Exam Overview

70-532: Developing
Azure
Brian Swiger
Solutions
 Brian Swiger
App Dev Manager for Microsoft
20+ years of development and
architecture experience
Microsoft Certified Trainer (MCT) &
Solutions Developer
Azure Certified Developer/Architect
@CodeBeing
http://www.mightybs.c Microsoft Learning Experiences (LeX)
om contributor
http://aka.ms/brianswi
ger
Agenda
1 Exam Concepts

2 Exam Topics & Details

3 Study Strategy
Exam concepts

Basics
Scoring
Question Structure
Exam Scoring
Each exam has a cut score
Determined during exam creation process
Questions are evaluated for difficulty and a score applied

Each question is worth one point

Unless indicated in the question text, some may be worth multiple points
Complete all questions as no points are deducted for wrong answers

Mark items for later review

You may come back to items you mark unless part of a case study or noted section
Good to mark items for comments as well
Exam Basics
Typically 40 to 60 questions
1 to 4 hours to complete the exam
You can flag questions and review later

You cannot move between case studies

You will be notified when you cannot move back
Make sure to read all screens

700 is the passing score

700 is not 70%
Answer all questions
Question structure
Technical Environment or Scenario
You are a developer

Problem Statement / Requirements

The app must

Goal Statement
You need to

Question statement
What should you do
Exam Topics & Details
http://aka.ms/70-532
Exam Outline (Skills measured)

Virtual Machines Storage Web & Mobile Identity &

Networks

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Exam Outline (Skills measured)

30% 35% 25% 30% 25% - 30% 15% - 20%

Create and Design and Design and Manage identity,
manage Azure implement a implement application, and
Resource storage and Azure Platform network services
Manager (ARM) data strategy as a Service
Virtual Machines (PaaS) compute
and web and
mobile services

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Exam Outline (Skills measured)

Virtual Machines Storage Web & Mobile Identity &

Networks

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Virtual Machines

Monitoring Config Networking

Mgmt

Deploying VM
Workloads
Scaling Storage Manageme
nt

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
 Overview
Management
options
Portal Virtual
PowerShell Network
REST API
Cloud
vne vm
Service
t Virtual
Data Machine
Disk(s)
OS Disk
Storage storage
Account
Image

VM Best Practices
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Deployment

Different ways to create a VM

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
ARM Templates Portal

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
RM Template Walkthrough
Desired State Configuration DSC Template Overview

Configuration Contosoweb app

{
param ($MachineName)

Node $MachineName
{
#Install the WebServer
WindowsFeature IIS
{
Ensure = "Present"
Name = "Web-Server"
}

#Install ASP.NET 4.5

WindowsFeature ASP
{
Ensure = "Present"
Name = "Web-Asp-Net45"
}
}
Uploading Images

Generalize a Windows VM
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Availability sets
Planned vs unplanned maintenance
Configure multiple virtual machines in an availability set for redundancy
Configure each application tier into separate availability sets
Combine a Load Balancer with availability sets
Use multiple storage accounts for each availability set

Upgrade domains
Five (non-user configurable) domains by default
Groups of VMs and hardware that can be rebooted at the same time

Fault domains
Three domains by default
group of virtual machines that share a common power source and network switch
Separate hardware & network Manage the availability of VMs
How to create an availability set
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Storage replication options
Locally redundant
Default
Up to three nodes in the same data center

Zone redundant storage

Up to three data centers in the same region

Geo-redundant storage
Data center in a different region

Read-access geo-redundant storage

Data center in a different region
Secondary data can be read
Azure Storage replication

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
ARM VM Storage
Configure disk caching
Input/output operations per second (IOPS)
Throughput (Mbps)
Read/write vs Read and striping

Storage capacity
Scalability and Performance Targets

Sizing and egress traffic limits

Azure File service

SMB file shares
File system I/O APIs

Premium vs Standard Storage Accounts

Premium Storage
Premium: high-performance, low-latency disk support for I/O intensive workloads

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
VM Networking
Network Security Group (NSG)
ACL rules allow/deny network traffic
Can only be applied to resources within the region it was created
Diagnostic logging capability
Associating (NSG to Network Interface Card (NIC), NSG to subnet)
ONE NSG to a NIC or subnet

User-Defined Routes (UDRs) / Route Tables

specify the next hop for packets flowing to a specific subnet
Force tunneling to the Internet via your on-premises network
Use of virtual appliances in your Azure environment

Application Gateway
Load balancing
Websocket traffic
Sticky session apps
SSL offload Network security groups
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
User Defined Routes (UDR) aka route
table
System Routes
3 Default Rules: Local vNet, On-premises, Internet
Any subnet to another w/in a VNet.
From VMs to the Internet.
From VNet to another VNet via VPN gateway.
From a VNet to another VNet through VNet Peering
From a VNet to on-premises network via VPN gateway.

UDR

User Defined Routes

Forced Tunneling
Network Virtual Appliance
Routes selected in order of 1. UDR, 2. BGP (with ExpressRoute), 3. System Route

See aka.ms/Azure/UDR
And aka.ms/Azure/DMZ
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Virtual Machine Scale Sets
Identical set of VMs
PaaS-like autoscale
Focus is load and elastic in and out

Scaling
PaaS-like autoscale using autoScaleSettings in ARM template
Rules using metricTriggers
Can combine Desired State Configuration (DSC) extension
Initial scale setting using ARM template:
"sku": {
"name": "Standard_A0",
"tier": "Standard",
"capacity": 3
},

Virtual Machine Scale Sets Overview

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Exam Outline (Skills measured)

Virtual Machines Storage Web & Mobile Identity &

Networks

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Storage

Blobs / Tables Queues Redis

Files Cache

Access
Control Monitoring SQL DB Search

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Blobs / Files
devstor devshar
e demo e demo

SAS SMB REST

TOKEN
blobs contain account
er
BLOCK BLOB Azure VM Public or Azure

PAGE BLOB

APPEND
BLOB
Understanding Block Blobs, Append Blobs and Page B
lobs

BLOBS M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
FILES
Storage

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Tables

ODAT
A
devtabl
e demo

SAS TableClient
TOKEN
entities table account

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Queues

devqueu QueueClient
e demo

SAS
TOKEN
entities table account

Get started with Azure Queue storage using .NET

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Storage access
Blobs
//[account].blob.core.windows.net/[container]/[blob]

Files
//[account].file.core.windows.net/[file]

Tables
//[account].table.core.windows.net/[table]([parititionkey],[rowkey])

Queues
//[account].queue.core.windows.net/[queue]

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Access control with Shared Access Signature (SAS)

1.
Re
qu
es
t SA
Application ST
ok
en
2. G
en
er

3. ith
at
w ed
St SA
SA
or S
ST SAS Token
ag To
4.

ok
e ke
en
Re

Service
re n.
sp

qu
on

es
se

Storage
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
SQL Database SQL Database Service Tiers

Small databases Great option for cloud High transaction

Single active apps volumes
operation Multiple operations Large number of users
Dev/Test Workgroup or web apps Multiple operations
Small scale apps 10 100 DTU Mission critical apps
5 DTU 100 800 DTU
BASIC STANDAR PREMIUM
D

Migration between tiers is possible (Portal, PowerShell or REST API)

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
SQL Database SQL Database Scaling

Maintains global mapping information about all shards

(databases) in a shard set

Metadata used to route based on sharding key

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Azure Storage Service Encryption (SSE)
Features
256 BIT AES Encryption
Block, Page and Append Blobs
General purpose and Blob Storage Accounts
All redundancy levels and all Regions
ARM, no ASM

Limitations
Classic storage and Classic migrated
Existing Data before turned on
Tables, Queues, and Files data

https://docs.microsoft.com/en-us/azure/storage/storage-service-encryption

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Search
IndexCreate an index
Persistent store of documents

Add dataUpload data to search

Push JSON data with .NET SDK or REST API
Pull with indexers supporting Azure storage and .NET SDK or REST API

Handle Results
Search pagination and layout

Total hits and page counts

Layout results
Sorting and filtering

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Redis Cache
Tiers Caching tiers
Basic, Standard & Premium

Concurrency
Optimistic vs pessimistic

Distributed app caching

Shared vs Private
Data persistence Data persistence
ClusteringClustering

Caching guidance
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Exam Outline (Skills measured)

Virtual Machines Storage Web & Mobile Identity &

Networks

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Web & Mobile

Web Apps Mobile Apps API Apps Logic Apps

App Service

API Mgmt Service Functions

Fabric
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
 Azure App Service
Build and scale great web and mobile apps

Web apps
Auto-patching and auto-scale
MobilePHP,
.NET, Java, Node.js, apps
Python

Integrate with SaaS and on-

premises Logic apps

Continuous integration with VSTS,

API apps
Github, BitBucket, and more
Web Apps

Deployment Configuratio Diagnostics

n

Web Jobs Scaling Resilience

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Hosting
Resourc AppSites
e Group

ProdSites
App
Service
Plan
StageSites
Web
Apps

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Azure Application Insights
Monitor
WebApps, ASP.NET, Java Apps
Windows Services
Docker apps, JavaScript
SharePoint Sites
Node.js, Objective-C,
PHP, Python, Ruby

DevOps Cycle
Detect, Triage, Diagnose
Monitor Perf, Failures, Usage
aka.ms/azure/AppInsights

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Scaling a web app
Scalable and global web app

and database
Scale quickly with a slider bar, from a
schedule, or based on CPU load
Route users globally to copies of Web Apps

and SQL Databases

Improve performance by using a
distributed cache layer
Isolating a web app
Web app with Personally
Identifiable Information (PII)
and database
Host resources isolated and securely

Block malicious requests through active

defense firewalls
Access on-premises resources from a
cloud environment with a secure
connection
Adding mobile
features to a web app
Native or Xamarin-native
mobile client app that
connects to an Azure Mobile
App back end and shares
data and APIs with an Azure
Web App
Create cross-platform mobile clients easily
and consistently
Share data and APIs as-is across mobile
and web
Enable mobile back-end features for push
notifications, offline data sync, and auto-
scaling
WebJobs

On-
Demand Scheduled

web app

AZURE
Creating WebJobs
Uploaded in a zip file
Types
Python
Batch
PowerShell
Java
.NET

Scheduling
settings.job file at root of zip file
{ "schedule": "second minute hour day month dayofweek" }
Or, just use the Azure UI
Configuring WebJobs
CODE AZURE FUNCTIONS
EVENTS + DATA

+
Azure functions
Asynchronous, event-driven,
AZURE FUNCTIONS
serverless experience
Respond to events occurring
in
other Azure services, SaaS
products (e.g., Office365,
Salesforce),
on-premises systems
Only pay while function is
executing
Modernization
with microservices WEB
HTTP Listener Page content Authenticator

Individually built and

deployed
Small, independently BUSINESS
LOGIC
executing services Usage Analytics Order Management Reporting

Integrate using published

API calls for overall
applications functionality
DATA
Fine-grained, loosely
coupled application Product Inventory Customer Database
Azure Service Platform
Microservices Fabric
Manage microservices at
scale
CI/CD pipeline endpoint
24x7 service availability MICROSERVICES
SERVICE FABRIC
PLATFORM
Lifecycle Highly 24x7 Cost
management Scalable Hybrid availabilty efficient
Stateful services
Containers and Docker
Multi-cloud
Public Cloud Private Cloud Hosted Cloud
Cloud services CODE

PaaS with VM control CONFIG

Simple .NET runtime

Health, discovery, updates Cloud Service

OS Patching
The original PaaS offering from 2010.
Web roles Worker roles
Best used when low-level OS access is
required, but consider the newer PaaS
models first.
Azure Storage
API Management
Create Managed APIs
Key Concepts

API Gateway + Developer Portal + Publisher Portal

Rate Limits

Policies

Customize the Developer Portal

Add Caching

API Inspector to trace calls

Exam Outline (Skills measured)

Virtual Machines Storage Web & Mobile Identity &

Networks

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Identity and Networks

Azure AD AD
B2B/B2C

Communica Messaging
te

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Azure Active Directory Exchang SharePoi Cloud
Graph Apps
e nt API
Online Online

Azure
Active
CLOUD Directory

ON PREMISE

Active
Directory
Exchang SharePoi LDAP LOB Apps
e nt

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Secure Resources using Managed
Identities
AD On-premises vs Azure A
D
Graph API
Programmatic Access to Azure AD | RESTful
CRUD | Application must be registered and
configured
Requests use standard HTTP Methods

OAuth
AuthZ web apps and web APIs in Azure AD
Tenant
Access authorization, role-based assignment
for app and user authorization

OpenID Connect M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Azure Business to Consumer (B2C)

Sign up, Sign

Social & Local Seamless User Multi-Factor
in, Password
reset & other Accounts Experience Authentication
policies

Protocol Azure AD
support Graph API
aka.ms/Azure/B2C (OIDC, OAuth2)
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
 Azure B2B viral tenant created
rvind@b2btest074.com added to msonline-setup.com tenancy
1. Arvind can choose not to
create account. If not, the
invitation remains
unredeemed.
2. b2btest074.onmicrosoft.co
m is the tenant domain and
contoso.com is an email
verified domain.
3. Admin can DNS verify the
Arvind_btbtest074. com#EXT#@... arvind@b2btest074.com b2btest074.com domain
msonline-setup.com and take over this dynamic
Guest Mail User tenancy.
4. When the tenant is taken
B2btest074.onmicrosoft.co over -the domain changes
msonline-setup.com to DNS verified.
(host tenant) m
(dynamic tenant) 5. Tenant can choose to keep
aka.ms/Azure/B2CB existing cloud passwords
for the users or configure
On Prem federation if
 B2C or B2B?
Azure AD B2B Collaboration Azure AD B2C
What is it for?
IT Pros providing access to their organizations Developers working on Consumer- & citizen-
data and applications to partner organizations facing mobile & web apps that reach out to the
and collaborators. customer, and citizens directly.

Who is it for?

Partner users that are acting *on behalf of*, i.e. as Consumers and citizens that are acting as
representatives or employees of their organization. themselves.

Manageability
Access reviews, email verification, Self-Serve. Users manage their own profiles.
allowlist/denylist, etc govern access to host
application and resources.
Discoverability
Partner users are discoverable and can see other Consumers and citizens are invisible to other
users from their own organization (subject to policy). consumers and citizens. Privacy and consent are
paramount.
Comparison of Azure AD capabilities
Consider this Azure AD Azure AD B2B Azure AD B2C
Product Multi-tenant
SaaS app
If I need to provide A service to Partner access A service to
businesses to my apps consumers
And I am similar to Pharm Imaging company Sports Franchise
Distribution
Deploying an App Practice Supplier extranet Soccer Fans
for Management
Targeting Doctors offices Approved Anyone with
Business email
Partners
Accessible when Customer admin My admin The consumer
consents
M I C R O S O F T C O N F I D E N Tinvites
I A L I N T E R N A L O N LY signs up
 Service Bus

Targeting Push
FIFO Queues Expose
Messages notification
Simple Client OnPrem
Work with infrastructure
service to
Queues public Support for
Leverage WCF non-MSFT
targets
NOTIFICATIO
QUEUES TOPICS RELAY
N HUBS
M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Service Bus Queue vs Storage
Queue
Service bus queues
FIFO guaranteed
Storage queues
Order not guaranteed
Delivery once and only once Delivery at least once, maybe multiple
60 second default locks can be renewed times
Messages are finalized once consumed 30 second default locks, extendable to 7
Native integration with WCF and WF days
In-place updates of content
Can integrate with WF through custom
activity

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
This provides programmatic access to
Azure AD

1. Remote PowerShell
2. LDIFDE
3. Graph API
4. OpenID Connect
5. OAuth

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Study Strategy
Microsoft
Virtual
Mastering Microsoft Certification Exam Prep

Academy
https://mva.microsoft.com/en-US/training-
courses/mastering-microsoft-certification-exam-prep-
16601

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
 Study Groups
https://borntolearn.mslearn.
net/

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
 Azure Docs
https://docs.microsoft.com/e
n-us/azure/index

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
 MeasureUp
http://www.measureup.com/7
0-532-Developing-Microsoft
-Azure-Solutions-P5566.asp
x

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
 edX
Course/Labs
https://www.edx.org/course/
developing-microsoft-azure-
solutions-microsoft-dev233

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Course 20532C:
Developing Microsoft Azure Solutions
https://www.microsoft.com/en-us/learning/course.aspx
?cid=20532

M I C R O S O F T C O N F I D E N T I A L I N T E R N A L O N LY
Case Study Strategy
Scan Look for
case theme(s)

Scan Map to the

items case

Answer Use the case study

the extract as the item
stem
items
 2016 Microsoft Corporation. All rights reserved. The text in this document is available under the Creative Commons Attribution 3.0 License, additional terms may apply. All other
content contained in this document (including, without limitation, trademarks, logos, images, etc.) are not included within the Creative Commons license grant. This document does
not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
This document is provided "as-is." Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear
the risk of using it. Some examples are for illustration only and are fictitious. No real association is intended or inferred. Microsoft makes no warranties, express or implied, with
respect to the information provided here.