Azure Container Instances (ACI)

Home » Azure Cheat Sheets » Azure Compute Services » Azure Container Instances (ACI)

Azure Container Instances (ACI)

Last updated on January 8, 2025

Azure Container Instances Cheat Sheet

  • Run containers without managing servers.
  • For event-driven applications, quickly deploy from your container development pipelines, run data processing, and build jobs.
  • Azure Container Instances is a regional service.

Features

  • Containers have less overhead than VMs and can be deployed consistently.
  • All the dependencies for an application are included in the container image.
  • Applications running in containers can be deployed easily to multiple operating systems and hardware platforms.
  • Select an image source using Quickstart images, Azure Container Registry, and Docker Hub.
  • Create a container image only when you need it and process data on-demand.
  • You can choose to always restart the container regardless of how it stopped, to only restart if it failed, to exit successfully, or to never restart.
  • Enables you to set a command to be executed first when running the container.
  • Resources can be tagged with values that you define, to help you organize and identify them.
    • Tutorials dojo strip
  • By default, Azure Container Instances are stateless.
  • You can’t deploy an image from an on-premises registry to ACI.

Storage

  • You can mount Azure Files shares in your ACI for persistent storage.
  • To mount an Azure file share as a volume in Azure Container Instances, you need: Storage account name, Share name, and Storage account key.

Networking

  • Choose between three networking options: Public, Private, and None.
  • Private IP is not yet available for Windows Containers.
  • None IP containers (logs) can still be accessed using the CLI.
  • DNS name label: <tutorialsdojo>.<region>.azurecontainer.io

Security

  • Deploy Azure WAF in front of critical web applications hosted in ACI for additional inspection of incoming traffic.
  • Use Azure Key Vault to safeguard encryption keys and secrets for containerized applications.

Pricing

  • You pay based on what you need and get billed by the second.
  • The assigned public IP addresses to your container group are billed.
  • You are billed for each GB and vCPU your container group consumes.

Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.

Validate Your Knowledge

Question 1

Question Type: Single choice

You manage a logistics company that uses Azure file shares to store critical data. The company uses Microsoft Entra ID for identity-based authentication. Employees from remote branches need secure access to these file shares. To meet operational needs, the following conditions must be fulfilled:

  • Hybrid user identities must be authenticated using Microsoft Entra ID.

  • End users need access to file shares over the public internet.

  • No line-of-sight to on-premises domain controllers is required at remote branches.

Which authentication method should you implement for Azure Files?

  1. Enable Microsoft Entra Kerberos authentication for hybrid identities.
  2. Use Microsoft Entra ID with Azure Files OAuth over REST.
  3. Use Kerberos authentication over SMB for Linux clients using Microsoft Entra Domain Services.
  4. Use NTLM-based access controls for hybrid accounts.

Correct Answer: 1

Microsoft Entra ID is a cloud-based identity and access management service that enables your employees to access external resources. Examples of resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.

Microsoft Entra ID also helps them access internal resources like apps on your corporate intranet and any cloud apps developed for your own organization.

Azure Files is a fully managed file-sharing service provided by Microsoft Azure. It offers cloud-based file shares that can be accessed using the industry-standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and the Azure Files REST API. These file shares can be mounted simultaneously by Windows, Linux, and macOS deployments, whether in the cloud or on-premises.

Kerberos authentication is a network authentication protocol that employs secret-key cryptography to provide robust authentication for client-server applications. It operates using tickets, enabling nodes communicating over a non-secure network to prove their identities to each other securely. In Azure, Microsoft Entra Kerberos authentication for Azure Files allows users to authenticate and access Azure file shares using their Microsoft Entra credentials, ensuring a seamless and secure experience.

enabling Microsoft Entra Kerberos in Azure portal

Azure file shares support identity-based access using protocols like SMB. For hybrid identities synced with Microsoft Entra ID, Kerberos authentication enables secure access without requiring continuous connectivity to on-premises domain controllers. This method allows hybrid users to authenticate over the internet while maintaining security and compliance.

Hence, the correct answer is: Enable Microsoft Entra Kerberos authentication for hybrid identities.

The option that says: Use Microsoft Entra ID with Azure Files OAuth over REST is incorrect because OAuth over REST is primarily used for programmatic access to Azure Files, not for end-user access over SMB.

The option that says: Use Kerberos authentication over SMB for Linux clients using Microsoft Entra Domain Services is incorrect because it focuses on integrating Linux-based SMB with Microsoft Entra Domain Services. Although Microsoft Entra Domain Services can provide managed domain services, it typically requires certain domain-like structures, which adds unnecessary complexity. Additionally, It doesn’t leverage Microsoft Entra ID for authentication as required.

The option that says: Use NTLM-based access controls for hybrid accounts is incorrect because NTLM is an older, less secure authentication protocol. It typically requires line-of-sight to domain controllers, which contradicts one of the requirements. Additionally, It doesn’t leverage Microsoft Entra ID for authentication as required.

 

References:

https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal%2Cintune
https://learn.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overviewhttps://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview

Check out this Microsoft Entra ID Cheat Sheet:

https://tutorialsdojo.com/microsoft-entra-id/

Note: This question was extracted from our AZ-104 Microsoft Azure Administrator Practice Exams.

For more Azure practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:

Microsoft Azure Practice Exams Tutorials Dojo

Azure Container Instances Cheat Sheet Resources:

https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview
https://azure.microsoft.com/en-us/services/container-instances/#overview

Tutorials Dojo portal

Level-Up Your Career this 2025

Learn AWS with our PlayCloud Hands-On Labs

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

FREE AWS, Azure, GCP Practice Test Samplers

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

Follow Us On Linkedin

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?