MarkIT Training

IT Security and Microsoft Azure Training

Tag: Azure

  • Configuring and Operating Microsoft Azure Virtual Desktop (AZ-140)

    Az-140 Badge

    This course teaches server and desktop administrators to design, implement, manage, and maintain Microsoft Azure Virtual Desktop environments and remote applications for any device.

    Prerequisite Knowledge: Students should have experience with Azure technologies, including:

    • Compute
    • Networking
    • Identity
    • Storage
    • Resiliency

    Students should be capable of managing end-user desktop environments, including delivering applications and configuring user settings. They should be familiar with the Azure portal, templates, scripting, and command-line tools to manage an Azure Virtual Desktop deployment.

    Plan and Implement an Azure Virtual Desktop Infrastructure (40–45%):

    • Plan, implement, and manage networking for Azure Virtual Desktop:
      • Assess network capacity and speed requirements for Azure Virtual Desktop.
      • Design network configuration for session hosts to meet requirements for Azure Virtual Desktop.
      • Plan and implement Remote Desktop Protocol (RDP) Shortpath and quality of service (QoS) policies.
      • Plan and implement an Azure Private Link solution for Azure Virtual Desktop.
      • Monitor and troubleshoot network connectivity.
    • Plan and implement storage for Azure Virtual Desktop user data:
      • Plan storage for Azure Virtual Desktop user data.
      • Implement storage for FSLogix components.
      • Implement storage accounts for Azure Virtual Desktop.
      • Implement file shares for Azure Virtual Desktop.
      • Implement Azure NetApp Files for Azure Virtual Desktop.
    • Plan host pools and session hosts:
      • Recommend resource groups, subscriptions, and management groups for Azure Virtual Desktop resources.
      • Recommend an operating system (OS) for Azure Virtual Desktop session hosts.
      • Recommend an appropriate licensing model for Azure Virtual Desktop based on requirements.
      • Plan a host pool architecture.
      • Design an Azure Virtual Desktop configuration for performance requirements.
      • Design an Azure Virtual Desktop configuration for Azure Virtual Machines capacity requirements.
    • Implement host pools and session hosts:
      • Create host pools and session hosts by using the Azure portal.
      • Automate the creation of Azure Virtual Desktop hosts and host pools by using PowerShell, Azure CLI, Azure Resource Manager templates (ARM templates), and Bicep.
      • Configure host pool and session host settings.
      • Apply a Windows client or Windows Server license to a session host.
    • Create and manage session host images:
      • Create an image manually.
      • Create an image by using Azure virtual machine Image Builder.
      • Modify an image.
      • Plan and implement lifecycle management for images.
      • Apply OS and application updates to an image.
      • Create a session host by using a custom image.
      • Plan and implement image storage, including Compute Gallery.

    Plan and Implement Identity and Security (15–20%):

    • Plan and implement identity integration:
      • Select an identity scenario for Azure Virtual Desktop, including Active Directory Domain Services (AD DS), Microsoft Entra ID, and Microsoft Entra Domain Services.
      • Specify requirements to configure the Azure Virtual Desktop session host for an identity scenario.
      • Plan and implement Azure roles and role-based access control (RBAC) for Azure Virtual Desktop.
      • Plan and implement Conditional Access policies for connections to Azure Virtual Desktop.
      • Plan and implement authentication options in Azure Virtual Desktop, including passwordless, smart card, and multifactor authentication.
      • Manage roles, groups, and rights assignments on Azure Virtual Desktop session hosts.
      • Configure single sign-on.
    • Plan and implement security:
      • Plan, implement, and manage security for Azure Virtual Desktop session hosts by using Microsoft Defender for Cloud.
      • Configure session host protection by using Microsoft Defender Antivirus.
      • Configure session host protection by using Microsoft Defender for Endpoint, including onboarding and scanning options.
      • Implement and manage network security for connections to Azure Virtual Desktop, including user-defined routes (UDRs), network security groups (NSGs), and Azure Firewall.
      • Configure Azure Bastion or just-in-time (JIT) for administrative access to session hosts.
      • Plan and implement Windows threat protection features on Azure Virtual Desktop session hosts, including Windows Defender Application Control and Controlled Folder Access.
      • Plan for and implement Confidential VM and Trusted Launch security features for Azure Virtual Desktop session host provisioning.

    Plan and Implement User Environments and Apps (20–25%):

    • Plan and implement FSLogix:
      • Recommend FSLogix configuration.
      • Configure FSLogix Profile Containers.
      • Configure FSLogix Office Containers.
      • Configure FSLogix Cloud Cache.
      • Implement FSLogix application masking.
    • Plan and implement user experience and client settings:
      • Choose an Azure Virtual Desktop client.
      • Choose a deployment method for the client.
      • Deploy and troubleshoot Azure Virtual Desktop clients.
      • Configure device redirection.
      • Configure multimedia redirection.
      • Configure printing and Universal Print.
      • Configure user settings through Microsoft Intune policies or Group Policy.
      • Configure Remote Desktop Protocol (RDP) properties on a host pool.
      • Configure session timeout properties.
      • Implement the Start Virtual Machine on Connect feature.
      • Assign and unassign personal desktops for users.
    • Install and configure apps on a session host:
      • Choose a method for deploying an app to Azure Virtual Desktop.
      • Create and configure an application group.
      • Assign users to application groups.
      • Publish an application as a RemoteApp.
      • Implement and manage Microsoft 365 apps on Azure Virtual Desktop session hosts.
      • Implement and manage OneDrive, including multisession environments.
      • Implement and manage Microsoft Teams, including the Remote Desktop WebRTC Redirector Service.
      • Implement and manage browsers for Azure Virtual Desktop sessions.
      • Configure dynamic application delivery by using app attach or MSIX app attach.
      • Create an application package for app attach or MSIX app attach.

    Monitor and Maintain an Azure Virtual Desktop Infrastructure (10–15%):

    • Monitor and manage Azure Virtual Desktop services:
      • Configure log collection and analysis for Azure Virtual Desktop session hosts.
      • Monitor Azure Virtual Desktop by using Azure Monitor.
      • Customize Azure Monitor workbooks for Azure Virtual Desktop Insights.
      • Optimize session host capacity and performance.
      • Implement autoscaling in host pools.
      • Monitor and manage active sessions and application groups.
    • Plan and implement updates, backups, and disaster recovery:
      • Recommend an update strategy for session hosts.
      • Plan and implement a disaster recovery plan for Azure Virtual Desktop.
      • Plan for multi-region implementation.
      • Design and implement a backup strategy for Azure Virtual Desktop.
      • Configure backup and restore for FSLogix user profiles, personal virtual desktop infrastructures (VDIs), and golden images.

  • Azure Administrator (AZ-104)

    AZ-104 Badge

    Students will learn to implement, manage, and monitor a Microsoft Azure environment, which includes virtual networks, storage, compute, identity, security, and governance.

    Azure administrators typically work as part of a larger team dedicated to implementing an organization’s cloud infrastructure, collaborating with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.

    Skills taught:

    Manage Azure identities and governance (20–25%):

    • Manage Microsoft Entra users and groups
      • Create users and groups
      • Manage user and group properties
      • Manage licenses in Microsoft Entra ID
      • Manage external users
      • Configure self-service password reset (SSPR)
    • Manage access to Azure resources
      • Manage built-in Azure roles
      • Assign roles at different scopes
      • Interpret access assignments
    • Manage Azure subscriptions and governance
      • Implement and manage Azure Policy
      • Configure resource locks
      • Apply and manage tags on resources
      • Manage resource groups
      • Manage subscriptions
      • Manage costs using alerts, budgets, and Azure Advisor recommendations
      • Configure management groups

    Implement and manage storage (15–20%):

    • Configure access to storage
      • Configure Azure Storage firewalls and virtual networks
      • Create and use shared access signature (SAS) tokens
      • Configure stored access policies
      • Manage access keys
      • Configure identity-based access for Azure Files
    • Configure and manage storage accounts
      • Create and configure storage accounts
      • Configure Azure Storage redundancy
      • Configure object replication
      • Configure storage account encryption
      • Manage data using Azure Storage Explorer and AzCopy
    • Configure Azure Files and Azure Blob Storage
      • Create and configure a file share in Azure Storage
      • Create and configure a container in Blob Storage
      • Configure storage tiers
      • Configure snapshots and soft delete for Azure Files
      • Configure blob lifecycle management
      • Configure blob versioning

    Deploy and manage Azure compute resources (20–25%):

    • Automate deployment of resources using Azure Resource Manager (ARM) templates or Bicep files
      • Interpret an Azure Resource Manager template or a Bicep file
      • Modify an existing Azure Resource Manager template
      • Modify an existing Bicep file
      • Deploy resources using an Azure Resource Manager template or a Bicep file
      • Export a deployment as an Azure Resource Manager template or convert an Azure Resource Manager template to a Bicep file
    • Create and configure virtual machines
      • Create a virtual machine
      • Configure Azure Disk Encryption
      • Move a virtual machine to another resource group, subscription, or region
      • Manage virtual machine sizes
      • Manage virtual machine disks
      • Deploy virtual machines to availability zones and availability sets
      • Deploy and configure an Azure Virtual Machine Scale Sets
    • Provision and manage containers in the Azure portal
      • Create and manage an Azure container registry
      • Provision a container using Azure Container Instances
      • Provision a container using Azure Container Apps
      • Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps
    • Create and configure Azure App Service
      • Provision an App Service plan
      • Configure scaling for an App Service plan
      • Create an App Service
      • Configure certificates and Transport Layer Security (TLS) for an App Service
      • Map an existing custom DNS name to an App Service
      • Configure backup for an App Service
      • Configure networking settings for an App Service
      • Configure deployment slots for an App Service

    Implement and manage virtual networking (15–20%):

    • Configure and manage virtual networks in Azure
      • Create and configure virtual networks and subnets
      • Create and configure virtual network peering
      • Configure public IP addresses
      • Configure user-defined network routes
      • Troubleshoot network connectivity
    • Configure secure access to virtual networks
      • Create and configure network security groups (NSGs) and application security groups
      • Evaluate effective security rules in NSGs
      • Implement Azure Bastion
      • Configure service endpoints for Azure platform as a service (PaaS)
      • Configure private endpoints for Azure PaaS
    • Configure name resolution and load balancing
      • Configure Azure DNS
      • Configure an internal or public load balancer
      • Troubleshoot load balancing

    Monitor and maintain Azure resources (10–15%):

    • Monitor resources in Azure
      • Interpret metrics in Azure Monitor
      • Configure log settings in Azure Monitor
      • Query and analyze logs in Azure Monitor
      • Set up alert rules, action groups, and alert processing rules in Azure Monitor
      • Configure and interpret monitoring of virtual machines, storage accounts, and networks using Azure Monitor Insights
      • Use Azure Network Watcher and Connection Monitor
    • Implement backup and recovery
      • Create a Recovery Services vault
      • Create an Azure Backup vault
      • Create and configure a backup policy
      • Perform backup and restore operations using Azure Backup
      • Configure Azure Site Recovery for Azure resources
      • Perform a failover to a secondary region using Site Recovery
      • Configure and interpret reports and alerts for backups

  • Microsoft Security, Compliance, and Identity Fundamentals (SC-900)

    SC-900 Badge

    This course is designed for individuals who want to gain a foundational understanding of security, compliance, and identity (SCI) within cloud-based and related Microsoft services.

    You should have familiarity with Microsoft Azure and Microsoft 365 and aim to understand how Microsoft SCI solutions integrate across these platforms to offer a comprehensive, end-to-end solution.

    Skills taught:

    • Security, Compliance, and Identity Concepts (10–15%)
      • Understand security and compliance concepts
        • Shared responsibility model
        • Defense-in-depth
        • Zero Trust model
        • Encryption and hashing
        • Governance, Risk, and Compliance (GRC) concepts
      • Understand identity concepts
        • Identity as the primary security perimeter
        • Authentication
        • Authorization
        • Identity providers
        • Directory services and Active Directory
        • Federation
    • Microsoft Entra Capabilities (25–30%)
      • Understand Microsoft Entra ID functions and identity types
        • Microsoft Entra ID
        • Types of identities
        • Hybrid identity
      • Understand authentication capabilities of Microsoft Entra ID
        • Authentication methods
        • Multi-factor authentication (MFA)
        • Password protection and management
      • Understand access management capabilities of Microsoft Entra ID
        • Conditional Access
        • Microsoft Entra roles and role-based access control (RBAC)
      • Understand identity protection and governance capabilities of Microsoft Entra
        • Microsoft Entra ID Governance
        • Access reviews
        • Microsoft Entra Privileged Identity Management
        • Microsoft Entra ID Protection
        • Microsoft Entra Permissions Management
    • Microsoft Security Solutions Capabilities (35–40%)
      • Understand core infrastructure security services in Azure
        • Azure distributed denial-of-service (DDoS) Protection
        • Azure Firewall
        • Web Application Firewall (WAF)
        • Network segmentation with Azure virtual networks
        • Network security groups (NSGs)
        • Azure Bastion
        • Azure Key Vault
      • Understand security management capabilities of Azure
        • Microsoft Defender for Cloud
        • Cloud Security Posture Management (CSPM)
        • Security policies and initiatives for cloud security posture improvement
        • Enhanced security features for cloud workload protection
      • Understand capabilities of Microsoft Sentinel
        • Security information and event management (SIEM) and security orchestration automated response (SOAR) concepts
        • Threat detection and mitigation in Microsoft Sentinel
      • Understand threat protection with Microsoft Defender XDR
        • Microsoft Defender XDR services
        • Microsoft Defender for Office 365
        • Microsoft Defender for Endpoint
        • Microsoft Defender for Cloud Apps
        • Microsoft Defender for Identity
        • Microsoft Defender Vulnerability Management
        • Microsoft Defender Threat Intelligence (Defender TI)
        • Microsoft Defender portal
    • Microsoft Compliance Solutions Capabilities (20–25%)
      • Understand Microsoft Service Trust Portal and privacy principles
        • Service Trust Portal offerings
        • Privacy principles of Microsoft
        • Microsoft Priva
      • Understand compliance management capabilities of Microsoft Purview
        • Microsoft Purview compliance portal
        • Compliance Manager
        • Uses and benefits of compliance score
      • Understand information protection, data lifecycle management, and data governance capabilities of Microsoft Purview
        • Data classification capabilities
        • Benefits of Content explorer and Activity explorer
        • Sensitivity labels and sensitivity label policies
        • Data loss prevention (DLP)
        • Records management
        • Retention policies, retention labels, and retention label policies
        • Unified data governance solutions in Microsoft Purview
      • Understand insider risk, eDiscovery, and audit capabilities in Microsoft Purview
        • Insider risk management
        • eDiscovery solutions in Microsoft Purview
        • Audit solutions in Microsoft Purview

  • Azure Fundamentals (AZ-900)

    Azure Fundamentals badge
    Azure Fundamentals Badge

    The Azure Fundamentals is designed for technology professionals aiming to showcase their foundational knowledge of cloud concepts, particularly Microsoft Azure. This certification serves as a common starting point for a career with Microsoft Azure.

    By the end of the course students will be able to describe Azure’s architectural components and services, including:

    • Compute
    • Networking
    • Storage

    Additionally, students will be able to explain features and tools for securing, governing, and administering Azure.

    Students should possess skills and experience in areas of IT such as:

    • Infrastructure management
    • Database management
    • Software development

    Skills Taught

    • Understanding cloud concepts
    • Describing Azure architecture and services
    • Explaining Azure management and governance