Azure Support Engineer Certification Exam Study Guide

The Azure Support Engineer Certification (or AZ-720 exam) is a new certification to be released by Microsoft. It is designed for individuals who are supporting the Microsoft Azure infrastructure on a daily basis. Or those who wish to become certified or employed as Azure Support Engineers.

In this Azure Support Engineer Certification Study Guide we will dive into information we know about the certification, what it takes to become a certified Azure Support Engineer and my study tips and tricks to pass the exam.

Azure Support Engineer Certification target audience

Candidates for the Azure Support Engineer for Connectivity Specialty certification are support
engineers with subject matter expertise in using advanced troubleshooting methods to resolve
networking and connectivity issues in Azure.

Professionals in this role troubleshoot hybrid environments, including issues with Azure Virtual
Machines, virtual networks, and connectivity between on-premises and Azure services. They use
various tools and technologies to diagnose and identify root causes for complex issues.

Candidates for this exam should have experience with networking and with hybrid
environments, including knowledge of routing, permissions, and account limits. They must be
able to use available tools to diagnose issues related to business continuity, hybrid
environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control,
networking, and virtual machines connectivity

What we know about the Azure Support Engineer Role

In January 2022 we know that Microsoft were in the blueprinting stage for the Azure Support Engineer role. This means they were surveying to gather information that will help them deliver the exam content to you. If you wish to get involved you can complete the exam survey here:

I have detailed all the technical information, based on the published skills outline here, in my study guide below and provided the related study material from the Microsoft docs. 

The AZ-720 beta exam will be available at an 80% discount at the end of march. This is only for the first 300 users and it is first come, first serve. For more methods on taking your exam at a heavy discount or for free check out:

AZ-720 Learning Path

Azure Support Engineer Microsoft Docs Study Guide

Troubleshoot business continuity issues (5–10%)

Troubleshoot backup issues

  • review and interpret backup logs

  • troubleshoot Azure virtual machines backup issues including restarting a failed backup job

  • troubleshoot issues with Azure Backup agents

  • troubleshoot Azure Backup Server issues

  • troubleshoot scheduled backups

Troubleshoot recovery issues

  • troubleshoot Azure Site Recovery issues

  • troubleshoot site recovery in hybrid scenarios that include Hyper-V, VMware ESX, or System Center Configuration Manager

  • troubleshoot restore issues when using Azure Backup Agent, Azure backup, or Azure Backup Server

  • troubleshoot issues recovering files from an Azure virtual machine backup

Troubleshoot hybrid and cloud connectivity issues (20–25%)

Troubleshoot virtual network (VNet) connectivity

  • troubleshoot virtual private network (VPN) gateway transit issues

  • troubleshoot hub-and-spoke VNet configuration issues

  • troubleshoot global VNet peering connectivity issues

  • troubleshoot peered connections

Troubleshoot name resolution issues

  • troubleshoot name resolution for scenarios that use Azure-provided name resolution

  • troubleshoot name resolution for scenarios that use custom DNS servers

  • review and interpret DNS audit logs

  • troubleshoot name resolution for Azure private DNS zones

  • troubleshoot issues with DNS records at public DNS providers

  • troubleshoot domain delegation issues

Troubleshoot point-to-site virtual private network (VPN) connectivity

  • troubleshoot Windows VPN client configuration issues

  • troubleshoot OpenVPN VPN client configuration issues
  • troubleshoot macOS VPN client configuration issues

  • troubleshoot issues with certificate-based VPN connections

  • troubleshoot issues with RADIUS-based VPN connections

  • troubleshoot Azure Active Directory (Azure AD) authentication issues

Troubleshoot site-to-site virtual private network connectivity

  • review and interpret network logs and captured network traffic from a VPN gateway

  • determine the root cause for latency issues within site-to-site VPNs

  • review and interpret gateway configuration scripts

  • reset a VPN gateway,VPN%20gateway%20is%20rebooted%20immediately.

  • troubleshoot gateway issues by running Log Analytics queries

Troubleshoot Azure ExpressRoute connectivity issues

  • determine whether routes are live and correctly configured

  • validate the peering configuration for an ExpressRoute circuit

  • reset an ExpressRoute circuit

  • troubleshoot route filtering

  • troubleshoot custom-defined routes

  • determine the root cause for latency issues related to ExpressRoute

Troubleshoot Platform as a Service issues (5–10%)

Troubleshoot PaaS services

  • troubleshoot issues connecting to a PaaS

  • troubleshoot firewalls for PaaS services

  • troubleshoot PaaS configuration issues

  • determine the root cause for service-level throttling

Troubleshoot PaaS integration issues

  • troubleshoot issues integrating PaaS services with virtual networks

  • troubleshoot subnet delegation issues

  • troubleshoot issues with private endpoints and service endpoints

  • troubleshoot issues with Azure Private Link

Troubleshoot authentication and access control issues (15–20%)

Troubleshoot Azure AD authentication

  • determine why on-premises systems cannot connect to Azure resources

  • troubleshoot Azure AD configuration issues
  • troubleshoot self-service password reset issues

  • troubleshoot issues with multifactor authentication

Troubleshoot hybrid authentication

  • troubleshoot Azure AD Connect synchronization issues

  • troubleshoot Azure AD to Active Directory Domain Services (Azure AD DS) integration issues

  • troubleshoot connectivity issues between Azure AD and Active Directory Federation Services (AD FS)

  • troubleshoot issues with pass-through authentication and password hash synchronization

  • troubleshoot Azure AD Application Proxy connectivity issues

Troubleshoot authorization issues

  • troubleshoot role-based access control (RBAC) issues

  • troubleshoot issues storing encrypted passwords in Azure Key Vault

  • troubleshoot sign-in issues related to Azure AD Conditional Access policies

Troubleshoot networks (25–30%)

Troubleshoot Azure network security issues

  • determine why Azure Web Application Firewall is blocking traffic

  • troubleshoot encryption and certificate issues for point-to-site and site-to-site scenarios

  • troubleshoot connectivity to secure endpoints

Troubleshoot Azure network security groups (NSGs)

  • troubleshoot NSG configuration issues

  • review and interpret NSG flow logs

  • determine whether a VM or a group of VMs is associated with an application security group (ASG)

Troubleshoot Azure Firewall issues

  • troubleshoot application, network, and infrastructure rules

  • troubleshoot network address translation (NAT) and distributed network address translation (DNAT) rules

  • troubleshoot Azure Firewall Manager configuration issues

Troubleshoot latency issues

  • determine the root cause for VM-level throttling

  • determine the root cause for latency issues when connecting to Azure virtual machines

  • determine the root cause for throttling between source and destination resources

  • troubleshoot bandwidth availability issues

  • determine whether resource response times meet service-level agreements (SLAs)

Troubleshoot routing and traffic control

  • review and interpret route tables

  • troubleshoot asymmetric routing

  • troubleshoot issues with user-defined routes

  • troubleshoot issues related to forced tunneling

  • troubleshoot Border Gateway Protocol (BGP) issues

  • troubleshoot virtual network peering, transitive routing, and service chaining

  • troubleshoot routing configuration issues in Azure

Troubleshoot load-balancing issues

  • determine whether VMs in a load-balanced cluster are healthy

  • troubleshoot issues with Azure Load Balancer

  • review and interpret load balancer rules

  • troubleshoot traffic distribution issues

  • evaluate the configuration of Azure Traffic Manager

  • troubleshoot issues with Azure Traffic Manager profiles

  • troubleshoot port exhaustion issues

  • troubleshoot issues with Azure Front Door

  • troubleshoot issues with Azure Application Gateway

Troubleshoot VM connectivity issues (5–10%)

Troubleshoot Azure Bastion

  • troubleshoot issues deploying Azure Bastion

  • troubleshoot connectivity issues

  • troubleshoot authorization issues

Troubleshoot just-in-time (JIT) VM access

  • validate connectivity with a VM

  • troubleshoot Microsoft Defender for Cloud configuration issues

  • determine which resources are authorized to use JIT VM access

Great Additional Study Resources

If you are looking for further resources to aid with your Azure training I recommend you take a look at our post: Complete Azure Training and Online Learning Guide, where we have listed out favourite free and paid training content.


Thank you for taking the time to read my post. I hope you are as excited as we are about the upcoming Azure Support Engineer Certification. We will be updating this page as soon as we have more information on the new role!

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

Leave a Reply