Skip to main content

Microsoft Azure Architect Technologies – Exam AZ-300


Intro Video

Photo of James Lee

James Lee

Training Architect







Hands-on Labs




Course Details

This course is designed to help you master the requisite skills required for the Microsoft Azure AZ-300 certification exam.

The AZ-300 exam is an expert level exam which tests candidates for advanced knowledge and experience working with various aspects of Microsoft Azure.

Throughout this course you will progressively build and expand upon both your knowledge, and hands-on experience working with Azure technologies including, but not limited to: infrastructure and operations, advanced and automated infrastructure, identity and security, hybrid cloud, and developing apps and services for the cloud.

NOTE: Microsoft is replacing the AZ-300 exam with the AZ-303 exam. The AZ-303 course is currently under development. In the interim, feel free to continue with the AZ-300 course, but please be aware that the content may contain outdated user interfaces.


Welcome to the Course

Course Introduction


Lesson Description:

This course will help you on your journey to becoming an Azure Solution Architect. Through a range of video lessons, hands-on labs, and other content, you will learn all the knowledge and skills required for the Microsoft AZ-300 exam. The AZ-300 exam tests both technical knowledge, and familiarity with the Azure management tools and services. This course is structured to help wiith both. Starting with a recap of Azure fundamentals, we will progressively build knowledge, skills, and intamacy with a range of Azure technologies. Important Note Whilst this course is structured to cater to different skill levels, AZ-300 is an expert level exam. As such it is expected that you will already be familiar with Azure concepts, technologies, and tools. Exam Update: Microsoft is replacing the AZ-300 exam with the AZ-303 exam. The AZ-303 course is currently under development. In the interim, feel free to continue with the AZ-300 course, but please be aware that the content may contain outdated user interfaces. Helpful SupportReach out to me directly with any questions or concerns; my passion is to help you be successful with Azure Join the Linux Academy Community Slack here and check out the #azure and #az-300 channels The Linux Academy Community provides you with access to like-minded students and staff who can help you learn!

About the Training Architect


Lesson Description:

G'day (as we say in Australia)! It's great to be with you. My name is James Lee, and I'll be your training architect for this course. I'm really excited to be helping you on your training journey. I'd love to hear from you, so please do feel welcome to reach out to me in community or Twitter @jamesdplee.

Using the Blueshift Guide


Lesson Description:

The Blueshift Guide is used throughout the AZ-300 course to help illustrate important concepts. You can use this interactive diagram whilst following along with lessons, and as as a study guide by itself. The Blueshift Guide:

Building the Basics

Azure Overview - Part 1


Lesson Description:

In this lesson we will discuss some of the core anatomy of Azure. In Part 1 our focus wil be on the subscription and services layer, and includes a refresher on subscriptions, resource groups, and the relationship with Azure AD Tenants.

Azure Overview - Part 2


Lesson Description:

In this lesson, we will take a look at the physical layer of Azure. This high-level overview provides a refresher on the composition of Azure in terms of geography and networking.

Getting Started with Virtual Networks


Lesson Description:

Starting off with a high-level refresher on Virtual Networks (VNet), this "getting started" lesson walks through the creation of our first VNet, which we will continue to use throughout the course.

Getting Started with Storage Accounts


Lesson Description:

In this lesson we will get an overview of Azure Storage Accounts. We have two main goals for this lesson:Provide a refresher on Storage Accounts Create a Storage Account we can use throughout the course

Getting Started with Virtual Machines


Lesson Description:

In this lesson we will get started with Virtual Machines. There are two main items we will focus on:A very high-level recap of Virtual Machines Creating our first Virtual Machine to use throughout this course

Virtual Networking



Lesson Description:

Subnets are an important part of virtual networking, as these are where most of the action occurs. In this lesson, we will take a look at subnet configuration, including the application of security and routing. Note: As this is the first lesson which uses the Cloud Shell, if you are following along in your own subscription you may need to configure your Cloud Shell storage for first time use. Commands used in this lesson:List existing vnets: az network vnet list --output table Create subnet: az network vnet subnet create -g vnet1rg --vnet-name vnet1 -n subnet2 --address-prefix more details on az commands, see:

Network Interfaces


Lesson Description:

A Network Interface (also referred to as a NIC) is an independent resource within Azure. It is through a NIC that we are able to provide connectivity to resources on the Virtual Network (VNet). In this lesson we will discuss and configure a NIC, including the important sub-configuration item: IP Configuration. Commands used in this lesson:Create a NIC: az network nic create -g vnet1rg --vnet-name vnet1 --subnet subnet1 -n nic1

Public and Private IPs


Lesson Description:

In this lesson we take a look at the two types of IP addresses: public and private. Within Azure, a public IP address is an independent resource which can be assigned to other network services, providing public accessibility. Private IP addresses, on the other hand, are typically sub-configuration items of various services themselves. Commands used in this lesson: Please note: Microsoft has updated PowerShell with a new, but very similar module for managing Azure. The concepts in this video are still correct. An update is planned to include the new PowerShell modules.Get NIC info: $nic1 = Get-AzureRmNetworkInterface -ResourceGroupName vnet1rg -Name nic1 Get public IP info: $pubip = Get-AzureRmPublicIpAddress -ResourceGroupName lab01rg -name pubip01 Get NIC IP Config: $nic1.ipconfigurations, $nic1.ipconfigurations[0] Get public IP of NIC IP configuration 0: $nic1.ipconfigurations[0].PublicIPAddress Assign public IP: $nic1.ipconfigurations[0].PublicIPAddress = $pubip Set updated configuration: Set-AzureRmNetworkInterface -NetworkInterface $nic1

Network Security


Lesson Description:

Network security within Azure Virtual Networks (VNets) is primarily achieved through the use of Network Security Groups (NSGs). In this lesson we'll discuss and configure NSGs, and specifically consider the following:The flow of traffic when no NSGs are applied The flow of traffic when an NSG is applied to a NIC The flow of traffic when an NSG is applied to a NIC and a subnetImportant note: It is important to be mindful of the differences between a public IP using the basic SKU, compared to the standard SKU as mentioned in the Public and Private IP Addressing lesson. When you use the basic SKU and use no NSGs, all traffic is allowed. When you use the standard SKU and use no NSGs, all traffic is denied.

VNet Routing and Connectivity


Lesson Description:

It is important to understand the default routing of traffic within Virtual Networks (VNets), as well as how this behaviour can be modified. In this lesson we'll discuss and configure custom routes within a VNet, and look at the effective routes for NIC.

Virtual Machines

VM Images


Lesson Description:

Within Azure it is not possible to perform an operating system (OS) installation. This is the first problem, which VM images help us to solve. In this lesson, we will take a look at both marketplace images and custom images, and discuss how they can be used and created. Commands used in this lesson: Please note: Microsoft has updated PowerShell with a new, but very similar module for managing Azure. The concepts in this video are still correct. An update is planned to include the new PowerShell modules.Get image publishers: Get-AzureRmVmImagePublisher -location australiasoutheast | select publishername Get image offer: Get-AzureRmVmImageOffer -Location australiasoutheast -publisher canonical | Select Offer Get image SKU: Get-AzureRmVmImageSku -Location australiasoutheast -Publisher canonical -Offer UbuntuServer | Select Skus Get image: Get-AzureRMVMImage -Location australiasoutheast -Publisher canonical -Offer ubuntuserver -Sku 16.04-lts | Select Version Set VM source image: Set-AzureRmVMSourceImage -PublisherName Canonical -Offer UbuntuServer -Skus 16.04-LTS -version latest

VM Storage


Lesson Description:

Within this lesson we will discuss VM storage, including managed and unmanaged disks, and the different performance tiers we can configure.

VM Extensions


Lesson Description:

VM extensions are lightweight applications or services which we can provision as a property of the VM itself. In this lesson we will discuss VM extensions, and consider the two main scenarios in which they are used; VM monitoring, and post-deployment configuration.

VM Networking


Lesson Description:

Through the use of network interface (NIC) we can provide a VM with connectivity to a Virtual Network. As we have already discussed the NIC separately, this lesson focuses on special considerations from the operating system perspective, and for the scenario when IP forwarding is required.

Storage Accounts

Storage Accounts


Lesson Description:

There are a number of important characteristics of the storage account which we need to be cognizant of as a solution architect. This lesson takes a detailed look at the main properties of a storage account, including the type/kind, performance tier, access tier, and replication options. Commands used in this lesson: Please note: Microsoft has updated PowerShell with a new, but very similar module for managing Azure. The concepts in this video are still correct. An update is planned to include the new PowerShell modules.Create storage account: New-AzureRmStorageAccount -ResourceGroupName lab01rg -AccountName lalabsa02 -Location australiaeast -Kind BlobStorage -SkuName Standard_GRS -AccessTier Hot Create storage account: New-AzureRmStorageAccount -ResourceGroupName lab01rg -AccountName lalabsa03 -Location australiaeast -Kind Storage -SkuName Standard_LRS

Storage Account Security


Lesson Description:

Within this lesson we focus on the main ways in which a storage account can be secured, including:Access Keys Account Shared Access Signatures (SAS) Service Shared Access Signatures (SAS)Whilst configuring and observing these in action, we will also consider some limitations of the SAS and how stored access policies can be used to help with their management.

Storage Account Networking


Lesson Description:

Storage accounts are publicly accessible by default. In order to manage security and help optimize network connectivity, there are two features of storage accounts we can configure:Storage account firewalls Service endpoints for Microsoft storageIn this lesson we will discuss and configure these networking features, and observe their impact through Storage Explorer. Commands used in this lesson:Configure service endpoint: az network vnet subnet update -g vnet1rg --vnet-name vnet1 -n subnet1 --service-endpoints "Microsoft.Storage"

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Resource Monitoring

Azure Monitor


Lesson Description:

Azure Monitor is Microsoft's collection of features and services for end to end management and monitoring of Azure services and resources. Within this lesson we will look at the different sources and types of monitoring data, as well as what we can do with the information. Important Note: this is an overview lesson to help demonstrate the different components of Azure Monitor. Microsoft have taken a range of services (which were once separate) and placed them within "Azure Monitor". This is an ongoing change by Microsoft, and so somethings can be quite complicated/messy. If you are following along, you may find some things (such as Log Analytics) are not yet setup. We will configure this in later videos within this section.

Activity Log


Lesson Description:

Activity Log provides us with the ability to review different operations and activities occurring across our subscription. Within this lesson we will look at the different types and sources of information visible within the Activity Log, and specifically some examples for a storage account.

Alerts and Action Groups


Lesson Description:

Within Azure Monitor is the ability to monitor for different conditions and alert when the criteria is met. In this lesson we will confiugre an alert end-to-end, and then look at how to manage alerts which have been triggered.

Log Analytics


Lesson Description:

Log Analytics is a service within Azure Monitor which enables us to store and query a range of different log data. In this lesson we will look at the functionality of Log Analytics, and get started with the creation of our first Log Analytics workspace.

Log Search


Lesson Description:

Following on from the previous lesson on Log Analytics, in this lesson we will take a look at how to perform queries on log data. Specifically we will consider the log query language, the schema of log data stored in our workspace, and how to save queries as a function for later re-use. Queries used in this lesson:AzureActivity | limit 50 AzureActivity | where OperationName == "Regenerate Storage Account Keys" AzureActivity | where Caller == ""

Managing Costs


Lesson Description:

Managing costs is an important part of every solution architect's job. In this lesson we look at three tips for managing costs.Azure Pricing Calculator - providing cost estimates and pricing information for resources Cost Analysis within the Azure Portal - providing detailed information on the cost of resources running in your subscription Azure Advisor - providing recommendations on how to optimize spend, specifically tailored to your subscription

Integrated Networking

VNet Peering


Lesson Description:

Virtual Networks (VNets) are isolated and private networks. By default, there is no connectivity between VNets. Resources in VNets can only talk to other resources in the same VNet, or publicly over the Internet. VNet Peering allows us to privately connect VNets together, so that resources can talk via private IP across VNets. In this lesson we will configure and test VNet Peering, as well as discuss a number of special configuration items and limitations. Commands used in this lesson:Create VNet peer: az network vnet peering create -g vnet1rg -n vnet1-to-vnet3-peer --vnet-name vnet1 --remote-vnet /subscriptions/xx-xx-xx/resourceGroups/vnet3rg/providers/Microsoft.Network/virtualNetworks/vnet3 --allow-vnet-access Create return VNet peer: az network vnet peering create -g vnet3rg -n vnet3-to-vnet1-peer --vnet-name vnet3 --remote-vnet /subscriptions/xx-xx-xx/resourceGroups/vnet1rg/providers/Microsoft.Network/virtualNetworks/vnet1 --allow-vnet-access

Virtual Machine High Availability

VM High Availability


Lesson Description:

This lesson provides an overview of the different options available to us to implement highly available VMs. Through this lesson we'll cover some of the high level concepts, services, and foundational knowledge. This helps set the stage for the remaining detailed lessons within this section. Helpful links:Understand SLA requirements for VM's:

VM Availability Sets


Lesson Description:

Availability Sets are an important tool which we use to ensure Virtual Machines are highly available. By placing VMs which serve the same purpose in to the same Availability Set, we're essentially asking Microsoft to help ensure they don't all go offline at the same time. In this lesson we'll learn about Availability Sets, Fault Domains, Update Domains, and how we use these to ensure that our solution remains highly available.

VM Scale Sets


Lesson Description:

Virtual Machine Scale Sets help us to achieve both high availability and dynamic elasticity. It's a very useful service when combined with load balancing, such as the Azure Load Balancer to Application Gateway. In this lesson we'll discuss and configure a VM Scale Set, including:The definition of the VM within our VM Scale Set Autoscaling and the different ways in which autoscale is configured

Load Balancing

Azure Load Balancer


Lesson Description:

For most highly-available (HA) solutions, the architecture includes multiple, duplicate resources, which actually serve the solution to end-users. This HA architecture should be transparent to them. An Azure Load Balancer helps achieve this, by providing a centralized address which users can access. User requests and replies are then transparently managed by the Azure Load Balancer. In this lesson, we confugre an Azure Load Balancer to make a VM Scale Set hosted website highly available.

Azure Application Gateway


Lesson Description:

Please be aware: Microsoft have updated the Azure Portal experience for creating an Application Gateway. This lesson is planned for an update. The concepts taught in this lesson are still correct, and you may continue to use this lesson whilst the update is developed. The Azure Application Gateway is used for routing and distributing web application traffic. While the Load Balancer operates only at layer 4, the Application Gateway operates at layer 7. Operating at layer 7 allows the Application Gateway to provide more advanced web application specific features. URL path-based forwarding, SSL offload, and protection against web application vulnerabilities and threats are some good examples. In this lesson, we will configure the Application Gateway to forward web traffic to a web application that is hosted on a VM Scale Set. Additionally we will configure path-based fowarding to leverage an additional VM.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Automated Deployments

Automated VM Deployments


Lesson Description:

Automated deployments are one of the many benefits of cloud. When we want to automate the deployments of Virtual Machines (VMs) within Azure, we do it using a combination of Azure Resource Manager (ARM) Templates, and tools such as PowerShell, CLI, or code. In this lesson you will become familiar with:Azure Resource Manager Templates The definition of a VM resource, including storage profile Where you can monitor deployments in the portal How to download ARM Templates from the portalCommands used in this lesson: Please note: Microsoft has updated PowerShell with a new, but very similar module for managing Azure. The concepts in this video are still correct. An update is planned to include the new PowerShell modules.New resource group: New-AzureRmResourceGroup -name deploytestrg -Location "Australia Southeast" Secure password: $pw = Read-Host "Enter Pass" -AsSecureString New deployment: New-AzureRmResourceGroupDeployment -ResourceGroupName deploytestrg -TemplateUri uri -adminUsername adm-jlee -adminPassword $pw

Azure Active Directory

Azure Active Directory


Lesson Description:

Azure Active Directory (AD) provides us with a range of identity and access management (IAM) functionality, through a fully managed cloud service. Cloud based IAM is increasingly important as our users now work from a variety of locations and personal devices, and access applications in the cloud. Traditionally, all access has been from organization-controlled devices, at fixed locations, to applications that we manage. In this new world, Azure AD helps us to centralize identity management, provides our users with simplified experiences (for example single sign-on), and so on. Through this lesson we will discuss Azure AD, the association with Azure subscriptions, and how to configure custom domains.

Azure AD Device Management


Lesson Description:

Managing devices within Azure AD helps us to achieve a range of functionality, such as:Access control using device details Improved user sign-in experience Improved user experience generally (using Enterprise State Roam) And much moreWithin this lesson, we'll discuss the three main ways of registering our devices within Azure AD. We'll also look at the configuration of Enterprise State Roam, and discuss how it provides a more seamless experience for our users.

Azure AD Self-Service Password Reset


Lesson Description:

With identity being so critical in today's cloud-centric world, it's important we ensure user logins work without issues. Self-Service Password Reset (SSPR) is one such Azure AD feature that helps to achieve that. SSPR provides end-users with the ability to reset their own passwords, without having to call a helpdesk. Through the use of authentication methods, such as secret questions, email, or text message, users can reset their own password after verifying their identity. In this lesson we will:Configure SSPR Enable two authentication methods Take a look at the end-user experience with SSPR

Access Control

Azure AD Identity Protection


Lesson Description:

By using machine learning, Microsoft can alert us of things that appear "risky," with respect to Azure AD idenities. Azure AD Identity Protection looks for patterns across our environment, and is able to report when something looks suspicious. With modern organizations supporting multiple devices, locations, and cloud applications, it is important that we have as much control over identity as possible. In this lesson we will look at:What Azure Identity Protection is Risks and vulnerability assessments Policies which can use this information to both proactively and reactively control authentication

Multi-Factor Authentication


Lesson Description:

Multi-factor authentication (MFA) helps secure user identities by adding an additional requirement for users logins. In most cases, users login with a username and a password. MFA refers to the need for something else to be required during login. It might be something like a mobile phone, a hardware token, or an email account. With MFA, a user then requires something they know (username + password) and something they have (mobile phone) to help protect against weak passwords, leaked credentials, etc. Throughout this course we look at:How to enable MFA Different MFA authentication types The MFA enrolment process

Azure AD Conditional Access Policies


Lesson Description:

Azure AD provides a number of related services or features which improve access control. For example, multi-factor authentication and identity protection. In recent lessons we've seen how we can restrict access using these services. But what if we want to ignore MFA for a specific cloud app? What if we want to block any Azure admin access to the Azure portal if it is risky? Conditional access policies provide us with this type of flexibility, and the ability to assess and apply access restrictions based on a range of conditions. In this lesson we will:Discuss important conditional access features Create a conditional access policy Use functionality for testing whether our policies will work the way we intend

Role-Based Access Control


Lesson Description:

Role-based access control (RBAC) provides us with the ability to manage permissions on resources within an Azure subscription. There are two main ways to assign RBAC permissions:Built-in, roles which are defined by Microsoft already Custom roles, which we can define ourselves to configure allow/deny access exactly as we chooseIn this lesson, we'll cover:What RBAC achieves, compared to our other access controls How we can assign RBAC roles How we can configure and assign custom RBAC roles How to troubleshoot / view effective permissionsHelpful commands and links: To create a custom role from our JSON definition: az role definition create --role-definition ./customRole.json We could also assign the role from CLI: az role assignment create --role LAAzureAdmin --assignee username --resource-group rgname

Hybrid Identities

Hybrid Identities


Lesson Description:

Hybrid identity is the practice of creating a single user identity for authentication, and authorization to all resources whether they're on-premises or in the cloud. In order to have identity that exists in both places, on-premises and within Azure AD, we use a solution called Azure AD Connect. Within this lesson we'll take a look at:What Azure AD Connect is, and what it does The three main sign-on (authentication) modes Single sign-onThis lesson prepares us for the following lesson, Azure AD Connect, where we will actually configure hybrid identities.

Azure AD Connect


Lesson Description:

As we discussed in the previous lesson, Azure AD Connect is a Microsoft solution which allows us to configure hybrid identities. In this lesson, we'll walk through a demonstration installation of Azure AD Connect using Password Hash Sync (PHS). In this lesson, we will cover:Requirements for using Azure AD Connect Configuring Azure AD Connect with PHS How staging mode is configured Using management tools to control syncrhonizationImportant tools and tips:Failing to use a routable-domain for the user-principal name (UPN) can result in login issues Syncrhonization Service Manager allows management of the connectors and synchronization profiles Synchronization can be triggered using: Start-ADSyncSyncCycle: -PolicyType Intial option is for the initial sync -PolicyType Delta is for differential syncIn staging mode, synchronization will run (both automatically or if you use the command) but will not do an actual export to Azure ADHelpful links:Azure AD Connect option comparison

Hybrid Networking

Azure VPN Gateway


Lesson Description:

Azure VPN Gateway supports hybrid connectivity between an Azure Virtual Network (VNet) and:A remote site using site-to-site (S2S) VPN A single computer using peer-to-site (P2S) VPN Another VNet using vnet-to-vnetWhen configuring a Virtual Network Gateway for VPN, we call this a VPN Gateway. Throughout this lesson we will:Configure a VPN Gateway Configure a S2S VPN, including all required resources Cover off some key considerations and properties

Azure VPN Gateway Troubleshooting


Lesson Description:

In Azure VPN Gateways, the underlying infrastructure is deployed to a GatewaySubnet and fully managed by Microsoft. This can make troubleshooting difficult. Because of this, it helps to know some of the methods available to us should we need to troubleshoot. In this lesson we'll take a look at:Network Watcher VPN Troubleshoot, Azure Gateway Health Probe.Helpful linkshttps://YourVirtualNetworkGatewayIP:8081/healthprobe

ExpressRoute - Part 1


Lesson Description:

ExpressRoute provides a secure, and more direct, connection between on-premises networks and a Virtual Network (VNet) within Azure. Unlike a site-to-site VPN, ExpressRoute does not traverse the public Internet. Instead, peering providers are used to establish a redundant connection to the Microsoft network edge. Using ExpressRoute, we have access to Private and Public Peering. Private Peering provides connectivity to our VNet, whereas Public Peering provides direct connectivity to Microsoft services, such as Office 365. In Part 1 of this lesson, we will:Discuss the use cases for ExpressRoute Look at Private and Public Peering Configure a VNet Gateway using PowerShellIn Part 2, we'll continue the configuration of ExpressRoute. PowerShell commands used in this lesson: Please note: Microsoft has updated PowerShell with a new, but very similar module for managing Azure. The concepts in this video are still correct. An update is planned to include the new PowerShell modules.Save our vnet1 information to a variable: $vnet1 = Get-AzureRmVirtualNetwork -ResourceGroupName vnet1rg -Name vnet1 Save our GatewaySubnet information to a variable: $gwsubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet1 Create a public IP for the VNet gateway: $gwIP = New-AzureRmPublicIpAddress -name "ergwip01" -ResourceGroupName $vnet1.ResourceGroupName -Location $vnet1.Location -AllocationMethod Dynamic Create the VNet gateway network config: $gwconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name "ergw01IpConfig" -SubnetId $gwsubnet.Id -PublicIpAddressId $gwIP.Id Create the VNet gateway: $gw = New-AzureRmVirtualNetworkGateway -Name "ergw01" -ResourceGroupName $vnet1.ResourceGroupName -Location $vnet1.Location -IpConfigurations $gwconfig -GatewayType "ExpressRoute" -GatewaySku Standard

ExpressRoute - Part 2


Lesson Description:

In Part 2 of our lesson on ExpressRoute, we cover:The creation of an ExpressRoute circuit The use of our Connection resource Important information about the provisioning process Important information about routing/peering configuration

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Azure Site Recovery Migrations

Azure Backups


Lesson Description:

Azure Backups is a managed backup service provided by Microsoft. It includes a range of tools to support backing up both Windows and Linux data from on-premises storage systems, other cloud environments, and Azure itself. Whichever Azure Backup tool we use, the first step is always going to be the creation of a recovery services vault. When configuring the software, we will also need to use the vault credentials, so that the software has access to store data in the recovery services vault. In this lesson, we will:Configure a Recovery Services Vault Install the Microsoft Azure Recovery Services (MARS) agent Register the agent with our vault using the credentials Perform a backup Perform the recovery of dataPlease note that when you use Azure Backups you MUST keep a copy of your passphrase, as Microsoft cannot restore this for you. It is recommended you store this within your organization's enterprise password management tool. It is possible to use Azure Key Vault to store this, though that is not it's direct purpose.

Azure Site Recovery - Part 1


Lesson Description:

Using Azure Site Recovery (ASR), we gain access to two main features. First, we get access to disaster recovery through the use of replication and site failover. Second, we can use the same functionality to help perform migrations of on-premises or AWS servers across to Azure. In part 1 of this lesson on ASR we will:Discuss the key components and tools of ASR Get started configuring our demo environment for migrationBe sure to check out Part 2 of this lesson, where we will conclude the installation and configuration of ASR for migrations.

Azure Site Recovery - Part 2


Lesson Description:

In part 2 of the Azure Site Recovery (ASR) lesson, we continue with the installation and configuration of ASR for migration. Through this lesson we will:Complete the preparation of the source environment, Configure replication with ASR for a test server, Review migration options using failover.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Container-Based Apps

Azure Container Registry


Lesson Description:

Az part of working with containers, it helps to have a way for maintaining the container images you develop. Azure Container Registry is a Microsoft managed implementation for managing those images, and it's compatible with Docker Registry v2.0. Whilst containers do not feature heavily in AZ-300, we will still take a glance at them, and their purposes. Through this lesson, we will: Discuss the fundamentals of containersCreate a docker container imageCreate an Azure Container Registry repositoryPush our image to our new repositoryDocker demonstration **Please note:** within this lesson we will walk through a basic demonstration of using docker. These steps are completed on macOS using Docker Desktop for Mac, but can be completed on many different operating systems. If you wish to follow along, you will need: Docker DesktopA text editor (VIM is used within the video, but any is fine)A CLI shell (e.g. PowerShell, Bash, etc.)You will not be expected to perform these tasks within AZ-300. This demonstration is purely to help provide some context. Please see our other Docker courses here at Linux Academy if you would like to explore this topic further. Command line tools used in this lesson: To build our image: docker build -t hellola-web:v1 .To create the registry: az acr create --resource-group containersrg --name laazreg01 --sku BasicTo prepare our image: docker tag hellola-web:v1 log into our registry: docker login laazreg01.azurecr.ioTo upload our image: Docker push Content (if you wish to follow along): Create a folder called  hellola wherever you wish to work on your file system (e.g.  /usr/share/nginx/html)Create the following two files within this folderNote: this is the same content from the lesson, except that the image has been removedindex.html

<title>AZ-300 Image: Example Page</title>
    <p>Welcome to the AZ-300 Test Page</p>
FROM nginx:alpine
COPY . /usr/share/nginx/html

Azure Container Instances


Lesson Description:

Once a container instance is developed, it needs to be deployed container engine, in order for it to run. We refer to the running image as a container. Microsoft provides a really easy-to-use service for deploying and running containers: Azure Container Instances. In this lesson we will:Discuss when we should use Azure Container Instances Deploy a container from the image we created earlier Test that our container is working

Azure Kubernetes Service


Lesson Description:

Kubernetes itself is an open-source solution, which helps with the management of a multi-container environment. Using Azure Kubernetes Service (AKS), we can easily deploy a fully managed Kubernetes cluster. Throughout this lesson, we will:Discuss when to use AKS Create an AKS cluster Review AKS management options within the portal Consider Kubernetes cluster management options

Web Apps

Azure Web Apps


Lesson Description:

Azure Web Apps is a platform-as-a-service (PaaS) solution which simplifies the deployment of web apps to the cloud. Using Web Apps, there's no need to manage the underlying infrastructure. They also provide features like auto-scale, SSL, custom domains, and more. Through this lesson we'll work through the:Creation of an App Service Plan Deployment of a Web App using a container image

Background Tasks with WebJobs


Lesson Description:

Using WebJobs for Web Apps, we can create background tasks that run continuously, run on a schedule, or get manually triggered. In this lesson, we cover the key elements of WebJobs, including:How to configure WebJobs in the Azure Portal App Settings which we need to configure for Continous WebJobs The folder location of WebJobs within App_Data How to manage WebJobs and view log informationHelpful information and links:Note: WebJobs is not supported for App Service on Linux Using CRON schedules:

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Serverless Architecture

Azure Functions


Lesson Description:

Note: The Azure Portal interface has changed since this lesson was recorded. All concepts taught in this lesson are still valid and remain unchanged. You will also see that the 'Application Settings' section has changed to 'Configuration' and includes settings across two tabs. Traditional monolithic applications have various different components performing different functions. Some times an application might be sitting idle, just waiting for something to happen. For example, if an application is responsible for encoding media files, it needs to await the upload of those files before it can get started. Azure Functions helps in these scenarios, by allowing us to create very focused code which serves a single purpose. Whilst the code is not operating, we don't have to pay for the underlying infrastructure (when using the Consumption Plan). In this lesson, we will:Create an Azure Function App Create a Function within the Function App Configure a trigger, and output binding Take a look at management operations

Logic Apps


Lesson Description:

Logic Apps are often referred to as "the glue that binds services together." Through advanced workflows, Logic Apps can integrate a plethora of services together, in a range of different ways. For example, we might need to monitor storage for uploads. Once a file is uploaded, we may need to call a Function App, send an email, and create a transaction record in our database. In this lesson we will:Create a Logic App Walkthrough a basic workflow which deletes old blobs in Blob Storage Review some key management operations

Message-based Integration Architecture

Event Grid


Lesson Description:

Note: The Azure Portal interface has been updated and may appear different for you. All concepts taught in this lesson are still valid & remain unchanged. Event Grid is a managed service for the publishing of and subscribing to event information. Events are small pieces of information about something that has happened. Using Event Grid we can avoid the need for our backend application having to constantly poll/query something when monitoring for an event. Instead, our backend application can subscribe to an Event Grid topic, and wait to be sent that information once the event occurs. Through this lesson we will:Discuss the core components of Event Grid Consider an example of when to use Event Grid Create an Event Grid, Topic, and Subscription Use the Python SDK to publish information to the TopicHelpful Links:Event Grid SDK's: Code samples: Python specific code sample:

Notification Hub


Lesson Description:

Notification Hubs is a fully managed, cross-platform solution for simplifying the use of push notification services (PNS). In this lesson we will:Discuss the use cases of Notification Hubs, Configure a Notification Hub, and Walk through the resource hierarchy and security.Important Notes:The Notification Hub is accessed via, Access to the hub is restricted with the access policies, You must register with each PNS you need to support.See an example for configuring iOS here:

Event Hub


Lesson Description:

An Event Hub is a massively scaling event ingestion and streaming service, fully managed by Microsoft. Typical use cases for Event Hubs would include live dashboards at banks that monitor data, process transactions, or detect anomalies. Event Hubs process millions of events per second, and enable a publish-subscribe model which supports partitioned consumer programming patterns. Through this lesson we will cover:Event Hub resource hierarchy Creation of an Event Hub within a namespace Important information about security Partitioned consumer model

Service Bus


Lesson Description:

Services Bus is one of Microsoft's many messaging and integration services. It's typically used when delivering very important messages between solutions. Service Bus provides a range of capabilities which ensure that messages are delivered without issue, are not lost, and are not duplicated. Throughout this lesson we will:Discuss the features and benefits of Service Bus Configure a Service Bus and walkthrough the resource hierarchy Configure both queues and topics Cover a range of important queue properties

Azure Relay


Lesson Description:

If an on-premises solution needs public accessibility and connectivity, Azure Relay can help. Using the Azure Relay SDK's, it's possible to create either a Hybrid Connection or WCF Relay that provides public connectivity to on-premises services, without requiring major firewall changes. Through this lesson we will cover:Creation of a Azure Relay namespace Configuration of a Hybrid Connection Configuration of authentication Demonstration of sample code for sending/receiving information through the relayUseful links:Microsoft sample code and guidance: Azure Relay SDK/API information:

Authentication and Data Security

Managed Identity


Lesson Description:

Using a Managed Identity, we can securely authenticate Azure services against other Azure services. This helps to avoid the need for storing and rotating credentials within code, which could potentially be exploited. In this lesson we will:Associate a Managed Identity with a VM Assign the identity permissions to a subscription Retrieve a token from the Instance Metadata Service Use that token to authenticate against the ARM APICommands used in this lesson include:Retrieve the token: curl '' -H Metadata:true Retrieving resource group info: curl -H "Authorization: Bearer <TOKEN>"<SUB>/resourceGroups/<RG>?api-version=2016-09-01 Retrieve resource group info: curl -H "Authorization: Bearer <TOKEN>"<SUB>/resourceGroups/1?api-version=2016-09-01 Delete resource group: curl -X DELETE<SUB>/resourceGroups/<RG>?api-version=2018-05-01 -H "Authorization: Bearer <TOKEN>

Confidential Compute


Lesson Description:

Through research and development, Microsoft have been investing in securing Azure resources in a range of ways. Confidential Compute focuses on efforts toward encrypting data "in use". Generally when we talk about encryption, we focus on "at rest", and "in transit". Encryption in use is achieved through the use of Trusted Execution Environments (TEEs). In order to harness TEEs, we must use the Open Enclave SDK. Through this lesson we will:Discuss the purpose of Confidential Compute Consider the use of the Open Enclave SDK Navigate through the creation of Confidential Compute VMs Discuss various requirements and concepts

Key Vault


Lesson Description:

Where do applications and scripts store confidential information securely? The Azure Key Vault. The Key Vault is designed for securely storing secrets, keys, and certificates, all with programmatic access in mind. Using the Key Vault API we can create, delete, and manage entities within the Key Vault. Note: Managed Identities aren't required for interacting with the Key Vault service, however they help avoid the need for storing credentials to access Key Vault itself (which can defeat the purpose). In this lesson we will:Use Managed Service Identity for a Virtual Machine, to securely access a Key Vault Manage access controls for the Key Vault data plane Walkthrough a Python script, which will securely access and retrieve a secret from our Key VaultHelpful Links:Microsoft tutorial on accessing the Key Vault with the API and Python: Key Vault REST API Reference:

Azure Disk Encryption


Lesson Description:

Azure Disk Encryption (ADE) is a service which protects information on your Virtual Machine (VM) Operating System and Data disks. Whereas Storage Service Encryption (SSE, which is enabled by default) protects your VM disks at rest in the Microsoft datacenters, ADE encrypts the information inside the disks itself. Through this lesson, we will:Configure a Key Vault for ADE Enable ADE on a virtual machine Check the status of encryptionCommands used in this lesson:Enabling encryption: az vm encryption enable -g vmencrypt -n vmencrypt --disk-encryption-keyvault /subscriptions/c95fdfe4-2593-410e-8901-3de366c89013/resourceGroups/keyvault01org/providers/Microsoft.KeyVault/vaults/laazkv01 Showing the VM encryption status: az vm encryption show -g vmencrypt -n vmencryptHelpful Links:Enabling encryption:

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Azure SQL Database

Azure SQL Database: Part 1


Lesson Description:

Azure SQL Database is Microsoft's fully managed, SQL Server-as-a-service solution. It includes a range of options with functionality like an on-premises SQL Server. Working with Azure SQL Database helps avoid the need for managing underlying infrastructure, and provides an easy way to get up and running with cloud-based relational databases. In Part 1 of this lesson, we will:Discuss the three main types of Azure SQL Database Configure a SQL Server, Elastic Pool, and Database Discuss authentication and encryption optionsPlease note: Microsoft also now consider Azure SQL VMs to be one of the Azure SQL deployment options. Below is a quick summary of the options:Azure SQL Database: PaaS solution which is fully managed and provides a managed SQL experience Azure SQL Managed Instances: PaaS solution which is fully managed, but provides a "near-100%" compatible Microsoft SQL Server Instances experience Azure SQL VM Images: Images which are pre-configured for Microsoft SQL Server - this provides the full Microsoft SQL Server experience and functionality Azure SQL Elastic Pools: an option to pool Azure SQL Servers together to provide better utilization of resources

Azure SQL Database: Part 2


Lesson Description:

In Part 2 of the Azure SQL Database lesson, we will walkthrough some basic code which uses SQL queries that view and modify our database. In this lesson we will:Use Node.JS to connect from a Mac computer to our database Use SQL query language to view and modify tables.Helpful links:Tedious Node.JS module for SQL interaction Microsoft Node.JS getting started guidePlease note: if you wish to follow along with the example used in this lesson, the following information may help:Use the getting started guide above to ensure you have Node.js and the ODBC driver installed Use the code sample provided from the getting started guide Ensure you have a SQL server and database configured Ensure you have allowed client access in the SQL firewall, from the computer you are using You can use any text editor you desire You can use any computer/OS that supports the Node.js and ODBC driver used in the getting started guide

Cosmos DB

Cosmos DB: Part 1


Lesson Description:

Cosmos DB is a multi-master, multi-mode, planet-scale managed database solution. With Cosmos DB you can develop applications that will have rapid and reliable access to data all over the world. Cosmos DB is a distributed database with transparent replication. In Part 1 of this lesson, we will:Create a Cosmos DB namespace Discuss various configuration items Use code to create a database, collection, and itemsIn Part 2, we will discuss the importance of partitioning and default consistency levels. Helpful Links:Cosmos DB SDK notes Python getting started

Cosmos DB: Part 2


Lesson Description:

In Part 2 of our Cosmos DB lessons, we discuss two important design considerations: partitioning, and consistency. Partitioning is focused on the way in which data is distributed across infrastructure for high availability and scalability. Consistency refers to how "up to date" our information will be in a globally distributed model. For example, if data is written in Australia and then read in America, will the America read transaction have to wait until synchronizing with Australia? Or is it OK for the read transaction to return old information, so long as it eventually becomes "current". In this lesson we will discuss:The importance of partitioning Tips for selecting a partition key The importance of consistency The five different consistency options availableHelpful links:Choosing a partition key Consistency levels

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Bonus Content
Final Steps

What's Next?


Lesson Description:

Congratulations!! You have completed over 70 lessons, learnt about more than 25 Azure services, and covered even more features and configurations. In this video we'll go over some tips for how to prepare for the AZ-300 exam, including hands-on labs, flash cards, and the practice exam. I'm very thankful to you for coming along on this learning journey with me. If you have any questions please feel welcome to reach out! I'll see you in the next course! Please reach out to me directly with any questions or concerns, or through our community. I'm always happy to help:Email: LinkedIn: James Lee Twitter: @jamesdplee Slack: I'm always in the #azure and #az-300 channels (you can join our community slack here)

About the Exam


Lesson Description:

The AZ-300 exam is one of two exams required to become certified as a Microsoft Certified Azure Solutions Architect Expert. You can book the exam at the following link: In most locations, this exam can be taken either online (Online Proctored) or on-site at an exam testing center. If you have any questions or concerns about the course, or the AZ-300 exam, please feel welcome to reach out to myself or the Linux Academy community.

AZ-300: Microsoft Azure Architect Technologies - Practice Exam


Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial