Azure Spring Clean 2021

Back for another year, Azure Spring Clean returns this week to help with all of your Azure Management options. The event will run from today Monday 23rd through until Friday 26th.

Each day, there will be articles from the following blend of topics:

  • Azure Monitor
  • Azure Cost Management
  • Azure Policy
  • Azure Security Principles
  • Azure Foundations

All articles are community driven and are a mix of experience and technical detail. You may recognise some faces from last year, which is great to see as organisers. Conversely there are new contributors too which is equally great and inspiring to continue the event annually.

You can follow along with the event on Twitter, using #AzureSpringClean

For all of the latest relative to the event, head to the site – Azure Spring Clean

.

AZ-140: Configuring and Operating Windows Virtual Desktop on Microsoft Azure (beta) – Study Guide

Microsoft continues to expand it’s specialty exams and next on the list is AZ-140. This exam is brand new and should be available in March 2021. Here is what Microsoft have to say about it:

Candidates for this exam are Microsoft Azure administrators with subject matter expertise in
planning, delivering, and managing virtual desktop experiences and remote apps, for any device,
on Azure.


Responsibilities for this role include deploying virtual desktop experiences and apps to Azure.
Professionals in this role deliver applications on Windows Virtual Desktop and optimize them to
run in multi-session virtual environments. To deliver these experiences, they work closely with
the Azure administrators and architects, along with Microsoft 365 Administrators.


Candidates for this exam should have experience in Azure technologies, including virtualization,
networking, identity, storage, backups, resilience, and disaster recovery. They should understand
on-premises virtual desktop infrastructure technologies as they relate to migrating to Windows
Virtual Desktop. These professionals use the Azure portal and Azure Resource Manager
templates to accomplish many tasks. This role may use PowerShell and Azure Command-Line
Interface (CLI) for more efficient automation.


Candidates for this exam must have expert Azure administration skill

As the exam will launch in beta, if you take it, it will not be scored immediately. So bear that in mind before you sit it! Of course, if you pass the exam, once scored, it will count towards a new specialty certification – Microsoft Certified: Windows Virtual Desktop Specialty

As always, a great place to start is Microsoft Learn. There are several interactive learning modules specifically for WVD that are free that you can work through at your own pace. I find this a great way to study and gain greater understanding of the services by actually using them and you will need to be very familiar with Azure to pass this exam.

Below I’ve put together a collection of links relevant to the sections Microsoft have highlighted as being part of the skills measured for this exam. These are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it. Hopefully these study materials will help guide you to successfully passing AZ-140!

Plan a Windows Virtual Desktop Architecture (10-15%)

Design the Windows Virtual Desktop architecture

Design for user identities and profiles

Implement a Windows Virtual Desktop Infrastructure (25-30%)

Implement and manage networking for Windows Virtual Desktop

Implement and manage storage for Windows Virtual Desktop

Create and configure host pools and session hosts

Create and manage session host images

Manage Access and Security (10-15%)

Manage access

Manage security

Manage User Environments and Apps (20-25%)

Implement and manage FSLogix

Configure user experience settings

Install and configure apps on a session host

Monitor and Maintain a Windows Virtual Desktop Infrastructure (20-25%)

Plan and implement business continuity and disaster recovery

Automate Windows Virtual Desktop management tasks

Monitor and manage performance and health

AZ-500 Microsoft Azure Security Technologies – Study Guide

Updated February 2021

Azure has a sole security focused exam, AZ-500 Microsoft Azure Security Technologies. Passing this single exam will allow you to earn a Microsoft Certified: Azure Security Engineer Associate certification.

So, if you’re interested and wondering if you should take this exam? Here is what Microsoft have to say:

Candidates for this exam are Microsoft Azure security engineers who implement security controls, maintain the security posture, manages identity and access, and protects data, applications, and networks. Candidates identify and remediate vulnerabilities by using a variety of security tools, implements threat protection, and responds to security incident escalations. As a Microsoft Azure security engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.

Candidates for this exam should have strong skills in scripting and automation, a deep understanding of networking, virtualization, and cloud N-tier architecture, and a strong familiarity with cloud capabilities, Microsoft Azure products and services, and other Microsoft products and services.

Below, I’ve put together a collection of links relevant to the sections highlighted as being part of the skills measured for this exam. As always, these are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it.

If you spot something, or have a better link for a topic, get in touch! I will update this post as regularly as possible and always appreciate any feedback.

A good place to start is the Azure Security Documentation page. This site includes most of the key concepts and services covered in this exam, as well as several best practice approaches you should consider.

Manage Identity and Access (30-35%)

Manage Azure Active Directory identities
Configure secure access by using Azure AD
Manage application access
Manage access control

Implement Platform Protection (15-20%)

Implement advanced network security
Configure advanced security for compute

Manage Security Operations (25-30%)

Monitor security by using Azure Monitor
Monitor security by using Azure Security Center
Monitor security by using Azure Sentinel
Configure Security Policies

Secure Data and Applications (20-25%)

Configure security for storage
Configure security for databases
Configure and manage Key Vault

AZ-304: Microsoft Azure Architect Design (beta) – Study Guide

Microsoft continues to update it’s role based exams and next on the list is AZ-304. This is the updated version of AZ-301 and launched at the end of June 2020. Currently this exam is arguably part of the most difficult certification path as it is one of only two Expert level certifications for Azure. Here is what Microsoft have to say about it:

Candidates for this exam are Azure Solutions Architects who advise stakeholders and translate business requirements into secure, scalable, and reliable solutions. Candidates should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution. Candidates must have expert-level skills in Azure administration and have experience with Azure development processes and DevOps processes.

As the exam is still in beta, if you take it, it will not be scored immediately. So bear that in mind before you sit it! Of course, if you pass the exam, once scored, it will count towards the certification.

As always, a great place to start is Microsoft Learn. There are several interactive learning paths that are free that you can work through at your own pace. I find this a great way to study and gain greater understanding of the services by actually using them and you will need to be very familiar with Azure to pass this exam.

Below I’ve put together a collection of links relevant to the sections Microsoft have highlighted as being part of the skills measured for this exam. These are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it. Hopefully these study materials will help guide you to successfully passing AZ-304!

Design Monitoring (10-15%)

Design for cost optimization

Design a solution for logging and monitoring

Design Identity and Security (25-30%)

Design authentication

Design authorization

Design governance

Design security for applications

Design Data Storage (15-20%)

Design a solution for databases

Design data integration

Select an appropriate storage account

Design Business Continuity (10-15%)

Design a solution for backup and recovery

Design for High Availability

Design Infrastructure (25-30%)

Design a compute solution

Design a network solution

Design an application architecture

Design migrations

How To – Confirm and Enable Azure Resource Providers

Depending on your level of permission on an Azure subscription, you may or may not have encountered Resource Providers directly. However, when you do, they can be a bit tricky. This post will hopefully clear up some of the most common issues and help you get working that bit quicker.

First up, what is an Azure Resource Provider? Simply put, it is a service within Azure Resource Manager that provides the resources you build. An example is Microsoft.Network which provides Virtual Networks among many others.

By default, if you have the correct role at a subscription level, Resource Providers are automatically registered. However, to register you need either Contributor, Owner, or a Custom Role with permission to do the /register/action operation. Resource Providers are always at subscription level and once registered, you can’t unregister when you still have resource types from that Resource Provider in your subscription.

So, in a scenario where you have an Owner role but only on a Resource Group within a subscription, you do not have permission to register Resource Providers.

Next, how do I check which Resource Providers are registered? There are a couple of ways to achieve this. You can simply check within the Portal, which gives some nice immediate visuals. Head to the Azure Portal, and navigate to your subscription. Scroll down to the Settings section and choose Resource Providers.

From here you can see a list of Registered, NotRegistered, and Registering providers. To register, simply click the relevant provider and choose Register at the top of the list. Similar for unregister once the previously mentioned caveat is met.

In some cases, you may want to avoid issues with NotRegistered providers and want to Register them all for a subscription. This can be achieved via the shell.

Log into Azure Powershell and choose your required subscription. Next run the following:

Get-AzResourceProvider -ListAvailable | Select-Object ProviderNamespace, RegistrationState

This will list all resource providers, and the registration status for your subscription. You can get additional details on each provider including resources it supports and locations supported by running the commands detailed in this doc.

To register all providers at once, run the following:

Get-AzResourceProvider -ListAvailable | Register-AzResourceProvider

The shell will then cycle through all providers and list their status as it works its way through them all. Similar to below:

And that’s it! You now know how to check the status of your Resource Providers and how to enable them as needed. As usual, I can’t take any responsibility for commands provided in examples, please use at your own risk. But, if there are any questions, please get in touch!