Azure Certifications for the Infrastructure Specialists
There was a Reddit thread on /r/sysadmin a few days ago: What Azure skills/certs lean more towards server sysadmin than applications?
It’s easy to argue that you shouldn’t try to pigeonhole yourself into one path — coding is only going to get more intertwined with infrastructure, not less. Still, this got me wondering what the Sysadmin “path” through Azure would be like.
As of May 2021, there is one “obvious” path, and one major offshoot, and one specialty cert.
I’m a public sector IT Administrator, specializing in configuration management and mobility.
The Security Path: Security Engineer Associate
Microsoft’s AZ-500 is a typical “Step Two” for an Infrastructure specialty. The exam covers:
- Identity and Access (securing Azure AD access)
- Platform Protection (securing networks, apps and containers)
- Managing Security Operations (monitoring and security policies)
- Securing Data and Operations (storage, databases, key vault)
The AZ-104 gives a broader overview of security. The AZ-500 dives deeper into those topics.
After the AZ-500, a good “step three” is the Azure Solutions Architect Expert cert, which involves two exams:
Topics covered by AZ-500 are also covered in the Architect exams, although these last two involve some knowledge of development processes too.
Azure AD Specific: Identity and Access Administrator Associate
This exam doesn’t have an “AZ” number attached — the “SC” numbers are given to security role-based exams on the Microsoft Certification Poster.
But make no mistake: The SC-300 is all Azure Active Directory. It covers:
- Implementing an Identity Management Solution (Azure AD user/group management and hybrid identity)
- Implementing an Authentication and Access Management Solution
- Implementing Access Management For Apps
- Planning and Implementing an Identity Governance Strategy
The SC-300 is security-focused like the AZ-500, but specific to Azure AD. This could serve as a step between the AZ-104 and AZ-500, but it looks more likely to be something an IT pro takes in addition to the AZ-500, to show deeper understanding of security topics specific to Azure AD.
The Specialist Exam: Windows Virtual Desktop Specialty
Still in beta, and covering a relatively new Azure service offering, the AZ-140 covers Azure’s Windows Virtual Desktop.
- Plan a WVD Architecture (planning the setup)
- Implementing the WVD Infrastructure (networking, storage, host pools, session hosts, and managing images)
- Managing WVD Access and Security (RBAC, AAD policies and group policies, conditional access, MFA, Defender)
- Managing User Environments and Apps (FSLogix, Universal Print, user settings, RDP properties, MSIX App Attach, Managing Teams, browsers and OneDrive, etc)
- Monitoring and Maintaining a WVD Infrastructure (disaster recovery, automating WVD tasks, monitoring)
If you have experience with Windows Virtual Desktop already, this seems like a good idea to prove your expertise.
If you don’t, the process of labbing a WVD setup is not exactly clear, especially when it comes to potential charges.
I can usually lab anything I need between two things:
- A Cloud Guru’s Cloud Sandboxes, which doesn’t support Azure AD, and
- The Microsoft 365 Developer Program, which doesn’t offer Azure access, but DOES offer an Azure AD Premium P2 subscription.
And of course, creating new free accounts with Azure credit.
It’s worth investigating how much of a charge I would rack up test-labbing WVD though.