Design and implement Azure App Service apps (15–20%)
- Deploy Web Apps
- Define deployment slots; roll back deployments; implement pre- and post-deployment actions; create, configure and deploy packages; create App Service plans; migrate Web Apps between App Service plans; create a Web App within an App Service plan
- Configure Web Apps
- Define and use app settings, connection strings, handlers and virtual directories; configure certificates and custom domains; configure SSL bindings and runtime configurations; manage Web Apps by using Azure PowerShell and Xplat-CLI
- Configure diagnostics, monitoring and analytics
- Retrieve diagnostics data; view streaming logs; configure endpoint monitoring, configure alerts; configure diagnostics; use remote debugging; monitor Web App resources
- Configure Web Apps for scale and resilience
- Configure auto-scale using built-in and custom schedules, configure by metric, change the size of an instance, configure Traffic Manager
Create and manage Azure Resource Manager Virtual Machines (20–25%)
- Deploy workloads on Azure Resource Manager (ARM) virtual machines (VMs)
- Identify workloads that can and cannot be deployed, run workloads including Microsoft and Linux, create VMs, connect to a Windows/Linux VM
- Perform configuration management
- Automate configuration management by using PowerShell Desired State Configuration (DSC) and VM Agent (custom script extensions), configure VMs using a configuration management tool such as Puppet or Chef, enable remote debugging
- Design and implement VM storage
- Configure disk caching, plan storage capacity, configure operating system disk redundancy, configure shared storage using Azure File service, configure geo-replication, encrypt disks, implement ARM VMs with Standard and Premium Storage
- Monitor ARM VMs
- Configure ARM VM monitoring, configure alerts, configure diagnostic and monitoring storage location
- Monitor ARM VM availability
- Configure multiple ARM VMs in an availability set for redundancy, configure each application tier into separate availability sets, combine the Load Balancer with availability sets
- Scale ARM VMs
- Scale up and scale down VM sizes, deploy ARM VM Scale Sets (VMSS), configure ARM VMSS auto-scale
Design and implement a storage strategy (20–25%)
- Implement Azure storage blobs and Azure files
- Read data, change data, set metadata on a container, store data using block and page blobs, stream data using blobs, access blobs securely, implement async blob copy, configure a Content Delivery Network (CDN), design blob hierarchies, configure custom domains, scale blob storage
- Manage access
- Create and manage shared access signatures, use stored access policies, regenerate keys
- Configure diagnostics, monitoring and analytics
- Set retention policies and logging levels, analyse logs
- Implement Azure SQL Databases
- Choose the appropriate database tier and performance level; configure point-in-time recovery, geo-replication and data sync; import and export data and schema; design a scaling strategy
- Implement recovery services
- Create a backup vault, deploy a backup agent, back up and restore data
Implement an Azure Active Directory (15–20%)
- Integrate an Azure Active Directory (Azure AD) with existing directories
- Implement Azure AD Connect and single sign-on with on-premises Windows Server 2012 R2, add custom domains, monitor Azure AD
- Configure Application Access
- Configure single sign-on with SaaS applications using federation and password-based, add users and groups to applications, revoke access to SaaS applications, configure access, configure federation with Facebook and Google ID
- Integrate an app with Azure AD
- Implement Azure AD integration in web and desktop applications, leverage Graph API
- Implement Azure AD B2C and Azure B2B
- Create an Azure AD B2C Directory, register an application, implement social identity provider authentication, enable multi-factor authentication, set up self-service password reset, implement B2B collaboration, configure partner users, integrate with applications
Implement virtual networks (10–15%)
- Configure virtual networks
- Deploy a VM into a virtual network; configure external and internal load balancing; implement Application Gateway; design subnets; configure static, public, and private IP addresses; set up Network Security Groups (NSGs), DNS at the virtual network level, HTTP and TCP health probes, public IPs, User Defined Routes (UDRs), firewall rules and direct server return
- Modify network configuration
- Modify subnets, NSGs, and UDRs
- Design and implement a multi-site or hybrid network
- Choose the appropriate solution between ExpressRoute, site-to-site and point-to-site; choose the appropriate gateway; identify supported devices and software VPN solutions; identify networking prerequisites; configure virtual networks and multi-site virtual networks
Design and deploy ARM templates (10–15%)
- Implement ARM templates
- Author ARM templates; create ARM templates to deploy ARM Resource Providers resources; deploy templates with PowerShell, CLI and REST API
- Control access
- Leverage service principles with ARM authentication, use Azure Active Directory Authentication with ARM, set management policies, lock resources
- Design role-based access control (RBAC)
- Secure resource scopes, such as the ability to create VMs and Azure Web Apps; implement Azure role-based access control (RBAC) standard roles; design Azure RBAC custom roles.