Microsoft Azure Infrastructure and Deployment (beta) AZ-100
Posted in Azure, Best Practices
The following is a study guide for the AZ-100 Azure exam
Manage Azure subscriptions and resources (15-20%)
Manage Azure subscriptions
- May include but not limited to: Assign administrator permissions; configure cost center quotas and tagging; configure subscription policies
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator
https://docs.microsoft.com/en-us/azure/billing/billing-getting-started
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
https://docs.microsoft.com/en-us/azure/security-center/security-center-policies
https://docs.microsoft.com/en-us/azure/security-center/security-center-azure-policy
Analyze resource utilization and consumption
- May include but not limited to: Configure diagnostic settings on resources; create baseline for resources; create and rest alerts; analyze alerts across subscription; analyze metrics across subscription; create action groups; monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; view alerts in Log Analytics
https://richardwaal.nl/2018/02/07/enable-multiple-diagnostic-settings-on-azure-resources-with-arm-templates/
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview
https://stackoverflow.com/questions/43397853/baseline-environment-with-azure
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/insights-alerts-portal
https://msdn.microsoft.com/en-us/library/azure/dn510366.aspx
https://msdn.microsoft.com/en-us/library/azure/dn933805.aspx
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-alerts
https://azure.microsoft.com/en-us/blog/alerting-and-notifications-support-for-windows-azure-applications/
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-azure-storage
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-metrics
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-create-action-group-with-resource-manager-template
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-action-groups
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview
https://azure.microsoft.com/en-us/blog/announcing-azure-advisor-azure-monitor-and-resource-health/
https://azure.microsoft.com/en-us/pricing/details/monitor/
https://docs.microsoft.com/en-us/azure/billing/billing-download-azure-invoice-daily-usage-date
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-tutorial-response
Manage resource groups
- May include but not limited to: Allocate resource policies; configure resource locks; configure resource policies; implement and set tagging on resource groups; move resources across resource groups; remove resource groups
https://docs.microsoft.com/en-us/azure/azure-policy/azure-policy-introduction
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
https://azure.microsoft.com/en-us/blog/portal-preview-of-azure-resource-policy-2/
https://azure.microsoft.com/en-us/blog/azure-resource-policy-ga/
http://www.azurefieldnotes.com/2016/07/18/azure-resource-tagging-best-practices/
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources
https://blogs.msdn.microsoft.com/azuregov/2016/12/09/copying-azure-resource-groups-between-different-azure-subscriptions-or-environments/
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-portal
Implement and manage storage (20-25%)
Create and configure storage accounts
- May include but not limited to: Configure network access to the storage account; create and configure storage account; generate shared access signature; install and use Azure Storage Explorer; manage access keys; monitor activity log by using Log Analytics; implement Azure storage replication
https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account
https://docs.microsoft.com/en-us/azure/cost-management/storage-accounts
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-dotnet-shared-access-signature-part-2
https://azure.microsoft.com/en-us/features/storage-explorer/
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis
https://docs.microsoft.com/en-gb/azure/key-vault/
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-activity
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://blogs.msdn.microsoft.com/cloud_solution_architect/2016/05/09/azure-storage-account-backup-azure-automation-runbook-azure-functions/
Import and export data to Azure
- May include but not limited to: Create export from Azure job; create import into Azure job; configure and use Azure blob storage; configure Azure content delivery network (CDN) endpoints
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-creating-an-import-job
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-creating-an-export-job
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-service
https://azure.microsoft.com/en-us/resources/samples/storage-dotnet-import-export-job-management/
https://azure.microsoft.com/en-us/blog/introducing-the-windows-azure-content-delivery-network/
https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
https://docs.microsoft.com/en-us/azure/cdn/cdn-create-new-endpoint
Configure Azure files
- May include but not limited to: Create Azure file share; create Azure File Sync service; create Azure sync group; troubleshoot Azure File Sync
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=portal
https://azure.microsoft.com/en-gb/roadmap/azure-file-sync/
https://azure.microsoft.com/en-us/blog/azure-sql-data-sync-refresh/
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-sync-data
Implement Azure backup
- May include but not limited to: Configure and review backup reports; perform backup operation; create Recovery Services Vault; create and configure backup policy; perform a restore operation
Deploy and manage virtual machines (VMs) (20-25%)
Create and configure a VM for Windows and Linux
- May include but not limited to: Configure high availability; configure monitoring, networking, storage, and virtual machine size; deploy and configure scale sets
Automate deployment of VMs
- May include but not limited to: Modify Azure Resource Manager (ARM) template; configure location of new VMs; configure VHD template; deploy from template; save a deployment as an ARM template; deploy Windows and Linux VMs
Manage Azure VM
- May include but not limited to: Add data discs; add network interfaces; automate configuration management by using PowerShell Desired State Configuration (DSC) and VM Agent by using custom script extensions; manage VM sizes; move VMs from one resource group to another; redeploy VMs
Manage VM backups
- May include but not limited to: Configure VM backup; define backup policies; implement backup policies; perform VM restore
Configure and manage virtual networks (20-25%)
Create connectivity between virtual networks
- May include but not limited to: Create and configure VNET peering; create and configure VNET to VNET; verify virtual network connectivity; create virtual network gateway
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
https://blogs.msdn.microsoft.com/azureedu/2018/04/24/how-to-setup-global-vnet-peering-in-azure/
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vnet-vnet-rm-ps
https://blogs.technet.microsoft.com/canitpro/2014/06/03/step-by-step-configure-vnet-to-vnet-connectivity-in-azure/
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
Implement and manage virtual networking
- May include but not limited to: Configure private and public IP addresses, network routes, network interface, subnets, and virtual network
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-addresses
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-private-ip-arm-pportal
https://blogs.technet.microsoft.com/canitpro/2017/03/15/step-by-step-setup-multiple-public-ips-on-a-vm-in-azure/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal
https://docs.microsoft.com/en-us/azure/virtual-network/
https://azure.microsoft.com/en-us/services/virtual-network/
Configure name resolution
- May include but not limited to: Configure Azure DNS; configure custom DNS settings; configure DNS zones
https://azure.microsoft.com/en-gb/services/dns/
https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal
https://blogs.msdn.microsoft.com/kaushal/2013/07/05/azure-app-service-how-to-configure-a-custom-domain/
https://docs.microsoft.com/en-us/azure/dns/dns-zones-records
Create and configure a Network Security Group (NSG)
- May include but not limited to: Create security rules; associate NSG to a subnet or network interface; identify required ports; evaluate effective security rules
https://blogs.msdn.microsoft.com/igorpag/2016/05/14/azure-network-security-groups-nsg-best-practices-and-lessons-learned/
https://azure.microsoft.com/en-us/blog/network-security-groups/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-traffic-filter-problem
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-ports
https://www.danielstechblog.io/microsoft-azure-network-security-group-effective-security-rules-evaluation/
http://itprocentral.com/how-to-manage-network-security-groups-nsg-in-azure/
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-auditing-powershell
Manage identities (15-20%)
Manage Azure Active Directory (AD)
- May include but not limited to: Add custom domains; configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming; configure self-service password reset; implement conditional access policies; manage multiple directories; perform an access review
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-custom-domain
https://blogs.msdn.microsoft.com/azureedu/2016/10/15/how-can-i-use-azure-ad-domain-services/
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection-enable
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect
https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-windows-enterprise-state-roaming-overview
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-windows-enterprise-state-roaming-enable
https://www.petri.com/what-is-azure-active-directory-enterprise-state-roaming
https://docs.microsoft.com/en-us/azure/active-directory/authentication/quickstart-sspr
https://azure.microsoft.com/en-gb/resources/videos/self-service-password-reset-azure-ad/
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-device-policies
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-administer
https://docs.microsoft.com/en-gb/azure/active-directory/privileged-identity-management/pim-how-to-perform-security-review
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-azure-ad-controls-perform-access-review
Manage Azure AD objects (users, groups, and devices)
- May include but not limited to: Create users and groups; manage user and group properties; manage device settings; perform bulk user updates
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-create-ou
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal
https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-graph-api-batch-processing
Implement and manage hybrid identities
- May include but not limited to: Install and configure Azure AD Connect; configure federation and single sign-on; manage Azure AD Connect; manage password sync and writeback
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom
https://docs.microsoft.com/en-us/azure/active-directory/application-config-sso-how-to-configure-federated-sso-gallery
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-whats-next
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-design-concepts
Thank you for taking the time to put this together. Exam scheduled for Wednesday (first MCSA). Fellow Glaswegian.
Cool and good luck be good to hear about your experience
Thanks for this! great work
Very welcome 👍
Great minds think alike https://mikefsa.wordpress.com/2018/07/27/azure-az100-beta-exam/
[…] the beta and there will be practice tests and useful blog posts already available for this exam. https://gregorsuttie.com/2018/07/18/microsoft-azure-infrastructure-and-deployment-beta-az-100/ – so my answer would be do the Administrator, Architect, Developer exams if your able to […]
[…] MS Azure Exam Infrastructure and Deployment AZ-100 by Gregor Suttie […]