AZ-400 Study Guide - Designing And Implementing Microsoft DevOps Solutions

If you are preparing for AZ-400 Microsoft DevOps Solutions study guide, this study materials helps you to take the exam confidently.

I have prepared the couple of online resources from Microsoft Docs site based on the AZ-400 objectives and it covers all the topics for the exam.

Develop an Instrumentation Strategy (5-10%)

Design and implement logging

• assess and Configure a log framework

  • Overview of Azure platform logs

• design a log aggregation and storage strategy (e.g. Azure storage)

  • Design and Implement an Azure Storage Strategy

• design a log aggregation using Azure Monitor

  • Designing your Azure Monitor Logs deployment

• manage access control to logs (workspace-centric/resource-centric)

  • Manage access to log data and workspaces in Azure Monitor
  • Adding Users to Azure Log Analytics via the Azure Portal

• integrate crash analytics (App Center Crashes, Crashlytics)

  • Analytics
  • Enabling Diagnostics in an App
  • App Center SDK

Design and implement telemetry

• design and implement distributed tracing

  • What is Distributed Tracing?

• inspect application performance indicators

  • Monitor performance in web applications
  • Monitor Azure App Service performance

• inspect infrastructure performance indicators

  • Supported metrics with Azure Monitor

• define and measure key metrics (CPU, memory, disk, network)

  • https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-performance

• implement alerts on key metrics (email, SMS, webhooks, Teams/Slack)

  • Call a webhook with a classic metric alert in Azure Monitor

• integrate user analytics (e.g. Application Insights funnels, Visual Studio App Center, TestFlight, Google Analytics)

  • Create your funnel
  • Analytics
  • Publish an iOS package to TestFlight (Internal Testers)

Integrate logging and monitoring solutions

• configure and integrate container monitoring (Azure Monitor, Prometheus, etc.)

  • Configure scraping of Prometheus metrics with Azure Monitor for containers

• configure and integrate with monitoring tools (Azure Monitor Application Insights, Dynatrace, New Relic, Naggios, Zabbix)

  • Quickstart: Start monitoring your website with Azure Monitor Application Insights
  • Introduction to Azure monitoring integrations

• create feedback loop from platform monitoring tools (e.g. Azure Diagnostics VM extensions, Azure Platform Logs, Event Grid)

  • Capture feedback and monitoring data to continuously improve your software

• manage Access control to the monitoring platform

  • Manage access to log data and workspaces in Azure Monitor
  • Roles, permissions, and security in Azure Monitor

Develop a Site Reliability Engineering (SRE) strategy (5-10%)

Develop an actionable alerting strategy

• identify and recommend metrics on which to base alerts

  • Overview of alerts in Microsoft Azure

• implement alerts using appropriate metrics

  • Understand how metric alerts work in Azure Monitor
  • Create, view, and manage metric alerts using Azure Monitor

• implement alerts based on appropriate log messages

  • Log alerts in Azure Monitor
  • Create, view, and manage log alerts using Azure Monitor

• implement alerts based on application health checks

  • Create activity log alerts on service notifications using the Azure portal

• analyze combinations of metrics

  • Create and manage action groups in the Azure portal

• develop communication mechanism to notify users of degraded systems

  • Get notified when Azure service incidents impact your resources

• implement alerts for self-healing activities (e.g. scaling, failovers)

  • Design for self healing
  • New features for Azure Alerts and Autoscale

Design a failure prediction strategy

• analyze behavior of system with regards to load and failure conditions

  • Failure mode analysis for Azure applications

• calculate when a system will fail under various conditions

  • Azure AI guide for predictive maintenance solutions

• measure baseline metrics for system

  • Identity baseline metrics, indicators, and risk tolerance

• recommend the appropriate tools for a failure prediction strategy

  • Solution architecture: Defect prevention with predictive maintenance
  • Predictive maintenance

Design and implement a health check

• analyze system dependencies to determine which dependency should be included in health check

  • View a map from a VM

• calculate healthy response timeouts based on SLO for the service

  • Best practices for monitoring cloud applications

• design approach for partial health situations

  • Health Endpoint Monitoring pattern

• integrate health check with compute environment

  • Resource Health overview

• implement different types of health checks (liveness, startup, shutdown)

  • Service Health overview
  • Best practices for setting up Azure Service Health alerts

Develop a security and compliance plan (10-15%)

Design an authentication and authorization strategy

• design an access solution (Azure AD Privileged Identity Management (PIM), Azure AD Conditional Access, MFA)

  • What is Azure AD Privileged Identity Management?
  • What is Conditional Access?
  • How it works: Azure Multi-Factor Authentication

• organize the team using Azure AD groups

  • Create a basic group and add members using Azure Active Directory

• implement Service Principals and Managed Identity

  • View the service principal of a managed identity in the Azure portal

• configure service connections

  • Connect to Microsoft Azure

Design a sensitive information management strategy

• evaluate and configure vault solution (Azure Key Vault, Hashicorp Vault)

  • About Azure Key Vault
  • HashiCorp Vault on Azure

• generate security certificates

  • Creating your first Key Vault certificate

• design a secrets storage and retrieval strategy

  • Creating and Managing Key Vaults

• formulate a plan for deploying secret files as part of a release

  • Azure Key Vault task

Develop security and compliance

• automate dependencies scanning for security (container scanning, OWASP)

  • Security Center’s integrated vulnerability assessment solution for Azure virtual machines
  • Design secure applications on Azure

• automate dependencies scanning for compliance (licenses: MIT, GPL)

  • Managing Open-source security and license with WhiteSource

• assess and report risks

  • Microsoft security guidance
  • Governance, risk, and compliance

• design a source code compliance solution (e.g. GitHub security, pipeline-based scans, Githooks, SonarQube)

  • Managing technical debt with SonarQube and Azure DevOps
  • Azure Security Center

Design governance enforcement mechanisms

• implement Azure policies to enforce organizational requirements

  • Tutorial: Create and manage policies to enforce compliance

• implement container scanning (e.g. static scanning, malware, crypto mining)

  • Azure Container Registry image scanning by Security Center
  • How Azure Security Center detects a Bitcoin mining attack

• design and implement Azure Container Registry Tasks (eg. Azure Policy)

  • Automate container image builds and maintenance with ACR Tasks

• design break-the-glass strategy for responding to security incidents

  • Azure Identity Management and access control security best practices

Manage source control (10-15%)

Develop a modern source control strategy

• integrate/migrate disparate source control systems (e.g. GitHub, Azure Repos)

  • Plan your migration to Git

• design authentication strategies

  • Authentication overview

• design approach for managing large binary files (e.g. Git LFS)

  • Use Git Large File Storage (LFS)

• design approach for cross repository sharing (e.g. Git sub-modules, packages)

  • Checkout submodules

• implement workflow hooks

  • Create a service hook for Azure DevOps Services and TFS with Jenkins

Plan and implement branching strategies for the source code

• define Pull Requests (PR) guidelines to enforce work item correlation

  • Review code with pull requests

• implement branch merging restrictions (e.g. branch policies, branch protections, manual,etc.)

  • Improve code quality with branch policies

• define branch strategy (e.g. trunk based, feature branch, release branch, GitHub flow)

  • Adopt a Git branching strategy

• design and implement a PR workflow (code reviews, approvals)

  • Customize and extend pull request workflows with pull request status

• enforce static code analysis for code-quality consistency on PR

  • Driving continuous quality of your code with SonarCloud

Configure repositories

• configure permissions in the source control repository

  • Set branch permissions

• organize the repository with git-tags

  • Working with Git tags

• plan for handling oversized repositories

  • Git limits

• plan for content recovery in all repository states

  • Restore a project

• purge data from source control

  • Destroy Version Controlled Files

Integrate source control with tools

• integrate GitHub with DevOps pipelines

  • Integrate Your GitHub Projects With Azure Pipelines

• integrate GitHub with identity management solutions (Azure AD)

  • Connecting your identity provider to your organization

• design for GitOps

  • GitOps for Azure Rendering

• design for ChatOps

  • How ChatOps Can Help You DevOps Better

• integrate source control artifacts for human consumption (e.g. Git changelog)

  • Auto-generating release notes in Azure DevOps pipelines

Facilitate communication and collaboration (10-15%)

Communicate deployment and release information with business stakeholders

• create dashboards combining boards, pipelines (custom dashboards on Azure DevOps)

  • About dashboards, charts, reports, & widgets

• design a cost management communication strategy

  • Cost Management discipline overview

• integrate release pipeline with work item tracking (e.g. AZ DevOps, Jira)

  • How to retrieve all work items associated with a release pipeline using Azure DevOps API

• integrate GitHub as repository with Azure Boards

  • GitHub integration with Azure Boards

• communicate user analytics

  • Use Azure Application Insights to understand how customers are using your application

Generate DevOps process documentation

• design onboarding process for new employees

  • Onboarding Azure DevOps

• assess and document external dependencies (e.g. integrations, packages)

  • Plan and track dependencies using the Dependency Tracker

• assess and document artifacts (version, release notes)

  • Deep dive into Azure Artifacts

Automate communication with team members

• integrate monitoring tools with communication platforms (e.g. Teams, Slack, dashboards)

  • Create a service hook for Azure DevOps with Microsoft Teams
  • Create a service hook for Azure DevOps with Slack

• notify stakeholders about key metrics, alerts, severity using communication platforms(e.g. Email, SMS, Slack, Teams)

  • Best practices for using push notifications, SMS and email in your mobile app
  • Create a service hook for Azure DevOps with Microsoft Teams

• integrate build and release with communication platforms (e.g. build fails, release fails)

  • Azure Pipelines with Slack

Define and implement continuous integration (20-25%)

Design build automation

• integrate the build pipeline with external tools (e.g., Dependency and security scanning, Code coverage)

  • Publish Code Coverage Results task
  • Scan open source components for vulnerabilities and license ratings in Azure Pipelines

• implement quality gates (e.g. code coverage, internationalization, peer review)

  • Code coverage for pull requests
  • Release deployment control using gates

• design a testing strategy (e.g. integration, load, fuzz, API, chaos)

  • Run URL-based load tests with Azure DevOps
  • Test Management

• integrate multiple tools (e.g. GitHub Actions, Azure Pipeline, Jenkins)

  • Configuring a CD pipeline for your Jenkins CI
  • Use GitHub Actions to trigger a run in Azure Pipelines

Design a package management strategy

• recommend package management tools (e.g. GitHub Packages, Azure Artifacts, Azure Automation Runbooks Gallery, Nuget, Jfrog, Artifactory)

  • JFrog - Package Management
  • Package Management with Azure Artifacts

• design an Azure Artifacts implementation including linked feeds

  • What are feeds?

• design versioning strategy for code assets (e.g. SemVer, date based)

  • Build Versioning in Azure DevOps Pipelines

• plan for assessing and updating and reporting package dependencies (GitHub Automated Security Updates, NuKeeper, GreenKeeper)

  • Configuring GitHub Dependabot security updates
  • NuKeeper AzureDevops Extension

• design a versioning strategy for packages (e.g. SemVer, date based)

  • Perfecting Continuous Delivery of NuGet packages for Azure Artifacts
  • Versioning NuGet packages in a continuous delivery world: part 1

• design a versioning strategy for deployment artifacts

  • Release pipelines

Design an application infrastructure management strategy

• assess a configuration management mechanism for application infrastructure

  • Simplify the management of application configurations with Azure App Configuration

• define and enforce desired state configuration for environments

  • The what, why and how of Azure Automation Desired State Configuration (DSC)

Implement a build strategy

• design and implement build agent infrastructure (include cost, tool selection, licenses, maintainability)

  • Host your own build agent in Azure Pipelines

• develop and implement build trigger rules

  • Trigger one pipeline after another

• develop build pipelines

  • Create your first pipeline

• design build orchestration (products that are composed of multiple builds)

  • Create a multi-platform pipeline

• integrate configuration into build process

  • Integrate with a CI/CD pipeline

• develop complex build scenarios (e.g. containerized agents, hybrid, GPU)

  • Enabling DevOps in A Hybrid Cloud Environment at DoD

Maintain build strategy

• monitor pipeline health (failure rate, duration, flaky tests)

  • Test failures report
  • Manage flaky tests

• optimize build (cost, time, performance, reliability)

  • Pipeline caching
  • Caching and faster artifacts in Azure Pipelines

• analyze CI load to determine build agent configuration and capacity

  • Review logs to diagnose pipeline issues

• manage pipeline health

  • Pipeline reports

• identify the number of agents and jobs to run in parallel

  • Determine how many parallel jobs you need

• investigate test failures

  • Test Failures

Design a process for standardizing builds across organization

• manage self-hosted build agents (VM templates, containerization, etc.)

  • Self-hosted Windows agents

• create reuseable build subsystems (YAML templates, Task Groups, Variable Groups, etc.)

  • Task groups for builds and releases

Define and implement a continuous delivery and release management strategy (10-15%)

Develop deployment scripts and templates

• recommend a deployment solution (e.g. GitHub Actions, Azure Pipelines, Jenkins, CircleCI, etc.)

  • Continuous Integration: CircleCI vs Travis CI vs Jenkins vs Alternatives

• design and implement Infrastructure as code (ARM, Terraform, PowerShell, CLI)

  • What is Infrastructure as Code?
  • Terraform with Azure
  • Infrastructure as code

• develop application deployment process (container, binary, scripts)

  • Deploy applications with Azure DevOps

• develop database deployment process (migrations, data movement, ETL)

  • Azure SQL database deployment

• integrate configuration management as part of the release process

  • Automating infrastructure deployments in the Cloud with Terraform and Azure Pipelines

• develop complex deployments (IoT, Azure IoT Edge, mobile, App Center, DR, multi- region, CDN, sovereign cloud, Azure Stack, etc.)

  • Deploy IoT Edge modules at scale using the Azure portal
  • New enhancements for Azure IoT Edge automatic deployments

Implement an orchestration automation solution

• combine release targets depending on release deliverable (e.g., Infrastructure, code, assets, etc.)

  • Integrating Infrastructure as Code into a Continuous Delivery Pipeline

• design the release pipeline to ensure reliable order of dependency deployments

  • Add stages, dependencies, & conditions

• organize shared release configurations and process (YAML templates, variable groups)

  • Provision deployment groups

• design and implement release gates and approval processes

  • Controlling Deployments using Release Gates

Plan the deployment environment strategy

• design a release strategy (blue/green, canary, ring)

  • What is Continuous Delivery?

• implement the release strategy (using deployment slots, load balancer configurations, Azure Traffic Manager, feature toggle, etc.)

  • Considerations on using Deployment Slots in your DevOps Pipeline

• select the appropriate desired state solution for a deployment environment (PowerShell DSC, Chef, Puppet, etc.)

  • Use infrastructure automation tools with virtual machines in Azure

• plan for minimizing downtime during deployments (VIP Swap, Load balancer, rolling deployments, etc.)

  • Deploying to Azure VM using Deployment Groups
  • Swap Deployment

• design a hotfix path plan for responding to high priority code fixes

  • Releasing Hotfixes

I hope you enjoyed all the Microsoft Docs for AZ-400 Study Guide. I recommend you to take practice tests before appearing for official exam, so that you will be confident in the actual exam.

Happy blogging!