Key Points: Microsoft Azure Administrator (AZ-103)

Key points consolidated from the course Exam Tips: Microsoft Azure Administrator (AZ-103) of learning path Prepare for Microsoft Azure Administrator Certification (AZ-103) on Linkedin Learning

Manage Azure Subscriptions and Resources

Manage Azure Subscriptions

  • Know where to enable the User Access Administrator
  • Understand the components of a policy
  • Know how to use tags for reporting
  • Be familiar with RBAC and how it is used to control access to Azure resources

Analyze Resource Utilization

  • Know how to create a log search query
  • Know how to create an alert
  • Know how to create an action group
  • Understand how often notifications are sent to an action group
  • Learn what the Azure Monitor will report on

Manage Resource Groups

  • Azure policies can be applied to the resource group level instead of the subscription level
  • Know the permissions required to move a resource group
  • Understand the relationship between resources when applying locks
  • Know that applying a read-only lock may have unforeseen consequences

Manage Role-Based Access Control

  • Security Principal
  • Role Definition
  • Scope
  • Role Assignment

Implement and Manage Storage

Create and Configure Storage Accounts

  • Understand the different types of replication
  • Know the different types of storage
  • Know how to create a storage account
  • Know the order in which to generate keys
  • Be familiar with the new firewall and VNet services

Import and Export Data to Azure

  •  Know when you would need to use Import/Export service
  • Practice creating import and exporft jobs
  • Review the specifications of the Azure Data Box service

Configure Azure File

  • Know the troubleshooting steps to resolve a file sync issue
  • Understand what Azure File Sync doesn't support
  • Practice installing Azure File Sync, which includes several steps and takes time
  • Know all the steps to configure Azure File Sync

Implement Azure Backup

  • Review the different backup options
    • Azure Backup (MARS) Agent - No Linux support; not application aware
    • System Center DPM - Requires System Center license
    • Azure Backup Server - Does not require a System Center License; does not support tape
    • Azure Virtual Machine Backup - Does not require an agent; only back up once a day
  • What backup option would be the best given a specific scenario
  • Know how to create a Recovery Service vault
  • Review replication options when configuring the Recovery Service vault

Deploy and Manage Virtual Machines (VMs)

Create and Configure a VM for Windows and Linux

  • Know how to create a virtual machine 
  • Understand the virtual machine storage and disk options
  • Know and recommend the best virtual machine size based on the performance requirement
  • Know when and why to use scale sets
  • Know how to configure a scale set

Automate Deployment of VMs

  •  Be familiar with the basic template structure
  • Know where templates can be acquired
  • Know the steps to deploy a template using different methods

Manage an Azure VM

  • Understand the implications of moving resources
  • Know the requirements to move resources
  • Know why a virtual machine would need to be redeployed
  • Know why and how to attach a data disk

Manage VM Backups

  • Know how to create a backup policy
  • Understand the limitations of the backup policy
  • Know when to restore a full virtual machine vs. disks only
  • Practice restoring virtual machines and files

Configure and Manage Virtual Networks

Create Connectivity Between Virtual Networks

  • Know how to create a VNet , subnet, and gateway
  • Know when to use PowerShell to create a connection
  • Know that connecting networks need to be configured in both directions
  • VNet peering uses internal DNS only

Implement and Manage Virtual Networking

  • Know how to create multiple subnets
  • Understand what happens if you create a subnet that is too small
  • Know when to use a user-defined route (UDR)
  • Know the default hops in a system route
  • Review private and public IPs (dynamic and static)

Configure Name Resolution

  • Know when to use your own DNS server
  • Know when to use an alias record set
  • Understand how to configure a custom DNS record for web apps

Create and Configure a Network Security Group (NSG)

  • Know the default inbound and outbound security rules
  • Priority: the lower the number, the higher the priority
  • NSG must be in the same location as the virtual network
  • If applying an NSG to a virtual machine and the subnet, the allow rule must be allowed at both levels or the traffic will be blocked
  • NSG cannot be applied to a gateway subnet

Implement Azure Load Balancer

  • Know how to configure a load balacer, including health probes
  • Know the difference between the SKUs
  • A single load balancer cannot be both internal and public (external)

Monitor and Troubleshoot Virtual Networking

  • Know which tool does what:
    • Network Monitor - provides metrics and logs and  creates alerts
    • Network Watcher - can monitor and diagnose virtual networks
    • Security Center - provides recommendations to secure the virtual networks

Integrate On-premise Network with an Azure Vitual Network

  • Know the differences between site to site and point to site
  • Know when to use S2S or P2S
  • Compare and contrast gateway SKUs

Manage Identities

Manage Azure Active Directory (AD)

  • Know how to configure and implement an access review
  • Know how to complete an access review as a user
  • Create a conditional access rule
  • Review Azure AD Identity Protection in depth

Manage Azure AD Objects: Users, Groups, and Devices

  • Review how to import bulk users using a .csv
  • Understand the different types of groups
  • Know how to create a rule for  a dynamic group
  • Know how to create and delete users and groups

Implement and Manage Hybrid Identities

  • Understand how to install and configure Azure AD Connect
  • Fully understand the diffrerent sign-on options
  • Choose the correct sign-on option based on a scenario
  • Review Azure AD Connect Health

Implement Multi-Factor Authentication (MFA)

  • Know what is covered by the paid and free version of MFA
  • Know the different Microsoft cloud MFA offerings
  • Know how to configure MFA