Microsoft Certified Azure Administrator Associate (1科 Azure Cloud) 國際認可證書課程 (新制第 4 版)
課程簡稱：Azure Administrator Associate Training Course

本中心是 Microsoft 認可的合作夥伴 (Microsoft Certified Partner)。

課程導師 Larry 按最近更新的 AZ-104 考試要求親自編寫課程筆記，並於課堂即時示範 Azure Cloud 的操作！Larry 有超過 10 年操作 Azure Cloud 的經驗，並多年來於本中心任教 Azure Cloud 相關的 Administrator Associate、Solutions Architect Expert、Security Engineer 等課程。

Larry 亦同時有教授其他雲端課程如 Google GCP、Amazon AWS、Alibaba Cloud，並經常為本港企業 (如港交所 BSS 合作供應商、OTP-C 證券市場交易平台、各大 4G/5G 電訊商的 vEPC/NFV 合作供應商等) 提供雲端解決方案及專業意見。

Microsoft Azure Cloud 的優勢

Azure 具備超過 70 項合規性 (Compliance) 項目，提供更全方位的合規性涵蓋範圍，而且是透過契約方式符合一般資料保護規定 (GDPR, General Data Protection Regulation) 需求的首要雲端提供者。

為保護您的組織，Azure 將安全性、隱私權及合規性皆內嵌於開發方法中，並已獲得美國政府機構認可為最受信任的雲端，獲得涵蓋 38 項 Azure 服務的 FedRAMP (The Federal Risk and Authorization Management Program) 高級授權。

此外，Azure IP Advantage 提供業界頂尖的智慧財產權保護，讓您可以專注於創新，而不需要擔心毫無根據的訴訟。

Azure 隨時隨地提供混合式一致性 (Consistency across a hybrid cloud environment)：應用程式開發、安全性與管理、身份識別管理，以及資料平台之間都包含在內。這有利於降低混合式雲端環境的風險與成本。而 Azure 亦能讓應用程式及工作負載具備可攜能力。

再者，將 Windows Server 虛擬機器 (Virtual Machine) 移轉到 Azure 時，可透過 Azure Hybrid Benefit 省下最多 40% 的成本。

透過 60 個 Azure 區域 (Region) 讓規模擴及全球：令您可以選擇適合您及客戶的資料中心和區域，以便在需要時取得所需的效能和支援。

透過龍頭雲端平台加速建置！

業界公認了 Azure 是擁有領先基礎結構即服務 (IaaS, Infrastructure as a Service)、平台即服務 (PaaS, Platform as a Service) 和軟體即服務 (SaaS, Software as a Service) 解決方案的唯一雲端提供者。

事實上，根據 Forrester Total Economic Impact 研究，Azure PaaS 可協助您提高生產力並增加您的 ROI (Return On Investment)。這有賴於 Azure 提供了超過 100 項服務來將您的想法轉化成解決方案和端對端管理體驗，以及運用敏捷做法傳遞應用程式。

您可以使用任何開發工具或語言，依照您的方式，以您選擇的工具、應用程式和架構 (如 Jenkins 與 Chef) 來開發及建置。身為 GitHub 上領先的開放原始碼參與者，Microsoft 積極支援多項開放原始碼社群專案 (如 Kubernetes、fluentd 及 Helm)，並與 Red Hat 建立獨特的合作關係以提供多項產品間協調的多語言支援。

透過無與倫比的智慧功能發揮創意！
使用只能在 Azure 中找到的辨識 API、Bot、機器學習服務和區塊鏈服務 (BaaS, Blockchain as a Service) 功能，便能大規模地建置智慧型解決方案。藉由搭配這些功能與強大的 GPU (Graphics Processing Unit) 計算，您便能加速深度學習、啟用高效能運算模擬，並使用 Azure 中的 NVIDIA GPU 來進行即時資料分析。

透過完整的進階分析解決方案，深入探索巨量資料！
使用 Azure Cosmos DB 便能將無限彈性調整功能整合到您的應用程式中，然後使用需求預測和庫存最佳化等商務分析解決方案，來將您的資料轉換成競爭優勢。使用解決方案範本快速建置、自訂及部署最佳做法，並透過 Azure SQL 資料倉儲，取得所有資料的轉換深入解析。

輕鬆實作立即可用的 IoT！
使用 Azure IoT 套件中預先設定的解決方案，便能快速開始進行最常見的物聯網 (IoT, Internet of Things) 案例，例如遠端監視和預測性維護。 其設計是開放且可自訂的，而且 46% 的 Azure IoT 認證裝置是以 Linux、Android 或其他開放原始碼技術來執行的。

透過完整的成本管理解決方案來管理及妥善運用雲端花費！
透過免費的 Azure 成本管理，便能發揮雲端資源的最大效益，亦能管理部門預算及配置成本。將虛擬機器調整成適當大小，來充份使用資源，並將 Azure 提供的多種購買選項成本效益視覺化。

透過 Microsoft Cloud 獲取更大的 Azure 投資效益！
使用領先業界的其中一項 SaaS 服務 (包括 Office 365、Dynamics 365 和 Enterprise Mobility + Security)，從 Azure 投資當中獲得更多價值。Azure 與這些服務共用許多基本功能，例如 Azure Active Directory 的身份識別管理，以及 Intune 的行動裝置管理。

修畢本課程後，學員便可考取下列 1 張國際認可證書：

Microsoft Certified Azure Administrator Associate

雲端世代的 Microsoft Azure Cloud 新系列 Role-based 認證 : 掌握雲端運算科技，迎接未來挑戰

基要級：		進階級：
An Azure Administrator is responsible for implementing, monitoring, and maintaining Microsoft Azure solutions, including major services related to compute, storage, network, and security. Get certified today.		Master the skills needed to design solutions that run on Azure. A Microsoft Azure Solutions Architect must have expertise in compute, network, storage, and security.

本中心為Microsoft指定的考試試場。報考時請致電本中心，登記欲報考之科目考試編號、考試日期及時間 (最快可即日報考)。臨考試前要出示身份證及繳付每科HK$943之考試費。

考試題目由澳洲考試中心傳送到你要應考的電腦，考試時以電腦作答。所有考試題目均為英文，而大多數的考試題目為單項及多項選擇題，其餘則為實戰題。

考試合格後會收到來自Microsoft的作實電郵，並進入該電郵內的連結，登入 Microsoft Credentials Dashboard 下載您的證書。

考試不合格便可重新報考，不限次數。欲知道作答時間、題目總數、合格分數等詳細考試資料，可瀏覽本中心網頁 "各科考試分數資料"。

1. Manage Azure subscriptions
1.1 Creating a Free Azure account
1.1.1 Services included in Azure Free account
1.1.2 Setting up a Free Account
1.2 Azure RBAC roles, and Entra ID administrator roles
1.2.1 How roles are related each other
1.2.2 Classic Subscription Administrator roles
1.2.3 Azure account and Azure subscriptions
1.3 Azure RBAC roles
1.4 Deny Assignments
1.5 Entra ID Administrator Roles
1.6 Custom RBAC Roles
1.7 Differences between Azure RBAC roles and Entra ID administrator roles
1.8 Elevate access for a Entra ID Global Administrator
1.9 Azure Price Calculator
1.10 Creating a Virtual Machine on Azure
1.10.1 Introduction to N-Tier architecture
1.10.2 Benefits and Challenges using N Tier
1.10.3 N-Tier architecture with Azure Compute Virtual Machines
1.10.4 To Implement N-Tier Virtual Machine based Architecture
1.11 Enabling Auto-shutdown for VM
1.12 Implementing Azure Bastion
1.13 Manage License in Entra ID
1.14 Entra ID Administrative Units
1.15 Performing Bulk update to Entra ID
1.16 About the new name for Azure Active Directory

2. Azure Policy
2.1 Introduction to Azure Policy
2.2 Initiative Definition
2.3 Assigning Initiative Definition to a Specific Scope of resources
2.4 Azure Guest Configuration extension
2.5 Check Compliance

3. Analyze resource utilization and consumption
3.1 Introduction to Azure Monitor service
3.1.1 Metrics
3.2 Metric Alerts
3.3 Understanding Dynamic Threshold with Alert Rules
3.4 Collecting Azure Virtual Machine Logs with Log Analytics
3.5 View or analyze data collected with Log Analytics log search
3.5.1 Creating a Simple Search query
3.5.2 Querying Performance Data
3.6 Using Log Analytics Alerts
3.7 Migrating to new Azure Monitor Agent
3.8 Monitoring your Cost
3.8.1 Add tags to your resources to group your billing data
3.8.2 Reviewing cost at the end of your billing cycle

4. Resource Group and Locks
4.1 Lock resources to prevent unexpected changes
4.2 Moving resources to new resource group
4.3 Removing a resource group
4.4 Using Azure Policy for Tag Governance and Compliance

5. Create and configure storage accounts
5.1 Introduction to Azure Blob Storage
5.2 Storage accounts
5.3 Access Tiers for Block blob data
5.4 Azure Storage Replication
5.5 Storage Account Endpoints
5.5.1 About Require Secure Transfer
5.6 Creating a GPv2 Storage Account
5.7 Creating a Storage Container for upload
5.7.1 Creating a Blob container
5.7.2 Upload a block blob
5.8 Azure Storage Explorer
5.9 Shared Access Signature
5.10 Stored Access Policy
5.11 Virtual Network Service Endpoints and Firewall for Azure Storage
5.12 Storage Analytics
5.12.1 Enabling Azure Storage metrics and viewing metrics data
5.13 Implementing Azure Storage Replication
5.13.1 Azure Storage Account outages and failover
5.14 Designing Entra ID Authentication for a storage account
5.14.1 Managing User Profile Information
5.14.2 Configure Access with Entra ID Groups
5.14.3 Creating a Basic Group and add members
5.14.4 Assign RBAC roles for access rights
5.15 Configuring Storage Tiering for Azure Blobs
5.15.1 About Account Level Tiering
5.15.2 Blob Level Tiering
5.15.3 Azure Storage Blob Lifecycle Management
5.15.4 Rehydrate blob data from the archive tier
5.16 Configuring and Managing additional data disk for Azure Virtual Machines
5.17 Configure Azure Disk Encryption
5.17.1 Azure Disk Encryption Workflow
5.17.2 Azure Disk Decryption Workflow
5.17.3 Azure Disk Encryption Prerequisites
5.17.4 Supported VM Sizes
5.17.5 Virtual Networking
5.17.6 Key Vault Access Policy
5.17.7 Enable encryption on existing or running IaaS Windows VMs

6. Import and export data to Azure
6.1 Introduction to Azure Import and Export service
6.2 Import/Export Job workflow
6.3 Using Import/Export Service
6.3.1 Preparing Drives to ship
6.3.2 Creating an Import Job in Azure
6.3.3 Ship the encrypted drives
6.4 Using AzCopy across clouds

7. Azure Front Door
7.1 Introduction to Front Door
7.2 Creating Azure CDN Profile and Endpoint
7.3 Testing CDN Performance
7.4 Adding a Custom Domain name to CDN Endpoint
7.4.1 Creating a Custom Domain
7.4.2 Creating a CNAME record
7.5 Purging Front Door Cache

8. Azure Files
8.1 Introduction to Azure Files
8.2 Data Access Method of Azure Files
8.3 Creating Azure File Share
8.4 Mounting Azure Files
8.5 Azure File Sync
8.5.1 Terminology
8.5.2 Preparing Windows Server
8.5.3 Installing the Azure File Sync Agent
8.5.4 Installing “AzureRM” PowerShell Module
8.5.5 Installing “Az” PowerShell Module
8.5.6 Deploying the Storage Sync Service
8.5.7 Server Registration
8.5.8 Create a sync group and a cloud endpoint
8.5.9 Creating Server Endpoint
8.6 Cloud Tiering
8.6.1 How Cloud Tiering works
8.6.2 Cloud Tiering Policy
8.6.3 Configuring Cloud Tiering
8.6.4 Forcing Recall of a File or Directory
8.6.5 Unregistering server and removing the Sync Group

9. Azure Recovery Services Vault
9.1 Introduction to Recovery Services Vault
9.2 Creating a Recovery Services Vault
9.3 Back up Windows to Azure
9.3.1 Configuring the Vault for backing up On-Premises Windows
9.3.2 Installing Agent and Registering On-Premises Server
9.3.3 Create the backup policy
9.3.4 Network throttling
9.3.5 Restoring files from Azure Recovery Services Vault
9.4 Back up an Azure Virtual Machine
9.4.1 Preparation to backup Azure Virtual Machine
9.4.2 Network Connectivity from VM Guest Agent to Azure public IP addresses
9.4.3 Back up the Azure VM using Azure Backup service
9.5 Upgrading Azure VM Backup stack V2 (Optional knowledge)
9.6 Configuring Azure Backup Reports
9.6.1 Configure Log Analytics Workspace for reports
9.6.2 Viewing Reports in Power BI
9.7 More about Site-to-Site recovery by using Azure Site Recovery
9.7.1 Introduction to Azure Site Recovery services
9.7.2 Migrating On-premises Hyper-V Virtual Machine to Azure
9.7.3 Disaster Recovery Drill
9.7.4 Completing the Migration of Hyper-V Virtual Machine
9.7.5 After Migration

10. Autoscaling with Virtual Machine Scale Sets
10.1 Introduction to Autoscaling
10.1.1 Using Host-based Metric
10.2 Virtual Machine Scale Sets
10.3 Creating a Virtual Machine Scale Set
10.4 Connecting to Virtual Machines in a Scale Set
10.5 Proximity Placement Group
10.6 Redundancy and Fault Domains
10.6.1 Three scenarios that impacts an Azure Virtual Machine
10.6.2 Configure multiple virtual machines in an availability set for redundancy
10.6.3 Use managed disks for VMs in an availability set
10.6.4 Use scheduled events to proactively respond to VM impacting events
10.6.5 Configure each application tier into separate availability sets
10.6.6 Combine a load balancer with availability sets
10.6.7 Use availability zones to protect from datacenter level failures
10.7 Introduction to Azure Load Balancing technologies
10.8 Azure Application Gateway and Public load balancing
10.9 Azure Internal Network Load Balancer
10.10 Troubleshoot Load Balancing
10.10.1 No outbound connectivity from Standard internal Load Balancers (ILB)
10.10.2 Can't change backend port for existing LB rule of a load balancer that has virtual machine scale set deployed in the backend pool.
10.10.3 Small traffic is still going through load balancer after removing VMs from backend pool of the load balancer
10.10.4 Load Balancer in failed state
10.10.5 VMs behind the Load Balancer are not responding to health probes
10.10.6 Virtual machines behind a load balancer are receiving uneven distribution of traffic

11. Vertical Scaling
11.1 Resizing Virtual Machines
11.1.1 To Resize a virtual machine which is available in the current cluster
11.1.2 Resizing a Virtual Machine to support Ultra Disk

12. Azure Desired State Configuration (DSC)
12.1 Introduction to Desired State Configuration
12.2 Creating a DSC Configuration for Web Server
12.3 Compiling a DSC Configuration in Azure Automation
12.4 Onboarding an Azure Virtual machine to compiled DSC Configuration.

13. Virtual Networks Peering
13.1 Introduction to VNet Peering
13.1.1 Benefits of VNet Peering
13.1.2 Connectivity
13.1.3 Service chaining
13.1.4 Gateways and on-premises connectivity
13.2 Configuring VNet Peering
13.3 Configuring User-Defined Routes for VNet Peering
13.4 Azure DNS Private Zones
13.5 Configure Azure (Public) DNS
13.6 Azure Private Link and Private Endpoint

14. Azure Network Watcher
14.1 Network Watcher Monitoring
14.1.1 Installing Network Watcher Agent Extension
14.1.2 Creating Connection Monitor
14.2 Network Watcher IP Flow Verify
14.3 Capturing Packets by Network Watcher
14.4 Network Security Group Flow Logging
14.5 Viewing Traffic Analytics

15. Azure P2S VPN
15.1 Introduction to P2S (Point-to-Site) VPN
15.2 Authentication Certificates
15.2.1 Generating a Client Authentication certificate
15.2.2 Exporting the Root Certificate in BASE64 public key .cer format
15.2.3 Configuring VPN Client Address Pool and Tunnel Type
15.2.4 Uploading trusted Root Certificate
15.2.5 Generate VPN Client packages

16. Azure Multi-Factor Authentication
16.1 Introduction to Azure MFA
16.2 Implementing cloud-based Azure Multi-Factor Authentication
16.3 Installing Microsoft Authenticator App
16.4 Testing Azure MFA
16.5 Entra ID Sign-ins report

17. Creating Azure App Service
17.1 Introduction to Azure App Service
17.2 Azure App Service Plan
17.3 Creating Azure App service
17.4 Scaling Up Azure App
17.5 Scaling Out Azure App
17.6 Staging Environment and Deployment Slots
17.6.1 Adding a deployment slot
17.6.2 Cloning an App Slot
17.7 Swapping slots
17.8 Swap with Preview

18. Azure Container Instances
18.1 Introduction to ACI
18.2 Creating Azure Container Instance
18.3 Viewing Container Logs
18.4 Azure Container Group
18.4.1 About Container Group deployment
18.4.2 About Resource Allocation
18.4.3 About Container Group Networking
18.4.4 About Storage for Container Group
18.4.5 Usage scenarios for deploying containers in a Container Group
18.4.6 Deploying Container Group with Resource Manager Template
18.5 Quota and Limits of Azure Container Instances

19. Azure Container Registry
19.1 Introduction to Azure Container Registry, Repository and Images
19.1.1 About Container Registry
19.1.2 About Repository
19.1.3 About Container Image
19.2 Use cases and Key features of Azure Container Registry
19.3 Creating a Private Container Registry
19.4 Pull, Build, Push, Run a container image using Azure Container Registry Tasks
19.5 Azure Container Registry Roles and Permissions

20. Azure Kubernetes Service (AKS)
20.1 Cloud Based Kubernetes
20.2 AKS Cluster Architecture
20.2.1 Control plane
20.2.2 Nodes and node pools
20.2.3 Pods
20.2.4 Deployments and YAML manifests
20.3 Prepare an Application for AKS
20.4 Creating AKS Cluster
20.5 Deploying and Running applications in AKS
20.6 Scale applications in AKS
20.7 Updating an AKS application
20.8 Upgrade Kubernetes in Azure Kubernetes Service (AKS)