Many of you may have may have read/heard the announcement from Microsoft Learning about the changes to the Azure certification and exams. I’m guessing that there will be lots of discussion around whether this is a good thing, a bad thing, or just a thing. From what I can tell, Microsoft is attempting to respond to what they are being told by companies/partners/the market. Is this the right move? Will it work? Are they just muddying the certification waters? Time will tell, and that is probably a good topic for another time.

What I’m interested in here is “what’s new in the new exams” and “what do I need to know”. The new exams will be rolling out from July 2018, but I wouldn’t expect updated courses from Microsoft until late 2018/early 2019, so until then it will really be up to the individual to make sure they get themselves ready, and hopefully trainers will integrate this content into the legacy courses.

The first exams coming down the pipe are for the Azure Administrator certification. You can find the details here:


AZ-102: Microsoft Azure Administrator Certification Transition

These exams are available for public beta from July 15, 2018 and will likely go live in mid-September. Other exams will probably be landing in beta in the September timeframe.

I had an opportunity to attempt AZ-102, the exam that is meant to be a transition for people who have already passed exam 70-533, Implementing Microsoft Azure Infrastructure Solutions. Without violating the NDA, I want to review the content of this exam, and my reactions to it.

My first thoughts

First things first—this exam will likely be around 50 questions. There will be a mix of case studies, standard questions, and repeated question sets. At some point, performance-based testing (i.e. you have to do the task) is likely going to be integrated into the exam.

My first impression of this exam was “hard but fair”. Having said that, I did this on the first day of the beta, so I had no exam prep. I was reasonably familiar with all the topics that appeared on my exam. Was I “exam ready”? Probably not.  Especially for questions that were process driven, i.e. “Select the steps and put them in the right order” or “Choose the three actions you would do to xyz”. But overall, I felt if you have been using Azure for infrastructure solutions, then passing this exam should be very achievable.

Because this is an exam specifically designed for people who have already passed 70-533, the topics covered are all the objectives that aren’t already in 20533. So, if you are currently in the middle of prep for exam 70-533, then I would recommend that you continue down that path then do AZ-102 after that. If you had not even started preparation, then you might want to consider taking the AZ-100 and AZ-101 exams instead. Since it is a “differences” exam, the content is culled from both AZ-100 and AZ-101.

Now to the topics . . .

AZ-100: Microsoft Azure Infrastructure and Deployment Topics

Manage Azure subscriptions and resources (5-10%)

  • Analyze resource utilization and consumption
    May include but not limited to

o   Configure diagnostics settings on resources

o   Create baselines for resources

o   Create and reset alerts

o   Analyze alerts across the subscription

o   Analyze metrics across subscription

o   Create action groups

o   Monitor for unused resources

o   Monitor spend

o   Report on spend

o   Utilize Log Search query functions

o   View alerts in Log Analytics

Here’s the part of Azure resource configuration that almost always gets glossed over in training materials— “Oh yeah, and here you can configure some metrics and alerts. Moving on now…” This is something that I think many people will need to get familiar with options in this space and practice some practical applications.  I would probably add using tags on resources and resource groups (and the default behaviours that come from that), especially as it relates to running queries and generating reports for specific resources or resource types.

If you’re not already, make sure you understand how Log Analytics works, and what all the “Diagnostics” settings are on all the major Azure resources. You can start digging around in the “How-to guides” of the Azure Log Analytics documentation.

This section would also include being able to configure/use the costing and analysis tools, like Azure Advisor. Understanding when to use that service, how to configure it, and how interpret the results will be very useful for this exam. Knowing what your choices are for filtering the results in the cost analysis tools, and how they connect to things like tags and subscriptions will also be helpful.

Azure Advisor documentation

Implement and manage storage (5-10%)

  • Configure Azure Files
    May include but not limited to

o   Create Azure file share

o   Create Azure File Sync service

o   Create Azure sync group

o   Troubleshoot Azure File Sync

This section really focuses on understanding how to configure the Files service in a storage account. Specifically, really get to know and love the Azure File Sync service. This is a relatively new-ish service, and is something that is designed to scratch a very specific itch. It’s very possible that you may not have had need to use that service, which means your knowledge here could be light.  A good place to start would be Planning for an Azure File Sync deployment, and Deploy Azure File Sync.

Configure and manage virtual networks (15-20%)

  • Create connectivity between virtual networks
    May include but not limited to

o   Create and configure VNET peering

o   Create and configure VNET to VNET

o   Verify virtual network connectivity

o   Create virtual network gateway

  • Configure name resolution
    May include but not limited to

o   Configure Azure DNS

o   Configure custom DNS settings

o   Configure DNS zones

This topic is the one that I felt might require the least amount of extra work to prepare for. If you are working with the Azure IaaS services, then you should be pretty good with DNS. If you haven’t done a lot of work the Azure DNS specifically, then taking a bit of time to familiarize yourself with the differences between Public DNS zones and Private DNS zones, the common record types and delegations (i.e. common DNS management tasks), should put you in good stead.

As for the connectivity between virtual networks—there’s not a lot new in this space, and this is covered pretty well in the existing training materials. An area that might throw a spanner into the works for some people might be understanding how this connectivity works when you have multiple VNets (i.e. how do you create routes, rather than a big mesh). You can use VNets peering and custom routes, or you can use VNET to VNET. Know how to do either, and understand how data is going to flow with default settings.

If you want more information about the peering options, you might want to start with the Virtual Network Peering documentation.

Manage Identities (15-20%)

  • Manage Azure Active Directory
    May include but not limited to

o   Add custom domains

o   Configure Azure AD Identity Protection

o   Azure AD Join

o   Enterprise State Roaming

o   Configure self-service password reset

o   Implement conditional access policies

o   Manage multiple directories

o   Perform an access review

  • Implement and manage hybrid identities
    May include but not limited to

o   Install and Configure Azure AD Connect

o   Configure federation and single sign-on

o   Manage Azure AD Connect

o   Manage password sync and writeback

This is an area that I didn’t stress over when questions from here appeared, but I also do quite a bit with this because I spend a lot of time configuring these things for Office 365.  Assuming that you have some experience with Azure AD setup and configuration, as well as Azure AD Connect, you really will want to make sure you fill in your gaps. For example, if you’re strong on setting up federation, you’ll probably be in good shape for that, but you might want to make sure you have a good understanding of how to configure Pass-through configuration.

Another area that I suspect may trip people up will be the Azure AD Identity Protection and Conditional Access Policies.  These services are straightforward to configure (imho), but if you’ve not had the need to use them, then taking a bit of time to make sure you understand what each one does, why you want it, and how to configure it will make a big difference.

Part 2 will cover the content from AZ-101.


One thought on “AZURE EXAM AZ-102 OVERVIEW, PART 1

  1. Pingback: Azure Exam AZ-102 Overview, Part 2 – NZMCT

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s