An Introduction to Microsoft Azure


For any additional questions you have about this concept, check out our FAQ page.

The Azure Architecture

AD (Active Directory) Tenant

  • This is a top-level domain that contains several subdomains. 


  • These subscriptions are located in the subdomains.
  • They allow users to access the services in Azure.
  • A subscription is similar to an account in AWS.

Resource Groups

  • Resource groups are located inside of the subscriptions.
  • The resources are located inside of the resources groups, essentially as instances of the services.
  • Some resources include Virtual Machines, Addresses, and Disks.
  • There are no similar concepts to resource groups in AWS.


The Azure Networking Components


  • This is the fundamental building block in Azure.
  • It is similar to a VPC in AWS.

Availability Zone

  • Essentially a Data Center located in a region.

Network Security Group

  • A stateful firewall layer.
  • Similar to an AWS Security Group

Public and Private IP Addresses

  • In Azure, when users create VMs and specify a Public IP Address, it is automatically able to talk to the outside world.
  • AWS requires an Internet Gateway in order to achieve this.

Virtual Network Gateway

There are two types of these in Azure.

VPN Gateway

  • This connects on-prem to the VNet using the public internet.
  • It must be deployed in a Gateway Subnet.
  • A VPN Gateway is similar to the VGW in AWS.
  • There is also a local network gateway which is the on-prem entity. This local network gateway is similar to the CGW in AWS.

Express Route Gateway

  • This is popular amongst enterprises connecting their on-prem to the cloud.
  • This is essentially a dedicated private line for connecting VNets to the Data Centers.

VNet Peering

  • This is a native construct provided by Azure.
  • However, it is not scalable.

Routing: UDR, BGP and System Routes

  • User Defined Routes are static and user defined.
  • System Routes are programmed routes that users can't see in the Azure portal. 

Azure Load Balancer

  • This is a L4 load balancer. Users can also use the Application Gateway for L7 load balancing.

Transit in Azure

Transit is essential in every cloud, and Aviatrix's solutions make transit easier. These transit solutions help greenfield and brownfield customers.

Azure also provides options for transit. It has three native options for inter and intra region transit.

ExpressRoute Edge Router

  • This is a common solution but has a lot of limitations.
  • It's default is Any to Any for all spokes, meaning that they can all communicate.
  • There is also a lack of visibility and control.
  • This feature is not officially documented.
  • It is a shared resource.

Network Virtual Appliance (NVA)

  • Customers usually deploy a firewall or third part appliance in the NVA and use it as a transit solution.
  • This solution isn't easily scalable and requires a lot of manual work.
  • There is limited visibility and control.
  • The management of the static routes is challenging for enterprises.

VNet Peering

  • This is Microsoft's preferred option. However, even this solution is difficult to use.
  • Users have to create 1-to-1 mapping.
  • This solution also doesn't scale and the VNet peering needs to be broken to add components.

Azure Virtual WAN

This is Microsoft's proposed solution for the limitations of the native transit solutions. The Azure Virtual WAN has some drawbacks, however.

  • This solution is not Multi-Cloud friendly.
  • Users must buy all the features in order to use this solution.
  • The hub location doesn't support third party devices.
  • Troubleshooting and visibility are limited.
  • There is no way to control the routing policy.
  • There is a 200 BGP route limit from Azure to on-prem.

For more information, watch the video above.

15replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Thanks for the information it has been very helpful for me 

    Also, the introductory video has given more insights on Microsoft Azure 

    This POST has explained about Azure in a very simple way 

    Thanks and warm Regards.

    Like 3
    • jackie2222 I agree - Good job team.

      Like 1
  • Thanks for the information it has been very helpful for me 

    Like 1
  • Thanks for the information it has been very helpful for me 

    Like 1
  • Great effort. Really appreciated.

    Like 1
  • The lecture on the Multi-Cloud Network Associate Course mentions limited 3rd party device support in HUB for Azure Virtual WAN, here it just mentions "doesn't support third party devices", which is the right one ?

  • The away explanation its like spoon feed, great job.  

  • Hi! I jumped here from the ACE training. I have a small comment on the module, specific to transitive VNET peering. Azure supports Spoke-to-spoke also via the VPN Gateway, if you deploy one in the HUB. And you don't need anything connected to it, just deploy it and click the relevant boxes when you do the peering between hub and spoke (use remote gateway).

  • Ok

  • Thank you.

  • thanks

  • Thank you for this training it is very interesting
  • okk

  • Thanks for the information it has been very helpful for me 

  • Thanks for the information it has been very helpful for me 

Like11 Follow
  • 1 mth agoLast active
  • 15Replies
  • 9106Views
  • 20 Following