I have recently taken the AZ-700 (Designing and Implementing Microsoft Azure Networking Solutions Beta). and wanted to share some of the resources I used preparing for this exam.
Note - This exam was in beta at the time of writing this blog.
Exam Audience Profile
Candidates for this exam should have subject matter expertise in planning, implementing, and
maintaining Azure networking solutions, including hybrid networking, connectivity, routing,
security, and private access to Azure services.
Responsibilities for the Azure Network Engineer include recommending, planning, and
implementing Azure networking solutions. Professionals in this role manage the solution for
performance, resiliency, scale, and security. They deploy networking solutions by using the Azure Portal and other methods, including PowerShell, Azure Command-Line Interface (CLI), and Azure Resource Manager templates (ARM templates).
The Azure Network Engineer works with solution architects, cloud administrators, security
engineers, application developers, and DevOps engineers to deliver Azure solutions.
Candidates for this exam should have expert Azure administration skills, in addition to extensive experience and knowledge of networking, hybrid connections, and network security.
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4PaHw
Skills Measured
For this exam, you will be measured on the below subjects:
- Design, Implement, and Manage Hybrid Networking (10% to 15%)
- Design and Implement Core Networking Infrastructure (20% to 25%)
- Design and Implement Routing (25% to 30%)
- Secure and Monitor Networks (15% to 20%)
- Design and Implement Private Access to Azure Services (10% to 15%)
Resources
Microsoft Learn
My first recommendation is to complete the free Microsoft Learning Path “AZ-700 Designing and Implementing Microsoft Azure Networking Solutions”. This path will guide you through the following subjects:
- Introduction to Azure virtual networks
- Design and implement hybrid networking
- Design and implement Azure ExpressRoute
- Load balance non-HTTP(S) traffic in Azure
- Load balance HTTP(S) traffic in Azure
- Design and implement network security
- Design and implement private access to Azure Services
- Design and implement network monitoring
Microsoft Documentation
Another brilliant resource is the Microsoft Docs. I have compiled a list of links that are relevant to the content within this exam:
Design, Implement, and Manage Hybrid Networking
Design, implement, and manage a site-to-site VPN connection
- design a site-to-site VPN connection for high availability
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
https://docs.microsoft.com/en-us/azure/vpn-gateway/about-zone-redundant-vnet-gateways
- select an appropriate virtual network (VNet) gateway SKU
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings
- identify when to use policy-based VPN versus route-based VPN
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq
- create and configure a local network gateway
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
- create and configure an IPsec/IKE policy
https://docs.microsoft.com/en-us/azure-stack/user/azure-stack-vpn-s2s?
- create and configure a virtual network gateway
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-create-gateway-portal
- diagnose and resolve VPN gateway connectivity issues
Design, implement, and manage a point-to-site VPN connection
- select an appropriate virtual network gateway SKU
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways?
- plan and configure RADIUS authentication
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-radius-ps
- plan and configure certificate-based authentication
- plan and configure OpenVPN authentication
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
- plan and configure Azure Active Directory (Azure AD) authentication
https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant?
- implement a VPN client configuration file
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-radius
- diagnose and resolve client-side and authentication issues
https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-ad-vpn-client?
Design, implement, and manage Azure ExpressRoute
- choose between provider and direct model (ExpressRoute Direct)
- design and implement Azure cross-region connectivity between multiple ExpressRoute locations
https://docs.microsoft.com/en-us/azure/expressroute/cross-network-connectivity?
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about
- select an appropriate ExpressRoute SKU and tier
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways
- design and implement ExpressRoute Global Reach
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-global-reach
- design and implement ExpressRoute FastPath
https://docs.microsoft.com/en-us/azure/expressroute/about-fastpath
- choose between private peering only, Microsoft peering only, or both
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-peerings?
- configure private peering
- configure Microsoft peering
- create and configure an ExpressRoute gateway
- connect a virtual network to an ExpressRoute circuit
- recommend a route advertisement configuration
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing
- configure encryption over ExpressRoute
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-about-encryption
- implement Bidirectional Forwarding Detection
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-bfd
- diagnose and resolve ExpressRoute connection issues
Design and Implement Core Networking Infrastructure
Design and implement private IP addressing for VNets
- create a VNet
https://docs.microsoft.com/en-gb/azure/virtual-network/virtual-networks-overview
https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-portal
- plan and configure subnetting for services, including VNet gateways, private endpoints
https://docs.microsoft.com/en-gb/azure/virtual-network/virtual-networks-overview
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
https://docs.microsoft.com/en-gb/azure/vpn-gateway/vpn-gateway-about-vpngateways
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
https://docs.microsoft.com/en-us/azure/private-link/private-link-overview
https://docs.microsoft.com/en-us/azure/private-link/create-private-endpoint-portal#
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-subnet
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet
- firewalls, application gateways, and VNet-integrated platform services
https://docs.microsoft.com/en-us/azure/firewall/overview
https://docs.microsoft.com/en-us/azure/firewall/features
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal-policy
https://docs.microsoft.com/en-us/azure/application-gateway/overview
https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-portal
https://docs.microsoft.com/en-us/azure/application-gateway/create-multiple-sites-portal
https://docs.microsoft.com/en-us/azure/application-gateway/create-url-route-portal
https://docs.microsoft.com/en-us/azure/application-gateway/tutorial-url-redirect-cli
- plan and configure subnet delegation
https://docs.microsoft.com/en-us/azure/virtual-network/manage-subnet-delegation
Design and implement name resolution
- design public DNS zones
https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal
- design private DNS zones
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
- design name resolution inside a VNet
- configure a public or private DNS zone
https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
- link a private DNS zone to a VNet
https://docs.microsoft.com/en-us/azure/dns/private-dns-virtual-network-links
Design and implement cross-VNet connectivity
- design service chaining, including gateway transit
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit
- design VPN connectivity between VNets
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vnet-vnet-rm-ps
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-cli
- implement VNet peering
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-powershell
https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-cli
https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-template
Design and implement an Azure Virtual WAN architecture
- design an Azure Virtual WAN architecture, including selecting SKUs and services
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about
- connect a VNet gateway to Azure Virtual WAN
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal
- create a hub in Virtual WAN
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal
- create a network virtual appliance (NVA) in a virtual hub
https://docs.microsoft.com/en-us/azure/virtual-wan/how-to-nva-hub
- configure virtual hub routing
https://docs.microsoft.com/en-us/azure/virtual-wan/how-to-virtual-hub-routing
- create a connection unit
https://docs.microsoft.com/en-us/azure/virtual-wan/pricing-concepts#connection-unit
Design and Implement Routing
Design, implement, and manage VNet routing
- design and implement user-defined routes (UDRs)
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal
- associate a route table with a subnet
https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table
- configure forced tunneling
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm
- diagnose and resolve routing issues
https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-routing-problem
Design and implement an Azure Load Balancer
- choose an Azure Load Balancer SKU (Basic versus Standard)
https://docs.microsoft.com/en-us/azure/load-balancer/skus
- choose between public and internal
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
- create and configure an Azure Load Balancer (including cross-region)
https://docs.microsoft.com/en-us/azure/load-balancer/quickstart-load-balancer-standard-internal-portal?tabs=option-1-create-internal-load-balancer-standard
https://docs.microsoft.com/en-us/azure/load-balancer/cross-region-overview
- implement a load balancing rule
- create and configure inbound NAT rules
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
- create explicit outbound rules for a load balancer
https://docs.microsoft.com/en-us/azure/load-balancer/outbound-rules
Design and implement Azure Application Gateway
- recommend Azure Application Gateway deployment options
https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-portal
https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-powershell
https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-cli
https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-template
https://docs.microsoft.com/en-us/azure/application-gateway/features
- choose between manual and autoscale
- create a back-end pool
https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-portal#backends-tab
- configure health probes
- configure listeners
https://docs.microsoft.com/en-us/azure/application-gateway/configuration-listeners
- configure routing rules
https://docs.microsoft.com/en-us/azure/application-gateway/configuration-request-routing-rules
- configure HTTP settings
https://docs.microsoft.com/en-us/azure/application-gateway/configuration-http-settings
- configure Transport Layer Security (TLS)
https://docs.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal
- configure rewrite policies
https://docs.microsoft.com/en-us/azure/application-gateway/rewrite-url-portal
Implement Azure Front Door
- choose an Azure Front Door SKU
https://docs.microsoft.com/en-us/azure/frontdoor/standard-premium/tier-comparison
- configure health probes, including customization of HTTP response codes
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-health-probes
- configure SSL termination and end-to-end SSL encryption
- configure multisite listeners
https://docs.microsoft.com/en-us/azure/application-gateway/configuration-listeners
- configure back-end targets
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-backend-pool
- configure routing rules, including redirection rules
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-route-matching
Implement an Azure Traffic Manager profile
- configure a routing method (mode)
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
- configure endpoints
- create HTTP settings
Design and implement an Azure Virtual Network NAT
- choose when to use a Virtual Network NAT
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-overview
- allocate public IP or public IP prefixes for a NAT gateway
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource
- associate a Virtual Network NAT with a subnet
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/tutorial-create-nat-gateway-cli
- other useful links
https://docs.microsoft.com/en-us/azure/virtual-network/nat-gateway/tutorial-nat-gateway-load-balancer-internal-portal
Secure and Monitor Networks
Design, implement, and manage an Azure Firewall deployment
- design an Azure Firewall deployment
https://docs.microsoft.com/en-us/azure/firewall/overview
https://docs.microsoft.com/en-us/azure/firewall/forced-tunneling
https://docs.microsoft.com/en-us/azure/firewall/central-management
https://docs.microsoft.com/en-us/azure/firewall/features
https://docs.microsoft.com/en-us/azure/firewall/premium-features
- create and implement an Azure Firewall deployment
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal-policy
https://docs.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal-policy
- configure Azure Firewall rules
https://docs.microsoft.com/en-us/azure/firewall/rule-processing
- create and implement Azure Firewall Manager policies
https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview
- create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub
https://docs.microsoft.com/en-us/azure/virtual-wan/howto-firewall
https://docs.microsoft.com/en-us/azure/firewall-manager/secure-cloud-network
- integrate an Azure Virtual WAN hub with a third-party NVA
https://docs.microsoft.com/en-us/azure/virtual-wan/about-nva-hub
https://docs.microsoft.com/en-us/azure/virtual-wan/how-to-nva-hub
Implement and manage network security groups (NSGs)
- create an NSG
- associate an NSG to a resource
- create an application security group (ASG)
https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups
- associate an ASG to a NIC
- create and configure NSG rules
- interpret NSG flow logs
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
- validate NSG flow rules
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
- verify IP flow
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Implement a Web Application Firewall (WAF) deployment
- configure detection or prevention mode
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview#waf-modes
- configure rule sets for Azure Front Door, including Microsoft managed and user defined
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview
- configure rule sets for Application Gateway, including Microsoft managed and user defined
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/create-custom-waf-rules
- implement a WAF policy
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/policy-overview
- associate a WAF policy
Monitor networks
- configure network health alerts and logging by using Azure Monitor
- create and configure a Connection Monitor instance
https://docs.microsoft.com/en-us/azure/network-watcher/connection-monitor-create-using-portal
- configure and use Traffic Analytics
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
- configure NSG flow logs
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
- enable and configure diagnostic logging
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log
- configure Azure Network Watcher
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-create
Design and Implement Private Access to Azure Services
Design and implement Azure Private Link service and Azure Private Endpoint
- create a Private Link service
https://docs.microsoft.com/en-us/azure/private-link/create-private-link-service-portal
- plan private endpoints
https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview
- create private endpoints
configure access to private endpoints
https://docs.microsoft.com/en-us/azure/private-link/create-private-endpoint-portal
- integrate Private Link with DNS
- integrate a Private Link service with on-premises clients
https://docs.microsoft.com/en-us/azure/private-link/private-link-service-overview
Design and implement service endpoints
- create service endpoints
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-restrict-network-access-to-resources
- configure service endpoint policies
- configure service tags
https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview
- configure access to service endpoints
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
Configure VNet integration for dedicated platform as a service (PaaS) services
- configure App Service for regional VNet integration
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet
- configure Azure Kubernetes Service (AKS) for regional VNet integration
https://docs.microsoft.com/en-us/azure/aks/private-clusters
- configure clients to access App Service Environment
https://docs.microsoft.com/en-us/azure/app-service/environment/using-an-ase
Labs
I would also recommend completing the AZ-700 labs. These will require an active Azure Subscription. If you don’t already have a test/dev subscription, you can activate a trail subscription here: https://azure.microsoft.com/en-gb/free/
AZ-700-Designing-and-Implementing-Microsoft-Azure-Networking-Solutions (microsoftlearning.github.io)
John Savill- Youtube
John has produced a helpful exam-cram video for AZ-700, which covers all the topics within the exam. Additionally, he has deep-dive sessions on individual Azure services covered in the AZ-700 exam. If you haven’t already, I would highly recommend subscribing and supporting John’s channel.
I hope this exam guide for AZ-700 Designing and Implementing Microsoft Azure Networking Solutions has been helpful. If you feel I have missed anything in this blog post, please do reach out. Your feedback would be greatly appreciated.