AZ-720: Troubleshooting Microsoft Azure Connectivity

Audience Profile

Candidates for the Azure Support Engineer for Connectivity Specialty certification are support engineers with subject matter expertise in using advanced troubleshooting methods to resolve networking and connectivity issues in Azure.
Professionals in this role troubleshoot hybrid environments, including issues with Azure Virtual Machines, virtual networks, and connectivity between on-premises and Azure services. They use various tools and technologies to diagnose and identify root causes for complex issues.
Candidates for this exam should have experience with networking and with hybrid
environments, including knowledge of routing, permissions, and account limits. They must be able to use available tools to diagnose issues related to business continuity, hybrid environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control, networking, and virtual machines connectivity.

Course Outline

Troubleshoot business continuity issues (5–10%)

Troubleshoot backup issues

  • review and interpret backup logs
  • troubleshoot Azure virtual machines backup issues including restarting a failed backup job
  • troubleshoot issues with Azure Backup agents
  • troubleshoot Azure Backup Server issues
  • troubleshoot scheduled backups

Troubleshoot recovery issues

  • troubleshoot Azure Site Recovery issues
  • troubleshoot site recovery in hybrid scenarios that include Hyper-V, VMware ESX, or System Center Configuration Manager
  • troubleshoot restore issues when using Azure Backup Agent, Azure backup, or Azure Backup Server
  • troubleshoot issues recovering files from an Azure virtual machine backup

Troubleshoot hybrid and cloud connectivity issues (20–25%)

Troubleshoot virtual network (VNet) connectivity

  • troubleshoot virtual private network (VPN) gateway transit issues
  • troubleshoot hub-and-spoke VNet configuration issues
  • troubleshoot global VNet peering connectivity issues
  • troubleshoot peered connections

Troubleshoot name resolution issues

  • troubleshoot name resolution for scenarios that use Azure-provided name resolution
  • troubleshoot name resolution for scenarios that use custom DNS servers
  • review and interpret DNS audit logs
  • troubleshoot name resolution for Azure private DNS zones
  • troubleshoot issues with DNS records at public DNS providers
  • troubleshoot domain delegation issues

Troubleshoot point-to-site virtual private network (VPN) connectivity

  • troubleshoot Windows VPN client configuration issues
  • troubleshoot OpenVPN VPN client configuration issues
  • troubleshoot macOS VPN client configuration issues
  • troubleshoot issues with certificate-based VPN connections
  • troubleshoot issues with RADIUS-based VPN connections
  • troubleshoot Azure Active Directory (Azure AD) authentication issues

Troubleshoot site-to-site virtual private network connectivity

  • review and interpret network logs and captured network traffic from a VPN gateway
  • determine the root cause for latency issues within site-to-site VPNs
  • review and interpret gateway configuration scripts
  • reset a VPN gateway
  • troubleshoot gateway issues by running Log Analytics queries

Troubleshoot Azure ExpressRoute connectivity issues

  • determine whether routes are live and correctly configured
  • validate the peering configuration for an ExpressRoute circuit
  • reset an ExpressRoute circuit
  • troubleshoot route filtering
  • troubleshoot custom defined routes
  • determine the root cause for latency issues related to ExpressRoute

Troubleshoot Platform as a Service issues (5–10%)

Troubleshoot PaaS services

  • troubleshoot issues connecting to a PaaS
  • troubleshoot firewalls for PaaS services
  • troubleshoot PaaS configuration issues
  • determine the root cause for service-level throttling

Troubleshoot PaaS integration issues

  • troubleshoot issues integrating PaaS services with virtual networks
  • troubleshoot subnet delegation issues
  • troubleshoot issues with private endpoints and service endpoints
  • troubleshoot issues with Azure Private Link

Troubleshoot authentication and access control issues (15–20%)

Troubleshoot Azure AD authentication

  • determine why on-premises systems cannot connect to Azure resources
  • troubleshoot Azure AD configuration issues
  • troubleshoot self-service password reset issues
  • troubleshoot issues with multifactor authentication

Troubleshoot hybrid authentication

  • troubleshoot Azure AD Connect synchronization issues
  • troubleshoot Azure AD to Active Directory Domain Services (Azure AD DS) integration issues
  • troubleshoot connectivity issues between Azure AD and Active Directory Federation
  • Services (AD FS)
  • troubleshoot issues with pass-through authentication and password hash
  • synchronization
  • troubleshoot Azure AD Application Proxy connectivity issues

Troubleshoot authorization issues

  • troubleshoot role-based access control (RBAC) issues
  • troubleshoot issues storing encrypted passwords in Azure Key Vault
  • troubleshoot sign-in issues related to Azure AD Conditional Access policies

Troubleshoot networks (25–30%)

Troubleshoot Azure network security issues

  • determine why Azure Web Application Firewall is blocking traffic
  • troubleshoot encryption and certificate issues for point-to-site and site-to-site scenarios
  • troubleshoot connectivity to secure endpoints
  • Troubleshoot Azure network security groups (NSGs)
  • troubleshoot NSG configuration issues
  • review and interpret NSG flow logs
  • determine whether a VM or a group of VMs is associated with an application security
  • group (ASG)

Troubleshoot Azure Firewall issues

  • troubleshoot application, network, and infrastructure rules
  • troubleshoot network address translation (NAT) and distributed network address
  • translation (DNAT) rules
  • troubleshoot Azure Firewall Manager configuration issues

Troubleshoot latency issues

  • determine the root cause for VM-level throttling
  • determine the root cause for latency issues when connecting to Azure virtual machines
  • determine the root cause for throttling between source and destination resources
  • troubleshoot bandwidth availability issues
  • determine whether resource response times meet service-level agreements (SLAs)

Troubleshoot routing and traffic control

  • review and interpret route tables
  • troubleshoot asymmetric routing
  • troubleshoot issues with user-defined routes
  • troubleshoot issues related to forced tunneling
  • troubleshoot Border Gateway Protocol (BGP) issues
  • troubleshoot virtual network peering, transitive routing, and service chaining
  • troubleshoot routing configuration issues in Azure

Troubleshoot load-balancing issues

  • determine whether VMs in a load-balanced cluster are healthy
  • troubleshoot issues with Azure Load Balancer
  • review and interpret load balancer rules
  • troubleshoot traffic distribution issues
  • evaluate the configuration of Azure Traffic Manager
  • troubleshoot issues with Azure Traffic Manager profiles
  • troubleshoot port exhaustion issues
  • troubleshoot issues with Azure Front Door
  • troubleshoot issues with Azure Application Gateway

Troubleshoot VM connectivity issues (5–10%)

Troubleshoot Azure Bastion

  • troubleshoot issues deploying Azure Bastion
  • troubleshoot connectivity issues
  • troubleshoot authorization issues

Troubleshoot just-in-time (JIT) VM access

  • validate connectivity with a VM
  • troubleshoot Microsoft Defender for Cloud configuration issues
  • determine which resources are authorized to use JIT VM access