You dont have javascript enabled! Please enable it!

AZ-720 Study Guide: Troubleshooting Microsoft Azure Connectivity

10 Min. Read

Are you preparing for the AZ-720 Azure Support Engineer for Connectivity Specialty certification? This study guide will share with you how to prepare and pass the AZ-720: Microsoft Certified Azure Support Engineer for Connectivity Specialty successfully (with links to exam objectives).


Microsoft is keeping evolving its learning programs to help you and your career keep pace with today’s demanding IT environments. The new updated role-based certifications will help you to keep pace with today’s business requirements. Microsoft Learning is constantly evolving its learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities you’ve earned.

After the recent announcement of the new certification exam that focuses on networking with the AZ-700 Designing and Implementing Microsoft Azure Networking Solutions, Microsoft Learning announced a new specialty certification exam for troubleshooting Microsoft Azure Connectivity which expands the Azure training and certification portfolio.

AZ-720 Exam Prep

How do you prepare for AZ-720?

While preparing to take this exam myself, I would like to share with you how to prepare and pass the AZ-720: Troubleshooting Microsoft Azure Connectivity exam successfully. To prepare for this exam, I usually use a couple of online resources, mainly Microsoft Docs, Microsoft Learn, and Training Labs, which I am going to share with you in the next section.

The exam is available starting end of March 2022 in the Beta phase at the time of this writing. Beta exams are not scored immediately because Microsoft is gathering data on the quality of the questions and the exam. I will update this article as soon as I get the exam results from Microsoft. This exam is out of the Beta phase now and it’s Public.

Updated on 29/04/2022  In this exam, I got around 56 questions in total with 2 case studies, 2 sections with Yes/No answers, and no lab questions but this might change in the future. The total time for this exam is 120 minutes (2 hours). The exam is very long, you need to manage your time and prepare very well. The questions do pretty much match the list of skills measured below.

Updated on 24/06/2022 I am so happy and grateful now that I received the final report for the AZ-720 Troubleshooting Microsoft Azure Connectivity with a passing score as shown in the report below! I want to mention that I did not prepare well when I sat for this exam in April 2022 there were no resource materials available during the beta phase, but since I work with Microsoft Azure on daily basis, I managed to answer most of the questions within 2 hours.

AZ-720 Troubleshooting Microsoft Azure Connectivity
AZ-720 Troubleshooting Microsoft Azure Connectivity

Exam Target Audience

The candidates for the Azure Support Engineer for Connectivity Specialty certification are support engineers with subject matter expertise (SME) in using advanced troubleshooting methods to resolve networking and connectivity issues in Azure.

Professionals in this role troubleshoot hybrid environments, including issues with Azure Virtual Machines, virtual networks, and connectivity between on-premises and Azure services. They use
various tools and technologies to diagnose and identify root causes for complex network issues.

To prepare for this exam, you should have experience with networking and hybrid environments, including knowledge of routing, permissions, and account limits. You must be able to use available tools to diagnose issues related to business continuity, hybrid environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control, networking, and virtual machines connectivity.

Please note that to prepare and take the AZ-720 exam, it’s highly recommended to have Azure networking skills. Check my AZ-700: Microsoft Azure Network Engineer Associate study guide to get prepared.


Successful support engineers are professionals who have the energy and expertise to resolve difficult technical issues, and you can drive the resolution of highly complex incidents related to solutions development and deployment.

You should collaborate with other technical specialists on case reviews, troubleshooting, and effective customer interaction. As a prerequisite for this exam, you should be familiar with the following:

  • Own, troubleshoot, and solve technical issues, using collaboration, best practices, and transparency within and across teams.
  • Identify technical or strategic cases that require escalation.
  • Create and maintain incident management requests for the product group or engineering group.
  • Contribute to case deflection initiatives, automation, and other digital self-help assets to improve customer and engineer experience.

Skills measured on this exam

This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft Learning.

I have also included the direct link to the Microsoft documentation so you can read more about each objective.

Troubleshoot business continuity issues (5–10%)

Troubleshoot backup issues

> Review and interpret backup logs

> Troubleshoot Azure virtual machine backup issues including restarting a failed backup job

> Troubleshoot issues with Azure Backup agents

> Troubleshoot Azure Backup Server issues

> Troubleshoot scheduled backups

Troubleshoot recovery issues

> Troubleshoot Azure Site Recovery issues

> Troubleshoot site recovery in hybrid scenarios that include Hyper-V, VMware ESX, or System Center Configuration Manager (SCCM)

> Troubleshoot restore issues when using Azure Backup Agent, Azure backup, or Azure Backup Server

> Troubleshoot issues recovering files from an Azure virtual machine backup

Troubleshoot hybrid and cloud connectivity issues (20–25%)

Troubleshoot virtual network (VNet) connectivity

> Troubleshoot virtual private network (VPN) gateway transit issues

> Troubleshoot hub-and-spoke VNet configuration issues

> Troubleshoot global VNet peering connectivity issues

> Troubleshoot peered connections

Troubleshoot name resolution issues

> Troubleshoot name resolution for scenarios that use Azure-provided name resolution

> Troubleshoot name resolution for scenarios that use custom DNS servers

> Review and interpret DNS audit logs

> Troubleshoot name resolution for Azure private DNS zones

> Troubleshoot issues with DNS records at public DNS providers

> Troubleshoot domain delegation issues

Troubleshoot point-to-site virtual private network (VPN) connectivity

> Troubleshoot Windows VPN client configuration issues

> Troubleshoot OpenVPN VPN client configuration issues

> Troubleshoot macOS VPN client configuration issues

> Troubleshoot issues with certificate-based VPN connections

> Troubleshoot issues with RADIUS-based VPN connections

> Troubleshoot Azure Active Directory (Azure AD) authentication issues

Troubleshoot site-to-site virtual private network connectivity

> Review and interpret network logs and capture network traffic from a VPN gateway

> Determine the root cause for latency issues within site-to-site VPNs

> Review and interpret gateway configuration scripts

> Reset a VPN gateway

> Troubleshoot gateway issues by running Log Analytics queries

Troubleshoot Azure ExpressRoute connectivity issues

> Determine whether routes are live and correctly configured

> Validate the peering configuration for an ExpressRoute circuit

> Reset an ExpressRoute circuit

> Troubleshoot route filtering

> Troubleshoot custom-defined routes

> Determine the root cause for latency issues related to ExpressRoute

Troubleshoot Platform as a Service issues (5–10%)

Troubleshoot PaaS services

> Troubleshoot issues connecting to a PaaS

> Troubleshoot firewalls for PaaS services

> Troubleshoot PaaS configuration issues

> Determine the root cause for service-level throttling

Troubleshoot PaaS integration issues

> Troubleshoot issues integrating PaaS services with virtual networks

> Troubleshoot subnet delegation issues

> Troubleshoot issues with private endpoints and service endpoints

> Troubleshoot issues with Azure Private Link

Troubleshoot authentication and access control issues (15–20%)

Troubleshoot Azure AD authentication

> Determine why on-premises systems cannot connect to Azure resources

> Troubleshoot Azure AD configuration issues

> Troubleshoot self-service password reset issues

> Troubleshoot issues with multifactor authentication

Troubleshoot hybrid authentication

> Troubleshoot Azure AD Connect synchronization issues

> Troubleshoot Azure AD to Active Directory Domain Services (Azure AD DS) integration issues

> Troubleshoot connectivity issues between Azure AD and Active Directory Federation Services (AD FS)

> Troubleshoot issues with pass-through authentication and password hash synchronization

> Troubleshoot Azure AD Application Proxy connectivity issues

Troubleshoot authorization issues

> Troubleshoot role-based access control (RBAC) issues

> Troubleshoot issues storing encrypted passwords in Azure Key Vault

> Troubleshoot sign-in issues related to Azure AD Conditional Access policies

Troubleshoot networks (25–30%)

Troubleshoot Azure network security issues

> Determine why Azure Web Application Firewall is blocking traffic

> Troubleshoot encryption and certificate issues for point-to-site and site-to-site scenarios

> Troubleshoot connectivity to secure endpoints

Troubleshoot Azure network security groups (NSGs)

> Troubleshoot NSG configuration issues

> Review and interpret NSG flow logs

> Determine whether a VM or a group of VMs is associated with an application security group (ASG)

Troubleshoot Azure Firewall issues

> Troubleshoot an application, network, and infrastructure rules

> Troubleshoot network address translation (NAT) and distributed network address translation (DNAT) rules

> Troubleshoot Azure Firewall Manager configuration issues

Troubleshoot latency issues

> Determine the root cause for VM-level throttling

> Determine the root cause for latency issues when connecting to Azure virtual machines

> Determine the root cause for throttling between source and destination resources

> Troubleshoot bandwidth availability issues

> Determine whether resource response times meet service-level agreements (SLAs)

Troubleshoot routing and traffic control

> Review and interpret route tables

> Troubleshoot asymmetric routing

> Troubleshoot issues with user-defined routes

> Troubleshoot issues related to forced tunneling

> Troubleshoot Border Gateway Protocol (BGP) issues

> Troubleshoot virtual network peering, transitive routing, and service chaining

> Troubleshoot routing configuration issues in Azure

Troubleshoot load-balancing issues

> Determine whether VMs in a load-balanced cluster is healthy

> Troubleshoot issues with Azure Load Balancer

> Review and interpret load balancer rules

> Troubleshoot traffic distribution issues

> Evaluate the configuration of Azure Traffic Manager

> Troubleshoot issues with Azure Traffic Manager profiles

> Troubleshoot port exhaustion issues

> Troubleshoot issues with Azure Front Door

> Troubleshoot issues with Azure Application Gateway

Troubleshoot VM connectivity issues (5–10%)

Troubleshoot Azure Bastion

> Troubleshoot issues deploying Azure Bastion

> Troubleshoot connectivity issues

> Troubleshoot authorization issues

Troubleshoot just-in-time (JIT) VM access

> Validate connectivity with a VM

> Troubleshoot Microsoft Defender for Cloud configuration issues

> Determine which resources are authorized to use JIT VM access

Microsoft Learn – Study Resources

To prepare for this exam, I use the new Microsoft Learn, a great resource that provides self-paced skills training on a variety of Azure connectivity topics. I highly recommend checking the following 8 modules from the AZ-700 Designing and Implementing Microsoft Azure Networking Solutions:

1) Introduction to Azure virtual networks (11 units)
2) Design and implement hybrid networking (9 units)
3) Design and implement Azure ExpressRoute (11 units)
4) Load balance non-HTTP(S) traffic in Azure (7 units)
5) Load balance HTTP(S) traffic in Azure (7 units)
6) Design and implement network security (11 units)
7) Design and implement private access to Azure Services (8 units)
8) Design and implement network monitoring (5 units)

I will update this article as soon as I have new materials such as videos, practice tests, and training labs.

Schedule AZ-720 Exam

Updated – 01/04/2022, Microsoft launched the AZ-720 exam in beta mode, if you would like to take the beta exam and receive the 80% discount*, use the code below when prompted for payment. This is not a private access code. This exam is out of the Beta phase now and it’s Public. The beta code below is NOT available anymore.


You must register for the exam on or before April 29, 2022. The seats are offered on a first-come, first-served basis. Please note that this beta exam is NOT available in Turkey, Pakistan, India, or China.

Once you are ready, click Schedule exam here and take it online from the comfort of your home/office with proctor supervision.

Exam AZ-720: Troubleshooting Microsoft Azure Connectivity
Exam AZ-720: Troubleshooting Microsoft Azure Connectivity

Other Microsoft Azure Exam Study Guides

Are you interested in another Azure certification exam? I highly encourage you to check out the following Azure exam study guides:

If you are planning to take the AZ-720 exam… I wish you all the best and Happy Studying!!!

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect, Swiss Certified ICT Security Expert, Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT). He has over 20 years of broad IT experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems with extensive practical knowledge of complex systems build, network design, business continuity, and cloud security.

Related Posts


Duplicate Azure Policy Definition and Initiative

SC-100 Study Guide: Microsoft Cybersecurity Architect


Let me know what you think, or ask a question...

error: Alert: The content of this website is copyrighted from being plagiarized! You can copy from the 'Code Blocks' in 'Black' by selecting the Code. Thank You!