The Azure Support Engineer Certification (or AZ-720 exam) is a new certification to be released by Microsoft. It is designed for individuals who are supporting the Microsoft Azure infrastructure on a daily basis. Or those who wish to become certified or employed as Azure Support Engineers.
In this Azure Support Engineer Certification Study Guide we will dive into information we know about the certification, what it takes to become a certified Azure Support Engineer and my study tips and tricks to pass the exam.
Azure Support Engineer Certification target audience
Candidates for the Azure Support Engineer for Connectivity Specialty certification are support
engineers with subject matter expertise in using advanced troubleshooting methods to resolve
networking and connectivity issues in Azure.
Professionals in this role troubleshoot hybrid environments, including issues with Azure Virtual
Machines, virtual networks, and connectivity between on-premises and Azure services. They use
various tools and technologies to diagnose and identify root causes for complex issues.
Candidates for this exam should have experience with networking and with hybrid
environments, including knowledge of routing, permissions, and account limits. They must be
able to use available tools to diagnose issues related to business continuity, hybrid
environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control,
networking, and virtual machines connectivity
What we know about the Azure Support Engineer Role
In January 2022 we know that Microsoft were in the blueprinting stage for the Azure Support Engineer role. This means they were surveying to gather information that will help them deliver the exam content to you. If you wish to get involved you can complete the exam survey here: https://microsoftlearning.co1.qualtrics.com/jfe/form/SV_2se6nCXpLAC0DKS.
I have detailed all the technical information, based on the published skills outline here, in my study guide below and provided the related study material from the Microsoft docs.
The AZ-720 beta exam will be available at an 80% discount at the end of march. This is only for the first 300 users and it is first come, first serve. For more methods on taking your exam at a heavy discount or for free check out: https://ourcloudnetwork.com/how-to-get-free-microsoft-exam-certifications/.
AZ-720 Learning Path
Microsoft Learn AZ-720 collection:
https://docs.microsoft.com/en-us/users/danielbradley-7505/collections/d1z7c5qwqzo717
Azure Support Engineer Microsoft Docs Study Guide
Troubleshoot business continuity issues (5–10%)
Troubleshoot backup issues
- review and interpret backup logs
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-troubleshoot
- troubleshoot Azure virtual machines backup issues including restarting a failed backup job
https://docs.microsoft.com/en-us/azure/backup/backup-azure-mars-troubleshoot
- troubleshoot issues with Azure Backup agents
https://docs.microsoft.com/en-us/azure/backup/backup-azure-mars-troubleshoot
- troubleshoot Azure Backup Server issues
https://docs.microsoft.com/en-us/azure/backup/backup-azure-mabs-troubleshoot
- troubleshoot scheduled backups
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-troubleshoot
Troubleshoot recovery issues
- troubleshoot Azure Site Recovery issues
- troubleshoot site recovery in hybrid scenarios that include Hyper-V, VMware ESX, or System Center Configuration Manager
https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-troubleshoot-replication
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-troubleshoot
- troubleshoot restore issues when using Azure Backup Agent, Azure backup, or Azure Backup Server
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vm-file-recovery-troubleshoot
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-troubleshoot#restore
- troubleshoot issues recovering files from an Azure virtual machine backup
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vm-file-recovery-troubleshoot
Troubleshoot hybrid and cloud connectivity issues (20–25%)
Troubleshoot virtual network (VNet) connectivity
- troubleshoot virtual private network (VPN) gateway transit issues
- troubleshoot hub-and-spoke VNet configuration issues
https://docs.microsoft.com/en-us/azure/network-watcher/diagnose-vm-network-routing-problem
- troubleshoot global VNet peering connectivity issues
- troubleshoot peered connections
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-peering-issues
Troubleshoot name resolution issues
- troubleshoot name resolution for scenarios that use Azure-provided name resolution
https://docs.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network
- troubleshoot name resolution for scenarios that use custom DNS servers
https://docs.microsoft.com/en-us/windows-server/networking/dns/troubleshoot/troubleshoot-dns-server
- review and interpret DNS audit logs
https://docs.microsoft.com/en-us/azure/dns/dns-alerts-metrics
- troubleshoot name resolution for Azure private DNS zones
https://docs.microsoft.com/en-us/azure/private-link/troubleshoot-private-endpoint-connectivity
- troubleshoot issues with DNS records at public DNS providers
https://www.pcwdld.com/nslookup-dns-records
- troubleshoot domain delegation issues
Troubleshoot point-to-site virtual private network (VPN) connectivity
- troubleshoot Windows VPN client configuration issues
- troubleshoot OpenVPN VPN client configuration issues
- troubleshoot macOS VPN client configuration issues
https://softwaretested.com/mac/mac-getting-vpn-server-didnt-respond-error/
- troubleshoot issues with certificate-based VPN connections
- troubleshoot issues with RADIUS-based VPN connections
- troubleshoot Azure Active Directory (Azure AD) authentication issues
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity
Troubleshoot site-to-site virtual private network connectivity
- review and interpret network logs and captured network traffic from a VPN gateway
https://docs.microsoft.com/en-us/azure/vpn-gateway/troubleshoot-vpn-with-azure-diagnostics
- determine the root cause for latency issues within site-to-site VPNs
- review and interpret gateway configuration scripts
https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-powershell
https://docs.microsoft.com/en-us/azure/vpn-gateway/create-routebased-vpn-gateway-cli
- reset a VPN gateway
- troubleshoot gateway issues by running Log Analytics queries
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows-troubleshoot
Troubleshoot Azure ExpressRoute connectivity issues
- determine whether routes are live and correctly configured
- validate the peering configuration for an ExpressRoute circuit
- reset an ExpressRoute circuit
https://docs.microsoft.com/en-us/azure/expressroute/reset-circuit
- troubleshoot route filtering
https://docs.microsoft.com/en-us/azure/expressroute/how-to-routefilter-powershell
- troubleshoot custom-defined routes
https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-routing-problem
- determine the root cause for latency issues related to ExpressRoute
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-troubleshooting-network-performance
Troubleshoot Platform as a Service issues (5–10%)
Troubleshoot PaaS services
- troubleshoot issues connecting to a PaaS
https://docs.microsoft.com/en-us/azure/azure-sql/database/troubleshoot-common-errors-issues
- troubleshoot firewalls for PaaS services
https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud
- troubleshoot PaaS configuration issues
- determine the root cause for service-level throttling
Troubleshoot PaaS integration issues
- troubleshoot issues integrating PaaS services with virtual networks
https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration
- troubleshoot subnet delegation issues
https://docs.microsoft.com/en-us/azure/virtual-network/subnet-delegation-overview
- troubleshoot issues with private endpoints and service endpoints
https://docs.microsoft.com/en-us/azure/private-link/troubleshoot-private-endpoint-connectivity
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
- troubleshoot issues with Azure Private Link
https://docs.microsoft.com/en-us/azure/private-link/troubleshoot-private-link-connectivity
Troubleshoot authentication and access control issues (15–20%)
Troubleshoot Azure AD authentication
- determine why on-premises systems cannot connect to Azure resources
- troubleshoot Azure AD configuration issues
- troubleshoot self-service password reset issues
https://docs.microsoft.com/en-us/azure/active-directory/authentication/troubleshoot-sspr
- troubleshoot issues with multifactor authentication
https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/troubleshoot-azure-mfa-issue
Troubleshoot hybrid authentication
- troubleshoot Azure AD Connect synchronization issues
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-objectsync
- troubleshoot Azure AD to Active Directory Domain Services (Azure AD DS) integration issues
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/troubleshoot
- troubleshoot connectivity issues between Azure AD and Active Directory Federation Services (AD FS)
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/troubleshoot-ad-fs-issues
- troubleshoot issues with pass-through authentication and password hash synchronization
- troubleshoot Azure AD Application Proxy connectivity issues
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-troubleshoot
Troubleshoot authorization issues
- troubleshoot role-based access control (RBAC) issues
https://auth0.com/docs/troubleshoot/authentication-issues/troubleshoot-rbac-authorization
- troubleshoot issues storing encrypted passwords in Azure Key Vault
https://docs.microsoft.com/en-us/azure/key-vault/general/troubleshooting-access-issues
- troubleshoot sign-in issues related to Azure AD Conditional Access policies
Troubleshoot networks (25–30%)
Troubleshoot Azure network security issues
- determine why Azure Web Application Firewall is blocking traffic
- troubleshoot encryption and certificate issues for point-to-site and site-to-site scenarios
- troubleshoot connectivity to secure endpoints
Troubleshoot Azure network security groups (NSGs)
- troubleshoot NSG configuration issues
https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-traffic-filter-problem
- review and interpret NSG flow logs
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-read-nsg-flow-logs
- determine whether a VM or a group of VMs is associated with an application security group (ASG)
https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups
Troubleshoot Azure Firewall issues
- troubleshoot application, network, and infrastructure rules
https://docs.microsoft.com/en-us/azure/firewall/firewall-diagnostics
- troubleshoot network address translation (NAT) and distributed network address translation (DNAT) rules
https://docs.microsoft.com/en-us/azure/firewall/firewall-workbook
- troubleshoot Azure Firewall Manager configuration issues
https://docs.microsoft.com/en-us/azure/firewall-manager/deployment-overview
Troubleshoot latency issues
- determine the root cause for VM-level throttling
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-bandwidth-testing
- determine the root cause for latency issues when connecting to Azure virtual machines
https://docs.microsoft.com/en-us/azure/virtual-network/troubleshoot-vm-connectivity
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-test-latency
- determine the root cause for throttling between source and destination resources
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-machine-network-throughput
- troubleshoot bandwidth availability issues
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-portal
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-troubleshooting-network-performance
- determine whether resource response times meet service-level agreements (SLAs)
Troubleshoot routing and traffic control
- review and interpret route tables
https://docs.microsoft.com/en-us/azure/virtual-network/manage-route-table
https://docs.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network
- troubleshoot asymmetric routing
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-asymmetric-routing
- troubleshoot issues with user-defined routes
https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-routing-problem
- troubleshoot issues related to forced tunneling
https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-routing-problem
- troubleshoot Border Gateway Protocol (BGP) issues
- troubleshoot virtual network peering, transitive routing, and service chaining
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-peering-issues
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-configure-vnet-connections
- troubleshoot routing configuration issues in Azure
https://docs.microsoft.com/en-us/azure/virtual-network/diagnose-network-routing-problem
Troubleshoot load-balancing issues
- determine whether VMs in a load-balanced cluster are healthy
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview
- troubleshoot issues with Azure Load Balancer
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-troubleshoot
- review and interpret load balancer rules
https://docs.microsoft.com/en-us/azure/load-balancer/manage-rules-how-to
- troubleshoot traffic distribution issues
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-troubleshoot-backend-traffic
- evaluate the configuration of Azure Traffic Manager
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-testing-settings
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-diagnostic-logs
- troubleshoot issues with Azure Traffic Manager profiles
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-troubleshooting-degraded
- troubleshoot port exhaustion issues
https://docs.microsoft.com/en-us/windows/client-management/troubleshoot-tcpip-port-exhaust
- troubleshoot issues with Azure Front Door
https://docs.microsoft.com/en-us/azure/frontdoor/troubleshoot-issues
- troubleshoot issues with Azure Application Gateway
https://docs.microsoft.com/en-us/azure/application-gateway/log-analytics
Troubleshoot VM connectivity issues (5–10%)
Troubleshoot Azure Bastion
- troubleshoot issues deploying Azure Bastion
https://docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal
https://docs.microsoft.com/en-us/azure/bastion/troubleshoot
- troubleshoot connectivity issues
https://docs.microsoft.com/en-us/azure/bastion/troubleshoot
- troubleshoot authorization issues
https://docs.microsoft.com/en-us/azure/bastion/troubleshoot
Troubleshoot just-in-time (JIT) VM access
- validate connectivity with a VM
- troubleshoot Microsoft Defender for Cloud configuration issues
- determine which resources are authorized to use JIT VM access
https://docs.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-overview
Great Additional Study Resources
If you are looking for further resources to aid with your Azure training I recommend you take a look at our post: Complete Azure Training and Online Learning Guide, where we have listed out favourite free and paid training content.
Summary
Thank you for taking the time to read my post. I hope you are as excited as we are about the upcoming Azure Support Engineer Certification. We will be updating this page as soon as we have more information on the new role!