Skip to main content

Implement and Monitor Azure Infrastructure (AZ-303)


Intro Video

Photo of James Lee

James Lee

Training Architect







Hands-on Labs


Course Details

Whether you are aiming to take the AZ-303 exam, or simply wanting to develop your solution architecture and implementation skills, this course can help you.

Throughout this course, we cover several important and foundational Azure services. We provide experience implementing and architecting Azure infrastructure and monitoring.

This course provides:

Understanding of important Azure services Hands-on implementation experience Important design and implementation tips

Once you've completed this course, you'll have experience in implementing a range of Azure technologies, including:

Azure Active Directory Identity security and access control Virtual networking and compute Azure storage services Foundational security Monitoring and diagnostics

Please be aware that this course is part of a learning path. If you are interested in passing the AZ-303 exam, see the lesson on Learning Paths.


Getting Started

Course Introduction


Lesson Description:

This course will help you learn more about implementing and monitoring Azure solutions and help you on your way to becoming an Azure Solution Architect. Through a range of video lessons, hands-on labs, and additional content, we cover:Selecting the right service for the right job. Implementing fundamental Azure services. Implementing advanced solutions, including integrated, highly-available, and automated deployments. Leveraging Azure AD identity. Monitoring Azure solutions.This course can be consumed by itself or as part of the AZ-303 learning path. Important Note This course is structured to build on fundamentals up to more complex topics. However, this is a professional level course, and as such, it is expected that students are already familiar with Azure concepts, technologies, and tools.

About Learning Paths


Lesson Description:

This course is one of several that make up a learning path for the AZ-303 Microsoft Azure Architect Technologies exam. Students are welcome to take this course by itself, but for those interested in going on to take the AZ-303 exam, it's a good idea to follow the learning path below:Implement and Monitor Azure Infrastructure Implement Management and Security Solutions in Azure Implement Solutions for Apps in Azure (coming soon) Implement and Manage Data Platforms in Azure (coming soon) Preparing for the AZ-303 Microsoft Azure Architect Technologies Exam (coming soon)

Course Support and Feedback


Lesson Description:

We are very passionate about providing everything needed to be successful on this learning journey. In this lesson, we provide a quick overview of the many tools available to access support as well as provide feedback. If you experience any issues with the content, please contact me directly with the details. Course Support: Linux Academy Support: James Lee: Course Feedback: Are you enjoying the content? Please leave a thumbs-up*! Have concerns or suggestions? Please contact me directly or leave comments with a *thumbs-down, and I will reach out to address any issues!

About the Training Architect


Lesson Description:

G'day, everyone! Thanks for joining me. My name is James Lee, and I'll be the training instructor for this Azure course. I'm excited to be a part of your learning journey. Author Social Media Feel free to connect!Twitter: @jamesdplee LinkedIn: James Lee

Azure Active Directory

Azure Active Directory (AD)


Lesson Description:

Azure Active Directory (AD) provides us with a range of identity and access management (IAM) functionality, through a fully managed cloud service. Cloud-based identity management is increasingly important as our users now work from a variety of locations and personal devices, and access applications in the cloud. Traditionally, all access has been from organization-controlled devices, at fixed locations, to applications that we manage. In this new world, Azure AD helps us to centralize identity management, provides our users with simplified experiences (for example, single sign-on), and so on.

Implementing Azure AD


Lesson Description:

In this lesson, we'll walk through:The relationship between Azure AD and Azure Subscriptions Creating an Azure AD tenant Managing and changing Azure AD tenants Configuration a custom domain for Azure AD

Virtual Networking

Virtual Networks


Lesson Description:

Virtual networks (VNets) are a core part of many modern cloud solutions. They provide an isolated networking space for private connectivity. In this lesson, we will discuss:The purpose of a VNet Configuration of a VNet and subnets Important configuration and connectivity considerations

Configuring Virtual Networks


Lesson Description:

In this lesson, we'll use PowerShell to configure a new virtual network. PowerShell Script

$rgName = "vnet1-rg"
$location = "Australia Southeast"

# Create a resource group
New-AzResourceGroup -Name $rgName -Location $location

# Create the virtual network
$vnet1 = New-AzVirtualNetwork -Name "vnet1" `
    -ResourceGroupName $rgName `
    -Location $location `
    -AddressPrefix ""

# Create a subnet, and add it to the new virtual network
Add-AzVirtualNetworkSubnetConfig -Name "subnet1" `
    -AddressPrefix "" `
    -VirtualNetwork $vnet1

Set-AzVirtualNetwork -VirtualNetwork $vnet1

Virtual Network Routing and Connectivity


Lesson Description:

An important part of working with virtual networks (VNets), is understanding and managing the pathways between networks. In this lesson, we'll discuss:Default routes Custom routes (user-defined routes) Important considerations

Virtual Machines

Virtual Machines


Lesson Description:

Virtual machines (VMs) are much more than just a replacement for traditional on-premises computing. They can be used in high-performance-compute, scalable modern solutions, and much more. Within this lesson, we'll get started with VM fundamentals, and will create a VM within the Azure portal. We'll discuss:Purpose of a virtual machine Key properties and components Creation of a virtual machine

Virtual Machine Sizes


Lesson Description:

In this lesson, we'll discuss:Purpose of virtual machine sizes Less obvious considerations (such as NIC/storage performance) Virtual machine size families

Virtual Machine Storage


Lesson Description:

In this lesson, we'll discuss the different types of storage available to use with virtual machines. This lesson will cover:Operating System (OS) disks Temporary disks Data disks Ephemeral OS disksWe'll wrap things up by using Azure CLI to create and attach a disk for a virtual machine. Azure CLI Script

# Add a data disk to an existing VM using Azure CLI


# Create a new disk
az disk create --name "vm1-data1-disk" 
    --resource-group $rgName 
    --location "Australia Southeast" 
    --size-gb 10

# Add disk to existing VM
az vm disk attach --vm-name $vmName 
    --name $diskName 
    --resource-group $rgName

Virtual Machine Storage Performance


Lesson Description:

When implementing storage for virtual machines, it's important to understand the factors which can influence performance. In this lesson, we'll discuss:Disk caching Performance tiers

Storage Accounts

Azure Storage: Part 1


Lesson Description:

This is a two-part lesson on Azure storage, where we will gain an understanding of Storage Accounts, and the core Azure storage services. Within this first part, we'll discuss:Azure storage services (Files, Tables, Queues, Blobs) The hierarchy of Azure storage services Properties of a storage account

Azure Storage: Part 2


Lesson Description:

In this final part of our two-part lesson on Azure storage, we will discuss:How to create a storage account with PowerShell Storage account propertiesPowerShell Script

# Create an Azure Storage Account using PowerShell

$rgName = "store1-rg"
$storeName = "jlabstore01"
$location = "Australia Southeast"

# Create a resource group
New-AzResourceGroup -Name $rgName -Location $location

# Create a new Storage Account
New-AzStorageAccount -Name $storeName `
    -ResourceGroupName $rgName `
    -Location $location `
    -Kind StorageV2 `
    -SkuName Standard_GRS `
    -AccessTier Hot

Storage Account Connectivity


Lesson Description:

Storage accounts are built for public accessibility by default, and so it is important to understand how that connectivity works, and how it can be changed. Within this lesson, we'll discuss:Public endpoints Storage account firewalls Network integration

Storage Account Security


Lesson Description:

Storage accounts can be secured at the network, management, and data layer. Within this lesson, we will focus on:Storage account access controls Using and managing access keys Configuring shared access signatures (SAS)

Azure Blob Storage: Part 1


Lesson Description:

Azure blob storage is an object-oriented storage solution built for scale. Within part 1 of this lesson, we'll discuss:The purpose of blob storage Blob storage architecture Blob types (block, append, page)

Azure Blob Storage: Part 2


Lesson Description:

In this second part of our two-part lesson on blob storage, we take a hands-on look at several important considerations, including:Folder hierarchy Container access levels Static websites Custom domains Access tier

Azure Files


Lesson Description:

Azure Files is a file-level sharing solution, fully managed by Microsoft. Within this lesson, we'll discuss:The purpose of Azure files Azure Files hierarchy Azure Files connectivity (SMB and REST)

Integrated Networking

VNet Peering


Lesson Description:

Virtual Network (VNet) Peering is a purpose-built service that supports connectivity between VNets. In this lesson, we'll discuss:How VNet Peering works Benefits and limitations of VNet Peering How to configure VNet Peering

VNet-to-VNet Connectivity


Lesson Description:

When working with virtual network connectivity, it's important to understand that there are different methods for establishing interconnectivity, as well as more advanced configuration. Within this lesson, we will discuss:VNet Peering vs. VPN Gateways Advanced VNet Peering configuration: Allow forwarded traffic Allow gateway transit Use remote gateway

Service Endpoints


Lesson Description:

Service Endpoints help provide secure connectivity between resources within a virtual network and Azure platform services. Within this lesson, we will discuss:Service endpoint connectivity Key considerations and limitations Service endpoint configuration using Azure CLIAzure CLI Script

# Configure service endpoints using Azure CLI


# List services that support service endpoints 
az network vnet list-endpoint-services -o table 
    --location "Australia Southeast"

# Add a service endpoint for Microsoft.Storage 
az network vnet subnet update --name $subnetName 
    --vnet-name $vnetName 
    --resource-group $rgName 
    --service-endpoints "Microsoft.Storage"

Private Link


Lesson Description:

Private Link is a service which helps to provide secure connectivity between resources in a virtual network, and others on the Microsoft platform. In this lesson we'll discuss:The core features of Private Link Private Link architecture: Private Endpoints Connected Resources Private Link ServiceKey features and capabilities

Virtual Machines

Virtual Machine High Availability


Lesson Description:

This lesson covers several concepts on the architecture of highly available solutions, which leverage virtual machines. We'll discuss:Outage scenarios Microsoft global infrastructure Highly available virtual machines

Virtual Machine Availability Sets


Lesson Description:

Virtual machine Availability Sets help us to protect against outages within an Azure datacenter. Within this lesson, we'll discuss:How Availability Sets work Fault domains and update domains Configuration of an Availability Set with virtual machines Distribution of virtual machines within an Availability Set

Virtual Machine Scale Sets: Part 1


Lesson Description:

Virtual Machine Scale Sets (VMSS) provide us with the ability to automatically scale out a solution based on demand. Within this first lesson of this two-part series, we will discuss:Functionality of VMSS Key configuration items

Virtual Machine Scale Sets: Part 2


Lesson Description:

In this second part of our two-part series on VMSS, we will focus on the configuration of VMSS within the portal. We'll cover off:Configuration Autoscale profiles Autoscale scale-in policy

Virtual Machine Dedicated Hosts


Lesson Description:

Virtual machine (VM) dedicated hosts are a feature within Azure, which enables greater control and isolation for virtual machines you deploy. Within this lesson, we'll discuss:VM dedicated host features and benefits Dedicated hosts, and host groups Configuration of dedicated hosts within the Azure Portal

Azure Disk Encryption


Lesson Description:

Azure Disk Encryption (ADE) is a boot and data volume-level encryption that helps protect your data from theft. In this lesson we will discuss:Benefits and features of ADE Architecture and key services Configuration of ADE and Key Vault using PowerShell

# Configure Azure Disk Encryption using PowerShell

$rgName = "vmencrypt1-rg"
$kvName = "jlabkeyvault01"
$location = "Australia Southeast"

# Create and configure a Key Vault
$keyVault = New-AzKeyvault -Name $kvName `
    -ResourceGroupName $rgName `
    -Location $location -EnabledForDiskEncryption

# Enable Azure Disk Encryption
Set-AzVMDiskEncryptionExtension -VMName "vm01" `
    -ResourceGroupName $rgName `
    -DiskEncryptionKeyVaultUrl $keyVault.VaultUri `
    -DiskEncryptionKeyVaultId $keyvault.ResourceId

Storage Accounts

Storage Account Replication


Lesson Description:

This lesson builds upon previous discussions by taking a more detailed look at storage account replication. We'll cover important details such as:Replication considerations (synchronous/asynchronous and read-access) Failure scenarios for storage Storage account failoverWe'll also perform a manual storage account failover within the Azure Portal.

Azure AD Authentication for Storage Accounts


Lesson Description:

Using Azure AD authentication for storage, we're able to provide better security for our solutions. Within this lesson we'll discuss:How Azure AD authentication is used Registration of applications within Azure AD OAuth 2.0 token exchange User Delegation SAS

Automated Deployments

Azure Resource Manager (ARM) Templates


Lesson Description:

In this lesson we'll discuss:Infrastructure as code ARM template structure An example ARM templateHelpful LinksBuild and Deploy Azure Template Azure Quickstart Templates - Github

Working with ARM Templates


Lesson Description:

In this lesson, we're going to discuss how to use ARM Templates. We'll cover topics such as:Deploying with Azure CLI Deployment modes ARM Templates and Parameters files Managing deployments Exporting templates Template management within the Azure PortalAzure CLI Commands

# Standalone deployment
az deployment group create 
    --name "deployvm" 
    --resource-group “prod-vm1-rg” 
    --template-file “vmdeploy.json"

# With parameters file
az deployment group create 
    --name "deployvm" 
    --resource-group "dev-vm1-rg" 
    --template-file "vmdeploy.json" 
    --parameters "@devparams.json"

Managed VM Images


Lesson Description:

Creating your own custom virtual machine image can be a powerful tool in various solutions you build. Whether for simple standardization and governance or advanced autoscaling solutions. Within this lesson we'll discuss:The purpose of managed virtual machine images How to create a custom image Configuring a custom Windows image within the Azure Portal

Azure Automation Runbooks


Lesson Description:

Part of the powerful Azure Automation service, Automation Runbooks provides the ability to automate scripts and workflows. Within this lesson we'll discuss:Process orchestration and automation with Runbooks Key components of the Azure Automation service Configuration of a sample workbook within the Azure Portal

Azure Active Directory Services

Azure AD Self-Service Password Reset


Lesson Description:

Azure AD Self-Service Password Reset (SSPR) is a powerful tool to help improve identity security and minimize administrative overheads of user password management. In this lesson we'll discuss:The purpose of Azure AD SSPR Key configuration requirements Configuration within the Azure Portal Considerations for hybrid environments

Azure Multi-Factor Authentication


Lesson Description:

Azure has advertised that multi-factor authentication (MFA) can prevent 99.9 percent of attacks on accounts. So it is safe to consider this an important service. In this lesson we'll discuss:How Azure MFA works Configuration of Azure MFA, including: Enabling MFA Enrollment for end-users Verification methods Trusted IPs Fraud alerts Bypass optionsHelpful Links:Features and Licenses for Azure MFA

Azure AD Identity Protection


Lesson Description:

There can be many threats against the security of identities we manage, including leaked credentials, remote hackers, etc. Within this lesson, we'll discuss how Azure AD Identity Protection is a great tool to protect against these various threats. We will cover:Azure AD Identity Protection overview Licensing requirements Protected risk events Sign-in risk policies User risk policiesWe'll take a look at the configuration of risk policies within the Azure Portal.

Azure AD Conditional Access


Lesson Description:

When architecting solutions that protect identity security, we know that there is always a balance to strike. To help get the balance right, we can use Azure AD Conditional Access. This provides us the ability to configure different security policies for different scenarios. Within this lesson, we'll discuss:What Azure AD Conditional Access is used for The key components, including signals, decisions, and enforcement Configuration of a Conditional Access Policy

Hybrid Identities

Hybrid Identities with Azure AD Connect


Lesson Description:

In this lesson, we will discuss Azure AD Connect and the three core authentication methods:Password hash synchronization (PHS) Pass-through authentication (PTA) Active Directory Federation Services (AD FS)Helpful linksMicrosoft: Choose the right authentication method

Implementing Azure AD Connect


Lesson Description:

As we discussed in the previous lesson, Azure AD Connect is a Microsoft solution that allows us to configure hybrid identities. In this lesson, we'll walk through a demonstration installation of Azure AD Connect using password hash sync (PHS). In this lesson, we will cover:Requirements for using Azure AD Connect Configuring Azure AD Connect with PHS How staging mode is configuredImportant tools and tips:Failing to use a routable domain for the user principal name (UPN) can result in login issues. Synchronization Service Manager allows management of the connectors and synchronization profiles. Synchronization can be triggered using: Start-ADSyncSyncCycle: PolicyType Initial option is for the initial sync PolicyType Delta is for differential syncIn staging mode, synchronization will run (both automatically or if you use the command) but will not do an actual export to Azure AD.


Monitoring in Azure: Part 1


Lesson Description:

As a solution architect, we need to understand that monitoring within Azure is possible through various different services. Within this lesson, we'll discuss:Azure Monitor capabilities Monitoring data (metrics and logs) Using monitoring data Diagnostic settings Differences in monitoring different sourcesThis is a two-part lesson. In the second part, we'll focus more on configuration and features within the Azure Portal. Helpful LinksSources of monitoring data in Azure Monitor Overview of the Azure Monitor agents

Monitoring in Azure: Part 2


Lesson Description:

In this final lesson of our two-part series on monitoring in Azure, we'll cover:Metrics explorer within Azure Monitor Diagnostic settings Archiving to storage Routing to Log Analytics Streaming to event hubsConfiguring monitoring for virtual machines Diagnostic settings Log Analytics agent

Activity Logs


Lesson Description:

Activity Log is a platform log that provides us with the ability to review different operations and activities occurring across our subscription. Azure AD audit logs are also platform logs; however, these are focused on AD tenant operations, such as service principal events and sign-ins. Within this lesson, we'll discuss:Activity Log Azure AD audit logs Diagnostic settings

Alerts and Action Groups


Lesson Description:

Azure Monitor provides a very versatile set of monitoring and alerts capabilities. Within this lesson, we will learn about:Action groups Alert managementWe'll walk through a demonstration alert rule that triggers an automation runbook.

Monitoring Service Health


Lesson Description:

Microsoft provides a range of detailed help information for you to help monitor and plan for Azure service issues. Within this lesson, we'll discuss:Azure status Azure service health Azure resource health Planned maintenance Alerts and monitoring

Monitoring Costs


Lesson Description:

Within this lesson, we'll discuss Azure Cost Management. Specifically, we'll walk through:Cost analysis capabilities Budgeting and alerts Azure cost advisorHelpful LinksReduce service costs using Azure Advisor Choose between Azure Cost Management and Cloudyn

Advanced Monitoring

Log Analytics Workspace


Lesson Description:

As a core part of the Azure Monitor solution, Log Analytics (also known as Azure Monitor Logs) provides a way to centralize log information from various sources to help provide deep diagnostics. Within this lesson, we will discuss:The key capabilities of Log Analytics How to create a Log Analytics Workspace How to connect data sources Log Analytics workbooks and queries Log Analytics query alertsHelpful LinksSources of data in Azure Monitor Overview of Azure Monitor agents

Monitoring Insights


Lesson Description:

Expanding upon previous lessons, we're now going to take a look at monitoring solutions. These are pre-packed solutions that include service-specific monitoring and diagnostics information. Within this lesson, we'll discuss:Azure Monitor for virtual machines Azure Monitor for networks Azure Monitor for containers Application InsightsWe'll also take a look within the portal at several of these, plus the Network Watcher service for network monitoring.

Monitoring Security


Lesson Description:

When architecting monitoring solutions for infrastructure, it's important to be aware of two key security monitoring services as well. Within this lesson, we'll walk through a high-level overview of the key features and implementation requirements for:Azure Security Center Azure SentinelHelpful LinksAZ-500: Microsoft Azure Security Technologies

Azure AD Connect Health


Lesson Description:

With hybrid identities often a critical service within many enterprises, it's important we understand how to monitor Azure AD Connect. Within this lesson, we'll discuss:Licensing requirements Synchronization monitoring AD FS monitoring AD DS monitoringHelpful LinksMonitoring AD FS with Azure AD Connect Health Monitoring AD DS with Azure AD Connect Health

The Next Course

What's Next


Lesson Description:

Congratulations! Please pat yourself on the back, and have some celebratory cake (or your treat of choice). You've earned it. What's Next? If you're looking to take the remaining AZ-303 learning path courses, you can find them below:Implement Management and Security Solutions in Azure (coming soon) Implement Solutions for Apps in Azure (coming soon) Implement and Manage Data Platforms in Azure (coming soon) Preparing for the AZ-303 Microsoft Azure Architect Technologies Exam (coming soon)Some other courses you may find helpful:Azure CLI Essentials Azure PowerShell Essentials

Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial