Skip to main content

Microsoft Azure Infrastructure and Deployment – Exam AZ-100


Intro Video

Photo of Chad Crowell

Chad Crowell

DevOps Training Architect II in Content

Chad currently resides in Austin, Texas where he loves trying local food trucks with his wife and 3-year-old daughter. He was first introduced to the concept of personal development through Jim Rohn back in 2008. This entrepreneur’s unique outlook gave Chad a new perspective and the power to change the trajectory of his life forever. Chad continues to use these philosophies in his work at Linux Academy and hopes to spread his message of personal betterment to anyone that views his content.







Hands-on Labs




Course Details

This course is designed to help you learn and develop the requisite skills to pass the Microsoft Azure AZ-100 certification exam. The AZ-100 exam tests your knowledge in creating, configuring, and managing resources in the Azure Cloud, including but not limited to: managing Azure subscriptions, creating and managing alerts, configuring resource policies and alerts, creating and configuring Storage Accounts, deploying and managing virtual machines, creating and configuring VNET peering and DNS, managing AD Identity protection and objects, along with a lot more!

NOTE: The AZ-100 Exam has been retired early by Microsoft. The contents in this course is still useful as a supplement to the AZ-103 exam.



About the Course


Lesson Description:

This course is an in-depth discovery on how to create infrastructure and deploy solutions in Azure. In this course, we will learn about Subscriptions, Virtual Machines, Virtual Networks, Storage Accounts, and Azure Active Directory. This course will also prepare you for the AZ-100 exam, which is one of the two exams required to achieve the Microsoft Certified Azure Administrator certification. I look forward to seeing you in this course! NOTE: The AZ-100 Exam has been retired early by Microsoft. The contents in this course is still useful as a supplement to the AZ-103 exam.

About the Training Architect


Lesson Description:

Hello! My name is Chad and I am the Training Architect for this course!

About The Book of Nephele


Lesson Description:

The Book of Nephele is meant to be the main interactive diagram to use with this course. It will provide further explanations and diagrams to help you grasp the concepts and aid your learning. LinkThe Book of Nephele

How to Use The Book of Nephele


Lesson Description:

The Book of Nephele is used to follow along with the course. You will see that the videos correspond with the sections of the diagram, so if you are ever lost, just click on the button that has the same title as the video. You can resize the diagram by clicking Zoom to Page in the lower left. It is advised to use Internet Explorer for best performance, although it is not a requirement. LinkThe Book of Nephele

Course Features and Tools


Lesson Description:

On the course syllabus page, there is a Course Features section which includes the course scheduler, hands-on labs, practice exams, flash cards, community, and study tools.

Creating an Azure Account and Billing Alerts


Lesson Description:

In this video, we go through how to set up a brand new account in Azure. It does require a credit card to sign up, but there may be an introductory deal available in your region. See the following link to sign up for your free account and follow along throughout the rest of the course. Links:Create an Account Azure Pricing Calculator Create Billing Alerts

Getting Started with Azure

Azure Introduction


Lesson Description:

In this section, we will build a foundational knowledge to attack the rest of the course with a vengeance. This fundamental knowledge will help us better grasp more complex concepts later in the course.

What is IaaS?


Lesson Description:

Infrastructure as a Service is a utility that you can use to quickly create apps and services in Azure with little to no upfront cost. This presents the ability for anyone to build easily scalable systems and invites malicious intruders to potentially pose a threat to those systems when open to the Internet. In this lesson, we determine what your responsibility is when creating these systems. Throughout this course, we will learn how to configure each one of these pieces to determine how to take control of your infrastructure and help eliminate fault. LinksShared Responsibility Model

Azure Terminology


Lesson Description:

As we go through this course, I may use terminology that you are unfamiliar with. So, I’ve cleared things up in this lesson to help you better understand the unique terminology used in Azure and how it all fits together. LinksAzure Marketplace Region Availability

What are Resources?


Lesson Description:

Resources are any instance of a service in Azure. How you manage your resources is important in Azure, and it may behoove you to know the capabilities and limitations of handling resources within Azure. Also utilizing Tags, Locks, Policies and other resource attributes will help your entire organization from billing to management. LinksAzure Account Center Complete List of Azure Resource Limits

Regions, Zones, and Sets


Lesson Description:

Azure Regions, Availability Zones and Availability Sets are all used to create highly available and fault-tolerant systems. They are features that are included by default and you can start using them today (fees apply). There are 54 regions worldwide that provide the availability of services to IaaS customers. Within those regions are availability zones and availability sets to protect your infrastructure from failure. Furthermore, availability sets will help your infrastructure scale up and down automatically, according to a set of rules. These are all powerful features which allow you to eliminate downtime. LinkAzure Region Availability by Service

Azure Services


Lesson Description:

Services and the availability of services is a very important concept. In this lesson, we will talk about the ways in which you can maintain the performance of your resources that you would come to expect from a cloud provider. We also talk about Service Level Agreements (SLAs), which are guarantees of service set by Azure. It is important to look at the details of this agreement in order to allocate enough resources to cover any possible outages that may occur during your application or service lifecycle. LinksAzure SLAs by Product Availability of Service by Region Content Delivery Networks (CDN)

Azure Review


Lesson Description:

Let’s review what we’ve learned in this section and take a look at some important items for the exam! We have covered a lot for a fundamental understanding. Most importantly, always ask yourself, “how can I do this in the Azure Powershell and Azure CLI as well as the Azure Portal?” This will help you for the exam. Now that we have a fundamental understanding of Azure, let’s jump right in! LinksAzure Preview

Mission #1: Organize and Control

Assigned Mission #1: Organize and Control


Lesson Description:

You have been assigned Mission #1. Should you chose to accept it, we will cover organizing and controlling subscriptions and resources in Azure. We will help the Contoso Company gain control of their budget for IT spending along with introducing better tracking for their users and resources.

Manage Azure Subscriptions

Create a Subscription and Assign Permissions


Lesson Description:

Being able to create and manage a subscription is a crucial task in Azure. There are many ways to assign permissions, including Azure Active Directory, Azure RBAC Roles and the Classic Subscription. Understanding what each one of them does and how to effectively manage your users and groups is the goal with this section. If you haven’t created an Azure account yet, please do so by referring to the “Creating an Azure Account & Billing Alerts” video in this course. Powershell commands

$roleassignment = Get-AzureRmRoleAssignment |Select-Object -First 1 -Wait
Remove-AzureRmRoleAssignment -InputObject $roleassignment
LinksAzure RBAC Roles Azure AD Roles Azure Account Center Azure Claissic Subscription Administrators

Configure Subscription Policies


Lesson Description:

Policies enact rules for building infrastructure in Azure. These rules can be used to deny the creation of resources or just simply report on the compliance. There are a number of built-in policies which will provide you with common security compliance definitions. In this lesson, we will discover how to create and remove policies using the Portal, Powershell, and Azure CLI. Powershell Commands Register Policy Insights Provider

Register-AzureRmResourceProvider -ProviderNamespace “Microsoft.PolicyInsights"
Create the Resource Group Variable
$rg = Get-AzureRmResourceGroup -Name 'resourceGroupName'
Create Policy Definition Variable
$definition = Get-AzureRmPolicyDefinition | Where-Object { $_.Properties.DisplayName -eq 'Audit VMs that do not use
managed disks' }
Create the Policy
New-AzureRmPolicyAssignment -Name 'audit-vm-manageddisks' -DisplayName 'Audit Virtual Machines without Managed Disks Assignment' -Scope $rg.ResourceId -PolicyDefinition $definition
Remove the Policy
Remove-AzureRmPolicyAssignment -Name 'audit-vm-manageddisks' -Scope '/subscriptions/subscriptionID/resourceGroups/resourceGroupName'
Azure CLI Commands Register Policy Insights Provider
az provider register --namespace 'Microsoft.PolicyInsights'
Query for the Policy ID
az policy definition list --query "[?displayName=='Audit VMs that do not use managed disks']"
Create the Policy
az policy assignment create --name 'audit-vm-manageddisks' --display-name 'Audit Virtual Machines without Managed Disks Assignment' --scope 'scope' --policy 'policy definition ID'
Delete the Policy
az policy assignment delete --name 'audit-vm-manageddisks' --scope "/subscriptions/subscriptionID"

Setting up Cost Quotas and Tagging


Lesson Description:

Cost is a major factor for any organization, especially when costs can rise unexpectedly due to one simple change. You can better track these changes over time with cost management tools such as tags, advisor, and by adjusting your quotas. In this lesson, we will gain visibility into cost and help demystify billing for an organization of any size. Powershell Commands

Set-AzureRmResourceGroup -Name az-100-course -Tag @{ Dept="IT"; Environment="Test" }
$tags = (Get-AzureRmResourceGroup -Name examplegroup).Tags
$tags.Add("Status", "Approved")
Set-AzureRmResourceGroup -Tag $tags -Name examplegroup
$r = Get-AzureRmResource -ResourceName examplevnet -ResourceGroupName examplegroup
$r.Tags.Add("Status", "Approved") 
Set-AzureRmResource -Tag $r.Tags -ResourceId $r.ResourceId -Force
Get-AzureRmVMUsage -Location “East US”
Azure CLI Commands
az resource tag --tags Dept=IT Environment=Test -g examplegroup -n examplevnet --resource-type "Microsoft.Network/virtualNetworks"
LinksAzure Pricing Calculator

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Analyze Resource Utilization and Consumption

Subscription-level Metrics, Logging, and Alerting


Lesson Description:

Metrics and logging are perfect for seeking more information about your resources in Azure. Metrics provide real-time information about a specific event, whereas logs provide a detailed explanation of past events over a longer period of time. In this lesson, we talk about the differences between activity logs and diagnostic logs. We also talk about metrics and how to set alerts based on specific metric values. There are some useful demonstrations on how to set alerts for CPU capacity and send that alert via email to your team. LinkServices Supported by Diagnostic Logs

Configure Diagnostic Settings on Resources in Azure


Lesson Description:

Diagnostic Settings need to be enabled in order for you to collect logs on a resource. Furthermore, there are agents that can be installed on each individual Virtual Machine which capture OS-level data. All types of diagnostic logs can be saved to a storage account, streamed to an event hub or analyzed in Log Analytics. In this lesson, we go through how to enable the diagnostic settings through the portal, Powershell, and Azure CLI. Then, we install the agent on one of the Linux VMs we created previously using a script. Powershell Command

Set-AzureRmDiagnosticSetting -ResourceId [your resource id] -StorageAccountId [your storage account id] -Enabled $true
Azure CLI Command
az monitor diagnostic-settings create --name nameOfDiagnostics --storage-account StorageAccountName --resource TargetResourceObjectID --resource-group StorageAccountResourceGroup script
# Set your Azure VM diagnostic parameters correctly below

######### Select the subscription containing the storage account
az account set --subscription yourSubscriptionID

######## Download the sample Public settings. (You could also use curl or any web browser)
wget -O portal_public_settings.json

######### Build the VM resource ID. Replace storage account name and resource ID in the public settings.
my_vm_resource_id=$(az vm show -g $my_resource_group -n $my_linux_vm --query "id" -o tsv)
sed -i "s#__DIAGNOSTIC_STORAGE_ACCOUNT__#$my_diagnostic_storage_account#g" portal_public_settings.json
sed -i "s#__VM_RESOURCE_ID__#$my_vm_resource_id#g" portal_public_settings.json

########## Build the protected settings (storage account SAS token)
my_diagnostic_storage_account_sastoken=$(az storage account generate-sas --account-name $my_diagnostic_storage_account --expiry 2037-12-31T23:59:00Z --permissions wlacu --resource-types co --services bt -o tsv)
my_lad_protected_settings="{'storageAccountName': '$my_diagnostic_storage_account', 'storageAccountSasToken': '$my_diagnostic_storage_account_sastoken'}"

########### Finallly tell Azure to install and enable the extension
az vm extension set --publisher Microsoft.Azure.Diagnostics --name LinuxDiagnostic --version 3.0 --resource-group $my_resource_group --vm-name $my_linux_vm --protected-settings "${my_lad_protected_settings}" --settings portal_public_settings.json

Analyze and Alert on Log Data in Log Analytics


Lesson Description:

Log analytics offers a lot of extensibility when it comes to analyzing data and the ways in which you can filter results to be more informed. You can also set alerts based on query searches and become aware of the problem in order to stay proactive and prevent future problems from arising. In this lesson, we discover the different ways you can search for results, save them, and then export them to CSV or Power BI. These tools will certainly come in handy for the Contoso company, saving them from having to track down issues after the problem has already caused downtime. LinksWriting Queries in Log Analytics

Monitoring, Reporting, and Notification Preferences


Lesson Description:

Understanding what is being used within your environment and what will need to be eliminated is huge for cost savings and eliminating waste for your company. In this lesson, we will go through how you can gain visibility into everything from cost per daily usage, to region availability status, all customized to your account. This is very important in order to meet your SLAs and ensure that your services will be up and running in the most efficient manner. Let’s take a look at all the ways you can report on uptime and cost of your infrastructure in Azure. LinksUnderstanding the Billing History Report Total Cost of Ownership Calculator Azure Account Center

Manage Resource Groups

Allocate and Configure Resource Policies and Locks


Lesson Description:

Policies are important for managing resources and resource groups. Policies can apply to individual resource groups, making them a key component of controlling the resources within that resource group. In this lesson, I will let you in on a little secret about cloud shell that not many people know. Also in this lesson, we will create a policy from scratch, which is good fun! Management Groups are also a very important feature in “policymaking” for Azure. Locks are also important for preventing change within our resource groups, whether that’s deleting or modifying any resource or resource group. This lesson is jam-packed! Create Policy Command

az policy definition create --name 'must match name pattern' --display-name 'naming pattern must match for resources' --description 'resource names must match naming conventions' --rules rules.json --params params.json --mode All
    "if": {
        "not": {
            "field": "name",
            "match": "[parameters('namePattern')]"
    "then": {
        "effect": "deny"
    "namePattern": {
        "type": "String",
        "metadata": {
            "description": "pattern name can include ? for letters, # for numbers"

Removing, Changing, and Tagging Resource Groups


Lesson Description:

There are some important considerations you have to make before moving resources from one resource group to another. In this lesson, we run into a few mishaps with doing just that. Also, there are some recommendations for tagging your resource group to make organizing and refreshing your resources less of a headache. LinksChecklist Before Moving Resources Validate Move Operation Resources That Don't Support MovePowershell Commands

$Resource = Get-AzureRmResource -ResourceType "Microsoft.Network/virtualNetworks" -ResourceName "az100coursevnet739"
Move-AzureRmResource -ResourceId $Resource.ResourceId -DestinationResourceGroupName "newresources"

Remove-AzureRmResourceLock -ResourceGroupName newresources -ResourceName lock -ResourceType Microsoft.Authorization/locks

Remove-AzureRmResourceGroup -Name newresources

Review Mission #1

Reviewing Mission #1


Lesson Description:

Let's take a look at our mission folder and see if we've completed all the mission tasks. Congratulations on completing this mission, and looking forward to the next one!

Mission #2: Accessing and Securing Data Storage

Assigned Mission #2: Accessing and Securing Data Storage


Lesson Description:

Mission #2 is an important one. Your mission, if you should choose to accept it, is to ensure that the Contoso Company’s data is secure but easily accessible at the same time. They would like to take advantage of Azure’s built-in features like Storage Accounts, Blobs, and Shared Access Signatures to increase the security around their data and sensitive information.

Create and Configure Storage Accounts

Storage Accounts and Blob Storage


Lesson Description:

Storage Accounts in Azure are quite extensible. They offer many different options for speed and reliability and come in many different shapes and sizes depending on what you’d like to use them for. In this lesson, we will discover what’s in a storage account and discuss the details of blob containers and the various options for storing your unstructured data. LinksStorage Pricing Detail

Securing Storage with Access Keys and Shared Access Signatures


Lesson Description:

If you don’t wish to allow access to your storage publically, securing your storage based on a time domain, level of read/write permissions, and keys are possible using shared access signatures. These signatures are generated from your access keys, which are automatically generated when you create your storage account. For further control, there is an immutable policy as well for things like a legal hold. Firewalls and virtual networks can be restricted for further access. LinksStorage Security Guide

Connecting and Managing Storage with Storage Explorer


Lesson Description:

Storage Explorer can be a useful tool for accessing multiple storage accounts in one GUI interface. You can install Storage Explorer on Windows, MacOS and Linux. In this lesson, we will go over how to connect to storage using an Azure account, an access key, and a shared access signature. LinksDownload Azure Storage Explorer Install Storage Emulator for Linux

Monitor and Protect Storage for High Availability


Lesson Description:

Monitoring and Alerting is available for the Storage Service in Azure. This can be useful when trying to troubleshoot performance problems when using storage in Azure. You have four different options to replicate your storage in Azure, which guarantees an SLA for durability of data. In this lesson, we see how we can detect when someone is generating an access key through the activity log. LinkStorage Replication Billing

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Import and Export Data to Azure

The Azure Import/Export Service


Lesson Description:

Sometimes, when you are transferring large amounts of data to or from Azure Storage, you experience latency, timeouts, and have to wait multiple hours or days for the data to be transferred. As an alternate way to send data back and forth, Azure has built the Import/Export service. Using this service, you can use a carrier like FedEx to send drives back and forth. The process for importing and exporting your data becomes even easier once the data has been transferred. CDN endpoints can also be used for downloading large files from Azure as they cache the storage at a local endpoint datacenter.

Import Data into Blobs or Files


Lesson Description:

In this lesson, we will prepare the drives to be shipped using the WAImportExport tool. Download version 1 and 2 below. Version 1 would be used for preparing your drives to import data into blobs and Version 2 of the tool would be used for importing into files. The process is similar, except for the information you would provide in the dataset.csv and driveset.csv files. In this lesson, we go through the process of preparing your drives and using the WAImportExport tool. LinksWAImportExport V1 Download WAImportExport V2 Download Import to Files Tutorial Import to Blobs Tutorial

Export Data from Blob Storage to Disk Drives


Lesson Description:

Exporting data from your storage account requires a valid Fedex or DHL account, a General Purpose V1 storage account, and the correct number and type of disks to supply the Azure datacenter. You can specify all or some of the blobs in your storage account. You can also create a blob list file, which is an XML file containing details of the blobs to export. In this lesson, we will go through the process and talk about the requirements, steps, and post-job operations. LinkUsing the RepairExport Tool Exporting data from Blob Storage

Configure Azure Content Delivery Network (CDN) Endpoints


Lesson Description:

In the context of importing and exporting data, Content Delivery Networks can speed up the delivery of data using endpoints. These endpoints have caching capability, and even for blobs that can’t be cached, CDN does advanced routing and optimization that can deliver your content faster. LinksCDN Pricing CDN Product Features ComparisonPowershell Commands

$endpoint = Get-AzureRmCdnEndpoint -ProfileName contosocdn -ResourceGroupName az-100-course -EndpointName contosoendpoint
$endpoint.IsCompressionEnabled = $true
$endpoint.ContentTypesToCompress = "text/javascript","text/css","application/json"
Set-AzureRmCdnEndpoint -CdnEndpoint $endpoint

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Configure Azure Files

Create a File Share in Azure Files


Lesson Description:

The File Share Service saves us a lot of time and effort by allowing authenticated access from anywhere via SMB 3.0. The fully managed service also includes encryption at rest and in transit. In this lesson, we will go through how to create a file share in the portal and Powershell. Then, we will mount the file share to a Linux VM. LinkFile Share Naming ConventionsPowershell Commands

$storageContext = New-AzureStorageContext contosostorage4 <storage account key>
$share = New-AzureStorageShare fileshare2 -Context $storageContext
Terminal Commands
#for debian
sudo apt install cifs-utils
mkdir /mnt/fileshare1
sudo mount -t cifs // /mnt/fileshare1 -o vers=3.0,username=contosostorage4,password=<storage-account-key>,dir_mode=0777,file_mode=0777,serverino

Deploy Azure File Sync Service


Lesson Description:

Syncing your files to your local server allows you to have a cached copy on your local hard disk. This can be useful if your internet connection is poor, or you have a number of frequently accessed files. In this lesson, I will walk you through how to set up the File Sync Agent, create a File Sync Group, and register your server, so that it can sync files successfully. We also cover troubleshooting scenarios, if you run into problems following along yourself. LinksRegion Availability for Azure File Sync Download File Sync Agent Azure Storage Forum Azure Files UserVoice Microsoft Support Troubleshooting File Sync Problems

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Implement Azure Backup

VM Backups using Recovery Services Vault


Lesson Description:

Recovery Services Vault is a required component when backing up machines using Azure. The region placement of that Recovery Services Vault must be the same as the VMs it's backing up. You can create a policy to determine how often to establish recovery points and also how long to keep them for (in number of days). In this lesson, I will demonstrate how to conduct a backup for both Azure VMs and on-premises machines using Recovery Services Vault. LinksStorage Capacity Planner Spreadsheet Agent for Backing Up On-Premises Machines Pre and Post Scripts for Linux Application Consistent Backups

Review Backup Reports


Lesson Description:

Backup Reports allow you to view recursive information about a backup job and both allow us to investigate errors or just to view our backup information over time. This will help with billing and the ability to go back to a certain point in time for recovery. LinkOpen or Signup for Power BI

Snapshot Blobs and File Shares


Lesson Description:

In order to provide a point in time recovery of blobs and file shares, you may take a snapshot of the data within. This allows you to restore from snapshot, if any data is lost or corrupt. In this lesson, we will go over how to conduct a snapshot backup and restore from both blobs and file shares. LinkSnapshot Cost Considerations

Restoring from Backup


Lesson Description:

There are many options when restoring data from a machine that has been backed up. The backup service connects with the extension or the agent to provide a file level recovery or a snapshot recovery. The file level recovery is a disk that's mounted to your local workstation and allows you to copy the files that you need. In this lesson, we go over how to recover a file from an Azure VM backup and an on-premises machine, as well as recover an entire Azure VM from snapshot.

Review Mission #2

Reviewing Mission #2


Lesson Description:

Congratulations on completing this mission! We talked about many aspects of Storage Accounts and how to manage Contoso Company’s data. I believe they have greater control over who’s accessing their data and have piece of mind that their data is secure! Great job!

Mission #3: Controlling VM Configurations

Assigned Mission #3: Controlling VM Configurations


Lesson Description:

You are assigned a mission to help the Contoso Company control their VM inventory. This includes deploying for high availability and fault tolerance. Please accept this mission and let’s get to it!

Create and Configure a VM for Windows and Linux

Creating Highly Available VMs in Azure


Lesson Description:

High availability is an essential component to cloud providers like Azure. It allows you to utilize all the infrastructure that is available without having to buy any physical hardware. These redundancy options prevent catastrophic failure and can even protect against updates. In this lesson, we will talk about Availability Sets, Availability Zones, Fault Domains, and Update Domains. LinksNumber of Fault Domains Per Region VM SLA Detail

Managed and Unmanaged VM Disks


Lesson Description:

Azure allows you to create unmanaged disks, but it is not recommended and there is no cost savings for such. Managed disks help you sleep at night by providing isolation from all other disks to eliminate a single point of failure. In this lesson, we will create a VM with an unmanaged disk, convert it to managed, take a snapshot of it, take that snapshot and convert it into a new disk, and attach it to a VM. For more on Managed Disk pricing, see: For more on Storage Pricing, see:

Network Communication Between VMs


Lesson Description:

Establishing networking between our VMs allows us to communicate in the same subnet, without having to access the Internet first. Furthermore, we can use service endpoints to access our resources from within Azure directly through a dedicated and managed path. In this lesson, we will set up two VMs in different subnets and use service endpoints to connect directly to a file share versus having to go out to the Internet.

Activate Monitoring for VMs


Lesson Description:

We talked about monitoring our VMs in a previous lesson, but you can take it one step further with auto-scaling your VMs based on those monitoring events. In this lesson, we will go over how to create an Autoscale scale set and monitor our VM activity, metrics, and alerts.

Re-sizing VMs After Deployment


Lesson Description:

There are multiple ways to resize VMs. While running, VMs can only be resized within a certain hardware category, requiring you to stop your VM before moving it to a different hardware category. Furthermore, if the VM is in an availability set, you must resize all of the VMs within the availability set at once. In this lesson, I will demonstrate how to do this. Powershell Commands

$resourceGroup = "az-100-course"
$vmName = "vm-4"
Get-AzureRmVMSize -ResourceGroupName $resourceGroup -VMName $vmName
$as = Get-AzureRmAvailabilitySet -ResourceGroupName $resourceGroup
$vmIds = $as.VirtualMachinesReferences
foreach ($vmId in $vmIDs){
$string = $vmID.Id.Split("/")
$vmName = $string[8]
Stop-AzureRmVM -ResourceGroupName $resourceGroup -Name $vmName -Force
$newSize = "Standard_F1s"
$as = Get-AzureRmAvailabilitySet -ResourceGroupName $resourceGroup
$vmIds = $as.VirtualMachinesReferences
foreach ($vmId in $vmIDs){
$string = $vmID.Id.Split("/")
$vmName = $string[8]
$vm = Get-AzureRmVM -ResourceGroupName $resourceGroup -Name $vmName
$vm.HardwareProfile.VmSize = $newSize
Update-AzureRmVM -ResourceGroupName $resourceGroup -VM $vm
Start-AzureRmVM -ResourceGroupName $resourceGroup -Name $vmName

Configure VM Scale Sets


Lesson Description:

VM scale sets are used to distribute load across multiple VMs. You can incorporate autoscaling, as we discovered in the monitoring section, and you can also configure advanced routing using a layer 7 Application Gateway. In this lesson, we will go over the basics of how to set up a VM scale set, how to access our VMs in that scale set, and how to gather information about the scale set using Powershell. Update: Scale set can have 0 to 1,000 VMs based on platform images. They can have 0 to 600 VMs based on custom images. Powershell Commands

Get-AzureRmVmssVM -ResourceGroupName “az-100-course" -VMScaleSetName "scaleset2"
$lb = Get-AzureRmLoadBalancer -ResourceGroupName "az-100-course" -Name “scaleset2lb"
Get-AzureRmLoadBalancerInboundNatRuleConfig -LoadBalancer $lb | Select-Object Name,Protocol,FrontEndPort,BackEndPort

Automate Deployment of VMs

Create and Deploy Azure Resource Manager (ARM) Templates


Lesson Description:

ARM templates are a great tool for automating the creation of your infrastructure. In this lesson, we will go through what consists of an ARM template and the many ways to deploy an ARM template. LinksNested ARM Templates Quick Start Templates

Modify Azure Resource Manager (ARM) Template


Lesson Description:

Modifying the ARM template will allow you to create resources that are dependent on others. For example, when adding additional subnets after the VNet has been created. In this lesson I will demonstrate how to modify the template to update the resource and prevent Resource Manager from deleting and recreating the VNet. LinksView Template on Github

Register a VM from a VHD


Lesson Description:

You may want to use an existing disk to deploy your VM. In this case, you are able to use a VHD disk from Azure or another cloud provider to create a new VM. In this lesson, we will take that image and put it into our ARM template for automating the deployment of our VMs. LinksUse SysPrep for Preparing Windows Disks Deployment Template

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Manage Azure VM

Attaching Disks to an Azure VM


Lesson Description:

Depending on the VM size, you can attach up to 64 additional data disks to a VM. The maximum size for attaching OS disks is 2 TB and for blank disks is 4 TB. In this lesson, I will demonstrate how to add a data disk and how to mount that disk to a Windows VM and a Linux VM. LinkDisk Types and Disk Speeds

Add a Network Interface to an Azure VM


Lesson Description:

Depending on the VM size, you can attach up to 8 network interfaces to a VM. There are other features such as aggregation and Accelerated Network that increase the performance of the network interface card. In this lesson, we’ll go through attaching and detaching the network interface to a VM using the Portal and Azure CLI.

Using PowerShell Desired State Configuration (DSC)


Lesson Description:

PowerShell DSC can manage the configuration of thousands of servers, both in Azure and on-premises. This configuration tool is useful for machines that need to stay consistent with a particular configuration and you want to save time monitoring your VMs. In this lesson, we will go through how to set up Powershell DSC for an Azure VM. Here is the code for the LAMPServer.ps1 as shown in the video:

configuration LAMPServer { 
    Import-DSCResource -module "nx"

    Node localhost {

        $requiredPackages = @("httpd","mod_ssl","php","php-mysql","mariadb","mariadb-server") 
        $enabledServices = @("httpd","mariadb")

        #Ensure packages are installed
        ForEach ($package in $requiredPackages){

            nxPackage $Package{ 
            Ensure = "Present"
            Name = $Package PackageManager = "yum"


        #Ensure daemons are enabled
        ForEach ($service in $enabledServices){
            nxService $service{ 
                Enabled = $true
                Name = $service 
                Controller = "SystemD" 
                State = "running"


Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Manage VM Backups

Managing Policies and Backups of Azure VMs


Lesson Description:

We covered VM and file recovery in the last section, but what if, after time, you’d like to change the policy or switch policies. We will talk about changes to your backups and their associated policies. We also cover Site Recovery as it relates to replicating your VMs to another region for a potential loss of your entire site.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Review Mission #3

Reviewing Mission #3


Lesson Description:

Now that we’ve finished the section on Virtual Machines, The Contoso Company should have a good idea how to control their inventory and manage the configurations of their VMs.

Mission #4: Optimize Communications Performance

Assigned Mission #4: Optimize Communication Performance


Lesson Description:

The Contoso Company needs help with having their resources communicate with each other, not to mention plugging up unused ports and ensuring their not vulnerable to attack. Help The Contoso Company on their mission to better network communication!

Implement and Manage Virtual Networking

Configure Virtual Networks and Subnets


Lesson Description:

Virtual Networks allow resources to connect to each other. They can also be extended to communicate with on-premises networks as well. In this lesson, we will talk about all the ways we can use our virtual networks and I will demonstrate how to create a virtual network and subnets.

Network Interfaces and Accelerated Networking


Lesson Description:

Network Interfaces are a way for VMs to communicate with resources inside and outside the Azure world. In this lesson, we will talk about Network Interfaces, Route Tables, Network Security Groups, and Application Security Groups.

Configure Public and Private Virtual Networks


Lesson Description:

Ensuring your private network is in fact private is essential and was one of The Contoso Company’s main objectives. In this lesson, we can ensure that our network is private and also route traffic through a virtual appliance to ensure traffic from the Internet is not going directly to our private subnet.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Create Connectivity Between Virtual Networks

Create Peering Between Virtual Networks


Lesson Description:

Creating a peering between two virtual networks is very similar to having two subnets, as the connection between the two are private. Peering two virtual networks together allows you to have the same connection speeds to the peered virtual network as you would one single virtual network. This is all handled for you in the background Azure Infrastructure as a Service.

Configure Virtual Network Gateway


Lesson Description:

In this lesson, we’ll talk about virtual network gateways, being a way to connect Azure virtual networks to our on-premises networks. The options for virtual network gateways are VPN or ExpressRoute.

Configure Name Resolution

Azure DNS Zones and Custom DNS Settings


Lesson Description:

DNS zones are used to resolve names to addresses in Azure. Using Azure DNS allows you to resolve names faster due to the many name servers located around the world. In this lesson, we will go through how to set up a DNS zone, build a web server, and resolve the DNS name to the address of the web server running IIS.

Create and Configure a Network Security Group (NSG)

Network Security Groups and Effective Security Rules


Lesson Description:

Network Security Groups have service tags, which make it easier to identify where traffic is flowing and over which port. In this lesson, we will go over what Network Security Groups are and some common uses. For more on Azure Network Security Groups, see:

Identifying Ports in a Network Security Group


Lesson Description:

Here are some common ports that you will see when building services using Azure infrastructure. Follow the practice of least privilege to allow only what the user or service will need and nothing more.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.


Reviewing Mission 4

Reviewing Mission #4


Lesson Description:

Congratulations! We have completed mission #4! We successfully delivered a succinct and thorough plan to help the Contoso Company with their network failures.

Mission #5: Authenticating Directories, Users, and Groups

Assigned Mission #5: Authenticating Directories, Users, and Groups


Lesson Description:

Welcome to our fifth and final mission! The Contoso Company needs help with authenticating their users, groups, and devices within their Azure Active Directory. They also need help integrating their on-premises domain with Azure. Let’s check out our objectives!

Manage Azure Active Directory (AAD)

Creating a New Azure Active Directory and Adding Custom Domains


Lesson Description:

Azure AD, although different from on-premises Active Directory has features that integrate very easily. Azure AD allows you to manage authentication at a very granular level. In this lesson, we will go through how to add a domain tenant, add a custom domain, enable identity protection, and create a conditional access policy.

Self-service Options in Azure Active Directory


Lesson Description:

To streamline operations, from an administrator perspective, is a good idea, as long as the methods to do so are secure. Azure Active Directory manages access reviews and password resets for you, so you don’t have to worry about securing access for every single person within your organization.

Authenticating Devices in Azure Active Directory


Lesson Description:

In the world of cloud computing, everyone is working remotely and trying to authenticate to your domain with their devices. No longer are the days of device management within the constraints of the building. Azure AD allows you to easily control the devices that are authenticated to the domain, or block them entirely.

Manage Azure AD Objects (Users, Groups, and Devices)

Creating and Maintaining Users, Groups, and Devices


Lesson Description:

Managing groups and users, both internal and external to your company, is easy using Azure Active Directory. In this lesson, I will demonstrate how to apply the domain services to your network (so that your devices are added to the domain), adding bulk users to active directory using a CSV file, and managing groups and permissions.

Implement and Manage Hybrid Identities

Azure AD Connect and Federation


Lesson Description:

AD Connect is a tool to use your local Active Directory environment with your Azure Active Directory. Once you connect both domains, the users, groups, and devices will show in Azure Active Directory. This is a useful tool if you want to use only one password for connecting to both cloud and on-premises!

Azure AD Single Sign-on


Lesson Description:

AD Single Sign-on is a service that allows you to authenticate users without having to have the users enter their username and password. This process is seamless, and to the user looks like simply accessing their email via an application. In the background, the processes exchange a Kerberos ticket and authenticate the user via an agent in the on-premises environment. The ticket is requested versus sent, so there is no potential for attack.

Reviewing Mission 5

Reviewing Mission #5


Lesson Description:

We have come to the end of our mission #5! Let’s make sure that we’ve completed all the objectives and ensure that the Contoso Company is managing their identities correctly.

Next Steps

What's Next


Lesson Description:

Congratulations on completing the AZ-100 Course!! What's next?

About the Exam


Lesson Description:

This lesson will let you know how to schedule and prepare for your AZ-100 exam.

Practice Exam

AZ-100: Microsoft Azure Infrastructure and Deployment - Practice Exam (Part 1)


AZ-100: Microsoft Azure Infrastructure and Deployment - Practice Exam (Part 2-Case Study)


Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial