Want to become Azure Cloud certified? Say no more!

In my previous article I wrote about the cybersecurity skill gap and how to fix it. As promised, this article will be more focused on cloud and how to become cloud certified, specifically Azure cloud certified.

Per Gartner biggest public cloud providers in 2023 are:

• Amazon Web Services (AWS) has a market share of 40%
• Microsoft Azure has a market share of 21.5%
• Alibaba Group has a market share of 7.7%
• Google Cloud Platform (GCP) with Market Share of 7.5%

For this article, I will stick to the Azure certifications, while other big cloud providers will be covered in future articles.

Microsoft Azure

As seen in the picture above, there are a lot of paths regarding the Azure cloud. The main paths would be:

• Security

• Data and Analytics

• Developer

• Infrastructure

• AI

Fundamentals-level Exams

If you are starting to learn Azure Cloud, there is one main starting point for all the other paths — AZ-900: Microsoft Azure Fundamentals.

I am putting the Azure Fundamentals exam before the other fundamentals exam because it gives you a higher-level overview of the whole Azure Cloud, services, differences between IaaS (Infrastructure as a Service), SaaS (Software as a Service), and PaaS (Platform as a Service), and all the shared responsibility on the cloud between Microsoft and customers.

Division of responsibilities on Azure Cloud — image courtesy by Microsoft

It is not only a fundamentals exam since all of those previously mentioned paths have their own fundamentals exam:

• Security — SC-900: Microsoft Security, Compliance, and Identity Fundamentals

• Data & Analytics — DP-900: Microsoft Azure Data Fundamentals

• AI — AI-900: Microsoft Azure AI Fundamentals

Microsoft Certified Fundamentals badge — image courtesy of Microsoft Learn

As you could see on the roadmap above, the developer and infrastructure paths don’t have their own Fundamentals exam, so AZ-900 is the recommended one before you move into associate and expert-level exams on those paths.

But before proceeding on the other paths, I would strongly recommend taking AZ-900 to get a good overview of the Azure cloud as a whole.

Associate-level Exams

If you are reading this part, then good for you! That suggests that you’ve passed one of the fundamental exams and you want to see where to go next.

Microsoft Certified Associate badge — image courtesy of Microsoft Learn

Well, for starters, there are far more associate-level exams than fundamentals. The latest list is:

Developer Certifications

• AZ-204: Azure Developer Associate - participates in all phases of development, including requirements gathering, design, development, deployment, security, maintenance, performance tuning, and monitoring. Also, it is recommended for you have at least two years of professional development experience and experience with Azure

Application hosting - image courtesy of Microsoft Azure Developer Guide

Data and Analytics Engineer Certifications

• MB-260: Dynamics 365 Customer Insights (Data) Specialty - Specialists that implement solutions that provide insights into customer profiles and track engagement activities to help improve customer experiences and increase customer retention.

Enhanced customer dimension with Dynamics 365 Customer Insights — image courtesy of Microsoft

• DP-100: Azure Data Scientist Associate — expertise in applying data science and machine learning to implement and run machine learning workloads on Azure.

• DP-500: Azure Enterprise Data Analyst Associate — expertise in designing, creating, and deploying enterprise-scale data analytics solutions.

• DP-203: Azure Data Engineer Associate — expertise in integrating, transforming, and consolidating data from various structured, unstructured, and streaming data systems into a suitable schema for building analytics solutions.

Modern analytics architecture with Azure Databricks — image courtesy of Microsoft

• DP-300: Azure Database Administrator Associate — expertise in building database solutions that are designed to support multiple workloads built with SQL Server on-premises and Azure SQL services.

• DP-203: Azure Data Engineer Associate — helps stakeholders understand the data through exploration and build and maintain secure and compliant data processing pipelines by using different tools and techniques. They use various Azure data services and frameworks to store and produce cleansed and enhanced datasets for analysis. A data engineer also helps to ensure that the operationalization of data pipelines and data stores is high-performing, efficient, organized, and reliable, given a set of business requirements and constraints.

Architecture example of Data warehousing and analytics — image courtesy of Microsoft

AI Certifications

• AI-102: Azure AI Engineer Associate — expertise in building, managing, and deploying AI solutions that leverage Azure AI.

Azure AI services - image courtesy of Microsoft Tech Community

Infrastructure Certifications

• AZ-104: Azure Administrator — expertise in implementing, managing, and monitoring an organization’s Microsoft Azure environment, including virtual networks, storage, compute, identity, security, and governance.

• DP-420: Azure Cosmos DB Developer Specialty — expertise designing, implementing, and monitoring cloud-native applications that store and manage data; some of the responsibilities include: designing and implementing data models and data distribution; loading data into an Azure Cosmos DB database; and optimizing and maintaining the solution.

• AZ-700: Azure Network Engineer Associate — expertise in planning, implementing, and managing Azure networking solutions, including core network infrastructure, hybrid connectivity, application delivery services, private access to Azure services, and network security.

Example of Azure Network Infrastructure — image courtesy of Microsoft

• AZ-140: Azure Virtual Desktop Specialty — server or desktop administrator with subject matter expertise in designing, implementing, managing, and maintaining Microsoft Azure Virtual Desktop experiences and remote apps for any device.

• AZ-120: Azure for SAP Workloads Specialty — Engineer with extensive experience and knowledge of the systems applications and products (SAP) system landscape and industry standards that are specific to the initial migration or integration and the long-term operation of an SAP solution on Microsoft Azure.

• AZ-800/AZ-801: Windows Server Hybrid Administrator Associate — expertise in configuring and managing Windows Server on-premises, hybrid, and infrastructure as a service (IaaS) platform workloads. Responsibilities in this role include integrating Windows Server environments with Azure services and managing Windows Server on-premises networks. In this role, you manage and maintain Windows Server IaaS workloads in Azure, in addition to migrating and deploying workloads to Azure.

Security Engineer Certifications

• AZ-500: Azure Security Engineer — implements, manages, and monitors security for resources in Azure, multi-cloud, and hybrid environments as part of an end-to-end infrastructure. Takes care of security components and configurations to protect identity and access, data, applications, and networks. Other responsibilities that fall under security engineering are: managing the security posture; identifying and remediating vulnerabilities; threat modeling; and implementing threat protection.

Security Architecture Design — image courtesy of Microsoft Azure Architecture Center

• SC-300: Identity and Access Administrator Associate — As a Microsoft identity and access administrator, you design, implement, and operate an organization’s identity and access management by using Microsoft Entra ID. Administrator Associate configures and manages the full cycle of identities for users, devices, Microsoft Azure resources, and applications.

Microsoft Entra ID — image courtesy of Microsoft Entra Blog

• SC-200: Security Operations Analyst Associate — A Microsoft security operations analyst is responsible for reducing organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. This part is mostly related to Security Operations Center (SOC) teams. As part of their responsibilities, operations analysts perform triage, incident response, vulnerability management, threat hunting, and cyber threat intelligence analysis.

Hybrid security monitoring with Microsoft Defender for Cloud and Microsoft Sentinel — image courtesy of Microsoft

• SC-400: Administering Information Protection and Compliance in Microsoft 365 — As an information protection and compliance administrator, you plan and implement risk and compliance controls in the Microsoft Purview compliance portal. In this role, you translate an organization’s risk and compliance requirements into technical implementation. You’re responsible for implementing and managing solutions for content classification, data loss prevention (DLP), information protection, data lifecycle management, records management, privacy, risk, and compliance.

Microsoft Purview governance portal — Image courtesy of Microsoft

Depending on the path you’ve chosen, I would suggest following the roadmap above, going from fundamentals to associate and, lastly, towards the expert certification level.

Expert-level Exams

Last but not least are expert-level exams, which require taking one of the associate exams before tackling them.

Microsoft Certified Expert badge — image courtesy of Microsoft Learn

• AZ-305: Designing Microsoft Azure Infrastructure Solutions — As a Microsoft Azure solutions architect, you have subject-matter expertise in designing cloud and hybrid solutions that run on Azure, including compute, network, storage, monitoring and security.

Responsibilities for this role include advising stakeholders and translating business requirements into designs for Azure solutions that align with the Azure Well-Architected Framework. In this role, you implement solutions on Azure by partnering with various other job roles, including developers, administrators, security engineers, and data engineers.

As a prerequisite for AZ-305, you should pass AZ-104 (Azure Administrator Associate).

Hub and Spoke topology with directly connected virtual networks — image courtesy of Microsoft

• AZ-400: Designing and Implementing Microsoft DevOps Solutions — As a DevOps engineer, you’re a developer or infrastructure administrator who also has subject matter expertise in working with people, processes, and products to enable continuous delivery of value in organizations.

Responsibilities for this role include designing and implementing strategies for collaboration, code, infrastructure, source control, security, compliance, continuous integration, testing, delivery, monitoring, and feedback. Also, as a DevOps engineer, you work on cross-functional teams that include:

• Developers
• Site reliability engineers
• Azure administrators

As of now, there is no prerequisite for AZ-400.

Azure DevOps suite — image courtesy of telerik.com

• SC-100: Cybersecurity Architect Expert — As a Microsoft cybersecurity architect, you translate a cybersecurity strategy into capabilities that protect the assets, business, and operations of an organization. You design, guide the implementation of, and maintain security solutions that follow Zero Trust principles and best practices, including security strategies for identity, devices, data, applications, networks, infrastructure, and DevOps.

Plus, you design solutions for:

Governance and Risk Compliance (GRC)

Security operations

Security posture management

As a cybersecurity architect, you continuously collaborate with leaders and practitioners in IT security, privacy, and other roles across an organization to plan and implement a cybersecurity strategy that meets the business needs of the organization.

• PL-600: Power Platform Solution Architect Expert — If you’re looking to prove your expertise as a Microsoft Power Platform or Microsoft Dynamics 365 solution architect, or if you’re a developer or a senior consultant ready to take the next step to become a solution architect, this expert certification can help you move forward in your career.

This role requires you to have the ability to identify opportunities to solve business problems.

You should have functional and technical knowledge of:

Microsoft Power Platform

Dynamics 365 customer engagement apps

Related Microsoft cloud solutions

Other third-party technologies

Microsoft Power Platform — image courtesy of Microsoft

Oh, so those are all official certificates. But is there any other way I can prove my skills without taking the official certificates?

Well, yes, of course there is. Microsoft thought of that part as well. Since last month, Microsoft has introduced Applied Skills, a new way to demonstrate your Azure knowledge through different types of labs.

They give you 2 hours to finish the lab with some tasks and demonstrate your skills in a test environment. Even if you fail for some reason, don’t fret — you can retake the lab every 72 hours, so that should take some pressure off your shoulders.

Ok, Vedran, got it. Long way ahead, but tell me what path you took.

Well, for me, it was quite easy since I wanted to get mostly into the security part. So initially, I figured out I needed more general Azure knowledge, which led me to take the AZ-900 exam.

After I got that one in the bag, my next step was to do the AZ-500, which I’d also passed 1.5 years after I got the job in the first place.

Now my last piece of the puzzle in the security path is SC-100, which I plan to take in the near future, and after that, who knows? I will need to look at this article and think about it for a while. It will also depend on the requirements of my team and projects in general.

From the Applied skills side, I’ve completed — Configure SIEM security operations using Microsoft Sentinel and Secure Azure services and workloads with Microsoft Defender for Cloud regulatory compliance controls at the moment, but I plan to take a few more in the future.

Anyway, once I’ve decided on both certificates and applied skills, I will keep you all in the loop.

Additional useful links:

• Azure Training + Certification guide

• John Savill’s Technical Training

• Microsoft Learn

• Microsoft Tech Community Blog

• Microsoft Security Community Webinars

• Become Microsoft Certified

• Microsoft Applied Skills

Conclusion

As always, thank you for sticking with me until the end of the article. I know this was a longer one, but I hope that it will provide you with some useful insights on how to get started with Azure Cloud.

Also, if you’ve liked the article - share it around, it would mean a lot. On the same note, check out the new article that Martina wrote on the EDR/MDR/XDR topic and also pen testing and ethical hacking articles from Herc

For all the questions and all the feedback on the subject, you can find me on LinkedIn and read the rest of our articles here on Cyberdnevnik.

Cheers,

Vedran.