Preparing for Exam AZ-103: Microsoft Azure Administrator

Exam info

Resources:

Microsoft Azure Administrator Tracking Document Thomas Thornton’s Microsoft Azure Exam AZ-103 Study Notes Sysadmin-central Study Notes Microsoft Azure Administrator (AZ-103) Pluralsight training skylines academy AZ-103 course

Skills measured:

Manage Azure subscriptions and resources
- Manage Azure subscriptions
  - assign administrator permissions > Add or change Azure subscription administrators :
    - Portal:
      1. In Azure portal open Subscriptions and select subscription
      2. Click Access Control (IAM)
      3. Click Add > Add Role Assignment
      4. Select Owner role
      5. In Select select user or search by name or email
    - CLI:
      1. Set default subscription to work with: az account set -s <subscription Id>
      2. Create role assignment: az role assignment create --assignee <user>@<custom domain> --role owner --scope /subscriptions/<subscription Id>
  - configure cost center quotas and tagging > Azure subscription and service limits, quotas, and constraints
    - Quotas
      - Quotas are generally defined per-subscription unless managed by Azure Resource Groups, in which case they are managed per-region
      - Quota increases can be requested via support request, provided they don’t exceed the Maximum Limit and the subscription is not a Free Trial Subscription
      - To view quotas: Select Subscription > Usage + Quotas
      Quotas for resources in Azure resource groups are per-region accessible by your subscription, not per-subscription as the service management quotas are
    - Tags
      - consist of name/value pairs and are applied to Azure resources to logically organize them
      - Tags can retrieve resources with the given name and value across resource groups (within a subscription)
      - Resource can have maximum of 15 tags and not all resources support tags
      - A JSON string can be used to assign more than 15 values
      - Tags applied to resource group are not inherited by resources in that group
      - Azure Policy can be used to enforce tagging rules and conventions and can automatically apply tags during deployment
      - Used in Cost Management by filtering resources by tag in Subscription > Cost analysis view, e.g. if resources are tagger with a project number you can view the costs for that project
      - Create Policy:
        
        Powershell:
        
        $definition = New-AzPolicyDefinition -Name "apply-default-tag-value" -DisplayName "Apply tag and its default value learn" -description "Applies a required tag a nd its default value if it is not specified by the user." -Policy 'https://raw.githubusercontent.com/Azure/azure-policy/master/samples/built-in-policy/apply-default-tag-value/azurepolicy.rules.json' -Parameter 'https://raw.githubusercontent.com/Azure/azure-policy/master/samples/built-in-policy/apply-default-tag-value/azurepolicy.parameters.json' -Mode All $assignment = New-AzPolicyAssignment -Name "aztagpolicyassign" -Scope "/subscriptions/f57fa698-4903-468c-b000-9f935e4de44a" -tagName "billingCode" -tagValue "az 103-111" -PolicyDefinition $definition
        
        Bash:
        
        az policy definition create --name 'apply-default-tag-value' --display-name 'Apply tag and its default value learn' --description 'Applies a required tag and its default value if it is not specified by the user.' --rules 'https://raw.githubusercontent.com/Azure/azure-policy/master/samples/built-in-policy/apply-default-tag-value/azurepolicy.rules.json' --params 'https://raw.githubusercontent.com/Azure/azure-policy/master/samples/built-in-policy/apply-default-tag-value/azurepolicy.parameters.json' --mode All az policy assignment create --name "aztagpolicyassign" --scope "/subscriptions/f57fa698-4903-468c-b000-9f935e4de44a" --policy 'apply-default-tag-value' --params '{"tagName": {"value": "billingcode"}, "tagValue": {"value": "az-103-222"}}' az policy assignment delete --name "aztagpolicyassign" az policy definition delete --name "apply-default-tag-value"
- Manage role based access control (RBAC)
  - create a custom role Create custom role:
    1. Create json file RBAC_Create_Custom_Role.json with:
      { "Name": "Network Resource Viewer", "IsCustom": true, "Description": "Allows reading Azure network resources", "Actions": [ "Microsoft.Network/*/read" ], "NotActions": [ ], "AssignableScopes": [ "/subscriptions/f57fa698-4903-468c-b000-9f935e4de44a" ] }
    2. Run cli command:
      az role definition create --role-definition RBAC_Create_Custom_Role.json
  - configure access to Azure resources by assigning roles > Manage access to Azure resources using RBAC and the Azure portal
  - configure management access to Azure, troubleshoot RBAC, implement RBAC policies, assign RBAC Roles
    - Troubleshoot RBAC for Azure resources
    - Classic subscription administrator roles, Azure RBAC roles, and Azure AD administrator roles
- Analyze resource utilization and consumption
  - Resources:
  - Alerts:
    - An alert consists of a target (Azure resource), signal (source of data - metric, event, notification) and logic (verify signal is within expected range e.g. %CPU < 75%)
  - Create baseline for resources
    - Baseline is all resources scripted (Powershell or cli) or as ARM templates
    - Resources are then updated by updating the scripts or templates and running the scripts or applying template, instead of updating manually in portal

Azure

Quotas

Tags

Resources:

Alerts:

Create baseline for resources

See also