AZ-900: Microsoft Azure Fundamentals
Module 1: Cloud Concepts
Cloud Models
- Public, Private, and Hybrid Cloud
- Compare Cloud Models
Cloud Benefits and Considerations
- Benefits of Cloud
- Cloud Consideration
Cloud Services
- IaaS, PaaS, SaaS
- Sharing responsibility
Module 2: Core Azure Services
Azure Architectural Components
- Regions and Availability Zones
- Subscriptions and Resource Groups
Core Azure Resources
- Compute
- Networking
- Storage
- Databases
Module 3: Core Solutions
Core Azure Solutions
- IoT to Azure Sphere
- Synapse Analytics to Databricks
- AI/ML
Azure Management Tools
- Portal, Powershell, CLI, and Others
- Advisor, Monitor, and Service Health
Module 4: Security
Azure Security Features
- Security Center and Resource Hygiene
- Key Vault, Sentinel, and Dedicated Hosts
Azure Network Security
- Defense in Depth
- Network Security Groups and Firewalls
- DDoS Protection
Module 5: Identity, Governance, Privacy, and Compliance
Azure Identity Services
- Authentication Verses Authorization
- Azure AD, MFA, SSO, and Conditional Access
Azure Governance Features
- RBAC
- Resource locks and Tags
- Policy, Blueprints, and CAF
Azure Privacy and Compliance
- Privacy statements and Online Services Terms
- Trust Center and Compliance Documentation
- Azure sovereign Regions
Module 6: Azure Pricing and Lifecycle
Methods of Managing Costs
- Factors Affecting Costs
- Options to Reduce and Control costs
- Azure Cost Management
Service Level Agreements and Lifecycles
- Azure Service Level Agreement (SLA)
- Factors Impacting SLAs
- Azure Product and Feature Lifecycle
AZ-104: Microsoft Azure Administrator
Module 1: Identity
Azure Active Directory
- Azure Active Directory
- Azure AD Concepts
- AD DS Vs Azure Active Directory
- Azure Active Directory Editions
- Azure AD Joins
- Self-Service Password Reset
Users and Groups
- User Accounts
- Manging User Accounts
- Bulk User Accounts
- Group Accounts
- Managing Multiple Directories
Lab: Users and Groups
Module 2: Governance and Compliance
Subscriptions and Accounts
- Regions
- Azure Subscription
- Getting a Subscription
- Subscription Usage
- Cost Management
- Resource Tags
- Cost Savings
Azure Policy
- Management Groups
- Azure Policy
- Implementing Azure Policy
- Policy Definitions
- Create Initiative Definitions
- Scope the Initiative Definition
- Determine Compliance
Lab: Azure Policy
Role-Based Access Control
- Role-Based Access Control
- Role Definition
- Role Assignment
- Azure RBAC Roles Vs Azure Administrator Roles
- RBAC Authentication
- Azure RBAC Roles
Lab: RBAC Roles
Module 3: Azure Administration
Resource Manager
- Resource Manager
- Terminology
- Resource Group Deployments
- Resource Manager Locks
- Moving Resources
- Removing Resources and Resource Groups
- Resource Limits
Lab: Resource Groups
Azure Portal and Cloud Shell
- Azure Portal
- Power Shell
Lab: Azure Portal, Power Shell
Azure Power shell and CLI
- Azure Power Shell
- Power Shell Cmdlets and Modules
- Azure CLI
Lab: Working with PowerShell and Azure CLI locally
ARM Templates
- Template Advantages
- Template Schema
- Template Parameters
- QuickStart Templates
Lab: 1. QuickStart Templates
2. Run Templates with Power Shell
Module 4: Virtual Networking
Virtual Networks
- Azure Networking Components
- Virtual Networks
- Subnets
- Implementing Virtual Networks
Lab: Creating Virtual Networks
IP Addressing
- IP Addressing
- Creating IP Addresses
- Public IP Addresses
- Private IP Addresses
Network Security Groups (NSG)
- NSG Rules
- NSG Effective Rules
- Creating NSG Rules
Lab: NSG
Azure Firewall
- Azure Firewall
- Implementing Firewalls
- Firewall Rules
Azure DNS
- Domains and Custom Domains
- Verifying Custom Domain Names
- Azure DNS Zones
- DNS Delegation
- DNS Record Sets
- DNS for Private Domains
- Private Zone Scenarios
Lab: DNS Name Resolution
Module 5: Intersite Connectivity
Vnet Peering
- Gateway transit and Connectivity
- Configure Vnet Peering
- Service Chaining
Lab: Vnet Peering
VPN Gateway Connections
- Implement Site-to-Site VPN Connection
- Create the Gateway Subnet
- VPN Gateway Configuration
- VPN Gateway Types
- VPN Gateway and SKU Generation
- Create the Local Network Gateway
- Configure the On-premises VPN Devices
- Create the VPN Connection
- High Availability Scenarios
Lab: VPN Gateway
ExpressRoute and Virtual WAN
- ExpressRoute
- ExpressRoute Capabilities
- Co-Existing Site-to-Site and ExpressRoute
- Intersite Connection Comparisons
- Virtual WANs
Module 6: Network Traffic Management
Network Routing and Endpoints
- System Routes
- User Defined Routes
- Routing Examples
- Create a Routing Table
- Create a Custom Route
- Associate the Route Table
- Service Endpoints
- Service Endpoint Services
- Private Link
Lab: Custom Routing Tables
Azure Load Balancer
- Public Load Balancer
- Internal Load Balancer
- Load Balancer SKUs
- Backend Pools
- Load Balancer Rules
- Session Persistence
- Health Probs
Azure Application Gateway
- Application Gateway
- Application Gateway Routing
- Application Gateway Configuration
Module 7: Azure Storage
Storage Accounts
- Azure Storage Services
- Storage Accounts Kinds
- Replication Strategies
- Accessing Storage
- Securing Storage Endpoints
Lab: Securing Storage Endpoints
Blob Storage
- Blob Containers
- Blob Access Tires
- Blob Lifecycle Management
- Uploading Blobs
- Storage Pricing
Lab: Blob Storage
Storage Security
- Shared Access Signatures
- URI and SAS Parameters
- Storage Service Encryption
- Customer-Managed Keys
- Storage Security Best Practices
Lab: SAS (Portal)
Azure Files and File Sync
- Files Vs Blobs
- Managing File Shares
- File Share Snapshots
- Azure File Sync
- Azure File Sync Components
- File Sync Steps
Lab: File Shares
Managing Storage
- Storage Explorer
- Import and Export Service
- AzCopy
Lab: Storage Explorer, AzCopy
Module 8: Azure Virtual Machines
Virtual Machine Planning
- IaaS Cloud Services
- Planning Checklist
- Location and Pricing
- Virtual Machine Sizing
- Virtual Machine Disks
- Storage Options
- Supported Operating Systems
- Virtual Machine Connections
Creating Virtual Machines
- Creating a Virtual Machine in the Portal
- Windows Virtual Machines
- Linux Virtual Machines
- Windows VM Connections
- Linux VM Connections
Lab: 1. Creating a VM in Portal
2. Connect to Linux Virtual Machine
Virtual Machine Availability
- Maintenance and Downtime
- Availability Sets
- Update and Fault Domains
- Availability Zones
- Scale Sets
- Scaling Concepts
- Implementing Scale Sets
- Autoscale
- Implementing Autoscale
Virtual Machine Extensions
- Virtual Machine Extensions
- Custom Script Extensions
- Desired State Configuration
Lab: Custom Script Extensions
Module 9: Serverless Computing
Azure App Service Plans
- Azure App Service Plans
- App Service Plan Pricing Tires
- App Service Plan Scaling
- AppService Plan Scale-Out
Lab: Create App Service Plan
Managing App Services
- Azure App Service
- Creating an App Service
- Continuous Deployment
- Deployment Slots
- Creating Deployment Slots
- Securing an App service
- Custom Domain Names
- Backup an App Service
- Application Insights
Lab: Create an App Service
Container Services
- Containers Vs Virtual Machine
- Azure Container Instances
- Container Groups
- Docker
Azure Kubernetes Services (AKS)
- AKS Terminology
- AKS Cluster and Nodes
- AKS Networking
- AKS Storage
- AKS Security
- AKS and Azure Active Directory
- AKS Scaling
- AKS Scaling to ACI
- Virtual Kubelet
Lab: Deploy Azure Kubernetes Service
Module 10: Data Protection
File and Folder Backups
- Azure Backups
- Recovery Service Vault Backup Options
- Implementing On-premises File and Folder Backups
- Microsoft Azure Recovery Services Agent
Lab: Backup files and Folders
Virtual Machine Backups
- Virtual Machine Data Protection
- Workload Protection Needs
- Virtual Machine Snapshots
- Recovery Services Vault VM Backup Options
- Implementing VM Backups
- Implementing VM Restore
- Azure Backup Server
- Backup Component Comparison
- Soft Delete
- Azure Site Recovery
- Azure to Azure Architecture
Module 11: Monitoring
Azure Monitor
- Azure Monitor service
- Key Capabilities
- Monitoring Data Platform
- Log Data
- Data types
- Activity Log
- Query the Activity Log
Azure Alerts
- Azure Monitor alerts
- Creating Alert Rules
- Action Groups
Labs: Alerts
Log Analytics
- Log Analytics
- Creating a Workspace
- Connected Sources
- Data Sources
- Log Analytics Querying
- Query Language Syntax
Lab: Log Analytics
Network Watcher
- Network Watcher Diagnostics
- Diagnostics – IP Flow Verify
- Diagnostics – Next Hop
- Diagnostics – Effective Security Rules
- Diagnostics – VPN Troubleshoot
- Diagnostics – Packet Captures
- Diagnostics – Connection Troubleshoot
- Logs – NSG Flow Logs
- Monitoring - Topology
AZ-500: Microsoft Azure Security Technologies
Module 1: Identity and Access
Azure Active Directory
- Azure AD Feature
- Azure AD vs AD DS
- Roles for Azure AD
- Azure AD Domain Services
- Azure AD Users
- Azure AD Groups
- Administrative Units
- Passwordless
Hybrid Identity
- Azure AD Connect
- Azure AD Connect cloud sync
- Authentication Option
- Password Hash Synchronization (PHS)
- Pass-through Authentication (PTA)
- Federation with Azure AD
- Authentication Decision Tree
- Password Writeback
Azure AD Identity Protection
- Azure AD Identity Protection
- Risk Events
- User Risk Policy
- Sign-in Risk Policy
- Azure MFA concepts
- Azure AD Conditional Access
- Conditions
- Access Reviews
Azure AD Privileged Protection
- Microsoft's Zero Trust Model
- Microsoft Identity Management Evolution
- PIM Feature
- PIM Scope
- PIM Onboarding
- PIM Configuration Settings
- PIM Workflow
Enterprise Governance
- Shared Responsibility Model
- Azure Cloud Security Advantages
- Azure Hierarchy
- Azure Policy
- Azure Role-Based Access Control (RBAC)
- Azure RBAC vs Azure Policies
- Built-in Roles
- Resource Locks
- Azure Blueprints
- Azure Subscription Management
Module 2: Implement Platform Protection
Perimeter Security
- Defense in Depth
- Virtual Network Security
- Distributed Denial of Service (DDoS)
- DDoS Implementation
- Azure Firewall Features
- Azure Firewall Implementation
- VPN Forced Tunneling
- UDRs and NVAs
Network Security
- Network Security Groups (NSG)
- NSG Implementation
- Application Security Groups
- Service Endpoints
- Private Endpoints
- Azure Application Gateway
- Web Application Firewall
- Azure Front Door
- ExpressRoute
Host Security
- Endpoint Protection
- Privileged Access Workstations
- Virtual Machine Templates
- Remote Access Management
- Update Management
- Disk Encryption
- Microsoft Defender
- Security Center Recommendations
- Securing Azure Workloads
Container Security
- Containers
- ACI Security
- Azure Container Instances (ACI)
- Azure Container Registry (ACR)
- ACR Authentication
- Azure Kubernetes Service (AKS)
- AKS Terminology
- AKS Architecture
- AKS Networking
- AKS Storage
- AKS and Active Directory
Module 03: Data and Application Security
Azure Key Vault
- Azure Key Vault Features
- Key Vault Access
- Key Vault Example
- Key Vault Certificates
- Key Vault Keys
- Customer Managed Keys
- Key Vault Secrets
- Key Rotation
Application Security
- Microsoft Identity Platform
- Azure AD Application Scenarios
- App Registration
- Microsoft Graph Permissions
- Managed Identities
- Web App Certificates
Storage Security
- Data Sovereignty
- Azure Storage Access
- Shared Access Signatures
- Azure AD Storage Authentication
- Storage Service Encryption
- Blob Data Retention Policies
- Azure Files Authentication
- Secure Transfer Required
Database Security
- SQL Database Authentication
- SQL Database Firewalls
- Database Auditing
- Data Discovery and Classification
- Vulnerability Assessment
- Advanced Threat Protection
- Dynamic Data Masking
- Transparent Data Encryption
- Always Encrypted
Module 04: Security Operations
Azure Monitor
- Azure Monitor
- Metrics and Logs
- Log Analytics
- Connected Sources
- Azure Monitor Alerts
- Diagnostic Logging
Azure Security Center
- Cyber Kill Chain
- Azure Security Center Features
- Security Center Policies
- Security Center Recommendations
- Secure Score
- Brute Force Attacks
- Just in Time Virtual Machine Access
Azure Sentinel
- Azure Sentinel
- Data Connections
- Workbooks
- Incidents
- Playbooks
- Hunting
AZ-305: Designing Microsoft Azure Infrastructure Solutions
Module 1: Design a governance solution
- Design for governance
- Design for management groups
- Design for Azure subscriptions
- Design for resource groups
- Design for resource tagging
- Design for Azure Policy and RBAC
- Design with Azure Blueprints
Module 2: Design a compute solution
- Choose a compute service
- Design for Azure virtual machine solutions
- Design for Azure Batch solutions
- Design for Azure App Services solutions
- Design for Azure Container Instances solutions
- Design for Azure Kubernetes Service solutions
- Design for Azure Function solutions
- Design for Azure Logic App solutions
Module 3: Design a non-relational data storage solution
- Design for data storage
- Design for Azure storage accounts
- Design for data redundancy
- Design for Azure blob storage
- Design for Azure files
- Design an Azure disk solutions
- Design for storage security
Module 4: Design a data storage solution for relational data
- Design for data storage
- Design for Azure SQL databases
- Recommend a solution for database scalability
- Recommend a solution for database availability
- Design security for data at rest, data in transmission, and data in use
- Design for Azure SQL Edge
- Design for Azure Cosmos DB and tables
Module 5: Design a data integration solution
- Design a data integration solution with Azure Data Factory
- Design a data integration solution with Azure Data Lake
- Design a data integration and analytics solution with Azure Databricks
- Design a data integration and analytics solution with Azure Synapse Analytics
- Design a strategy for hot/warm/cold data path
- Design Azure Stream Analytics solution for Data Analysis
Module 6: Design an application architecture solution
- Describe message and event scenarios
- Design a messaging solution
- Design an event solution (Event Hub and Event Grid)
- Design an application automation solution
- Design application lifecycle
- Case study
Module 7: Design Authentication and Authorization Solutions
- Design for identity and access management
- Design for Azure Active Directory
- Design for Azure Active Directory B2B
- Design for Azure Active Directory B2C
- Design for conditional access
- Design for identity protection
- Design for access reviews
- Design service principals for applications
- Design for Azure key vault
- Case study
Module 8: Design a solution to log and monitor Azure resources
- Design for Azure Monitor data sources
- Design for Log Analytics
- Design for Azure workbooks and Azure Insights
- Design for Azure Data Explorer
Module 9: Design a network infrastructure solution
- Recommend a network architecture solution based on workload requirements
- Design for on-premises connectivity to Azure virtual networks
- Design for Azure network connectivity services
- Design for application delivery services
- Design for application protection services
Module 10: Design a business continuity solution
- Design for backup and recovery
- Design for Azure Backup
- Design for Azure blob backup and recovery
- Design for Azure Files backup and recovery
- Design for Azure virtual machine backup and recovery
- Design for Azure SQL backup and recovery
- Design for Azure Site Recovery
- Case study
Module 11: Design a migration solution
- Evaluate migration with the Cloud Adoption Framework
- Describe the Azure Migration Framework
- Assess your workloads
- Compare migration tools
- Migrate your databases
- Select an online storage migration tool
- Select an offline storage migration tool