Thursday, September 16, 2021

AZ-801 Study Guide: Configuring Windows Server Hybrid Advanced Services

AZ-801 Study Guide: Configuring Windows Server Hybrid Advanced Services

In this exam guide you’ll see which MS Learn modules map against exam functional groups and which docs.microsoft.com articles map against specific exam objective items for the AZ-801 Configuring Windows Server Hybrid Advanced Services exam. This exam is required for the Windows Server Hybrid Administrator Associate certification.

 

The following video provides an introductory overview of these objectives by Orin Thomas and Jeff Woolsey: 

 

 

The official objectives page is found here: https://aka.ms/az-801examguide

1. Secure Windows Server On-premises and Hybrid Infrastructures (25-30%)     

Relevant MS Learn modules

·       https://docs.microsoft.com/en-us/learn/modules/implement-windows-server-iaas-virtual-machine-network-security/

·       https://docs.microsoft.com/en-us/learn/modules/audit-security-of-windows-server-iaas-virtual-machines/

·       https://docs.microsoft.com/en-us/learn/modules/manage-azure-updates/

·       https://docs.microsoft.com/en-us/learn/modules/create-implement-application-allowlists-adaptive-application-control/

·       https://docs.microsoft.com/en-us/learn/modules/configure-bitlocker-disk-encryption-windows-iaas-virtual-machines/

·       https://docs.microsoft.com/en-us/learn/modules/implement-change-tracking-file-integrity-monitoring/

·       https://docs.microsoft.com/en-us/learn/modules/secure-windows-server-domain-name-system/

 

1.1 Secure Windows Server Operating System    

·       Configure and manage Exploit Protection            

o   https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-exploit-protection?view=o365-worldwide

·       Configure and Manage Windows Defender Application Control  

o   https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager

·       Configure and manage Windows Defender for Endpoint

o   https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection

·       Configure and manage Windows Defender Credential Guard      

o   https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage

·       Configure SmartScreen 

o   https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview

·       Implement operating system security by using Group Policies     

o   https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines

 

1.2 Secure a hybrid Active Directory infrastructure          

·       Configure Password policies      

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory

·       Enable password block lists        

o   https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection

·       Manage protected users             

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-c--protected-accounts-and-groups-in-active-directory

·       Manage account security on an RODC   

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc772234(v=ws.10)

·       Harden Domain Controllers       

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack

·       Configure authentication policies silos   

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts

·       Restrict access to domain controllers     

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-h--securing-local-administrator-accounts-and-groups

·       Configure account security         

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory

·       Manage AD built-in administrative groups          

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-b--privileged-accounts-and-groups-in-active-directory

·       Manage AD delegation 

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj553400(v=ws.11)

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn221977(v=ws.11)

·       Implement and manage Microsoft Defender for Identity

o   https://docs.microsoft.com/en-us/defender-for-identity/what-is

 

1.3 Identify and remediate Windows Server security issues by using Azure Services             

·       Monitor on-premises servers and Azure IaaS VMs by using Azure Sentinel             

o   https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-security-events

·       Identify and remediate security issues on-premises servers and Azure IaaS VMs by using Azure Security Center  

o   https://docs.microsoft.com/en-us/azure/security-center/defender-for-servers-introduction

 

1.4 Secure Windows Server networking

·       Manage Windows Defender Firewall      

o   https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring

·       Implement domain isolation      

o   https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only

·       Implement connection security rules     

o   https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule

 

1.5 Secure Windows Server storage       

·       Manage Windows BitLocker Drive Encryption (BitLocker)             

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831507(v=ws.11)

·       Manage and recover encrypted volumes             

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn383583(v=ws.11)

·       Enable storage encryption by using Azure Disk Encryption           

o   https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-models

·       Manage disk encryption keys for IaaS virtual machines   

o   https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss

             

2. Implement and Manage Windows Server High Availability (10-15%)   

Relevant MS Learn modules:

·       https://docs.microsoft.com/en-us/learn/modules/introduction-to-cluster-shared-volumes/

·       https://docs.microsoft.com/en-us/learn/modules/implement-windows-server-failover-cluster/

·       https://docs.microsoft.com/en-us/learn/modules/implement-high-availability-of-windows-server-vms/

·       https://docs.microsoft.com/en-us/learn/modules/implement-windows-server-file-server-high-availability/

·       https://docs.microsoft.com/en-us/learn/modules/implement-scale-high-availability-windows-server-virtual-machine/

 

2.1 Implement a Windows Server failover cluster            

·       Implement a failover cluster on-premises, hybrid, or cloud-only 

·            https://docs.microsoft.com/en-us/azure/virtual-machines/disks-shared

·            https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets

·       Create a Windows Failover Cluster         

·            https://docs.microsoft.com/en-us/windows-server/failover-clustering/create-failover-cluster

·       Stretch cluster across datacenter or Azure regions          

·            https://docs.microsoft.com/en-us/windows-server/storage/storage-replica/stretch-cluster-replication-using-shared-storage

·            https://docs.microsoft.com/en-us/windows-server/storage/storage-replica/cluster-to-cluster-azure-cross-region

·       Configure storage for failover clustering

·            https://docs.microsoft.com/en-us/windows-server/failover-clustering/clustering-requirements

·            https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj612869(v=ws.11)

·       Modify quorum options

·            https://docs.microsoft.com/en-us/windows-server/failover-clustering/manage-cluster-quorum

·       Configure network adapters for failover clustering          

·            https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd354058(v=ws.10)

·       Configure cluster workload options        

·            https://docs.microsoft.com/en-us/windows-server/failover-clustering/failover-clustering-overview

·            https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd337817(v=ws.10)

·       Configure cluster sets   

·            https://docs.microsoft.com/en-us/azure-stack/hci/deploy/cluster-set

·       Configure Scale-Out File servers

·            https://docs.microsoft.com/en-us/windows-server/failover-clustering/sofs-overview

·       Create an Azure witness             

·            https://docs.microsoft.com/en-us/windows-server/failover-clustering/deploy-cloud-witness

·       Configure a floating IP address for the cluster     

·            https://docs.microsoft.com/en-us/troubleshoot/windows-server/high-availability/cluster-information-ip-address-failover

·       Implement load balancing for the failover cluster            

·            https://docs.microsoft.com/en-us/azure-stack/hci/manage/vm-load-balancing

 

2.2 Manage Failover Clustering 

·       Implement Cluster-Aware updating        

o   https://docs.microsoft.com/en-us/windows-server/failover-clustering/cluster-aware-updating

·       Recover a failed cluster node    

o   https://docs.microsoft.com/en-us/troubleshoot/windows-server/high-availability/high-availability-overview

·       Upgrade a node to Windows Server 2022            

o   https://docs.microsoft.com/en-us/windows-server/failover-clustering/cluster-operating-system-rolling-upgrade

·       Failover workloads between nodes

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd353290(v=ws.10)          

·       Install Windows updates on cluster nodes          

o   https://docs.microsoft.com/en-us/windows-server/failover-clustering/cluster-aware-updating-options

·       Manage failover clusters using Windows Admin Center  

o   https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/use/manage-failover-clusters

 

2.3 Implement and Manage Storage Spaces Direct          

·       Create failover cluster using Storage Spaces Direct          

o   https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/storage-spaces-direct-overview

·       Upgrade Storage Spaces Direct node     

o   https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/upgrade-storage-spaces-direct-to-windows-server-2019

·       Implement networking for Storage Spaces Direct             

o   https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/deploy-storage-spaces-direct#step-2-configure-the-network

·       Configure Storage Spaces Direct

o   https://docs.microsoft.com/en-us/windows-server/storage/storage-spaces/deploy-storage-spaces-direct

             

3. Implement Disaster Recovery (10-15%)     

Relevant MS Learn modules:

·       https://docs.microsoft.com/en-us/learn/modules/implement-hyper-v-replica/

·       https://docs.microsoft.com/en-us/learn/modules/implement-hybrid-backup-recovery-windows-server-iaas/

·       https://docs.microsoft.com/en-us/learn/modules/protect-on-premises-infrastructure-with-azure-site-recovery/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.architect-migration-bcdr

·       https://docs.microsoft.com/en-us/learn/modules/protect-infrastructure-with-site-recovery/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.architect-migration-bcdr

·       https://docs.microsoft.com/en-us/learn/modules/protect-virtual-machines-with-azure-backup/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.architect-migration-bcdr

 

3.1 Manage Backup and Recovery for Windows Server   

·       Backup and restore files and folders to Azure Recovery Services Vault    

o   https://docs.microsoft.com/en-us/azure/backup/backup-windows-with-mars-agent

o   https://docs.microsoft.com/en-us/azure/backup/backup-azure-restore-windows-server

·       Install and manage Azure Backup Server

o   https://docs.microsoft.com/en-us/azure/backup/backup-mabs-whats-new-mabs

o   https://docs.microsoft.com/en-us/azure/backup/backup-azure-microsoft-azure-backup

·       Backup and recover using Azure Backup Server  

o   https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-vms-prepare

·       Manage backups in Azure Recovery Services Vault          

o   https://docs.microsoft.com/en-us/azure/backup/backup-instant-restore-capability

·       Create Backup Policy     

o   https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-userestapi-createorupdatepolicy

·       Configure Backup for Azure VM using the built-in back up agent 

o   https://docs.microsoft.com/en-us/azure/backup/backup-client-automation

·       Recover VM using temporary snapshots

o   https://docs.microsoft.com/en-us/azure/virtual-machines/backup-and-disaster-recovery-for-azure-iaas-disks

·       Recover VMs to new Azure VMs

o   https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms

·       Restore a VM   

o   https://docs.microsoft.com/en-us/azure/backup/backup-azure-arm-restore-vms

 

3.2 Implement disaster recovery by using Azure Site Recovery    

·       Configure Azure Site Recovery Networking         

o   https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-manage-network-interfaces-on-premises-to-azure

·       Configure Site Recovery for on-premises VMs    

o   https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-vmm-network-mapping

·       Configure a Recovery Plan          

o   https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-create-recovery-plans

·       Configure Site Recovery for Azure VMs  

o   https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-about-networking

·       Implement VM replication to secondary datacenter or Azure region             

o   https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-how-to-enable-zone-to-zone-disaster-recovery

·       Configure Azure Site Recovery policies  

o   https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-how-to-enable-policy

 

3.3 Protect virtual machines by using Hyper-V replicas   

·       Configure Hyper-V Hosts for replication

o   https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/set-up-hyper-v-replica

·       Manage Hyper-V replica servers

o   https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/set-up-hyper-v-replica

·       Configure VM Replication           

o   https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/set-up-hyper-v-replica

·       Perform a Failover         

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831759(v=ws.11)

             

4. Migrate Servers and Workloads (20-25%)

Relevant MS Learn modules:

·       https://docs.microsoft.com/en-us/learn/modules/migrate-premises-windows-server-instances-azure-iaas-virtual-machines/

·       https://docs.microsoft.com/en-us/learn/modules/upgrade-migrate-windows-server-iaas-virtual-machines/

 

4.1 Migrate on-premises storage to on-premises servers or Azure            

·       Transfer data and share; and cutover to new server using SMS   

o   https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/cutover

·       Use Storage Migration Service to migrate to Azure VMs 

o   https://docs.microsoft.com/en-us/windows-server/storage/storage-migration-service/overview

·       Migrate to Azure File shares      

o   https://docs.microsoft.com/en-us/azure/storage/files/storage-files-migration-overview

 

4.2 Migrate on-premises servers to Azure           

·       Deploy and configure Azure Migrate appliance  

o   https://docs.microsoft.com/en-us/azure/migrate/deploy-appliance-script

·       Migrate VM workloads to Azure IaaS     

o   https://docs.microsoft.com/en-us/azure/migrate/tutorial-migrate-hyper-v

·       Migrate physical workloads to Azure IaaS            

o   https://docs.microsoft.com/en-us/azure/migrate/how-to-set-up-appliance-physical

·       Migrate by using Azure Migrate

o   https://docs.microsoft.com/en-us/azure/migrate/how-to-migrate

 

4.3 Migrate workloads from previous versions to Windows Server 2022  

·       Migrate IIS        

o   https://docs.microsoft.com/en-us/iis/publish/using-web-deploy/migrate-a-web-site-from-iis-60-to-iis-7-or-above

·       Migrate Hyper-V hosts  

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn486792(v=ws.11)

·       Migrate RDS Host servers           

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn479239(v=ws.11)

·       Migrate DHCP  

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn495425(v=ws.11)

·       Migrate Print Servers    

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj134150(v=ws.11)

 

4.4 Migrate IIS workloads to Azure         

·       Migrate IIS workloads to Azure Web Apps           

o   https://docs.microsoft.com/en-us/dotnet/azure/migration/app-service

·       Migrate IIS workloads to containers       

o   https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/building-sample-app

 

4.5 Migrate an AD DS infrastructure to Windows Server 2022 AD DS        

·       Migrate AD DS objects, including users, groups and Group Policies using AD Migration Tool

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc974412(v=ws.10)

·       Migrate to a new Active directory forest

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc974335(v=ws.10)

·       Upgrade existing forest

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers

             

5. Monitor and Troubleshoot Windows Server Environments (20-25%)       

Relevant MS Learn modules:

·       https://docs.microsoft.com/en-us/learn/modules/monitor-windows-server-iaas-virtual-machines-hybrid-instances/

·       https://docs.microsoft.com/en-us/learn/modules/monitor-azure-vm-using-diagnostic-data/

·       https://docs.microsoft.com/en-us/learn/modules/monitor-performance-using-azure-monitor-for-vms/

 

5.1 Monitor Windows Server by using Windows Server tools and Azure Services             

·       Monitor Windows Server by using Performance Monitor

o   https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/performance-overview

·       Create and configure Data Collector Sets             

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc749337(v=ws.11)

·       Monitor servers and configure alerts by using Windows Admin Center 

o   https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/azure-monitor

·       Monitor by using System Insights            

o   https://docs.microsoft.com/en-us/windows-server/manage/system-insights/overview

·       Manage event logs        

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc722404(v=ws.11)

·       Deploy Log Analytics agents       

o   https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows

·       Collect performance counters to Azure  

o   https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-overview

·       Create alerts     

o   https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-log

·       Monitor Azure VMs by using Azure diagnostics extension            

o   https://docs.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-overview

·       Monitor Azure VMs performance by using VM Insights  

o   https://docs.microsoft.com/en-us/azure/azure-monitor/vm/vminsights-overview

             

5.2 Troubleshoot Windows Server On-premises and hybrid Networking  

·       Troubleshoot hybrid network connectivity          

o   https://docs.microsoft.com/en-us/troubleshoot/azure/general/sdp3fdcb6045-5616-45b4-bb68-0bd11081c184-vnet

·       Troubleshoot on-premises connectivity 

o   https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/networking-overview

             

5.3 Troubleshoot Windows Server virtual machines in Azure       

·       Troubleshoot deployment failures          

o   https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/welcome-deployment-troubleshooting

·       Troubleshoot booting failures   

o   https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/boot-error-troubleshoot

·       Troubleshoot VM performance issues   

o   https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/performance-diagnostics

·       Troubleshoot VM extension issues         

o   https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/support-agent-extensions

·       Troubleshoot disk encryption issues       

o   https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview

·       Troubleshoot storage   

o   https://docs.microsoft.com/en-us/azure/virtual-machines/managed-disks-overview?context=/troubleshoot/azure/virtual-machines/context/context

·       Troubleshoot VM Connection issues      

o   https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/cannot-connect-rdp-azure-vm

             

5.4 Troubleshoot Active Directory           

·       Restore objects from AD recycle bin       

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd391916(v=ws.10)

·       Recover Active Directory database using Directory Services Restore mode   

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/ee410856(v=ws.10)

·       Recover SYSVOL             

o   https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc816596(v=ws.10)

·       Troubleshoot Active Directory replication           

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/troubleshoot/troubleshooting-active-directory-replication-problems

·       Troubleshoot Hybrid authentication issues         

o   https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-pass-through-authentication

·       Troubleshoot on-premises Active Directory        

o   https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/troubleshooting-domain-controller-deployment

 

Posted at https://sl.advdat.com/3kdPQfC