Study/AZ-104-MicrosoftAzureAdministrator
1
0
Fork 0
mirror of https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator.git synced 2026-02-06 00:29:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from MicrosoftLearning/master

Browse Source 
merge from original repo
This commit is contained in:
Rokory 2021-05-05 20:57:13 +02:00 committed by GitHub
commit 791390e0d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 151 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Allfiles/Labs/04/az104-04-vms-loop-parameters .json → Allfiles/Labs/04/az104-04-vms-loop-parameters.json
View File

@ -12,4 +12,4 @@
"value": "Pa55w.rd1234"
}
}
}
}

16
Instructions/Labs/LAB_01-Manage_Azure_AD_Identities.md
View File

@ -172,10 +172,10 @@ In this task, you will create Azure Active Directory groups with assigned and dy
1. Back on the **Groups - All groups** blade, click the entry representing the **IT Cloud Administrators** group and, on then display its **Members** blade. Verify that the **az104-01a-aaduser1** appears in the list of group members.
1. Navigate back to the **Groups - All groups** blade, click the entry representing the **IT System Administrators** group and, on then display its **Members** blade. Verify that the **az104-01a-aaduser2** appears in the list of group members.
>**Note**: You might experience delays with updates of the dynamic membership groups. To expedite the update, navigate to the group blade, display its **Dynamic membership rules** blade, **Edit** the rule listed in the **Rule syntax** textbox by adding a whitespace at the end, and **Save** the change.
1. Navigate back to the **Groups - All groups** blade, click the entry representing the **IT System Administrators** group and, on then display its **Members** blade. Verify that the **az104-01a-aaduser2** appears in the list of group members.
#### Task 3: Create an Azure Active Directory (AD) tenant
In this task, you will create a new Azure AD tenant.
@ -196,11 +196,11 @@ In this task, you will create a new Azure AD tenant.
| Initial domain name | any valid DNS name consisting of lower case letters and digits and starting with a letter |
| Country/Region | **United States** |
> **Note**: The green check mark in the **Initial domain name** text box will indicate that the domain name you typed in is valid and unique.
> **Note**: The **Initial domain name** should not be a legitimate name that potentially matches your organization or another. The green check mark in the **Initial domain name** text box will indicate that the domain name you typed in is valid and unique.
1. Click **Review + create** and then click **Create**.
1. Display the blade of the newly created Azure AD tenant by using the **Click here to navigate to your new directory: Contoso Lab** link or the **Directory + Subscription** button (directly to the right of the Cloud Shell button) in the Azure portal toolbar.
1. Display the blade of the newly created Azure AD tenant by using the **Click here to navigate to your new tenant: Contoso Lab** link or the **Directory + Subscription** button (directly to the right of the Cloud Shell button) in the Azure portal toolbar.
#### Task 4: Manage Azure AD guest users.
@ -250,7 +250,7 @@ In this task, you will create Azure AD guest users and grant them access to reso
>**Note**: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not incur unexpected costs. While, in this case, there are no additional charges associated with Azure Active Directory tenants and their objects, you might want to consider removing the user accounts, the group accounts, and the Azure Active Directory tenant you created in this lab.
1. In the **Azure Portal** search for **Licenses** in the search bar. Within Licenses under **Products** select the **Azure Active Directory Premium P2** item in the below list and then select **Licensed Users**. Select the user accounts **az104-01a-aaduser1** and **az104-01a-aaduser2** to which you assigned licenses in this lab, click **Remove license**, and, when prompted to confirm, click **OK**.
1. In the **Azure Portal** search for **Azure Active Directory** in the search bar. Within **Azure Active Directory** under **Manage** select **Licenses**. Once at **Licenses** under **Manage** select **All Products** and then select **Azure Active Directory Premium P2** item in the list. Proceed by then selecting **Licensed Users**. Select the user accounts **az104-01a-aaduser1** and **az104-01a-aaduser2** to which you assigned licenses in this lab, click **Remove license**, and, when prompted to confirm, click **OK**.
1. In the Azure portal, navigate to the **Users - All users** blade, click the entry representing the **az104-01b-aaduser1** guest user account, on the **az104-01b-aaduser1 - Profile** blade click **Delete**, and, when prompted to confirm, click **OK**.
@ -262,13 +262,13 @@ In this task, you will create Azure AD guest users and grant them access to reso
1. Navigate to the **Users - All users** blade, click the entry representing the **az104-01b-aaduser1** user account, on the **az104-01b-aaduser1 - Profile** blade click **Delete**, and, when prompted to confirm, click **OK**.
1. Navigate to the **Contoso Lab - Overview** blade of the Contoso Lab Azure AD tenant, click **Delete tenant**, on the **Delete directory 'Contoso Lab'** blade, click the **Get permission to delete Azure resources** link, on the **Properties** blade of Azure Active Directory, set **Access management for Azure resources** to **Yes** and click **Save**.
1. Navigate to the **Contoso Lab - Overview** blade of the Contoso Lab Azure AD tenant, click **Delete tenant**, on the **Delete tenant 'Contoso Lab'** blade, click the **Get permission to delete Azure resources** link, on the **Properties** blade of Azure Active Directory, set **Access management for Azure resources** to **Yes** and click **Save**.
1. Sign out from the Azure portal and sign in back.
1. Navigate back to the **Delete directory 'Contoso Lab'** blade and click **Delete**.
1. Navigate back to the **Delete tenant 'Contoso Lab'** blade and click **Delete**.
> **Note**: You will have to wait for license expiration before you can delete the tenant. This does not incur any additional cost.
> **Note**: You will have to wait for the trial license expiration before you can delete the tenant. This does not incur any additional cost.
#### Review

26
Instructions/Labs/LAB_02a_Manage_Subscriptions_and_RBAC.md
View File

@ -43,22 +43,24 @@ In this task, you will create and configure management groups.
1. Sign in to the [Azure portal](https://portal.azure.com).
1. Search for and select **Management groups** and then, on the **Management groups** blade, click **+ Add management group**.
1. Search for and select **Management groups** and then, on the **Management groups** blade, click **+ Add**.
>**Note**: If you have not previously created Management Groups, select **Start using Management Groups**
>**Note**: If you have not previously created Management Groups, select **Start using management groups**
1. Create a management group with the following settings:
| Setting | Value |
| --- | --- |
| Management group ID | **az104-02-mg1**|
| Management group display name | **az104-02-mg1**|
| Management group ID | **az104-02-mg1** |
| Management group display name | **az104-02-mg1** |
1. In the list of management groups, click the entry representing the newly created management group and then display its **details**.
1. In the list of management groups, click the entry representing the newly created management group.
1. From the **az104-02-mg1** blade, click **+ Add subscription** and add the subscription you are using in this lab to the management group.
1. On the **az104-02-mg1** blade, click **Subscriptions**.
>**Note**: Copy the ID of your Azure subscription into Clipboard. You will need it in the next task.
1. On the **az104-02-mg1 \| Subscriptions** blade, click **+ Add**, on the **Add subscription** blade, in the **Subscription** drop-down list, seletc the subscription you are using in this lab and click **Save**.
>**Note**: On the **az104-02-mg1 \| Subscriptions** blade, copy the ID of your Azure subscription into Clipboard. You will need it in the next task.
#### Task 2: Create custom RBAC roles
@ -171,13 +173,15 @@ In this task, you will create an Azure Active Directory user, assign the RBAC ro
1. In the Azure portal, navigate back to the **Users - All users** blade of the **Azure Active Directory**, and delete the **az104-02-aaduser1** user account.
1. In the Azure portal, navigate to the **az104-02-mg1** management group and display its **details**.
1. In the Azure portal, navigate back to the **Management groups** blade.
1. Right-click the **ellipsis** icon to the right of the entry representing your Azure subscription and click **Move**.
1. On the **Management groups** blade, in the **Child subscriptions** column, in the row representing the name of the management group to which you want to move the Azure subscription you used in this lab, select the link represeting its current number of subscriptions.
1. On the **Move** blade, select the management group which the subscription was originally part of and click **Save**.
>**Note**: It is likely that the target management group is the **Tenant Root management group**, unless you created a custom management group hierarchy before running this lab.
1. On the **Subscriptions** blade of the target management group, select **+ Add**.
>**Note**: This is the **Tenant Root management group**, unless you created a custom management group hierarchy before running this lab.
1. On the **Add subscription** blade, in the **Subscriptions** drop-down list, select the name of the Azure subscription you used in this lab and click **Save**.
1. Navigate back to the **Management groups** blade, right click the **ellipsis** icon to the right of the **az104-02-mg1** management group and click **Delete**.

6
Instructions/Labs/LAB_02b-Manage_Governance_via_Azure_Policy.md
View File

@ -122,15 +122,15 @@ In this task, you will assign the built-in *Require a tag and its value on resou
1. On the **New** blade, search for and select **Storage account**, and click **Create**.
1. On the **Basics** tab of the **Create storage account** blade, specify the following settings (leave others with their defaults) and click **Review + create**:
1. On the **Basics** tab of the **Create storage account** blade, specify the following settings (leave others with their defaults), click **Review + create** and then click **Create**:
| Setting | Value |
| --- | --- |
| Storage account name | any globally unique combination of between 3 and 24 lower case letters and digits, starting with a letter |
1. Note that the validation failed. Click the link **Validation failed. Click here to view details** to display the **Errors** blade and identify the reason for the failure.
1. Once you create the deployment, you should see the **Deployment failed** message in the **Notifications** list of the portal. From the **Notifications** list, navigate to the deployment overview and click the **Deployment failed. Click here for details** message to identify the reason for the failure.
>**Note**: The error message states that the resource deployment was disallowed by the policy.
>**Note**: Verify whether the error message states that the resource deployment was disallowed by the policy.
>**Note**: By clicking the **Raw Error** tab, you can find more details about the error, including the name of the role definition **Require Role tag with Infra value**. The deployment failed because the storage account you attempted to create did not have a tag named **Role** with its value set to **Infra**.

18
Instructions/Labs/LAB_03a-Manage_Azure_Resources_by_Using_the_Azure_Portal.md
View File

@ -31,24 +31,12 @@ In this task, you will use the Azure portal to create resource groups and create
1. Sign in to the [Azure portal](https://portal.azure.com).
1. Search for and select **Resource groups**.
1. On the **Resource groups** blade, click **+ Add** and create a resource group with the following settings:
|Setting|Value|
|---|---|
|Subscription| the name of the Azure subscription you will use in this lab |
|Resource Group| **az104-03a-rg1**|
|Region| the name of any Azure region available in the subscription you will use in this lab |
1. Click **Review + Create** and then click **Create**.
1. In the Azure portal, search for and select **Disks**, click **+ Add**, and specify the following settings:
1. In the Azure portal, search for and select **Disks**, click **+ Add, + Create, or + New**, and specify the following settings:
|Setting|Value|
|---|---|
|Subscription| the name of the Azure subscription where you created the resource group |
|Resource Group| **az104-03a-rg1** |
|Resource Group| the name of a new resource group **az104-03a-rg1** |
|Disk name| **az104-03a-disk1** |
|Region| the name of the Azure region where you created the resource group |
|Availability zone| **None** |
@ -84,7 +72,7 @@ In this task, we will move the disk resource you created in the previous task to
In this task, you will apply a resource lock to an Azure resource group containing a disk resource.
1. In the Azure portal, search for and select **Disks**, click **+ Add**, and specify the following settings:
1. In the Azure portal, search for and select **Disks**, click **+ Add, + Create, or + New**, and specify the following settings:
|Setting|Value|
|---|---|

3
Instructions/Labs/LAB_03b-Manage_Azure_Resources_by_Using_ARM_Templates.md
View File

@ -73,6 +73,9 @@ In this task, you will create an Azure disk resource by using an Azure Resource
"sourceUri": {
"type": "String"
},
"sourceImageVersionId": {
"type": "String"
},
"osType": {
"type": "String"
},

14
Instructions/Labs/LAB_04-Implement_Virtual_Networking.md
View File

@ -127,8 +127,6 @@ In this task, you will configure static assignment of public and private IP addr
1. In the list IP configurations, click **ipconfig1**.
1. On the **ipconfig1** blade, set **Assignment** to **Static**, leave the default value of **IP address** set to **10.40.0.4**.
1. On the **ipconfig1** blade, in the **Public IP address settings** section, select **Associate**, click **+ Create new**, specify the following settings, and click **OK**:
| Setting | Value |
@ -136,6 +134,8 @@ In this task, you will configure static assignment of public and private IP addr
| Name | **az104-04-pip0** |
| SKU | **Standard** |
1. On the **ipconfig1** blade, set **Assignment** to **Static**, leave the default value of **IP address** set to **10.40.0.4**.
1. Back on the **ipconfig1** blade, save the changes.
1. Navigate back to the **az104-04-vnet1** blade
@ -146,8 +146,6 @@ In this task, you will configure static assignment of public and private IP addr
1. In the list IP configurations, click **ipconfig1**.
1. On the **ipconfig1** blade, set **Assignment** to **Static**, leave the default value of **IP address** set to **10.40.1.4**.
1. On the **ipconfig1** blade, in the **Public IP address settings** section, select **Associate**, click **+ Create new**, specify the following settings, and click **OK**:
| Setting | Value |
@ -155,6 +153,8 @@ In this task, you will configure static assignment of public and private IP addr
| Name | **az104-04-pip1** |
| SKU | **Standard** |
1. On the **ipconfig1** blade, set **Assignment** to **Static**, leave the default value of **IP address** set to **10.40.1.4**.
1. Back on the **ipconfig1** blade, save the changes.
1. Navigate back to the **az104-04-rg1** resource group blade, in the list of its resources, click **az104-04-vm0**, and from the **az104-04-vm0** virtual machine blade, note the public IP address entry.
@ -169,7 +169,7 @@ In this task, you will configure network security groups in order to allow for r
1. In the Azure portal, navigate back to the **az104-04-rg1** resource group blade, and in the list of its resources, click **az104-04-vm0**.
1. On the **az104-04-vm0** blade, click **Connect**, in the drop-down menu, click **RDP**, on the **Connect with RDP** blade, click **Download RDP File** and follow the prompts to start the Remote Desktop session.
1. On the **az104-04-vm0** overview blade, click **Connect**, click **RDP** in the drop-down menu, on the **Connect with RDP** blade, click **Download RDP File** using the Public IP address and follow the prompts to start the Remote Desktop session.
1. Note that the connection attempt fails.
@ -214,9 +214,9 @@ In this task, you will configure network security groups in order to allow for r
1. Navigate back to the **az104-04-vm0** virtual machine blade.
>**Note**: Now verify that you can successfully connect to the target virtual machine and sign in by using the **Student** username and **Pa55w.rd1234** password.
>**Note**: In the subsequent steps, you will verify that you can successfully connect to the target virtual machine and sign in by using the **Student** username and **Pa55w.rd1234** password.
1. On the **az104-04-vm0** blade, click **Connect**, click **Connect**, in the drop-down menu, click **RDP**, on the **Connect with RDP** blade, click **Download RDP File** and follow the prompts to start the Remote Desktop session.
1. On the **az104-04-vm0** blade, click **Connect**, click **RDP**, on the **Connect with RDP** blade, click **Download RDP File** using the Public IP address and follow the prompts to start the Remote Desktop session.
>**Note**: This step refers to connecting via Remote Desktop from a Windows computer. On a Mac, you can use Remote Desktop Client from the Mac App Store and on Linux computers you can use an open source RDP client software.

49
Instructions/Labs/LAB_05-Implement_Intersite_Connectivity.md
View File

@ -59,13 +59,10 @@ In this task, you will deploy three virtual machines, each into a separate virtu
-TemplateFile $HOME/az104-05-vnetvm-loop-template.json `
-TemplateParameterFile $HOME/az104-05-vnetvm-loop-parameters.json `
-location1 $location1 `
-location2 $location2 `
-AsJob
-location2 $location2
```
>**Note**: Wait for the deployment to complete before proceeding to the next task. This should take about 2 minutes.
>**Note**: To verify the status of the deployment, you can examine the properties of the resource group you created in this task.
>**Note**: Wait for the deployment to complete before proceeding to the next step. This should take about 2 minutes.
1. Close the Cloud Shell pane.
@ -102,6 +99,20 @@ In this task, you will configure local and global peering between the virtual ne
>**Note**: This step establishes two local peerings - one from az104-05-vnet0 to az104-05-vnet1 and the other from az104-05-vnet1 to az104-05-vnet0.
>**Note**: In case you run into an issue with the Azure portal interface not displaying the virtual networks created in the previous task, you can configure peering by running the following PowerShell commands from Cloud Shell:
```powershell
$rgName = 'az104-05-rg1'
$vnet0 = Get-AzVirtualNetwork -Name 'az104-05-vnet0' -ResourceGroupName $rgname
$vnet1 = Get-AzVirtualNetwork -Name 'az104-05-vnet1' -ResourceGroupName $rgname
Add-AzVirtualNetworkPeering -Name 'az104-05-vnet0_to_az104-05-vnet1' -VirtualNetwork $vnet0 -RemoteVirtualNetworkId $vnet1.Id
Add-AzVirtualNetworkPeering -Name 'az104-05-vnet1_to_az104-05-vnet0' -VirtualNetwork $vnet1 -RemoteVirtualNetworkId $vnet0.Id
```
1. On the **az104-05-vnet0** virtual network blade, in the **Settings** section, click **Peerings** and then click **+ Add**.
1. Add a peering with the following settings (leave others with their default values) and click **Add**:
@ -123,6 +134,20 @@ In this task, you will configure local and global peering between the virtual ne
>**Note**: This step establishes two global peerings - one from az104-05-vnet0 to az104-05-vnet2 and the other from az104-05-vnet2 to az104-05-vnet0.
>**Note**: In case you run into an issue with the Azure portal interface not displaying the virtual networks created in the previous task, you can configure peering by running the following PowerShell commands from Cloud Shell:
```powershell
$rgName = 'az104-05-rg1'
$vnet0 = Get-AzVirtualNetwork -Name 'az104-05-vnet0' -ResourceGroupName $rgname
$vnet2 = Get-AzVirtualNetwork -Name 'az104-05-vnet2' -ResourceGroupName $rgname
Add-AzVirtualNetworkPeering -Name 'az104-05-vnet0_to_az104-05-vnet2' -VirtualNetwork $vnet0 -RemoteVirtualNetworkId $vnet2.Id
Add-AzVirtualNetworkPeering -Name 'az104-05-vnet2_to_az104-05-vnet0' -VirtualNetwork $vnet2 -RemoteVirtualNetworkId $vnet0.Id
```
1. Navigate back to the **Virtual networks** blade and, in the list of virtual networks, click **az104-05-vnet1**.
1. On the **az104-05-vnet1** virtual network blade, in the **Settings** section, click **Peerings** and then click **+ Add**.
@ -146,6 +171,20 @@ In this task, you will configure local and global peering between the virtual ne
>**Note**: This step establishes two global peerings - one from az104-05-vnet1 to az104-05-vnet2 and the other from az104-05-vnet2 to az104-05-vnet1.
>**Note**: In case you run into an issue with the Azure portal interface not displaying the virtual networks created in the previous task, you can configure peering by running the following PowerShell commands from Cloud Shell:
```powershell
$rgName = 'az104-05-rg1'
$vnet1 = Get-AzVirtualNetwork -Name 'az104-05-vnet1' -ResourceGroupName $rgname
$vnet2 = Get-AzVirtualNetwork -Name 'az104-05-vnet2' -ResourceGroupName $rgname
Add-AzVirtualNetworkPeering -Name 'az104-05-vnet1_to_az104-05-vnet2' -VirtualNetwork $vnet1 -RemoteVirtualNetworkId $vnet2.Id
Add-AzVirtualNetworkPeering -Name 'az104-05-vnet2_to_az104-05-vnet1' -VirtualNetwork $vnet2 -RemoteVirtualNetworkId $vnet1.Id
```
#### Task 3: Test intersite connectivity
In this task, you will test connectivity between virtual machines on the three virtual networks that you connected via local and global peering in the previous task.

60
Instructions/Labs/LAB_06-Implement_Network_Traffic_Management.md
View File

@ -54,19 +54,37 @@ In this task, you will deploy four virtual machines into the same Azure region.
New-AzResourceGroup -Name $rgName -Location $location
```
1. From the Cloud Shell pane, run the following to create the three virtual networks and four virtual machines into them by using the template and parameter files you uploaded:
1. From the Cloud Shell pane, run the following to create the three virtual networks and four Azure VMs into them by using the template and parameter files you uploaded:
```powershell
New-AzResourceGroupDeployment `
-ResourceGroupName $rgName `
-TemplateFile $HOME/az104-06-vms-loop-template.json `
-TemplateParameterFile $HOME/az104-06-vms-loop-parameters.json `
-AsJob
-TemplateParameterFile $HOME/az104-06-vms-loop-parameters.json
```
>**Note**: Wait for the deployment to complete before proceeding to the next task. This should take about 5 minutes.
>**Note**: Wait for the deployment to complete before proceeding to the next step. This should take about 5 minutes.
>**Note**: To verify the status of the deployment, you can examine the properties of the resource group you created in this task.
1. From the Cloud Shell pane, run the following to install the Network Watcher extension on the Azure VMs deployed in the previous step:
```powershell
$rgName = 'az104-06-rg1'
$location = (Get-AzResourceGroup -ResourceGroupName $rgName).location
$vmNames = (Get-AzVM -ResourceGroupName $rgName).Name
foreach ($vmName in $vmNames) {
Set-AzVMExtension `
-ResourceGroupName $rgName `
-Location $location `
-VMName $vmName `
-Name 'networkWatcherAgent' `
-Publisher 'Microsoft.Azure.NetworkWatcher' `
-Type 'NetworkWatcherAgentWindows' `
-TypeHandlerVersion '1.4'
}
```
>**Note**: Wait for the deployment to complete before proceeding to the next step. This should take about 5 minutes.
1. Close the Cloud Shell pane.
@ -80,6 +98,22 @@ In this task, you will configure local peering between the virtual networks you
>**Note**: The template you used for deployment of the three virtual networks ensures that the IP address ranges of the three virtual networks do not overlap.
1. In the list of virtual networks, select **az104-06-vnet2**.
1. On the **az104-06-vnet2** blade, select **Properties**.
1. On the **az104-06-vnet2 \| Properties** blade, record the value of the **Resource ID** property.
1. Navigate back to the list of virtual networks and select **az104-06-vnet3**.
1. On the **az104-06-vnet3** blade, select **Properties**.
1. On the **az104-06-vnet3 \| Properties** blade, record the value of the **Resource ID** property.
>**Note**: You will need the values of the ResourceID property for both virtual networks later in this task.
>**Note**: This is a workaround that addresses the issue with the Azure portal occasionally not displaying the newly provisioned virtual network when creating virtual network peerings.
1. In the list of virtual networks, click **az104-06-vnet01**.
1. On the **az104-06-vnet01** virtual network blade, in the **Settings** section, click **Peerings** and then click **+ Add**.
@ -94,8 +128,8 @@ In this task, you will configure local peering between the virtual networks you
| Virtual network gateway | **None (default)** |
| Remote virtual network: Peering link name | **az104-06-vnet2_to_az104-06-vnet01** |
| Virtual network deployment model | **Resource manager** |
| Subscription | the name of the Azure subscription you are using in this lab |
| Virtual network | **az104-06-vnet2** |
| I know my resource ID | enabled |
| Resource ID | the value of resourceID parameter of **az104-06-vnet2** you recorded earlier in this task |
| Traffic to remote virtual network | **Allow (default)** |
| Traffic forwarded from remote virtual network | **Allow (default)** |
| Virtual network gateway | **None (default)** |
@ -118,8 +152,8 @@ In this task, you will configure local peering between the virtual networks you
| Virtual network gateway | **None (default)** |
| Remote virtual network: Peering link name | **az104-06-vnet3_to_az104-06-vnet01** |
| Virtual network deployment model | **Resource manager** |
| Subscription | the name of the Azure subscription you are using in this lab |
| Virtual network | **az104-06-vnet3** |
| I know my resource ID | enabled |
| Resource ID | the value of resourceID parameter of **az104-06-vnet3** you recorded earlier in this task |
| Traffic to remote virtual network | **Allow (default)** |
| Traffic forwarded from remote virtual network | **Allow (default)** |
| Virtual network gateway | **None (default)** |
@ -157,8 +191,6 @@ In this task, you will test transitivity of virtual network peering by using Net
> **Note**: This is expected, since the hub virtual network is peered directly with the first spoke virtual network.
> **Note**: The initial check can take about 2 minutes because it requires installation of the Network Watcher Agent virtual machine extension on **az104-06-vm0**.
1. On the **Network Watcher - Connection troubleshoot** blade, initiate a check with the following settings (leave others with their default values):
| Setting | Value |
@ -323,7 +355,7 @@ In this task, you will configure and test routing between the two spoke virtual
| Virtual network | **az104-06-vnet3** |
| Subnet | **subnet0** |
1.Click **OK**
1. Click **OK**
1. In the Azure portal, navigate back to the **Network Watcher - Connection troubleshoot** blade.
@ -401,7 +433,7 @@ In this task, you will implement an Azure Load Balancer in front of the two Azur
| Interval | **5** |
| Unhealthy threshold | **2** |
1. Click **OK**
1. Click **Add**
1. Wait for the health probe to be created, in the **Settings** section, click **Load balancing rules**, and then click **+ Add**.
@ -421,7 +453,7 @@ In this task, you will implement an Azure Load Balancer in front of the two Azur
| TCP reset | **Disabled** |
| Floating IP (direct server return) | **Disabled** |
1. Click **OK**
1. Click **Add**
1. Wait for the load balancing rule to be created, click **Overview**, and note the value of the **Public IP address**.

39
Instructions/Labs/LAB_07-Manage_Azure_Storage.md
View File

@ -40,7 +40,7 @@ In this task, you will deploy an Azure virtual machine that you will use later i
>**Note**: If this is the first time you are starting **Cloud Shell** and you are presented with the **You have no storage mounted** message, select the subscription you are using in this lab, and click **Create storage**.
1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu, click **Upload** and upload the files **\\Allfiles\\Module_07\\az104-07-vm-template.json** and **\\Allfiles\\Module_07\\az104-07-vm-parameters.json** into the Cloud Shell home directory.
1. In the toolbar of the Cloud Shell pane, click the **Upload/Download files** icon, in the drop-down menu, click **Upload** and upload the files **\\Allfiles\\Labs\\07\\az104-07-vm-template.json** and **\\Allfiles\\Labs\\07\\az104-07-vm-parameters.json** into the Cloud Shell home directory.
1. From the Cloud Shell pane, run the following to create the resource group that will be hosting the virtual machine (replace the `[Azure_region]` placeholder with the name of an Azure region where you intend to deploy the Azure virtual machine)
@ -71,7 +71,7 @@ In this task, you will deploy an Azure virtual machine that you will use later i
In this task, you will create and configure an Azure Storage account.
1. In the Azure portal, search for and select **Storage accounts**, and then click **+ New**.
1. In the Azure portal, search for and select **Storage accounts**, and then click **+ Add**.
1. On the **Basics** tab of the **Create storage account** blade, specify the following settings (leave others with their default values):
@ -82,40 +82,19 @@ In this task, you will create and configure an Azure Storage account.
| Storage account name | any globally unique name between 3 and 24 in length consisting of letters and digits |
| Location | the name of an Azure region where you can create an Azure Storage account |
| Performance | **Standard** |
| Account kind | **Storage (general purpose v1)** |
| Replication | **Read-access geo-redundant storage (RA-GRS)** |
| Redundancy | **Geo-redundant storage (GRS)** |
1. Click **Next: Networking >**, on the **Networking** tab of the **Create storage account** blade, review the available options, accept the default option **Public endpoint (all networks}** and click **Next: Data protection >**.
1. Click **Next: Advanced >**, on the **Advanced** tab of the **Create storage account** blade, review the available options, accept the defaults, and click **Next: Networking >**.
1. On the **Data protection** tab of the **Create storage account** blade, review the available options, accept the defaults, and click **Next: Advanced >**.
1. On the **Networking** tab of the **Create storage account** blade, review the available options, accept the default option **Public endpoint (all networks}** and click **Next: Data protection >**.
1. On the **Advanced** tab of the **Create storage account** blade, review the available options, accept the defaults, click **Review + Create**, wait for the validation process to complete and click **Create**.
1. On the **Data protection** tab of the **Create storage account** blade, review the available options, accept the defaults, click **Review + Create**, wait for the validation process to complete and click **Create**.
>**Note**: Wait for the Storage account to be created. This should take about 2 minutes.
1. On the deployment blade, click **Go to resource** to display the Azure Storage account blade.
1. On the Azure Storage account blade, in the **Settings** section, click **Configuration**.
1. Click **Upgrade** to change the Storage account kind from **Storage (general purpose v1)** to **StorageV2 (general purpose v2)**.
1. On the **Upgrade storage account** blade, review the warning stating that the upgrade is permanent and will result in billing charges, in the **Confirm upgrade** text box, type the name of the storage account, and click **Upgrade**.
> **Note**: You have the option to set the account kind to **StorageV2 (general purpose v2)** at the provisioning time. The previous two steps were meant to illustrate that you also have the option to upgrade existing general purpose v1 accounts.
> **Note**: **StorageV2 (general purpose v2)** offers a number of features, such as, for example, access tiering, not available in with general purpose v1 accounts.
> **Note**: Review the other configuration options, including **Access tier (default)**, currently set to **Hot**, which you can change, the **Performance**, currently set to **Standard**, which can be set only during account provisioning, and the **Identity-based Directory Service for Azure File Authentication**, which requires Azure Active Directory Domain Services.
1. On the Storage account blade, in the **Settings** section, click **Geo-replication** and note the secondary location. Click the **View all** link under the **Storage endpoints** label and review the **Storage account endpoints** blade.
> **Note**: As expected, the **Storage account endpoints** blade contains both primary and secondary endpoints.
1. Switch to the Configuration blade of the Storage account and, in the **Replication** drop-down list, select **Geo-redundant storage (GRS)** and save the change.
1. Switch back to the **Geo-replication** blade and note that the secondary location is still specified. Click the **View all** link under the **Storage endpoints** label and review the **Storage account endpoints** blade.
> **Note**: As expected, the **Storage account endpoints** blade contains only primary endpoints.
1. On the Storage account blade, in the **Settings** section, click **Geo-replication** and note the secondary location.
1. Display again the **Configuration** blade of the Storage account, in the **Replication** drop-down list select **Locally redundant storage (LRS)** and save the change.
@ -140,7 +119,7 @@ In this task, you will create a blob container and upload a blob into it.
1. In the list of containers, click **az104-07-container** and then click **Upload**.
1. Browse to **\\Allfiles\\Module_07\\LICENSE** on your lab computer and click **Open**, then click **Upload**.
1. Browse to **\\Allfiles\\Labs\\07\\LICENSE** on your lab computer and click **Open**.
1. On the **Upload blob** blade, expand the **Advanced** section and specify the following settings (leave others with their default values):
@ -207,6 +186,8 @@ In this task, you will configure authentication and authorization for Azure Stor
1. Click the **Switch to the Azure AD User Account** link next to the **Authentication method** label.
> **Note**: You can see an error when you change the authentication method (the error is *"You do not have permissions to list the data using your user account with Azure AD"*). It is expected.
> **Note**: At this point, you no longer have access to the container.
1. On the **az104-07-container** blade, click **Access Control (IAM)**.

12
Instructions/Labs/LAB_08-Manage_Virtual_Machines.md
View File

@ -90,6 +90,7 @@ In this task, you will deploy Azure virtual machines into different availability
| --- | --- |
| Boot diagnostics | **Enable with custom storage account** |
| Diagnostics storage account | accept the default value |
| Patch orchestration options | **Manual updates** |
>**Note**: If necessary, select an existing storage account in the dropdown list. Record the name of the storage account. You will use it in the next task.
@ -114,11 +115,12 @@ In this task, you will deploy Azure virtual machines into different availability
| Virtual Machine Computer Name | **az104-08-vm1** |
| Admin Username | **Student** |
| Admin Password | **Pa55w.rd1234** |
| Enable Hotpatching | **false** |
| Zone | **2** |
>**Note**: You need to modify parameters corresponding to the properties of the distinct resources you are deploying by using the template, including the virtual machine and its network interface.
1. Enable the checkbox **I agree to the terms and conditions stated above** and click **Purchase**.
1. Click **Review + Create**, on the **Review + Create** blade, click **Create**.
>**Note**: Wait for both deployments to complete before you proceed to the next task. This might take about 5 minutes.
@ -167,7 +169,7 @@ In this task, you will install Windows Server Web Server role on the two Azure v
1. On the **Edit template** blade, in the section displaying the content of the template, insert the following code starting with line **20** (directly underneath the `"resources": [` line):
>**Note**: If you are using a tool that pastes the code in line by line intellisense may add extra brackets causing validation errors. You may want to paste the code into notepad first and then paste it into line 20.
>**Note**: If you are using a tool that pastes the code in line by line intellisense may add extra brackets causing validation errors. You may want to paste the code into notepad first and then paste it into line 20.
```json
{
@ -191,9 +193,9 @@ In this task, you will install Windows Server Web Server role on the two Azure v
```
>**Note**: This section of the template defines the same Azure virtual machine custom script extension that you deployed earlier to the first virtual machine via Azure PowerShell.
>**Note**: This section of the template defines the same Azure virtual machine custom script extension that you deployed earlier to the first virtual machine via Azure PowerShell.
1. Click **Save** and, back on the **Custom template** blade, enable the checkbox **I agree to the terms and conditions stated above** and click **Purchase**.
1. Click **Save** and, back on the **Custom template** blade, click **Review + Create** and, on the **Review + Create** blade, click **Create**
>**Note**: Wait for the template deployment to complete. You can monitor its progress from the **Extensions** blade of the **az104-08-vm0** and **az104-08-vm1** virtual machines. This should take no more than 3 minutes.
@ -304,7 +306,7 @@ In this task you will scale compute for Azure virtual machines by changing their
1. Click **Save** and, back on the **Custom template** blade, enable the checkbox **I agree to the terms and conditions stated above** and click **Purchase**.
>**Note**: Wait for the template deployment to complete. You can monitor its progress from the **Extensions** blade of the **az104-08-vm1** virtual machine. This should take no more than 3 minutes.
>**Note**: Wait for the template deployment to complete. You can monitor its progress from the **Disks** blade of the **az104-08-vm1** virtual machine. This should take no more than 3 minutes.
1. Back on the **az104-08-vm1** blade, in the **Operations** section, click **Run command**, and, in the list of commands, click **RunPowerShellScript**.

8
Instructions/Labs/LAB_09c-Implement_Azure_Kubernetes_Service.md
View File

@ -70,15 +70,15 @@ In this task, you will deploy an Azure Kubernetes Services cluster by using the
| Setting | Value |
| ---- | ---- |
| Virtual nodes | **Disabled** |
| VM scale sets | **Enabled** |
| Enable virtual nodes | **Disabled** (default) |
| Enable virtual machine scale sets | **Enabled** (default) |
1. Click **Next: Authentication >** and, on the **Authentication** tab of the **Create Kubernetes cluster** blade, specify the following settings (leave others with their default values):
| Setting | Value |
| ---- | ---- |
| Service principal | accept the default |
| Enable RBAC | **Yes** |
| Authentication method | **System-assigned managed identity** (default) |
| Role-based access control (RBAC) | **Enabled** |
1. Click **Next: Networking >** and, on the **Networking** tab of the **Create Kubernetes cluster** blade, specify the following settings (leave others with their default values):