AZ-104 Microsoft Azure Administrator Exam

Configure Virtual Machine Settings

Creating and configuring virtual machines (VMs) in Azure is essential to achieve optimal performance and security. This process includes several steps such as selecting appropriate VM sizes, configuring storage options, setting up networking interfaces, and applying security measures.

Create a Virtual Machine

To create a VM, start by selecting or creating a resource group, which helps organize related resources. Next, enter a virtual machine name and choose a region for deployment, like East US. It's important to select an image for the VM, such as a Windows Server version, and provide a secure and complex username and password for the local administrator account to protect against unauthorized access.

Configure Networking and Security

Initially, VMs in Azure are accessible from the Internet using the Remote Desktop Protocol (RDP). However, this accessibility can expose the VM to automated sign-in attacks. To enhance security, restrict RDP access to authorized IP ranges or use an Azure Bastion host for more secure connections. It's advisable to select None under Public inbound ports to disable public access entirely.

Storage and Disk Configuration

In the Disks section, selecting the appropriate OS disk type, such as Standard SSD, significantly influences the VM’s performance and cost. Additionally, it's vital to connect the VM to a suitable virtual network subnet. It's recommended to deploy the VM in a dedicated subnet distinct from the managed domain to prevent conflicts and ensure effective communication.

Networking Setup

You have two primary options to connect your VM to a virtual network subnet:

• Create or select an existing subnet within the same virtual network as your managed domain.
• Leverage Azure virtual network peering to link to a subnet in another virtual network.

Ensure that the chosen subnet is integrated with the managed domain's subnet to enable seamless domain join operations.

Security Measures

To safeguard your VM, consider implementing the following security strategies:

• Use Network Security Groups (NSGs) to manage inbound and outbound traffic based on IP, port, and protocol.
• Utilize Azure Firewall for centralized, stateful protection with threat intelligence-based filtering.
• Activate DDoS Protection Standard to shield against distributed denial-of-service attacks.
• Apply Private Endpoints using Azure Private Link to secure Azure services access via private endpoints, thereby eliminating exposure to the public Internet.

Conclusion

Configuring virtual machine settings in Azure demands meticulous planning and execution of security measures to ensure optimal performance and protection. By adhering to best practices related to networking, storage, and security, you can establish and manage VMs that effectively fulfill your organization’s needs.