Azure Exam Study Guide

The following, is how I go about preparing for an Azure exam which I want to study for. Hopefully this will give you an idea into how I prepare for any Azure exam.

Lets use the AZ-500 Azure Security exam as an example since this is what I will be studying for going forward.

Step 1
Locate the actual Microsoft exam page which contains all the info on the actual exam: –

https://www.microsoft.com/en-us/learning/exam-az-500.aspx

I start by reading through this carefully, checking this page regularly whilst studying for it so that nothing has changed, as this can happen so remember to check back often.

Step 2
I then make a OneNote page of all the Skills being Measured like so:-

  • Manage identity and access (20-25%)
  • Implement platform protection (35-40%)
  • Manage security operations (15-20%)
  • Secure data and applications (30-35%)

This exam looks to be well spread out across all 4 areas. SO now I will take each skill being measured and then copy this into my OneNote page.

Step 3
Now I will go and find links on docs.microsoft.com for each of the skills being measured.

Tip
:- Some people may already have done this so google for AZ-500 exam study guides and use them if you prefer doing that. my twitter friends https://twitter.com/Pixel_Robots and https://twitter.com/tamstar1234 both have excellent study guides on a number of exams.

Step 4
I search for online training on Edx, Udemy, Pluralsight etc and read the reviews, of late I have solely used Edx, as those courses are specifically written with the exam skills being measured in mind (straight to the good stuff). If I want a more rounded course I’ll also check out Udemy and Pluralsight etc.

Step 5
I take notes as I go and pop the main themes and big picture content into my OneNote page for brushing up just before my exam.

Step 6
I have a calendar above my monitor at home and I plan out the end goal for each section with a rough idea of when I hope to have the section completed by.

Step 7
Finish off the course and then I look for practice exams, I’ve used Whizlabs for the AZ-400 which was great, I’ve used Udemy for the Az-100, 200 and 300 exams. Anything I get wrong or just don’t understand I’ll review and try to find other resources, maybe Microsoft Learn or other resources.

Step 8
Once I am getting 80% or above in the practice tests I book the exam soon after it and take it.

I have done this on the last 4 or 5 exams I’ve sat and it works for me, it might work for you it might not.

Notes
I spend 2 hours a night studying for the exam 5 or 6 nights a week, it took a lot of dedication and hard work, not everyone has that time, I made time, I stopped doing some stuff as I wanted to learn, I get it, its not for all.
I am happy to help, give advice to anyone looking for it with the exams, good luck with sitting your exam and hopefully someone find this useful.

 

 

 



Learning Azure, becoming an MVP, failure and more

18 months ago I decided to learn Azure, it was about time I learned some cloud skills (Azure for me). The following is a quick run through of my journey to where I am now, I’m really just getting started but in reflection happy with where I am heading, always to remember to invest in yourself.

I work full-time at Sword IT in Glasgow, Scotland and have had some hands on time with Azure through work, couple of projects have helped me learn. I’ve managed to help our company get more in the way of Gold certifications this year which has been pretty cool, that means we get more benefits as a company, something I am proud of.

When trying to start learning Azure, its easy to get lost in the enormity of the platform, being a dev, I decided to take a look around and formulate a plan for learning Azure. It soon became clear that the best for way me to learn something new is to work towards a goal, so my first goal was to sit and hopefully pass an Azure exam. Goals are important for me as it means I have a plan and can work towards achieving something.

Recently I have had a number of people reach out to me asking how I went about it, what tips can I give them and how did I go about learning Azure and passing exams etc.

Which exam would I start with, and which exam should you start with? –  well that depends on your experience and background, its not the same for everyone but here are my thoughts and how I went about it.

I have a blog title Azure Exam Study Guide which describes my method for studying for Azure exams.

I looked for resources to start learning Azure and read a fair bit to get me started, not too long after that I saw a blog post announcing the AZ-100 beta exam, which was only going to cost me £27 ,the problem was if I recall correctly, I had 2 weeks before the beta closed to sit the exam, it may have been a month but it wasn’t long. I created a OneNote page with all of the links and notes I took whilst I went about my study, for this exam I set a learning goal of 2 hours per night studying. I found some very handy Udemy courses from Scott Duffy and went through the entire course end to end and booked the exam. I sat my very first Azure exam (actually my first Microsoft exam since the days of the MCSD exams) so it had been a while.

I failed the exam with a score of 671 out of 1000 (passing score was 700), for me this just whet my appetite and if you know me learning is my thing. Six days later I sat the AZ-101 beta exam and again failed with 655 out of 100 (passing score was 700). Taken 2 exams and failed them both, bummer you might say, nope, I had learned a serious amount from where I had came from and was loving learning all about Azure. Read more about

At this point the burning desire to learn was there, nothing was gonna stop me from passing my first Azure exam, I kept studying even though I knew these 2 exams weren’t really my cup of tea, I didn’t have much hands on experience of the content and I struggled with Azure Networking at the time.

Fast forward 2 months and the Azure Architect Beta exams (AZ-300 and AZ-301) were announced and I thought lets give them a go, I had been studying relentlessly for 2 hours a night every single night, when I say I didn’t even watch television I really didn’t watch any at all, I wanted to pass the Architect exams. I sat both, failed the AZ-300 and passed the AZ-301, I actually thought that I would pass AZ-300 and fail AZ-301, but who cares I had passed an Azure Architect exam (which does cover a lot) my studying was paying off, I had spent a lot of time doing hands on labs, finding the best resources, it was sinking in now, where previously in the other 2 exams I was still unsure to an extent.

Let me say one thing, the feeling of passing your exam is worth all of the hard work, I was super delighted and just wanted to keep going.

Crazy as this sounds I sat the 2 Developer beta exams 3 and 4 days later, I have a dev background, I had been using Azure on a project at work building a distributed system with these tools, I sat both exams and passed them both, I was now a certified Azure Developer, badge and all.

Not long after that I sat the Azure Devops exam AZ-400, Devops was something I had done in a lot of previous jobs and I had a lot of experience with numerous tools. I sat the Azure Devops beta exam and failed with 685 out of 1000 (passing score was 700), man that hurt! – I didn’t put the effort in, I spent time studying but after sitting the exam realised what I had been studying wasn’t the right material, I got lazy basically, didn’t do my homework correctly by carefully looking at the Microsoft exam page and going over each link carefully on places like docs.microsoft.com, lesson learned. I passed the exam after taking some time off from studying, I was officially burned out from 2 hours a night for 3-4 months.

In the end I had sat 9 exams in just under 4 months, crazy yeah, not a great idea in retrospective but when you fail an exam the burning desire to pass and learn more, took over for me.

MVP
All whilst this was happening I had been nominated for the MVP award (I wrote about that here) and I’ll move onto cover what I was doing for that, I’ve covered all of this before in previous blog posts, which I will leave you to find but here’s a list of a few of the main things I was also up to whilst studying.

My advice for people looking to become an MVP is think of ways you can help the community, not just blogging, go further, do more, you’ll learn a lot, you’ll grow as a person by being uncomfortable, push yourself and you’ll be rewarded in many way’s.

I’ve been lucky enough to been asked on podcasts, asked to do training videos, write books, I’ve met Scott Guthrie and a lot more just from being active in the community. Follow more people on twitter, honestly grow your network.

Next up, I don’t share my goals, I have a few still to attain this year and next year is when I’ll start looking at doing more talks.

I have a lot of people to thank for where I have gotten to but I have thanked them all personally or online as I haven’t met them yet, going to Ignite and the MVP Summit I hope to meet many more and also thank them personally.

Hard work pays off.

  • You can find all of posts on Azure here
  • You can find all about the Azure exams here

Please feel free to reach out to me on LinkedIn or Twitter, happy to mentor anyone if I can with anything I can.



Microsoft MVP Award – How do you become an MVP?

Hi folks, on the 1st of August I was lucky enough to achieve the MVP award from Microsoft Azure. A number of people have contacted me asking for some guidance and this post will cover that.

Let me start with a bit of background, I started the MVP nomination process back last November, at that time you could self nominate and due to the sheer number of people self nominating this had to be changed to give the team who run the program a chance to review each nomination.

Now that the process has changed, you need to be either nominated by an fellow MVP or by a current Microsoft employee.

Once you have been nominated you’re asked to fill out a form which is used to collate what community activities you have been involved in for the previous 12 months. If you don’t have 12 months previous contributions then personally I would wait until you have a solid 12 months.

Ok, so you’ve filled out your form and you have the contributions added, now you have to be very patient, it wont happen overnight, but your form will be reviewed within 90 days of submission, so you will hear something from the designated person who covers your part of the world.

If your looking for ideas of contributions then I will list a few of mine below and I’ll also say this, your already a community star if your helping people.

Here are a list of some of the things you can do to help the community: –

  • Start a blog, writing about topics people will find helpful
  • Start a User Group or ask to get involved running an existing one
  • Give a talk(s) at local User Groups
  • Help organise events that help the community
  • Share code on GitHub or elsewhere that showcase’s examples or helps people in some way
  • Network on social media with people who you may be able to help, join forums like Microsoft Tech Community where you can ask and answer questions
  • Create a YouTube channel or join Techsnips.io and record videos demoing your knowledge to help others

You need to be active in the community, you shouldn’t be trying to become an MVP, you should want to be contributing to the community first and foremost.

If, like me, one of your goals is to try to help people in the community then you might be lucky enough to be nominated for the award.

I have been an MVP now for 2 weeks and all I can say is that there a lot of benefits to being an MVP, the number one for me is access to a lot more information which means I will hopefully be able to help even more people going forward.

To end this blog post I would say do as much as you can, help as many people as you can and you’ll be on track, talk to existing MVP’s, find your local Community Progam Manager and I wish you all the very best.

Get in touch in the comments below or get me on twitter if you have any specific questions.

 



Azure Cost Management – 8 tools to help optimise spending and maximise potential in the cloud

Hi folks, earlier this month I wrote an article about Azure Cost Management for Nigel Frank International who are a global leader in Microsoft Recruitment, if you want to learn all about Azure Cost Management you can read my article on 8 tools to help optimise spending and maximise potential in the cloud

I hope you find this article useful and as always leave feedback below.



How to Use The Azure KeyVault Service

The Azure Key Vault Service is where you store certificate keys, passwords and more instead of having them stored within your application.

Reducing the chance that application secrets can be leaked is always a good thing, don’t store things like access key’s and usernames and passwords in your application config files etc. – Azure Key Vault is where you will want to store these types of secrets.

Here is a quick list of things you can use Azure Key Vault for:-

  • Certificate Management
  • Secret Management
  • Key Management

A good example of ways to improve existing code is say you have a connection string to SQL Server and you have hard-coded this connection string to use the username and password of an account to gain access to the data held within your SQL Database (back in the day this was fairly common), even encrypting the connection string isn’t as secure as it could be. Changing the code to store the connection string inside Azure Key Vault is one idea (there are a few available), this way you can lock down who can see the connection string, so that people wont be able to get access to the database unless they have the rights to read the connection string from Azure Key Vault (this is just a very simple example).

Other useful things you can use Azure Key Vault for is to create and therefor control encryption keys, instead of doing this manually you can leverage Azure Key Vault functionality to do this on your behalf,  and you can also provision and manage SSL Certificates which is extremely useful.

With Azure Key Vault you can control access to the Vault using policies. This means you decide who can do things like read, write, edit secrets and keys stored within the KeyVault.

Azure Key Vault can be integrated with a number of services including: –

  • Sql Server
  • Azure Functions
  • Azure Web Apps and many more

To read more about Azure Key Vault here is a link to the official documentation.



How to Use The Azure Traffic Manager

Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.

What this mean is that you can distribute the traffic your web application receives across different regions throughout the world and this is a great Azure feature – other features like the Azure Load Balancer and Application Gateway cant distribute traffic across regions.

Azure Traffic Manager has a number of routing methods and its important to know the options available and what you can use them for: –

  • Priority: Use Priority when you want to use a primary service endpoint for all traffic, and provide backups in case the primary or the backup endpoints are unavailable.
  • Weighted: Use Weighted when you want to distribute traffic across a set of endpoints, either evenly or according to weights, which you define.
  • Performance: Use Performance when you have endpoints in different geographic locations and you want end users to use the “closest” endpoint in terms of the lowest network latency.
  • Geographic: Use Geographic so that users are directed to specific endpoints (Azure, External, or Nested) based on which geographic location their DNS query originates from. This empowers Traffic Manager customers to enable scenarios where knowing a user’s geographic region and routing them based on that is important.
  • Multivalue: Use MultiValue for Traffic Manager profiles that can only have IPv4/IPv6 addresses as endpoints. When a query is received for this profile, all healthy endpoints are returned.
  • Subnet: Use Subnet traffic-routing method to map sets of end-user IP address ranges to a specific endpoint within a Traffic Manager profile. When a request is received, the endpoint returned will be the one mapped for that request’s source IP address.

A good example of why Traffic Manager is super awesome, lets say you have your web app running in the North Europe region,  all users get directed to this region, what would happen if this region were to go down, not good! – with Traffic Manager you could have a second region (lets say UK South for this example) which has a copy of the web application and If the first region (North Europe) were to go down then Traffic manager would move all of your traffic to the second region meaning your website stays up and running, your users stay happy and bingo, now you have a highly available web application, this is known as performing a failover, also note your now paying for both regions but you have the added reliability and high availability your users may demand.

On a project at work we had a requirement which was basically make the website responsive to users around the globe, one way to aid in this is to use Traffic Manager and implement the Performance routing method, we had a copy of the web application deployed to 3 or 4 regions and when users would hit the website they would be directed to their nearest region which helps with faster response times.

You can read the official documentation on Azure Traffic Manager for lots more information.



How to Use Azure Managed Service Identity

In this blog post I will cover Azure Managed Service Identity covering the basics for what you should know regarding this feature in Azure.

Managed Service Identity allows you to securely access your Azure resources and avoid storing credentials in your code like to access these resources, think of things like adding access keys to storage accounts as an example, this is bad practice and you certainly don’t want to add them to your code bas to be checked into git for example.

You can create service identities for a number of Azure resources already and more are coming, examples of the resources you can create service identities include the following: –

  • Azure Virtual Machines
  • Azure Virtual Machine Scale Sets
  • Azure App Service
  • Azure Functions
  • Azure Logic Apps
  • Azure Service Bus
  • Azure Event Hubs
  • Azure API Management
  • Azure Container Instances
  • Azure Container Registry Tasks

If you have some code that needs to access a storage account and you have added the access key to the code in order to access the storage account (please never do this its very bad practice and someone might gain access to your storage account if you do this), perhaps you’ve even moved the access key into Key Vault which is another option,  well you could even go a step further and improve security even further.
To do this you can take advantage of managed service identities and instead of using an access key you use a temporary access token, which is generated at run-time. This can then be used to assign role based access control for other resources.

The managed identity for the resource is generated within Azure AD.

Managed Identities come in 2 forms: –

  • System-assigned managed identity (enabled on an Azure service instance)
  • User-assigned managed identity (Created for a stand alone Azure resource)

You can learn more from the docs.

 



How to Use Azure Role Based Access Control

When it comes to Azure Security there are several options available, in this blog post I’ll cover Role Based Access Control (RBAC for short).

RBAC is about giving access to Azure resources at a granular level, you can give access to the Subscription all the way down to just a single resource within a subscription. This is perfect if you have the scenario where you have a lot of Azure resources and you may just want to give someone access to just a Virtual Machine or maybe just read-only access to say a storage account.

Azure has built in Roles which you can assign to users, the most common of these roles are as follows: –

  • Owner – Has full access to all resources including the right to delegate access to others.
  • Contributor – Can create and manage all types of Azure resources but can’t grant access to others.
  • Reader – Can view existing Azure resources.
  • User Access Administrator – Lets you manage user access to Azure resources.

You can also create your own custom roles which can be made of different access.

RBAC works when assigned against what’s known as a Security Principal in other words a User, Group, Service Principal or a Managed Identity.

RBAs is made of role definitions and these have action which are assigned to the role definition, an example of this would be say Billing Reader, this allows the user read access to Billing Data. The list of roles are seen below: –

 

 

The last thing we need to touch on is the Scope that the RBAC can be assigned, this can take the form of the following: –

  • Management Group Level
  • Subscription Level
  • Resource Group Level
  • Resource Level

At work we normally give people in the project Contributor access to a Resource Group or Groups and normally one, maybe two at most are Owners of the Subscription. If we wish to give some one read-only access to view resources then we make them a Reader.

If we are working on a project and want to give a new dev Contributor access to a Resource Group, then I would log in as an Owner and then find the subscription, chose the subscription and then select Access Control (IAM), and then Add a Role Assignment.

You can also setup alerts when an Owner gives some other user access to your Azure resources if required.


Tags:


Azure Resource Locks

Azure resource locks will at some point save your bacon, it will trust me.
If you want to stop people being able to delete a development resource when they think it’s no longer being used, or more importantly on production resources so that they cannot be deleted (until the lock is deleted), then Azure locks are your friend

Azure Resource Locks are often over looked, most people know about them but never implement them, its always a good idea to use them, so what are you waiting for?

They can be applied at different levels ranging from the Resource Group (think of a folder where your Azure resources reside), down the individual resources themselves.

If there are a few people in your organisation that have one of the roles where they have access privileges to delete resources then Azure resource locks might be something to look into further.

To add a Resource Lock to any resource, simply locate the resource and then click on Locks as per below

As you can see, there are 2 different types of resource locks: –

  • Read-Only – means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
  • Delete – means authorized users can still read and modify a resource, but they can’t delete the resource.

So how do locks actually work?

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence.
Unlike role-based access control, you use management locks to apply a restriction across all users and roles.

You can read up more on Azure Locks from the documentation. Go add locks to your production resources just in case, better to be safe than sorry.



Scottish Summit 2020

On February 29th 2020, we are hosting a brand new, FREE event here in Scotland, UK which is called the Scottish Summit which will have several tracks running.

We are bringing over 60 sessions to you covering multiple tracks as per below:-

  • Dynamics for Customer Engagement
  • Azure
  • Big Data
  • Power Platform
  • Microsoft ERP
  • Personal Development
  • SharePoint
  • Office 365

The call for speakers page is already up and running with a number of great sessions already submitted, if you’d like to talk at this event then please submit your talk.

To find out more about the event you can view the website and see the list of speakers.

I am giving  a talk titled “Super charge your Azure learning” where I will cover how I have learned Azure and go over all the very best resources I have came across in the last 18 months of learning Azure. This talk will be for all levels, people getting started, people who know some Azure and want to learn a bit more, right up to Azure experts who might want to branch out their learning into new areas.

Topics will include:-

  • Getting started learning Azure
  • Azure Services
  • Azure Devops
  • Exams
  • And much more

If you wish to attend then grab your FREE ticket – hope to see you there!