Are you preparing for the AZ-720 Azure Support Engineer for Connectivity Specialty certification? This study guide will share with you how to prepare and pass the AZ-720: Microsoft Certified Azure Support Engineer for Connectivity Specialty successfully (with links to exam objectives).
In This Article
Microsoft is keeping evolving its learning programs to help you and your career keep pace with today’s demanding IT environments. The new updated role-based certifications will help you to keep pace with today’s business requirements. Microsoft Learning is constantly evolving its learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities you’ve earned.
After the recent announcement of the new certification exam that focuses on networking with the AZ-700 Designing and Implementing Microsoft Azure Networking Solutions, Microsoft Learning announced a new specialty certification exam for troubleshooting Microsoft Azure Connectivity which expands the Azure training and certification portfolio.
AZ-720 Exam Prep
How do you prepare for AZ-720?
While preparing to take this exam myself, I would like to share with you how to prepare and pass the AZ-720: Troubleshooting Microsoft Azure Connectivity exam successfully. To prepare for this exam, I usually use a couple of online resources, mainly Microsoft Docs, Microsoft Learn, and Training Labs, which I am going to share with you in the next section.
The exam is available starting end of March 2022 in the Beta phase at the time of this writing. Beta exams are not scored immediately because Microsoft is gathering data on the quality of the questions and the exam. I will update this article as soon as I get the exam results from Microsoft.
Since the AZ-720 Exam (Beta) won’t be released until the end of March 2022, you can start preparing for it now and get ready.
Updated on 29/04/2022 – In this exam, I got around 56 questions in total with 2 case studies, 2 sections with Yes/No answers, and no lab questions but this might change in the future. The total time for this exam is 120 minutes (2 hours). The exam is very long, you need to manage your time and prepare very well. The questions do pretty much match the list of skills measured below.
Exam Target Audience
The candidates for the Azure Support Engineer for Connectivity Specialty certification are support engineers with subject matter expertise (SME) in using advanced troubleshooting methods to resolve networking and connectivity issues in Azure.
Professionals in this role troubleshoot hybrid environments, including issues with Azure Virtual Machines, virtual networks, and connectivity between on-premises and Azure services. They use
various tools and technologies to diagnose and identify root causes for complex network issues.
To prepare for this exam, you should have experience with networking and hybrid environments, including knowledge of routing, permissions, and account limits. You must be able to use available tools to diagnose issues related to business continuity, hybrid environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control, networking, and virtual machines connectivity.
Please note that to prepare and take the AZ-720 exam, it’s highly recommended to have Azure networking skills. Check my AZ-700: Microsoft Azure Network Engineer Associate study guide to get prepared.
Successful support engineers are professionals who have the energy and expertise to resolve difficult technical issues, and you can drive the resolution of highly complex incidents related to solutions development and deployment.
You should collaborate with other technical specialists on case reviews, troubleshooting, and effective customer interaction. As a prerequisite for this exam, you should be familiar with the following:
- Own, troubleshoot, and solve technical issues, using collaboration, best practices, and transparency within and across teams.
- Identify technical or strategic cases that require escalation.
- Create and maintain incident management requests for the product group or engineering group.
- Contribute to case deflection initiatives, automation, and other digital self-help assets to improve customer and engineer experience.
Skills measured on this exam
This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft Learning.
I have also included the direct link to the Microsoft documentation so you can read more about each objective.
Troubleshoot business continuity issues (5–10%)
Troubleshoot backup issues
> Review and interpret backup logs
> Troubleshoot Azure virtual machine backup issues including restarting a failed backup job
> Troubleshoot issues with Azure Backup agents
> Troubleshoot Azure Backup Server issues
> Troubleshoot scheduled backups
Troubleshoot recovery issues
> Troubleshoot Azure Site Recovery issues
> Troubleshoot site recovery in hybrid scenarios that include Hyper-V, VMware ESX, or System Center Configuration Manager (SCCM)
> Troubleshoot restore issues when using Azure Backup Agent, Azure backup, or Azure Backup Server
> Troubleshoot issues recovering files from an Azure virtual machine backup
Troubleshoot hybrid and cloud connectivity issues (20–25%)
Troubleshoot virtual network (VNet) connectivity
> Troubleshoot virtual private network (VPN) gateway transit issues
> Troubleshoot hub-and-spoke VNet configuration issues
> Troubleshoot global VNet peering connectivity issues
> Troubleshoot peered connections
Troubleshoot name resolution issues
> Troubleshoot name resolution for scenarios that use Azure-provided name resolution
> Troubleshoot name resolution for scenarios that use custom DNS servers
- Name resolution for resources in Azure virtual networks
- Use Azure DNS to provide custom domain settings for an Azure service
> Review and interpret DNS audit logs
> Troubleshoot name resolution for Azure private DNS zones
> Troubleshoot issues with DNS records at public DNS providers
> Troubleshoot domain delegation issues
Troubleshoot point-to-site virtual private network (VPN) connectivity
> Troubleshoot Windows VPN client configuration issues
> Troubleshoot OpenVPN VPN client configuration issues
> Troubleshoot macOS VPN client configuration issues
> Troubleshoot issues with certificate-based VPN connections
> Troubleshoot issues with RADIUS-based VPN connections
> Troubleshoot Azure Active Directory (Azure AD) authentication issues
Troubleshoot site-to-site virtual private network connectivity
> Review and interpret network logs and capture network traffic from a VPN gateway
> Determine the root cause for latency issues within site-to-site VPNs
> Review and interpret gateway configuration scripts
> Reset a VPN gateway
> Troubleshoot gateway issues by running Log Analytics queries
Troubleshoot Azure ExpressRoute connectivity issues
> Determine whether routes are live and correctly configured
> Validate the peering configuration for an ExpressRoute circuit
> Reset an ExpressRoute circuit
> Troubleshoot route filtering
- Tutorial: Configure route filters for Microsoft peering using the Azure portal
- Tutorial: Configure route filters for Microsoft peering using PowerShell
> Troubleshoot custom-defined routes
> Determine the root cause for latency issues related to ExpressRoute
Troubleshoot Platform as a Service issues (5–10%)
Troubleshoot PaaS services
> Troubleshoot issues connecting to a PaaS
- Troubleshooting connectivity issues and other errors with Azure SQL Database and Azure SQL Managed Instance
> Troubleshoot firewalls for PaaS services
> Troubleshoot PaaS configuration issues
- Best practices for securing PaaS web and mobile applications using Azure App Service
- Best practices for securing PaaS web and mobile applications using Azure Storage
- Best practices for securing PaaS databases in Azure
> Determine the root cause for service-level throttling
Troubleshoot PaaS integration issues
> Troubleshoot issues integrating PaaS services with virtual networks
> Troubleshoot subnet delegation issues
> Troubleshoot issues with private endpoints and service endpoints
> Troubleshoot issues with Azure Private Link
Troubleshoot authentication and access control issues (15–20%)
Troubleshoot Azure AD authentication
> Determine why on-premises systems cannot connect to Azure resources
> Troubleshoot Azure AD configuration issues
- Troubleshoot Azure Active Directory Sync Tool installation and Configuration
- Analyze Azure AD activity logs with Azure Monitor logs
> Troubleshoot self-service password reset issues
> Troubleshoot issues with multifactor authentication
Troubleshoot hybrid authentication
> Troubleshoot Azure AD Connect synchronization issues
> Troubleshoot Azure AD to Active Directory Domain Services (Azure AD DS) integration issues
- Common errors and troubleshooting steps for Azure Active Directory Domain Services
- Troubleshoot account sign-in problems with an Azure Active Directory Domain Services managed domain
- Troubleshoot account lockout problems with an Azure Active Directory Domain Services managed domain
> Troubleshoot connectivity issues between Azure AD and Active Directory Federation Services (AD FS)
> Troubleshoot issues with pass-through authentication and password hash synchronization
- Troubleshoot Azure Active Directory Pass-through Authentication
- Troubleshoot password hash synchronization with Azure AD Connect sync
> Troubleshoot Azure AD Application Proxy connectivity issues
- Troubleshoot Application Proxy problems and error messages
- Debug Application Proxy connector issues
- Debug Application Proxy application issues
Troubleshoot authorization issues
> Troubleshoot role-based access control (RBAC) issues
> Troubleshoot issues storing encrypted passwords in Azure Key Vault
- About Azure Key Vault
- Best practices for secrets management in Key Vault
- Store credentials in Azure Key Vault
> Troubleshoot sign-in issues related to Azure AD Conditional Access policies
- Troubleshooting sign-in problems with Conditional Access
- How to: Troubleshoot sign-in errors using Azure Active Directory reports
Troubleshoot networks (25–30%)
Troubleshoot Azure network security issues
> Determine why Azure Web Application Firewall is blocking traffic
> Troubleshoot encryption and certificate issues for point-to-site and site-to-site scenarios
> Troubleshoot connectivity to secure endpoints
- Troubleshoot Azure Private Endpoint connectivity problems
- Troubleshoot Azure Private Link connectivity problems
Troubleshoot Azure network security groups (NSGs)
> Troubleshoot NSG configuration issues
> Review and interpret NSG flow logs
> Determine whether a VM or a group of VMs is associated with an application security group (ASG)
Troubleshoot Azure Firewall issues
> Troubleshoot an application, network, and infrastructure rules
> Troubleshoot network address translation (NAT) and distributed network address translation (DNAT) rules
> Troubleshoot Azure Firewall Manager configuration issues
Troubleshoot latency issues
> Determine the root cause for VM-level throttling
> Determine the root cause for latency issues when connecting to Azure virtual machines
> Determine the root cause for throttling between source and destination resources
> Troubleshoot bandwidth availability issues
> Determine whether resource response times meet service-level agreements (SLAs)
Troubleshoot routing and traffic control
> Review and interpret route tables
> Troubleshoot asymmetric routing
> Troubleshoot issues with user-defined routes
> Troubleshoot issues related to forced tunneling
> Troubleshoot Border Gateway Protocol (BGP) issues
> Troubleshoot virtual network peering, transitive routing, and service chaining
> Troubleshoot routing configuration issues in Azure
- Troubleshooting Azure Route Server issues
- Tutorial: Diagnose a virtual machine network routing problem
- Tutorial: Diagnose a communication problem between networks
- Troubleshoot Network virtual appliance issues in Azure
Troubleshoot load-balancing issues
> Determine whether VMs in a load-balanced cluster is healthy
> Troubleshoot issues with Azure Load Balancer
> Review and interpret load balancer rules
> Troubleshoot traffic distribution issues
> Evaluate the configuration of Azure Traffic Manager
> Troubleshoot issues with Azure Traffic Manager profiles
> Troubleshoot port exhaustion issues
> Troubleshoot issues with Azure Front Door
> Troubleshoot issues with Azure Application Gateway
- Troubleshoot backend health issues in Application Gateway
- Troubleshooting bad gateway errors in Application Gateway
- Troubleshooting Azure Application Gateway Session Affinity Issues
Troubleshoot VM connectivity issues (5–10%)
Troubleshoot Azure Bastion
> Troubleshoot issues deploying Azure Bastion
> Troubleshoot connectivity issues
> Troubleshoot authorization issues
Troubleshoot just-in-time (JIT) VM access
> Validate connectivity with a VM
> Troubleshoot Microsoft Defender for Cloud configuration issues
> Determine which resources are authorized to use JIT VM access
Microsoft Learn – Study Resources
To prepare for this exam, I use the new Microsoft Learn, a great resource that provides self-paced skills training on a variety of Azure connectivity topics. I highly recommend checking the following 8 modules from the AZ-700 Designing and Implementing Microsoft Azure Networking Solutions:
1) Introduction to Azure virtual networks (11 units)
2) Design and implement hybrid networking (9 units)
3) Design and implement Azure ExpressRoute (11 units)
4) Load balance non-HTTP(S) traffic in Azure (7 units)
5) Load balance HTTP(S) traffic in Azure (7 units)
6) Design and implement network security (11 units)
7) Design and implement private access to Azure Services (8 units)
8) Design and implement network monitoring (5 units)
I will update this article as soon as I have new materials such as videos, practice tests, and training labs.
Schedule AZ-720 Exam
Updated – 01/04/2022, Microsoft launched the AZ-720 exam in beta mode, if you would like to take the beta exam and receive the 80% discount*, use the code below when prompted for payment. This is not a private access code.
You must register for the exam on or before April 29, 2022. The seats are offered on a first-come, first-served basis. Please note that this beta exam is NOT available in Turkey, Pakistan, India, or China.
Once you are ready, click Schedule exam here and take it online from the comfort of your home/office with proctor supervision.
Other Microsoft Azure Exam Study Guides
Are you interested in another Azure certification exam? I highly encourage you to check out the following Azure exam study guides:
- Exam AZ-900: Microsoft Azure Fundamentals Exam Study Guide
- Exam AZ-104: Microsoft Azure Administrator Exam Study Guide
- Exam AZ-140: Microsoft Azure Virtual Desktop Exam Study Guide
- Exam AZ-204: Developing Solutions for Microsoft Azure Exam Study Guide
- Exam AZ-303: Microsoft Azure Architect Technologies Exam Study Guide
- Exam AZ-304: Microsoft Azure Architect Design Certification Exam Study Guide
- Exam AZ-500: Microsoft Azure Security Technologies Exam Study Guide
- Exam AZ-600: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub Exam Study Guide
- Exam AZ-700: Microsoft Azure Network Engineer Associate Study Guide
- Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals Exam Study Guide
- Exam SC-200: Microsoft Security Operations Analyst Exam Study Guide
- Exam SC-300: Microsoft Identity and Access Administrator Exam Study Guide
- Exam SC-400: Microsoft Information Protection Administrator Exam Study Guide
- Exam MS-500: Microsoft 365 Security Administrator Exam Study Guide
- Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions Study Guide
- Exam AZ-800: Administering Windows Server Hybrid Core Infrastructure Study Guide
- Exam AZ-801: Configuring Windows Server Hybrid Advanced Services Study Guide
If you are planning to take the AZ-720 exam… I wish you all the best and Happy Studying!!!
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.