Azure Solutions Architect

Purpose

This is to track my notes, thoughts and other items as I go through the Azure Solutions Architect Expert Learn module.

This will be similar to the AZ-104 project with the exception that, from the beginning, I fully intend to take the AZ-305 certification.

• Purpose
• Resources
• Pre-Requisites
• Unique Problems
  • Root Scope Issues
• Gaps
• TOC

Resources

• Learn Study Guide
• Azure Architecture Center

Pre-Requisites

This is called out on the Learn module, however, I have the feeling that their recommendation of AZ-104 is a bit overkill. If you have been exposed to most of Azure’s offerings (VMs, Containers, Networking, WebApps, Storage, IAM) in a real world setup then you should be fine. Simply target any gap areas as you encounter them and continue through.

That being said, there is value in going back and at least skimming through material that is already known. Microsoft is constantly modifying and adding content to Azure and there can be interesting discoveries. I had heard of the Azure CLI Interactive mode before, but it wasn’t until I actually used it in one of the basic, pre-requisite modules that it truly interested me.

Unique Problems

This section calls out pain points and other ‘gotcha’s’ that I came across while completing the Learn module.

Root Scope Issues

Elevating access for my Global Admin account in order to deploy the landing zone encountered problems.

Problem: I received the following when trying to deploy the landing zone template: “You don’t have authorization to perform action ‘Microsoft.Resources/deployments/validate/action’.”

Solution: Follow steps here and/or here

1. Follow the portal steps then log out and back in of the Azure portal
2. Click on the “Azure CLI” tab in the first link and complete rest post method from a remote PowerShell connection, or from an Azure cloud terminal
   • az rest --method post --url "/providers/Microsoft.Authorization/elevateAccess?api-version=2016-07-01"
3. Run the commands from here. Note that if the variable doesn’t take you can prepend a $ which will fix the issue if you’re in PowerShell.
   • 'spn_displayname='<ServicePrincipal DisplayName>'
   • az role assignment create --scope '/' --role 'Owner' --assignee-object-id $(az ad sp list --display-name $spn_displayname --query '[].{objectId:objectId}' -o tsv) --assignee-principal-type ServicePrincipal

The interesting part of my problem was that the $user.Id always came back null. I suspect this is due to the type of Azure tenant I’m using (personal tenant with my Outlook.com/Microsoft account) and my user technically being an external user (username_outlook.com#EXT#@usernameoutlook.onmicrosoft.com)? The REST method got around that issue and I proceeded onto the SPN part just in case.

Gaps

Filling in areas where I feel the Learn module didn’t go into enough detail, items that I struggled with, etc.

• Probably a good idea to take a look at all of the help page features on the Woodgrove demo site. More info

TOC

• Design Governance
• Authentication and Authorization
• High Availability and DR
• Log and Monitor
• Structured and Unstructured Storage
• Big Data
• Compute Solutions
• Network_solutions
• Migrations
• Waf