How to prepare for the AZ- 204 Exam: An Articulated Case Study

November 24, 2022 | Comments(0) |

Pre-requisites:  

 

TABLE OF CONTENT

1.Overview

2.Getting Started with Azure Virtual Machines

3.Infrastructure as a Code using ARM Templates

4.Virtualization of Apps through Containers

5.Creating HTML Website using Azure App Service

5.Durable Functions for Serverless Computing

5.Storing data with Blob Storage & Cosmos DB

5.Identity Providers for Authentication & Authorization

5.Securing Cloud Solutions using Key Vault and App Configuration

5.Management of APIs through Azure Portal

5.Durable Functions for Serverless Computing

6.Handling Events through Event Grid and Event Hub

6.Sending and Receiving Messages through Service Bus and Storage Queue

6.Monitoring and Logging with Azure Monitor and Application Insights

6.Improving Performance using Redis Cache and CDN

6.Conclusion

 

Overview

AZ-204 is the most sought-after certification for developers looking to enhance their skills in Microsoft cloud and companies planning to migrate their services to the cloud platform. Since this is an associate-level certification it does not have any prerequisite. This means anyone who wants to learn development in Azure from scratch can start by preparing for this certification. 

Several standard, as well as customized training for this course, are available that equip you with all the necessary tools and resources to prepare for and clear the AZ-204 exam. However, while delivering AZ-204 sessions over all these years, I have seen several instances where theories and demos covered in these courses (as part of the Microsoft curriculum) don’t provide complete clarity on the topics. 

I thus intend to fill the gaps that I have discovered in the modules for which demos and labs are not sufficient. I have hand-picked a list of specific articles which have demos related to concepts covered in AZ-204. Also, the tutorials which I am going to share are simple to follow and not only I have tested each one of these but also have been demonstrating them throughout my training to the participants to enhance their learning. 

So I am sharing my learning experience with you in this article which has helped people excel in the AZ-204 exam. 

Getting Started with Azure Virtual Machines

I would recommend all the AZ-204 who are starting with their labs to first create a Virtual Machine and perform all the demos from the articles in that Virtual Machine. If you are a newbie to AZ-204 or to Virtual Machines and do not know how to create one here is the first article that will help you:  

https://learn.microsoft.com/en-us/azure/virtualmachines/windows/quick-create-portal  

You can create a VM using the Azure Portal, Windows PowerShell/CLI, or the Azure templates (ARM/Bicep). This article covers all of them. 

Since the Azure Portal gives a UI-based experience, it is recommended for beginners to do it through the portal initially. The article is self-explanatory and has easy-to-follow steps. Still, if you have never used Azure Portal before I would recommend you go through the getting started documentation for Azure. 

Once you have your Azure VM created you can connect to the VM using RDP (Remote Desktop 

Protocol) protocol as demonstrated in the article. You can then launch Azure Portal inside the VM to create another VM which will be a Linux Ubuntu VM where you will also be logging through RDP. Optionally, you can create the 2nd (Ubuntu) VM outside of your 1st (Windows) VM from the Azure Portal as we will only be using it to demonstrate how to connect RDP to a Linux VM. 

Ideally, Linux VMs are used with the SSH (Secure Shell) protocol where we log into a Linux VM using the Bash commands in Azure CLI or Command Prompt. Here, using the following article we are allowed to be connected to the Ubuntu VM using RDP and navigate inside the visual interface of the Virtual Machine: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/use-remote-desktop?tabs=azure-cli  

This article follows an approach with additional steps to allow RDP connection into the Linux VM as a workaround. It also has links to connect to Linux VM through SSH in case you want to go through the steps. Also, here is more article used as part of the training demo which performs all these steps and then shares steps to install an NGINX server inside the VM. 

Infrastructure as a Code using ARM Templates

Azure Resource Manager templates are covered in detail in AZ-204 just after VMs but nested ARM templates are a section that is covered in AZ-204 in brevity. Also, the linked template is not covered in AZ-204 but is shortly covered in AZ-400. So, the learners do not get a good amount of clarity on these two topics which leave them unsatiated. 

This article by Microsoft gives a detailed theory for nested and linked ARM templates: https://learn.microsoft.com/enus/azure/azure-resource-manager/templates/deployment-tutorial-local-template?tabs=azurepowershell. 

Also, if you don’t have any experience deploying ARM templates in Azure and want to learn from scratch the following tutorial will give you a step-by-step guidance: https://learn.microsoft.com/enus/azure/azure-resource-manager/templates/template-tutorial-create-first-template?tabs=azurepowershell. 

However, if you have deployed ARM templates before and just want to get insights into how to deploy linked templates you can go through this article: https://learn.microsoft.com/enus/azure/azure-resource-manager/templates/deployment-tutorial-local-template?tabs=azurepowershell  

The article first deploys a local ARM template (this can also be considered as an intermediate and summarized version of the above article) and then deploys an ARM template for a Storage Account and an App Service. The links of the ARM templates for these resources are stored in a GitHub Repository. 

*It also has an additional demo for creating a CI/CD pipeline in Azure DevOps which can be created using templates but that is optional and can be skipped 

Virtualization of Apps through Containers

The next big thing in virtualization is containers – a lightweight and faster solution to Virtual Machines when you want to deploy your source code from any public or private repository. So, everybody wants a shot at deploying their apps through containers instead of Virtual. Containers are so popular that Azure has multiple services that deal with images as well as containers. Two of those services which are discussed in detail in AZ- 204 are Azure Container Registry and Azure Container Instances. 

ACR is a centralized repository to store all the images that you have or create, using which you easily pull that image and deploy them as a container. So I will share an article that helps you to first create an ACR, then build your image as a Dockerfile from the source code stored in your GitHub and then finally publish that image into ACR: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-prepare-registry  

In the next steps, it also deploys the image you created from the Dockerfile and stored into ACR using Azure Container Instances. Then finally you can also update the app from your source code, update the image, and push it back into the ACR using a webhook. 

Another feature that learners struggle a lot with is ACR tasks. The only thing you can do from the demo shows how to use a build task to push your build image into ACR. The article that I am sharing now highlights not only an elaborate demo for a simple build task but also tasks based on code commit and other types: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tutorialquick-task  

I have one more interesting article which not only builds an image and pushes it to ACR but also deploys that image to a web app, establishing a connection between the web app and ACR through Managed Identity, and monitors for diagnostic logs from the web app. All this is done using CLI commands in this article: https://learn.microsoft.com/en-us/azure/app-service/tutorial-customcontainer?pivots=container-linux  

Creating HTML Website using Azure App Service

The most popular service for developers is definitely Azure App Service. Microsoft in AZ-204 shares a demo that can be used to create an App Service Plan and then an HTML-based web app using CLI commands: https://learn.microsoft.com/en-us/azure/app-service/quickstart-html.  

You would have to first clone the source code for this website from a GitHub repository into your cloud shell (or local system) and then publish it as an App Service in Azure. After this app gets published you can use it to demonstrate configuration, autoscaling as well as deployment slots with traffic management. 

Although I have already shared an article that demonstrates how to push a container app to 

Azure app service, there is a quick start demo available that would create an app for you in Azure App Service using ARM templates and connect it with a Cosmos DB account which it creates. The web app displays a list to enter items with titles and descriptions, the data of which directly gets sent to the Cosmos DB account. 

So a lot of learners who are new to Azure App Service and Cosmos DB would find this article really helpful: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/create-website  

Durable Functions for Serverless Computing

Serverless is a bus that everybody wants to hop on, and Azure Functions are the revolution in Serverless. 

Azure Functions provide you with a way to create apps that only cost you when they get triggered. In functions, there is a particular topic that has a lot of patterns but we hardly get into the demo of how they work. 

Now, the funny thing is that a very basic demo is available from Microsoft for you to design a durable function using .NET which runs locally as well as you can publish it to Azure Function App.  

Using this article, you can create an empty durable Function App and then add a Durable Orchestrator Function to it. It will also add a starter and an activity function to it. Then you can test the function locally or publish it in Azure and get the details of the orchestrator function in JSON format using the GetStatusURI link: https://learn.microsoft.com/en-us/azure/azure-functions/durable/durable-functionscreate-first-csharp?pivots=code-editor-visualstudio  

Storing data with Blob Storage & Cosmos DB

For the storage part even following the lab is enough but if you want to explore more you can follow one UI based and one .NET article which I found but have not gone through it:   

These are only for Blob storage and for Cosmos DB; I have already shared one with Azure App Service so you can experiment with it further. 

Identity Providers for Authentication & Authorization

Security is the greatest concern for apps and Azure takes the security of App Services seriously. That is why there is a default feature for connecting your App Service in Azure to an Identity Provider using Microsoft or other social media login. Once your app is registered via the Identity Provider to Active Directory, only authenticated users can access your web app. The article is very easy to follow and has minimal steps: https://learn.microsoft.com/en-us/azure/app-service/scenario-secure-appauthentication-app-service  

Microsoft Graph is a service that requires a demo too. So, we do perform a walkthrough of the Graph Explorer portal, but there are other demos available that are a little complex to follow. Since I haven’t self-verified them, I am just sharing one to try out for the inquisitive: 

https://developer.microsoft.com/en-us/graph/quick-start?code=M.R3_BAY.12bb5ce0-30b2-c1a8-630a380d1ef86a05&state=option-dotnet  

Securing Cloud Solutions using Key Vault and App Configuration

In Security, Azure Key Vault is everyone’s favorite service, and for the right reasons. With Azure Key Vault, you can not only secure confidential data but also easily manage it in a central repository. The demo offered by Microsoft in AZ-204 demonstrates how you can create a Key Vault and a secret using Azure CLI and view the secret from the command line. After that is done, the next module talks about the system and user-assigned Managed Identity and how you can service in Azure authenticate with another one using it. 

There is no demo available as such for Managed Identity in AZ-204 still it can be shown through a basic workflow of storing a connection string for a storage account as a secret in Key Vault. A web app with a system-assigned Managed Identity is then used to access the connection string using the secret identifier stored in the configuration of the app. 

The user also needs to add the Service Principal of the app generated from the Managed Identity into the vault access policy of the Key Vault to provide access to the web app for the secret. However, if you want to combine both these services for a complete demonstration using Virtual Machine using CLI commands you can follow this article: https://learn.microsoft.com/en-us/azure/key-vault/general/tutorial-net-virtual-machine?tabs=azure-cli. 

The last service in this module is not used primarily for security but rather for the management of configuration and other data in a central repository. However, learners who are familiar with Azure App Configuration know well that there is another feature that makes this service popular – the use of feature flags to deploy an app with feature controls. Features can be created using the appsettings.json or config.json file and then linked to the flags in Azure App Configuration using Feature Manager. 

This is a demo that most people in the AZ-204 course yearn for but are unfortunately deprived of. The common demo available in Microsoft docs does not work with the new version of Visual Studio. So, I had to do a lot of digging to find one which serves the purpose and is easy to follow. If you want to play with Feature Flags in Azure App Configuration, try this quickstart: https://learn.microsoft.com/enus/azure/azure-app-configuration/quickstart-feature-flag-azure-functions-csharp?tabs=in-process  

Management of APIs through Azure Portal

API management is the developers’ holy grail in AZ-204. So, when the time comes to go through that module, learners expect a full-fledged working demo to give them insight into Azure as well as the developer portal. So, we do walk them through the API management process in detail with a demo. Since it is not enough to get the complete picture of how the service works in one go, I am sharing the tutorial that has step-by-step articles to embark you on the complete journey: https://learn.microsoft.com/en-us/azure/api-management/import-and-publish  

A very important aspect of API management in Azure is the policies you can set for controlling the use of the APIs. A special policy that can be enabled directly from the Azure Portal and which a lot of learners also ask about is the Cross-Origin Resource Sharing (CORS) policy. Although there is no separate need for a demo related to it in API management, I am sharing one which I have yet to try. However, it can give you an advanced overview of the concepts: https://learn.microsoft.com/en-us/azure/appservice/app-service-web-tutorial-rest-api  

Handling Events through Event Grid and Event Hub

Events are generated regardless of whether you choose to handle them or not. However, if you do choose to handle them then you will be inclined to use Event Grid or Hubs. Event Grid is just a backplane that channels your events from source to handler. It can be used with Azure or non-Azure services to deliver the events in batches, and also with the famous pub-sub model for creating event grid topics instead of subscriptions. 

For Event Grid, there is a demo available that is long and has too many complex CLI commands. It makes the learners anxious. So, we instead create an Event Grid Subscription from a storage account and then link it to a function in Azure. Every time a blob gets uploaded into or deleted from that account the event is triggered and goes through the Event Grid to the Event Grid type function which displays the event schema in the log monitor. 

Then comes Event Hub which is the premium service for temporarily storing the events in partitions and events can be consumed by a group of consumers using SDKs in .NET or any other programming language. There is no demo designated for Event Hub but since learners do ask for it, I found and tested one from the docs. It shows a quick publication of events from the .NET app into an Event Hub and then consumption of those events from the Event Hub into a Storage Account. You can try the same by using this tutorial: https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-dotnetstandard-getstarted-send  

Sending and Receiving Messages through Service Bus and Storage Queue

Service Bus is Azure’s enterprise-level queue for sending and receiving messages through the Azure portal, CLI commands, templates, or through SDKs. For AZ-204 this is the relevant quickstart article for the Service Bus demo: https://learn.microsoft.com/en-us/azure/servicebus-messaging/service-bus-dotnet-get-started-with-queues?tabs=passwordless%2Croles-azureportal%2Csign-in-azure-cli%2Cidentity-visual-studio  

It is good enough to get a starter-level idea of how to create a Service Bus namespace, a service bus queue, and send and receive messages through the .Net application. If you want to experiment with Service Bus topics there is a tutorial below it. 

Now, the second service is Azure Storage Queue which is a part of Storage Account. The Storage Queue can also be used to publish and subscribe to messages from the Azure Portal, but it mostly works best with the SDKs. A demo can be shown in the same way as we did for Service Bus. However, I specifically show a demo where an Azure Function with a storage queue trigger is connected to the storage account. Every time a message is published to the queue it is received by the Azure function and can then be viewed in the monitor logs. 

Monitoring and Logging with Azure Monitor and Application Insights

Monitoring and logging is a very small but important module in AZ-204 but we do not have any official demos for it. But instructors do walk them through Azure Monitor features like Alerts, Log Analytics, Metrics Explorer, Diagnostic Settings, and Workbooks. Although, a detailed overview is given in AZ-400 still every resource can be summarized along with a quick demo.  

Also, the use of Azure Metrics is demonstrated in the next module using Azure Cache for Redis. 

The most important thing in this module is Application Insights. So, to demonstrate Application Insights I run a quick availability (ping) test and take participants through the application map and other exclusive features like usage. A better version of the demo for telemetry like live metrics and integration using Application Insights in Visual Studio is reserved for AZ-400. But I guess this article can familiarize you with all the concepts of App Insights in an advanced sense: 

https://learn.microsoft.com/en-us/azure/azure-monitor/app/tutorial-asp-net-core  

Improving Performance using Redis Cache and CDN

When it comes to improving the performance of the application, Azure provides two very useful services – Azure Cache for Redis and Content Delivery Network (CDN). We have only one demo in AZ-204 for Redis Cache to connect Azure Cache for Redis with the .Net program and then store and retrieve data using key-value pairs. The result for the number of cache hits can be then viewed in the metrics. 

Apart from that, I go the extra mile to show participants how to set and get key-value pairs from the console for Azure Cache for Redis in the Azure Portal. I found a lot of tutorials demonstrating the use of Azure Cache for Redis with .Net and other language-based apps but this one is closest to the demo from AZ-204: https://learn.microsoft.com/en-us/azure/cdn/cdn-add-to-web-app?toc=%2Fazure%2Fcdn%2Ftoc.json  

Then, for Content Delivery Network we do have a lab, but I still prefer a demo from the portal by creating a CDN profile using Microsoft (classic) tier. Then, we add an endpoint to it with the URL of an HTML Web App we create in the Azure App Service module. After the endpoint is added we can view the time it takes to load the app through the origin server as well as the Point of Presence (POP). Then, if any change is made in the static content, again it takes time to fetch the page from the origin server. 

Here is a full explanation of how the same can be implemented in an effective way:  https://learn.microsoft.com/en-us/azure/cdn/cdn-add-to-web-app?toc=%2Fazure%2Fcdn%2Ftoc.json  

Conclusion

It is not difficult for anyone to find these articles online if one searches by the name of these modules but there is a reason why people still choose instructor-led training before appearing for certification. The content along with exercises and labs is openly available from Microsoft and one needs just time and effort to sit and prepare for it but that’s it. Time and effort are the most precious resources one can spare on something and if the time and effort it would take you to search the content and prepare for the exam could be drastically reduced by someone experienced what could be better? 

Not only that, but you would also have the guidance of a professional for exam preparation. Also, you would have someone beside you all the time while you are performing the lab in the Azure Portal and answer all your doubts related to the theory. It took me months to compile these articles so that not only I could have ready demos in my training but also, I could share them with people so it could be handy to new learners.   

If you found them helpful, please do share this blog with anyone in search of good content like this for the AZ-204 exam. For an extraordinary training experience to help you prepare for AZ-204 as well as other cloud certifications in Azure, AWS and GCP do reach out to us at sales@cloudthat.com or visit us at https://www.cloudthat.com/.   

You can also subscribe to our job guarantee program which will help you gear up with the latest industry standards in the cloud as well as other sectors. 

This was my first article for CloudThat so thank you so much for taking the time out for reading this. Soon, I would be publishing more such informative blogs so be on the lookout and follow our social media handles for the same. Cheers!

 

About CloudThat

CloudThat is a pioneer in the Cloud Computing training realm, we are a Microsoft Gold Partner, AWS (Amazon Web Services) Advanced Consulting Partner, and Training partner. Also, we are Google Cloud Partners delivering best-in-industry training for Azure, AWS, and GCP (Google Cloud Platform). We are on a mission to build a strong cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space.


Leave a Reply