This module concentrates on the identity and governance layer of Azure, equipping participants to structure directory services, access controls and policy frameworks to securely govern cloud resources.
Lessons:
Understand Microsoft Entra ID (formerly Azure AD) and cloud directory services including differences compared to on-premises AD DS.
Configure user accounts, manage group memberships, guest user access and self-service password reset.
Manage role-based access control (RBAC): assign built-in and custom roles, interpret access assignments, secure resource scopes (subscriptions, resource groups, resources).
Configure and manage Azure subscriptions, management groups, resource groups, tagging strategies and cost-governance approaches.
Implement governance features including Azure Policy, initiative definitions, resource locks, compliance monitoring and tagging enforcement.
Directory services architecture: Microsoft Entra ID vs AD DS.
Role-based access control (RBAC) scopes, definitions, assignments and auditing.
Subscription and management-group structure, cost-management, resource tagging strategy.
Azure Policy and initiative definitions: assignment, compliance state and enforcement.
Identity-security best practices: guest access, self-service reset, licensing models and governance frameworks.
Create and configure users, groups and guest accounts in Microsoft Entra ID including bulk import scenarios.
Assign RBAC roles at different scopes (subscription, resource group, resource), interpret assignments and implement custom roles.
Create management groups and subscriptions; apply Azure Policy definitions and initiative assignments; enforce tagging and cost-alert scenarios.
This module equips participants to design, deploy and secure Azure storage solutions including block/blob/file services, data tiering, access controls and migration tools.
Lessons:
Create and configure storage accounts: select replication, performance tiers, access tiers and region.
Configure Blob Storage: containers, lifecycle management, tiering, versioning and soft-delete.
Configure Azure Files: file shares, Azure File Sync, hybrid file-share access and file-share management.
Secure storage accounts: shared access signatures (SAS), identity-based access, encryption at rest, firewall and virtual-network rules.
Use tools like Azure Storage Explorer and AzCopy to manage data, perform import/export, and manage storage accounts.
Storage account types (General Purpose v2, Blob Storage), redundancy options (LRS, GRS), performance tiers.
Blob vs File services: container lifecycle policies, access tiers, soft-delete, versioning, hybrid file-sync.
Access control: SAS tokens, identity-based access, stored access policies, access keys.
Network access for storage accounts: firewall rules, service endpoints, private endpoints and virtual-network integration.
Monitoring and data migration tools: AzCopy, Storage Explorer, import/export jobs and account management.
Create storage accounts with designated replication strategy and tier configuration.
Configure Blob Storage container lifecycle rules, implement versioning and soft-delete.
Set up Azure Files share, configure Azure File Sync with on-premises server and manage access permissions.
Implement SAS tokens, configure firewall and virtual-network rules, enable identity-based access for storage.
This module enables participants to provision and manage compute infrastructure in Azure, including VMs, containers, web apps and automation via infrastructure-as-code.
Lessons:
Plan and deploy virtual machines (VMs): sizing, OS/disks, availability sets/zones, disk encryption, VM extensions.
Deploy and manage VM Scale Sets for high availability and autoscaling.
Deploy web applications via Azure App Service: choose service plan, configure deployment slots, custom domains and TLS certificates.
Deploy containers and orchestrate using Azure Container Instances (ACI), Azure Kubernetes Service (AKS) and container registries.
Automate compute resource deployment using ARM templates or Bicep files and infrastructure-as-code practices.
VM lifecycle: sizing, storage configuration, region/migration, availability zones/sets, extensions and encryption.
High availability and autoscaling: VM Scale Sets, availability sets vs zones, load-balancing implications.
App Service architecture: service plans, hosting models, deployment slots, TLS/certificate and custom domains.
Container compute: ACI vs AKS, container registry usage, scaling, networking and orchestration basics.
Infrastructure as code: ARM templates, Bicep, template parameterization, deployment strategies and repeatability.
This module covers the design, configuration and management of Azure networking, including virtual networks, connectivity, security controls and traffic management.
Lessons:
Configure virtual networks (VNets), subnets, IP addressing, public/private IPs and network segmentation.
Apply network-security controls using Network Security Groups (NSGs), Application Security Groups (ASGs) and Azure Firewall.
Establish connectivity: virtual network peering, VPN Gateway, ExpressRoute, Virtual WAN and hub-spoke topologies.
Configure load-balancing and traffic routing: Azure Load Balancer (public/internal), Application Gateway, Traffic Manager and service endpoints/private endpoints.
Monitor and troubleshoot network connectivity using tools such as Azure Network Watcher, flow logs and packet capture.
Virtual network design: IP-address planning, subnetting, public/private IP assignments, resource placement strategies.
Access control: NSG/ASG rule creation and evaluation, firewall policy, service endpoints/private links, Azure Bastion.
Routing and connectivity: user-defined routes (UDRs), peering transit, hub-spoke architecture, cross-region connectivity, VPN/ExpressRoute.
Traffic management: load-balancer types, back-end pools, health probes, session persistence, Application Gateway features.
Network monitoring and diagnostics: Network Watcher, connection monitor, packet capture, flow logs, topology view.
Create a virtual network with specified IP-address space, subnets, public/private IPs and implement VNet peering.
Configure NSGs for inbound/outbound traffic rules and implement Azure Firewall policies for filtered traffic.
Set up a VPN Gateway or ExpressRoute connection between Azure and on-premises or across regions.
Deploy a load-balanced web tier using Azure Load Balancer or Application Gateway and test fail-over scenario.
Use Azure Network Watcher to capture traffic flows, analyze connectivity issues and troubleshoot routing.
This module provides skills to monitor, protect and maintain Azure resources by implementing backups, disaster recovery, performance monitoring and compliance frameworks.
Lessons:
Configure Azure Monitor: metrics, diagnostics, alerts, dashboards, action groups and workbooks.
Use Log Analytics workspace: query logs, configure diagnostic settings, interpret insights and analyze performance.
Implement backup and disaster-recovery: configure Azure Backup, Azure Site Recovery, Recovery Services vaults and restoration operations.
Monitor compute, storage and networking resources: enable insights, review alerts and interpret logs to tune resource performance.
Maintain business-continuity and compliance: set up service-health alerts, apply backup policies, execute restoration plans and optimise cost/performance.
Monitoring architecture: metrics vs logs, diagnostic settings, alert rules, action groups and dashboard design.
Log Analytics workspace: Kusto Query Language (KQL), workspace configuration, data ingestion, query results and insights.
Backup and recovery: Recovery Services vaults, file/folder backup, VM backup, failover/failback and site-recovery planning.
Resource maintenance: performance tuning, cost optimisation, monitoring VMs, storage accounts, networks and interpreting insights.
Compliance and continuity: service-health alerts, SLA monitoring, backup schedule, restoration testing and documentation.
Configure Azure Monitor for a virtual machine and a storage account; set up alerts and create a dashboard to visualise resource metrics.
Create a Recovery Services vault; configure a backup policy and perform a restore operation for a VM or file share.
Use Log Analytics workspace to query logs from virtual machines and networks; analyse performance trends and troubleshoot an issue.
Configure action groups and alerts for resource-usage thresholds; simulate an incident and evaluate response procedures.
