AZ-800: Administering Windows Server Hybrid Core Infrastructure

Microsoft Certified: Windows Server Hybrid Administrator Associate

Candidates for the Windows Server Hybrid Administrator Associate certification should have subject matter expertise in configuring and managing Windows Server on-premises, hybrid, and infrastructure as a service (IaaS) platform workloads.

Responsibilities for this role include integrating Windows Server environments with Azure services and managing Windows Server in on-premises networks. This role manages and maintains Windows Server IaaS workloads in Azure, in addition to migrating and deploying workloads to Azure.

This role typically collaborates with Azure administrators, enterprise architects, Microsoft 365 administrators, and network engineers.

Candidates for this certification administer core and advanced Windows Server workloads and services using on-premises, hybrid, and cloud technologies. These professionals should have expertise in implementing and managing on-premises and hybrid solutions, such as identity, management, compute, networking, and storage. They are also experts at performing tasks related to security, migration, monitoring, high availability, troubleshooting, and disaster recovery. These professionals use administrative tools and technologies, including Windows Admin Center, PowerShell, Azure Arc, and IaaS virtual machine administration. They also work with Azure Automation Update Management, Microsoft Defender for Identity, Azure Security Center, Azure Migrate, and Azure Monitor.

A candidate for this certification should have extensive experience working with Windows Server operating systems.

Course Outline

Deploy and manage Active Directory Domain Services (AD DS) in onpremises and cloud environments (30–35%)

Deploy and manage AD DS domain controllers
 deploy and manage domain controllers on-premises
 deploy and manage domain controllers in Azure
 deploy Read-Only Domain Controllers (RODCs)
 troubleshoot flexible single master operations (FSMO) roles

Configure and manage multi-site, multi-domain, and multi-forest environments
 configure and manage forest and domain trusts
 configure and manage AD DS sites
 configure and manage AD DS replication

Create and manage AD DS security principals
 create and manage AD DS users and groups
 manage users and groups in multi-domain and multi-forest scenarios
 implement group managed service accounts (gMSAs)
 join Windows Servers to AD DS, Azure AD DS, and Azure AD

Implement and manage hybrid identities
 implement Azure AD Connect
 manage Azure AD Connect Synchronization
 implement Azure AD Connect cloud sync
 integrate Azure AD, AD DS, and Azure AD DS
 manage Azure AD DS
 manage Azure AD Connect Health
 manage authentication in on-premises and hybrid environments
 configure and manage AD DS passwords

Manage Windows Server by using domain-based Group Policies
 implement Group Policy in AD DS
 implement Group Policy Preferences in AD DS
 implement Group Policy in Azure AD DS

Manage Windows Servers and workloads in a hybrid environment (10– 15%)

Manage Windows Servers in a hybrid environment
 deploy a Windows Admin Center gateway server
 configure a target machine for Windows Admin Center
 configure PowerShell Remoting
 configure CredSSP or Kerberos delegation for second hop remoting
 configure JEA for PowerShell Remoting

Manage Windows Servers and workloads by using Azure services
 manage Windows Servers by using Azure Arc
 assign Azure Policy Guest Configuration
 deploy Azure services using Azure Virtual Machine extensions on non-Azure machines
 manage updates for Windows machines
 integrate Windows Servers with Log Analytics
 integrate Windows Servers with Azure Security Center
 manage IaaS virtual machines (VMs) in Azure that run Windows Server
 implement Azure Automation for hybrid workloads
 create runbooks to automate tasks on target VMs
 implement DSC to prevent configuration drift in IaaS machines

Manage virtual machines and containers (15–20%)

Manage Hyper-V and guest virtual machines
 enable VM enhanced session mode
 manage VM using PowerShell Remoting, PowerShell Direct, and HVC.exe
 configure nested virtualization
 configure VM memory
 configure Integration Services
 configure Discrete Device Assignment
 configure VM Resource Groups
 configure VM CPU Groups
 configure hypervisor scheduling types
 manage VM Checkpoints
 implement high availability for virtual machines
 manage VHD and VHDX files
 configure Hyper-V network adapter
 configure NIC teaming
 configure Hyper-V switch

Create and manage containers
 create Windows Server container images
 manage Windows Server container images
 configure Container networking
 manage container instances

Manage Azure Virtual Machines that run Windows Server
 manage data disks
 resize Azure Virtual Machines
 configure continuous delivery for Azure Virtual Machines
 configure connections to VMs
 manage Azure Virtual Machines network configuration

Implement and manage an on-premises and hybrid networking infrastructure (15–20%)

Implement on-premises and hybrid name resolution
 integrate DNS with AD DS
 create and manage zones and records
 configure DNS forwarding/conditional forwarding
 integrate Windows Server DNS with Azure DNS private zones
 implement DNSSEC

Manage IP addressing in on-premises and hybrid scenarios
 implement and manage IPAM
 implement and configure the DHCP server role (on-premises only)
 resolve IP address issues in hybrid environments
 create and manage scopes
 create and manage IP reservations
 implement DHCP high availability

Implement on-premises and hybrid network connectivity
 implement and manage the Remote Access role
 implement and manage Azure Network Adapter
 implement and manage Azure Extended Network
 implement and manage Network Policy Server role
 implement Web Application Proxy
 implement Azure Relay
 implement site-to-site virtual private network (VPN)
 implement Azure Virtual WAN
 implement Azure AD Application Proxy

Manage storage and file services (15–20%)

Configure and manage Azure File Sync
 create Azure File Sync service
 create sync groups
 create cloud endpoints
 register servers
 create server endpoints
 configure cloud tiering
 monitor File Sync
 migrate DFS to Azure File Sync

Configure and manage Windows Server file shares
 configure Windows Server file share access
 configure file screens
 configure File Server Resource Manager (FSRM) quotas
 configure BranchCache
 implement and configure Distributed File System (DFS)

Configure Windows Server storage
 configure disks and volumes
 configure and manage Storage Spaces
 configure and manage Storage Replica
 configure Data Deduplication
 configure SMB direct
 configure Storage Quality of Service (QoS)
 configure file systems

Related Courses

MD-100: Installing Windows 10

MD-100T01-A: Installing Windows 10 Job role: Administrator MD-100T01-A: Installing Windows 10 In this course, students will learn how to support the installation tasks associated with Windows 10. Students will develop skills that include learning how to install and customize Windows…

40551-A: Microsoft Security Workshop: Enterprise Security Fundamentals

40551-A: Microsoft Security Workshop: Enterprise Security Fundamentals Job role: Developer 40551-A: Microsoft Security Workshop: Enterprise Security Fundamentals This 1-day Instructor-led security workshop provides insight into security practices to improve the security posture of an organization. The workshop examines the concept…

MD-101: Protecting Modern Desktops and Devices

MD-101T03-A: Protecting Modern Desktops and Devices Job role: Administrator MD-101T02-A: Managing Modern Desktops and Devices Every day, more organizations are asking IT to support mobility in the workforce. Modern environments require the Desktop Administrator be able to manage and support phones,…

MD-101: Managing Modern Desktops and Devices

MD-101T02-A: Managing Modern Desktops and Devices Job role: Administrator MD-101T02-A: Managing Modern Desktops and Devices As demand for organizations to enable workforces to be more mobile, a Desktop Administrator’s role is really is no longer about just “desktop” management. With BYOD…

MD-100: Configuring Windows 10

MD-100T02-A: Configuring Windows 10 Job role: Administrator MD-100T02-A: Configuring Windows 10 In this course, students will learn how to support the configuration tasks associated with Windows 10. Students will develop skills that include managing storage, files, drivers, and printers as well…

MD-101: Deploying the Modern Desktop

MD-101T01-A: Deploying the Modern Desktop Job role: Administrator MD-101T01-A: Deploying the Modern Desktop As desktops has evolved, so have methods for deploying and updating them. In this course, you’ll learn how to plan and implement an operating system deployment strategy. This…

MD-100: Protecting Windows 10

MD-100T03-A: Protecting Windows 10 Job role: Administrator Course MD-100T03-A: Protecting Windows 10 In this course, students will learn how to secure the Windows 10 OS and protect the data on the device. Students will be introduced to common methods used for…

MD-100: Maintaining Windows 10

MD-100T04-A: Maintaining Windows 10 Job role: Administrator Course MD-100T04-A: Maintaining Windows 10 In this course, students will learn how to manage and troubleshoot Windows 10. This course will deep-dive into the architecture and tools used for managing, monitoring, and troubleshooting the…

WS-013: Azure Stack HCI

WS-013T00-A: Azure Stack HCI Job role: Administrator Course WS-013T00-A: Azure Stack HCI This three-day course is intended primarily for IT Professionals who already have significant experience with managing an on-premises Windows Server environment. Its purpose is to cover advanced topics…

AZ-040: Automating Administration with PowerShell

AZ-040: Automating Administration with PowerShell Job role: Administrator AZ-040: Automating Administration with PowerShell This course provides students with the fundamental knowledge and skills to use PowerShell for administering and automating administration of Windows servers. This course provides students the skills…

AZ-801: Configuring Windows Server Hybrid Advanced Services

AZ-801: Configuring Windows Server Hybrid Advanced Services Job role: Administrator, Identity And Access Administrator, Information Protection Administrator, Network Engineer, Security Engineer, Support Engineer, Technology Manager Microsoft Certified: Windows Server Hybrid Administrator Associate Candidates for the Windows Server Hybrid Administrator Associate certification should have subject matter expertise in…