Assume you have completed AZ-104 and bring advanced IT operations knowledge—networking, virtualization, and identity security—as this AZ-305 course builds on that groundwork to deploy resources and study AZ-305 objectives.

Explore designing monitoring and logging within identity and governance solutions, deploying Azure infrastructure (VM, Azure storage account, Azure SQL database), running a .NET app, and enabling monitoring for each service.

Review key Azure concepts, including accounts, subscriptions, and Azure Active Directory, then explore managing resources with management groups, resource groups, and deploying Azure VMs and Azure SQL databases.

Deploy resources in an appropriate location, balancing user proximity, cost, and compliance, while some services remain global. Improve availability with availability sets and zones across fault and update domains.

Provision a virtual machine in an Azure virtual network with a subnet, network interface, and IP, then deploy a SQL database, storage account, and a dotnet app that uses them.

Deploy an Azure virtual machine in the portal using Windows Server 2022 data center x64 gen2, a resource group, and standard_d2s_v3 with port 80 open.

Deploy a fully managed Azure SQL database and its server, configure SQL authentication, firewall rules and a public endpoint, and explore basic dtu-based pricing with backups and high availability.

Create an Azure storage account in North Europe with standard performance and locally-redundant storage, using blob storage for unstructured data, including backups, and isolating data from the application.

Download the free visual studio 2022 community edition, install the visual studio installer, and select asp.net web development and azure development workloads.

Deploy a simple .NET web app to an azure vm and connect it to azure sql database and azure storage, illustrating data moving from embedded files to external data stores.

Demonstrates separating the data and application layers by hosting images in an Azure blob container and course data in an Azure SQL database, then fetching via a .NET app.

Publish a .NET 6.0 web app to an Azure VM by installing IIS, management service, and Web Deploy, configuring port 8172 and DNS name, then publish from Visual Studio.

Publish your .NET6 project to an Azure web app (PaaS). Create app service, choose a resource group, set pricing to P1, and publish from Visual Studio to the azurewebsites.net domain.

Choose between Azure web app service and Azure VMs by evaluating infrastructure management and admin privileges; use Azure web app to avoid managing infrastructure, or Azure VMs for admin access.

Explore how the Azure Monitor service tracks metrics, activity logs, and resource insights, enabling dashboards and alerts for VMs, web apps, and storage usage.

Stream logs from Azure VMs to a Log Analytics workspace using data collection rules and the Azure Monitor Agent to collect Windows event logs, security audits, and performance counters.

Configure diagnostic settings for the Azure Web App to send HTTP and platform logs to a Log Analytics workspace, then query AppServiceHTTPLogs for client IP addresses.

Enable auditing for Azure SQL databases to create audit trail of activities and stream audit logs to a log analytics workspace or to a storage account in the same location.

Learn to quickly install SQL Server Management Studio on a Windows laptop, install Azure Data Studio as well, and connect to an Azure SQL database using SQL Server authentication.

Enable diagnostic settings for Azure AD sign-ins and export them to a Log Analytics workspace to monitor sign-in activity and IP addresses.

Enable VM insights in Azure Monitor to collect guest performance metrics, processes, and dependencies via a data collection rule, using a log analytics workspace to visualize CPU and memory.

Enable and view network security group flow logs using Azure Network Watcher, store logs in a storage account, and optionally visualize them in Log Analytics with Traffic Analytics.

Create and link an Application Insights resource to an Azure web app, instrument your app, and monitor live telemetry, performance, and user interactions with live metrics.

Explore microsoft sentinel, a cloud service for security information, event management, and security orchestration, automation, and response that collects data from users, devices, apps, and infrastructure to detect threats.

Attach Microsoft Sentinel to an existing Log Analytics workspace to start collecting data. Then use a rule to detect events recorded there.

Enable Microsoft Sentinel data collection by connecting a data connector to a Log Analytics workspace and creating a data collection rule to stream Windows security events from an Azure VM.

Create a scheduled query rule in Microsoft Sentinel to monitor event id 4625 for failed logons, trigger incidents, map to credential access tactics like brute force, and automate the response.

Learn Azure Data Explorer, a fully managed service for real-time analysis with Kusto Query Language; create a free cluster, ingest data, and run queries.

Review resource tags to add metadata and enable cost filtering across resources, resource groups, and subscriptions. Note that group tags don't inherit to resources, and enforce tagging with Azure policies.

Design Azure infrastructure with cost in mind using the pricing calculator to estimate virtual machines, region, OS, and bandwidth costs, and explore reservations for up to 72% savings.

Monitor and optimize cloud spending after deployment by using cost analysis and Azure Advisor recommendations, applying filters by tags and resource group, and resizing resources or adopting reservations.

Delete the resources created in this section to avoid costs, while preserving select resources like a storage account and a virtual machine for future sections, and recreate as needed.

Delve into identity and governance concepts, covering authentication, authorization, and governance of identities and application access, and revisit AZ-104 topics for AZ-305.

Use azure active directory as the core security tool. Learn authentication and authorization, identity types, and role-based access control for resources like VMs and storage accounts.

Understand the authorization hierarchy by applying role-based access control at resource, resource group, subscription, and management group levels, extending control with Azure policies across all resources and groups.

Explore Azure Active Directory as the Azure identity provider, compare free and premium licenses (P1 $86, P2 $9 per user per month) and security features tied to exam objectives.

Explore role-based access control in Azure, covering inbuilt roles like reader, contributor, and owner, plus custom roles, and how to assign them to users at resource and resource group levels.

Assign built-in Azure Active Directory roles to delegate tasks such as creating users and managing passwords, then assign and later remove a user administrator role for UserA.

Learn how Azure AD Privileged Identity Management enables just-in-time, time-bound, start-and-end-date privileged access to Azure AD roles and resources with approvals, RBAC, and premium P2 licensing.

Explore how privileged identity management configures an eligible user administrator role. Learn to distinguish eligible from active assignments, set activation rules with maximum duration, MFA, approvals, and justification.

Activate a user admin role for user A via Privileged Identity Management for up to eight hours, with role settings, justification, and approval options in Azure AD and Azure resources.

Utilize privileged identity management for RBAC roles in Azure AD, discovering roles, creating eligible assignments, and activating them within the subscription to manage Azure resources.

Review how to invite external identities as guest users in azure active directory to grant short-term access to resources using role-based access control and accepting invitations.

Explore Azure Active Directory access reviews to regularly assess whether users with roles, groups, or RBAC access still need privileges, and remove unnecessary access as roles change or users leave.

Use identity governance in azure active directory to perform access reviews for groups or applications, with azure ad premium p2 licenses, reviewers, and auto apply denials.

Learn to create access reviews for Azure AD roles and role-based access control using Privilege Identity Management, including setting the review name, start date, frequency, and selecting the target role.

Explore Azure AD Identity Protection, a threat-intelligence driven service that automatically detects identity risks, defines user and sign-in risk policies, and enforces controls such as password changes and multi-factor authentication.

Apply Azure policy definitions to enforce governance by restricting resource deployments to allowed locations, such as North Europe, with assignments at the subscription level and optional exclusions.

Use resource locks to prevent accidental deletion or modification of azure resources, applying read-only or delete locks at the resource level, resource group level, or subscription level.

Azure blueprints orchestrate the deployment of ARM templates, policies, resource groups, and RBAC onto new subscriptions, establishing a standard set of rules across management groups and subscriptions.

Demonstrates creating an Azure blueprint at the tenant/root level, defining artifacts like a resource group, role assignment, and a virtual network ARM template to automate new subscriptions.

Assign the Azure blueprint to the staging subscription to deploy a resource group, a virtual network with two subnets, and ARM template artifacts using a managed identity.

Learn how Azure Blueprints apply resource locks to prevent accidental deletion or modification of deployed resources, using do not delete and read-only locks, and how to remove them by reassigning.

Define Azure blueprints at the management group level and assign them to subscriptions, ensuring all subscriptions trust the same Azure AD tenant through REST API-based management group assignments.

Discover how to use application objects in Azure Active Directory to securely grant an app access to an Azure storage account, using role-based access control instead of embedding access keys.

Demonstrates downloading a blob from an Azure storage account with a .NET console app using an application object, app registration, and RBAC to securely access commands.sql.

Explore using managed identities to access a storage account without embedded credentials, via Azure AD and RBAC, demonstrated on a virtual machine (appvm).

Enable a system-assigned managed identity on an azure vm, grant blob data reader access, and run a .net console app to download a blob to the server.

Learn how user-assigned managed identities remain independent of resource lifecycles and can be attached to multiple resources, enabling rbac for a storage account with a single identity.

Learn how to use the Azure Key Vault to manage secrets, encryption keys, and certificates. Create a key vault, configure a resource group, location, retention, and access policy.

Learn to retrieve a secret from Azure key vault using an application object, set an access policy for get permission, and fetch the secret value in a .NET app.

Discover how Azure AD Application Proxy lets Azure AD users securely access on-premises web applications without exposing them to the internet, via a lightweight proxy connector.

Deploy a Windows Server 2022 domain controller in a new virtual network, install Active Directory Domain Services, host an IIS web server, and install the Azure AD application proxy connector.

Promote the server to a domain controller, define an internal cloud-to-hub domain with Microsoft Active Directory, and configure DNS on the domain VM to support Azure AD application proxy.

Deploy a private Azure VM web server, install IIS with a default page, and join it to the cloud2hub.com domain inside the virtual network for Azure AD application proxy.

Spin up a proxy VM in the GRP resource group, join it to the domain, and install the Azure AD application proxy connector while configuring TLS 1.2 registry settings.

Configure the Azure AD application proxy by installing the proxy connector and mapping the internal web server webvm.cloud2hub.com to an external URL, granting Azure AD users access.

Understand why you may delete domain resources in Azure and recreate them later, to avoid running costs, as infrastructure can be rebuilt easily when needed.

Explore how a dotnet-based app authenticates a user from Azure Active Directory using OAuth, issues an access token, and enables RBAC-based access to resources like Azure storage.

Review multi-factor authentication (MFA) and conditional access in the Azure portal, including per-user MFA setup, registration, and SMS or authenticator methods for secure sign-ins.

Demonstrates signing in a user via an application object in Azure Active Directory, using a simple .NET project, app registrations, and a deployed Azure web app.

Explore how to manage enterprise application objects in Azure Active Directory, including enabling sign-in, requiring assignments, and adding users to access webapp applications in the AZ-305 context.

Explore how Azure Active Directory enables single sign-on across enterprise apps like Dropbox, with admin consent and seamless login via myapps portal.

Explore how conditional access policies add a security layer for Azure Active Directory users, enforcing multifactor authentication when signing into web apps from defined locations, and managing policy lifecycle.

Explore data storage solutions in Azure, covering storage accounts, Azure SQL Database pricing and encryption, and services like Azure Data Factory, Azure Synapse, and Cosmos DB for non-relational data.

Explore Azure data stores overview, including Azure SQL Database, SQL on VM, Azure Storage, Cosmos DB, and analytics services like Synapse, Data Factory, and Data Lake Gen2.

Review the Azure storage accounts authorization techniques for blob access, comparing public access, anonymous access, access keys, shared access signatures with scoped permissions and start-end times, and Azure AD authentication.

Learn how to use Azure Storage Explorer to manage storage accounts with account keys, including connecting, rotating keys, and controlling blobs, file shares, queues, and tables.

Explore how shared access signatures grant time-bound, scoped access to Azure storage without account keys, with configurable services, permissions, and start and expiry dates for blob service, containers, and objects.

Learn to grant Azure Active Directory identities access to an Azure storage account using role-based access control, assigning reader and storage blob data reader roles.

Review Azure blob storage access tiers—hot, cool, and archive—and how to balance storage and access costs with blob-level and storage account-level tiering.

Review Azure blob access tiers: hot, cool, archive, with hot as default and blob changes; archive blocks access and requires rehydration, while lifecycle rules auto-transition by last modified date.

Learn how storage account encryption protects data at rest in Azure storage, using Microsoft managed keys by default and customer-managed keys via Key Vault for blob and file share services.

Explore premium storage accounts built on blob and file share services to gain higher performance and low latency with solid state drives, ideal for streaming and machine learning workloads.

Explore Azure storage redundancy options—lrs, zrs, grs, and gzrs—and learn how multiple copies across data centers or zones ensure availability and read access during outages.

Explore hosting options for SQL Server on Azure, including virtual machine deployments, Azure SQL Database, and Azure SQL Managed Instance, with migration, availability, and compatibility considerations.

Explore Azure SQL Database pricing options, including DTU with Basic, Standard, and Premium tiers, 99.99% uptime, backups up to 35 days, and vCore, serverless, and hyperscale models.

Deploy Microsoft SQL Server on Azure VM using marketplace image, configure SQL Server settings and authentication, and connect via SQL Server Management Studio to VM in a virtual network.

Create an Azure SQL database via the platform as a service, choose between DTU-based or vCore-based pricing, and enable transparent data encryption.

Discover dynamic data masking in Azure SQL to limit exposure of sensitive data for non-admin users. Apply email masking, credit card masking, and custom text masking on the customer table.

Explore the Always Encrypted feature in Azure SQL databases, encrypting columns such as email addresses with deterministic or randomized methods, using Azure Key Vault keys and SQL Server Management Studio.

Discover Azure SQL Managed Instance, offering near 100% compatibility with SQL Server and private network integration for migrating on-premises workloads to Azure. Benefit from automated backups and high availability.

Explains how to use Azure Cosmos DB to host a fully managed NoSQL database on Azure, with multiple APIs and partition keys to optimize queries.

Enable global replication of Azure Cosmos DB by adding read regions such as UK West, enable multi-region writes, and explore consistency levels from strong to eventual.

Explore Azure Data Lake Gen2 storage accounts built on blob storage, leveraging hierarchical namespace to organize large data sets as directories, supporting Parquet and CSV formats for data lake ingestion.

Explore Azure Synapse as a data warehouse platform with sql data warehouse and spark for analysis. Utilize a Synapse workspace with Azure Data Lake Gen2, data integration, management, and security.

Create an Azure Synapse workspace using an Azure Data Lake Gen2 storage account, configure a dedicated SQL pool for a data warehouse, and finalize security, networking, and review steps.

Create a dedicated SQL pool in Azure Synapse to host a data warehouse, and use the serverless pool for ad hoc analysis on data lake Gen2 via external tables.

Copy data from a parquet log file in Azure Data Lake Gen2 to a dedicated SQL pool using an Azure Synapse pipeline, including dataset creation, mapping, and monitoring.

Link Azure Synapse to Azure Cosmos DB to analyze operational NoSQL data directly in Synapse using a link service, Spark pools, and data frames.

Discover how Azure Databricks unifies data lake and data warehouse through a lakehouse architecture on Azure, enabling ingestion, processing, and analysis of structured and semi-structured data with schema management.

Create an Azure Databricks workspace from the marketplace, select a resource group, name it, and choose the trial pricing; charges apply only when you run a cluster.

Launch the Azure Databricks workspace, create a cluster with Apache Spark runtimes, and run a notebook to analyze data.

Explore Azure Databricks notebooks to read a Log.csv file from Azure Data Lake Gen2, configure Spark, and display a DataFrame using Scala.

Explore how Azure Data Factory functions as a cloud-based etl tool to extract, transform, and load data, orchestrating pipelines that move data from sources to a data warehouse.

Create an Azure Data Factory resource in the portal, configure resource group, a unique factory name, and a North Europe location, then open the Data Factory Studio to build pipelines.

Use Azure Data Factory to copy data from an Azure SQL Database to a dedicated SQL pool in Azure Synapse, creating connections, datasets, pipelines, and monitoring progress.

Visualize transformations with mapping data flow in Azure Data Factory, running on Spark clusters, with debug mode for interactive results and no-code data shaping.

Utilize PolyBase to load large data from Azure Data Lake Gen2 into your dedicated SQL pool, enabling parallel transfers for higher throughput and efficiency in the data pipeline.

Learn how to deploy and register a self-hosted integration runtime with Azure Data Factory to load on-premises or virtual machine data into Azure Synapse and Azure SQL databases.

Create an Azure VM to host the self-hosted integration runtime and use Azure Data Factory to move a log.parquet file from a server into a dedicated SQL pool table.

Install the self-hosted integration runtime on a virtual machine and register it with Azure Data Factory. Download, install, and enter the authentication key to bring the runtime online.

Design a data factory pipeline to copy log.parquet data from an Azure VM to a dedicated SQL pool table using a self-hosted integration runtime.

Conclude this section by deleting non-essential resources while leaving the Azure Data Lake Gen2 Storage account, and review the data services interaction methods covered.

Evaluate backup and disaster recovery strategies for high availability of a web application on an Azure VM and Azure SQL database, focusing on region goes down and data restoration.

Define the recovery point objective and recovery time objective, explaining acceptable data loss and downtime under outages. Compare costs and tools for achieving higher availability across web and database components.

Demonstrates a simple .NET program that reads a log CSV file and writes records to an Azure SQL database using ADO.NET, including connection string setup and basic table interaction.

Change your Azure SQL Database pricing tier on the fly, scaling from basic to standard or premium. Expect a brief moment when the database stops accepting connections.

Learn how to implement retry logic to handle transient Azure SQL connection errors when changing the service tier, ensuring resilient app and database connectivity with ADO.NET.

Explore backup and restore strategies for Azure SQL Database and SQL Server on Azure VMs, including full and incremental backups via transaction logs and high availability considerations.

Azure sql database backups are automated within the service, performing weekly full backups, daily differential backups, and 10-minute transaction log backups, with seven-day retention extendable to 35 days by tier.

Explore point in time restore in Azure SQL database by selecting a backup, choosing a restore point, and creating a database from that point, highlighting retention policies and timing.

Learn how to configure long-term retention for Azure SQL backups, storing weekly, monthly, and yearly backups in Azure Blob storage for up to 10 years.

Explore Azure SQL database backup storage redundancy, including locally redundant storage with three backup copies and zone redundant backups across availability zones and paired regions.

Perform a geo-restore from a geo-redundant backup, create a new server in the paired region, and restore the app db using a restore point while noting replication delays.

Learn how to recover a deleted database using a point-in-time restore from the latest backup, restoring the backupdb before it was deleted.

Explore automated backups in Azure SQL database, covering backup frequency, storage redundancy, and geo redundancy options, with a focus on cost implications for architects.

Explore backups for Azure SQL: automated backups, point-in-time, geo, and deleted-database restores, plus note that native backups are available on SQL Server on Azure VM, unlike Azure SQL Database.

Explore active geo-replication for Azure SQL database, creating secondary read replicas in another region to offload reads, stream transaction logs, and enable quick failover to reduce recovery objectives.

Enable active geo-replication for the app db on an Azure SQL Database server, create a UK South replica from the North Europe primary, and verify continuous syncing via firewall-enabled connections.

Demonstrates active geo-replication with a read replica that offloads reads and enables forced failover to UK South, making the replicated UK South primary and North Europe read-only.

Explore auto-failover groups in Azure SQL Database, enabling geo-replication to fail over a set of databases with a listener endpoint that updates DNS automatically, without changing the connection string.

Configure a failover group with automatic failover for AdventureWorks and appdb by provisioning a secondary server, and using the read-write listener for the app.

Explore how Azure SQL Database, a cloud implementation of Microsoft SQL Server, provides data backup and high availability features, including auto-failover groups, built-in replicas in premium tier, and zone redundancy.

Explore how availability sets boost Azure virtual machine uptime by distributing virtual machines across fault and update domains, with updates performed one domain at a time for 99.95% service level.

Spread your virtual machines across availability zones to improve resilience and achieve a higher SLA, while noting data transfer charges between zones and the difference from availability sets.

Review Azure Backup and Site Recovery for SQL Server on Azure VM, enable VM backups with the backup extension, and restore using a Recovery Services vault in the same region.

Enable azure backup for sql server on an azure vm, configure data and log disks on premium ssd, and apply a four-hour backup policy with instant two-day snapshots.

demonstrates restoring an Azure VM from a backup snapshot via the recovery services vault, selecting a restore point and staging location to create a new VM with SQL Server.

Review how we implemented Azure backup for an Azure VM with SQL Server in a network, using a Recovery Services Vault, recovery point snapshots, and a four-hour recovery point objective.

Explore how Azure Site Recovery enables continuous replication and seamless failover of on-premises or Azure VMs to a secondary data center, protecting business continuity and disaster recovery.

Enable disaster recovery for a SQL VM with Azure Site Recovery, replicating to West Europe. Perform a test failover and verify recovery point objective, then clean up replication and resources.

Learn how to use Azure Site Recovery for Hyper-V workloads by replicating on-premises Hyper-V VMs to Azure with a recovery provider on the Hyper-V host; install on each cluster node.

Azure Key Vault replicates data in the region and to a secondary region; failover is read-only. Backups can be restored only within the same geography.

Enable Azure file shares backup via a Recovery Services vault, configure daily full backups with a 30-day retention, and monitor backup jobs in the Recovery Services vault.

Explore Azure infrastructure design by reviewing compute options—Azure virtual machines, Azure web apps, and Azure batch—and container services, file sync, networking, and development and migration services such as DevOps pipelines.

Decide the right Azure service for each component—web apps or VMs, SQL Server on VM or Azure SQL Database/Managed Instance, container or NoSQL redesign—plus plan data transfer to Azure storage.

Compare Azure VM and Azure Web App for hosting apps: web apps reduce maintenance with automatic scaling, while VMs offer full control and require manual updates.

Explore deployment slots in Azure Web Apps to test new versions in a staging slot, swap with production to prevent downtime, and roll back if issues arise.

Shows deploying an ASP.NET core web app to Azure web app on an app service plan, publishing from Visual Studio 2022, and using deployment slots to test and swap versions.

Azure Batch runs parallel high-performance computing jobs, such as processing instructor-uploaded videos, by managing a pool of virtual machines, their tasks and jobs, and Azure storage for inputs and outputs.

Set up an Azure Batch account with storage, create a pool of Windows Server 2022 VMs, publish a .NET blob copy app, and write results to Azure SQL.

Azure dedicated hosts provide a dedicated physical server in the data center, requested from the portal to host your virtual machines with enhanced security and maintenance control.

Explore the Azure virtual desktop service for desktop and application virtualization, with multi-session Windows 10 and Windows 11, host pools personal and pooled, session hosts, application groups, and scalable automation.

Explore container-based compute on Azure to host applications in isolation, preventing updates or library dependencies on one app from impacting others, with Docker as a key tool.

Review Azure container deployment options, from virtual machines with docker to Azure container instances, container groups, and Azure Kubernetes, including images and registries.

Design a microservices architecture that treats user, order, search, and purchase as independent services, enabling isolated faults, independent deployment, and flexible data stores.

Explore compute options for hosting container apps on Azure, starting with Azure Database for MySQL as PaaS, then containerizing the apps and deploying to Azure Container Registry, container instances, Kubernetes.

Test and deploy a MySQL flexible server on Azure, connect via Azure Data Studio, create a database and a log data table, and load log.csv data with a console app.

Learn how to build a .NET SQL web app that displays data from MySQL, adjust server settings, run the app, and prepare for containerized deployment of compute solutions.

Deploy a docker host on an azure linux machine to build images and run containers for your app and MySQL, using ubuntu server, docker, and ssh access.

Install Docker on a Linux-based host using the Ubuntu method from the Docker docs, copy the commands, right-click to paste, and run the install via PuTTY or Visual Studio Code.

Build a custom MySQL image on a Linux VM by creating a Dockerfile, copying zero one dot SQL, and configuring root password and database, then run a MySQL container.

Create an Azure container registry, tag and push your custom MySQL image from a Linux VM, and manage access and repositories in Azure.

Deploy a MySQL image from the Azure Container Registry to an Azure Container Instance, expose it on port 3306 via a public IP, and connect to the database.

Containerize the ASP.NET application with a Dockerfile on a Linux VM, publish net 6.0, and push the image to Azure Container Registry for MySQL and web app repositories.

Deploy a two-container group on Azure Container Instances using a YAML file to run a MySQL database and a web app, exposing ports and managing registry credentials.

Explore container restart policy options in Azure Container Instances, choosing between always restart and restart on failure. Learn to persist data with Azure file shares so container data survives restarts.

Deploy and manage containers at scale with Azure Kubernetes by creating a cluster, configuring node pools, and integrating Azure Container Registry to run workloads.

Deploy an application and a mysql database to an azure kubernetes cluster using yaml deployments and services, and expose them with load balancers after pushing images to azure container registry.

Discover how Azure File Sync links Azure file shares to on-prem file servers, providing local copies or cached access, enabling multi-site synchronization and seamless agent deployment.

Demonstrates implementing Azure File Sync by linking an on-premises file server to a scripts file share, creating a sync group, registering the server, and performing initial cloud transfer.

Connect virtual networks using peering to enable cross-network communication across same region, different regions, or different subscriptions via the Microsoft backbone network for Azure.

Review how vpn connections provide private access to an Azure virtual network, including point-to-site via a virtual network gateway, site-to-site with on-premises, and express route for private connections.

Implement point-to-site and site-to-site vpn connections in Azure, accessing a private sql server virtual machine via a vpn gateway and Bastion, with ExpressRoute private peering and Microsoft peering options.

Configure an Azure virtual network gateway with a gateway subnet and a public IP to establish a point-to-site VPN using IKEv2 and certificates to access a SQL Server on VM.

Explore site-to-site vpn implementation by creating a local network gateway, configuring a virtual network gateway with a shared key, and validating connectivity to a remote sql server.

Explore the Network Watcher service and its tools—Connection Monitor, Next Hop, IP Flow Verify, Connection Troubleshoot, NSG diagnostic, Traffic Analytics, and NSG Flow Logs—applied to AZ-104 site-to-site vpn contexts.

Connect multiple on-premises networks via Azure Virtual WAN to create a mesh that links ExpressRoute circuits, VPN site-to-site connections, and multiple virtual networks, simplifying traffic routing.

Explore how the Azure Firewall service protects a virtual network in hub-and-spoke architectures by inspecting traffic through a managed firewall, with network and application rules and user-defined routes.

Configure service endpoints to create a secure Azure backbone connection from a virtual network to storage and SQL database. Restrict access with selected networks and verify via Storage Explorer.

Review how the Azure load balancer distributes requests across backend machines with health probes and load balancing rules. Compare public and internal load balancers, and the basic versus standard SKUs.

Shows how to design and implement an internal Azure load balancer for SQL Server availability groups, using private networking, Active Directory domain, and a failover cluster with quorum.

Explore deploying a domain-joined set of Azure virtual machines behind a private network, using DNS, a domain controller, and Azure Bastion to connect SQL VMs with domain admin credentials.

The demo shows configuring an internal load balancer for SQL Server availability groups on Azure VMs, including domain admin logins, SQL and Windows authentication, failover clustering, and firewall ports.

Build a two-node failover cluster, add sqlvm1 and sqlvm2, enable always on availability groups, create appdb and backups, then configure an auto-failover group for the Azure internal load balancer.

Implement an internal Azure load balancer in front of the SQL Server availability group to provide a single endpoint and seamless failover.

Review the Azure application gateway's layer seven routing, including url-path and domain-based rules, and route traffic to VM pools, Azure web apps, or on-premises endpoints, with the web application firewall.

Review the Azure application gateway implementation and URL routing, shifting from virtual machines to Azure web apps within a virtual network, with prep for subnet resources.

Create Azure web apps as the backend for an Azure application gateway in North Europe using .NET 6, and configure a virtual network with videos and images routing.

Design and deploy an Azure application gateway with a front-end public ip, two backend pools for images and videos web apps, and path-based routing rules.

Enable the Azure Web Application Firewall on the Azure Application Gateway or Azure Front Door to protect web applications from SQL injection and cross-site scripting using the OWASP rule set.

Azure Traffic Manager is a DNS-based routing service that directs traffic to apps across Azure regions without a virtual network, supporting priority and weighted routing for failover and load distribution.

Set up two Azure web apps in East US and West US under a standard App Service plan, and implement Azure Traffic Manager with priority routing.

Learn to deploy Azure Traffic Manager with two app service endpoints, configure priority routing and health checks, and demonstrate seamless failover between East US and West US regions.

Explore an active-passive architecture using Azure Traffic Manager with priority routing, directing traffic through Azure Application Gateway and a load balancer across North Europe and UK South for availability.

Explore how Azure content delivery network caches resources at global points of presence to reduce latency. Create a CDN profile and an endpoint to serve content from the nearest location.

Set up an origin web app for an Azure CDN, publish a static web app from a GitHub repository, and deploy with Visual Studio Code, Git, in West Europe.

Learn how to deploy a static web app behind an Azure CDN profile, use a custom origin, compare Azure Front Door vs CDN, and validate performance with developer tools.

Explore Azure Cache for Redis as a caching layer that speeds data retrieval by storing frequent queries, pages, and session data, such as cart items.

Explore the Azure Front Door service, a global content delivery network. Deliver fast, low-latency access to web apps and virtual machines worldwide via caching.

Learn to deploy Azure Front Door with multiple origins, configure endpoints and routes, and route traffic to the lowest latency edge location using origin groups and CDN.

Explore how Azure Event Hubs ingests millions of events per second for scalable streaming of log data and telemetry. Producers send events, partitions boost throughput, and consumer groups organize receivers.

Build and deploy an Azure Event Hub namespace and an Event Hub, configure the pricing tier and throughput units, then set up two .NET programs to send and receive events.

Demonstrates sending and receiving events with Azure Event Hubs using .NET console apps, including creating a namespace and event hub, configuring shared access policies, and processing orders as JSON data.

Learn how Azure Event Hubs function as an event broker, not for retaining events, with options to capture data to blob storage and enable downstream persistence via consumers.

Explore Azure functions, a serverless compute option with a managed function app. It charges based on consumption and can process blob uploads in a storage account without managing virtual machines.

Configure an Azure function app by selecting a resource group, unique name, .NET runtime, and an app service plan, then attach a storage account and Application Insights.

Develop and test an Azure function in the portal with HTTP trigger, using GET or POST methods. Use a C# script, pass query string or body data, and review logs.

This lecture demonstrates using an Azure Event Hub to feed an Azure Function, which parses events and stores logs in Cosmos DB weblogs with client IP address as partition key.

Explore the Azure service bus to decouple application components by sending and receiving messages through queues and topics, and test with the Service Bus Explorer using text or JSON payloads.

Demonstrates a complete Azure Service Bus workflow where an application writes files to an unprocessed container and a queue, then a function moves them to processed and updates Cosmos DB.

Upload files to the unprocessed container and publish a Service Bus queue message to decouple upload from processing. Use a ServiceBusTrigger function to move blobs and log in Cosmos DB.

Design and run automated workflows with Azure Logic Apps, using blob triggers to monitor storage and send emails via Outlook without coding.

Learn how to use Azure Event Grid to respond to storage events and publish custom events, triggering an Azure function via event subscriptions and endpoints.

Explore Azure API Management service to securely expose backend APIs behind a management layer, apply policies, and rate-limit calls to protect data stores and APIs.

Deploy an Azure API Management instance by creating a resource group in North Europe, choosing developer pricing, configuring monitoring and scale, and noting the deployment takes about thirty minutes.

Explore how an api management instance fronts a dotnet api connected to an Azure SQL log data table, with Swagger endpoints like /api/activity returning json.

Create and configure an Azure API management API backed by an Azure web app, adding get and post operations for /api/activity, and secure calls with a subscription key.

Configure a virtual network for Azure API Management by creating a management subnet, attaching a network security group, and injecting the API Management instance into the VNet for private access.

Configure Azure API Management in a virtual network, point the API to an Azure VM via its IP, add a get activities operation, test, and delete resources to avoid charges.

Explore how the Azure DevOps set of tools fosters collaboration between developers and operations, automates the lifecycle from planning to monitoring, and speeds delivery—with a free account.

Discover how to start with an Azure DevOps free account, navigate boards, pipelines, repos, test plans, and artifacts, sign in with a Microsoft account, and create an Azure DevOps organization.

Explore how to manage projects in Azure DevOps with boards, add user stories, create backlogs and sprints, and create and assign work items like epics, issues, and tasks.

Upload your application code to Azure Repos with a Git-based repository in Visual Studio 2022, and push it to Azure DevOps to view the sqlapp repository.

Configure Azure Pipelines to build ASP.NET Core apps from Azure Repos using a YAML-based pipeline and DotNetCoreCLI tasks to publish artifacts.

Explore how to upload code to Azure Repos, build with Azure Pipelines, and create a release pipeline to deploy the application to an Azure web app.

Review ARM templates as infrastructure as code to deploy Azure resources via the resource manager, using JSON or bicep to define VMs, networks, storage, and databases in DevOps workflows.

Demonstrate deploying an Azure web app and app service plan via ARM templates in an Azure DevOps release pipeline, using a storage-stored template and pre-deployment steps.

Explore migration patterns for moving on-prem workloads to Azure, including lift and shift, refactorization with platform as a service, and re-architecting to microservices with containers and cloud services.

Explore Microsoft's cloud adoption framework to guide cloud migration, from defining strategy and planning to readiness, adopting cloud-native components, securing resources, and ongoing governance with policy and compliance.

Learn how to transfer data from your data center to Azure storage using Import/Export, data box, or disk drives, and consider AZCopy and Azure Data Factory for ongoing transfers.

Learn how to use the AzCopy command line tool to copy blobs from your local machine to an Azure storage account, including creating a SAS token and scripting recursive transfers.

Demonstrates migrating data from on-premises SQL Server to Azure SQL Database using Azure Data Studio and Azure Database Migration Service, including integration runtime setup and log data table validation.

Migrate an on-premises database to Azure SQL Managed Instance, offering hundred percent compatibility with SQL Server Enterprise Edition, automated backups, high availability, and native virtual network isolation.

Compare two options for migrating data to Azure Cosmos DB: the open source desktop data migration tool from GitHub, or an Azure Data Factory pipeline to publish data.

Explore Azure Migrate Discovery and assessment, Data Migration Assistant, and Azure Database Migration Service to assess and migrate on-prem servers, SQL databases, web apps, and virtual desktops to Azure.

Set up the Azure Migrate service, deploy the migrate appliance on a Windows Server 2016 VM, join the domain, and discover and assess on-prem workloads.

Discover how to deploy the Azure Migrate appliance, connect to an Azure Migrate project, and discover and assess on-premises workloads for Azure VM and SQL Server.

Learn how the Azure Migrate discovery and assessment identify migration readiness for web servers and apps, then set up replication appliance and migration tools for Azure Web App migration.