Microsoft Azure Integration and Security exam AZ-101 – Resources Part 1 – Evaluate and perform server migration to Azure

Evaluate and perform server migration to Azure (15-20%)

Evaluate migration scenarios by using Azure Migrate

Azure migrate is focused on analyzing workloads for migration into Azure and is currently constrained to VMware vSphere analysis. Azure Site Recovery Deployment Planner is used for other workloads.

May include but not limited to:
Discover and assess environment;

https://docs.microsoft.com/en-us/azure/migrate/tutorial-assessment-vmware

Identify workloads that can and cannot be deployed;

https://docs.microsoft.com/en-us/azure/migrate/tutorial-assessment-vmware#create-and-view-an-assessment

https://docs.microsoft.com/en-us/azure/migrate/concepts-assessment-calculation

Identify ports to open;

https://docs.microsoft.com/en-us/azure/migrate/migrate-overview#what-are-the-port-requirements

Identify changes to network;

This is tough to interpret and the only text that works for me is the work that you might do in the migration stage around changes to the VMs network interfaces. Otherwise, the previous link about opening ports should suffice.
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-manage-network-interfaces-on-premises-to-azure#modify-network-interface-settings

Identify if target environment is supported;

This is really difficult to interpret, but my assumption is that this page best fits.
https://docs.microsoft.com/en-us/azure/migrate/how-to-modify-assessment

Setup domain accounts and credentials

https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-tutorial-prepare-on-premises#prepare-an-account-for-mobility-service-installation

Migrate servers to Azure

Recovery Services Vaults provide many data services for protection and recovery.

May include but not limited to:
Migrate by using Azure Site Recovery (ASR);

https://docs.microsoft.com/en-us/azure/site-recovery/

Migrate using P2V;

https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure

Configure storage;

https://docs.microsoft.com/en-us/azure/site-recovery/tutorial-prepare-azure#create-a-storage-account

Create a backup vault;

https://docs.microsoft.com/en-us/azure/site-recovery/tutorial-prepare-azure#create-a-recovery-services-vault

Prepare source and target environments;

https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-set-up-source

https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-set-up-target

Backup and restore data;

https://docs.microsoft.com/en-us/azure/backup/tutorial-backup-windows-server-to-azure

https://docs.microsoft.com/en-us/azure/backup/tutorial-backup-restore-files-windows-server

Deploy Azure Site Recovery (ASR) agent;

https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-install-mobility-service

Prepare virtual network

https://docs.microsoft.com/en-us/azure/site-recovery/tutorial-prepare-azure#set-up-an-azure-network

Advertisements

Microsoft Azure Infrastructure and Deployment exam AZ-100 – Resources Part 5 – Manage Identities

Part 5 of 5 linking to the most appropriate documentation for learning how to achieve the objectives set in the new Azure AZ-100 exam.

SafariBooksOnline.com content that matches the objectives

https://www.safaribooksonline.com/videos/azure-active/0422018AZURE1F

Manage identities (15-20%)

Manage Azure Active Directory (AD)

May include but not limited to:
Add custom domains;

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming;

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection-enable

configure self-service password reset;

https://docs.microsoft.com/en-us/azure/active-directory/authentication/quickstart-sspr

implement conditional access policies;

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-untrusted-networks

manage multiple directories;

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-administer#how-can-i-add-and-manage-multiple-directories

perform an access review

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-azure-ad-controls-access-reviews-overview

Manage Azure AD objects (users, groups, and devices)

May include but not limited to:
Create users and groups;

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal

manage user and group properties;

https://docs.microsoft.com/en-us/powershell/azure/active-directory/using-extension-attributes-sample?view=azureadps-2.0

(Get-AzureADUser -ObjectId $UserId).ToJson()
Set-AzureADUserExtension -ObjectId $UserId -ExtensionName "extension_0380f0f700c040b5aa577c9268940b53_MyNewProperty" -ExtensionValue "MyNewValue"

manage device settings;

https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal#configure-device-settings

perform bulk user updates

https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureaduser?view=azureadps-2.0

Implement and manage hybrid identities

May include but not limited to:
Install and configure Azure AD Connect;

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-express

configure federation and single sign-on;

Federation

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-azure-adfs

Single Sign On

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso

manage Azure AD Connect;

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-whats-next

manage password sync and writeback

Password Sync

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-hash-synchronization#enable-password-hash-synchronization

Password Writeback

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-writeback

Microsoft Azure Infrastructure and Deployment exam AZ-100 – Resources Part 4 – Configure and Manage Virtual Networks

Part 4 of 5 linking to the most appropriate documentation for learning how to achieve the objectives set in the new Azure AZ-100 exam.

There’s a an addition I’d like to make for this objective and that is service endpoints.

https://docs.microsoft.com/en-gb/azure/virtual-network/virtual-network-service-endpoints-overview

It seems important to grasp this concept if your posture is one of using Azure services without exposing them to the Public Internet.

The new Azure Firewall – which deserves a post in its own right is also in preview as of August 2018.

https://docs.microsoft.com/en-gb/azure/firewall/overview

As does the Azure VirtualWAN – or SD-WAN to everyone else in the world.

https://azure.microsoft.com/en-us/services/virtual-wan/

Configure and manage virtual networks (20-25%)

SafariBooksOnline.com content which matches the objectives for virtual networks.

https://www.safaribooksonline.com/videos/azure-networking/0422018AZURE1H

Create connectivity between virtual networks

May include but not limited to:
Create and configure VNET peering;

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

create and configure VNET to VNET;

https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal

verify virtual network connectivity;

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview#troubleshoot

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-portal?toc=%2fazure%2fvirtual-network%2ftoc.json

create virtual network gateway

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Implement and manage virtual networking

May include but not limited to:
Configure private and public IP addresses, network routes, network interface, subnets, and virtual network

https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-portal

Configure name resolution

May include but not limited to:
Configure Azure DNS;

https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal

configure custom DNS settings;

https://docs.microsoft.com/en-us/azure/dns/dns-custom-domain

configure DNS zones

https://docs.microsoft.com/en-us/azure/dns/dns-operations-dnszones-portal

Create and configure a Network Security Group (NSG)

May include but not limited to:
Create security rules;

https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group#work-with-security-rules

associate NSG to a subnet or network interface;

Subnet
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-subnet#change-subnet-settings
Interface
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface#associate-or-dissociate-a-network-security-group

identify required ports;

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal

evaluate effective security rules

https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-traffic-filter-problem

Microsoft Azure Infrastructure and Deployment exam AZ-100 – Resources Part 3 – Deploy and manage virtual machines (VMs)

Part 3 of 5 linking to the most appropriate documentation for learning how to achieve the objectives set in the new Azure AZ-100 exam.

SafariBooksOnline.com resources that match the learning objectives for this module:

https://www.safaribooksonline.com/videos/azure-deploying/03401BAZURECWORKS
https://www.safaribooksonline.com/videos/azure-advanced-virtual/03410CZURECWORKS

Cost Engineering note:

If you’re coming from a perspective of managing on-premises infrastructure, you might understand the notion of “disk provisioning”. In VMware land this usually offers you a chocolate box of “Thin Provisioning”, “Thick Lazy Zero” and “Thick Eager Zero”.

Making a decision on the disk provisioning type has a consequence on the management of the VMware datastores. This is another topic entirely.

In Azure, my interpretation is that all VMs disks are “Thin Provisioned” and there’s no control exposed to the Azure Administrator to change that, which is fine. I’m happy to have that decision taken away from me.

The point I’m getting at here is that when you choose the size of data disks to attach to your VM, you’ll only be paying for the space you’ve used or written to in that disk. There are other things to consider when you’re not using Azure Managed Disks like maximum sizes that can be protected with Azure Recovery Services Vaults or other service limits, but once you’ve considered those limits and worked out your sweet spot, you may aswell choose the largest size of disk that works for you (a consistent large size of course!) to avoid inflating disks later down the road.

Create and configure a VM for Windows and Linux

May include but not limited to:
Configure high availability;

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability

configure monitoring, networking, storage, and virtual machine size;

Monitoring
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/monitor
Storage
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq-for-disks
Networking
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-common-network-ref
VM Size
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/resize-vm

deploy and configure scale sets

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/

Automate deployment of VMs

May include but not limited to:
Modify Azure Resource Manager (ARM) template;

https://docs.microsoft.com/en-us/azure/architecture/building-blocks/extending-templates/update-resource

configure location of new VMs;

Unsure – seems too simple

configure VHD template;

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-specialized

deploy from template;

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template

save a deployment as an ARM template;

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/download-template

deploy Windows and Linux VMs

Too vague
https://docs.microsoft.com/en-us/azure/virtual-machines/

Manage Azure VM

May include but not limited to:
Add data discs; add network interfaces;

Data disk
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/attach-disk-ps
Network Interface
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-vm

automate configuration management by using PowerShell Desired State Configuration (DSC) and VM Agent by using custom script extensions;

https://docs.microsoft.com/en-us/azure/automation/automation-dsc-overview

manage VM sizes;

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/resize-vm

move VMs from one resource group to another;

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm

redeploy VMs

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

Manage VM backups

May include but not limited to:
Configure VM backup;

WARNING Duplicate exam exercise – see “Implement and Manage Storage” – “Implement Backup”
https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal

define backup policies;

WARNING Duplicate exam exercise – see “Implement and Manage Storage” – “Create and Configure Backup Policy”
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-vms-prepare#select-a-backup-goal-set-policy-and-define-items-to-protect

implement backup policies;

WARNING Duplicate exam exercise – see “Implement and Manage Storage” – “Create and Configure Backup Policy”
https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-vms-prepare#select-a-backup-goal-set-policy-and-define-items-to-protect

perform VM restore

WARNING Duplicate exam exercise – see “Implement and Manage Storage” – “Perform a restore operation”
https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm

Microsoft Azure Infrastructure and Deployment exam AZ-100 – Resources Part 2 – Implement and manage storage

Part 2 of 5 linking to the most appropriate documentation for learning how to achieve the objectives set in the new Azure AZ-100 exam.

Implement and manage storage (20-25%)

Create and configure storage accounts

May include but not limited to:

Configure network access to the storage account;

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

create and configure storage account;

https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account

Powershell

Creating a new storage account

New-AzureRmStorageAccount -ResourceGroupName az100-rg01 -Name az100sa01 -SkuName Standard_LRS -Location uksouth -AccessTier Hot -Kind StorageV2 -Tag @{ Dept="IT"; Environment="Test" }

To upgrade existing General Purpose V1 accounts to V2.

Set-AzureRmStorageAccount -ResourceGroupName <resource-group> -AccountName <storage-account> -UpgradeToStorageV2

Change BLOB tier allocation to “Cool” for all BLOBs in a container. Other tiers are “Hot” and “Archive”, but “Archive” is not available in all regions.

$StgAcc = "<StorageAccount>"
$StgKey = "<StorageKey>"
$Container = "<Container>"
$ctx = New-AzureStorageContext -StorageAccountName $StgAcc -StorageAccountKey $StgKey

#Get all the blobs in container
$blob = Get-AzureStorageBlob -Container $Container -Context $ctx

#Set tier of all the blobs to Archive
$blob.icloudblob.setstandardblobtier("Cool")

generate shared access signature;

https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1

install and use Azure Storage Explorer;

https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-manage-with-storage-explorer?tabs=windows

manage access keys;

https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide

monitor activity log by using Log Analytics;

I’m afraid I can’t get a good resource for this right now.

implement Azure storage replication

https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction#replication

 

Import and export data to Azure

May include but not limited to:
Create export from Azure job;

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-from-blobs

create import into Azure job;

https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-blobs
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files

configure and use Azure blob storage;

https://docs.microsoft.com/en-us/azure/vs-azure-tools-storage-explorer-blobs?toc=%2fazure%2fstorage%2fblobs%2ftoc.json

configure Azure content delivery network (CDN) endpoints

https://docs.microsoft.com/en-us/azure/cdn/cdn-optimization-overview
https://docs.microsoft.com/en-us/azure/cdn/cdn-manage-powershell#creating-cdn-profiles-and-endpoints

PowerShell

New-AzureRmCdnProfile -ProfileName az100-cdnpro1 -ResourceGroupName az100-eun-az100-rg01 -Location "North Europe" -Sku Standard_Verizon

The PowerShell to create an EndPoint eludes me. There’s a strange combination or “OriginPath” and other Origin related parameters that I just can’t quite seen to get my head round.

Configure Azure files

 

May include but not limited to:

Create Azure file share;

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share

PowerShell

$storageContext = New-AzureStorageContext az100storacc blah-iamtheprimarykey-blah

$share = New-AzureStorageShare az100sysncshare -Context $storageContext

create Azure File Sync service;

https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning

https://docs.microsoft.com/en-gb/azure/storage/files/storage-sync-files-deployment-guide?tabs=portal

create Azure sync group;

https://docs.microsoft.com/en-gb/azure/storage/files/storage-sync-files-deployment-guide?tabs=portal#create-a-sync-group-and-a-cloud-endpoint

troubleshoot Azure File Sync

https://docs.microsoft.com/en-gb/azure/storage/files/storage-sync-files-troubleshoot?tabs=portal1%2Cportal

 

Implement Azure backup

May include but not limited to:

Configure and review backup reports;

https://docs.microsoft.com/en-us/azure/backup/backup-azure-configure-reports

perform backup operation;

https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal

create Recovery Services Vault;

https://docs.microsoft.com/en-us/azure/backup/backup-azure-recovery-services-vault-overview

create and configure backup policy;

https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-vms-prepare#select-a-backup-goal-set-policy-and-define-items-to-protect

perform a restore operation

https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-files-from-vm

Microsoft Azure Infrastructure and Deployment exam AZ-100 – Resources Part 1 – Manage Azure subscriptions and resources

Part 1 of 5 linking to the most appropriate documentation for learning how to achieve the objectives set in the new Azure AZ-100 exam. More specific configuration examples will be added in PowerShell as I work through the subject matter myself.

Manage Azure subscriptions and resources (15-20%)

Manage Azure subscriptions

May include but not limited to:

Assign administrator permissions; 

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal

Global Administrator is required to assign roles and is the default “god-like” administrator role in Azure. In Microsoft Graph API, Azure AD Graph API, and Azure AD PowerShell, this role is identified as “Company Administrator”. It is “Global Administrator” in the Azure portal.

PowerShell ;

connect-azuread -TenantId az100.onmicrosoft.com

https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureaduser?view=azureadps-2.0

$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "Saturday29"
New-AzureADUser -DisplayName "Bobby Balls" -PasswordProfile $PasswordProfile -UserPrincipalName "BobbyBalls@az100.onmicrosoft.com" -AccountEnabled $true -MailNickName "BobbyBalls"

https://docs.microsoft.com/en-us/powershell/module/azuread/add-azureaddirectoryrolemember?view=azureadps-2.0

$roleMember = Get-AzureADUser -ObjectId "BobbyBalls@az100.onmicrosoft.com"
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $roleMember.ObjectId
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Get-AzureADUser

configure cost center quotas and tagging

https://docs.microsoft.com/en-us/azure/billing/billing-getting-started

https://docs.microsoft.com/en-us/azure/billing/billing-set-up-alerts

Alerts can only be set up per subscription and is still in preview with five alert recipients for when a subscription reaches a spend value. No other options exist in the drop down menu as yet.

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags?toc=/azure/billing/TOC.json

Settings tags on resources rather than resource groups seems to be a little abstract and requires the resourceID rather than the name.
https://github.com/sympa18/CheckandApplyTags/blob/master/CheckandApplyTags.ps1

WARNING – This will set ONLY what is stated in the commands and will remove all existing tags!

Resource Groups In PoSh

Set-AzureRmResourceGroup -Name resgroupaz100 -Tag @{ Dept="IT"; Environment="Test" }
(Get-AzureRmResourceGroup -Name resgroupaz100 ).Tags

Resources in PoSh

$resource = Get-azurermresource -Name az100-aad-vm1-nsg
$id = $resource.id
Set-AzureRmResource -resourceid $id -Tag @{ Dept="IT"; Environment="Test" } -force
(Get-AzureRmResource -Name az100-aad-vm1-nsg).Tags

 

configure subscription policies

https://docs.microsoft.com/en-us/azure/azure-policy/azure-policy-introduction

A little misleading in the title. Policies can be assigned to resource groups within subscriptions. So, you can’t assign a resourece group to a subscription and walk away. Assigning policies to resource groups is useful for ensuring things like selecting which VM sizes are available or which locations are available for services to match organisational policy.

Analyze resource utilization and consumption

May include but not limited to:

Configure diagnostic settings on resources;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs

Using the Monitor resource, you can identify which resources have Diagnostics enabled for a high level overview.

Or, you can visit the resource directly and choose Diagnostic settings and choose one of the three diagnostic destinations and if choosing a storage account, configure retention.

  • Storage Account
  • Event Hub
  • Log Analytics

Using PoSh

Set-AzureRmDiagnosticSetting -ResourceId [your resource id] -StorageAccountId [your storage account id] -Enabled $true

create baseline for resources;

Not sure what this means other than using JSON templates or PoSh DSC

create and rest alerts;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-alerts-unified-log

analyze alerts across subscription;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts

analyze metrics across subscription;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-metrics

create action groups;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-action-groups

monitor for unused resources;

Unsure

monitor spend;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-usage-and-estimated-costs

report on spend;

Could mean Cloudyn
https://docs.microsoft.com/en-us/azure/cost-management/tutorial-review-usage
Or simply the Billing and Cost Management blade
https://docs.microsoft.com/en-us/azure/billing/billing-understand-your-bill

utilize Log Search query functions;

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-search

view alerts in Log Analytics

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-solution-alert-management

 

Manage resource groups

May include but not limited to:

Allocate resource policies;

https://docs.microsoft.com/en-us/azure/azure-policy/azure-policy-introduction

configure resource locks;

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

PowerShell

New-AzureRmResourceLock -LockName lock-az100demo-uks-az100-rg01 -LockLevel CanNotDelete -ResourceGroupName "az100demo-uks-az100-rg01"
$lockId = (Get-AzureRmResourceLock -ResourceGroupName az100demo-uks-az100-rg01).LockId
Remove-AzureRmResourceLock -LockId $lockId

configure resource policies;

https://docs.microsoft.com/en-us/azure/azure-policy/create-manage-policy

implement and set tagging on resource groups;

WARNING Duplicate exam exercise – see “Manage Azure Subscriptions” – “Configure Cost Centre Quotas and Tagging”
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

move resources across resource groups;

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources

PowerShell

$webapp = Get-AzureRmResource -ResourceGroupName az100demo-uks-az100-rg01 -ResourceName az100demo-website
$plan = Get-AzureRmResource -ResourceGroupName az100demo-uks-az100-rg01 -ResourceName az100demo-webplan
Move-AzureRmResource -DestinationResourceGroupName az100demo-uks-az100-rg02 -ResourceId $webapp.ResourceId, $plan.ResourceId

remove resource groups

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-portal#delete-resource-group-or-resources

PowerShell

Remove-AzureRmResourceGroup -Name "az100demo-uks-az100-rg01"

 

Microsoft Azure Infrastructure and Deployment AZ-100

Microsoft’s recently announced an update to the Azure exam track, replacing the administration, developer and architect exams. The administration exam “Implementing Microsoft Azure Infrastructure Solutions 70-533” is being replaced with the “Microsoft Azure Infrastructure and Deployment AZ-100” and “Microsoft Azure Integration and Security AZ-101”. Both are available in Beta and I’ve committed to take the AZ-100 early August.

If you have already passed the 70-533, you can take a transition exam, the “Microsoft Azure Administrator Certification Transition AZ-102”.

Here’s the Microsoft Learning Blog Post

The 70-533 exam held the following measurement categories;

Design and Implement Azure App Service Apps (10-15%)
Create and Manage Azure Resource Manager Virtual Machines (20-25%)
Design and Implement a Storage Strategy (10-15%)
Implement Virtual Networks (15-20%)
Design and Deploy ARM Templates (10-15%)
Manage Azure Security and Recovery Services (25-30%)
Manage Azure Operations (5-10%)
Manage Azure Identities (5-10%)

The AZ-100 exam holds the following measurement categories;

Manage Azure subscriptions and resources (15-20%)
Implement and manage storage (20-25%)
Deploy and manage virtual machines (VMs) (20-25%)
Configure and manage virtual networks (20-25%)
Manage identities (15-20%)

I’m happy to see “Design and Implement Azure App Service Apps” drop off. It wasn’t appropriate from the perspective of a on-premises compute administrator moving to administer Azure. The subject was so abstract that I had to read Sasha Rosenbaum’s great book “Serverless computing in Azure with .NET” just to even try to grasp what was going on in the 70-533 training material. Learn a thing just to understand why I’d do a thing.

How the “Design and Deploy ARM Templates” is either de-focused or folded into the Deploy and Manage Virtual Machines section will be for me to see on the exam, but I’ll assume it’s implicit in “Deploy and manage virtual machines”.

Overall, I’m looking forward to this unexpected challenge. I’ll report back on the 9th to give a steer on the learning content that’s most applicable for the exam.

Take care

Paul