Follow AZ-800 guidance as a prerequisite before AZ-801, and start with fresh virtual machines for hands-on labs, especially as Windows 11 may be used for a few tasks.

Decide whether to set up a practice lab for hands-on learning; it’s optional, with simulations available 24/7, or you can practice on your own environment, though lab setup requires time.

Download the Windows Server 2022 ISO from exam lab practice.com/iso download, right-click the link and choose save link as, saving the file to your desktop.

Use Hyper-V, the official Microsoft virtualization software, by enabling it in control panel, selecting the Hyper-V platform and management tools, then reboot to access the Hyper-V manager.

Create an external virtual switch in Hyper-V using the virtual switch manager to connect virtual machines to the internet and to each other.

Fix a Hyper-V network issue by disabling large send offload version 2 on the Hyper-V virtual Ethernet adapter to restore internet performance.

Create a Windows Server 2022 virtual machine in Hyper-V, allocate 4 GB RAM and a 127 GB dynamic disk, install the desktop experience from ISO, and sign in.

Create and configure a second Windows Server 2022 virtual machine in Hyper-V, setting memory, dynamic disk, external switch, and ISO image, then install, log in, and rename in a workgroup.

Visit the Windows 11 ISO download page to download the English United States 64-bit ISO, then save the file to your desktop after completing the form.

Set up a Windows 11 virtual machine in Hyper-V manager by creating a generation two VM with 4 GB RAM, enabling TPM, attaching the ISO, and installing Windows 11.

Set up a new on-premises Active Directory domain by installing AD DS, creating a forest for exam lab practice.com, and promoting NYC DC one to a domain controller with DNS.

Join the NYC server one to the exam lab practice domain by configuring DNS to the domain controller and validating the domain membership in Active Directory.

Configure Windows 11 to join the domain by setting the DNS server to the domain controller, applying a manual IPv4 address, and then log in as exam lab practice administrator.

Set up a lab environment with Microsoft 365 and Azure, sign up for a free Office 365 E5 trial, and activate a Teams trial where available.

Learn how to create a free Microsoft 365/Azure trial, verify with a phone number, assign licenses, and cancel before the 30-day limit, with tips for common issues.

Create a free Microsoft 365/azure trial account with a new email, verify by phone, activate Microsoft 365 E5 licenses, and learn to cancel after 30 days.

Register for an Azure subscription by starting a free trial to receive $200 credit and 30 days to set up virtual machines.

Learn to configure a hybrid connection between on-premises AD DS and Azure AD with Azure AD Connect, enabling password hash synchronization, single sign-on, and ongoing synchronization verification.

Configure Windows exploit protection to lock down threats, override program settings, and export an XML policy for domain-wide deployment via Group Policy updates.

Explore how Windows Defender Application Control and AppLocker secure servers by controlling which apps can run using code signing, certificates, and path-based rules.

Activate a free three-month trial of Microsoft Defender for Endpoint via the portal, assign licenses to users, and monitor endpoints in the Microsoft Defender dashboard.

Onboard a Windows Server 2022 to Microsoft Defender for Endpoint by downloading and running the onboarding script, with admin PowerShell, and verify Defender antivirus is installed.

Enable virtualization based security and credential guard via group policy to protect credentials with a hypervisor sandbox, enforcing secure boot, DMA protection, and kernel mode protections.

Enable Windows Defender SmartScreen via a group policy object, configure its on/off setting, and apply domain-wide or OU-specific deployment to protect users from phishing.

Configure operating system security by creating a GPO, using computer configuration and security settings to enforce admin rename, restricted groups, auditing, and then link to an organizational unit.

Learn to redo simulations on Udemy after completing an assignment by navigating to summary, back to assignment, and instructions to access the simulation link anytime.

Configure domain password policies on the domain controller via the default domain policy, enforcing history, age, length, complexity, and account lockout, with fine-grained options in Azure AD.

Enable password protection for Windows Server Active Directory by installing the Azure AD password protection DC agent, configuring a banned password list, and enforcing across on-prem and cloud environments.

Learn how the protected users group in on-premise Active Directory protects elevated accounts by preventing plaintext credential caching and offline sign-ins.

Learn to pre-stage a read-only domain controller (RODC) with Active Directory tools, set password replication policies, and choose DNS and global catalog options for remote or on-site deployment.

Learn to harden domain controllers by configuring the domain default domain controllers policy in group policy management, focusing on security options, user rights assignments, and auditing.

Configure authentication policy silos to bind accounts to specific servers, then use group policy and the Active Directory Administrative Center to enable Kerberos client support for claims and enforce policy.

Configure the default domain controllers policy in group policy management to restrict access, remove the everyone group, limit logon locally to admins and backup operators, and manage remote desktop permissions.

Explore configuring account security in Active Directory, including user creation, password options, logon restrictions, group memberships, and applying group policy objects to restrict or grant access.

Explore built-in administrative groups in Active Directory, view and describe each group, understand powerful roles like enterprise admins, and learn how to add members and nest groups.

Delegate control in Active Directory by assigning admins to specific organizational units, like New York and Dallas, granting privileges to create and delete user accounts while avoiding domain admin rights.

Monitor on-premises and Azure AD authentication with Microsoft Defender for Identity. Manage via the Microsoft 365 Defender dashboard, using AI and threat intel to detect threats and generate alerts.

Monitor on-premises and Azure IaaS VMs with Microsoft Sentinel, a SIEM and SOAR, by creating a log analytics workspace and installing the agent to centralize logs and enable threat detection.

Identify and remediate security issues on on-premises servers and VMs using Microsoft Defender for Cloud, integrating Security Center capabilities with log analytics for unified cloud and on-premises security.

Explore Windows Defender Firewall on servers, create inbound or outbound port rules (e.g., block port 22 for ssh), and apply them across servers via a GPO, noting policy refresh intervals.

Configure domain isolation with IPsec and Kerberos authentication using Windows Defender Firewall connection security rules, ensuring only domain-joined servers communicate and blocking anonymous access.

Install BitLocker drive encryption on Windows Server using Server Manager, enable BitLocker network unlock for domain-wide automatic unlock, and use Windows Deployment Services deployment and transport servers for key management.

Learn how to manage BitLocker on a Windows server, disable the TPM requirement via a group policy, enable OS drive encryption with a password, and safeguard a 48-digit recovery key.

Azure encrypts disks by default with a platform managed key; you can use Azure Key Vault for a customer managed key or enable host level encryption.

Create and configure an Azure key vault to manage encryption keys for encrypting a VM's data and OS disks, including key creation, access control, and disk encryption set.

Learn how failover clustering extends services across on-premise, hybrid, and cloud setups using CSV, iSCSI or fibre channel storage, witnesses, and quorum mechanisms to ensure high availability.

Configure storage for failover clustering by provisioning iSCSI storage, creating ESXi virtual disks, and setting up shared disks with proper volumes and initiators.

Install the failover cluster service on both NYC DC one and NYC server one, then create the NYC cluster with failover cluster manager and verify both nodes are up.

Explore how stretch clusters replicate data synchronously or asynchronously across datacenters or Azure regions, enabling automated failover with low latency, and compare active-active versus active-passive configurations.

Configure failover cluster quorum settings with the failover cluster manager, choosing dynamic or manual witnesses such as disk, file share, or cloud witnesses.

Configure multiple network adapters for failover clustering to reduce heartbeat latency, enable NIC teaming, and establish a dedicated cluster network for reliable, load-balanced cluster information with Failover Cluster Manager.

Explore configuring cluster workload options for high availability in Windows Server, including DHCP, failover relations, and workload-specific tools, with guidance on using the failover wizard vs native management.

Explore how cluster sets group clusters for cross-area failover, coordinated by a cluster set master and worker service, and how availability sets with fault and update domains boost Azure reliability.

Explore configuring a scale-out file server as an SMB-based alternative to iSCSI for clustered Windows Server environments, via a shared folder for application data.

Configure Azure as a cloud witness for cluster quorum by creating a storage account and using its key to establish the witness endpoint, and clean up to avoid costs.

Visualize floating IP addresses and load balancers in failover clusters, using active and passive load balancers with heartbeat to keep traffic flowing, including azure load balancer options.

Learn to automate updates on failover cluster nodes with cluster aware updating using Server Manager, including update previews, readiness analysis, and keeping services online.

Learn how a failover cluster detects a failed node, quarantines it, and uses restart, drain roles, resume, and evict to recover and re-add the node.

Drain the roles in the failover cluster, evict the node, upgrade to Windows Server 2022, then reattach the node to restore service with minimal traffic disruption.

Install Windows Admin Center on NYC server one, then add a DC and create a failover cluster using two servers with static IPs and cluster-aware roles.

Learn how storage spaces in Windows Server combine disks into a storage pool and create virtual disks. Use mirroring or parity to provide redundancy.

Explore Storage Spaces Direct, a software-defined storage solution that pools disks across 2–16 servers into a fault-tolerant, scalable storage space for files, databases, and virtual machines.