The Microsoft AZ-400 Exam (Designing and Implementing Microsoft DevOps Solutions) is the next certification I am going to be aiming for. The exam information can be found here: https://docs.microsoft.com/en-us/learn/certifications/exams/az-400

This will play its part on the pathway to the Microsoft Certified DevOps Engineer Expert Certification and will give me a depth of knowledge across the Microsoft DevOps architecture!

The Microsoft Learn materials can be found structured as 6 discrete Learning Pathways (of which I am aiming to complete over the coming days) this blog post is the chronicle of my studies on the Learning Pathway:

• AZ-400 Develop a security and compliance plan

This pathway is structured into 11 modules of which I have completed:

• Secure your identities by using Azure Active Directory
• Create Azure users and groups in Azure Active Directory
• Authenticate apps to Azure services by using service principals and managed identities for Azure resources
• Configure and manage secrets in Azure Key Vault
• Control authentication for your APIs with Azure API Management
• Security, responsibility, and trust in Azure
• Monitor and report on security events in Azure AD
• Maintain a secure repository by using GitHub best practices
• Apply and monitor infrastructure standards with Azure Policy
• Improve your reliability with modern operations practices: Learning from failure
• Improve your reliability with modern operations practices: Incident response

This learning pathway starts by looking at AAD identities and in particular the benefit of managed identities in place of secrets or sensitive connection strings. How these can be utilised to authenticate applications to other resources within Azure.

Configuration of Key Vaults as a mechanism to store Secrets, encryption keys and certificates is covered and how applications can make use of this service to prevent accidental or deliberate leaking of sensitive informaiton.

The remainder of the learning pathway explores securing a Git repo and some of the files that can be used as well as how to utilise Azure Policy in order to apply standards across your Azure subscription. Before the final two modules that concentrate on Learning from failure and best practices for setting up a post incident review and the importance of learning from these.

Skills measured in the AZ-400 exam:

• Develop an instrumentation strategy (5-10%)
• Develop a Site Reliability Engineering (SRE) strategy (5-10%)
• Develop a security and compliance plan (10-15%)
• Manage source control (10-15%)
• Facilitate communication and collaboration (10-15%)
• Define and implement continuous integration (20-25%)
• Define and implement a continuous delivery and release management strategy (10-15%)

100DaysOfCloud Overview

My Main ReadMe Page is all set up with a bit about me!

The guys at 100DaysofCloud have set up the GitHub repo to be cloned and also have a great repo containing ideas and areas to collaborate on: https://github.com/100DaysOfCloud/100DaysOfCloudIdeas

My Github Journey tracker can be found here: https://github.com/jonnychipz/100DaysOfCloud

Please Watch/Star my repo and feel free to comment of contribute to anything I push! I really look forward to hearing from anyone who is going to jump on the journey around the same time as me! Lets see where I get to in 100 days!

I would encourage others to jump on this journey, I’m not sure that I will be able to commit every day for 100 days, but as long as I can complete 100 days that will be great!