AZ-204 Crash Course: Azure Compute Solutions

(Module 1)
Overview
Azure Compute Solutions represents 25-30% of the AZ-204 exam - the highest weighted
domain. This module covers:
Azure App Service (Web Apps, API Apps, Mobile Apps)
Azure Functions (Triggers, Bindings, Durable Functions)
Container Solutions (AKS, ACI, ACR, Container Apps)
Infrastructure as Code (ARM Templates, Azure CLI, PowerShell)

1. Azure App Service

Core Concepts
Azure App Service is a fully managed platform-as-a-service (PaaS) offering for building,
deploying, and scaling web apps. It supports multiple programming languages (.NET, Java,
Node.js, Python, PHP, Ruby) and operating systems (Windows, Linux).

App Service Plans

Plan Tier Features Use Cases

Free (F1) 60 CPU minutes/day, 1GB storage, 10 apps Development/testing

Shared (D1) 240 CPU minutes/day, 1GB storage Small personal sites

Basic (B1-B3) Dedicated compute, manual scaling, SSL support Small production apps

Standard (S1-S3) Auto-scaling, deployment slots, traffic manager Production apps

Premium (P1-P3) Enhanced performance, VNet integration High-performance apps

Isolated (I1-I3) App Service Environment, network isolation Enterprise applications

Application Settings Configuration

Application settings in App Service are injected as environment variables at runtime. Key
concepts:
1. Setting Hierarchy: App Service settings override Web.config or appsettings.json
2. Slot Settings: Can be configured as "slot setting" to stay with deployment slot
3. Connection Strings: Separate configuration section with type specification
 4. Naming Conventions:
Linux: Use double underscores (__) instead of colons (:)
Example: ApplicationInsights:InstrumentationKey →
ApplicationInsights__InstrumentationKey

CLI Example:

# Set application setting

az webapp config appsettings set --name myapp --resource-group mygroup --settings WEBSITE

# Set connection string

az webapp config connection-string set --name myapp --resource-group mygroup --connection

Deployment Slots
Deployment slots enable zero-downtime deployments and testing in production environments:
Production Slot: Default slot receiving live traffic
Staging Slots: Separate environments sharing same App Service Plan
Slot Swapping: Atomic operation exchanging code and configurations
Warm-up: Auto-triggered HTTP requests during swap to initialize application
Slot-Specific Settings:
Application settings marked as "slot setting"
Connection strings marked as "slot setting"
Handler mappings
Azure CDN endpoints
PowerShell Example:

# Create deployment slot

New-AzWebAppSlot -ResourceGroupName "mygroup" -Name "myapp" -Slot "staging"

# Swap slots
Switch-AzWebAppSlot -ResourceGroupName "mygroup" -Name "myapp" -SourceSlotName "staging"

Authentication and Authorization

App Service provides built-in authentication (Easy Auth) supporting multiple providers:
Microsoft Entra ID: Enterprise identity provider
Facebook, Google, Twitter: Social identity providers
Any OpenID Connect provider: Custom identity providers
Authentication Flow:
 1. Client authentication with identity provider
2. Provider returns token to App Service
3. App Service validates token and creates session
4. Authenticated requests include session cookie

Networking Features
Feature Description Use Case

VNet Integration Connect to resources in virtual network Database connections

Private Endpoints Inbound private connectivity Secure access

Access Restrictions IP-based access control Security compliance

Hybrid Connections Connect to on-premises resources Legacy system integration

Diagnostic Logging
Multiple logging options available:
Application Logging: Custom application logs (File System/Blob Storage)
Web Server Logs: IIS logs (File System/Blob Storage)
Detailed Error Messages: Failed request traces
Failed Request Tracing: Detailed request debugging
Deployment Logs: Git deployment information
Enable via CLI:

# Enable application logging

az webapp log config --name myapp --resource-group mygroup --application-logging true --l

# Stream logs
az webapp log tail --name myapp --resource-group mygroup

2. Azure Functions

Triggers and Bindings

Azure Functions uses triggers to define how functions are invoked and bindings for input/output
operations.
Common Triggers
Trigger Type Description Configuration

HTTP HTTP request Methods, authorization level

Timer Schedule (CRON) CRON expression

Blob Blob storage changes Container, path pattern

Queue Queue message Queue name, connection

Event Grid Event Grid events Topic subscription

Service Bus Service Bus message Queue/topic, connection

Event Hub Event stream Event hub name, consumer group

Binding Types
Input Bindings: Provide data to function
Output Bindings: Send data from function
Example function.json:

{
"bindings": [
{
"name": "req",
"type": "httpTrigger",
"direction": "in",
"authLevel": "function",
"methods": ["get", "post"]
},
{
"name": "inputBlob",
"type": "blob",
"direction": "in",
"path": "samples/{name}",
"connection": "AzureWebJobsStorage"
},
{
"name": "$return",
"type": "http",
"direction": "out"
}
]
}
Runtime Versions and Extensions
Runtime Version .NET Version Language Support Extension Model

1.x .NET Framework C#, JavaScript Built-in bindings

2.x .NET Core 2.x C#, JavaScript, Python, Java Extension bundles

3.x .NET Core 3.x C#, JavaScript, Python, Java, PowerShell Extension bundles

4.x .NET 6+ C#, JavaScript, Python, Java, PowerShell Extension bundles

Durable Functions
Durable Functions enable stateful orchestrations in serverless environments:

Function Types
1. Orchestrator Functions: Define workflow logic
2. Activity Functions: Basic work units
3. Entity Functions: Stateful entities
4. Client Functions: Start and manage orchestrations

Orchestration Patterns
Function Chaining:

[FunctionName("FunctionChaining")]
public static async Task<object> Run([OrchestrationTrigger] IDurableOrchestrationContext
{
var x = await context.CallActivityAsync<object>("F1", null);
var y = await context.CallActivityAsync<object>("F2", x);
var z = await context.CallActivityAsync<object>("F3", y);
return await context.CallActivityAsync<object>("F4", z);
}

Fan-out/Fan-in:

[FunctionName("FanOutFanIn")]
public static async Task Run([OrchestrationTrigger] IDurableOrchestrationContext context)
{
var tasks = new List<Task<int>>();
for (int i = 0; i < 10; i++)
{
tasks.Add(context.CallActivityAsync<int>("ProcessWork", i));
}

await Task.WhenAll(tasks);
var sum = tasks.Sum(t => t.Result);
await context.CallActivityAsync("SaveResult", sum);
}
Human Interaction Pattern:

[FunctionName("ApprovalWorkflow")]
public static async Task Run([OrchestrationTrigger] IDurableOrchestrationContext context)
{
await context.CallActivityAsync("SendApprovalRequest", null);

using (var timeoutCts = new CancellationTokenSource())

{
var dueTime = context.CurrentUtcDateTime.AddHours(72);
var durableTimeout = context.CreateTimer(dueTime, timeoutCts.Token);
var approvalEvent = context.WaitForExternalEvent("ApprovalEvent");

if (approvalEvent == await Task.WhenAny(approvalEvent, durableTimeout))

{
timeoutCts.Cancel();
await context.CallActivityAsync("ProcessApproval", approvalEvent.Result);
}
else
{
await context.CallActivityAsync("Escalate", null);
}
}
}

Performance and Scaling

Azure Functions automatically scale based on demand:
Consumption Plan: Event-driven scaling, pay-per-execution
Premium Plan: Pre-warmed instances, VNet connectivity, longer execution time
Dedicated Plan: Predictable pricing, full control over scaling
Key scaling metrics:
Queue length (Queue triggers)
Partition count (Event Hub triggers)
HTTP request rate (HTTP triggers)

3. Container Solutions

Service Comparison
Service Complexity Orchestration Use Cases

Container Instances (ACI) Low Single container Simple applications, batch jobs

Container Apps (ACA) Medium Kubernetes-based Microservices, event-driven apps

Kubernetes Service (AKS) High Full Kubernetes Complex applications, enterprise

 Service Complexity Orchestration Use Cases

App Service Low N/A Web applications with containers

Azure Container Instances (ACI)

Serverless containers for simple workloads:
On-demand: No infrastructure management
Per-second billing: Pay only for running time
Hypervisor isolation: Secure container execution
Public/Private IP: Direct connectivity options
Deployment Example:

# Create container instance

az container create \
--resource-group mygroup \
--name mycontainer \
--image nginx \
--dns-name-label mydnsname \
--ports 80

Use Cases:
CI/CD build agents
Batch processing jobs
Development/testing environments
Simple web applications

Azure Container Apps (ACA)

Kubernetes-based platform for microservices and containerized applications:
Key Features:
KEDA: Kubernetes Event Driven Autoscaling
Dapr: Distributed application runtime
Envoy: Service mesh capabilities
Blue/Green Deployments: Traffic splitting
Configuration Example:

apiVersion: apps/v1alpha1
kind: ContainerApp
metadata:
name: my-container-app
spec:
 containers:
- name: main
image: mcr.microsoft.com/azuredocs/containerapps-helloworld:latest
resources:
cpu: 0.25
memory: 0.5Gi
scale:
minReplicas: 0
maxReplicas: 10
rules:
- name: http-rule
http:
metadata:
concurrentRequests: '30'

Azure Kubernetes Service (AKS)

Managed Kubernetes service for complex containerized applications:
Features:
Managed Control Plane: Microsoft manages Kubernetes API server
Node Pools: Different VM sizes and configurations
RBAC Integration: Azure AD integration
Virtual Kubelet: Burst to Container Instances
Network Policies: Secure pod-to-pod communication
Cluster Creation:

# Create AKS cluster

az aks create \
--resource-group mygroup \
--name myakscluster \
--node-count 3 \
--enable-addons monitoring \
--generate-ssh-keys

# Get credentials
az aks get-credentials --resource-group mygroup --name myakscluster

Azure Container Registry (ACR)

Private Docker registry service:
Features:
Geo-replication: Multi-region image distribution
Image quarantine: Security scanning integration
Webhooks: Event-driven actions
 Tasks: Build, test, and patch container images
Registry Operations:

# Create registry
az acr create --resource-group mygroup --name myregistry --sku Basic

# Build and push image

az acr build --registry myregistry --image myapp:v1 .

# Import image
az acr import --name myregistry --source docker.io/library/nginx:latest --image nginx:lat

Integration with AKS:

# Attach ACR to AKS

az aks update -n myakscluster -g mygroup --attach-acr myregistry

4. Infrastructure as Code

ARM Templates
Azure Resource Manager (ARM) templates define infrastructure using declarative JSON syntax.
Template Structure:

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.j
"contentVersion": "1.0.0.0",
"parameters": {
"siteName": {
"type": "string",
"metadata": {
"description": "Name of the Web App"
}
},
"sku": {
"type": "string",
"defaultValue": "S1",
"allowedValues": ["F1", "B1", "S1", "P1v2"]
}
},
"variables": {
"hostingPlanName": "[concat(parameters('siteName'), '-plan')]",
"location": "[resourceGroup().location]"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2020-06-01",
"name": "[variables('hostingPlanName')]",
 "location": "[variables('location')]",
"properties": {
"name": "[variables('hostingPlanName')]"
},
"sku": {
"name": "[parameters('sku')]"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2020-06-01",
"name": "[parameters('siteName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanName'))]"
],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('hostingPlanN
"siteConfig": {
"appSettings": [
{
"name": "WEBSITE_RUN_FROM_PACKAGE",
"value": "1"
}
]
}
}
}
],
"outputs": {
"siteURL": {
"type": "string",
"value": "[concat('https://', reference(resourceId('Microsoft.Web/sites', parameter
}
},
"functions": [
{
"namespace": "contoso",
"members": {
"uniqueName": {
"parameters": [
{
"name": "namePrefix",
"type": "string"
}
],
"output": {
"type": "string",
"value": "[concat(toLower(parameters('namePrefix')), uniqueString(resourceGro
}
}
}
}
]
}
Template Functions:
String functions: concat(), substring(), replace()
Numeric functions: add(), sub(), mul(), div()
Array functions: array(), length(), contains()
Object functions: json(), union(), intersection()
Deployment functions: deployment(), environment(), parameters()
Resource functions: reference(), resourceId(), subscription()
Best Practices:
Use parameters for values that change between deployments
Use variables for complex expressions
Use outputs to return important information
Implement proper dependency management with dependsOn
Use resource-specific API versions

Azure CLI Essentials

Authentication:

# Login to Azure
az login

# Set subscription
az account set --subscription "subscription-name"

# Show current subscription

az account show

Resource Management:

# Create resource group

az group create --name mygroup --location eastus

# List resources
az resource list --resource-group mygroup

# Delete resource group

az group delete --name mygroup --yes --no-wait

App Service Operations:

# Create App Service plan

az appservice plan create --name myplan --resource-group mygroup --sku B1 --is-linux

# Create web app

 az webapp create --name myapp --resource-group mygroup --plan myplan --runtime "NODE|14-l

# Deploy from GitHub

az webapp deployment source config --name myapp --resource-group mygroup --repo-url https

# Configure app settings

az webapp config appsettings set --name myapp --resource-group mygroup --settings CUSTOM_

Function App Operations:

# Create storage account

az storage account create --name mystorageaccount --resource-group mygroup --location eas

# Create function app

az functionapp create --resource-group mygroup --consumption-plan-location eastus --runti

PowerShell for Azure

Authentication and Context:

# Connect to Azure
Connect-AzAccount

# Select subscription
Select-AzSubscription -SubscriptionName "subscription-name"

# Get current context

Get-AzContext

Resource Operations:

# Create resource group

New-AzResourceGroup -Name "mygroup" -Location "East US"

# Deploy ARM template

New-AzResourceGroupDeployment -ResourceGroupName "mygroup" -TemplateFile "template.json"

# Get resources
Get-AzResource -ResourceGroupName "mygroup"

App Service Management:

# Create App Service plan

New-AzAppServicePlan -ResourceGroupName "mygroup" -Name "myplan" -Location "East US" -Tie

# Create web app

New-AzWebApp -ResourceGroupName "mygroup" -Name "myapp" -Location "East US" -AppServicePl

# Set application settings

Set-AzWebApp -ResourceGroupName "mygroup" -Name "myapp" -AppSettings @{"CUSTOM_SETTING"="
Practice Scenarios

Scenario 1: Multi-Environment Deployment

Requirement: Deploy a web application with separate development, staging, and production
environments.
Solution:
1. Create App Service plan (Standard tier for deployment slots)
2. Deploy application to production slot
3. Create staging deployment slot
4. Configure slot-specific application settings
5. Implement automated deployment with slot swapping

Scenario 2: Microservices Architecture

Requirement: Deploy microservices with auto-scaling and service discovery.
Solution Options:
1. Container Apps: Kubernetes-based with Dapr integration
2. AKS: Full Kubernetes control with service mesh
3. Function Apps: Event-driven serverless approach

Scenario 3: Batch Processing

Requirement: Process files uploaded to blob storage.
Solution:
1. Azure Function with Blob trigger
2. Container Instance for complex processing
3. Logic Apps for workflow orchestration

Exam Tips
1. Understand service boundaries: Know when to use ACI vs ACA vs AKS
2. Master deployment slots: Understand slot settings vs app settings
3. ARM template syntax: Practice with parameters, variables, and functions
4. Function bindings: Memorize trigger types and configuration options
5. Scaling patterns: Understand auto-scaling triggers for different services
6. Cost optimization: Know pricing models for different compute options
 7. Security: Understand managed identity integration across services

This module provides foundational knowledge for Azure Compute Solutions. The next module
will cover Azure Storage Solutions in similar detail.