Cloud: AWS & Azure

5 days

Course includes Azure Administrator Associate AZ-104 and content from Azure Network Engineer Associate AZ-700, and Azure Security Engineer Associate AZ-500

This Hands-On Course will help IT Professionals ramp with Azure. The core of the class will be the Azure Administrator course content, which has some coverage of Security and Networking. But this 5-day class will also include vital content & labs from the Network Engineer and Security Engineer course to give students a good Azure foundation in one week.

You will learn to demonstrate key skills to configure, manage, secure, and administer key professional functions in Microsoft Azure. The hands-on course includes implementing, managing, and monitoring an organization’s Azure environment. You also learn to coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.

Network Engineer topics include optimizing performance, resiliency, scale, and security of Azure networking solutions. Also, you will learn to proactively monitor network environments to identify issues and minimize risk as well as identify and resolve connectivity issues.

Security Engineer topics include implementing, managing, and monitoring security for resources in Azure, multi-cloud, and hybrid environments as part of an end-to-end infrastructure by using Microsoft Defender for Cloud and other tools.

Course Outline

Identity
In this module, you will learn how to secure identities with Azure Active Directory, and implement users and groups.
• Azure Active Directory
• Users and Groups
• Manage Azure Active Directory Identities

After completing this module, students will be able to:
• Secure and manage identities with Azure Active Directory.
• Implement and manage users and groups.

Governance and Compliance
In this module, you will learn about managing your subscriptions and accounts, implementing Azure policies, and using Role-Based Access Control.
• Subscriptions and Accounts
• Azure Policy
• Role-based Access Control (RBAC)
• Manage Subscriptions and RBAC
• Manage Governance via Azure Policy

After completing this module, students will be able to:
• Implement and manage Azure subscriptions and accounts.
• Implement Azure Policy, including custom policies.
• Use RBAC to assign permissions.

Azure Administration
In this module, you will learn about the tools an Azure Administrator uses to manage their infrastructure. This includes the Azure Portal, Cloud Shell, Azure PowerShell, CLI, and Resource Manager Templates. This module includes:
• Azure Administrator Tools
• ARM Templates
• Manage Azure resources by Using ARM Templates
• Manage Azure resources by Using Azure PowerShell (optional)
• Manage Azure resources by Using Azure CLI (optional)
• Manage Azure resources by Using the Azure Portal

After completing this module, students will be able to:
• Use the Azure Portal and Cloud Shell.
• Use Azure PowerShell and CLI.
• Use ARM Templates to deploy resources.

Virtual Networking
In this module, you will learn about basic virtual networking concepts like virtual networks and subnetting, IP addressing, network security groups, Azure Firewall, and Azure DNS.
• Virtual Networks
• Network Security groups
• Azure Firewall
• Azure DNS
• Implement Virtual Networking

After completing this module, students will be able to:
• Implement virtual networks and subnets.
• Configure network security groups.
• Configure Azure Firewall.
• Configure private and public DNS zones.

Intersite Connectivity
In this module, you will learn about intersite connectivity features including VNet Peering, Virtual Network Gateways, and Site-to-Site Connections.
• VNet Peering
• VPN Gateway Connections
• ExpressRoute and Virtual WAN
• Lab : Implement Intersite Connectivity

After completing this module, students will be able to:
• Configure VNet Peering.
• Configure VPN gateways.
• Choose the appropriate intersite connectivity solution.

Network Traffic Management
In this module, you will learn about network traffic strategies including network routing and service endpoints, Azure Load Balancer, and Azure Application Gateway.
• Network Routing and Endpoints
• Azure Load Balancer
• Azure Application Gateway
• Network Watcher
• Implement Traffic Management

After completing this module, students will be able to:
• Configure network routing including custom routes and service endpoints.
• Configure an Azure Load Balancer.
• Configure an Azure Application Gateway.
• Configure Network Watcher.

Azure Storage
In this module, you will learn about basic storage features including storage accounts, blob storage, Azure files and File Sync, storage security, and storage tools.
• Storage Accounts
• Blob Storage
• Storage Security
• Azure Files and File Sync
• Managing Storage
• Manage Azure storage

After completing this module, students will be able to:
• Create Azure storage accounts.
• Configure blob containers.
• Secure Azure storage.
• Configure Azure files shares and file sync.
• Manage storage with tools such as Storage Explorer.

Azure Virtual Machines
In this module, you will learn about Azure virtual machines including planning, creating, availability and extensions.
• Creating Virtual Machines
• Virtual Machine Availability
• Virtual Machine Extensions
• Manage virtual machines

After completing this module, students will be able to:
• Plan for virtual machine implementations.
• Create virtual machines.
• Configure virtual machine availability, including scale sets.
• Use virtual machine extensions.

PaaS Compute Options
In this module, you will learn how to administer serverless computing features like Azure App Service, Azure Container Instances, and Kubernetes.
• Azure App Service Plans
• Azure App Service
• Container Services
• Azure Kubernetes Service
• Implement Web Apps
• Implement Azure Kubernetes Service
• Implement Azure Container Instances

After completing this module, students will be able to:
• Create an app service plan.
• Create a web app.
• Implement Azure Container Instances.
• Implement Azure Kubernetes Service.

Data Protection
In this module, you will learn about backing up files and folders, and virtual machine backups.
• File and Folder Backups
• Virtual Machine Backups
• Implement Data Protection

After completing this module, students will be able to:
• Backup and restore file and folders.
• Backup and restore virtual machines.

Monitoring
In this module, you will learn about monitoring your Azure infrastructure including Azure Monitor, alerting, and log analytics.
• Azure Monitor
• Azure Alerts
• Log Analytics
• Lab: Implement Monitoring

After completing this module, students will be able to:
• Use Azure Monitor.
• Create Azure alerts.
• Query using Log Analytics.

Introduction to Azure Virtual Networks
• Explore Azure Virtual Networks
• Configure public IP services
• Exercise: Design and implement a virtual network in Azure
• Design name resolution for your virtual network
• Exercise: Configure domain name servers settings in Azure
• Enable cross-virtual network connectivity with peering
• Exercise: Connect two Azure virtual networks using global virtual network peering
• Implement virtual network traffic routing
• Configure internet access with Azure Virtual NAT

Design and implement network security
• Get network security recommendations with Microsoft Defender for Cloud
• Deploy Azure DDoS Protection by using the Azure portal
• Exercise: Configure DDoS Protection on a virtual network using the Azure portal
• Deploy Network Security Groups by using the Azure portal
• Design and implement Azure Firewall
• Exercise: Deploy and configure Azure Firewall using the Azure portal
• Secure your networks with Azure Firewall Manager
• Exercise: Secure your Virtual Hub using Azure Firewall Manager
• Implement a Web Application Firewall

Design and implement network monitoring
• Monitor your networks using Azure Monitor
• Exercise: Monitor a load balancer resource using Azure monitor
• Monitor your networks using Azure Network Watcher

Manage security controls for identity and access
• Microsoft cloud security benchmark: Identity management and privileged access
• What is Microsoft Entra ID?
• Secure Microsoft Entra users
• Create a new user in Microsoft Entra ID
• Secure Microsoft Entra groups
• Recommend when to use external identities
• Secure external identities
• Implement Microsoft Entra Identity Protection
• Microsoft Entra Connect
• Microsoft Entra Cloud Sync
• Authentication options
• Password hash synchronization with Microsoft Entra ID
• Microsoft Entra pass-through authentication
• Federation with Microsoft Entra ID
• What is Microsoft Entra authentication?
• Implement multifactor authentication (MFA)
• Kerberos authentication
• New Technology Local Area Network Manager (NTLM)
• Passwordless authentication options for Microsoft Entra ID
• Implement passwordless authentication
• Implement password protection
• Microsoft Entra ID single sign-on
• Implement single sign-on (SSO)
• Integrate single sign-on (SSO) and identity providers
• Introduction to Microsoft Entra Verified ID
• Configure Microsoft Entra Verified ID
• Recommend and enforce modern authentication protocols
• Azure management groups
• Configure Azure role permissions for management groups, subscriptions, resource groups, and resources
• Azure role-based access control
• Azure built-in roles
• Assign Azure role permissions for management groups, subscriptions, resource groups, and resources
• Microsoft Entra built-in roles
• Assign built-in roles in Microsoft Entra ID
• Microsoft Entra role-based access control
• Create and assign a custom role in Microsoft Entra ID
• Zero Trust security
• Microsoft Entra Privileged Identity Management
• Configure Privileged Identity Management
• Microsoft Entra ID governance
• Identity lifecycle management
• Lifecycle workflows
• Entitlement management
• Delegation and roles in entitlement management
• Access reviews
• Configure role management and access reviews by using Microsoft Entra ID governance
• Implement Conditional Access policies for Cloud Resources in Azure
• Azure lighthouse overview

Manage Microsoft Entra application access
• Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants
• Manage app registrations in Microsoft Entra ID
• Configure app registration permission scopes
• Manage app registration permission consent
• Manage and use service principals
• Manage managed identities for Azure resources
• Recommend when to use and configure a Microsoft Entra Application Proxy, including authentication

Back to top

---