What Is an Azure Virtual Machine?
An Azure VM is a scalable, on-demand computing resource that behaves like a physical computer but runs in the cloud. It allows you to run operating systems (Windows, Linux, etc.), install software, and host applications without managing physical hardware
Key Features
- Full Control: You get administrative access to the OS and can configure it as needed.
- Flexible OS Choices: Choose from pre-configured images like Windows Server, Ubuntu, Red Hat, or upload your own custom image.
- Scalability: Easily scale up or down based on demand using auto-scaling features.
- Availability Zones: Deploy across multiple zones for high availability and disaster recovery.
- Security: Use Network Security Groups (NSGs), firewalls, and encryption to protect your VM'
Use Cases
- Development & Testing: Quickly spin up environments tailored to your app’s needs.
- Web Hosting: Host websites or APIs with full control over the server stack.
- Data Processing: Run compute-heavy tasks like simulations, analytics, or machine learning.
- Legacy App Support: Run older applications that require specific OS versions or configurations.
What Is BYOS?
BYOS means you’re bringing your own cloud account (like an Azure subscription) to a platform that supports external provisioning. Instead of the platform managing and billing resources under its own cloud account, you retain control, visibility, and billing through your own subscription.
Why Use BYOS?
- Cost Control: You pay Microsoft (or your cloud provider) directly, often benefiting from negotiated rates or enterprise agreements.
- Security Ownership: You manage access, policies, and compliance within your own cloud environment.
- Resource Visibility: All resources (VMs, storage, networking) show up in your Azure portal, giving you full transparency.
- Support Flexibility: You use your own support contract with Microsoft, which may offer better SLAs or escalation paths.
App Log Examiners security group is all about establishing a dedicated team within your Microsoft Entra ID (formerly Azure Active Directory) that has access to application logs and diagnostics—typically for monitoring, troubleshooting, or auditing purposes.
What Is the "App Log Examiners" Group?
This is a security group designed to:
- Grant specific users access to log data from applications and services.
- Control who can view, analyze, or query logs—especially in environments using Azure Monitor, Log Analytics, or Application Insights.
- Support role-based access control (RBAC) by assigning this group to resources like virtual machines, storage accounts, or monitoring tools.
Aim Objective
- Prepare your bring-your-own-subscription (BYOS)
- Create App Log Examiners security group
- Deploy and configure WS-VM1
- Deploy and configure LX-VM2
- Deploy a web app with an SQL Database
- Deploy a Linux web app
Step1:Prepare your bring-your-own-subscription (BYOS)
- Login to your Azure Portal
- In the Azure Portal Search Bar, enter Resource Groups and select Resource groups from the list of results.
- On the Resource Groups page, select Create.
- On the Create a Resource Group page, select your subscription and enter the name rg-alpha. Set the region to East US, choose Review + Create, and then choose Create.
Creating the App Log Examiners security group means you’re making a dedicated Azure AD security group where you can add users who are responsible for examining application logs, and then you’ll assign log-related permissions to that group.
Step 2: Create App Log Examiners security group
- In the Azure Portal Search Bar, enter Azure Active Directory (or Entra ID) from the list of results
.
- On the Default Directory page, select Groups.
- On the Groups page, choose New Group.
- On the New Group page, provide the values in the following table and choose Create.
Property | Value |
---|---|
Group Type | Security |
Group Name | App Log Examiners |
Description | App Log Examiners |
Step 3: Deploy and configure WS-VM1
deploy and configure a Windows Server virtual machine.
- In the Azure Portal Search Bar, enter Virtual Machines and select Virtual Machines from the list of results
- On the Virtual Machines page, choose Create and select Azure Virtual Machine.
- On the Basics page of the Create A Virtual Machine wizard, select the following settings and then choose Review + Create.
Property | Value |
---|---|
Subscription | Your subscription |
Resource Group | rg-alpha |
VM Name | WS-VM1 |
Region | East US |
Availability | No infrastructure redundancy required |
Security Type | Standard |
Image | Windows Server 2022 Datacenter: Azure Edition – x64 Gen2 |
Architecture | x64 |
Size | Standard_D4s_v3 – 4 vCPUs, 16 GiB memory |
Admin Username | prime |
Password |
[Select a unique secure password] (example: P@ssw0rdP@ssw0rd ) |
Inbound Ports | RDP (3389) |
- Review the settings and select Create.
- Wait for the deployment to complete. Once deployment completes choose Go to resource.
- On the WS-VM1 properties page, choose Networking.
- On the Networking page, select the RDP rule.
- On the RDP rule space, change the Source to My IP address and choose Save.
This restricts incoming RDP connections to the IP address you’re currently using.
- On the Networking page, choose Add inbound port rule.
- On the Add inbound security rule page, configure the following settings and choose Add.
Property | Value |
---|---|
Source | Any |
Source Port Ranges | * |
Destination | Any |
Service | HTTP |
Action | Allow |
Priority | 310 |
Name | AllowAnyHTTPInbound |
- On the WS-VM1 page, choose Connect.
- Under Native RDP, choose Select.
- On the Native RDP page, choose Download RDP file and then open the file. Opening the RDP file opens the Remote Desktop Connection dialog box.
- On the Windows Security dialog box, choose More Choices and then choose Use a different account.
- Enter the username as .\prime and the password as the secure password you chose in Step 3, and choose OK.
- When signed into the Windows Server virtual machine, right-click on the Start hint and then choose Windows PowerShell (Admin).
- At the elevated command prompt, type the following command and press Enter. Install-WindowsFeature Web-Server -IncludeAllSubFeature -IncludeManagementTools
- When the installation completes run the following command to change to the web server root directory. cd c:\inetpub\wwwroot\
- Run the following command. Wget https://raw.githubusercontent.com/Azure-Samples/html-docs-hello-world/master/index.html -OutFile index.html
Step 4: Deploy and configure LX-VM2
Deploying and configure a Linux virtual machine.
- In the Azure Portal Search Bar, enter Virtual Machines and select Virtual Machines from the list of results.
- On the Virtual Machines page, choose Create and select Azure Virtual Machine.
- On the Basics page of the Create A Virtual Machine wizard, select the following settings and then choose Review + Create
Property | Value |
---|---|
Subscription | Your subscription |
Resource Group | rg-alpha |
Virtual Machine Name | Linux-VM2 |
Region | East US |
Availability Options | No infrastructure redundancy required |
Security Type | Standard |
Image | Ubuntu Server 20.04 LTS – x64 Gen2 |
VM Architecture | x64 |
Size | Standard_D2s_v3 – 2 vCPUs, 8 GiB memory |
Authentication Type | Password |
Username | Prime |
Password |
[Select a unique secure password] (example: P@ssw0rdP@ssw0rd ) |
Public Inbound Ports | None |
- Review the information and choose Create.
- After the VM deploys, open the VM properties page and choose Extensions + Applications under Settings.
- Choose Add and select the Network Watcher Agent for Linux. Choose Next and then choose Review and Create. Choose Create.
- Configure the AzureNetworkWatcherExtension and the OmsAgentForLinux extension so that they automatically upgrade
Step 5:Deploy a web app with an SQL Database
- Ensure that you’re signed into the Azure Portal.
- In your browser, open a new browser tab and navigate to https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/web-app-sql-database
- On the GitHub page, choose Deploy to Azure.
- A new tab opens. If necessary, re-sign into Azure with the account that has Global Administrator privileges.
- On the Basics page, select Edit template.
- In the template editor, delete the contents of lines 158 to 174 inclusive and delete the “,” on line 157. Choose Save.
- On the Basics page, provide the following information and choose Next.
Property | Value |
---|---|
Subscription | Your subscription |
Resource Group | rg-alpha |
Region | East US |
SKU Name | F1 |
SKU Capacity | 1 |
SQL Administrator Login | prime |
SQL Administrator Password |
[Select a unique secure password] (example: P@ssw0rdP@ssw0rd ) |
- Review the information presented and select Create.
- After the deployment completes, choose Go to resource group.
Step 6: Deploy a Linux web app
- Ensure that you’re signed into the Azure Portal.
- In your browser, open a new browser tab and navigate to https://learn.microsoft.com/en-us/samples/azure/azure-quickstart-templates/webapp-basic-linux/
- On the GitHub page, choose Deploy to Azure.
- On the Basics page, provide the following information and choose Next.
Property | Value |
---|---|
Subscription | Your subscription |
Resource Group | rg-alpha |
Region | East US |
Web App Name | AzureLinuxAppWXYZ (replace WXYZ with random numbers, e.g., AzureLinuxApp1234) |
SKU | S1 |
Linux Fx Version | PHP |
- Review the information and choose Create.
Conclusion
This project gave me the chance to put several Azure services together into a single working solution. I started with security by creating the App Log Examiners group, then moved on to deploying both Windows and Linux virtual machines. After that, I configured NSG rules to allow HTTP traffic and added monitoring extensions so the VMs could be tracked properly. I also created an Azure SQL database with an administrator login and finished by deploying a Linux-based Web App running PHP.
By the end of the project, I had built a small but complete environment that covered compute, networking, security, database, and application hosting. It felt very close to what a real Cloud or DevOps engineer would set up in practice, and it gave me good hands-on experience with how these services connect and work together.
Top comments (0)