Azure Infrastructure and Deployment Track (AZ-100)

COURSE OUTLINE:

Description

This course teaches IT Professionals:

  • Manage their Azure subscriptions, including access, policies, and compliance, as well as how to track and estimate service usage and related costs.
  • How cloud resources are managed in Azure through user and group ents
  • Learn how to grant appropriate access to Azure AD users, groups, and services through Role-based access control (RBAC).
  • Discover the core monitoring tools and capabilities provided by Azure, including Azure Alerts and Activity Log.
  • Introduced to Log Analytics as a broad data analytics solution and use this service to query and analyze operational data.
  • Learn about the Azure Resource Manager deployment model, and how to work with resources, resource groups and ARM templates.
  • implement Azure storage solutions for a variety of scenarios.
  • Learn about the different storage accounts and services as well as basic data replication concepts and available replication schemes. Students are also introduced to Storage Explorer as a convenient way to work with Azure storage data.
  • Learn the types of storage and how to work with managed and custom disks.
  • Azure blob storage is how Azure stores unstructured data in the cloud, and students learn how to work with blobs and blob containers.
  • Learn how to use Azure Files to work with file shares that are accessed via the Server Message Block (SMB) protocol.
  • In addition to blob storage, the course covers Table and Queue storage as storage options for structured data.
  • Learn how to secure and manage storage using Shared Access Signatures (SAS) and Azure Backup, using Recovery Services Vault. Next, students learn how to use Azure File Sync to centralize an organization�s file Shares in Azure Files. Content Delivery Network (CDN) is used to store cached content on a distributed network of servers that are close to end users. Students learn how to optimize content delivery with Azure CDN, as well as how to transfer large amounts of data using the Azure Import/Export service.
  • Learn how to monitor Azure storage by configuring metrics and alerts and using the Activity Log. Students learn how to analyze usage trends, trace requests, and diagnose issues with a storage account.
  • How to create and manage virtual machines as part of an Infrastructure as a Service (IaaS) computing infrastructure.
  • Learn how to assess their on-premises environment for virtual machine readiness in preparation for moving resources to the cloud, including sizing, pricing, and design considerations.
  • Learn how to create and deploy virtual machines in Azure, using the Azure portal, PowerShell, and ARM templates. The course includes instruction on deploying custom images and Linux virtual machines.
  • Learn how to configure the networking and storage components of virtual machines.
  • Deploying highly available virtual machines is critical in the light of planned and unplanned events, and students learn how to use availability sets to ensure that virtual machine resources are available during downtime.
  • Learn how to use extensions and Desired State Configuration (DSC) for post deployment automation and configuration tasks.
  • Learn how to perform virtual machine backups, and to use Azure�s monitoring capabilities to collect, view, and analyze virtual machine diagnostic and log data.
  • Configure and manage Azure virtual networks (VNets).
  • The benefits of moving an infrastructure to the cloud, removing the need to maintain expensive datacenters are an appealing proposition for many small and medium-sized companies. Regardless, once resources are moved to Azure, they require the same networking functionality as an on-premises deployment, and this course deals with the basic network configuration tasks.
  • The basis of IP addressing, with specific emphasis on how public and private IP addressing works in the cloud.
  • Learn how to configure network routing and how to implement Azure DNS.
  • Securing the network infrastructure is of key importance and students learn how to use Network Security Groups (NSGs) to limit network traffic to resources in a virtual network, by creating security rules that allow or deny inbound or outbound traffic.
  • Learn how to use NSG logging to diagnose and troubleshoot network connectivity problems.
  • Different connectivity scenarios for Azure virtual networks and students learn how to connect virtual networks with VNet-to-VNet VPN gateways and virtual network peering.
  • Use Azure Active Directory (AD) to provide employees and customers with a multi-tenant cloud-based directory and identity management system.
  • Learn the differences between Azure AD and Active Directory Domain Services (AD DS), as well the differences in functionality offered by the different editions of Azure AD.
  • Learn how to configure self-service password reset, or to use the option of password writeback to reset user passwords regardless of their location. Students are then introduced to Azure AD Identity Protection and learn how they can use it to protect their organizations from compromised accounts, identity attacks, and configuration issues.
  • Learn how to integrate Azure AD with the many Software as a Service (SaaS) applications that are used, in order to secure user access to those applications.
  • Concepts of Azure domains and tenants, and users and groups are explained and students learn how to work with the various Azure AD objects. Students are introduced to Azure role-based access control to be able to provide a more granular access based on the principle of least privilege. An administrator, or user, can do exactly the task they need to accomplish; no more, no less.
  • Learn how to work with Azure joined devices and Hybrid AD joined devices, enabling their users to be productive wherever and whenever � but ensuring that corporate assets are protected and that devices meet security and compliance standards.
  • Learn how to use Azure AD Connect to integrate their on-premises directories with Azure AD, providing a common identity for their users of Office 365, Azure, and SaaS applications integrated with Azure AD.
  • Learn how to use Azure AD Application Proxy to be able to provide their users with remote access to web application that are published on-premises, such as SharePoint sites, Outlook Web Access, or any other line of business (LOB) applications the organization has.

Audience

This course is for Azure Administrators. Azure Administrators manage the cloud services that span storage, networking, and compute cloud capabilities, with a deep understanding of each service across the full IT lifecycle. They take end-user requests for new cloud applications and make recommendations on services to use for optimal performance and scale, as well as provision, size, monitor and adjust as appropriate. This role requires communicating and coordinating with vendors.� Azure Administrators use the Azure Portal and as they become more proficient they use PowerShell and the Command Line Interface.

Prerequisites

Successful Cloud Administrators start this role with experience on operating systems, virtualization, cloud infrastructure, storage structures, and networking.

Learning Objectives

  • Manage Azure subscriptions and billing, and implement Azure policies.
  • Implement access management with Azure users, groups, and role-based access control.
  • Use Azure Monitor to configure Azure alerts and review the Azure Activity Log.
  • Query and analyze Log Analytics data.
  • Deploy resources with ARM templates and organize Azure resources.�
  • Optimize your use of Azure tools like the Azure portal, Azure PowerShell, Cloud Shell and the Azure CLI.
  • Create Azure storage accounts for different data replication, pricing, and content scenarios.�
  • Implement virtual machine storage, blob storage, Azure files, and structured storage.
  • Secure and manage storage with shared access keys, Azure backup, and Azure File Sync.
  • Store and access data using Azure Content Delivery Network, and the Import and Export service.
  • Monitor Azure storage with metrics and alerts, and the Activity Log.
  • Explain virtual machine usage cases, storage options, pricing, operating systems, networking capabilities, and general planning considerations.
  • Create Windows virtual machines in the Azure Portal, with Azure PowerShell, or using ARM Templates.
  • Deploy custom server images and Linux virtual machines.�
  • Configure virtual machine networking and storage options.
  • Implement virtual machine high availability, scalability, and custom scripts extensions.�
  • Backup, restore, and monitor virtual machines.
  • Understand virtual networking components, IP addressing, and network routing options.�
  • Implement Azure DNS domains, zones, record types, and resolution methods.�
  • Configure network security groups, service endpoints, logging, and network troubleshooting.
  • Implement site connectivity schemas including VNet-to-VNet connections and virtual network peering.
  • Implement Azure Active Directory, Self-Service Password Reset, Azure AD Identity Protection, and integrated SaaS applications.
  • Configure domains and tenants, users and groups, roles, and devices.�
  • Implement and manage Azure Active Directory integration options and Azure AD Application Proxy.

AZ-100T01:� Manage Subscription and Resources

Module 1: Managing Azure Subscriptions

In this module, you�ll learn about the components that make up an Azure subscription and how management groups are used to organize subscriptions into containers to allow you to control organizational governance and policy management across subscriptions. As well as learning about the different available types of subscription, you�ll see how to apply tags to your Azure resources to logically organize them by categories.

Lessons

  • Overview of Azure Subscriptions
  • Billing
  • Azure Policy

After completing this module, students will be able:

  • Manage Azure subscriptions and billing and implement Azure policies.

Module 2: Access Management for Cloud Resources

In this module you will learn the basics of role-based access control as it applies to users and groups. Focus on the administrator role and how it used in Azure.

Lessons

  • Azure Users and Groups
  • Role-based Access Control

After completing this module, students will be able:

  • Implement access management with Azure users, groups, and role-based access control.

Module 3: Monitoring and Diagnostics

In this module, you learn about the Azure Monitor and the many capabilities to ensure your Azure architecture is working correctly. Monitoring skills are explained in this first course and then demonstrated in the following courses. The two main elements explained in this module are Azure Alerts and Azure Activity Log.

Lessons

  • Exploring Monitoring Capabilities in Azure
  • Azure Alerts
  • Azure Activity Log

After completing this module, students will be able:

  • Use Azure Monitor to configure Azure alerts and review the Azure Activity Log.

Module 4: Log Analytics

In this module, you will focus on Log Analytics. Log Analytics provides a way for you to collect, analyze, and query all types of connected data. It is a very powerful tool.

Lessons

  • Introduction to Log Analytics
  • Querying and Analyzing Log Analytics Data

After completing this module, students will be able:

  • Query and analyze Log Analytics data.

Module 5: Azure Resource Manager

In this module, you will learn about how resources are organized into resource groups and how ARM templates are used to deploy those resources. This module introduces the concepts and then they are applied in the other courses. Lessons

  • ARM templates
  • Resource Groups

After completing this module, students will be able:

  • Deploy resources with ARM templates and organize Azure resources.

Module 6: Azure Tips, Tricks, and Tools

This module is provided to help you get the most from your administrative tools. This include the Azure Portal, Cloud Shell, Azure CLI, Azure PowerShell, and Resource Explorer.

Lessons

  • Azure Portal
  • Azure Tools and Environment

After completing this module, students will be able:

Optimize your use of Azure tools like the Azure portal, Azure PowerShell, Cloud Shell and the Azure CLI.

�

Course AZ-100T02:� Implementing and Managing Storage

Module 1: Overview of Azure Storage

In this module, you�ll learn about storage accounts � Standard and Premium � as well as storage endpoints and how to configure custom domain accounts. You�ll have an opportunity to practice creating and managing storage accounts. The module also covers data replication and provides a comparison of the different available replication schemes. You�ll be introduced to Azure Storage Explorer, a utility that lets you easily work with and manipulate Azure Storage data.

Lessons

  • Azure storage accounts
  • Data replication
  • Azure Storage Explorer

After completing this module, students will be able to:

  • Create Azure storage accounts for different data replication, pricing, and content scenarios.�

Module 2: Storage Services

In this module, you�ll learn about the disks component of Azure Storage as it relates to virtual machines. Disks are how virtual machines store their VHD files. You will learn about the types of disks and storage and how Azure simplifies IaaS disk management by creating and managing the storage accounts associated with the virtual machine disks. You will also learn about how Azure blob storage stores unstructured data in the cloud as objects, or blobs (BLOB = binary large object). And you�ll explore Azure Files, which offers fully managed file shares in the cloud that are accessible via the Server Message Block (SMB) protocol. The other file storage options covered in the module are Tables and Queues for structured storage.

Lessons

  • Virtual machine storage
  • Blob storage
  • Azure files
  • Structured storage

After completing this module, students will be able to:

  • Implement virtual machine storage, blob storage, Azure files, and structured storage.

Module 3: Securing and Managing Storage

In this module, discover how a shared access signature (SAS) can be used to provide delegated access to resources in storage accounts, allowing clients access to those resources with sharing the storage account keys. You�ll also learn how to use Azure backup as a cloud-based solution for an existing on-premises or off-site backup and data protection solution. This module also covers Azure File Sync as a way to centralize an organization�s file shares in Azure Files, and using Windows Server to cache the Azure file share locally, thus enabling scenarios such as �lift and shift,� backup and disaster recovery, and file archiving.

Lessons

  • Shared access keys
  • Azure backup
  • Azure File Sync

After completing this module, students will be able to:

  • Secure and manage storage with shared access keys, Azure backup, and Azure File Sync.

Module 4: Storing and Accessing Data

In this module, you�ll learn about using a content delivery network (CDN) to deliver cached content that is stored on a distributed network of edge servers closer to end-users. You�ll also learn how to transfer large amount of data to and from the cloud using the Azure Import/Export service.

Lessons

  • Azure Content Delivery Network
  • Import and Export service

After completing this module, students will be able to:

  • Store and access data using Azure Content Delivery Network, and the Import and Export service.

Module 5: Monitoring Storage

In this module, you will learn techniques for monitoring the health of Azure storage. With metrics and alerts you can check a variety of performance metrics and send notifications to your system administrator team. With the Activity Log you can search and query for specific events, even across subscriptions

Lessons

  • Metrics and Alerts
  • Activity Log

After completing this module, students will be able to:

  • Monitor Azure storage with metrics and alerts, and the Activity Log.

�

Course AZ-100T03:� Deploying and Managing Virtual Machines

Module 1: Overview of Azure Machines

In this module, you�ll will be introduced to Azure virtual machines. What are virtual machines and what operating systems are supported? How can you determine if your existing virtual machines can be supported in Azure? What pricing and sizing options are available?

Lessons

  • Azure Virtual Machines Overview
  • Planning Considerations

After completing this module, students will be able to:

  • Explain virtual machine usage cases, storage options, pricing, operating systems, networking capabilities, and general planning considerations.

Module 2: Creating Virtual Machines

In this module, you will learn how to create and configure Windows virtual machines. You will practice in the Azure portal, in Azure PowerShell, and with ARM templates.

Lessons

  • Overview of the Virtual Machine Creation Overview
  • Creating Virtual Machines in the Azure Portal
  • Creating Virtual Machines (PowerShell)
  • Creating Virtual Machines using ARM Templates

After completing this module, students will be able to:

  • Create Windows virtual machines in the Azure Portal, with Azure PowerShell, or using ARM Templates.

Module 3: Deploying Virtual Machine Images

In this module, you will learn how to create custom virtual machines in Azure. For example, deploying a server image that is in your on-premises datacenter. You will also learn how to create and connect to Linux virtual machines.

Lessons

  • Deploying Custom Images
  • Deploying Linux Virtual Machines

After completing this module, students will be able to:

  • Deploy custom server images and Linux virtual machines.�

Module 4: Configuring Virtual Machines

In this module, you will learn about the two main configuration areas for virtual machines: networking and storage. In the networking lesson, we will cover IP addressing, network interfaces, and network security groups. In the storage lesson, we will cover virtual machine disks, managed disks, attaching/detaching disks, and uploading disks.

Lessons

  • Overview of Virtual Machine Configuration
  • Virtual Machine Networking
  • Virtual Machine Storage

After completing this module, students will be able to:

  • Configure virtual machine networking and storage options.

Module 5: Configuring Availability and Extensibility

In this module, you will learn how to keep your virtual machines highly available with update and fault domains, and availability sets. You will also learn how to use scale sets to increase and decrease the number of the virtual machines as the workload changes. Lastly, virtual machines can be extended through custom scripts and Desired State Configuration.

Lessons

  • Virtual Machine Availability
  • Virtual Machine Scalability
  • Applying Virtual Machine Extensions

After completing this module, students will be able to:

  • Implement virtual machine high availability, scalability, and custom scripts extensions.�

Module 6: Managing and Monitoring Virtual MachinesI

In this module, you will learn the very important tasks of backing up your virtual machines and monitoring their overall health. You will practice backing up and restoring virtual machines. You will learn about monitoring, diagnostics, and Azure Advisor.

Lessons

  • Backup and Restore
  • Monitoring Virtual Machines

After completing this module, students will be able to:

  • Backup, restore, and monitor virtual machines.

�

AZ-100T04:� Configuring and Managing Virtual Networks

Module 1: Azure Virtual Networks

In this module, you�ll will be introduced to Azure virtual networks. What are virtual networks and how are they organized? How do you create and configure virtual networks with templates, PowerShell, CLI, or the Azure portal? What is the difference between public, private, static, and dynamic IP addressing? How are system routes, routing tables, and routing algorithms used?

Lessons

  • Introducing Virtual Networks
  • Creating Azure Virtual Networks
  • Review of IP Addressing
  • Network Routing

After completing this module, students will be able to:

  • Understand virtual networking components, IP addressing, and network routing options.�

Module 2: Azure DNSI

In this module, you will learn about DNS basics and specifically implementing Azure DNS. In the DNS Basics lesson you will review DNS domains, zones, record types, and resolution methods. In the Azure DNS lesson, we will cover delegation, metrics, alerts, and DNS hosting schemes.

Lessons

  • Azure DNS Basics
  • Implementing Azure DNS

After completing this module, students will be able to:

  • Implement Azure DNS domains, zones, record types, and resolution methods.

Module 3: Securing Virtual Network Resources

In this module, you will learn primarily about Network Security Groups (NSGs) including NSG rules and NSG scenarios. You will also learn how to implement NSGs considering service endpoints, logging, troubleshooting, and other network traffic.

Lessons

  • Introduction to Network Security Groups
  • Implementing Network Security Groups and Service Endpoints

After completing this module, students will be able to:

  • Configure network security groups, service endpoints, logging, and network troubleshooting.

Module 4: Connecting Virtual Networks

In this module, you will learn about two specific types of intersite connectivity: VNet-to-VNet connections and VNet Peering. In both cases, you will learn when to choose which connectivity method, and how to implement and configure the method.

Lessons

  • Intersite Connectivity (VNet-to-VNet Connections)
  • Virtual Network Peering

After completing this module, students will be able to:

  • Implement site connectivity schemas including VNet-to-VNet connections and virtual network peering.

�

AZ-100T05:� Manage Identities

Module 1: Managing Azure Active Directory

In this module, you�ll will be introduced to Azure Active Directory. What is Azure Active Directory and how is it different from Active Directory Domain Services? What is Self-Service Password Reset and how is it configured? How can Azure AD Identity protection improve your security posture. How do you integrate SaaS applications with Azure AD?

Lessons

  • Azure Active Directory Overview
  • Self-Service Password Reset
  • Azure AD Identity Protection
  • Integrating SaaS Applications with Azure AD

After completing this module, students will be able to:

  • Implement Azure Active Directory, Self-Service Password Reset, Azure AD Identity Protection, and integrated SaaS applications.

Module 2: Managing Azure Active Directory Objects

In this module, you will learn the basics of implementing Azure AD objects. These objects include domains and tenants, users and groups, roles, and devices. In each lesson you will practice how to configure these objects through the portal and with Azure PowerShell. The Azure roles lesson will be your introduction to role-based access control.

Lessons

  • Azure Domains and Tenants
  • Azure Users and Groups
  • Azure Roles
  • Managing Devices

After completing this module, students will be able to:

  • Configure domains and tenants, users and groups, roles, and devices.

Module 3: Implementing and Managing Hybrid Identities

In this module, you will learn how to integrate Active Directory with your existing infrastructure. You will learn about different authentication options like AD Connect, Single Sign On, and Pass-through authentication. You will also learn how to configure Azure AD Application Proxy and how it is used.

Lessons

  • Azure Active Directory Integration Options
  • Azure AD Application Proxy

After completing this module, students will be able to:

  • Implement and manage Azure Active Directory integration options and Azure AD Application Proxy.

�