Azure Exam AZ-102 Overview, Part 2

This is the second part of my Azure AZ-102 Review. It will focus on the content that is being pulled from the AZ-101 objective domains.

You can find part 1 of this article here: Azure Exam AZ-102 Overview, Part 1.

AZ-101: Microsoft Azure Integration and Security

Evaluate and perform server migration to Azure (15-20%)

  • Evaluate migration scenarios by using Azure Migrate
    May include but not limited to

o   Discover and assess environment

o   Identify workloads that can and cannot be deployed

o   Identify ports to open

o   Identify changes to network

o   Identify if target environment is supported

o   Setup domain accounts and credentials

  • Migrate servers to Azure
    May include but not limited to

o   Migrate by using Azure Site Recovery (ASR)

o   Migrate using P2V

o   Configure storage

o   Create a backup vault

o   Prepare source and target environments

o   Backup and restore data

o   Deploy Azure Site Recovery (ASR) agent

o   Prepare virtual network

This is another topic area that I suspect will cause some grief for a significant number of people. Not because it is particularly difficult, but the tools themselves are relatively new and if you don’t have (or haven’t had) the need to do migrations, then this will be largely undiscovered territory for you, and may be an area where your knowledge is more theoretical rather than practical. I found myself in that boat. I do a lot of building of new resources in Azure but have not had a need to migrate any existing workloads. That may change, but right now it’s just not part of my job.

Having said that, make sure you know the processes, the steps that need to be taken. Do you create a migration project and then an assessment, or is it the other way around?

It will also behoove you to know all the supported configurations that can be migrated. This includes the guest operating systems as well as the virtualization platforms. Again, know this across all the supported platforms. Know where the differences are, as well as the similarities. Realistically, start here:


Implement and manage application services (5-10%)

  • Configure serverless computing
    May include but not limited to

o   Create and manage objects

o   Manage a Logic App resource

o   Manage Azure Function app settings

o   Manage Event Grid

o   Manage Service Bus

This isn’t a massive part of the exam, but a little time spent getting familiar with these topics will basically give you “free points” in your score. In my experience, most people are familiar with creating and managing web apps but are not as strong with the other application services. My biggest piece of advice: get to know the other application services.

Specifically, know when to use what. Especially within services like Service Bus, which have multiple choices (queue/topic/relay). Familiarize yourself with the service plan sizing—I’ve heard anecdotally that that is fair game (although personally I think that shouldn’t be included, as that changes often is and is quickly and easily looked up when needed).

Event Grid documentation

Implement advanced virtual networking (5-10%)

  • Monitor and manage networking
    May include but not limited to

o   Monitor on-premises connectivity

o   Use network resource monitoring and Network Watcher

o   Manage external networking and virtual network connectivity

If you’ve been working with Azure virtual networks regularly, there shouldn’t be much on here that would cause most people to struggle. Again, know the processes.  Learn how to drive Network Watcher, and what it can do. Understand when it is the right choice for monitoring an issue, and which part of Network Watcher to use, as it does lots of things.

Secure identities (5-10%)

  • Implement Multi-Factor Authentication (MFA)
    May include but not limited to

o   Enable MFA for an Azure tenant

o   Configure user accounts for MFA

o   Configure fraud alerts

o   Configure bypass options

o   Configure trusted IPs

o   Configure verification methods

o   Manage role-based access control (RBAC)

o   Implement RBAC policies

o   Assign RBAC Roles

o   Create a custom role

o   Configure access to Azure resources by assigning roles

o   Configure management access to Azure

This is all about the advanced configuration of Azure AD. Much of this is covered in the existing Microsoft courses (20533 and 20347), but not in enough depth to feel comfortable with the questions. I know I do quick demos and talk about most of these things, but I don’t dive into them deeply and spend a lot of time on them in class. That may have to change.

Azure AD Authentication Documentation



The new Azure exams, and the approach to role-based certifications is going to bring about some new challenges. For trainers and students. Until there is some structured content available to address these gaps, then it will be up to individuals to make sure they stay on top of what they need to know.  I hope these posts help you figure out what that is, and get you started on your prep.

Good luck!

One thought on “Azure Exam AZ-102 Overview, Part 2


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s