Study guide for Azure Certifications AZ-100 & AZ-101

Microsoft_Certified_Banner

A Couple of weeks ago I signed up for the new beta exams for Microsoft Azure, which are currently in Beta and was limited to a number amount of seats. So this post is more of a study guide I created for preparation for these exams, listed below. Which also lists out the different topics that will be tested on the certification as well.

Links to the different exams
Microsoft Azure Infrastructure and Deployment AZ-100
Microsoft Azure Integration and Security AZ-101
Microsoft Azure Administrator Certification Transition AZ-102

Study Guide – AZ-100

Manage Azure subscriptions
May include but not limited to: Assign administrator permissions; configure cost center quotas and tagging; configure subscription policies

Cost Center Tagging: https://docs.microsoft.com/en-us/azure/billing/billing-getting-started#ways-to-monitor-your-costs-when-using-azure-services
Azure Policies: https://docs.microsoft.com/en-us/azure/azure-policy/azure-policy-introduction
Azure Administrator Subscription: https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator

Analyze resource utilization and consumption
May include but not limited to: Configure diagnostic settings on resources; create baseline for resources; create and test alerts; analyze alerts across subscription; analyze metrics across subscription; create action groups; monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; view alerts in Log Analytics

Action Groups: https://docs.microsoft.com/en-my/azure/monitoring-and-diagnostics/monitoring-action-groups
Metrics in Microsoft Azure: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-metrics
Cost Management Report: https://docs.microsoft.com/en-us/azure/cost-management/use-reports
Setup Billing Alerts: https://docs.microsoft.com/en-us/azure/billing/billing-set-up-alerts
Log Query Functions Examples: https://github.com/MicrosoftDocs/LogAnalyticsExamples/tree/master/log-analytics
Create Alerts in Azure Monitor: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-alerts-unified-usage

Manage resource groups
May include but not limited to: Allocate resource policies; configure resource locks; configure resource policies; implement and set tagging on resource groups; move resources across resource groups; remove resource groups

Azure Policy: https://docs.microsoft.com/en-us/azure/azure-policy/create-manage-policy
Resource Locks: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Azure Resource Group Tags: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
Move Resources across resource groups: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources

Implement and manage storage (20-25%)

Create and configure storage accounts
May include but not limited to: Configure network access to the storage account; create and configure storage account; generate shared access signature; install and use Azure Storage Explorer; manage access keys; monitor activity log by using Log Analytics; implement Azure storage replication

Virtual Endpoint for Azure Storage: https://azure.microsoft.com/en-us/blog/virtual-network-service-endpoints-and-firewalls-for-azure-storage-now-generally-available/
Create and Manage Storage Account: https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account
Create SAS: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-dotnet-shared-access-signature-part-2
Azure Storage Explorer: https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows
Azure Storage Analytics: https://docs.microsoft.com/nb-no/rest/api/storageservices/storage-analytics
Azure Activity Log Analytics: https://docs.microsoft.com/en-us/azure/security/azure-log-audit
Azure Storage Access Keys: https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account

Import and export data to Azure
May include but not limited to: Create export from Azure job; create import into Azure job; configure and use Azure blob storage; configure Azure content delivery network (CDN) endpoints

Azure Import and Export Job: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
Configure CDN for Azure: https://docs.microsoft.com/en-us/azure/cdn/cdn-create-new-endpoint
Configure CDN for WordPress: https://blogs.msdn.microsoft.com/azureossds/2015/04/27/improving-wordpress-performance-use-azure-cdn/

Configure Azure files
May include but not limited to: Create Azure file share; create Azure File Sync service; create Azure sync group; troubleshoot Azure File Sync

Troubleshoot File Sync: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-troubleshoot?tabs=portal1%2Cportal
Deploy Azure File Sync: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=portal
Create a Sync Group: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=portal#create-a-sync-group-and-a-cloud-endpoint

Implement Azure backup
May include but not limited to: Configure and review backup reports; perform backup operation; create Recovery Services Vault; create and configure backup policy; perform a restore operation

Azure Backup Reports: https://docs.microsoft.com/en-us/azure/backup/backup-azure-configure-reports
Create Backup Vault: https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-windows-server
Restore from Azure backup agent: https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-windows-server
Restore VM’s in Azure: https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
Creating a backup Policy: https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm#defining-a-backup-policy

Deploy and manage virtual machines (VMs) (20-25%)

Create and configure a VM for Windows and Linux
May include but not limited to: Configure high availability; configure monitoring, networking, storage, and virtual machine size; deploy and configure scale sets

High Availability IaaS Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
Scale Sets Azure: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/quick-create-portal
Monitor Azure Virtual Machine: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/monitor
Resize Virtual Machines Azure: https://thuansoldier.net/6515/

Automate deployment of VMs
May include but not limited to: Modify Azure Resource Manager (ARM) template; configure the location of new VMs; configure VHD template; deploy from the template; save a deployment as an ARM template; deploy Windows and Linux VMs

ARM Templates: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates
ARM Azure Github: https://github.com/Azure/azure-quickstart-templates
Deploy Templates from ARM: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-deploy
Save Template as ARM: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template

Manage Azure VM
May include but not limited to: Add data discs; add network interfaces; automate configuration management by using PowerShell Desired State Configuration (DSC) and VM Agent by using custom script extensions; manage VM sizes; move VMs from one resource group to another; redeploy VMs

Move VM from one resource group to another: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm
Azure Automation DSC and Azure: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-overview
Custom Script Extension Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
ARM Custom Script Extension: https://github.com/Azure/azure-quickstart-templates/tree/master/201-vm-custom-script-windows
Attached Data Disk Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/attach-managed-disk-portal

Manage VM backups
May include but not limited to: Configure VM backup; define backup policies; implement backup policies; perform VM restore

Restore VM’s in Azure: https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms
Creating a backup Policy: https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm#defining-a-backup-policy
Backup VM using ARM: https://azure.microsoft.com/en-gb/resources/templates/101-recovery-services-create-vm-and-configure-backup/

Configure and manage virtual networks (20-25%)

Create connectivity between virtual networks
May include but not limited to: Create and configure VNET peering; create and configure VNET to VNET; verify virtual network connectivity; create virtual network gateway

VNET Peering: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
Virtual Network Gateway: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
Verify Connection: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-verify-connection-resource-manager
Site to Site VNET: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

Implement and manage virtual networking
May include but not limited to: Configure private and public IP addresses, network routes, network interface, subnets, and virtual network

Configure Private IP address: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-private-ip-arm-pportal
Configure Public IP address: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-deploy-static-pip-arm-portal
Configure Routing: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
IP Addressing VNET: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-ip-addresses-overview-arm

Configure name resolution
May include but not limited to: Configure Azure DNS; configure custom DNS settings; configure DNS zones

DNS Azure: https://docs.microsoft.com/en-us/azure/dns/dns-zones-records
DNS Azure FAQ: https://docs.microsoft.com/en-us/azure/dns/dns-faq
Manage Azure DNS: https://docs.microsoft.com/en-us/azure/dns/dns-operations-dnszones-portal
Configure DNS Zones Azure: https://docs.microsoft.com/en-us/azure/dns/dns-operations-recordsets

Create and configure a Network Security Group (NSG)
May include but not limited to: Create security rules; associate NSG to a subnet or network interface; identify required ports; evaluate effective security rules

Azure IaaS Security: https://msandbu.org/microsoft-azure-and-security-best-pratices-part-1-identity/
Create Security Rules Azure: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic-powershell
Diagnose Azure NSG Rules: https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-traffic-filter-problem

Manage identities (15-20%)

Manage Azure Active Directory (AD)
May include but not limited to: Add custom domains; configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming; configure self-service password reset; implement conditional access policies; manage multiple directories; perform an access review

Azure AD Custom Domains: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
Azure Self Service Reset: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
Azure Identity Security: https://msandbu.org/microsoft-azure-and-security-best-pratices-part-1-identity/
Enable Enterprise State Roaming: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-windows-enterprise-state-roaming-enable

Manage Azure AD objects (users, groups, and devices)
May include but not limited to: Create users and groups; manage user and group properties; manage device settings; perform bulk user updates

Manage Devices: https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
Bulk Update Azure AD Users: http://ericphan.net/blog/2017/9/26/azure-active-directory-bulk-updating-user-profile-attributes-using-powershell
Create Groups Azure AD: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal
Dynamic Rules Azure AD Group: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

Implement and manage hybrid identities
May include but not limited to: Install and configure Azure AD Connect; configure federation and single sign-on; manage Azure AD Connect; manage password sync and writeback

Configure Federated Access: https://docs.microsoft.com/en-us/azure/active-directory/application-config-sso-how-to-configure-federated-sso-gallery
Install Azure AD Connect: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom
Configure Password Writeback: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-writeback

Study Guide – AZ-101

Evaluate and perform server migration to Azure (15-20%)

Evaluate migration scenarios by using Azure Migrate
May include but not limited to: Discover and assess environment; identify workloads that can and cannot be deployed; identify ports to open; identify changes to network; identify if target environment is supported; setup domain accounts and credentials

Asessment Azure Migrate: https://docs.microsoft.com/en-us/azure/migrate/tutorial-assessment-vmware
Ports Required: https://docs.microsoft.com/en-us/azure/migrate/migrate-overview

Migrate servers to Azure
May include but not limited to: Migrate by using Azure Site Recovery (ASR); migrate using P2V; configure storage; create a backup vault; prepare source and target environments; backup and restore data; deploy Azure Site Recovery (ASR) agent; prepare virtual network

Azure Site Recovery: https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure
Prepare Azure: https://docs.microsoft.com/en-us/azure/site-recovery/tutorial-prepare-azure
MIgrate P2V: https://docs.microsoft.com/en-us/azure/site-recovery/physical-azure-disaster-recovery#create-a-replication-policy

Implement and manage application services (20-25%)

Configure serverless computing
May include but not limited to: Manage a Logic App resource; manage Azure Function app settings; manage Event Grid; manage Service Bus

Custom Event Grid Events: https://docs.microsoft.com/en-us/azure/event-grid/custom-event-quickstart-portal
Dead Letter Event Grid: https://docs.microsoft.com/en-us/azure/event-grid/manage-event-delivery
Manage an Azure Functions App: https://docs.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-azure-function-app-settings
Monitor Azure Logic App Status: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-monitor-your-logic-apps
Manage Service Bus: https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-metrics-azure-monitor

Manage App Service plans
May include but not limited to: Configure application for scaling; enable monitoring and diagnostics; configure App Service plans

Scaling App Plan: https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-web-scale-a-web-app-in-an-app-service-environment
App Service Plan: https://docs.microsoft.com/en-us/azure/app-service/azure-web-sites-web-hosting-plans-in-depth-overview
Monitor and alerts App Service: https://docs.microsoft.com/nb-no/azure/app-service/web-sites-monitor

Manage App services
May include but not limited to: Assign SSL certificates; configure application settings; configure deployment slots; configure Azure content delivery network (CDN) integration; manage App Service protection; manage roles for an App service; create and manage App Service environment

Use SSL: https://docs.microsoft.com/nb-no/azure/app-service/web-sites-purchase-ssl-web-site
Deployment Slots: https://docs.microsoft.com/en-us/azure/app-service/web-sites-staged-publishing
App Service Protection: https://docs.microsoft.com/en-us/azure/app-service/app-service-security
Patching and updates App Service: https://docs.microsoft.com/en-us/azure/app-service/app-service-patch-os-runtime
CDN Integration: https://docs.microsoft.com/en-us/azure/cdn/cdn-add-to-web-app

Implement advanced virtual networking (30-35%)

Implement application load balancing
May include but not limited to: Configure application gateway and load balancing rules; implement front end IP configurations; manage application load balancing

Application Load Balancing: https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-portal
Configure Application Gateway with PowerShell: https://docs.microsoft.com/en-us/azure/application-gateway/tutorial-manage-web-traffic-powershell
Multiple Front-end: https://docs.microsoft.com/en-us/azure/application-gateway/create-multiple-sites-portal

Implement Azure load balancer
May include but not limited to: Configure internal load balancer, load balancing rules, and public load balancer; manage Azure load balancing

Configure Internal Azure Load Balancer: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-get-started-ilb-arm-ps
Load Balancing Rules: https://docs.microsoft.com/nb-no/azure/load-balancer/load-balancer-distribution-mode
Troubleshoot Azure Load Balancing: https://docs.microsoft.com/nb-no/azure/load-balancer/load-balancer-troubleshoot

Monitor and manage networking
May include but not limited to: Monitor on-premises connectivity; use network resource monitoring and Network Watcher; manage external networking and virtual network connectivity

Implement Network Watcher: https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor
Diagnose a Gateway: https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-communication-problem-between-networks

Integrate on premises network with Azure virtual network
May include but not limited to: Create and configure Azure VPN Gateway; create and configure site to site VPN; configure Express Route; verify on premises connectivity; manage on-premise connectivity with Azure

Configure ExpressRoute: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-howto-circuit-portal-resource-manager
VNET Peering: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
Virtual Network Gateway: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
Verify Connection: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-verify-connection-resource-manager
Site to Site VNET: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

Secure identities (25-30%)

Implement Multi-Factor Authentication (MFA)
May include but not limited to: Enable MFA for an Azure tenant; configure user accounts for MFA; configure fraud alerts; configure bypass options; configure trusted IPs; configure verification methods; manage role-based access control (RBAC); implement RBAC policies; assign RBAC Roles; create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure

Configure Fraud Alerts: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#fraud-alert
Configure Cloud Based MFA: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
Custom Roles: https://msandbu.org/microsoft-azure-and-security-best-pratices-part-1-identity/
Trusted IP’s: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips

Manage role-based access control (RBAC)
May include but not limited to: Create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure; troubleshoot RBAC; implement RBAC policies; assign RBAC roles

Custom Roles: https://msandbu.org/microsoft-azure-and-security-best-pratices-part-1-identity/
Troubleshoot RBAC: https://docs.microsoft.com/en-us/azure/role-based-access-control/troubleshooting

Implement Azure Active Director (AD) Privileged Identity Management (PIM)
May include but not limited to: Activate a PIM role; configure just-in-time access, permanent access, PIM management access, and time-bound access; create a Delegated Approver account; enable PIM; process pending approval requests

Activate a PIM Role: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-activate-role
Just in time: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-assign-roles
Delegated Provider: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow#view-pending-approvals-requests
Enable PIM: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started

You May Also Like

About the Author: Marius Sandbu

4 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *