Designing and Implementing Azure Networking Solutions AZ-700

Course Certification

This course helps you prepare to take the:
AZ-700 Designing and Implementing Microsoft Azure Networking Solutions ;

Course Outline

• Plan and implement network segmentation and address spaces
• Create a virtual network (VNet)
• Plan and configure subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, VNet-integrated platform services, and Azure Bastion
• Plan and configure subnet delegation
• Create a prefix for public IP addresses
• Choose when to use a public IP address prefix
• Plan and implement a custom public IP address prefix (bring your own IP)
• Create a new public IP address
• Associate public IP addresses to resources

• Design name resolution inside a VNet
• Configure DNS settings for a VNet
• Design public DNS zones
• Design private DNS zones
• Configure a public or private DNS zone
• Link a private DNS zone to a VNet
• Design and implement DNS private resolver

• Design service chaining, including gateway transit
• Design virtual private network (VPN) connectivity between VNets
• Implement VNet peering
• Design and implement user-defined routes (UDRs)
• Associate a route table with a subnet
• Configure forced tunneling
• Diagnose and resolve routing issues
• Design and implement Azure Route Server
• Identify appropriate use cases for a network address translation (NAT) gateway in the virtual network
• Implement a NAT gateway

• Configure monitoring, network diagnostics, and logs in Azure Network Watcher
• Monitor and repair network health by using Azure Network Watcher
• Activate and monitor distributed denial-of-service (DDoS) protection
• Activate and monitor Microsoft Defender for DNS

• Design a site-to-site VPN connection, including for high availability
• Select an appropriate VNet gateway stock-keeping unit (SKU) for site-to-site VPN requirements
• Implement a site-to-site VPN connection
• Identify when to use a policy-based VPN versus a route-based VPN connection
• Create and configure an IPsec/Internet Key Exchange (IKE) policy
• Diagnose and resolve virtual network gateway connectivity issues
• Implement Azure Extended Network

• Select an appropriate virtual network gateway SKU for point-to-site VPN requirements
• Select and configure a tunnel type
• Select an appropriate authentication method
• Configure RADIUS authentication
• Configure certificate-based authentication
• Configure authentication by using Microsoft Entra ID
• Implement a VPN client configuration file
• Diagnose and resolve client-side and authentication issues
• Specify Azure requirements for Always On authentication
• Specify Azure requirements for Azure Network Adapter

• Select an ExpressRoute connectivity model
• Select an appropriate ExpressRoute SKU and tier
• Design and implement ExpressRoute to meet requirements, including cross-region connectivity, redundancy, and disaster recovery
• Design and implement ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct
• Choose between private peering only, Microsoft peering only, or both
• Configure private peering
• Configure Microsoft peering
• Create and configure an ExpressRoute gateway
• Connect a virtual network to an ExpressRoute circuit
• Recommend a route advertisement configuration
• Configure encryption over ExpressRoute
• Implement Bidirectional Forwarding Detection
• Diagnose and resolve ExpressRoute connection issues

• Select a Virtual WAN SKU
• Design a Virtual WAN architecture, including selecting types and services
• Create a hub in Virtual WAN
• Choose an appropriate scale unit for each gateway type
• Deploy a gateway into a Virtual WAN hub
• Configure virtual hub routing
• Create a network virtual appliance (NVA) in a virtual hub
• Integrate a Virtual WAN hub with a third-party NVA

• Map requirements to features and capabilities of Azure Load Balancer
• Identify appropriate use cases for Azure Load Balancer
• Choose an Azure Load Balancer SKU and tier
• Choose between public and internal
• Choose between regional and global
• Create and configure an Azure Load Balancer
• Implement a load balancing rule
• Create and configure inbound NAT rules
• Create and configure explicit outbound rules, including source network address translation (SNAT)

• Map requirements to features and capabilities of Azure Application Gateway
• Identify appropriate use cases for Azure Application Gateway
• Choose between manual and autoscale
• Create a back-end pool
• Configure health probes
• Configure listeners
• Configure routing rules
• Configure HTTP settings
• Configure Transport Layer Security (TLS)
• Configure rewrite sets

• Map requirements to features and capabilities of Azure Front Door
• Identify appropriate use cases for Azure Front Door
• Choose an appropriate tier
• Configure an Azure Front Door, including routing, origins, and endpoints
• Configure SSL termination and end-to-end SSL encryption
• Configure caching
• Configure traffic acceleration
• Implement rules, URL rewrite, and URL redirect
• Secure an origin by using Azure Private Link in Azure Front Door

• Identify appropriate use cases for Azure Traffic Manager
• Configure a routing method
• Configure endpoints

• Plan private endpoints
• Create private endpoints
• Configure access to private endpoints
• Create a Private Link service
• Integrate Private Link and Private Endpoint with DNS
• Integrate a Private Link service with on-premises clients

• Choose when to use a service endpoint
• Create service endpoints
• Configure service endpoint policies
• Configure access to service endpoints

• Create a network security group (NSG)
• Associate a NSG to a resource
• Create an application security group (ASG)
• Associate an ASG to a network interface card (NIC)
• Create and configure NSG rules
• Interpret NSG flow logs
• Validate NSG flow rules
• Verify IP flow
• Configure an NSG for remote server administration, including Azure Bastion

• Map requirements to features and capabilities of Azure Firewall
• Select an appropriate Azure Firewall SKU
• Design an Azure Firewall deployment
• Create and implement an Azure Firewall deployment
• Configure Azure Firewall rules
• Create and implement Azure Firewall Manager policies
• Create a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub

• Map requirements to features and capabilities of WAF
• Design a WAF deployment
• Configure detection or prevention mode
• Configure rule sets for WAF on Azure Front Door
• Configure rule sets for WAF on Application Gateway
• Implement a WAF policy
• Associate a WAF policy

Course Mode

Instructor-Led Remote Live Classroom Training;

Trainers

Trainers are authorized Instructors in Microsoft and certified in other IT technologies, with years of hands-on experience in the industry and in Training.

Lab Topology

For all types of delivery, the participant can access the equipment and actual systems in our laboratories or directly in international data centers remotely, 24/7. Each participant has access to implement various configurations, Thus immediately applying the theory learned. Below are some scenarios drawn from laboratory activities.