AZ-204 Azure Developer Associate: Building and Deploying Azure Applications

App Service is the AZ-204 compute workhorse. App Service Plan (ASP) defines the underlying VM — all apps in the same ASP share compute. ASP tiers: Free/Shared (no SLA, shared infrastructure), Basic (dedicated VMs, manual scale), Standard (auto-scale, deployment slots, custom domains, SSL), Premium (more power, VNet integration, no cold start), Isolated (dedicated environment in your VNet — highest isolation, App Service Environment). Deployment slots: staging slot lets you deploy and warm up before swapping to production — swap routes all traffic instantly with rollback capability. Azure Functions: consumption plan (scale to zero, pay per execution, 5-minute default timeout), Premium plan (pre-warmed instances, no cold start, VNet integration, unlimited timeout), Dedicated plan (run on an ASP — manual scaling). Durable Functions extend Functions with stateful workflows: orchestrator functions (fan-out/fan-in, async HTTP, monitor pattern), entity functions (stateful actors). Containers: Azure Container Registry (private Docker registry), Azure Container Instances (single container, quick start, no orchestration), Container Apps (serverless Kubernetes — KEDA scaling, Dapr integration).

Storage SDK patterns for AZ-204: Blob Storage (block blobs for files, append blobs for logs, page blobs for VHDs), SAS tokens (Shared Access Signatures — grant time-limited access to specific resources without exposing account key — service SAS for one service, account SAS for multiple services, user delegation SAS using Entra ID credentials — most secure), stored access policies (server-side policy that a SAS references — allows revocation by changing the policy). Azure Table Storage: NoSQL key-value store — partition key and row key form the composite primary key, queries within a partition are fastest. Queue Storage: simple message queue — 64 KB message size, 7-day TTL, dequeue count tracking for poison message detection. Cosmos DB SDK: choose consistency level per operation (strong, bounded staleness, session, consistent prefix, eventual), change feed (real-time stream of all inserts and updates — triggers downstream processing), TTL (time-to-live on containers or items for automatic expiry).

AZ-204 security is developer-focused. Managed Identity: system-assigned (tied to a single resource, deleted with resource) or user-assigned (independent resource, reusable across multiple services) — both eliminate credential management by obtaining tokens from Entra ID automatically. MSAL (Microsoft Authentication Library): the current SDK for acquiring tokens (replaces ADAL). OAuth 2.0 flows for different client types: auth code flow (web apps — server holds secret), auth code flow with PKCE (SPAs and mobile apps — no secret), client credentials flow (service-to-service — daemon apps). Microsoft Graph API: unified REST API for Microsoft 365, Teams, Entra ID, and OneDrive data — AZ-204 expects you to call Graph to read user profiles, send Teams messages, and query directory data. Key Vault SDK: retrieve secrets, keys, and certificates in application code using the DefaultAzureCredential (tries multiple auth methods in order — managed identity, CLI, VS Code, environment variables).

Azure API Management (APIM) is a gateway, developer portal, and management plane for APIs. Policies: transform requests and responses using XML-based policy expressions — rate limiting (rate-limit-by-key policy), IP filtering (ip-filter policy), JWT validation (validate-jwt policy), request/response transformation (set-header, rewrite-uri, find-replace). Policy scopes: global, product, API, operation — more specific scope overrides less specific. Inbound and outbound processing pipelines. Event Grid: event routing for discrete events — publishers (Azure services, custom topics), event subscriptions (filter by event type, route to subscribers: Functions, Logic Apps, Event Hubs, Service Bus). Event Grid schema vs CloudEvents schema (CloudEvents is the CNCF standard — preferred for cross-cloud compatibility). Service Bus: enterprise messaging — queues (point-to-point, FIFO, dead-letter), topics and subscriptions (pub/sub with filter rules). Service Bus sessions: message grouping for ordered processing (session-aware receivers process messages from one session sequentially). Event Hubs: high-throughput streaming (millions of events/second), partitioned consumer model (partition count = max parallelism), consumer groups (separate logical stream for each downstream consumer), Kafka protocol support.

Performance optimisation in AZ-204: Azure Cache for Redis (in-memory key-value store for session state, response caching, real-time data — tiers: Basic, Standard, Premium (geo-replication, VNet integration, clustering), Enterprise (Redis modules — Search, JSON, Bloom Filter)), cache patterns (cache-aside, read-through, write-through, write-behind), Redis data structures (strings, hashes, lists, sets, sorted sets — sorted sets for leaderboards). Azure CDN: cache static content at edge locations globally — profiles from Microsoft, Verizon, Akamai. CDN rules engine: redirect, rewrite, cache override, header manipulation. Azure Monitor for developers: Application Insights (APM — automatic dependency tracking, custom events and metrics via TrackEvent/TrackMetric, distributed tracing with operation ID, Live Metrics for real-time monitoring), Log Analytics workspace (store and query telemetry with KQL), Availability tests (web test from multiple locations — detect regional outages).