Exam AZ-102: Microsoft Azure Administrator Certification Transition

Microsoft Certification

Recently passed the 70-533 exam and earned a MCSE. Now I’m studying for the transition exam AZ-102 (expiring March 31, 2019), which would give me the Azure Administrator Associate badge. In this post I will give a short description on which methods I used to pass AZ-102.

The resources I used were:

The exam is broken into 8 sections:

    1. Manage Azure Subscriptions and Resources (5-10%)
      • May include but not limited to: Configure diagnostic settings on resources; create baseline for resources; create and rest alerts; analyze alerts across subscription; analyze metrics across subscription; create action groups; monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; view alerts in Log Analytics
    2. Implement and Manage Storage (5-10%)
      • May include but not limited to: Create Azure file share; create Azure File Sync service; create Azure sync group; troubleshoot Azure File Sync
    3. Configure and manage virtual networks (15-20%)
      • May include but not limited to: Create and configure VNET peering; create and configure VNET to VNET; verify virtual network connectivity; create virtual network gateway
      • May include but not limited to: Configure Azure DNS; configure custom DNS settings; configure DNS zones
    4. Manage identities (15-20%)
      • May include but not limited to: Add custom domains; configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming; configure self-service password reset; implement conditional access policies; manage multiple directories; perform an access review
      • May include but not limited to: Install and configure Azure AD Connect; configure federation and single sign-on; manage Azure AD Connect; manage password sync and writeback
    5. Evaluate and perform server migration to Azure (15-20%)
      • May include but not limited to: Discover and assess environment; identify workloads that can and cannot be deployed; identify ports to open; identify changes to network; identify if target environment is supported; setup domain accounts and credentials
      • May include but not limited to: Migrate by using Azure Site Recovery (ASR); migrate using P2V; configure storage; create a backup vault; prepare source and target environments; backup and restore data; deploy Azure Site Recovery (ASR) agent; prepare virtual network
    6. Implement and manage application services (5-10%)
      • May include but not limited to: Create and manage objects; manage a Logic App resource; manage Azure Function app settings; manage Event Grid; manage Service Bus
    7. Implement advanced virtual networking (5-10%)
      • May include but not limited to: Monitor on-premises connectivity; use network resource monitoring and Network Watcher; manage external networking and virtual network connectivity
    8. Secure identities (5-10%)
      • May include but not limited to: Enable MFA for an Azure tenant; configure user accounts for MFA; configure fraud alerts; configure bypass options; configure trusted IPs; configure verification methods; manage role-based access control (RBAC); implement RBAC policies; assign RBAC Roles; create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure

If you can answer (and know the reason behind the answer) the following questions regarding Azure, you should be ready to take the AZ-102 exam. For each question I will provide a link to the answer. There might be more than one correct answer to a question, but the questions link points to which tool or technology you should know about in order to pass.

Read More

Tutorial – Deploy Always On VPN

AlwaysOn VPN

Always On VPN provides a single, cohesive solution for remote access and supports domain-joined, non-domain-joined (workgroup), or Azure AD–joined devices, even personally owned devices. With Always On VPN, the connection type does not have to be exclusively user or device but can be a combination of both. For example, you could enable device authentication for remote device management, and then enable user authentication for connectivity to internal company sites and services.

The purpose for this guide is to demonstrate how to deploy the Always On feature easily. In this guide we will deploy the following platforms primarily using PowerShell where possible:

  • Active Directory (AD DS)
  • DNS
  • Certificate Authority (AD CS)
  • DHCP
  • Routing and Remote Access Service (RRAS)
  • Network Policy Server (RADIUS)

It will not be demonstrated how to install Windows Server or Windows 10 operating system.

Do not attempt to deploy Remote Access on a virtual machine (VM) in Microsoft Azure. Using Remote Access in Microsoft Azure is not supported, including both Remote Access VPN and DirectAccess.

Read More

SolarWinds Orion – Certificate Expiration Template

I’m back again with one more PowerShell script, this time getting certificate expiration warnings from Windows machines.

You can use the PowerShell script below to create a template and get warnings, critical, down etc. if a certificate is close to expiration or already is expired.

Read More

Event 15021 – An error occurred while using SSL configuration for endpoint 0.0.0.0:443

Lately I had the issue that SolarWinds Orion was detecting an expiring certificate on one of our servers. I have replaced every certificate on the server and double checked (of thought!) that the old certificate was deleted. But it was still complaining about an expiring date on a certificate I couldn’t find. I checked the event logs and found the event 15021, which told me something was still wrong.

I found out that a certificate was on a binding with “netsh show http certssl” in a command prompt.

It was resolved by doing the following.

Read More