Azure identities and governance (15-20%)
Manage Azure AD objects
- Create users and groups
- Manage user and group properties
- Manage device settings
- Perform bulk user updates
- Manage guest accounts
- Configure Azure AD join
- Configure self-service password reset
Manage role-based access control (RBAC)
- Create a custom role
- Provide access to Azure resources by assigning roles (subscriptions, resource groups. resources)
- Interpret access assignments
- Manage multiple directories
Manage subscription and governance
- Configure Azure policies
- Configure resource locks
- Apply tags
- Create and manage resource groups (move and remove)
- Manage subscriptions
- Configure Cost Management
- Configure management groups
Implement and manage storage (10-15%)
Manage storage accounts
- Configure network access to storage accounts
- Create and configure storage accounts
- Generate shared access signature
- Implement Azure storage replication
- Configure Azure AD Authentication for a storage account
Manage data in Azure Storage
- Export from Azure job
- Import into Azure job
- Copy data by using AZCopy
Configure Azure files and Azure blob storage
- Create an Azure file share
- Create and configure Azure File Sync service
- Configure Azure blob storage
- Configure storage tiers for Azure blobs
Deploy and manage Azure compute resources (25-30%)
Configure VMs for high availability and scalability
- Configure high availability
- Deploy and configure scale sets
Automate deployment and configuration of VMs
- Modify Azure Resource Manager (ARM) template
- Configure VHD template
- Deploy from template
- Save a deployment as an ARM template
- Automate configuration management by using custom script extensions
Create and configure VMs
- Configure Azure Disk Encryption
- Move VMs from one resource group to another
- Manage VM sizes
- Add data discs
- Configure networking
- Redeploy VMs
Create and configure containers
- Create and configure Azure Kubernetes Service (AKS)
- Create and configure Azure Container Instances (ACI)
Create and configure Web Apps
- Create and configure App Service
- Create and configure App Service Plans
Configure and manage virtual networking (30-35%)
Implement and manage virtual networking
- Create and configure VNET peering
- Virtual network peering overview
- Create, change, or delete a virtual network peering
- Azure Virtual Network frequently asked questions (FAQ) VNet Peering
- Tutorial: Connect virtual networks with virtual network peering using the Azure portal
- Create a virtual network peering – different deployment models, same subscription
- Distribute your services across Azure virtual networks and integrate them by using virtual network peering
- Configure private and public IP addresses, network routes, network interface, subnets, and virtual network
- What is Azure Virtual Network?
- Quickstart: Create a virtual network using the Azure portal
- Virtual network traffic routing
- Networking limits
- Create, change, or delete a public IP address
- Add, change, or remove IP addresses for an Azure network interface
- Associate a public IP address to a virtual machine
- Subnet extension
- Virtual network traffic routing
- Add network interfaces to or remove network interfaces from virtual machines
- Design an IP addressing schema for your Azure deployment
- Manage and control traffic flow in your Azure deployment with routes
Configure name resolution
- Configure Azure DNS
- Configure custom DNS settings
- Configure a private or public DNS zone
Secure access to virtual networks
- Create security rules
- Associate an NSG to a subnet or network interface
- Evaluate effective security rules
- Deploy and configure Azure Firewall
- Deploy and configure Azure Bastion Service
Configure load balancing
- Configure Application Gateway
- Configure an internal load balancer
- Configure load balancing rules
- Configure a public load balancer
Monitor and troubleshoot virtual networking
- Monitor on-premises connectivity
- Use Network Performance Monitor
- Use Network Watcher
- Troubleshoot external networking
- Troubleshoot virtual network connectivity
Integrate an on-premises network with an Azure virtual network
- Create and configure Azure VPN Gateway
- Create and configure VPNs
- Configure ExpressRoute
- Configure Azure Virtual WAN
Monitor and back up Azure resources (10-15%)
Monitor resources by using Azure Monitor
- Configure and interpret metrics (Analyze metrics across subscriptions)
- Configure Log Analytics (Implement a Log Analytics workspace, Configure diagnostic settings)
- Query and analyze logs (Create a query, Save a query to the dashboard, Interpret graphs)
- Set up alerts and actions (Create and test alerts, Create action groups, View alerts in Azure Monitor, Analyze alerts across subscriptions)
- Configure Application Insights
Implement backup and recovery
- Configure and review backup reports
- Perform backup and restore operations by using Azure Backup Service
- Create a Recovery Services Vault (Use soft delete to recover Azure VMs)
- Create and configure backup policy
- Perform site-to-site recovery by using Azure Site Recovery