Exam AZ-303: Microsoft Azure Architect Technologies Study Guide

I recently passed the AZ-303 exam. Below are some of the resources I used to prepare for the exam. In addition to the links below, I also used Alan Rodrigues' course on Udemy. 

https://www.udemy.com/course/az-102-azure-administrator-certification-transition/

The Udemy course and Microsoft Docs are enough to pass the exam. The course has some good practice exams and labs that align well with what you'll see on the real exam regarding difficulty. I was scoring in the high 90's on the Udemy exams. On the real exam, my score was 923. So, I think, if you comprehend the material well, and get high scores on Udemy practice exams, you'll do well on the real exam.

Just wanted to share my experience, hopefully it helps.

Implement and Monitor an Azure Infrastructure (50-55%)

Implement cloud infrastructure monitoring

• monitor security
• What is Azure Security Center?
  
• monitor performance
• configure diagnostic settings on resources
• Create diagnostic settings to send platform logs and metrics to different destinations
• create a performance baseline for resources
• Analyzing Resource Utilization on Azure
  
• monitor for unused resources
• Quickstart: Explore and analyze costs with cost analysis
  
• monitor performance capacity
• How to chart performance with Azure Monitor for VMs
  
• visualize diagnostics data using Azure Monitor
• Azure Monitor Workbooks
  
• monitor health and availability
• monitor networking
• Azure Monitor for Networks
  
• monitor service health
• Service Health overview
  
• monitor cost
• monitor spend
• Quickstart: Explore and analyze costs with cost analysis
  
• report on spend
• View and download your Microsoft Azure invoice
  
• configure advanced logging
• implement and configure Azure Monitor insights, including App Insights, Networks, Containers
• What is monitored by Azure Monitor?
  
• configure a Log Analytics workspace
• Create a Log Analytics workspace in the Azure portal
  
• configure logging for workloads
• initiate automated responses by using Action Groups
• Create and manage action groups in the Azure portal
  
• configure and manage advanced alerts
• collect alerts and metrics across multiple subscriptions
• Create, view, and manage metric alerts using Azure Monitor
  
• view Alerts in Azure Monitor logs
• Create, view, and manage activity log alerts by using Azure Monitor
  

Implement storage accounts

• select storage account options based on a use case
• Create a storage account
  
• configure Azure Files and blob storage
• Create an Azure file share
  
• Quickstart: Upload, download, and list blobs with the Azure portal
  
• configure network access to the storage account
• Configure Azure Storage firewalls and virtual networks
  
• implement Shared Access Signatures and access policies
• Grant limited access to Azure Storage resources using shared access signatures (SAS)
  
• Define a stored access policy
  
• implement Azure AD authentication for storage
• Authorize access to blobs and queues using Azure Active Directory
  
• manage access keys
• Manage storage account access keys
  
• implement Azure storage replication
• Configure object replication for block blobs
  
• implement Azure storage account failover
• Disaster recovery and storage account failover
  

Implement VMs for Windows and Linux

• configure High Availability
• Manage the availability of Linux virtual machines
  
• configure storage for VMs
• Introduction to Azure managed disks
  
• select virtual machine size
• Sizes for virtual machines in Azure
  
• implement Azure Dedicated Hosts
• Deploy VMs and scale sets to dedicated hosts using the portal
  
• deploy and configure scale sets
• Quickstart: Create a virtual machine scale set in the Azure portal
  
• configure Azure Disk Encryption
• Azure Disk Encryption for Windows VMs
  

Automate deployment and configuration of resources

• save a deployment as an Azure Resource Manager template
• Single and multi-resource export to a template in Azure portal
  
• modify Azure Resource Manager template
• What are ARM templates?
  
• evaluate location of new resources
• View activity logs to monitor actions on resources
  
• configure a virtual disk template
• Create a managed image of a generalized VM in Azure
  
• deploy from a template
• Deploy Azure virtual machines from VHD templates
• manage a template library
• Shared Image Galleries overview
  
• create and execute an automation runbook
• Getting Started With Azure Automation – Runbook Management
  

Implement virtual networking

• implement VNet to VNet connections
• Configure a VNet-to-VNet VPN gateway connection by using the Azure portal
  
• implement VNet peering
• Virtual network peering
  

Implement Azure Active Directory

• add custom domains
• Add your custom domain name using the Azure Active Directory portal
  
• configure Azure AD Identity Protection
• What is Identity Protection?
  
• implement self-service password reset
• Tutorial: Enable users to unlock their account or reset passwords using Azure Active Directory self-service password reset
  
• implement Conditional Access including MFA
• Conditional Access: Require MFA for all users
  
• configure user accounts for MFA
• Enable per-user Azure AD Multi-Factor Authentication to secure sign-in events
  
• configure fraud alerts
• Fraud alert
  
• configure bypass options
• One-time bypass
  
• configure Trusted IPs
• Trusted IPs
  
• configure verification methods
• Authentication methods
  
• implement and manage guest accounts
• Quickstart: Add guest users to your directory in the Azure portal
  
• manage multiple directories
• Understand how multiple Azure Active Directory organizations interact
  

Implement and manage hybrid identities

• install and configure Azure AD Connect
• Getting started with Azure AD Connect using express settings
  
• identity synchronization options
• Azure AD Connect user sign-in options
  
• configure and manage password sync and password writeback
• Tutorial: Enable Azure Active Directory self-service password reset writeback to an on-premises environment
  
• configure single sign-on
• Azure Active Directory Seamless Single Sign-On: Quickstart
  
• use Azure AD Connect Health
• What is Azure AD Connect Health?
  

Implement Management and Security Solutions (25-30%)

Manage workloads in Azure

• migrate workloads using Azure Migrate
• assess infrastructure
• select a migration method
• prepare the on-premises for migration
• recommend target infrastructure
• Migrate Hyper-V VMs to Azure
  
• implement Azure Backup for VMs
• Back up an Azure VM from the VM settings
  
• implement disaster recovery
• Tutorial: Set up disaster recovery for Azure VMs
  
• implement Azure Update Management
• Enable Update Management for an Azure VM
  

Implement load balancing and network security

• implement Azure Load Balancer
• What is Azure Load Balancer?
  
• implement an application gateway
• What is Azure Application Gateway?
  
• implement a Web Application Firewall
• What is Azure Web Application Firewall?
  
• implement Azure Firewall
• What is Azure Firewall?
  
• implement the Azure Front Door Service
• Quickstart: Create a Front Door for a highly available global web application
  
• implement Azure Traffic Manager
• What is Traffic Manager?
  
• implement Network Security Groups and Application Security Groups
• Network security groups
  
• Application security groups
  
• implement Bastion
• Azure Bastion documentation
  

Implement and manage Azure governance solutions

• create and manage hierarchical structure that contains management groups
• What are Azure management groups?
  
• subscriptions and resource groups
• Organize your Azure resources effectively
  
• assign RBAC roles
• Add or remove Azure role assignments using the Azure portal
  
• create a custom RBAC role
• Azure custom roles
  
• configure access to Azure resources by assigning roles
• Add or remove Azure role assignments using the Azure portal
  
• configure management access to Azure
• Manage access to an Azure subscription by using Azure role-based access control (RBAC)
  
• interpret effective permissions
• Quickstart: Check access for a user to Azure resources
  
• set up and perform an access review
• What are Azure AD access reviews?
  
• implement and configure an Azure Policy
• Quickstart: Create a policy assignment to identify non-compliant resources
  
• implement and configure an Azure Blueprint
• What is Azure Blueprints?
  

Manage security for applications

• implement and configure KeyVault
• Configure and manage secrets in Azure Key Vault
  
• implement and configure Managed Identities
• What are managed identities for Azure resources?
  
• register and manage applications in Azure AD
• Quickstart: Register an application with the Microsoft identity platform
  

Implement Solutions for Apps (10-15%)

Implement an application infrastructure

• create and configure Azure App Service
• Quickstart: Create an ASP.NET Core web app in Azure
  
• create an App Service Web App for Containers
• Deploy and run a containerized web app with Azure App Service
  
• create and configure an App Service plan
• Manage an App Service plan in Azure
  
• configure an App Service
• Configure an App Service app in the Azure portal
  
• configure networking for an App Service
• Integrate your app with an Azure virtual network
  
• create and manage deployment slots
• Set up staging environments in Azure App Service
  
• implement Logic Apps
• Quickstart: Create your first Logic Apps workflow - Azure portal
  
• implement Azure Functions
• Create your first function in the Azure portal
  

Implement container-based applications 

• create a container image
• Quickstart: Build and run a container image using Azure Container Registry Tasks
  
• configure Azure Kubernetes Service
• Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal
  
• publish and automate image deployment to the Azure Container Registry
• Deploy to Azure Container Instances from Azure Container Registry
  
• publish a solution on an Azure Container Instance
• Quickstart: Deploy a container instance in Azure using the Azure portal
  

Implement and Manage Data Platforms (10-15%)

Implement NoSQL databases

• configure storage account tables
• Quickstart: Create an Azure Storage table in the Azure portal
  
• select appropriate CosmosDB APIs
• Choose the appropriate API for Azure Cosmos DB
  
• set up replicas in CosmosDB
• Distribute your data globally with Azure Cosmos DB
  

Implement Azure SQL databases

• configure Azure SQL database settings
• Quickstart: Create an Azure SQL Database single database
  
• implement Azure SQL Database managed instances
• What is Azure SQL Managed Instance?
  
• configure HA for an Azure SQL database
• High availability for Azure SQL Database and SQL Managed Instance
  
• publish an Azure SQL database

Azure AD Sync - Set-MsolDirSyncEnabled : You cannot turn off Active Directory synchronization.

 I recently ran into a situation in my lab environment that required I resync all (2000+) user accounts to Azure AD. Though this sounds complex and daunting, its actually quite simple. T

he basic steps involve disabling sync, and then removing the user objects. This can all be done with two PowerShell commands:

1) Set-MsolDirSyncEnabled -EnableDirSync $false

    

2) Get-MsolUser -All | Remove-MsolUser -force

    

The account that you are currently running the commands as will not be removed. 

To enable Azure AD Sync, you simply reverse the boolean operation on the Set-MsolDirSyncEnabled cmdlet above. However, I ran into an issue when trying to enable Azure AD Sync. 

After some research, it turns out you must wait a period of time (up to 12 hours in some cases) before you can make a second change to the Azure AD Sync status. This error simply means that we made a recent change to Azure AD Sync, and we must wait before making another change. To prove this, there is a "DirectorySynchronizationStatus" member for the Get-MsolCompanyInformation cmdlet. If we take a look at this member, we can see the status is "PendingDisabled". 

Check the status of this periodically over the next 12 hours or so, and once it says "Enabled" or "Disabled", you should be able to change the state once more. 

Azure VM Scale Set - Get Instance IP Address

 

If you are using VM Scale Sets in Azure, you know how important it can be to quickly obtain an instance IP address. This can of course be done using the Azure Portal. However, I am often working in a shell or VSCode, and I do not want to leave the comfort of my shell to login to the portal.

There are a few options we have for retrieving information about a VMSS and its instances without using the Azure Portal. We can use PowerShell or the Azure CLI. Being that I am constantly flipping between Windows and Linux, I will detail both here.

 

You will need to have the AZ module installed. To install this module, simple open PowerShell (as admin) and type in “Install-Module -Name az”. To get the IP address of the instances within a scale set, use the following script:

https://github.com/rnemeth90/Get-VmssInstanceIpAddress

You can also use the Azure CLI to obtain individual instance IP addresses. This method is much simpler than PowerShell, and only requires one line of code:

az vmss nic list --resource-group myResourceGroup  --vmss-name myVmss | grep -w "privateIpAddress"