VM with the Azure CLI
VMs can be managed using a browser-based portal, command-line tools with support for scripting, or directly through APIs.
Some typical management tasks that we might perform are getting information about a VM, logging on to a VM, managing
availability, and making backups.
This table shows we some of the ways that we can get information about a VM.
METHOD DESCRIPTION
Azure portal On the hub menu, click Virtual Machines and then select the VM from the list. On the blade
for the VM, we have access to overview information, setting values, and monitoring metrics.
Azure PowerShell For information about using PowerShell to manage VMs, see Create and manage Windows
VMs with the Azure PowerShell module.
REST API Use the Get VM information operation to get information about a VM.
Client SDKs For information about using C# to manage VMs, see Manage Azure Virtual Machines using
Azure Resource Manager and C#.
Azure CLI For information about using Azure CLI to manage VMs, see
Azure CLI Reference.
 Log on to the VM
We use the Connect button in the Azure portal to start a Remote Desktop (RDP) session. Things can sometimes go wrong when
trying to use a remote connection. If this situation happens to we, check out the help information in Troubleshoot Remote
Desktop connections to an Azure virtual machine running Windows.
 Manage Availability
It’s important for we to understand how to ensure high availability for wer application. This configuration involves creating
multiple VMs to ensure that at least one is running. In order for wer deployment to qualify for our 99.95 VM Service Level
Agreement, we need to deploy two or more VMs running wer workload inside an availability set. This configuration ensures
wer VMs are distributed across multiple fault domains and are deployed onto hosts with different maintenance windows. The
full Azure SLA explains the guaranteed availability of Azure as a whole.
 Back up the VM
A Recovery Services vault is used to protect data and assets in both Azure Backup and Azure Site Recovery services. We can use
a Recovery Services vault to deploy and manage backups for Resource Manager-deployed VMs using PowerShell.
Now we will create simple Windows Virtual Machine in [i] Azure Portal, [ii] Azure PowerShell, [iii] Azure CLI & [iv] ARM
Template
[i. 3.2.(a)] Creating VM in the Azure Portal

Azure virtual machines (VMs) can be created through the Azure portal. This method provides a browser-based user interface to
create VMs and their associated resources. This quickstart shows we how to use the Azure portal to deploy a virtual machine
(VM) in Azure that runs Windows Server 2016. To see wer VM in action, we then RDP to the VM and install the IIS web server.
Sign in to Azure
https://portal.azure.com.
A.Create virtual machine

5. Choose Create a resource in the upper left-hand corner of the Azure portal.
6. In the search box above the list of Azure Marketplace resources, search for and select Windows Server
2016 Datacenter, then choose Create.
7. Provide a VM name, such as myVM, leave the disk type as SSD, then provide a username, such as
azureuser. The password must be at least 12 characters long and meet the defined complexity requirements.
8. Choose to Create new resource group, then provide a name, such as customRG. Choose wer
Location, then select OK.
9. Select a size for the VM. We can filter by Compute type or Disk type, for example. A suggested VM size is
D2s_v3. Click Select after we have chosen a size.
10. On the Settings page, in Network > Network Security Group > Select public inbound ports, select HTTP and RDP
(3389) from the drop-down. Leave the rest of the defaults and select OK.
11. On the summary page, select Create to start the VM deployment.
12. The VM is pinned to the Azure portal dashboard. Once the deployment has completed, the VM summary
automatically opens.
B. Connect to virtual machine

Create a remote desktop connection to the virtual machine. These directions tell we how to connect to wer VM
from a Windows computer. On a Mac, we need an RDP client such as this Remote Desktop Client from the Mac
App Store.
1. Click the Connect button on the virtual machine properties page.\

2. In the Connect to virtual machine page, keep the default options to connect by DNS name over port 3389 and click
Download RDP file.
3. 3. Open the downloaded RDP file and click Connect when prompted.
4. 4. In the Windows Security window, select More choices and then Use a different account. Type the username as
vmname\username, enter password we created for the virtual machine, and then click OK.
5. We may receive a certificate warning during the sign-in process. Click Yes or Continue to create the connection.
C. Install web server

To see wer VM in action, install the IIS web server. Open a PowerShell prompt on the VM and run the following
command:
Install-WindowsFeature -name Web-Server –IncludeManagementTools  [PowerShell Command]
When done, close the RDP connection to the VM.
D. View the IIS welcome page

In the portal, select the VM and in the overview of the VM, use the Click to copy button to the right of the IP address to copy it
and paste it into a browser tab.
E. Clean up resources
When no longer needed, we can delete the resource group, virtual machine, and all related resources. To do so, select the
resource group for the virtual machine, select Delete, then confirm the name of the resource group to delete.
[ii.3.2.(a)] Creating VM in the Azure PowerShell

The Azure PowerShell module is used to create and manage Azure resources from the PowerShell command line or in scripts.
Here we will use Windows Powershell on windows 10 platform.
Before creating VM in the Azure PowerShell first time, we have to install PowerShell Module on Windows PowerShell
To install Azure PowerShell on Windows PowerShell
Install-Module Azure  [PowerShell Command]

Install-Module AzureRM  [PowerShell Command]
To Import Module
Set-Execution Policy RemoteSigned  [PowerShell Command]

Import-Module AzureRM  [PowerShell Command]
To Update the Azure PowerShell Module
Update-Module -Name AzureRM  [PowerShell Command]
Above workshop on Windows PowerShell is one time job. After finishing installation and configuration of Azure PowerShell we
need to connect to Azure Account from PowerShell.
To Connect to Azure Account
Connect-AzureRMAccount  [PowerShell Command]
After Connecting to Azure Account, we will create VM, download RDP, connect to it and install IIS Server. Before creating VM,
we need to create Resource Group.
A. To Create Resource Group
New-AzureRMResourceGroup –Name customRG –Location EastUs  [PowerShell Command]
B. To Create New Virtual Machine
New-AzureRMVM [PowerShell Command]

-ResourceGroupName “customRG”
-Name “myVM1”
-VirtualNetworkName “myVnet”
-SubnetName “mySubnet”
-SecurityGroupName “myNetworkSecurityGroup”
-PublicIPAddressName “myPublicIPAddress”
-OpenPorts 80,3389 
C.To Connect to the VM
To Get Public IP Address

Get-AzureRMPublicIPAddress –ResourceGroupName “customRG” | Select “IPAddress”  [PowerShell Command]
D.To Connect to Remote Machine
mstsc /v:[public ip]  [PowerShell Command]
After Connecting to Remote Desktop we need to install IIS Server on VM Powershell
E.To Install Web Server
Install-WindowsFeature -name Web-Server –IncludeManagementTools  [PowerShell Command]
F. View the IIS welcome page

Put the Public IP address into a browser tab and check.
G. To Clean up the resources from PowerShell
Remove-AzureRMResourceGroup -Name customRG  [PowerShell Command]
[ii.3.2.(b)] Creating and Resize the VM in the Azure PowerShell
Azure virtual machines provide a fully configurable and flexible computing environment. This tutorial covers basic Azure virtual
machine deployment items such as selecting a VM size, selecting a VM image, and deploying a VM.
Synopsis of project:
Create and connect to a VM
Select and use VM images
View and use specific VM sizes
Resize a VM
View and understand VM state
Before creating VM in the Azure PowerShell first time, we have to install PowerShell Module on Windows PowerShell
New-AzureRMResourceGroup –Name customRG -Location EastUs  [PowerShell Command]

When creating a virtual machine, several options are available such as operating system image, network configuration, and
administrative credentials. In this example, a virtual machine is created with a specified Windows Image.
 Understand VM images
The Azure marketplace includes many virtual machine images that can be used to create a new virtual machine. In this
step, the PowerShell module is used to search the marketplace for other Windows images, which can also be used as a base for
new VMs. This process consists of finding the publisher, offer, SKU, and optionally a version number to identify the image.
Use the Get-AzureRmVMImagePublisher command to return a list of image publishers:
Get-AzureRmVMImagePublisher -Location "EastUS"  [PowerShell Command]
Use the Get-AzureRmVMImageOffer to return a list of image offers. With this command, the returned list is filtered on
the specified publisher:
Get-AzureRmVMImageOffer -Location "EastUS" -PublisherName "MicrosoftWindowsServer"  [PowerShell Command]
The Get-AzureRmVMImageSku command will then filter on the publisher and offer name to return a list of
image names.
Get-AzureRmVMImageSku -Location "EastUS" -PublisherName "MicrosoftWindowsServer" -Offer "WindowsServer"  [PSC]
The above information can be used to deploy a VM with a specific image.
Before started to create vm we will set the user name and password.
Set the username and password needed for the administrator account on the virtual machine with Get-Credential
$cred = Get-Credential  [PowerShell Command]
This example deploys a virtual machine using the latest version of a Windows Server 2016 with Containers image.
Create the virtual machine with New-AzureRmVM.
New-AzureRmVm [PowerShell Command]

-ResourceGroupName "customRG"
-Name "myVM2"
-Location "EastUS"
-VirtualNetworkName "myVnet"
-SubnetName "mySubnet"
-SecurityGroupName "myNetworkSecurityGroup"
-PublicIpAddressName "myPublicIpAddress2"
-ImageName "MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:latest" `
-Credential $cred
-AsJob 
The -AsJob parameter creates the VM as a background task, so the PowerShell prompts return to we. We can
view details of background jobs with the Get-Job cmdlet.
After completing of VM creation we will connect it by Remote Desktop.
Get-AzureRmPublicIpAddress -ResourceGroupName "customRG" | Select IpAddress  [PowerShell Command]
To Create Remote Desktop
mstsc /v:<publicIpAddress>  [PowerShell Command]
After checking the VM by connecting Remote Desktop, we will resize it.
D.Resize the VM
Understand VM sizes
A virtual machine size determines the amount of compute resources such as CPU, GPU, and memory that are made available to
the virtual machine. Virtual machines need to be created with a size appropriate for the expect workload. If workload
increases, an existing virtual machine can be resized.
The following table categorizes sizes into use cases
Type Common Sizes Description

General Purpose B, Dsv3, Dv3, DSv2, Dv2, Av2, DC Balanced CPU-to-memory. Ideal for dev
/ test and small to medium applications
and data solutions
Compute optimized Fsv2, Fs, F High CPU-to-memory. Good for medium
trafficapplications, network appliances,
and batch processes
Memory optimized Esv3, Ev3, M, GS, G, DSv2, Dv2 High memory-to-core. Great for
relational databases, medium to large
caches, and in-memory analytics.
Storage optimized Lsv2, Ls High disk throughput and IO. Ideal for
Big Data, SQL, and NoSQL databases.
GPU NV, NVv2, NC, NCv2, NCv3, ND, Ndv2 Specialized VMs targeted for heavy
graphic rendering and video editing.
High performance H Our most powerful CPU VMs with
optional high-throughput network
interfaces (RDMA).
Find available VM sizes

To see a list of VM sizes available in a particular region, use the Get-AzureRmVMSize command.
Get-AzureRmVMSize -Location "EastUS"  [PowerShell Command]
Resize a VM
Before resizing a VM, check if the desired size is available on the current VM cluster. The Get-AzureRmVMSize command
returns a list of sizes.
Get-AzureRmVMSize -ResourceGroupName "customRG" -VMName "myVM"  [PowerShell Command]
If the desired size is available, the VM can be resized from a powered-on state, however it is rebooted during the operation.
$vm = Get-AzureRmVM -ResourceGroupName "customRG" -VMName "myVM" 

$vm.HardwareProfile.VmSize = "Standard_D4" 
Update-AzureRmVM -VM $vm -ResourceGroupName "myResourceGroupVM" 
If the size we want is not available on the current cluster, the VM needs to be deallocated before the resize operation can
occur. Deallocating a VM will remove any data on the temp disk, and the public IP address will change unless a static IP address
is being used.
Stop-AzureRmVM [PowerShell Command]

-Name "myVM" -Force 
$vm = Get-AzureRmVM [PowerShell Command]

-VMName "myVM" 
$vm.HardwareProfile.VmSize = "Standard_E2s_v3"  [PowerShell Command]
Update-AzureRmVM -VM $vm [PowerShell Command]

-ResourceGroupName "customRG" 
Start-AzureRmVM [PowerShell Command]

-Name $vm.name 
Find power state

To retrieve the state of a particular VM, use the Get-AzureRmVM command. Be sure to specify a valid name for a virtual
machine and resource group.
Get-AzureRmVM [PowerShell Command]

-ResourceGroupName "myResourceGroupVM"
-Name "myVM"
-Status | Select @{n="Status"; e={$_.Statuses[1].Code}} 
E.Management Tasks
During the lifecycle of a virtual machine, we may want to run management tasks such as starting, stopping, or deleting a virtual
machine. Additionally, we may want to create scripts to automate repetitive or complex tasks.
Stop virtual machine

Stop and deallocate a virtual machine with Stop-AzureRmVM:
Stop-AzureRmVM -ResourceGroupName "customRG" -Name "myVM" -Force  [PowerShell Command]
If we want to keep the virtual machine in a provisioned state, use the -StayProvisioned parameter.
Start virtual machine
Start-AzureRmVM -ResourceGroupName "customRG" -Name "myVM"  [PowerShell Command]
F. To Clean up the resources from PowerShell
[ii. (c)] Manage Azure Disc with Azure PowerShell

Azure virtual machines use disks to store the VMs operating system, applications, and data. When creating a VM it
is important to choose a disk size and configuration appropriate to the expected workload. This tutorial covers
deploying and managing VM disks.
Synopsis of Tutorial:
OS disks and temporary disks
Data disks
Standard and Premium disks
Disk performance
Attaching and preparing data disks
 Default Azure disks

When an Azure virtual machine is created, two disks are automatically attached to the virtual machine.
Operating system disk - Operating system disks can be sized up to 4 terabyte, and hosts the VMs operating system. The OS disk
is assigned a drive letter of c: by default. The disk caching configuration of the OS disk is optimized for OS performance. The OS
disk should not host applications or data. For applications and data, use a data disk, which is detailed later in this article.
Temporary disk - Temporary disks use a solid-state drive that is located on the same Azure host as the VM. Temp disks are
highly performance and may be used for operations such as temporary data processing. However, if the VM is moved to a new
host, any data stored on a temporary disk is removed. The size of the temporary disk is determined by the VM size. Temporary
disks are assigned a drive letter of d: by default.
 Azure data disks

Additional data disks can be added for installing applications and storing data. Data disks should be used in any situation where
durable and responsive data storage is desired. Each data disk has a maximum capacity of 4 terabytes. The size of the virtual
machine determines how many data disks can be attached to a VM. For each VM vCPU, two data disks can be attached.
 VM disk types
Azure provides two types of disk.
Standard disk - Standard Storage is backed by HDDs, and delivers cost-effective storage while still being performance. Standard
disks are ideal for a cost effective dev and test workload.
Premium disk - Premium disks are backed by SSD-based high-performance, low-latency disk. Perfect for VMs running
production workload. Premium Storage supports DS-series, DSv2-series, GS-series, and FS-series VMs. Premium disks come
in five types (P10, P20, P30, P40, P50), the size of the disk determines the disk type. When selecting, a disk size the value is
rounded up to the next type. For example, if the size is below 128 GB the disk type is P10, or between 129 GB and 512 GB the
disk is P20.
 Create and attach disks

To complete the example in this tutorial, we must have an existing virtual machine. If needed, create a virtual machine with
powershell commands.
Synopsis of Tutorial:
Create Virtual Machine
Create Initial Disc Configuration
Create Data Disc
Add the Data Disc to the VM
Check the VM with Data Disc through RDP
New-AzureRMResourceGroup –Name customRG -Location EastUs  [PowerShell Command]
Before started to create vm we will set the user name and password.
Set the username and password needed for the administrator account on the virtual machine with Get-Credential
$cred = Get-Credential  [PowerShell Command]
This example deploys a virtual machine using the latest version of a Windows Server 2016 with Containers image.
Create the virtual machine with New-AzureRmVM.

-Name "myVM2"
-Location "EastUS"
-VirtualNetworkName "myVnet"
-SubnetName "mySubnet"
-SecurityGroupName "myNetworkSecurityGroup"
-PublicIpAddressName "myPublicIpAddress2"
-ImageName "MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:latest" `
-Credential $cred
-AsJob 
The -AsJob parameter creates the VM as a background task, so the PowerShell prompts return to we. We can
view details of background jobs with the Get-Job cmdlet.
Create the initial configuration

Create the initial configuration with New-AzureRmDiskConfig. The following example configures a disk that is 128 gigabytes in
size.
$diskConfig = New-AzureRmDiskConfig [PowerShell Command]

-Location "EastUS"
-CreateOption Empty
-DiskSizeGB 128 
Create the data disk

Get the virtual machine with the New-AzureRmDisk command.
$dataDisk = New-AzureRmDisk [PowerShell Command]

-DiskName "myDataDisk"
-Disk $diskConfig 
Get the virtual machine

Get the virtual machine that we want to add the data disk to with the Get-AzureRmVM command.
$vm = Get-AzureRmVM -ResourceGroupName "customRG" -Name "myVM"  [PowerShell Command]
Add the data disk to the virtual machine
Add the data disk to the virtual machine configuration with the Add-AzureRmVMDataDisk command.
$vm = Add-AzureRmVMDataDisk [PowerShell Command]

-VM $vm
-Name "myDataDisk"
-CreateOption Attach
-ManagedDiskId $dataDisk.Id
-Lun 1 
Update the virtual machine with the Update-AzureRmVM command.
Update-AzureRmVM -ResourceGroupName "customRG" -VM $vm  [PowerShell Command]
C. To Prepare Data Disc
Once a disk has been attached to the virtual machine, the operating system needs to be configured to use the disk. The
following example shows how to manually configure the first disk added to the VM. This process can also be automated using
the custom script extension.
To configured the disc with system we need to connect the system using RDP
Get-AzureRmPublicIpAddress -ResourceGroupName "customRG" | Select IpAddress  [PowerShell Command]
To Create Remote Desktop
mstsc /v:<publicIpAddress>  [PowerShell Command]
To configure the disc with system

After connecting remote desktop, we have to open PowerShell to execute following command
Get-Disk | Where partitionstyle -eq 'raw' |

Initialize-Disk -PartitionStyle MBR -PassThru |
New-Partition -AssignDriveLetter -UseMaximumSize |
Format-Volume -FileSystem NTFS -NewFileSystemLabel "myDataDisk" -Confirm:$false  [PowerShell Command]
D. To Clean up the resources from PowerShell
[iii.3.2.(a)] Creating VM in the Azure CLI 2.0

The Azure CLI 2.0 is used to create and manage Azure resources from the command line or in scripts.
We need to install Azure CLI 2.0
First we need to connect to Azure Account.

To Connect to Azure Account through Windows PowerShell (Azure CLI Command)
az login -u [azure id] -p [account password] [CLI Command]

az group create –name customRG –location EastUs [CLI Command]
az vm create [CLI Command]

--resource-group customRG
--name vmVm1
--image Win2016datacenter
--admin-username azureuser
--admin-password myPassword18
C.To Open Port 80 for Web Traffic
az vm open-port --port 80 --resource-group customRG --name myVm1 [CLI Command]
mstsc /v:[public ip] [CLI Command]
E.To Install Web Server
Install-WindowsFeature -name Web-Server –IncludeManagementTools [PowerShell Command]
F. View the IIS welcome page

Put the Public IP address into a browser tab and check.
G. To Clean up the resources from PowerShell
az group delete --name customRG [CLI Command]
[iv (a)] Creating VM using Azure ARM Template
Module 3: Deploying Virtual Machine Images

Custom images are like marketplace images, but we create them werself. Custom images can be used to bootstrap
configurations such as preloading applications, application configurations, and other OS configurations. In this tutorial, we
create wer own custom image of an Azure virtual machine.
Project Synopsis:
 Deploying Custom Images
 Deploying Linux Virtual Machines
Deploying Custom Images

In this project we will do:
Sysprep and generalize VMs

Create a custom image
Create a VM from a custom image
List all the images in wer subscription
Delete an image
[i.3.3.(a)] Create a Custom Image of a Windows VM into Azure Portal
 Create a managed image of a generalized VM in Azure
A managed image resource can be created from a generalized virtual machine (VM) that is stored as either a managed disk or
an unmanaged disk in a storage account. The image can then be used to create multiple VMs.
Before generalize the VM we need to deploy a Virtual Machine. We can do it into Azure Portal or Azure PowerShell or Azure
CLI. Here we will create a VM using Azure Portal.
Sign in to Azure

2016 datacenter, then choose Create.
4. Choose to Create new resource group, then provide a name, such as customRG. Choose wer
6. On the Settings page, in Network > Network Security Group > Select public inbound ports, select HTTP and
RDP (3389) from the drop-down. Leave the rest of the defaults and select OK.
B. Connect to virtual machine

Create a remote desktop connection to the virtual machine. These directions tell we how to connect to wer VM
from a Windows computer. On a Mac, we need an RDP client such as this Remote Desktop Client from the Mac
App Store.
1. Click the Connect button on the virtual machine properties page.\

2. In the Connect to virtual machine page, keep the default options to connect by DNS name over port 3389 and click
Download RDP file.
3. 3. Open the downloaded RDP file and click Connect when prompted.
4. 4. In the Windows Security window, select More choices and then Use a different account. Type the username as
vmname\username, enter password we created for the virtual machine, and then click OK.
5. We may receive a certificate warning during the sign-in process. Click Yes or Continue to create the connection.
C. Generalize the Windows VM using Sysprep
To generalize wer Windows VM, follow these steps:
1. Sign in to wer Windows VM (do above step using RDP, not required if already done).
2. Open a Command Prompt window as an administrator. Change the directory to %windir%\system32\sysprep, and then
run sysprep.exe.
3. In the System Preparation Tool dialog box, select Enter System Out-of-Box Experience (OOBE) and select
the Generalize check box.
4. For Shutdown Options, select Shutdown.
5. Select OK.
6. When Sysprep completes, it shuts down the VM. Do not restart the VM.
D.Create a Managed Imaged using the Portal
1. Open the Azure portal.

2. In the menu on the left, select Virtual machines and then select the VM from the list.
3. In the Virtual machine page for the VM, on the upper menu, select Capture. The Create Image page appears
4. For Name, either accept the pre-populated name or enter a name that we would like to use for the image.
5. For Resource group, either select Create new and enter a name, or select Use existing and select a resource group to
use from the drop-down list.
6. If we want to delete the source VM after the image has been created, select Automatically delete this virtual machine
after creating the image.
7. If we want the ability to use the image in any availability zone, select On for Zone resiliency.
8. Select Create to create the image.
9. After the image is created, we can find it as an Image resource in the list of resources in the resource group.
E.Create a VM from Image using Azure Portal
Now we can create multiple virtual machines (VMs) from an Azure managed VM image using the Azure portal. The managed
VM image contains the information necessary to create a VM, including the OS and data disks. The virtual hard disks (VHDs)
that make up the image, including both the OS disks and any data disks, are stored as managed disks.
1. Open the Azure portal.

2. On the left menu, select All resources. We can sort the resources by Type to easily find wer images.
3. Select the image we want to use from the list. The image Overview page opens.
4. Select Create VM from the menu.
5. Enter the virtual machine information. The user name and password entered here will be used to log in to the virtual
machine. When complete, select OK. We can create the new VM in an existing resource group, or choose Create new to
create a new resource group to store the VM.
6. Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.
7. Under Settings, make changes as necessary and select OK.
8. On the summary page, we should see wer image name listed as a Private image. Select Ok to start the virtual machine
deployment.
F. Clean up resources
[i.3.3.(b)] Create a Custom Image of a Windows VM into Azure PowerShell
 Generalize the Windows VM

A managed image resource can be created from a generalized virtual machine (VM) that is stored as either a managed disk or
an unmanaged disk in a storage account. The image can then be used to create multiple VMs.
Before generalize the VM we need to deploy a Virtual Machine. We can do it into Azure PowerShell

-Name “myVM1”
E. Generalize the Windows VM using Sysprep
To generalize wer Windows VM, follow these steps:
1. Sign in to wer Windows VM (do above step using RDP, not required if already done).
2. Open a Command Prompt window as an administrator. Change the directory to %windir%\system32\sysprep, and then
run sysprep.exe.
3. In the System Preparation Tool dialog box, select Enter System Out-of-Box Experience (OOBE) and select
the Generalize check box.
4. For Shutdown Options, select Shutdown.
5. Select OK.
6. When Sysprep completes, it shuts down the VM. Do not restart the VM.
F. To Deallocate the Windows VM
To create an image, the VM needs to be deallocated and marked as generalized in Azure.
Deallocated the VM using Stop-AzureRmVM.
Stop-AzureRmVM -ResourceGroupName customRG -Name myVM -Force  [PowerShell Command]
Set the status of the virtual machine to -Generalized using Set-AzureRmVm.
Set-AzureRmVM -ResourceGroupName customRG -Name myVM -Generalized  [PowerShell Command]
G. Create an Image
Now we can create an image of the VM by using New-AzureRmImageConfig and New-AzureRmImage. The following example
creates an image named myImage from a VM named myVM.
Get the virtual machine.
$vm = Get-AzureRmVM -Name myVM -ResourceGroupName customRG  [PowerShell Command]
Create the image configuration.
$image = New-AzureRmImageConfig -Location EastUS -SourceVirtualMachineId $vm.ID  [PowerShell Command]
Create the image.
New-AzureRmImage -Image $image -ImageName myImage -ResourceGroupName customRG  [PowerShell Command]
G. Create VMs from Image
Now that we have an image, we can create one or more new VMs from the image. Creating a VM from a custom image is
similar to creating a VM using a Marketplace image. When we use a Marketplace image, we have to provide the information
about the image, image provider, offer, SKU, and version. Using the simplified parameter set for the cmdlet, we just need to
provide the name of the custom image as long as it is in the same resource group.
This example creates a VM named myVMfromImage from the myImage, in the customRG.

-Name "myVMfromImage"
-ImageName "myImage"
-Location "East US"
-VirtualNetworkName "myImageVnet"
-SubnetName "myImageSubnet"
-SecurityGroupName "myImageNSG"
-PublicIpAddressName "myImagePIP"
-OpenPorts 3389 
G. Image Management
Here are some examples of common managed image tasks and how to complete them using PowerShell.
List all images by name.
$images = Get-AzureRMResource -ResourceType Microsoft.Compute/images  [PowerShell Command]

$images.name
Delete an image. This example deletes the image named myOldImage from the myResourceGroup.
Remove-AzureRmImage [PowerShell Command]

-ImageName myOldImage
-ResourceGroupName myResourceGroup 
H. To Clean up the resources from PowerShell
[ii.3.3 (a)] Create a Custom Image of a Linux VM into Azure PowerShell
-------------------------------------------------------------------------------------------------------------
Module 4: Configuring Virtual Machines

In this module, you will learn about the two main configuration areas for virtual machines: networking and storage. In the
networking lesson, we will cover IP addressing, network interfaces, and network security groups. In the storage lesson, we will
cover virtual machine disks, managed disks, attaching/detaching disks, and uploading disks.
Project Synopsis:
 Overview of Virtual Machine Configuration
 Virtual Machine Networking
 Virtual Machine Storage
Azure Virtual Machine Networking
Azure Virtual Network
 What is Azure Virtual Network?
Azure Virtual Network enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate
with each other, the internet, and on-premises networks. A virtual network is scoped to a single region; however, multiple
virtual networks from different regions can be connected together using Virtual Network Peering.
Azure Virtual Network provides the following key capabilities:
 Isolation and segmentation
You can implement multiple virtual networks within each Azure subscription and Azure region. Each virtual network is isolated
from other virtual networks. For each virtual network you can:
 Specify a custom private IP address space using public and private (RFC 1918) addresses. Azure assigns resources in a
virtual network a private IP address from the address space that you assign.
 Segment the virtual network into one or more subnets and allocate a portion of the virtual network's address space to
each subnet.
 Use Azure-provided name resolution, or specify your own DNS server, for use by resources in a virtual network.
 Communicate with the internet
All resources in a virtual network can communicate outbound to the internet, by default. You can communicate inbound to a
resource by assigning a public IP address or a public Load Balancer. You can also use public IP or public Load Balancer to
manage your outbound connections. To learn more about outbound connections in Azure, see Outbound connections, Public IP
addresses, and Load Balancer.
[Note: When using only an internal Standard Load Balancer, outbound connectivity is not available until you define how you
want outbound connections to work with an instance-level public IP or a public Load Balancer.]
 Communicate between Azure resources
Azure resources communicate securely with each other in one of the following ways:
 Through a virtual network: You can deploy VMs, and several other types of Azure resources to a virtual network, such as
Azure App Service Environments, the Azure Kubernetes Service (AKS), and Azure Virtual Machine Scale Sets. To view a
complete list of Azure resources that you can deploy into a virtual network, see Virtual network service integration.
 Through a virtual network service endpoint: Extend your virtual network private address space and the identity of your
virtual network to Azure service resources, such as Azure Storage accounts and Azure SQL databases, over a direct
connection. Service endpoints allow you to secure your critical Azure service resources to only a virtual network. To learn
more, see Virtual network service endpoints overview.
 Communicate with on-premises resources
You can connect your on-premises computers and networks to a virtual network using any combination of the following
options:
 Point-to-site virtual private network (VPN): Established between a virtual network and a single computer in your
network. Each computer that wants to establish connectivity with a virtual network must configure its connection. This
connection type is great if you're just getting started with Azure, or for developers, because it requires little or no
changes to your existing network. The communication between your computer and a virtual network is sent through an
encrypted tunnel over the internet. To learn more, see Point-to-site VPN.
 Site-to-site VPN: Established between your on-premises VPN device and an Azure VPN Gateway that is deployed in a
virtual network. This connection type enables any on-premises resource that you authorize to access a virtual network.
The communication between your on-premises VPN device and an Azure VPN gateway is sent through an encrypted
tunnel over the internet. To learn more, see Site-to-site VPN.
 Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is
private. Traffic does not go over the internet. To learn more, see ExpressRoute.
 Filter network traffic
You can filter network traffic between subnets using either or both of the following options:
 Security groups: Network security groups and application security groups can contain multiple inbound and outbound
security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and
protocol. To learn more, see Network security groups or Application security groups.
 Network virtual appliances: A network virtual appliance is a VM that performs a network function, such as a firewall,
WAN optimization, or other network function. To view a list of available network virtual appliances that you can deploy
in a virtual network, see Azure Marketplace.
 Route network traffic
Azure routes traffic between subnets, connected virtual networks, on-premises networks, and the Internet, by default. You can
implement either or both of the following options to override the default routes Azure creates:
 Route tables: You can create custom route tables with routes that control where traffic is routed to for each subnet.
Learn more about route tables.
 Border gateway protocol (BGP) routes: If you connect your virtual network to your on-premises network using an Azure
VPN Gateway or ExpressRoute connection, you can propagate your on-premises BGP routes to your virtual networks.
Learn more about using BGP with Azure VPN Gateway and ExpressRoute.
[i.3.4.(a)] Create a Virtual Network using Azure Portal
Sign in to Azure
A. Create a Virtual Network
1. On the upper-left side of the screen, select Create a resource > Networking > Virtual network.
2. In Create virtual network, enter or select this information:
Setting Value
Name Enter myVirtualNetwork.
Address space Enter 10.1.0.0/16.
Subscription Select your subscription.
Resource group Select Create new, enter customRG, then select OK.
Location Select East US.
Subnet - Name Enter myVirtualSubnet.
Subnet - Address range Enter 10.1.0.0/24.
3. Leave the rest of the defaults and select Create.
B. Create Virtual Machines
Create two VMs in the virtual network:
Create the first VM
1. On the upper-left side of the screen, select Create a resource > Compute > Windows Server 2016 Datacenter.
2. In Create a virtual machine - Basics, enter or select this information:
Setting Value
PROJECT DETAILS
Resource group Select MyResourceGroup. You created it in the last section.
INSTANCE DETAILS
Virtual machine name Enter myVm1.
Region Select East US.
Availability options Leave the default No infrastructure redundancy required.
Image Leave the default Windows Server 2016 Datacenter.
Size Leave the default Standard DS1 v2.
ADMINISTRATOR
ACCOUNT
Username Enter a user name of your choosing.
Password Enter a password of your choosing. The password must be at least 12 characters
long and meet the defined complexity requirements.
Confirm Password Re enter password.
INBOUND PORT RULES
Public inbound ports Leave the default None.
SAVE MONEY
Already have a Windows Leave the default No.
license?
3. Select Next : Disks.

4. In Create a virtual machine - Disks, leave the defaults and select Next : Networking.
5. In Create a virtual machine - Networking, select this information:
Setting Value
Virtual network Leave the default myVirtualNetwork.
Subnet Leave the default myVirtualSubnet (10.1.0.0/24).
Public IP Leave the default (new) myVm-ip.
Network security ports Select Allow selected ports.
Select inbound ports Select HTTP and RDP.
6. Select Next : Management.

7. In Create a virtual machine - Management, for Diagnostics storage account, select Create New.
8. In Create storage account, enter or select this information:
Setting Value
Name Enter akmvmstorageaccount.
Account kind Leave the default Storage (general purpose v1).
Performance Leave the default Standard.
Replication Leave the default Locally-redundant storage (LRS).
9. Select OK
10. Select Review + create. You're taken to the Review + create page and Azure validates your configuration.
11. When you see that Validation passed, select Create.
Create the second VM
1. Complete steps 1 and 9 from above.
Note: In step 2, for the Virtual machine name, enter myVm2. In step 7, for Diagnosis storage account, make sure you
select akmstorage2537.
2. Select Review + create. You're taken to the Review + create page and Azure validates your configuration.
3. When you see that Validation passed, select Create.
C. Connect to the VM from the Internet
After you've created myVm1, connect to it over the internet.
1. In the portal's search bar, enter myVm1.

2. Select the Connect button.
After selecting the Connect button, Connect to virtual machine opens.
3. Select Download RDP File. Azure creates a Remote Desktop Protocol (.rdp) file and downloads it to your computer.
4. Open the downloaded .rdp file.
a. If prompted, select Connect.

b. Enter the user name and password you specified when creating the VM.
Note: You may need to select More choices > Use a different account, to specify the credentials you entered when you created
the VM.
5. Select OK.
6. You may receive a certificate warning during the sign in process. If you receive a certificate warning,
select Yes or Continue.
7. Once the VM desktop appears, minimize it to go back to your local desktop.
C. Communicate between VMs
1. In the Remote Desktop of myVm1, open PowerShell.

2. Enter ping myVm2.
The ping fails, because ping uses the Internet Control Message Protocol (ICMP). By default, ICMP isn't allowed through the
Windows firewall.
3. To allow myVm2 to ping myVm1 in a later step, enter this command:
New-NetFirewallRule –DisplayName “Allow ICMPv4-In” –Protocol ICMPv4  [PowerShell Command]
This command allows ICMP inbound through the Windows firewall:
4. Close the remote desktop connection to myVm1.

5. Complete the steps in Connect to a VM from the internet again, but connect to myVm2.
6. From a command prompt, enter ping myvm1.
You receive replies from myVm1, because you allowed ICMP through the Windows firewall on the myVm1 VM in a
previous step.
C. Cleanup Resource
When you're done with the virtual network, and the VMs, delete the resource group and all of the resources it contains:
1. Enter myResourceGroup in the Search box at the top of the portal.

2. When you see myResourceGroup in the search results, select it.
3. Select Delete resource group.
4. Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME and select Delete.
[i.3.4.(b)] Create a Virtual Network using Azure PowerShell
A. Create a Virtual Network
Before you can create a virtual network, you have to create a resource group to host the virtual network.
To Create Resource Group
Create a resource group with New-AzureRmResourceGroup. This example creates a resource group
named myResourceGroup in the EastUs location:
To Create a Virtual Network
Create a virtual network with New-AzureRmVirtualNetwork. This example creates a default virtual network
named myVirtualNetwork in the EastUS location:
$virtualNetwork = New-AzureRmVirtualNetwork [PowerShell Command]

-ResourceGroupName customRG
-Location EastUS
-Name myVirtualNetwork
-AddressPrefix 10.0.0.0/16 
Add a Subnet
Azure deploys resources to a subnet within a virtual network, so you need to create a subnet. Create a subnet configuration
named default with Add-AzureRmVirtualNetworkSubnetConfig:
$subnetConfig = Add-AzureRmVirtualNetworkSubnetConfig [PowerShell Command]

-Name default
-AddressPrefix 10.0.0.0/24
-VirtualNetwork $virtualNetwork 
Associate the Subnet to Virtual Network
You can write the subnet configuration to the virtual network with Set-AzureRmVirtualNetwork. This command creates the
subnet:
$virtualNetwork | Set-AzureRmVirtualNetwork
B.Create Virtual Machines
Create two VMs in the virtual network.
Create the first VM
Create the first VM with New-AzureRmVM. When you run the next command, you're prompted for credentials. Enter a user
name and password for the VM:

-ResourceGroupName "myResourceGroup" `
-Location "East US"
-VirtualNetworkName "myVirtualNetwork" `
-SubnetName "default"
-Name "myVm1"
-AsJob 
The -AsJob option creates the VM in the background. You can continue to the next step.

Create the second VM with this command:

-ResourceGroupName "myResourceGroup"
-VirtualNetworkName "myVirtualNetwork"
-SubnetName "default"
-Name "myVm2" 
C.Connect to a VM from Internet
To Connect to Remote Machine

A Remote Desktop Protocol (.rdp) file downloads to your computer and a Remote Desktop opens.
1. If prompted, select Connect.

2. Enter the user name and password you specified when creating the VM.
3. Select OK.
4. You may receive a certificate warning. If you do, select Yes or Continue.
D. Communicate between VMs
1. In the Remote Desktop of myVm1, open PowerShell.

2. Enter ping myVm2.
The ping fails, because it uses the Internet Control Message Protocol (ICMP). By default, ICMP isn't allowed through your
Windows firewall.
3. To allow myVm2 to ping myVm1 in a later step, enter this command:
New-NetFirewallRule –DisplayName “Allow ICMPv4-In” –Protocol ICMPv4  [PowerShell Command]
This command lets ICMP inbound through the Windows firewall.

5. Repeat the steps in Connect to a VM from the internet. This time, connect to myVm2.
6. From a command prompt on the myVm2 VM, enter ping myvm1.
You receive replies from myVm1, because you allowed ICMP through the Windows firewall on the myVm1 VM in a previous
step.
E. To Clean up the resources from PowerShell
[i.3.4.(C)] Create a Virtual Network using Azure CLI
A.To Create Virtual Network
Before you can create a virtual network, you have to create a resource group to host the virtual network.
To Create Resource Group
az group create –name customRG –location EastUs  [CLI Command]
To Create a Virtual Network
Create a virtual network with az network vnet create. This example creates a default virtual network
named myVirtualNetwork with one subnet named default:
az network vnet create
--name myVirtualNetwork
--resource-group myResourceGroup
--subnet-name default 
B.To Create New Virtual Machine
Create two Linux Ubuntu VMs in the virtual network.
Create the first VM

--resource-group myResourceGroup \
--name myVm1 \
--image UbuntuLTS \
--no-wait 

Create the second VM with this command:
az vm create \
--name myVm2 \
--image UbuntuLTS \
--admin-password myPassword18 
Take note of the Public IP Address from output
C. Connect to a VM from Internet
Connect to a VM from Internet

In this command, replace <publicIpAddress> with the public IP address of your myVm2 VM:
ssh <publicIpAddress> 
D. Communicate between VMs
To confirm private communication between the myVm2 and myVm1 VMs, enter this command:
ping myVm1 -c 4 
You'll receive four replies from 10.0.0.4.
Exit the SSH session with the myVm2 VM.
E. To Clean up the resources from PowerShell
az group delete --name customRG  [CLI Command]

Azure IP Address Overview
 IP address types and allocation methods in Azure
You can assign IP addresses to Azure resources to communicate with other Azure resources, your on-premises network, and
the Internet. There are two types of IP addresses you can use in Azure:
 Public IP addresses: Used for communication with the Internet, including Azure public-facing services.
 Private IP addresses: Used for communication within an Azure virtual network (VNet), and your on-premises network,
when you use a VPN gateway or ExpressRoute circuit to extend your network to Azure.
You can also create a contiguous range of static public IP addresses through a public IP prefix. Learn about a public IP prefix.
[Note: Azure has two different deployment models for creating and working with resources: Resource Manager and classic.
This article covers using the Resource Manager deployment model, which Microsoft recommends for most new deployments
instead of the classic deployment model.]
Public IP addresses
Public IP addresses allow Internet resources to communicate inbound to Azure resources. Public IP addresses also
enable Azure resources to communicate outbound to Internet and public-facing Azure services with an IP address
assigned to the resource. The address is dedicated to the resource, until it is unassigned by you. If a public IP
address is not assigned to a resource, the resource can still communicate outbound to the Internet, but Azure
dynamically assigns an available IP address that is not dedicated to the resource. For more information about
outbound connections in Azure, see Understand outbound connections.
In Azure Resource Manager, a public IP address is a resource that has its own properties. Some of the resources you
can associate a public IP address resource with are:
 Virtual machine network interfaces

 Internet-facing load balancers
 VPN gateways
 Application gateways
IP address version: Public IP addresses are created with an IPv4 or IPv6 address. Public IPv6 addresses can only be
assigned to Internet-facing load balancers.
SKU: Public IP addresses are created with one of the following SKUs:
[Important: Matching SKUs must be used for load balancer and public IP resources. You can't have a mixture of basic SKU
resources and standard SKU resources. You can't attach standalone virtual machines, virtual machines in an availability set
resource, or a virtual machine scale set resources to both SKUs simultaneously. New designs should consider using Standard
SKU resources. Please review Standard Load Balancer for details.]
Basic: All public IP addresses created before the introduction of SKUs are Basic SKU public IP addresses. With the introduction
of SKUs, you have the option to specify which SKU you would like the public IP address to be. Basic SKU addresses are:
 Assigned with the static or dynamic allocation method.

 Are open by default. Network security groups are recommended but optional for restricting inbound or outbound traffic.
 Assigned to any Azure resource that can be assigned a public IP address, such as network interfaces, VPN Gateways,
Application Gateways, and Internet-facing load balancers.
 Can be assigned to a specific zone.
 Not zone redundant. To learn more about availability zones, see Availability zones overview.
Standard: Standard SKU public IP addresses are:
 Assigned with the static allocation method only.

 Are secure by default and closed to inbound traffic. You must explicit whitelist allowed inbound traffic with a network
security group.
 Assigned to network interfaces, public standard load balancers, Application Gateways, or VPN Gateways. For more
information about Azure standard load balancers, see Azure standard load balancer.
 Zone redundant by default. Can be created zonal and guaranteed in a specific availability zone. To learn more about
availability zones, see Availability zones overview and Standard Load Balancer and Availability Zones.
Allocation method
Both basic and standard SKU public IP addresses support the static allocation method. The resource is assigned an IP address at
the time it is created and the IP address is released when the resource is deleted.
Basic SKU public IP addresses also support a dynamic allocation method, which is the default if allocation method is not
specified. Selecting dynamic allocation method for a basic public IP address resource means the IP address is not allocated at
the time of the resource creation. The public IP address is allocated when you associate the public IP address with a virtual
machine or when you place the first virtual machine instance into the backend pool of a basic load balancer. The IP address is
released when you stop (or delete) the resource. After being released from resource A, for example, the IP address can be
assigned to a different resource. If the IP address is assigned to a different resource while resource A is stopped, when you
restart resource A, a different IP address is assigned. If you change the allocation method of a basic public IP address resource
from static to dynamic, the address is released. To ensure the IP address for the associated resource remains the same, you can
set the allocation method explicitly to static. A static IP address is assigned immediately.
[Note: Even when you set the allocation method to static, you cannot specify the actual IP address assigned to the public IP
address resource. Azure assigns the IP address from a pool of available IP addresses in the Azure location the resource is
created in.]
Static public IP addresses are commonly used in the following scenarios:
 When you must update firewall rules to communicate with your Azure resources.
 DNS name resolution, where a change in IP address would require updating A records.
 Your Azure resources communicate with other apps or services that use an IP address-based security model.
 You use SSL certificates linked to an IP address.
[Note: Azure allocates public IP addresses from a range unique to each region in each Azure cloud. You can download the list of
ranges (prefixes) for the Azure Public, US government, China, and Germany clouds.]
DNS hostname resolution
You can specify a DNS domain name label for a public IP resource, which creates a mapping
for domainnamelabel.location.cloudapp.azure.com to the public IP address in the Azure-managed DNS servers. For instance, if
you create a public IP resource with contoso as a domainnamelabel in the West US Azure location, the fully qualified domain
name (FQDN) contoso.westus.cloudapp.azure.com resolves to the public IP address of the resource. You can use the FQDN to
create a custom domain CNAME record pointing to the public IP address in Azure. Instead of, or in addition to, using the DNS
name label with the default suffix, you can use the Azure DNS service to configure a DNS name with a custom suffix that
resolves to the public IP address. For more information, see Use Azure DNS with an Azure public IP address.
Internet-facing load balancers
You can associate a public IP address created with either SKU with an Azure Load Balancer, by assigning it to the load
balancer frontend configuration. The public IP address serves as a load-balanced virtual IP address (VIP). You can assign either a
dynamic or a static public IP address to a load balancer front-end. You can also assign multiple public IP addresses to a load
balancer front-end, which enables multi-VIP scenarios like a multi-tenant environment with SSL-based websites. For more
information about Azure load balancer SKUs, see Azure load balancer standard SKU.
VPN gateways
An Azure VPN Gateway connects an Azure virtual network to other Azure virtual networks, or to an on-premises network. A
public IP address is assigned to the VPN Gateway to enable it to communicate with the remote network. You can only assign
a dynamic basic public IP address to a VPN gateway.
Application gateways
You can associate a public IP address with an Azure Application Gateway, by assigning it to the
gateway's frontend configuration. This public IP address serves as a load-balanced VIP. You can only assign a dynamic basic
public IP address to an application gateway frontend configuration.
Private IP addresses
Private IP addresses allow Azure resources to communicate with other resources in a virtual networkor an on-premises
network through a VPN gateway or ExpressRoute circuit, without using an Internet-reachable IP address.
In the Azure Resource Manager deployment model, a private IP address is associated to the following types of Azure resources:
 Virtual machine network interfaces

 Internal load balancers (ILBs)
 Application gateways
IP address version
Private IP addresses are created with an IPv4 or IPv6 address. Private IPv6 addresses can only be assigned with the dynamic
allocation method. You cannot communicate between private IPv6 addresses on a virtual network. You can communicate
inbound to a private IPv6 address from the Internet, through an Internet-facing load balancer. See Create an Internet-facing
load balancer with IPv6 for details.
Allocation method
A private IP address is allocated from the address range of the virtual network subnet a resource is deployed in. Azure reserves
the first four addresses in each subnet address range, so the addresses cannot be assigned to resources. For example, if the
subnet's address range is 10.0.0.0/16, addresses 10.0.0.0-10.0.0.3 cannot be assigned to resources. IP addresses within the
subnet's address range can only be assigned to one resource at a time.
There are two methods in which a private IP address is allocated:
 Dynamic: Azure assigns the next available unassigned or unreserved IP address in the subnet's address range. For
example, Azure assigns 10.0.0.10 to a new resource, if addresses 10.0.0.4-10.0.0.9 are already assigned to other
resources. Dynamic is the default allocation method. Once assigned, dynamic IP addresses are only released if a network
interface is deleted, assigned to a different subnet within the same virtual network, or the allocation method is changed
to static, and a different IP address is specified. By default, Azure assigns the previous dynamically assigned address as
the static address when you change the allocation method from dynamic to static.
 Static: You select and assign any unassigned or unreserved IP address in the subnet's address range. For example, if a
subnet's address range is 10.0.0.0/16 and addresses 10.0.0.4-10.0.0.9 are already assigned to other resources, you can
assign any address between 10.0.0.10 - 10.0.255.254. Static addresses are only released if a network interface is deleted.
If you change the allocation method to dynamic, Azure dynamically assigns the previously assigned static IP address as
the dynamic address, even if the address isn't the next available address in the subnet's address range. The address also
changes if the network interface is assigned to a different subnet within the same virtual network, but to assign the
network interface to a different subnet, you must first change the allocation method from static to dynamic. Once you've
assigned the network interface to a different subnet, you can change the allocation method back to static, and assign an
IP address from the new subnet's address range.
Internal DNS hostname resolution (for virtual machines)
All Azure virtual machines are configured with Azure-managed DNS servers by default, unless you explicitly configure custom
DNS servers. These DNS servers provide internal name resolution for virtual machines that reside within the same virtual
network.
When you create a virtual machine, a mapping for the hostname to its private IP address is added to the Azure-managed DNS
servers. If a virtual machine has multiple network interfaces, or multiple IP configurations for a network interface the hostname
is mapped to the private IP address of the primary IP configuration of the primary network interface.
Virtual machines configured with Azure-managed DNS servers are able to resolve the hostnames of all virtual machines within
the same virtual network to their private IP addresses. To resolve host names of virtual machines in connected virtual
networks, you must use a custom DNS server.
Internal load balancers (ILB) & Application gateways
You can assign a private IP address to the front-end configuration of an Azure Internal Load Balancer (ILB) or an Azure
Application Gateway. This private IP address serves as an internal endpoint, accessible only to the resources within its virtual
network and the remote networks connected to the virtual network. You can assign either a dynamic or static private IP
address to the front-end configuration.
[ii.3.4.(a)] Create a Virtual Machine with Static Public IP using Azure Portal
Sign in to Azure
A. Create a Virtual Machine
1. Select + Create a resource found on the upper, left corner of the Azure portal.
2. Select Compute, and then select Windows Server 2016 VM, or another operating system of your choosing.
3. Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK:
Setting Value
Name myVM
User name Enter a user name of your choosing.
Password Enter a password of your choosing. The password must be at least 12 characters long and
meet the defined complexity requirements.
Resource Select Use existing and select myResourceGroup.
group
Location Select East US
4. Select a size for the VM and then select Select.

5. Under Settings, select Public IP address.
6. Enter myPublicIpAddress, select Static, and then select OK,
If the public IP address must be a standard SKU, select Standard under SKU. Learn more about Public IP address SKUs. If the
virtual machine will be added to the back-end pool of a public Azure Load Balancer, the SKU of the virtual machine's public IP
address must match the SKU of the load balancer's public IP address. For details, see Azure Load Balancer.
7. Select a port, or no ports under Select public inbound ports. Portal 3389 is selected, to enable remote access to the
Windows Server virtual machine from the internet. Opening port 3389 from the internet is not recommended for
production workloads.
8. Accept the remaining default settings and select OK.

9. On the Summary page, select Create. The virtual machine takes a few minutes to deploy.
10. Once the virtual machine is deployed, enter myPublicIpAddress in the search box at the top of the portal.
When myPublicIpAddress appears in the search results, select it.
11. You can view the public IP address that is assigned, and that the address is assigned to the myVM virtual machine
Azure assigned a public IP address from addresses used in the region you created the virtual machine in. You can download the
list of ranges (prefixes) for the Azure Public, US government, China, and Germany clouds.
12. Select Configuration to confirm that the assignment is Static.
[Warning: Do not modify the IP address settings within the virtual machine's operating system. The operating system is
unaware of Azure public IP addresses. Though you can add private IP address settings to the operating system, we
recommend not doing so unless necessary, and not until after reading Add a private IP address to an operating system.]
B.To Clean up the resources from Azure Portal
When no longer needed, delete the resource group and all of the resources it contains:
1. Enter myResourceGroup in the Search box at the top of the portal. When you see myResourceGroup in the search
results, select it.
2. Select Delete resource group.
3. Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME: and select Delete.
[ii.3.4.(b)] Create a Virtual Machine with Static Public IP using Azure PowerShell
Create a virtual machine with the New-AzureRmVM command. The
-AllocationMethod "Static" option assigns a static public IP address to the virtual machine. The following example creates a
Windows Server virtual machine with a static, basic SKU public IP address named myPublicIpAddress. When prompted, provide
a username and password to be used as the sign in credentials for the virtual machine:

-Name “myVM1”
-AllocationMethod "Static"
If the public IP address must be a standard SKU, you have to create a public IP address, create a network interface, assign the
public IP address to the network interface, and then create a virtual machine with the network interface, in separate steps.
Learn more about Public IP address SKUs. If the virtual machine will be added to the back-end pool of a public Azure Load
Balancer, the SKU of the virtual machine's public IP address must match the SKU of the load balancer's public IP address. For
details, see Azure Load Balancer.
C.To View the Public IP Address Assign to VM
Views the public IP address assigned and confirm that it was created as a static address, with Get-AzureRmPublicIpAddress:
Get-AzureRmPublicIpAddress ` [PowerShell Command]

-ResourceGroupName "customRG" `
-Name "myPublicIpAddress" | Select "IpAddress", "PublicIpAllocationMethod" | Format-Table 
D.Clean up Resource
Remove-AzureRmResourceGroup -Name myResourceGroup -Force  [PowerShell Command]
[ii.3.4.(c)] Create a Virtual Machine with Static Public IP using Azure CLI
After Connecting to Azure Account, we will create VM. Before creating VM, we need to create Resource Group.
Create a virtual machine with the az vm create command. The
The --public-ip-address-allocation=static option assigns a static public IP address to the virtual machine. The following example
creates an Ubuntu virtual machine with a static, basic SKU public IP address named myPublicIpAddress:

--name vmVm1
--image Win2016datacenter
--public-ip-address myPublicIpAddress
--public-ip-address-allocation static
If the public IP address must be a standard SKU, add --public-ip-sku Standard to the previous command. Learn more
about Public IP address SKUs. If the virtual machine will be added to the back-end pool of a public Azure Load Balancer, the SKU
of the virtual machine's public IP address must match the SKU of the load balancer's public IP address. For details, see Azure
Load Balancer.
C.To View the Public IP Address Assign to VM
View the public IP address assigned and confirm that it was created as a static, basic SKU address, with az network public-ip
show:
az network public-ip show [CLI Command]

--name myPublicIpAddress
--query [ipAddress,publicIpAllocationMethod,sku]
--output table
D.Clean up Resource
When no longer needed, you can use az group delete to remove the resource group and all of the resources it contains:
az group delete --name myResourceGroup --yes  [CLI Command]
[iii.3.4.(a)] Create a Virtual Machine with Static Private IP using Azure Portal
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a
range that you specify, based on the subnet they are connected to. That address is retained by the VMs and role instances,
until they are decommissioned. You decommission a VM or role instance by stopping it from PowerShell, the Azure CLI, or the
Azure portal. In those cases, once the VM or role instance starts again, it will receive an available IP address from the Azure
infrastructure, which might not be the same it previously had. If you shut down the VM or role instance from the guest
operating system, it retains the IP address it had.
In certain cases, you want a VM or role instance to have a static IP address, for example, if your VM is going to run DNS or will
be a domain controller. You can do so by setting a static private IP address.
Important: Before you work with Azure resources, it's important to understand that Azure currently has two deployment
models: Azure Resource Manager and classic. Make sure you understand deployment models and tools before you work with
any Azure resource. You can view the documentation for different tools by clicking the tabs at the top of this article.
This article covers the Resource Manager deployment model. You can also manage static private IP address in the
classic deployment model.
In this scenario you will create a VM named DNS01 in the FrontEnd subnet, and set it to use a static IP address
of 192.168.1.101.
A. Create a Virtual Machine with Static Private IP Address
You cannot set a static private IP address during the creation of a VM in the Resource Manager deployment mode by using the
Azure portal. You must create the VM first, then set its private IP to be static.
To create a VM named DNS01 in the FrontEnd subnet of a VNet named TestVNet, follow these steps:
1. From a browser, navigate to http://portal.azure.com and, if necessary, sign in with your Azure account.
2. Click Create a resource > Compute > Windows Server 2012 R2 Datacenter, notice that the Select a deployment
model list already shows Resource Manager, and then click Create, as seen in the following figure.
3. In the Basics pane, enter the name of the VM to create (DNS01 in the scenario), the local administrator account, and
password, as seen in the following figure.
4. Make sure the Location selected is Central US, then click Select existing under Resource group, then click Resource
group again, then click TestRG, and then click OK.
5. In the Choose a size pane, select A1 Standard, and then click Select.
6. In the Settings pane, be sure the properties are set with the following values, and then click OK.
-Storage account: vnetstorage
 Network: TestVNet
 Subnet: FrontEnd
7. In the Summary pane, click OK. Notice the following tile displayed in your dashboard.
It’s recommended that you do not statically assign the private IP assigned to the Azure virtual machine within the operating
system of a VM, unless necessary, such as when assigning multiple IP addresses to a Windows VM. If you do manually set the
private IP address within the operating system, ensure that it is the same address as the private IP address assigned to the
Azure network interface, or you can lose connectivity to the virtual machine. Learn more about private IP addresssettings. You
should never manually assign the public IP address assigned to an Azure virtual machine within the virtual machine's operating
system.
B. How to retrieve static private IP address information for a VM
To view the static private IP address information for the VM created with the steps above, execute the following steps.
1. From the Azure portal, click BROWSE ALL > Virtual machines > DNS01 > All settings > Network interfaces and then click
on the only network interface listed.
2. In the Network interface pane, click All settings > IP addresses and notice the Assignmentand IP
address values.
C.How to add a static private IP address to an existing VM
To add a static private IP address to the VM created using the steps above, follow these steps:
1. From the IP addresses pane shown above, click Static under Assignment.
2. Type 192.168.1.101 for IP address, and then click Save.
[Note: If after clicking Save, you notice that the assignment is still set to Dynamic, it means the IP address you typed is already
in use. Try a different IP address.]
system.
D.How to remove a static private IP address from a VM
To remove the static private IP address from the VM created above, complete the following step:
From the IP addresses pane shown above, click Dynamic under Assignment, and then click Save.
 Set IP addresses within the operating system
system.
[iii.3.4.(b)] Create a Virtual Machine with Static Private IP using Azure PowerShell
of 192.168.1.101.
The sample PowerShell commands below expect a simple environment already created based on the scenario above. If you
want to run the commands as they are displayed in this document, first build the test environment described in Create a virtual
network.
To create a VM named DNS01 in the FrontEnd subnet of a VNet named TestVNet with a static private IP of 192.168.1.101,
follow the steps below:
Before create Virtual Machine with Static IP Address, we need to declare some variable, create resource Group, create storage
account, create public IP [optional], create NIC for VM.
To create variable for Resource Group
$rgName = "customRG"
To create variable for Location
$locName = "Central US"
To create variable for Storage Account and SKU
$stName = "akmstorage2537"
$skuName = "Standard_LRS"
To create Resource Group
New-AzureRMResourceGroup -Name $rgName -Location $locName  [PowerShell Command]
To create variable for Storage Account and SKU
$storageAccount = New-AzureStorageAccount
-ResourceGroupName $rgName
-Name $stName
-Location $locName
-SkuName $skuName
To retrieve Context
$ctx = $storageAccount.Context
B.Retrieve the virtual network and subnet you want to create the VM in.
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName customRG -Name TestVNet

$subnet = $vnet.Subnets[0].Id
C.Create Public IP Address.
$pip = New-AzureRmPublicIpAddress -Name TestPIP -ResourceGroupName $rgName `

-Location $locName -AllocationMethod Dynamic
D.Create a NIC.
Create a NIC using the static private IP address you want to assign to the VM. Make sure the IP is from the subnet range you are
adding the VM to. This is the main step for this article, where you set the private IP to be static.
$nic = New-AzureRmNetworkInterface
-Name TestNIC
-ResourceGroupName $rgName `
-Location $locName -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id
-PrivateIpAddress 192.168.1.101
E.Create a VM with NIC.
$vm = New-AzureRmVMConfig -VMName DNS01 -VMSize "Standard_A1"  [PowerShell Command]
$vm = Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName DNS01 ` [PowerShell Command]
-Credential $cred -ProvisionVMAgent –EnableAutoUpdate 
$vm = Set-AzureRmVMSourceImage -VM $vm -PublisherName MicrosoftWindowsServer ` [PowerShell Command]

-Offer WindowsServer -Skus 2012-R2-Datacenter -Version "latest" 
$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id  [PowerShell Command]
$osDiskUri = $storageAcc.PrimaryEndpoints.Blob.ToString() + "vhds/WindowsVMosDisk.vhd"  [PowerShell Command]
$vm = Set-AzureRmVMOSDisk -VM $vm -Name "windowsvmosdisk" -VhdUri $osDiskUri ` [PowerShell Command]
-CreateOption fromImage 
New-AzureRmVM -ResourceGroupName $rgName -Location $locName -VM $vm  [PowerShell Command]
system.
F.Retrieve static private IP address information for a network interface
To view the static private IP address information for the VM created with the script above, run the following PowerShell
command and observe the values for PrivateIpAddress and PrivateIpAllocationMethod:
Get-AzureRmNetworkInterface -Name TestNIC -ResourceGroupName customRG  [PowerShell Command]
G.Remove a static private IP address from a network interface
To remove the static private IP address added to the VM in the script above, run the following PowerShell commands:
$nic=Get-AzureRmNetworkInterface -Name TestNIC -ResourceGroupName customRG

$nic.IpConfigurations[0].PrivateIpAllocationMethod = "Dynamic"
Set-AzureRmNetworkInterface -NetworkInterface $nic
H.Add a static private IP address to a network interface
To add a static private IP address to the VM created using the script above, run the following commands:
$nic=Get-AzureRmNetworkInterface -Name TestNIC -ResourceGroupName customRG

$nic.IpConfigurations[0].PrivateIpAllocationMethod = "Static"
$nic.IpConfigurations[0].PrivateIpAddress = "192.168.1.101"
system.
I.Change the allocation method for a private IP address assigned to a network interface
A private IP address is assigned to a NIC with the static or dynamic allocation method. Dynamic IP addresses can change after
starting a VM that was previously in the stopped (deallocated) state. This can potentially cause issues if the VM is hosting a
service that requires the same IP address, even after restarts from a stopped (deallocated) state. Static IP addresses are
retained until the VM is deleted. To change the allocation method of an IP address, run the following script, which changes the
allocation method from dynamic to static. If the allocation method for the current private IP address is static,
change Static to Dynamic before executing the script.
$RG = "customRG"
$NIC_name = "testnic1"
$nic = Get-AzureRmNetworkInterface -ResourceGroupName $RG -Name $NIC_name

$nic.IpConfigurations[0].PrivateIpAllocationMethod = 'Static'
$IP = $nic.IpConfigurations[0].PrivateIpAddress
Write-Host "The allocation method is now set to"$nic.IpConfigurations[0].PrivateIpAllocationMethod"for the IP address" $IP"."
–NoNewline
To View the NIC Details
If you don't know the name of the NIC, you can view a list of NICs within a resource group by entering the following command:
Get-AzureRmNetworkInterface -ResourceGroupName $RG | Where-Object {$_.ProvisioningState -eq 'Succeeded'}
J. To Clean up the resources from PowerShell

[iii.3.4.(c)] Create a Virtual Machine with Static Private IP using Azure CLI
-----------------------------------------------------------------------------------------------------------------------------------
[iv.3.4.(a)] Create a Virtual Machine with Static Private IP using Azure Portal - Classic Deployment Model
Your IaaS virtual machines (VMs) and PaaS role instances in a virtual network automatically receive a private IP address from a
range that you specify, based on the subnet they are connected to. That address is retained by the VMs and role instances,
until they are decommissioned. You decommission a VM or role instance by stopping it from PowerShell, the Azure CLI, or the
Azure portal. In those cases, once the VM or role instance starts again, it will receive an available IP address from the Azure
infrastructure, which might not be the same it previously had. If you shut down the VM or role instance from the guest
operating system, it retains the IP address it had.
In certain cases, you want a VM or role instance to have a static IP address, for example, if your VM is going to run DNS or will
be a domain controller. You can do so by setting a static private IP address.
Important: Before you work with Azure resources, it's important to understand that Azure currently has two deployment
models: Azure Resource Manager and classic. Make sure you understand deployment models and tools before you work with
any Azure resource. You can view the documentation for different tools by clicking the tabs at the top of this article.
This article covers the Resource Manager deployment model. You can also manage static private IP address in the
classic deployment model.
of 192.168.1.101.
You cannot set a static private IP address during the creation of a VM in the Resource Manager deployment mode by using the
Azure portal. You must create the VM first, then set its private IP to be static.
To create a VM named DNS01 in the FrontEnd subnet of a VNet named TestVNet, follow these steps:
8. From a browser, navigate to http://portal.azure.com and, if necessary, sign in with your Azure account.
9. Click Create a resource > Compute > Windows Server 2012 R2 Datacenter, notice that the Select a deployment
model list already shows Classic, and then click Create, as seen in the following figure.
10. In the Basics pane, enter the name of the VM to create (DNS01 in the scenario), the local administrator account, and
password, as seen in the following figure.
11. Make sure the Location selected is Central US, then click Select existing under Resource group, then click Resource
group again, then click customRG, and then click OK.
12. In the Choose a size pane, select D1_V2 Standard, and then click Select.
13. In the Settings pane, be sure the properties are set with the following values, and then click OK.
-Storage account: akmstorage2537 or Default
 Cloud Service: ajoym

 Network: TestVNet
 Subnet: FrontEnd 10.0.0.0/16
14. In the Summary pane, click OK. Notice the following tile displayed in your dashboard.
system.
B. How to retrieve static private IP address information for a VM
To view the static private IP address information for the VM created with the steps above, execute the following steps.
3. From the Azure portal, click BROWSE ALL > Virtual machines > DNS01 > All settings > Network interfaces and then click
on the only network interface listed.
4. In the Network interface pane, click All settings > IP addresses and notice the Assignmentand IP
address values.
C.How to add a static private IP address to an existing VM
To add a static private IP address to the VM created using the steps above, follow these steps:
3. From the IP addresses pane shown above, click Static under Assignment.
4. Type 10.0.0.11 for IP address, and then click Save.
[Note: If after clicking Save, you notice that the assignment is still set to Dynamic, it means the IP address you typed is already
in use. Try a different IP address.]
system.
D.How to remove a static private IP address from a VM
To remove the static private IP address from the VM created above, complete the following step:
From the IP addresses pane shown above, click Dynamic under Assignment, and then click Save.
 Set IP addresses within the operating system
system.
[iv.3.4.(b)] Create a Virtual Machine with Static Private IP using Azure PowerShell - Classic Deployment Model
---------------------------------------------------------------------------------------
[iv.3.4.(c)] Create a Virtual Machine with Static Private IP using Azure CLI - Classic Deployment Model
---------------------------------------------------------------------------------------
Azure Network Interface
A network interface enables an Azure Virtual Machine to communicate with internet, Azure, and on-premises resources. When
creating a virtual machine using the Azure portal, the portal creates one network interface with default settings for you. You
may instead choose to create network interfaces with custom settings and add one or more network interfaces to a virtual
machine when you create it. You may also want to change default network interface settings for an existing network interface.
This article explains how to create a network interface with custom settings, change existing settings, such as network filter
(network security group) assignment, subnet assignment, DNS server settings, and IP forwarding, and delete a network
interface.
[v.3.4.(a)] Create and Manage a Windows VM that has multiple NICs using Azure Portal
To Perform this task we need to create VM first.
Sign in to Azure
4. Choose to Create new resource group, then provide a name, such as customRG. Choose EatUs
B. Add a network interface to an existing VM

2. In the search box at the top of the portal, type the name of the VM to which you want to add the network interface, or
browse for the VM by selecting All services, and then Virtual machines. After you've found the VM, select it. The VM
must support the number of network interfaces you want to add. To find out how many network interfaces each VM size
supports, see Sizes for Linux virtual machines in Azure or Sizes for Windows virtual machines in Azure.
3. Select Overview, under SETTINGS. Select Stop, and then wait until the Status of the VM changes to Stopped
(deallocated).
4. Select Networking, under SETTINGS.
5. Select Attach network interface. From the list of network interfaces that aren't currently attached to another VM, select
the one you'd like to attach.
Note: The network interface you select cannot have accelerated networking enabled, cannot have an IPv6 address assigned to
it, and must exist in the same virtual network as the one that contains the network interface currently attached to the VM.
If you don't have an existing network interface, you must first create one. To do so, select Create network interface. To learn
more about how to create a network interface, see Create a network interface. To learn more about additional constraints
when adding network interfaces to virtual machines, see Constraints.
6. Select OK.
7. Select Overview, under SETTINGS, and then Start to start the virtual machine.
8. Configure the VM operating system to use multiple network interfaces properly. Learn how to
configure Linux or Windows for multiple network interfaces.
C.View network interfaces for a VM
You can view the network interfaces currently attached to a VM to learn about each network interface's configuration, and the
IP addresses assigned to each network interface.
1. Sign in to the Azure portal with an account that is assigned the Owner, Contributor, or Network Contributor role for your
subscription. To learn more about how to assign roles to accounts, see Built-in roles for Azure role-based access control.
2. In the box that contains the text Search resources at the top of the Azure portal, type virtual machines. When virtual
machines appears in the search results, select it.
3. Select the name of the VM for which you want to view network interfaces.
4. In the SETTINGS section for the VM you selected, select Networking. To learn about network interface settings and how
to change them, see Manage network interfaces. To learn about how to add, change, or remove IP addresses assigned
to a network interface, see Manage network interface IP addresses.
D.Remove a network interface from a VM

2. In the search box at the top of the portal, search for the name of the VM you want to remove (detach) the network
interface from, or browse for the VM by selecting All services, and then Virtual machines. After you've found the VM,
select it.
3. Select Overview, under SETTINGS, and then Stop. Wait until the Status of the VM changes to Stopped (deallocated).
4. Select Networking, under SETTINGS.
5. Select Detach network interface. From the list of network interfaces currently attached to the virtual machine, select the
network interface you'd like to detach.
Note: If only one network interface is listed, you cannot detach it, because a virtual machine must always
have at least one network interface attached to it.
6. Select OK.
E. Clean up resources
[v.3.4.(b)] Create and Manage a Windows VM that has multiple NICs using Azure PowerShell
Virtual machines (VMs) in Azure can have multiple virtual network interface cards (NICs) attached to them. A common scenario
is to have different subnets for front-end and back-end connectivity. You can associate multiple NICs on a VM to multiple
subnets, but those subnets must all reside in the same virtual network (vNet). This article details how to create a VM that has
multiple NICs attached to it. You also learn how to add or remove NICs from an existing VM. Different VM sizessupport a
varying number of NICs, so size your VM accordingly.
B.Create virtual network and subnets
A common scenario is for a virtual network to have two or more subnets. One subnet may be for front-end traffic, the other for
back-end traffic. To connect to both subnets, you then use multiple NICs on your VM.
Define two virtual network subnets with New-AzureRmVirtualNetworkSubnetConfig. The following example defines
the subnets for mySubnetFrontEnd and mySubnetBackEnd:
$mySubnetFrontEnd = New-AzureRmVirtualNetworkSubnetConfig -Name "mySubnetFrontEnd"

-AddressPrefix "192.168.1.0/24"
$mySubnetBackEnd = New-AzureRmVirtualNetworkSubnetConfig -Name "mySubnetBackEnd" `
-AddressPrefix "192.168.2.0/24"
Create your virtual network and subnets with New-AzureRmVirtualNetwork. The following example creates a virtual
network named myVnet:
$myVnet = New-AzureRmVirtualNetwork -ResourceGroupName "customRG" `

-Location "EastUs" `
-Name "myVnet" `
-AddressPrefix "192.168.0.0/16" `
-Subnet $mySubnetFrontEnd,$mySubnetBackEnd
C.Create multiple NICs
Create two NICs with New-AzureRmNetworkInterface. Attach one NIC to the front-end subnet and one NIC to the back-end
subnet. The following example creates NICs named myNic1 and myNic2:
$frontEnd = $myVnet.Subnets|?{$_.Name -eq 'mySubnetFrontEnd'}

$myNic1 = New-AzureRmNetworkInterface -ResourceGroupName "myResourceGroup"
-Name "myNic1"
-Location "EastUs"
-SubnetId $frontEnd.Id
$backEnd = $myVnet.Subnets|?{$_.Name -eq 'mySubnetBackEnd'}

$myNic2 = New-AzureRmNetworkInterface -ResourceGroupName "myResourceGroup"
-Name "myNic2"
-Location "EastUs"
-SubnetId $backEnd.Id
Typically you also create a network security group to filter network traffic to the VM and a load balancer to distribute traffic
across multiple VMs.
D.Create the virtual machine
Now start to build your VM configuration. Each VM size has a limit for the total number of NICs that you can add to a VM. For
more information, see Windows VM sizes.
Set your VM credentials to the $cred variable as follows:
$cred = Get-Credential
Define your VM with New-AzureRmVMConfig. The following example defines a VM named myVM and uses a VM size
that supports more than two NICs (Standard_DS3_v2):
$vmConfig = New-AzureRmVMConfig -VMName "myVM" -VMSize "Standard_DS3_v2"
Create the rest of your VM configuration with Set-AzureRmVMOperatingSystem and Set-AzureRmVMSourceImage.

The following example creates a Windows Server 2016 VM:
$vmConfig = Set-AzureRmVMOperatingSystem -VM $vmConfig `

-Windows
-ComputerName "myVM"
-Credential $cred
-ProvisionVMAgent
-EnableAutoUpdate
$vmConfig = Set-AzureRmVMSourceImage -VM $vmConfig

-PublisherName "MicrosoftWindowsServer"
-Offer "WindowsServer"
-Skus "2016-Datacenter"
-Version "latest"
Attach the two NICs that you previously created with Add-AzureRmVMNetworkInterface:
$vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $myNic1.Id -Primary

$vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $myNic2.Id
Create your VM with New-AzureRmVM:
New-AzureRmVM -VM $vmConfig -ResourceGroupName "customRG" -Location "EastUs"
E.Add a NIC to an existing VM
To add a virtual NIC to an existing VM, you deallocate the VM, add the virtual NIC, then start the VM. Different VM
sizes support a varying number of NICs, so size your VM accordingly. If needed, you can resize a VM.
Deallocate the VM with Stop-AzureRmVM. The following example deallocates the VM

named myVM in myResourceGroup:
Stop-AzureRmVM -Name "myVM" -ResourceGroupName "customRG"
Get the existing configuration of the VM with Get-AzureRmVm. The following example gets information for the VM
$vm = Get-AzureRmVm -Name "myVM" -ResourceGroupName "customRG"
The following example creates a virtual NIC with New-AzureRmNetworkInterface named myNic3 that is attached
to mySubnetBackEnd. The virtual NIC is then attached to the VM named myVM in myResourceGroup with Add-
AzureRmVMNetworkInterface:
# Get info for the back end subnet

$myVnet = Get-AzureRmVirtualNetwork -Name "myVnet" -ResourceGroupName "customRG"
$backEnd = $myVnet.Subnets|?{$_.Name -eq 'mySubnetBackEnd'}
# Create a virtual NIC

$myNic3 = New-AzureRmNetworkInterface -ResourceGroupName "customRG"
-Name "myNic3"
-Location "EastUs"
-SubnetId $backEnd.Id
# Get the ID of the new virtual NIC and add to VM

$nicId = (Get-AzureRmNetworkInterface -ResourceGroupName "customRG"-Name "MyNic3").Id
Add-AzureRmVMNetworkInterface -VM $vm -Id $nicId | Update-AzureRmVm -ResourceGroupName "customRG"
F.Primary virtual NICs
One of the NICs on a multi-NIC VM needs to be primary. If one of the existing virtual NICs on the VM is already set as
primary, you can skip this step. The following example assumes that two virtual NICs are now present on a VM and you
wish to add the first NIC ([0]) as the primary:
# List existing NICs on the VM and find which one is primary

$vm.NetworkProfile.NetworkInterfaces
# Set NIC 0 to be primary

$vm.NetworkProfile.NetworkInterfaces[0].Primary = $true
$vm.NetworkProfile.NetworkInterfaces[1].Primary = $false
# Update the VM state in Azure

Update-AzureRmVM -VM $vm -ResourceGroupName "customRG"
Start the VM with Start-AzureRmVm:
Start-AzureRmVM -ResourceGroupName "customRG" -Name "myVM"
G.Add routes for secondary NICs to the OS by completing the steps in [Configure the operating system for multiple NICs.]
Configure guest OS for multiple NICs
Azure assigns a default gateway to the first (primary) network interface attached to the virtual machine. Azure does not assign
a default gateway to additional (secondary) network interfaces attached to a virtual machine. Therefore, you are unable to
communicate with resources outside the subnet that a secondary network interface is in, by default. Secondary network
interfaces can, however, communicate with resources outside their subnet, though the steps to enable communication are
different for different operating systems.
From a Windows command prompt, run the route print command, which returns output similar to the following
output for a virtual machine with two attached network interfaces:
===========================================================================
Interface List
3...00 0d 3a 10 92 ce ......Microsoft Hyper-V Network Adapter #3
7...00 0d 3a 10 9b 2a ......Microsoft Hyper-V Network Adapter #4
===========================================================================
In this example, Microsoft Hyper-V Network Adapter #4 (interface 7) is the secondary network interface that doesn't have a
default gateway assigned to it.
From a command prompt, run the ipconfig command to see which IP address is assigned to the secondary network
interface. In this example, 192.168.2.4 is assigned to interface 7. No default gateway address is returned for the
secondary network interface.
To route all traffic destined for addresses outside the subnet of the secondary network interface to the gateway for
the subnet, run the following command:
route add -p 0.0.0.0 MASK 0.0.0.0 192.168.2.1 METRIC 5015 IF 7
The gateway address for the subnet is the first IP address (ending in .1) in the address range defined for the subnet. If you don't
want to route all traffic outside the subnet, you could add individual routes to specific destinations, instead. For example, if you
only wanted to route traffic from the secondary network interface to the 192.168.3.0 network, you enter the command:
route add -p 192.168.3.0 MASK 255.255.255.0 192.168.2.1 METRIC 5015 IF 7
To confirm successful communication with a resource on the 192.168.3.0 network, for example, enter the following
command to ping 192.168.3.4 using interface 7 (192.168.2.4):
ping 192.168.3.4 -S 192.168.2.4
You may need to open ICMP through the Windows firewall of the device you're pinging with the following command:
netsh advfirewall firewall add rule name=Allow-ping protocol=icmpv4 dir=in action=allow
To confirm the added route is in the route table, enter the route print command, which returns output similar to the
following text:
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 15
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4 5015
The route listed with 192.168.1.1 under Gateway, is the route that is there by default for the primary network interface. The
route with 192.168.2.1 under Gateway, is the route you added.
H.Remove a NIC from an existing VM
To remove a virtual NIC from an existing VM, you deallocate the VM, remove the virtual NIC, then start the VM.
Deallocate the VM with Stop-AzureRmVM. The following example deallocates the VM

Stop-AzureRmVM -Name "myVM" -ResourceGroupName "customRG"
Get the existing configuration of the VM with Get-AzureRmVm. The following example gets information for the VM
$vm = Get-AzureRmVm -Name "myVM" -ResourceGroupName "customRG"
Get information about the NIC remove with Get-AzureRmNetworkInterface. The following example gets information
about myNic3:
# List existing NICs on the VM if you need to determine NIC name

$vm.NetworkProfile.NetworkInterfaces
$nicId = (Get-AzureRmNetworkInterface -ResourceGroupName " customRG" -Name "myNic3").Id
Remove the NIC with Remove-AzureRmVMNetworkInterface and then update the VM with Update-AzureRmVm. The
following example removes myNic3 as obtained by $nicId in the preceding step:
Remove-AzureRmVMNetworkInterface -VM $vm -NetworkInterfaceIDs $nicId |

Update-AzureRmVm -ResourceGroupName "customRG"
Start the VM with Start-AzureRmVm:
Start-AzureRmVM -Name "myVM" -ResourceGroupName "customRG"

I. To Clean up the resources from PowerShell
Remove-AzureRMResourceGroup -Name “customRG “  [PowerShell Command]
[v.3.4.(c)] Create and Manage a Windows VM that has multiple NICs using Azure CLI

[vi.3.4.(a)] Create and Manage a Linux VM that has multiple NICs using Azure CLI

A.Create supporting resources
In the following examples, replace example parameter names with your own values. Example parameter names
included myResourceGroup, mystorageaccount, and myVM.
First, create a resource group with az group create. The following example creates a resource group
named myResourceGroup in the eastus location:
az group create --name customRG --location eastus
Create the virtual network with az network vnet create. The following example creates a virtual network named myVnet and
subnet named mySubnetFrontEnd:
az network vnet create \

--name myVnet \
--address-prefix 10.0.0.0/16 \
--subnet-name mySubnetFrontEnd \
--subnet-prefix 10.0.1.0/24
Create a subnet for the back-end traffic with az network vnet subnet create. The following example creates a subnet
named mySubnetBackEnd:
az network vnet subnet create \

--vnet-name myVnet \
--name mySubnetBackEnd \
--address-prefix 10.0.2.0/24
B.Create and configure multiple NICs
Create two NICs with az network nic create. The following example creates two NICs, named myNic1and myNic2, connected
the network security group, with one NIC connecting to each subnet:
az network nic create \

--name myNic1 \
--subnet mySubnetFrontEnd \
--network-security-group myNetworkSecurityGroup

--name myNic2 \
--subnet mySubnetBackEnd \
C.Create a VM and attach the NICs
When you create the VM, specify the NICs you created with --nics. You also need to take care when you select the VM size.
There are limits for the total number of NICs that you can add to a VM. Read more about Linux VM sizes.
Create a VM with az vm create. The following example creates a VM named myVM:
az vm create \
--name myVM \
--image UbuntuLTS \
--size Standard_DS3_v2 \
--admin-username azureuser \
--generate-ssh-keys \
--nics myNic1 myNic2
D.Add routing tables to the guest OS by completing the steps in [Configure the guest OS for multiple NICs](#configure-guest-
os-for- multiple-nics).
Configure guest OS for multiple NICs
The previous steps created a virtual network and subnet, attached NICs, then created a VM. A public IP address and network
security group rules that allow SSH traffic were not created. To configure the guest OS for multiple NICs, you need to allow
remote connections and run commands locally on the VM.
To allow SSH traffic, create a network security group rule with az network nsg rule create as follows:
az network nsg rule create \

--nsg-name myNetworkSecurityGroup \
--name allow_ssh \
--priority 101 \
--destination-port-ranges 22
Create a public IP address with az network public-ip create and assign it to the first NIC with az network nic ip-config
update:
az network public-ip create --resource-group myResourceGroup --name myPublicIP
az network nic ip-config update \

--nic-name myNic1 \
--name ipconfig1 \
--public-ip myPublicIP
To view the public IP address of the VM, use az vm show as follows:
az vm show --resource-group myResourceGroup --name myVM -d --query publicIps -o tsv
Now SSH to the public IP address of your VM. The default username provided in a previous step was azureuser. Provide your
own username and public IP address:
ssh azureuser@137.117.58.232
To send to or from a secondary network interface, you have to manually add persistent routes to the operating system for each
secondary network interface. In this article, eth1 is the secondary interface. Instructions for adding persistent routes to the
operating system vary by distro. See documentation for your distro for instructions.
When adding the route to the operating system, the gateway address is .1 for whichever subnet the network interface is in. For
example, if the network interface is assigned the address 10.0.2.4, the gateway you specify for the route is 10.0.2.1. You can
define a specific network for the route's destination, or specify a destination of 0.0.0.0, if you want all traffic for the interface to
go through the specified gateway. The gateway for each subnet is managed by the virtual network.
Once you've added the route for a secondary interface, verify that the route is in your route table with route -n. The following
example output is for the route table that has the two network interfaces added to the VM in this article:
Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.1.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 10.0.2.1 0.0.0.0 UG 0 0 0 eth1
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
168.63.129.16 10.0.1.1 255.255.255.255 UGH 0 0 0 eth0
169.254.169.254 10.0.1.1 255.255.255.255 UGH 0 0 0 eth0
Confirm that the route you added persists across reboots by checking your route table again after a reboot. To test
connectivity, you can enter the following command, for example, where eth1 is the name of a secondary network
interface:
ping bing.com -c 4 -I eth1
E.Add a NIC to a VM
The previous steps created a VM with multiple NICs. You can also add NICs to an existing VM with the Azure CLI. Different VM
sizes support a varying number of NICs, so size your VM accordingly. If needed, you can resize a VM.
Create another NIC with az network nic create. The following example creates a NIC named myNic3connected to the
back-end subnet and network security group created in the previous steps:
--name myNic3 \
--subnet mySubnetBackEnd \
To add a NIC to an existing VM, first deallocate the VM with az vm deallocate. The following example deallocates the
VM named myVM:
az vm deallocate --resource-group myResourceGroup --name myVM
Add the NIC with az vm nic add. The following example adds myNic3 to myVM:
az vm nic add \
--vm-name myVM \
--nics myNic3
Start the VM with az vm start:
az vm start --resource-group myResourceGroup --name myVM
F.Add routing tables to the guest OS by completing the steps in [Configure the guest OS for multiple NICs](#configure-guest-
os-for- multiple-nics].
If require to add routing tables to the guest OS follow the steps above D.
G.Remove a NIC from a VM
To remove a NIC from an existing VM, first deallocate the VM with az vm deallocate. The following example deallocates the VM
named myVM:
az vm deallocate --resource-group myResourceGroup --name myVM
Remove the NIC with az vm nic remove. The following example removes myNic3 from myVM:
az vm nic remove \
--vm-name myVM \
--nics myNic3
Start the VM with az vm start:
az vm start --resource-group myResourceGroup --name myVM
H. To Clean up the resources from Azure CLI
az group delete --name customRG [CLI Command]
[vii.3.4.(a)] Assign Multiple IP Address to Virtual Machine using Azure Portal

An Azure Virtual Machine (VM) has one or more network interfaces (NIC) attached to it. Any NIC can have one or more static or
dynamic public and private IP addresses assigned to it. Assigning multiple IP addresses to a VM enables the following
capabilities:
 Hosting multiple websites or services with different IP addresses and SSL certificates on a single server.
 Serve as a network virtual appliance, such as a firewall or load balancer.
 The ability to add any of the private IP addresses for any of the NICs to an Azure Load Balancer back-end pool. In the
past, only the primary IP address for the primary NIC could be added to a back-end pool. To learn more about how to
load balance multiple IP configurations, read the Load balancing multiple IP configurations article.
Every NIC attached to a VM has one or more IP configurations associated to it. Each configuration is assigned one static or
dynamic private IP address. Each configuration may also have one public IP address resource associated to it. A public IP
address resource has either a dynamic or static public IP address assigned to it. To learn more about IP addresses in Azure, read
the IP addresses in Azure article.
There is a limit to how many private IP addresses can be assigned to a NIC. There is also a limit to how many public IP addresses
that can be used in an Azure subscription. See the Azure limitsarticle for details.
This article explains how to create a virtual machine (VM) through the Azure Resource Manager deployment model using the
Azure portal. Multiple IP addresses cannot be assigned to resources created through the classic deployment model.
Scenario
A VM with a single NIC is created and connected to a virtual network. The VM requires three different private IP addresses and
two public IP addresses. The IP addresses are assigned to the following IP configurations:
 IPConfig-1: Assigns a static private IP address and a static public IP address.

 IPConfig-2: Assigns a static private IP address and a static public IP address.
 IPConfig-3: Assigns a static private IP address and no public IP address.
The IP configurations are associated to the NIC when the NIC is created and the NIC is attached to the VM when the VM is
created. The types of IP addresses used for the scenario are for illustration. You can assign whatever IP address and assignment
types you require.
Sign in to Azure

4. Choose to Create new resource group, then provide a name, such as customRG. Choose EastUs
B.Add IP addresses to a VM
You can add private and public IP addresses to an Azure network interface by completing the steps that follow. The examples in
the following sections assume that you already have a VM with the three IP configurations described in the scenario, but it's
not required.
Core steps
1. Browse to the Azure portal at https://portal.azure.com and sign into it, if necessary.
2. In the portal, click More services > type virtual machines in the filter box, and then click Virtual machines.
3. In the Virtual machines pane, click the VM you want to add IP addresses to. Click Network interfaces in the virtual
machine pane that appears, and then select the network interface you want to add the IP addresses to.
4. In the pane that appears for the NIC you selected, click IP configurations.
5. Click Add. In the Add IP configuration pane that appears, create an IP configuration named IPConfig-4 with 10.0.0.7 as
a Static private IP address, then click OK.
6. Once you click OK, the pane closes and you see the new IP configuration listed. Click OK to close the Add IP
configuration pane.
7. You can click Add to add additional IP configurations, or close all open blades to finish adding IP addresses.
8. Add the private IP addresses to the VM operating system by completing the steps in the Add IP addresses to a VM
operating system section of this article. (Later Step)
Note: When adding a static IP address, you must specify an unused, valid address on the subnet the NIC is connected to. If the
address you select is not available, the portal displays an X for the IP address and you must select a different one.
Create a public IP address resource
A public IP address is one setting for a public IP address resource. If you have a public IP address resource that is not currently
associated to an IP configuration that you want to associate to an IP configuration, skip the following steps and complete the
steps in one of the sections that follow, as you require. If you don't have an available public IP address resource, complete the
following steps to create one:
1. Browse to the Azure portal at https://portal.azure.com and sign into it, if necessary.
2. In the portal, click Create a resource > Networking > Public IP address.
3. In the Create public IP address pane that appears, enter a Name, select an IP address assignment type, a Subscription,
a Resource group, and a Location, then click Create.
4. Complete the steps in one of the sections that follow to associate the public IP address resource to an IP configuration.
Associate the public IP address resource to a new IP configuration
1. Complete the steps in the Core steps [1-4]

2. Click Add. In the Add IP configuration pane that appears, select IPConfig-4. Enable the Public IP address and select an
existing, available public IP address resource from the Choose public IP address pane that appears.
Once you've selected the public IP address resource, click OK and the pane closes. If you don't have an existing public IP
address, you can create one by completing the steps in the Create a public IP address resource section of this article.
3. Review the new IP configuration. Even though a private IP address wasn't explicitly assigned, one was automatically
assigned to the IP configuration, because all IP configurations must have a private IP address.
4. You can click Add to add additional IP configurations, or close all open blades to finish adding IP addresses.
5. Add the private IP address to the VM operating system by completing the steps for your operating system in the Add IP
addresses to a VM operating system section of this article. Do not add the public IP address to the operating system.
Associate the public IP address resource to an existing IP configuration
1. Complete the steps in the Core steps section of this article.

2. Click the IP configuration you want to add the public IP address resource to.
3. In the IPConfig pane that appears, click IP address.
4. In the Choose public IP address pane that appears, select a public IP address.
5. Click Save and the panes close. If you don't have an existing public IP address, you can create one by completing the
steps in the Create a public IP address resource section of this article.
6. Review the new IP configuration.
7. You can click Add to add additional IP configurations, or close all open blades to finish adding IP addresses. Do not add
the public IP address to the operating system.
C.Add IP addresses to a VM operating system
Connect and sign in to a VM you created with multiple private IP addresses. You must manually add all the private IP addresses
(including the primary) that you added to the VM. Complete the steps that following for your VM operating system.
Windows
1. From a command prompt, type ipconfig /all. You only see the Primary private IP address (through DHCP).
2. Type ncpa.cpl in the command prompt to open the Network connections window.
3. Open the properties for the appropriate adapter: Local Area Connection.
4. Double-click Internet Protocol version 4 (IPv4).
5. Select Use the following IP address and enter the following values:
 IP address: Enter the Primary private IP address
 Subnet mask: Set based on your subnet. For example, if the subnet is a /24 subnet then the subnet mask is
255.255.255.0.
 Default gateway: The first IP address in the subnet. If your subnet is 10.0.0.0/24, then the gateway IP address is
10.0.0.1.
 Select Use the following DNS server addresses and enter the following values:
o Preferred DNS server: If you are not using your own DNS server, enter 168.63.129.16. If you are using your own
DNS server, enter the IP address for your server.
 Select the Advanced button and add additional IP addresses. Add each of the secondary private IP addresses, that
you added to the Azure network interface in a previous step, to the Windows network interface that is assigned
the primary IP address assigned to the Azure network interface.
You should never manually assign the public IP address assigned to an Azure virtual machine within the virtual
machine's operating system. When you manually set the IP address within the operating system, ensure that it is
the same address as the private IP address assigned to the Azure network interface, or you can lose connectivity to
the virtual machine. Learn more about private IP address settings. You should never assign an Azure public IP
address within the operating system.
 Click OK to close out the TCP/IP settings and then OK again to close the adapter settings. Your RDP connection is
re-established.
From a command prompt, type ipconfig /all. All IP addresses you added are shown and DHCP is turned off.
Configure Windows to use the private IP address of the primary IP configuration in Azure as the primary IP address for
Windows. See No Internet access from Azure Windows VM that has multiple IP addresses for details.
Validation (Windows)
To ensure you are able to connect to the internet from your secondary IP configuration via the public IP associated it, once you
have added it correctly using steps above, use the following command:
ping -S 10.0.0.5 hotmail.com
Note: For secondary IP configurations, you can only ping to the Internet if the configuration has a public IP address associated
with it. For primary IP configurations, a public IP address is not required to ping to the Internet.
Linux (Ubuntu)
1. Open a terminal window.

2. Make sure you are the root user. If you are not, enter the following command:
sudo -i
3. Update the configuration file of the network interface (assuming ‘eth0’).

 Keep the existing line item for dhcp. The primary IP address remains configured as it was previously.
 Add a configuration for an additional static IP address with the following commands:
cd /etc/network/interfaces.d/
ls
You should see a .cfg file.
Open the file. You should see the following lines at the end of the file:
auto eth0
iface eth0 inet dhcp
Add the following lines after the lines that exist in this file:
iface eth0 inet static

address <your private IP address here>
netmask <your subnet mask>
Save the file by using the following command:
:wq
Reset the network interface with the following command:
sudo ifdown eth0 && sudo ifup eth0
Important
Run both ifdown and ifup in the same line if using a remote connection.
Verify the IP address is added to the network interface with the following command:
ip addr list eth0
You should see the IP address you added as part of the list.
Linux (Red Hat, CentOS, and others)

sudo -i
3. Enter your password and follow instructions as prompted. Once you are the root user, navigate to the network scripts
folder with the following command:
cd /etc/sysconfig/network-scripts
4. List the related ifcfg files using the following command:
ls ifcfg-*
You should see ifcfg-eth0 as one of the files.
5. To add an IP address, create a configuration file for it as shown below. Note that one file must be created for each IP
configuration.
touch ifcfg-eth0:0
6. Open the ifcfg-eth0:0 file with the following command:
vi ifcfg-eth0:0
7. Add content to the file, eth0:0 in this case, with the following command. Be sure to update information based on your IP
address.
DEVICE=eth0:0
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.101.101
NETMASK=255.255.255.0
8. Save the file with the following command:
:wq
9. Restart the network services and make sure the changes are successful by running the following commands:
/etc/init.d/network restart
ifconfig
You should see the IP address you added, eth0:0, in the list returned.
Validation (Linux)
To ensure you are able to connect to the internet from your secondary IP configuration via the public IP associated it, use the
following command:
bashCopy
ping -I 10.0.0.5 hotmail.com
[vii.3.4.(b)] Assign Multiple IP Address to Virtual Machines using Azure PowerShell
A.Create a VM with multiple IP addresses
A.To Create Resource Group
$RgName = "customRG"
$Location = "WestUs"
Create a virtual network (VNet) and subnet in the same location as the resource group:
# Create a subnet configuration
$SubnetConfig = New-AzureRmVirtualNetworkSubnetConfig
-Name MySubnet
# Create a virtual network
$VNet = New-AzureRmVirtualNetwork
-ResourceGroupName $RgName
-Location $Location
-Name MyVNet
-Subnet $subnetConfig
# Get the subnet object
$Subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name $SubnetConfig.Name -VirtualNetwork $VNet
Create a network security group (NSG) and a rule. The NSG secures the VM using inbound and outbound rules. In this
case, an inbound rule is created for port 3389, which allows incoming remote desktop connections.
# Create an inbound network security group rule for port 3389
$NSGRule = New-AzureRmNetworkSecurityRuleConfig `
-Name MyNsgRuleRDP `
-Protocol Tcp `
-Direction Inbound `
-Priority 1000 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 3389 -Access Allow
# Create a network security group
$NSG = New-AzureRmNetworkSecurityGroup `
-ResourceGroupName $RgName `
-Location $Location `
-Name MyNetworkSecurityGroup `
-SecurityRules $NSGRule
Define the primary IP configuration for the NIC. Change 10.0.0.4 to a valid address in the subnet you created, if you
didn't use the value defined previously. Before assigning a static IP address, it's recommended that you first confirm
it's not already in use. Enter the command Test-AzureRmPrivateIPAddressAvailability -IPAddress 10.0.0.4 -
VirtualNetwork $VNet. If the address is available, the output returns True. If it's not available, the output
returns False and a list of addresses that are available.
In the following commands, Replace with the unique DNS name to use. The name must be unique across all public IP
addresses within an Azure region. This is an optional parameter. It can be removed if you only want to connect to the VM using
the public IP address.
# Create a public IP address
$PublicIP1 = New-AzureRmPublicIpAddress `
-Name "MyPublicIP1" `
-DomainNameLabel <replace-with-your-unique-name> `
-AllocationMethod Static
#Create an IP configuration with a static private IP address and assign the public IP address to it
$IpConfigName1 = "IPConfig-1"
$IpConfig1 = New-AzureRmNetworkInterfaceIpConfig `
-Name $IpConfigName1 `
-Subnet $Subnet `
-PrivateIpAddress 10.0.0.4 `
-PublicIpAddress $PublicIP1 `
-Primary
When you assign multiple IP configurations to a NIC, one configuration must be assigned as the -Primary.
Note: Public IP addresses have a nominal fee. To learn more about IP address pricing, read the IP address pricing page. There
is a limit to the number of public IP addresses that can be used in a subscription. To learn more about the limits, read the Azure
limits article.
Define the secondary IP configurations for the NIC. You can add or remove configurations as necessary. Each IP
configuration must have a private IP address assigned. Each configuration can optionally have one public IP address
assigned.
# Create a public IP address

$PublicIP2 = New-AzureRmPublicIpAddress `
-Name "MyPublicIP2" `
#Create an IP configuration with a static private IP address and assign the public IP address to it
$IpConfigName2 = "IPConfig-2"
-Name $IpConfigName2 `
-Subnet $Subnet `
-PublicIpAddress $PublicIP2
$IpConfigName3 = "IpConfig-3"
-Name $IPConfigName3 `
-Subnet $Subnet `
-PrivateIpAddress 10.0.0.6
Create the NIC and associate the three IP configurations to it:
$NIC = New-AzureRmNetworkInterface `
-Name MyNIC `
-NetworkSecurityGroupId $NSG.Id `
-IpConfiguration $IpConfig1,$IpConfig2,$IpConfig3
Note: Though all configurations are assigned to one NIC in this article, you can assign multiple IP configurations to every NIC
attached to the VM. To learn how to create a VM with multiple NICs, read the Create a VM with multiple NICs article.
Create the VM by entering the following commands:
# Define a credential object. When you run these commands, you're prompted to enter a sername and password for the VM
you're reating.
$cred = Get-Credential
# Create a virtual machine configuration

$VmConfig = New-AzureRmVMConfig `
-VMName MyVM `
-VMSize Standard_DS1_v2 | `
Set-AzureRmVMOperatingSystem -Windows `
-ComputerName MyVM `
-Credential $cred | `
Set-AzureRmVMSourceImage `
-PublisherName MicrosoftWindowsServer `
-Offer WindowsServer `
-Skus 2016-Datacenter `
-Version latest | `
Add-AzureRmVMNetworkInterface `
-Id $NIC.Id
# Create the VM
New-AzureRmVM `
-VM $VmConfig
Add the private IP addresses to the VM operating system by completing the steps for your operating system in the Add
IP addresses to a VM operating system section of this article. Do not add the public IP addresses to the operating
system. [Will do Later Step]
B.Add IP addresses to a VM
You can add private and public IP addresses to the Azure network interface by completing the steps that follow. The examples
in the following sections assume that you already have a VM with the three IP configurations described in the scenario in this
article, but it's not required that you do.
Change the "values" of the following $Variables to the name of the NIC you want to add IP address to and the resource
group and location the NIC exists in:
$NicName = "MyNIC"
$RgName = "MyResourceGroup"
$Location = "westus"
If you don't know the name of the NIC you want to change, enter the following commands, then change the values of
the previous variables:
Get-AzureRmNetworkInterface | Format-Table Name, ResourceGroupName, Location
Create a variable and set it to the existing NIC by typing the following command:
$MyNIC = Get-AzureRmNetworkInterface -Name $NicName -ResourceGroupName $RgName
In the following commands, change MyVNet and MySubnet to the names of the VNet and subnet the NIC is connected
to. Enter the commands to retrieve the VNet and subnet objects the NIC is connected to:
$MyVNet = Get-AzureRMVirtualnetwork -Name MyVNet -ResourceGroupName $RgName

$Subnet = $MyVnet.Subnets | Where-Object { $_.Name -eq "MySubnet" }
If you don't know the VNet or subnet name the NIC is connected to, enter the following command:
$MyNIC.IpConfigurations
In the output, look for text similar to the following example output:
"Id":
"/subscriptions/[Id]/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVNet/subnets/MySu
bnet"
In this output, MyVnet is the VNet and MySubnet is the subnet the NIC is connected to.
Complete the steps in one of the following sections, based on your requirements:
C.Add a private IP address
A public IP address is added by associating a public IP address resource to either a new IP configuration or an existing IP
configuration. Complete the steps in one of the sections that follow, as you require.
Note: Public IP addresses have a nominal fee. To learn more about IP address pricing, read the IP address pricing page. There is
a limit to the number of public IP addresses that can be used in a subscription. To learn more about the limits, read the Azure
limits article.
Associate the public IP address resource to a new IP configuration
Whenever you add a public IP address in a new IP configuration, you must also add a private IP address, because all IP
configurations must have a private IP address. You can either add an existing public IP address resource, or create a new one.
To create a new one, enter the following command:
$myPublicIp3 = New-AzureRmPublicIpAddress
-Name "myPublicIp3"
-Location $Location
To create a new IP configuration with a static private IP address and the associated myPublicIp3 public IP address
resource, enter the following command:
Add-AzureRmNetworkInterfaceIpConfig `
-Name IPConfig-4 `
-NetworkInterface $myNIC `
-Subnet $Subnet `
-PublicIpAddress $myPublicIp3
Associate the public IP address resource to an existing IP configuration
A public IP address resource can only be associated to an IP configuration that doesn't already have one associated. You can
determine whether an IP configuration has an associated public IP address by entering the following command:
$MyNIC.IpConfigurations | Format-Table Name, PrivateIPAddress, PublicIPAddress, Primary
You see output similar to the following:
Name PrivateIpAddress PublicIpAddress Primary
IPConfig-1 10.0.0.4 Microsoft.Azure.Commands.Network.Models.PSPublicIpAddress True

IPConfig-2 10.0.0.5 Microsoft.Azure.Commands.Network.Models.PSPublicIpAddress False
IpConfig-3 10.0.0.6 False
Since the PublicIpAddress column for IpConfig-3 is blank, no public IP address resource is currently associated to it.
You can add an existing public IP address resource to IpConfig-3, or enter the following command to create one:
$MyPublicIp3 = New-AzureRmPublicIpAddress
-Name "MyPublicIp3"
-Location $Location -AllocationMethod Static
Enter the following command to associate the public IP address resource to the existing IP configuration
named IpConfig-3:
Set-AzureRmNetworkInterfaceIpConfig `
-Name IpConfig-3 `
-NetworkInterface $mynic `
-Subnet $Subnet `
-PublicIpAddress $myPublicIp3
Set the NIC with the new IP configuration by entering the following command:
Set-AzureRmNetworkInterface -NetworkInterface $MyNIC
View the private IP addresses and the public IP address resources assigned to the NIC by entering the following
command:
$MyNIC.IpConfigurations | Format-Table Name, PrivateIPAddress, PublicIPAddress, Primary
Add the private IP address to the VM operating system by completing the steps for your operating system in the Add IP
addresses to a VM operating system section of this article. Do not add the public IP address to the operating system.
D.Add IP addresses to a VM operating system
Connect and sign in to a VM you created with multiple private IP addresses. You must manually add all the
private IP addresses (including the primary) that you added to the VM. Complete the steps that following
for your VM operating system.
Windows
1. From a command prompt, type ipconfig /all. You only see the Primary private IP address (through DHCP).
2. Type ncpa.cpl in the command prompt to open the Network connections window.
3. Open the properties for the appropriate adapter: Local Area Connection.
4. Double-click Internet Protocol version 4 (IPv4).
5. Select Use the following IP address and enter the following values:
 IP address: Enter the Primary private IP address
 Subnet mask: Set based on your subnet. For example, if the subnet is a /24 subnet then the subnet mask is
255.255.255.0.
 Default gateway: The first IP address in the subnet. If your subnet is 10.0.0.0/24, then the gateway IP address is
10.0.0.1.
 Select Use the following DNS server addresses and enter the following values:
o Preferred DNS server: If you are not using your own DNS server, enter 168.63.129.16. If you are using your own
DNS server, enter the IP address for your server.
 Select the Advanced button and add additional IP addresses. Add each of the secondary private IP addresses, that
you added to the Azure network interface in a previous step, to the Windows network interface that is assigned
the primary IP address assigned to the Azure network interface.
You should never manually assign the public IP address assigned to an Azure virtual machine within the virtual
machine's operating system. When you manually set the IP address within the operating system, ensure that it is
the same address as the private IP address assigned to the Azure network interface, or you can lose connectivity to
the virtual machine. Learn more about private IP address settings. You should never assign an Azure public IP
address within the operating system.
 Click OK to close out the TCP/IP settings and then OK again to close the adapter settings. Your RDP connection is
re-established.
From a command prompt, type ipconfig /all. All IP addresses you added are shown and DHCP is turned off.
Configure Windows to use the private IP address of the primary IP configuration in Azure as the primary IP address for
Windows. See No Internet access from Azure Windows VM that has multiple IP addresses for details.
Validation (Windows)
To ensure you are able to connect to the internet from your secondary IP configuration via the public IP associated it, once you
have added it correctly using steps above, use the following command:
ping -S 10.0.0.5 hotmail.com
Linux (Ubuntu)

sudo -i
3. Update the configuration file of the network interface (assuming ‘eth0’).

 Keep the existing line item for dhcp. The primary IP address remains configured as it was
previously.
 Add a configuration for an additional static IP address with the following commands:
cd /etc/network/interfaces.d/
ls
You should see a .cfg file.
Open the file. You should see the following lines at the end of the file:
auto eth0
iface eth0 inet dhcp
Add the following lines after the lines that exist in this file:
iface eth0 inet static

address <your private IP address here>
netmask <your subnet mask>
Save the file by using the following command:
:wq
Reset the network interface with the following command:
sudo ifdown eth0 && sudo ifup eth0

Important
Run both ifdown and ifup in the same line if using a remote connection.
Verify the IP address is added to the network interface with the following command:
ip addr list eth0
You should see the IP address you added as part of the list.
Linux (Red Hat, CentOS, and others)

sudo -i
3. Enter your password and follow instructions as prompted. Once you are the root user, navigate to the
network scripts folder with the following command:
cd /etc/sysconfig/network-scripts
4. List the related ifcfg files using the following command:
ls ifcfg-*
You should see ifcfg-eth0 as one of the files.
5. To add an IP address, create a configuration file for it as shown below. Note that one file must be
created for each IP configuration.
touch ifcfg-eth0:0
6. Open the ifcfg-eth0:0 file with the following command:
vi ifcfg-eth0:0
7. Add content to the file, eth0:0 in this case, with the following command. Be sure to update
information based on your IP address.
DEVICE=eth0:0
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.101.101
NETMASK=255.255.255.0
8. Save the file with the following command:
:wq
9. Restart the network services and make sure the changes are successful by running the following
commands:
/etc/init.d/network restart
ifconfig
You should see the IP address you added, eth0:0, in the list returned.
Validation (Linux)
To ensure you are able to connect to the internet from your secondary IP configuration via the public IP
associated it, use the following command:
bashCopy
ping -I 10.0.0.5 hotmail.com
For Linux VMs, when trying to validate outbound connectivity from a secondary NIC, you may need to add appropriate routes.
There are many ways to do this. Please see appropriate documentation for your Linux distribution. The following is one method
to accomplish this:
echo 150 custom >> /etc/iproute2/rt_tables
ip rule add from 10.0.0.5 lookup custom

ip route add default via 10.0.0.1 dev eth2 table custom
 Be sure to replace:
o 10.0.0.5 with the private IP address that has a public IP address associated to it
o 10.0.0.1 to your default gateway
o eth2 to the name of your secondary NIC
[vii.3.4.(c)] Assign Multiple IP Address to Virtual Machines using Azure CLI

Course AZ-100T04-A: Configure and Manage Virtual Networks
[] []
Course AZ-100T05-A: Manage Identities
[] []

AZ 103 Microsoft Azure Administrator

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AZ 103 Microsoft Azure Administrator

Uploaded by

Copyright:

Available Formats

Course AZ 103

Manage Azure Subscriptions and Resources [Course Details...]

Implement and Manage Storage [Course Details...]

Deploy and Manage Virtual Machines [Course Details...]

Configure and Manage Virtual Networks [Course Details...]

Manage Identities [Course Details...]

Module 2: Analyze Resource Utilization and Consumption

Module 3: Manage Resource Groups

Module 4: Manage role based access control (RBAC)

Lab: Manage Azure Subscriptions and Resources

Module 2: Import and Export Data to Azure

Module 3: Configure Azure Files

Module 4: Implement Azure Backup

Lab : Implement and Manage Storage

 Implement and use File storage.

Module 2: Automate Deployment of VM

Module 3: Manage Azure VM

Module 4: Manage VM Backup

Lab : Deploy and Manage Virtual Machines

Module 2: Implement and Manage Virtual Networking

Module 3: Configure Name Resolution

Module 4: Create and configure a Network Security Group (NSG)

Module 5: Implement Azure Load Balancer

Module 6: Monitor and Troubleshoot Virtual Networking

Module 7: Integrate on Premises Network with Azure Virtual Network

Lab : Configure and Manage Virtual Networks

 Implement custom routing.

 Validate service chaining.

Module 3: Implement and Manage Hybrid Identities

Module 4: Lab - Implement multi-factor authentication (MFA)

Course AZ-100T01-A: Managing Subscriptions and Resources

Module 1: Managing Azure Subscription

Overview of Azure Subscription

 Associate or add an Azure subscription to your Azure Active Directory tenant

Before you begin

To associate an existing subscription to your Azure AD directory

Post association steps

 Understand your Microsoft Azure bill

Option 1: Compare usage and costs with usage file

1. In the Azure portal, go to Subscriptions.

External services billed separately

Resources billed by usage meters

Pay your bill

To check the status of your payment, create a support ticket.

Tips for cost management

 Understand your Azure Enterprise Agreement bill

Invoices for most customers

Review charges for most customers

1. Sign in to the Enterprise portal.

Invoices for other customers

Review charges for other customers

This section only applies if you are in Australia, Japan or Singapore.

Review service overage invoice

1. Sign in to the Enterprise portal.

Invoice term Usage Summary Description

This section only applies if you are in Australia, Japan or Singapore.

1. Sign in to the Enterprise portal.

 Understand the charges on your Microsoft Customer Agreement's invoice

View transactions for an invoice in the Azure portal

1. Sign in to the Azure portal.

5. Search on invoice ID to filter the transactions for the invoice.

Understand pending charges to estimate your next invoice

1. Sign in to the Azure portal.