Manage Azure subscriptions and

resources (15-20%)
Manage Azure subscriptions
 Assign administrator permissions;
o https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-
subscription-administrator

 Configure cost center quotas and tagging;

o https://buildazure.com/2017/06/14/azure-subscription-resource-limits-
and-quotas/
o https://docs.microsoft.com/en-us/azure/billing/billing-getting-started
o http://resource.onlinetech.com/manage-your-azure-spend-by-cost-
center/

 Configure Azure subscription policies at Azure subscription level

o https://docs.microsoft.com/en-us/azure/governance/policy/overview

o Azure enterprise scaffold: Prescriptive subscription governance

o Examples of implementing Azure enterprise scaffold

o Organizing subscriptions and resource groups within the Enterprise

 Use multiple Azure subscriptions

o Windows Azure tutorial Part 1: Set up and manage subscriptions

o Blog - Subscription Management

Pluralsight - Managing Microsoft Azure Subscriptions

Analyze resource utilization and consumption

 Configure diagnostic settings on resources;

o Automatically enable Diagnostic Settings at resource creation using a
Resource Manager template
 o MANAGING MULTIPLE AZURE DIAGNOSTIC SETTINGS USING AZURE CLI
INSTEAD OF POWERSHEL
o Collect and consume log data from your Azure resources
o https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostics-
extension-overview
o Monitoring data collected by Azure Monitor
 create baseline for resources;
o Manage Azure resources with these top tips of 2017
o Use Cloudyn reports
o Prevent unexpected charges with Azure billing and cost management
 create and test alerts; analyze alerts across subscription;
o Unified alerts in Azure Monitor
o Respond to events with Azure Monitor Alerts
o Create, view, and manage metric alerts using Azure Monitor
o Azure logging and auditing
 analyze metrics across subscription;
o Azure Monitor Metrics Explorer
 create action groups;
o Create and manage action groups in the Azure portal
 monitor for unused resources; monitor spend; report on spend;
 utilize Log Search query functions;
o Log Analytics Examples
 view alerts in Log Analytics

Manage resource groups

 Use Azure policies for resource groups;
o Create and manage policies to enforce compliance
 configure resource locks; configure resource policies;
o Lock resources to prevent unexpected changes
 implement and set tagging on resource groups;
o Use tags to organize your Azure resources
o https://www.pluralsight.com/courses/microsoft-azure-subscriptions-managing
o https://docs.microsoft.com/en-us/azure/architecture/best-practices/naming-
conventions
 move resources across resource groups;
o Move resources to new resource group or subscription
o Azure: How to move resources between subscriptions under different tenants?
o Remove-AzureRmResourceGroup
o Understand limitations
 remove resource groups
 o https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-
delete
o https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/remove-
azurermresourcegroup?view=azurermps-6.13.0

Managed role based access control (RBAC)

 Create a custom role,
o Custom roles in Azure
 configure access to Azure resources by assigning roles,
o Manage access using RBAC and the Azure portal
o Manage access using RBAC and Azure Resource Manager templates
 configure management access to Azure,
 troubleshoot RBAC,
o Troubleshoot RBAC in Azure
 implement RBAC policies,
o What is role-based access control (RBAC)?
 assign RBAC Roles

Pluralsight - Managing Identities in Microsoft Azure Active Directory

Implement and manage storage (5-10%)
Create and configure storage accounts
 Configure network access to the storage account;
o Configure Azure Storage Firewalls and Virtual Networks
o Virtual Network Service Endpoints and Firewalls for Azure Storage now generally
available
 create and configure storage account;
o Create a storage account
o Introduction to Azure Storage
o https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-
account?tabs=azure-portal
o https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-create-account-
block-blob
o https://docs.microsoft.com/en-us/azure/storage/common/storage-account-
manage?toc=%2fazure%2fstorage%2fblobs%2ftoc.json
 generate shared access signature;
o Using shared access signatures (SAS)
o Shared Access Signatures, Part 2: Create and use a SAS with Blob storage
 install and use Azure Storage Explorer;
o https://azure.microsoft.com/en-ca/features/storage-explorer/
o https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-
storage-explorer?tabs=windows
 manage access keys;
o Using shared access signatures (SAS)
o Shared Access Signatures, Part 2: Create and use a SAS with Blob storage
 monitor activity log by using Log Analytics;
o Storage Analytics
 implement Azure storage replication
o https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
o Locally-redundant storage (LRS): Low-cost data redundancy for Azure Storage
o Zone-redundant storage (ZRS): Highly available Azure Storage applications
o Geo-redundant storage (GRS): Cross-regional replication for Azure Storage
o Azure Storage scalability and performance targets
o Designing highly available applications using RA-GRS Storage
o Microsoft Azure Storage redundancy options and read access geo redundant storage

Import and export data to Azure

 Create export from Azure job;
o What is Azure Import/Export service?
o Azure Import/Export system requirements
 o Use Azure Import/Export service to import data to Azure Files
 create import into Azure job;
o https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-
creating-an-import-job?toc=%2fazure%2fstorage%2fblobs%2ftoc.json
 Use Azure Data Box;
o https://docs.microsoft.com/en-us/azure/databox/data-box-overview
 configure and use Azure blob storage;
o Create a storage account
o Introduction to Azure Storage
 configure Azure content delivery network (CDN) endpoints
o What is a content delivery network on Azure?
o Quickstart: Create an Azure CDN profile and endpoint
o Create an Azure CDN endpoint
o Using the Azure CDN to access blobs with custom domains over HTTPS
o https://docs.microsoft.com/en-us/azure/storage/blobs/storage-custom-domain-
name

Configure Azure files

 Create Azure file share;
o Introduction to Azure Files
o Create a file share in Azure Files
o Use an Azure file share with Windows
 create Azure File Sync service;
o Deploy Azure File Sync
o STEP-BY-STEP GUIDE: GETTING STARTED WITH AZURE FILE SYNC SERVICE
o Prepare Windows Server to use with Azure File Sync
 create Azure sync group;
o Create a sync group and a cloud endpoint
 troubleshoot Azure File Sync
o Troubleshoot Azure File Sync

Implement Azure backup

 Configure and review backup reports;
o Configure Azure Backup reports
 perform backup operation;
o Back up a Windows Server or client to Azure using the Resource Manager
deployment model
 create Recovery Services Vault;
o Recovery Services vaults overview
o Monitor and manage Recovery Services vaults
o Set up disaster recovery for Azure VMs to a secondary Azure region.
o Delete a Recovery Services vault
 create and configure backup policy;
o Defining a backup policy
 perform a restore operation
o Restore files to a Windows server or Windows client machine using Resource
Manager deployment model
o Use the Azure portal to restore virtual machines
o Restore An Azure VM to an Availability Set From Azure Backup in the Azure Portal
o Restore Azure Virtual Machines to an Availability Set Using PowerShell
o Using templates to customize restored VMs from Azure Backup
Deploy and manage virtual machines
(VMs) (20-25%)
Create and configure a VM for Windows and Linux
 Configure high availability;
o Understanding Azure Availability Sets
o Tutorial: Create and deploy highly available virtual machines with Azure
PowerShell
o Manage the availability of Windows virtual machines in Azure
o Regions and availability for virtual machines in Azure
o Design for Virtual Machines with High Availability Using Azure
o High availability in Azure
 configure monitoring, networking, storage, and virtual machine size;
o How to monitor virtual machines in Azure
o Rich insights for virtual machines from Azure Monitor
o Microsoft Azure Virtual Machine Monitoring with Azure Diagnostics
Extension
o https://docs.microsoft.com/en-us/azure/virtual-
machines/windows/tutorial-monitoring
 configure monitoring, networking, storage, and virtual machine size;
o Resize virtual machines
o Resize a Windows VM (Powershell)
o Notes on changing Azure VM size
o https://blogs.msdn.microsoft.com/madan/2016/09/28/resize-azure-
resource-manager-arm-vm-os-data-disk-using-azure-portal/
o How to expand the OS drive of a virtual machine
o Expand virtual hard disks on a Linux VM with the Azure CLI
o Overview of Windows virtual machines in Azure
o Quickstart: Create a Windows virtual machine in the Azure portal
o Tutorial: Create and Manage Windows VMs with Azure PowerShell
 deploy and configure scale sets
o Understanding Azure Virtual Machine Scale Sets (Part 1)
o Understanding Azure Virtual Machine Scale Sets (Part 2)
o Virtual Machine Scale Sets
o What are virtual machine scale sets?
o Quickstart: Create a virtual machine scale set in the Azure portal
Automate deployment of VMs
 Modify Azure Resource Manager (ARM) template;
o Create a Windows virtual machine from a Resource Manager template
o Azure Quickstart Templates see 101-vm-*
 configure location of new VMs;
 configure VHD template;
o Creating Virtual Machine Templates in VMM
o How to Create a Template from a Virtual Hard Disk
o How to Create a Virtual Machine Template
 deploy from template;
o Understand the structure and syntax of Azure Resource Manager
Templates
o Deploy resources with Resource Manager templates and Azure
PowerShell
 save a deployment as an ARM template;
o Export an Azure Resource Manager template from existing resources
 deploy Windows and Linux VMs
o Quickstart: Create a Linux virtual machine in the Azure portal
o Quickstart: Create a Windows virtual machine in the Azure portal
o New-AzureQuickVM cmdlet


Manage Azure VM
 Add data discs;
o Attach a managed data disk to a Windows VM by using the Azure portal
o Use the portal to attach a data disk to a Linux VM
o Disks FAQs
o Add a disk
o Detach a disk
o Resize a disk
o Snapshot a disk
o Back up unmanaged disks
o Convert to Managed Disks
o Convert disk between Standard and Premium
o Copy files to a VM
o Migrate to Premium storage with Azure Site Recovery
o Find unattached disks
o Use File storage
o Deploy disks with template
  add network interfaces;
o Add network interfaces to or remove network interfaces from virtual
machines
 automate configuration management by using PowerShell Desired State;
Configuration (DSC) and VM Agent by using custom script extensions;
o Azure Automation State Configuration Overview (and sub-pages)
o Custom Script Extension for Windows
o 201-vm-custom-script-windows
 manage VM sizes;
o Resize virtual machines
o Resize a Windows VM (Powershell)
o Notes on changing Azure VM size
o https://blogs.msdn.microsoft.com/madan/2016/09/28/resize-azure-
resource-manager-arm-vm-os-data-disk-using-azure-portal/
o How to expand the OS drive of a virtual machine
o Expand virtual hard disks on a Linux VM with the Azure CLI
 move VMs from one resource group to another;
o Move a Windows VM to another Azure subscription or resource group
o Migrate Azure VMs to another region
o Move resources to new resource group or subscription
 redeploy VMs
o Redeploy Windows virtual machine to new Azure node
o Redeploy Linux virtual machine to new Azure node
o Set-AzureRmVM -redeploy

Manage VM backups
 Configure VM backup;
o Plan your VM backup infrastructure in Azure
o Deploy a Windows VM and enable backup using Azure Backup
 define backup policies;
o Defining a backup policy
 implement backup policies;
o https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-vms
 perform VM restore;
o Use the Azure portal to restore virtual machines
 Azure Site Recovery
o https://docs.microsoft.com/en-us/azure/site-recovery/
Configure and manage virtual networks
(20-25%)
connectivity between virtual networks
 Create and configure VNET peering;
o Virtual network peering
o Tutorial: Connect virtual networks with virtual network peering using
the Azure portal
o Create, change, or delete a virtual network peering
o https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-
peering-gateway-transit?toc=%2fazure%2fvirtual-network%2ftoc.json
 create and configure VNET to VNET; create virtual network gateway
o Configure a VNet-to-VNet VPN gateway connection using the Azure
portal
o What is VPN Gateway?
o Create a Site-to-Site connection in the Azure portal
o Step-By-Step: Configuring a site-to-site VPN Gateway between Azure
and On-Premise
o Configure Network Performance Monitor for ExpressRoute
o ExpressRoute FAQ
o ExpressRoute Premium Add-on & Pricing
 verify virtual network connectivity;
o Verify a VPN Gateway connection

Implement and manage virtual networking

 Configure private and public IP addresses,
o Configure private IP addresses for a virtual machine using the Azure
portal
o Create a virtual machine with a static public IP address using the Azure
portal
o IP address types and allocation methods in Azure
 network routes,
o Virtual network traffic routing
 network interface, subnets, and virtual network
o Create, change, or delete a network interface
o Add, change, or delete a virtual network subnet
Configure name resolution
 Configure Azure DNS;
o Azure DNS Documentation
o What is Azure DNS?
o Overview of DNS zones and records
o Azure DNS FAQ
o Delegation of DNS zones with Azure DNS
o Tutorial: Create DNS records in a custom domain for a web app
 configure custom DNS settings;
o Name resolution for resources in Azure virtual networks
o Create, change, or delete a network interface
 configure private and public DNS zones
o How to manage DNS Zones in the Azure portal
o Manage DNS records and recordsets in Azure DNS using Azure
PowerShell

Create and configure a Network Security Group (NSG)

 Create security rules;
o Create, change, or delete a network security group
o Security groups
o Azure Network Security Groups (NSG) – Best Practices and Lessons
Learned
o Filter network traffic with a network security group using PowerShell
 associate NSG to a subnet or network interface;
o Step by Step Azure network security groups NSG – Security Center
o Associate network interfaces to an ASG
o Associate network security group to subnet
 identify required ports;
o Diagnose a virtual machine network traffic filter problem
o Automate NSG auditing with Azure Network Watcher Security group
view
 evaluate effective security rules
o https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-traffic-
filter-problem
o https://blogs.msdn.microsoft.com/igorpag/2016/05/14/azure-network-security-
groups-nsg-best-practices-and-lessons-learned/

Implement Azure load balancer

 Configure internal load balancer,
 o What is Azure Load Balancer?
o Internal Load Balancing
o Tutorial: Balance internal traffic load with a Basic load balancer in the
Azure portal
o Using Azure Resource Manager Support with Azure Load Balancer
 configure load balancing rules,
o Azure Load Balancer Standard overview
o Load balance internet traffic to VMs
o Load balance internal traffic to VMs
o Load balance VMs across availability zones
o Load balance VM within a specific availability zone
o Configure port fowarding in Load Balancer
o https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-
outbound-connections
 configure public load balancer,
o https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-create-basic-load-
balancer-portal
 troubleshoot load balancing
o https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-troubleshoot

Pluralsight - Managing Network Load Balancing in Microsoft Azure

Pluralsight - Architecting Azure Solutions (70-534): Infrastructure and Networking

Monitor and troubleshoot virtual networking

 Monitor on-premises connectivity,
o Diagnose on-premises connectivity via VPN gateways
o Create an Azure Network Watcher instance
o View the topology of an Azure virtual network
o Network Performance Monitor’s Service Connectivity Monitor is now
generally available
 use Network resource monitoring,
o Network Watcher
 use Network Watcher, troubleshoot external networking, troubleshoot virtual
network connectivity
o Network connectivity
o Border connectivity

Pluralsight - Connecting Microsoft Azure Virtual Networks

Pluralsight - Connecting On-premises Networks with Azure Virtual Networks

Pluralsight - Architecting Azure Solutions (70-534): Infrastructure and Networking

Integrate on premises network with Azure virtual

network
 Create and configure Azure VPN Gateway,
o What is VPN Gateway?
o Create and manage a VPN gateway
o New-AzureRmLocalNetworkGateway
o Concepts
 Planning and design for VPN Gateway
 About VPN Gateway settings
 About VPN devices
 About cryptographic requirements
 About BGP and VPN Gateway
 About highly available connections
 About Point-to-Site connections
 About Point-to-Site VPN routing
 About zone-redundant gateways for Availability Zones
 create and configure site to site VPN,
o Create and manage S2S VPN connections
 configure Express Route,
o Configure ExpressRoute and Site-to-Site coexisting connections using
PowerShell
 verify on premises connectivity,
o Configuring and validating VNet or VPN connections
o Diagnose on-premises connectivity via VPN gateways
o How to validate VPN throughput to a virtual network
o iPerf - The ultimate speed test tool for TCP, UDP and SCTP
o Troubleshooting: Azure Site-to-Site VPN disconnects intermittently
 troubleshoot on premises connectivity with Azure
o Troubleshooting: Azure Site-to-Site VPN disconnects intermittently
Manage identities (15-20%)
Manage Azure Active Directory (AD)
 Add custom domains;
o How to: Add your custom domain name using the Azure Active
Directory portal
o Managing custom domain names in your Azure Active Directory
 Azure AD Join;
o Azure AD Join
o HOW TO JOIN A WINDOWS 10 COMPUTER TO YOUR AZURE
ACTIVE DIRECTORY
 configure self-service password reset;
o How it works: Azure AD self-service password reset
o How to successfully roll out self-service password reset
o Quickstart: Self-service password reset
o Password management frequently asked questions
 manage multiple directories;
o Creating and Managing Multiple Windows Azure Active Directories
o Manage your Azure Active Directory tenant

Manage Azure AD objects (users, groups, and devices)

 Create users and groups; manage user and group properties;
o How to: Add or delete users using Azure Active Directory
o How to: Create a basic group and add members using Azure Active
Directory
o Dynamic membership rules for groups in Azure Active Directory
o Dynamic membership rules for groups - Create a "Direct reports" rule
 manage device settings;
o How to manage devices using the Azure portal
 perform bulk user updates;
o AZURE ACTIVE DIRECTORY - BULK UPDATING USER PROFILE
ATTRIBUTES USING POWERSHELL
 manage guest accounts
o https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-
guest-access-with-access-reviews
o https://predica.pl/blog/guests-in-the-cloud-how-to-safely-manage-external-users-
using-azure-ad-b2b/
o https://www.bocoprimeit.com/guest-user-access-in-office-365-and-azure-ad/
Implement and manage hybrid identities
 Install Azure AD Connect,
o Getting started with Azure AD Connect using express settings
o Custom installation of Azure AD Connect
 including password hash and pass-through synchronization;
o User sign-in with Azure Active Directory Pass-through Authentication
o Azure Active Directory Pass-through Authentication: Quick start
 use Azure AD Connect to configure federation with on-premises Active Directory
Domain Services (AD DS);
o Azure Active Directory Seamless Single Sign-On
o How to configure federated single sign-on for an Azure AD Gallery
application
o What is application access and single sign-on with Azure Active
Directory?
 manage Azure AD Connect;
o Implement password hash synchronization with Azure AD Connect sync
o Enable password synchronization to Azure Active Directory Domain
Services
o Hybrid identity and Microsoft identity solutions
o Azure AD Connect Health Agent Installation
o ONE OR MORE ON-PREMISE AD OBJECTS DON'T SYNC TO
OFFICE 365 (AAD)
 manage password sync and password writeback
o How-to: Configure password writeback
o Azure AD Connect sync: Understanding the default
configuration Especially
 IsPresent([isCriticalSystemObject]). Ensure many out-of-box
objects in Active Directory, such as the built-in administrator
account, are not synchronized.
o Install and run the Office 365 IdFix tool
o Prepare directory attributes for synchronization with Office 365 by using
the IdFix tool

Implement multi-factor authentication (MFA)

 Configure user accounts for MFA,
o Enforce multi-factor authentication (MFA) for subscription
administrators
 o Tutorial: Complete an Azure Multi-Factor Authentication pilot roll out
o Manage app passwords for two-step verification
 enable MFA by using bulk update,
o https://justidm.wordpress.com/2018/09/14/bulk-pre-register-mfa-for-users-
without-enable-mfa-on-the-account/
o https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-
mfa-userstates
o https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-
sspr-authenticationdata
o https://gallery.technet.microsoft.com/scriptcenter/POWERSHELL-TO-ENABLE-
AZURE-a67dacdc
 configure fraud alerts,
o Fraud alert
 configure bypass options,
o One-time bypass
o Azure Conditional Access with “Skip MFA for Requests From
Federated users on my intranet” option – Scenarios
o Bypass Azure MFA and Azure AD Connect Pass-Through
Authentication
 configure Trusted IPs,
o What is the location condition in Azure Active Directory conditional
access?
o Trusted IPs
 configure verification methods
o Verification methods
o What is conditional access in Azure Active Directory?

Pluralsight - Implementing and Managing Azure Multi-factor Authentication