Azure Exam AZ-102 Overview, Part 2

This is the second part of my Azure AZ-102 Review. It will focus on the content that is being pulled from the AZ-101 objective domains.

You can find part 1 of this article here: Azure Exam AZ-102 Overview, Part 1.

AZ-101: Microsoft Azure Integration and Security

Evaluate and perform server migration to Azure (15-20%)

  • Evaluate migration scenarios by using Azure Migrate
    May include but not limited to

o   Discover and assess environment

o   Identify workloads that can and cannot be deployed

o   Identify ports to open

o   Identify changes to network

o   Identify if target environment is supported

o   Setup domain accounts and credentials

  • Migrate servers to Azure
    May include but not limited to

o   Migrate by using Azure Site Recovery (ASR)

o   Migrate using P2V

o   Configure storage

o   Create a backup vault

o   Prepare source and target environments

o   Backup and restore data

o   Deploy Azure Site Recovery (ASR) agent

o   Prepare virtual network

Continue reading “Azure Exam AZ-102 Overview, Part 2”



Many of you may have may have read/heard the announcement from Microsoft Learning about the changes to the Azure certification and exams. I’m guessing that there will be lots of discussion around whether this is a good thing, a bad thing, or just a thing. From what I can tell, Microsoft is attempting to respond to what they are being told by companies/partners/the market. Is this the right move? Will it work? Are they just muddying the certification waters? Time will tell, and that is probably a good topic for another time.

What I’m interested in here is “what’s new in the new exams” and “what do I need to know”. The new exams will be rolling out from July 2018, but I wouldn’t expect updated courses from Microsoft until late 2018/early 2019, so until then it will really be up to the individual to make sure they get themselves ready, and hopefully trainers will integrate this content into the legacy courses.

The first exams coming down the pipe are for the Azure Administrator certification. You can find the details here:


AZ-102: Microsoft Azure Administrator Certification Transition

These exams are available for public beta from July 15, 2018 and will likely go live in mid-September. Other exams will probably be landing in beta in the September timeframe.

I had an opportunity to attempt AZ-102, the exam that is meant to be a transition for people who have already passed exam 70-533, Implementing Microsoft Azure Infrastructure Solutions. Without violating the NDA, I want to review the content of this exam, and my reactions to it.

My first thoughts

First things first—this exam will likely be around 50 questions. There will be a mix of case studies, standard questions, and repeated question sets. At some point, performance-based testing (i.e. you have to do the task) is likely going to be integrated into the exam.

My first impression of this exam was “hard but fair”. Having said that, I did this on the first day of the beta, so I had no exam prep. I was reasonably familiar with all the topics that appeared on my exam. Was I “exam ready”? Probably not.  Especially for questions that were process driven, i.e. “Select the steps and put them in the right order” or “Choose the three actions you would do to xyz”. But overall, I felt if you have been using Azure for infrastructure solutions, then passing this exam should be very achievable.

Because this is an exam specifically designed for people who have already passed 70-533, the topics covered are all the objectives that aren’t already in 20533. So, if you are currently in the middle of prep for exam 70-533, then I would recommend that you continue down that path then do AZ-102 after that. If you had not even started preparation, then you might want to consider taking the AZ-100 and AZ-101 exams instead. Since it is a “differences” exam, the content is culled from both AZ-100 and AZ-101.

Now to the topics . . .

AZ-100: Microsoft Azure Infrastructure and Deployment Topics

Manage Azure subscriptions and resources (5-10%)

  • Analyze resource utilization and consumption
    May include but not limited to

o   Configure diagnostics settings on resources

o   Create baselines for resources

o   Create and reset alerts

o   Analyze alerts across the subscription

o   Analyze metrics across subscription

o   Create action groups

o   Monitor for unused resources

o   Monitor spend

o   Report on spend

o   Utilize Log Search query functions

o   View alerts in Log Analytics

Here’s the part of Azure resource configuration that almost always gets glossed over in training materials— “Oh yeah, and here you can configure some metrics and alerts. Moving on now…” This is something that I think many people will need to get familiar with options in this space and practice some practical applications.  I would probably add using tags on resources and resource groups (and the default behaviours that come from that), especially as it relates to running queries and generating reports for specific resources or resource types.

If you’re not already, make sure you understand how Log Analytics works, and what all the “Diagnostics” settings are on all the major Azure resources. You can start digging around in the “How-to guides” of the Azure Log Analytics documentation.

This section would also include being able to configure/use the costing and analysis tools, like Azure Advisor. Understanding when to use that service, how to configure it, and how interpret the results will be very useful for this exam. Knowing what your choices are for filtering the results in the cost analysis tools, and how they connect to things like tags and subscriptions will also be helpful.

Azure Advisor documentation

Implement and manage storage (5-10%)

  • Configure Azure Files
    May include but not limited to

o   Create Azure file share

o   Create Azure File Sync service

o   Create Azure sync group

o   Troubleshoot Azure File Sync

This section really focuses on understanding how to configure the Files service in a storage account. Specifically, really get to know and love the Azure File Sync service. This is a relatively new-ish service, and is something that is designed to scratch a very specific itch. It’s very possible that you may not have had need to use that service, which means your knowledge here could be light.  A good place to start would be Planning for an Azure File Sync deployment, and Deploy Azure File Sync.

Configure and manage virtual networks (15-20%)

  • Create connectivity between virtual networks
    May include but not limited to

o   Create and configure VNET peering

o   Create and configure VNET to VNET

o   Verify virtual network connectivity

o   Create virtual network gateway

  • Configure name resolution
    May include but not limited to

o   Configure Azure DNS

o   Configure custom DNS settings

o   Configure DNS zones

This topic is the one that I felt might require the least amount of extra work to prepare for. If you are working with the Azure IaaS services, then you should be pretty good with DNS. If you haven’t done a lot of work the Azure DNS specifically, then taking a bit of time to familiarize yourself with the differences between Public DNS zones and Private DNS zones, the common record types and delegations (i.e. common DNS management tasks), should put you in good stead.

As for the connectivity between virtual networks—there’s not a lot new in this space, and this is covered pretty well in the existing training materials. An area that might throw a spanner into the works for some people might be understanding how this connectivity works when you have multiple VNets (i.e. how do you create routes, rather than a big mesh). You can use VNets peering and custom routes, or you can use VNET to VNET. Know how to do either, and understand how data is going to flow with default settings.

If you want more information about the peering options, you might want to start with the Virtual Network Peering documentation.

Manage Identities (15-20%)

  • Manage Azure Active Directory
    May include but not limited to

o   Add custom domains

o   Configure Azure AD Identity Protection

o   Azure AD Join

o   Enterprise State Roaming

o   Configure self-service password reset

o   Implement conditional access policies

o   Manage multiple directories

o   Perform an access review

  • Implement and manage hybrid identities
    May include but not limited to

o   Install and Configure Azure AD Connect

o   Configure federation and single sign-on

o   Manage Azure AD Connect

o   Manage password sync and writeback

This is an area that I didn’t stress over when questions from here appeared, but I also do quite a bit with this because I spend a lot of time configuring these things for Office 365.  Assuming that you have some experience with Azure AD setup and configuration, as well as Azure AD Connect, you really will want to make sure you fill in your gaps. For example, if you’re strong on setting up federation, you’ll probably be in good shape for that, but you might want to make sure you have a good understanding of how to configure Pass-through configuration.

Another area that I suspect may trip people up will be the Azure AD Identity Protection and Conditional Access Policies.  These services are straightforward to configure (imho), but if you’ve not had the need to use them, then taking a bit of time to make sure you understand what each one does, why you want it, and how to configure it will make a big difference.

Part 2 will cover the content from AZ-101.


Apparently You Can Fix Stupid . . .

Ever heard the saying “You can’t fix stupid”? Apparently, in some cases you can.

When working with an Azure virtual machine (VM), it is possible to disable the network card in the VM. Which will promptly cause your connection to the VM to stop, making it very hard to fix the problem that you just created.

I haven’t done this myself (at least not yet, I’m sure I will), but I can see how it can easily happen.  My friend Kyle, aka Windows PC Guy,  must have “had a friend who did this”, and he was kind enough to post how to fix it. Thanks Kyle!

Windows PC Guy » So you disabled the network connection on your Microsoft Azure virtual machine….


PowerShell Pitfalls for Managing Multiple Azure Accounts

Or PPMMAA for short . . .

Many (Most?) of the PowerShell and scripting examples for Azure management via PowerShell start with a command sequence that looks like either this:


Or this:


In either case, when you are finished and you run


You get a result set that looks like this:

If you look closely at the output you’ll notice that in addition to the expected properties for each subscription, like “SubscriptionName” and “SubscriptionId” there are two unloved little properties near the bottom of the list for each subscription “IsCurrent” and “IsDefault”. These two are important to use when are using the Microsoft Azure PowerShell console for Azure Management.

Basically, anytime you run an Azure management cmdlet, unless it has a switch that allows you to manually set an account or subscription to run against, ANNNNNDDDDD you happen to use that switch to specify a subscription, any cmdlet you run will execute against the current subscription, i.e. the one that has “IsCurrent: True”. By default, the subscription that has the “IsDefault” property equal to “True” will be the current account. (Funny how that works out, eh?). Which is all well and groovy if you happen to be managing VMs, networks and services in that subscription.

But James, what if I don’t want to manage that subscription? I need to manage one of the others. What shall I do?

Fortunately, we have the means to change the current and default subscriptions. And it is fairly easy to do.

The basic syntax to change the focus to a particular subscription is as follows:

Select-AzureSubscription -Name <SubscriptionName> -Current

The focus for your Azure cmdlets will now be on that subscription until you change it by using the Select-AzureSubscription or until you close the PowerShell console you’re working in. A new console will load up the default subscription as the focus

If you would like a particular subscription to be one that is the defaults in the future, it would be this:

Select-AzureSubscription -Name <SubscriptionName> -Default

After you have ran these cmdlets, run the Get-AzureSubscription cmdlet again to verify that the subscription you identified has now been set as either the current or default subscription. Once it is you are now free to go ahead and manage away!


Aussie! Aussie! Aussie! Joy! Joy! Joy!

If you’re interested in Microsoft’s cloud offerings, then you’ve probably been aware that they have been building two Australia datacentres for their cloud services (Azure and Office365). The good news is that they went live over the weekend. You can now choose Australia East and Australia Southeast as Azure locations. Now, what this will mean for NZ based Azure clients remains to be seen. Time will tell how services hosted in these datacentres will perform, especially around provisioning and management. If you’ve spent any time with Azure you’re aware that not all datacentres are created equal, or at least they don’t appear that way. I’m hoping that response is closer to what I get when I use US/Europe locations and less like what I get when I use Asia locations.

But before all you down under cloud subscribers rush out to change the location of your storage accounts, vms, services etc., remember that not all parts of Azure get rolled out across all locations at the same time. Here’s a quick example.  Below you can see that I ran the get-azurevmimage PowerShell cmdlet to see what VM images are available to me to create virtual machines. I didn’t really care what the images are, I just wanted to see how many there were.  Then I ran the command again and added a filter to make sure that I only included images that are available in either of the two Australia locations.  There’s about a third of the VM Images that are not available in the Australia locations.

Now, what exactly does this mean for you? It depends. Maybe nothing. Maybe everything. But it might be worth taking a look around the details of the resources and features before you start moving stuff over willy-nilly. Doubly so if you are script and preview feature dependent in your Azure consumption. Measure twice, cut once.

However, on the whole I think this will be a good think for Microsoft’s cloud customers in this neck of the woods. For both technical and non-technical reasons. To find out how Microsoft NZ thinks this will benefit NZ customers, click here:







Adding .Net 3.5 SP1 to an Azure VM through the Back Door.

If you’ve been working with Windows Server 2012/2012 R2 you might have noticed that you need the CD/install files handy if you want to install .NET 3.5. Which causes problems if you need that feature on an Azure VM. After a bit of digging I found this in the MSDN forums, and it has proven to be handy. I haven’t tried it enough to say that it is foolproof, but if you’re having this issue it’s worth a shot.

1. Go to Windows Update through the Control Panel.

2. Click “check for update” on the left side. It may take a while to check for the update like it did on my machine. (~5-10 min)

3. Click the “# important update is available” blue button next.

4. On the next screen you will be shown important updates that are ready to be installed. You should have an update called “Update for Microsoft .NET Framework 3.5 for x64-based Systems (KB3005628)”. With that update checked, click install on the bottom. There will be other updates available to you as well. I haven’t thoroughly tested for any combinations that specifically do/don’t work, so try at your own risk!

Assuming that update successfully install, lets go back to Server Manager and try the installation.

1 Go back to your Server Manager and in the top right corner click Manage -> Add Roles and Features.

2. Click next 4 times until you get to Features. Once in features check the box for “.NET Framework 3.5 Features” and then click next on the bottom.

3. On the next page if you see the yellow warning box to specify an alternate source path, just click ‘x’ to dismiss it. On the bottom of the page then, click install. If all goes well you should eventually see that installation succeeded.

If you’d like more detail on the why’s and wherefores:

UPDATE:  Here’s an blog by an Aussie friend of mine that addresses a this issue in a non-Azure environment.

If you’re fighting this battle, definitely worth a read.

How to get the latest OS image in your Azure deployment scripts

Get-AzureVMImage | where-object { $_.Label -like "Windows*" } | where { $_.Location.Split(";") -contains "West US"} | Sort-Object -Property PublishedDate | Format-List PublishedDate, Label, ImageName


via How to make sure you always have the latest OS image in your Azure deployment scripts – The Windows HPC Team Blog – Site Home – TechNet Blogs. This is a trap for new players that can have you pulling your hair out!



Here’s a slightly different bit of code, especially helpful if you happen to know the OS you want.  This makes it a re-usable function, so for a complex script that needed to create multiple VMs, you could call this as needed, adjusting for what OS you needed each time. In the example below, the function is called to populate a variable, $winimage, that would be used somewhere else in the script to create an Azure VM.

function getLatestVMImage($imageFamily)
    $images = Get-AzureVMImage |
    where { $_.ImageFamily -eq $imageFamily } |
    Sort-Object -Descending -Property PublishedDate
    $latestImage = $images[0].ImageName
    return $latestimage

$winimage = getLatestVMImage(“Windows Server 2012 Datacenter”)

Very Slick! Thank you Enrique Lima for sending this around.