Identity and Networking
PaaS + Web and Mobile
This course provides an overview of the 70-532: Developing Microsoft Azure Solutions exam and the major topics covered within. Use it as a guide to identify gaps in your knowledge and areas to focus as you prep to sit the exam. The course also provides some tips and tricks to maximize your chances of a passing score.
Major topics include:
- An overview of the 70-532 exam and related Microsoft certification paths
- A review of Azure virtual machines and related topics like VM storage and networking
- A review of major Azure data storage options like queues, blobs, tables, SQL Database, Cosmos DB, and others
- A review of Azure Active Directory topic areas and hybrid networking as covered in the exam
- A review of platform-as-a-service options in Azure and their coverage in the exam
Now let's review the coverage of identity and networks in the 532 exam and talk about what you need to know as you prepare.
Identity and networking topics will represent about 15 to 20% of the overall exam. This is less than other topics, but you still need some familiarity with what's here. Specifically, you should become familiar with the Azure Active Directory Service and understand how it relates to on-premises Active Directory, as well as how to use it for secure authentication in cloud-based applications. There will also be some coverage of the Azure AD B2C and B2B feature offerings on the exam. So plan to investigate those topics as well. You'll need to learn about Azure Service Bus and the various options it has for reliable cloud-based messaging, as well as options for establishing and using hybrid connectivity between Azure and your on-premises data center environment.
Azure Active Directory is a managed identity service that provides secure authentication and authorization capabilities in the cloud without the need to provision and manage complex infrastructure. While it has some functional overlap with traditional on-premises Active Directory, it is a distinct product offering. It does have the capability of synchronizing data with an on-premises AD installation however. For the 532 exam, you don't need to understand all of the set up and configuration options for Azure AD. Instead, you should learn about the various authentication options available like support for OAuth and OpenID Connect. Study up on how to integrate applications with Azure AD using these industry standard protocols; how to register applications with Azure AD and how to write code that talks to Azure AD to perform authentication checks. You should also learn about the Graph API used to traverse identity metadata in Azure AD to authorize user behavior and otherwise provide user-level customization in integrated applications. If you're familiar with traditional on-premises AD, you'll know something about the LDAP protocol in AD support for LDAP queries. The Graph API is the Azure AD equivalent of LDAP. Spin up a small Azure AD instance in the portal and build a small application that uses the Graph API to query against it. This will help you come exam time. Here again, see the course notes for links to several resources for additional information on Azure AD. It's a big topic, focus on the developer-related topics as these are most likely to appear on the exam.
In addition to the core capabilities of Azure AD, there are two additional features likely to appear on the exam in some form. The important bit here is to understand the major use cases and target audiences for these features, as opposed to every minute detail of how to set up and configure them in your Azure subscription.
Azure AD B2C, or business-to-consumer, provides integration with a variety of external identity providers like Twitter, Facebook, Google, LinkedIn and others. As well as end-user friendly capabilities like multi-factor authentication and self-service account management. You also have integration with the Graph API for programmatic access to user accounts and creation of custom fields and account metadata.
Azure AD B2B, or business-to-business, provides declarative access policy management for enabling business partner collaboration. With Azure AD B2B, you can define which external business partners can interact with secure services and data in your organization at a granular level. Collaborators can bring their own approved identity provider credentials as opposed to requiring manual configuration within your Azure AD tenant.
Again, keep the big picture in mind for the exam, understand the important scenarios for each of these and be ready to answer exam questions about which is the best option in specific cases.
Azure Service Bus is an umbrella product family that provides a number of secure, reliable messaging capabilities in the cloud.
Service Bus Queues provide transactional first-in, first-out messaging similar conceptually to older on-premises technology like MSMQ. Service Bus Queues support features like order delivery, dead-lettering of failed message delivery and more. For the exam it's important that you understand the similarities and differences between Azure Storage Queues and Azure Service Bus Queues. Plan to spend some time studying up on that. You should also be comfortable with some of the programmatic APIs for interacting with queues and queue messages.
Service Bus Topics are similar to queues but provide broadcast-style published subscribed semantics for messages. That is, you can publish a single message to a named topic and one or more subscribers who have expressed interest in that topic will each receive a copy of your message. Spend some time understanding the difference between topics as a broadcast mechanism and queues, which maintain a single copy of a message, accessible only by one consumer and think about scenarios where each fits best. Again, these are likely exam focus areas.
Service Bus Relay is used to provide secure Windows Communication Foundation or WCF-based communication between application logic, running in Azure and logic running outside Azure. It's an application-level hybrid communication mechanism that is firewall friendly and easy to use. Learn the basic APIs for establishing a connection and communicating over it.
Event Hubs are high-scale messaging solution used to push large amounts of data into Azure at potentially very high throughput levels. It scales horizontally using consumer partitions making it straightforward to process incoming messages at scale too. For the exam, you should know how to create and configure Event Hubs in the portal and with PowerShell. As well as know how to write data to an Event Hub and read from Event Hubs using the .NET SDK.
The 532 exam also focuses on a couple of key hybrid connectivity options in Azure you should be familiar with. The VPN Gateway Service allows you to establish either a point-to-site connection between an Azure Virtual Network and a single computer running outside Azure; or a site-to-site connection which links an Azure VNet to another network, which again is running outside of an Azure data center. In either case, VPN Gateway uses secure communication over the public internet.
ExpressRoute provides similar connectivity options and scenarios as VPN Gateway, but a key difference is that ExpressRoute connections are dedicated, private and established by an independent connectivity provider between your data center and an Azure data center. ExpressRoute connections are generally more reliable, more secure, and lower latency than VPN Gateway connections that rely on public internet connectivity. As you might imagine, ExpressRoute connections have a much higher price point than VPN Gateway. For the exam, know the difference between these two options and anticipate questions that describe use cases where one or the other might be most useful.
About the Author
Josh Lane is a Microsoft Azure MVP and Azure Trainer and Researcher at Cloud Academy. He’s spent almost twenty years architecting and building enterprise software for companies around the world, in industries as diverse as financial services, insurance, energy, education, and telecom. He loves the challenges that come with designing, building, and running software at scale. Away from the keyboard you'll find him crashing his mountain bike, drumming quasi-rythmically, spending time outdoors with his wife and daughters, or drinking good beer with good friends.