Microsoft Azure Infrastructure and Deployment exam AZ-100 – Resources Part 1 – Manage Azure subscriptions and resources

***WARNING***
AZ-100, AZ-101 and AZ-102 are all ceasing in favour of the AZ-103 single exam. See the link to the new exam syllabus – here
***WARNING***

Part 1 of 5 linking to the most appropriate documentation for learning how to achieve the objectives set in the new Azure AZ-100 exam. More specific configuration examples will be added in PowerShell as I work through the subject matter myself.

A friend on Reddit added the latest content from Ignite. Could be a good place to start before begging with my posts.

Also, please consider this guide from Skylines Academy for your PowerShell skills to bolster your competency on Azure and for the AZ-10x exams.

Manage Azure subscriptions and resources (15-20%)

Manage Azure subscriptions

May include but not limited to:

Assign administrator permissions; 

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal

Global Administrator is required to assign roles and is the default “god-like” administrator role in Azure. In Microsoft Graph API, Azure AD Graph API, and Azure AD PowerShell, this role is identified as “Company Administrator”. It is “Global Administrator” in the Azure portal.

PowerShell ;

connect-azuread -TenantId az100.onmicrosoft.com

https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureaduser?view=azureadps-2.0

$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "Saturday29"
New-AzureADUser -DisplayName "Bobby Balls" -PasswordProfile $PasswordProfile -UserPrincipalName "BobbyBalls@az100.onmicrosoft.com" -AccountEnabled $true -MailNickName "BobbyBalls"

https://docs.microsoft.com/en-us/powershell/module/azuread/add-azureaddirectoryrolemember?view=azureadps-2.0

$roleMember = Get-AzureADUser -ObjectId "BobbyBalls@az100.onmicrosoft.com"
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $roleMember.ObjectId
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Get-AzureADUser

configure cost center quotas and tagging

https://docs.microsoft.com/en-us/azure/billing/billing-getting-started

https://docs.microsoft.com/en-us/azure/billing/billing-set-up-alerts

Alerts can only be set up per subscription and is still in preview with five alert recipients for when a subscription reaches a spend value. No other options exist in the drop down menu as yet.

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags?toc=/azure/billing/TOC.json

Settings tags on resources rather than resource groups seems to be a little abstract and requires the resourceID rather than the name.
https://github.com/sympa18/CheckandApplyTags/blob/master/CheckandApplyTags.ps1

WARNING – This will set ONLY what is stated in the commands and will remove all existing tags!

Resource Groups In PoSh

Set-AzureRmResourceGroup -Name resgroupaz100 -Tag @{ Dept="IT"; Environment="Test" }
(Get-AzureRmResourceGroup -Name resgroupaz100 ).Tags

Resources in PoSh

$resource = Get-azurermresource -Name az100-aad-vm1-nsg
$id = $resource.id
Set-AzureRmResource -resourceid $id -Tag @{ Dept="IT"; Environment="Test" } -force
(Get-AzureRmResource -Name az100-aad-vm1-nsg).Tags

configure subscription policies

https://docs.microsoft.com/en-us/azure/azure-policy/azure-policy-introduction

A little misleading in the title. Policies can be assigned to resource groups within subscriptions. So, you can’t assign a resourece group to a subscription and walk away. Assigning policies to resource groups is useful for ensuring things like selecting which VM sizes are available or which locations are available for services to match organisational policy.

Analyze resource utilization and consumption

May include but not limited to:

Configure diagnostic settings on resources;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs

Using the Monitor resource, you can identify which resources have Diagnostics enabled for a high level overview.

Or, you can visit the resource directly and choose Diagnostic settings and choose one of the three diagnostic destinations and if choosing a storage account, configure retention.

  • Storage Account
  • Event Hub
  • Log Analytics

Using PoSh

Set-AzureRmDiagnosticSetting -ResourceId [your resource id] -StorageAccountId [your storage account id] -Enabled $true

create baseline for resources;

Not sure what this means other than using JSON templates or PoSh DSC

create and rest alerts;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-alerts-unified-log

analyze alerts across subscription;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts

analyze metrics across subscription;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-metrics

create action groups;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-action-groups

monitor for unused resources;

Unsure

monitor spend;

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-usage-and-estimated-costs

report on spend;

Could mean Cloudyn
https://docs.microsoft.com/en-us/azure/cost-management/tutorial-review-usage
Or simply the Billing and Cost Management blade
https://docs.microsoft.com/en-us/azure/billing/billing-understand-your-bill

utilize Log Search query functions;

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-search

view alerts in Log Analytics

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-solution-alert-management

Manage resource groups

May include but not limited to:

Allocate resource policies;

https://docs.microsoft.com/en-us/azure/azure-policy/azure-policy-introduction

configure resource locks;

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

PowerShell

New-AzureRmResourceLock -LockName lock-az100demo-uks-az100-rg01 -LockLevel CanNotDelete -ResourceGroupName "az100demo-uks-az100-rg01"
$lockId = (Get-AzureRmResourceLock -ResourceGroupName az100demo-uks-az100-rg01).LockId
Remove-AzureRmResourceLock -LockId $lockId

configure resource policies;

https://docs.microsoft.com/en-us/azure/azure-policy/create-manage-policy

implement and set tagging on resource groups;

WARNING Duplicate exam exercise – see “Manage Azure Subscriptions” – “Configure Cost Centre Quotas and Tagging”
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

move resources across resource groups;

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources

PowerShell

$webapp = Get-AzureRmResource -ResourceGroupName az100demo-uks-az100-rg01 -ResourceName az100demo-website
$plan = Get-AzureRmResource -ResourceGroupName az100demo-uks-az100-rg01 -ResourceName az100demo-webplan
Move-AzureRmResource -DestinationResourceGroupName az100demo-uks-az100-rg02 -ResourceId $webapp.ResourceId, $plan.ResourceId

remove resource groups

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-portal#delete-resource-group-or-resources

PowerShell

Remove-AzureRmResourceGroup -Name "az100demo-uks-az100-rg01"

6 thoughts on “Microsoft Azure Infrastructure and Deployment exam AZ-100 – Resources Part 1 – Manage Azure subscriptions and resources”

  1. Thanks for doing this. I think for MONITOR FOR UNUSED RESOURCES they are referring to the Cost + Management + Billing blade. Overview refers to “View Advisor recommendations to identify unused or underutilized resources. Take action to reduce waste.” The link brings you to Advisor recommendations and you’ll see a Cost tab. The feature seems to be in preview and only for EA accounts at this time, so good luck testing it out with your MSDN or PAYG!

    1. Hey Joel,
      Thanks for the feedback. One thing to caution. None of the exam objectives relate to preview features, only GA features.

      1. Thanks, good to know! I’ll try not and get distracted by all the shiny preview stuff while I’m studying. Docs is pretty good, but the depth of each subject is where I get a little less sure. I think cursory knowledge is what they are looking for – be able to recognize most subjects and PS/cli command and know a little about them but not be an expert.

  2. Thanks for putting this together, it’s been really useful to read over the links whilst preparing for the exam. On to part 2!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s