Exploring the AZ-600 exam requirements

Along with our introduction to Microsoft Azure Stack Hub, I want to also run through the requirements for the AZ-600 exam from Microsoft. The Microsoft Exam AZ-600: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub, is aimed at Microsoft Azure administrators or Microsoft Azure Stack Hub operators who are looking to provide cloud services to their end customers from their own data center. If you wish to pass the AZ-600 exam, it is worth noting the skills that are to be measured. The remainder of this book will work as an aid in preparation for this exam and will cover all the relevant skills that are to be measured.

The following skill measurements have been taken from the Microsoft exam website and are intended to illustrate how the skill is assessed. This is by no means an exhaustive list and will be subject to change by Microsoft over time.

Provide services (30 - 35%)

The first area to look at for the exam is the provision of services, which includes Azure Marketplace and its service offerings. This will account for 30 – 35% of the exam:

• Manage Azure Stack Hub Marketplace:

  Populate Azure Stack Hub Marketplace in a disconnected environment

  Create a custom Azure Stack Hub Marketplace item

  Manage the life cycle for Azure Stack Hub Marketplace items

• Offer an App Services resource provider:

  Plan an App Services resource provider deployment

  Deploy an App Service resource provider

  Update an App Services resource provider

  Scale roles based on capacity requirements

  Rotate App Services secrets and certificates

  Manage worker tiers

  Back up App Services

• Offer an Event Hub resource provider:

  Plan an Event Hub resource provider deployment

  Deploy an Event Hub resource provider

  Update an Event Hub resource provider

  Rotate Event Hub secrets and certificates

• Offer services:

  Create and manage quotas

  Create and manage plans

  Create and manage offers

  Create and manage usage subscriptions

  Change user subscription owner

• Manage usage and billing:

  Set up usage data reporting

  View and retrieve usage data by using the Usage API

  Manage usage and billing in multi-tenant and CSP scenarios

Implement data center integration (15 – 20%)

For the exam, you also need to have an appreciation of the deployment process, especially when it comes to networking and certificates. This part of the exam is going to account for 15 – 20% of the questions:

• Prepare for Azure Stack Hub deployment:

  Recommend a name resolution strategy

  Recommend a public and internal IP strategy

  Recommend a data center firewall integration strategy

  Recommend an identity provider

  Validate identity provider integration

  Configure the time server (NTP)

• Manage infrastructure certificates for Azure Stack Hub:

  Recommend a certificates strategy

  Validate the certificates

  Run a secret rotation PowerShell cmdlet for external certificates

• Manage Azure Stack Hub registration:

  Recommend a registration model

  Register in a connected environment

  Register in a disconnected environment

  Re-register

Manage identity and access (10 – 15%)

As part of the AZ-600 exam, you will also need understand how to manage and configure access, which includes service principals. This will equate to 10 – 15% of the questions you are likely to see when you take the exam:

• Manage multi-tenancy:

  Configure the Azure Stack Hub home directory

  Register the guest tenant directory with Azure Stack Hub

  Disable multi-tenancy

  Update the guest tenant directory

• Manage access:

  Identify an appropriate method for access (service principal, users, and groups)

  Provision a service principal for Azure Stack Hub

  Recommend a permission model

  Configure access in Azure Stack Hub

  Create a custom role

Manage infrastructure (30 – 35%)

The final portion of the exam will focus on managing the Azure Stack Hub infrastructure, including capacity planning and monitoring health. It is likely to include questions around the update process and privileged endpoints. This portion of the exam will account for 30 – 35% of the questions you will see in the exam:

• Manage system health:

  Recommend a monitoring strategy

  Monitor system health by using the REST API

  Include resource providers such as Event Hubs

  Monitor system health by using the Syslog server

  Manage field replacement or repair

  Configure automatic diagnostic log collection

  Collect diagnostic logs on demand by using PowerShell

  Configure Syslog forwarding for Azure Stack Hub infrastructure

• Plan and configure Business Continuity and Disaster Recovery (BCDR):

  Recommend a BCDR strategy

  Recommend a strategy for infrastructure backups

  Configure a storage target for infrastructure backups

  Configure certificates for infrastructure backups

  Configure a frequency and retention policy for infrastructure backups

• Manage capacity:

  Plan for system capacity

  Manage partitioned GPUs

  Add nodes

  Manage storage capacity

  Add IP pools

• Update infrastructure:

  Update Azure Stack Hub

  Download and import update packages manually

  Update Azure AD home directory

• Manage Azure Stack Hub by using Privileged Endpoints:

  Connect to a privileged endpoint

  Configure the Cloud Admin user role

  Unlock a support session

  Close the session on the privileged endpoint

  Stop and start Azure Stack Hub

  Perform system diagnostics by using Test-AzureStack