Hands-On Azure: Deploying VMs, SQL, and Web Apps with BYOS

What Is an Azure Virtual Machine?
An Azure VM is a scalable, on-demand computing resource that behaves like a physical computer but runs in the cloud. It allows you to run operating systems (Windows, Linux, etc.), install software, and host applications without managing physical hardware

Key Features

• Full Control: You get administrative access to the OS and can configure it as needed.
• Flexible OS Choices: Choose from pre-configured images like Windows Server, Ubuntu, Red Hat, or upload your own custom image.
• Scalability: Easily scale up or down based on demand using auto-scaling features.
• Availability Zones: Deploy across multiple zones for high availability and disaster recovery.
• Security: Use Network Security Groups (NSGs), firewalls, and encryption to protect your VM'

Use Cases

• Development & Testing: Quickly spin up environments tailored to your app’s needs.
• Web Hosting: Host websites or APIs with full control over the server stack.
• Data Processing: Run compute-heavy tasks like simulations, analytics, or machine learning.
• Legacy App Support: Run older applications that require specific OS versions or configurations.

What Is BYOS?
BYOS means you’re bringing your own cloud account (like an Azure subscription) to a platform that supports external provisioning. Instead of the platform managing and billing resources under its own cloud account, you retain control, visibility, and billing through your own subscription.

Why Use BYOS?

• Cost Control: You pay Microsoft (or your cloud provider) directly, often benefiting from negotiated rates or enterprise agreements.
• Security Ownership: You manage access, policies, and compliance within your own cloud environment.
• Resource Visibility: All resources (VMs, storage, networking) show up in your Azure portal, giving you full transparency.
• Support Flexibility: You use your own support contract with Microsoft, which may offer better SLAs or escalation paths.

App Log Examiners security group is all about establishing a dedicated team within your Microsoft Entra ID (formerly Azure Active Directory) that has access to application logs and diagnostics—typically for monitoring, troubleshooting, or auditing purposes.

What Is the "App Log Examiners" Group?
This is a security group designed to:

• Grant specific users access to log data from applications and services.
• Control who can view, analyze, or query logs—especially in environments using Azure Monitor, Log Analytics, or Application Insights.
• Support role-based access control (RBAC) by assigning this group to resources like virtual machines, storage accounts, or monitoring tools.

Aim Objective

• Prepare your bring-your-own-subscription (BYOS)
• Create App Log Examiners security group
• Deploy and configure WS-VM1
• Deploy and configure LX-VM2
• Deploy a web app with an SQL Database
• Deploy a Linux web app

Step1:Prepare your bring-your-own-subscription (BYOS)

• Login to your Azure Portal
• In the Azure Portal Search Bar, enter Resource Groups and select Resource groups from the list of results.
• On the Resource Groups page, select Create.
• On the Create a Resource Group page, select your subscription and enter the name rg-alpha. Set the region to East US, choose Review + Create, and then choose Create.

Creating the App Log Examiners security group means you’re making a dedicated Azure AD security group where you can add users who are responsible for examining application logs, and then you’ll assign log-related permissions to that group.

Step 2: Create App Log Examiners security group

• In the Azure Portal Search Bar, enter Azure Active Directory (or Entra ID) from the list of results .
• On the Default Directory page, select Groups.
• On the Groups page, choose New Group.
• On the New Group page, provide the values in the following table and choose Create.

Property	Value
Group Type	Security
Group Name	App Log Examiners
Description	App Log Examiners

Step 3: Deploy and configure WS-VM1
deploy and configure a Windows Server virtual machine.

• In the Azure Portal Search Bar, enter Virtual Machines and select Virtual Machines from the list of results
• On the Virtual Machines page, choose Create and select Azure Virtual Machine.
• On the Basics page of the Create A Virtual Machine wizard, select the following settings and then choose Review + Create.

Property	Value
Subscription	Your subscription
Resource Group	rg-alpha
VM Name	WS-VM1
Region	East US
Availability	No infrastructure redundancy required
Security Type	Standard
Image	Windows Server 2022 Datacenter: Azure Edition – x64 Gen2
Architecture	x64
Size	Standard_D4s_v3 – 4 vCPUs, 16 GiB memory
Admin Username	prime
Password	[Select a unique secure password] (example: P@ssw0rdP@ssw0rd)
Inbound Ports	RDP (3389)

• Review the settings and select Create.
• Wait for the deployment to complete. Once deployment completes choose Go to resource.
• On the WS-VM1 properties page, choose Networking.
• On the Networking page, select the RDP rule.
• On the RDP rule space, change the Source to My IP address and choose Save. This restricts incoming RDP connections to the IP address you’re currently using.
• On the Networking page, choose Add inbound port rule.
• On the Add inbound security rule page, configure the following settings and choose Add.

Property	Value
Source	Any
Source Port Ranges	*
Destination	Any
Service	HTTP
Action	Allow
Priority	310
Name	AllowAnyHTTPInbound

• On the WS-VM1 page, choose Connect.
• Under Native RDP, choose Select.
• On the Native RDP page, choose Download RDP file and then open the file. Opening the RDP file opens the Remote Desktop Connection dialog box.
• On the Windows Security dialog box, choose More Choices and then choose Use a different account.
• Enter the username as .\prime and the password as the secure password you chose in Step 3, and choose OK.
• When signed into the Windows Server virtual machine, right-click on the Start hint and then choose Windows PowerShell (Admin).
• At the elevated command prompt, type the following command and press Enter. Install-WindowsFeature Web-Server -IncludeAllSubFeature -IncludeManagementTools
• When the installation completes run the following command to change to the web server root directory. cd c:\inetpub\wwwroot\
• Run the following command. Wget https://raw.githubusercontent.com/Azure-Samples/html-docs-hello-world/master/index.html -OutFile index.html

Step 4: Deploy and configure LX-VM2
Deploying and configure a Linux virtual machine.

• In the Azure Portal Search Bar, enter Virtual Machines and select Virtual Machines from the list of results.
• On the Virtual Machines page, choose Create and select Azure Virtual Machine.
• On the Basics page of the Create A Virtual Machine wizard, select the following settings and then choose Review + Create

Property	Value
Subscription	Your subscription
Resource Group	rg-alpha
Virtual Machine Name	Linux-VM2
Region	East US
Availability Options	No infrastructure redundancy required
Security Type	Standard
Image	Ubuntu Server 20.04 LTS – x64 Gen2
VM Architecture	x64
Size	Standard_D2s_v3 – 2 vCPUs, 8 GiB memory
Authentication Type	Password
Username	Prime
Password	[Select a unique secure password] (example: P@ssw0rdP@ssw0rd)
Public Inbound Ports	None

• Review the information and choose Create.
• After the VM deploys, open the VM properties page and choose Extensions + Applications under Settings.
• Choose Add and select the Network Watcher Agent for Linux. Choose Next and then choose Review and Create. Choose Create.
• Configure the AzureNetworkWatcherExtension and the OmsAgentForLinux extension so that they automatically upgrade

Step 5:Deploy a web app with an SQL Database

• Ensure that you’re signed into the Azure Portal.
• In your browser, open a new browser tab and navigate to https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/web-app-sql-database
• On the GitHub page, choose Deploy to Azure.
• A new tab opens. If necessary, re-sign into Azure with the account that has Global Administrator privileges.
• On the Basics page, select Edit template.
• In the template editor, delete the contents of lines 158 to 174 inclusive and delete the “,” on line 157. Choose Save.
• On the Basics page, provide the following information and choose Next.

Property	Value
Subscription	Your subscription
Resource Group	rg-alpha
Region	East US
SKU Name	F1
SKU Capacity	1
SQL Administrator Login	prime
SQL Administrator Password	[Select a unique secure password] (example: P@ssw0rdP@ssw0rd)

• Review the information presented and select Create.
• After the deployment completes, choose Go to resource group.

Step 6: Deploy a Linux web app

• Ensure that you’re signed into the Azure Portal.
• In your browser, open a new browser tab and navigate to https://learn.microsoft.com/en-us/samples/azure/azure-quickstart-templates/webapp-basic-linux/
• On the GitHub page, choose Deploy to Azure.
• On the Basics page, provide the following information and choose Next.

Property	Value
Subscription	Your subscription
Resource Group	rg-alpha
Region	East US
Web App Name	AzureLinuxAppWXYZ (replace WXYZ with random numbers, e.g., AzureLinuxApp1234)
SKU	S1
Linux Fx Version	PHP

• Review the information and choose Create.

Conclusion
This project gave me the chance to put several Azure services together into a single working solution. I started with security by creating the App Log Examiners group, then moved on to deploying both Windows and Linux virtual machines. After that, I configured NSG rules to allow HTTP traffic and added monitoring extensions so the VMs could be tracked properly. I also created an Azure SQL database with an administrator login and finished by deploying a Linux-based Web App running PHP.

By the end of the project, I had built a small but complete environment that covered compute, networking, security, database, and application hosting. It felt very close to what a real Cloud or DevOps engineer would set up in practice, and it gave me good hands-on experience with how these services connect and work together.