Microsoft Azure Infrastructure and Deployment exam AZ-100 – Resources Part 2 – Implement and manage storage

Part 2 of 5 linking to the most appropriate documentation for learning how to achieve the objectives set in the new Azure AZ-100 exam.

Implement and manage storage (20-25%)

Create and configure storage accounts

May include but not limited to:

Configure network access to the storage account;

create and configure storage account;


Creating a new storage account

New-AzureRmStorageAccount -ResourceGroupName az100-rg01 -Name az100sa01 -SkuName Standard_LRS -Location uksouth -AccessTier Hot -Kind StorageV2 -Tag @{ Dept="IT"; Environment="Test" }

To upgrade existing General Purpose V1 accounts to V2.

Set-AzureRmStorageAccount -ResourceGroupName <resource-group> -AccountName <storage-account> -UpgradeToStorageV2

Change BLOB tier allocation to “Cool” for all BLOBs in a container. Other tiers are “Hot” and “Archive”, but “Archive” is not available in all regions.

$StgAcc = "<StorageAccount>"
$StgKey = "<StorageKey>"
$Container = "<Container>"
$ctx = New-AzureStorageContext -StorageAccountName $StgAcc -StorageAccountKey $StgKey

#Get all the blobs in container
$blob = Get-AzureStorageBlob -Container $Container -Context $ctx

#Set tier of all the blobs to Archive

generate shared access signature;

install and use Azure Storage Explorer;

manage access keys;

monitor activity log by using Log Analytics;

I’m afraid I can’t get a good resource for this right now.

implement Azure storage replication


Import and export data to Azure

May include but not limited to:
Create export from Azure job;

create import into Azure job;

configure and use Azure blob storage;

configure Azure content delivery network (CDN) endpoints


New-AzureRmCdnProfile -ProfileName az100-cdnpro1 -ResourceGroupName az100-eun-az100-rg01 -Location "North Europe" -Sku Standard_Verizon

The PowerShell to create an EndPoint eludes me. There’s a strange combination or “OriginPath” and other Origin related parameters that I just can’t quite seen to get my head round.

Configure Azure files


May include but not limited to:

Create Azure file share;


$storageContext = New-AzureStorageContext az100storacc blah-iamtheprimarykey-blah

$share = New-AzureStorageShare az100sysncshare -Context $storageContext

create Azure File Sync service;

create Azure sync group;

troubleshoot Azure File Sync


Implement Azure backup

May include but not limited to:

Configure and review backup reports;

perform backup operation;

create Recovery Services Vault;

create and configure backup policy;

perform a restore operation


Microsoft Azure Infrastructure and Deployment exam AZ-100 – Resources Part 1 – Manage Azure subscriptions and resources

Part 1 of 5 linking to the most appropriate documentation for learning how to achieve the objectives set in the new Azure AZ-100 exam. More specific configuration examples will be added in PowerShell as I work through the subject matter myself.

A friend on Reddit added the latest content from Ignite. Could be a good place to start before begging with my posts.

Also, please consider this guide from Skylines Academy for your PowerShell skills to bolster your competency on Azure and for the AZ-10x exams.

Manage Azure subscriptions and resources (15-20%)

Manage Azure subscriptions

May include but not limited to:

Assign administrator permissions;

Global Administrator is required to assign roles and is the default “god-like” administrator role in Azure. In Microsoft Graph API, Azure AD Graph API, and Azure AD PowerShell, this role is identified as “Company Administrator”. It is “Global Administrator” in the Azure portal.

PowerShell ;

connect-azuread -TenantId

$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "Saturday29"
New-AzureADUser -DisplayName "Bobby Balls" -PasswordProfile $PasswordProfile -UserPrincipalName "" -AccountEnabled $true -MailNickName "BobbyBalls"

$roleMember = Get-AzureADUser -ObjectId ""
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $roleMember.ObjectId
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Get-AzureADUser

configure cost center quotas and tagging

Alerts can only be set up per subscription and is still in preview with five alert recipients for when a subscription reaches a spend value. No other options exist in the drop down menu as yet.

Settings tags on resources rather than resource groups seems to be a little abstract and requires the resourceID rather than the name.

WARNING – This will set ONLY what is stated in the commands and will remove all existing tags!

Resource Groups In PoSh

Set-AzureRmResourceGroup -Name resgroupaz100 -Tag @{ Dept="IT"; Environment="Test" }
(Get-AzureRmResourceGroup -Name resgroupaz100 ).Tags

Resources in PoSh

$resource = Get-azurermresource -Name az100-aad-vm1-nsg
$id = $
Set-AzureRmResource -resourceid $id -Tag @{ Dept="IT"; Environment="Test" } -force
(Get-AzureRmResource -Name az100-aad-vm1-nsg).Tags


configure subscription policies

A little misleading in the title. Policies can be assigned to resource groups within subscriptions. So, you can’t assign a resourece group to a subscription and walk away. Assigning policies to resource groups is useful for ensuring things like selecting which VM sizes are available or which locations are available for services to match organisational policy.

Analyze resource utilization and consumption

May include but not limited to:

Configure diagnostic settings on resources;

Using the Monitor resource, you can identify which resources have Diagnostics enabled for a high level overview.

Or, you can visit the resource directly and choose Diagnostic settings and choose one of the three diagnostic destinations and if choosing a storage account, configure retention.

  • Storage Account
  • Event Hub
  • Log Analytics

Using PoSh

Set-AzureRmDiagnosticSetting -ResourceId [your resource id] -StorageAccountId [your storage account id] -Enabled $true

create baseline for resources;

Not sure what this means other than using JSON templates or PoSh DSC

create and rest alerts;

analyze alerts across subscription;

analyze metrics across subscription;

create action groups;

monitor for unused resources;


monitor spend;

report on spend;

Could mean Cloudyn
Or simply the Billing and Cost Management blade

utilize Log Search query functions;

view alerts in Log Analytics


Manage resource groups

May include but not limited to:

Allocate resource policies;

configure resource locks;


New-AzureRmResourceLock -LockName lock-az100demo-uks-az100-rg01 -LockLevel CanNotDelete -ResourceGroupName "az100demo-uks-az100-rg01"
$lockId = (Get-AzureRmResourceLock -ResourceGroupName az100demo-uks-az100-rg01).LockId
Remove-AzureRmResourceLock -LockId $lockId

configure resource policies;

implement and set tagging on resource groups;

WARNING Duplicate exam exercise – see “Manage Azure Subscriptions” – “Configure Cost Centre Quotas and Tagging”

move resources across resource groups;


$webapp = Get-AzureRmResource -ResourceGroupName az100demo-uks-az100-rg01 -ResourceName az100demo-website
$plan = Get-AzureRmResource -ResourceGroupName az100demo-uks-az100-rg01 -ResourceName az100demo-webplan
Move-AzureRmResource -DestinationResourceGroupName az100demo-uks-az100-rg02 -ResourceId $webapp.ResourceId, $plan.ResourceId

remove resource groups


Remove-AzureRmResourceGroup -Name "az100demo-uks-az100-rg01"


Microsoft Azure Infrastructure and Deployment AZ-100

Microsoft’s recently announced an update to the Azure exam track, replacing the administration, developer and architect exams. The administration exam “Implementing Microsoft Azure Infrastructure Solutions 70-533” is being replaced with the “Microsoft Azure Infrastructure and Deployment AZ-100” and “Microsoft Azure Integration and Security AZ-101”. Both are available in Beta and I’ve committed to take the AZ-100 early August.

If you have already passed the 70-533, you can take a transition exam, the “Microsoft Azure Administrator Certification Transition AZ-102”.

Here’s the Microsoft Learning Blog Post

The 70-533 exam held the following measurement categories;

Design and Implement Azure App Service Apps (10-15%)
Create and Manage Azure Resource Manager Virtual Machines (20-25%)
Design and Implement a Storage Strategy (10-15%)
Implement Virtual Networks (15-20%)
Design and Deploy ARM Templates (10-15%)
Manage Azure Security and Recovery Services (25-30%)
Manage Azure Operations (5-10%)
Manage Azure Identities (5-10%)

The AZ-100 exam holds the following measurement categories;

Manage Azure subscriptions and resources (15-20%)
Implement and manage storage (20-25%)
Deploy and manage virtual machines (VMs) (20-25%)
Configure and manage virtual networks (20-25%)
Manage identities (15-20%)

I’m happy to see “Design and Implement Azure App Service Apps” drop off. It wasn’t appropriate from the perspective of a on-premises compute administrator moving to administer Azure. The subject was so abstract that I had to read Sasha Rosenbaum’s great book “Serverless computing in Azure with .NET” just to even try to grasp what was going on in the 70-533 training material. Learn a thing just to understand why I’d do a thing.

How the “Design and Deploy ARM Templates” is either de-focused or folded into the Deploy and Manage Virtual Machines section will be for me to see on the exam, but I’ll assume it’s implicit in “Deploy and manage virtual machines”.

Overall, I’m looking forward to this unexpected challenge. I’ll report back on the 9th to give a steer on the learning content that’s most applicable for the exam.

Take care


Coffee +

A few things I want to say about coffee.

I write this because there’s a notable difference in meeting people to discuss ideas, solve problems and agree on outcomes when people either have or haven’t had coffee.

I often warn people upfront “I’ve had coffee, so if I start whatever, let me know”.

What follows are a mix of subjective and objective observations with coffee providing a route to use for the worlds most popular drug, Caffeine.

Positives of coffee

  • Helps achieve a level of mental alertness “on-demand”.
  • Good black coffee has been considered to be a positive fuel for your microbiome.
  • The ritual around getting or making coffee has social value.
  • A good coffee tastes damn good

Negatives of coffee

  • Coffee makes my mind a little tight. The best description is that it doesn’t allow for space in my mind, I become wired to a thing or a thought train. This can be useful in a result oriented sense when needing to get from A to B with some technical operations, but outside that focused use case, I consider it a negative.
  • If I were coffee shopping and I could choose “no Jitters”, I would. Some coffees make me feel completely on edge, jittery, heart palpatations, all sorts.
  • A bad coffee tastes the worst.
  • A badly judged late coffee hit will mess with your sleep. This is NOT okay. Sleep is crucial to a happy life for me and staring at the ceiling is not something I’m a fan of. I have in the past subjected myself to intense anxiety over loss and the result of that is not something I’d recommend for anyone.

This is just a light heaerted post and not meant to be an exhuastive list of all the good and bad effects of Coffee and Caffeine, but I do find the social effects the most troublesome which created the motivation to write this.
I imagine most of the world is more social in their working and daily lives than me. My professional life demands large quantities of “me time”. When I come out from that zone, a poorly timed coffee for either me or my co-workers often makes life more difficult than it need be.

Take care

Azure Non-Profit donated credits

Microsoft offer Office 365 E1 as a donation to non-profit organisations and is well known. Exchange Online is a popular feature of Office 365. Running your own e-mail system in 2018 is a chore. The service limits are way and above what most people need.
What is less well known is that there’s an opportunity to benefit from $5000 USD of Azure credits per year for non-profits, too.

This can be enjoyed by following this URL and applying for the credit; and go forward from “Azure plans and pricing”.

You will be asked what your tenant ID and Microsoft will add a subscription to your account which can be monitored by visiting

This is all brilliant and empowering. But I offer a word of caution. Beware that not all services can move subscriptions.

It’s a little like in the old days, you called a test Human Resources application server for example, both as it’s hostname and it’s hypervisor name.
Then some combination of events end up with the system going live and you’re looking at a box with “test” burnt into the name. It makes you sad, it confuses contract staff and is an all round fail.

What I’m getting at is that you’re likely to test some services and perhaps even make them live. But at some point you will probably start running out of that $5000 USD and have to move the resources onto a different subscription to allow them to contine functioning. Beware of creating services that aren’t able to be moved to a subscription that you can’t maintain or re-hydrate with funds.

I’m feeding back to our Microsoft account manager this week to suggest a different model for the donation. One where MS ask for an existing subscription like a credit card Pay-As-You-Go subscription or an EA subscription. Then, at least, there’s a parallel billing mechanism that you can support the resources allocated to that subscription.

Take care


Infrastructure as Code – philosophical thoughts

I’m currently working a lot with Microsoft Azure to provide the organisation I work for with a robust, cost effective IT Disaster Recovery platform. Up until a year ago, we operated a rack in a CoLocation facility to provide IT Disaster Recovery services. Whilst a decade ago, that was fit for purpose, in 2018, that was an expensive way of providing IT Disaster Recovery.

This use case in Microsoft Azure is helping me form a vision for what modern infrastructure operations could look like for our organisation.
Whilst considering Infrastructure as Code and how we’d evolve our PowerShell scripts and VMware templates into something more modern, the very next question I had once I’d formed enough of understanding around why the idea for modernising scripts was good, was that it seemed like I needed to consider another tool to execute the idea.

Configuration Management tools are the answer to my question.
Configuration Management tools have two models which seem to carry differing philosophies – imperative versus declaritive models. Microsoft ARM templates – which are the reccomended tool to automate the deployment of resources in Azure – use a declaritive model to get things done. I feel that it could be reasonable to assume that extending that model into the Configuration Management tool could help me make a choice on which to choose from.

When reviewing the wikipedia page on the tools, for now I’ve settled on Ansible to give me some context of how a Configuration Management tool could help us.

These are the reasons why:

  • Ansible is a new kid on the block with a hybrid imperative/declerative model.
  • I’m already invested into Python, the language Ansible is coded in.
  • Ansible Tower is now open sourced as Ansible AWX on CentOS and is also owned and operated by Red Hat. CentOS/Fedora is our choice of Linux distribution.

I’m looking forward to giving the tool a chance to shine over the next couple months and will reflect on my thoughts here when I’m done.

Take care.


How to vote in the UK General Election 2017

I’ll cover three issues that are apparent to me in considering who to vote for in General Elections.

  • Voting for a person (leader).
  • Voting for a party (policy).
  • Voting for who you always vote for.

Voting for a person (leader)

If you’re voting for a person, the decision process is very short. You’re taking the easy route. And that’s okay. You’re entitled to whatever choice you like.
You’re making your decision based on their looks. Don’t kid yourself that it’s about their interviewing skills, their ability to hold court on the world stage or some other sentence that was placed into your head. The Internet knows you better than that.

This has one critical flaw. The media. The media is who placed that “knowledgeable sounding insight” into your head about why you’re voting for “that person”.

Unless you’re Jeremy Paxman, you’re not going to get face time with all the leaders of all the parties and have a conversation to form a balanced opinion on your voting choice.
Airtime, photographs chosen, quotes chosen, statistics and anecdotal interviews of the public about their thoughts about a person are all chosen for a reason.
Do not be fooled into thinking the editors of the media choose a story or a piece because it’s “nice”. The media delivered into your home or you palm that’s chosen from the vast swathes of interviews and stories that are generated by the journalists on the ground each day and each hour are very deliberate choices. I’m not saying that they are all malicious choices, or that they are all benign, but just know that each choice is deliberate.

There’s a reason some Billionaires own newspapers. There’s a reason some Billionaires are called “Media Moguls“.
Misdirection, and/or misinformation, is a strategy.

An entirely neutral, independent and unbiased media source is an ideal, not a reality. I’d suggest there’s some outlets that are closer than others, but that’s for you to decide.

I recently had the privilege of reading a real copy of The Mirror from 1912 that reported the sinking of the Titanic. Here’s a summary image. Suffice to say that we know now the report in The Mirror was the complete opposite of the truth. In today’s rhetoric it may be called fake news, or in my language. A Lie.
That’s right. Over a hundred years ago, two years before the first world war, propaganda like eating carrots to see in the night, fake news already existed.

In the context of the worlds tiniest orange comedian, the right leaning Breitbart was launched as a direct competitor to the left leaning HuffingtonPost. Reading the difference between the two outlets version of events of the worlds tiniest orange comedian muscling past the Montenegro Prime Minister was fun. Despite there being a video of the event which you can make your own mind up about who/what/why, both outlets used different accompanying language to colour the outcome in your mind. One favoured and/or sympathised with worlds tiniest orange comedian, the other did not. If a picture speaks a thousand words, a video pretty much says it as it is.

My suggestion to you if you’re using the “voting for a person” method is to save yourself the time and angst of being subjected to the endless (mis)information you’re trying to avoid. Get the mug shot of all the leaders of all the parties and simply pick the one you think looks the nicest/most competent/hot, whatever works for you and stick to it. You’re choosing the leader because you want the easy route, remember. Heck, I’ll even save you the Google time. Leaders Mugshots

I put this voting strategy at the start of this article because if you’re that person, I’ll save you the time so you don’t need to read on!

Voting for a party (policy)

If you’re voting for a party, the decision process is long. You’re taking the hard route. Again, that’s okay. You’re still entitled to whatever choice you like.

The problem is the volume of information and comparable outcomes. This is not an apples for apples decision. So you have to do your best and not beat yourself up about it. presents a succinct journey through the high level common policies or issues that are present in the 2017 UK election and presents you with your voting choice. This could be enough for you, or…

A slightly more heavyweight version of this is
Harder to differentiate with multiple policy details to consider at each step, but before going for the full manifesto read, this is more thorough that the previous link, but not as thorough as a full read.

Strategies in politics are 5 years long. That’s the most you can plan for until you go through the election process all over again. Even then, given the ramp up and ramp down from election campaigns and the transfer of power between parties, or even between cabinet reshuffles, I would suggest a party has a maximum of 4 effective years in office.

We’re currently enjoying a Conservative government. Some people think it’s simply about removing them from office. This website is engineered to deliver you the information required to best disrupt Conservative government, it has nothing to do with what you want in life, other than you don’t want Tory rule.

Others think you should vote for who you align to, best. How do you choose that? You read each of the main parties manifestos of course. This is the long journey after all.

I’ve collected them conveniently here for your pleasure.

Green Party
Liberal Democrat

This is the end of the line for the critical voter.

Any television debates, radio interviews, newspaper articles about the former and the like, are then influenced by the media and seem more to do with a memory game “Oh, so and so couldn’t remember the numbers on air for the policy they’re championing”.
Well you know what, I can’t remember everything all the time, either.
The manifesto has all the details in, why concentrate on asking politicians to remember it off the top of their heads and perhaps ask about the philosophy behind the decisions that have already been made. That might actually be interesting.

Voting for who you’ve always voted for.

This is disappointing behaviour. It’s not even as critical as voting for a person.
It’s opting out after performing one critical process.
If you always do what you always did, you’ll always get what you always got.
Things change, you’re choosing not to.

It’s fair to say there are traits, or whats known as a political spectrum. So people will say “I’m Tory” or “I’m Lib Dem” or “I’m Green”. What they really mean is that they exist on a part of the political spectrum and they continue to vote for that same party that they aligned with back when they were once critical about who they were aligned to and either went through the voting for a person and/or vote for a party process. They’ve then released themselves from the trouble of being critical at each election and committed to being aligned to a party.
It’s a little bit like deciding to be a fan of a football club.
Being a supporter of a football club is very tribal thing. You can come under immense social scrutiny and pressure for your decisions. Changing your mind on the club you support is frowned upon and not done often by many people at all. Talk to an Arsenal fan about changing allegiances to become a Chelsea fan and see what happens. I would suggest the same pressures apply here to party aligned voters.

Manifestos are different every election. Which is why voting for who you’ve always voted for is like delegating the decision process out or saying “I did it once, I’m not doing it again”.

Manifestos exist for a reason. They are the 5 (4) year strategies as discussed earlier and you can’t, as a helpless voter, do any better than to hope and believe that the party will deliver the larger portion of the manifesto should they reach government. Using the 80/20 rule you’d like to think as a voter and I’d imagine as a party member too, it would be nice to get 80% of the manifesto done in your 5 (4) years in power. The other 20% was your stretch target. Sadly the voter doesn’t get to choose which of the manifesto targets get done and which don’t.

I hope that rather than voting for who you always voted for, you at least choose the hottest party leader. At least you’re being critical of something.