Microsoft Ignite Free Certification Exam

Reading Time: 2 minutes

I was lucky to attend Microsoft Ignite The Tour London on the 16th and 17th January 2020. Two days of great sessions by Microsoft employees and MVP’s. I enjoyed every minute of these two days, as it was a great opportunity to meet Microsoft employees and third party vendors including VMWare, Bit Titan, Netapp, CloudM. It was interesting talking to the third party vendors on the various solutions they were offering within Microsoft Azure/O365, and I returned with some great applications that I will be trialling in the coming weeks.

The exciting part of these two days were the many new features Microsoft were introducing across their cloud platforms, including Azure and O365. If you missed this event, there are more to come so I would highly recommend attending.

Now, returning to the main reason for posting, I wanted to remind you about the free exam voucher Microsoft are offering to those who attended Microsoft Ignite events recently. If you attended Microsoft Ignite 2019 or a Microsoft Ignite The Tour 2019-2020 event, you may be eligible to receive one free Microsoft fundamentals, role-based, or speciality certification exam. The free exam offer is available for redemption from the beginning of the event which you are attending and is valid for 180 days after the last day of the event. If you do not schedule an exam within that timeframe, you will not be able to redeem your offer.

Eligible exams are listed below:

AI-100: Designing and Implementing an Azure AI Solution
AZ-103: Microsoft Azure Administrator
AZ-120: Planning and Administering Microsoft Azure for SAP Workloads
AZ-203: Developing Solutions for Microsoft Azure
AZ-300: Microsoft Azure Architect Technologies
AZ-301: Microsoft Azure Architect Design
AZ-400: Microsoft Azure DevOps Solutions
AZ-500: Microsoft Azure Security Technologies
AZ-900: Microsoft Azure Fundamentals
DP-100: Designing and Implementing a Data Science Solution on Azure
DP-200: Implementing an Azure Data Solution
DP-201: Designing an Azure Data Solution

Dynamics 365 and Power Platform
MB-200: Microsoft Power Platform + Dynamics 365 Core
MB-210: Microsoft Dynamics 365 Sales
MB-220: Microsoft Dynamics 365 Marketing
MB-230: Microsoft Dynamics 365 Customer Service
MB-240: Microsoft Dynamics 365 Field Service
MB-300: Microsoft Dynamics 365: Core Finance and Operations
MB-310: Microsoft Dynamics 365 Finance
MB-320: Microsoft Dynamics 365 Supply Chain Management, Manufacturing
MB-330: Microsoft Dynamics 365 Supply Chain Management
MB-400: Microsoft PowerApps + Dynamics 365 Developer
MB-500: Microsoft Dynamics 365: Finance and Operations Apps Developer
MB-600: Microsoft Power Platform + Dynamics 365 Solution Architect (exam will not be available in beta until after December 31, 2019)
MB-700: Microsoft Dynamics 365: Finance and Operations Apps Solution Architect (exam will not be available in beta until after December 31, 2019)
MB-900: Microsoft Dynamics 365 Fundamentals
PL-900: Microsoft Power Platform Fundamentals

Microsoft 365
MD-100: Windows 10
MD-101: Managing Modern Desktops
MS-100: Microsoft 365 Identity and Services
MS-101: Microsoft 365 Mobility and Security
MS-200: Planning and Configuring a Messaging Platform
MS-201: Implementing a Hybrid and Secure Messaging Platform
MS-300: Deploying Microsoft 365 Teamwork
MS-301: Deploying SharePoint Server Hybrid
MS-500: Microsoft 365 Security Administration
MS-600: Building Applications and Solutions with Microsoft 365 Core Services
MS-700: Managing Microsoft Teams
MS-900: Microsoft 365 Fundamentals

How to register for Microsoft Ignite or Microsoft Ignite The Tour free Microsoft exam:

– MS Ignite 2019 attendees, click

– The Tour attendees, please go to, e.g.

For further details including terms and conditions, click Microsoft Ignite and Microsoft Ignite The Tour: Free Certification Exam Offer

Create an Azure Log Analytics workspace and add a Virtual Machine

Reading Time: 4 minutes

This blog post will go through the process of creating an Azure Log Analytics workspace and connecting a test azure virtual server to the Log Analytics workspace. We will then setup the work space to collect System event logs from the test Azure VM.

1) Login to the Azure Portal

2) Search and select Log Analytics workspaces

3) Click Create Log Analytics workspace

4) Configure:
– Give your new Log Analytics workspace a name
– Select your subscription
– Select a Resource Group
– Select Location
– Pricing Tier (Only one pricing Tier exists as of the year 2018). At the time of writing this blog post, the one available Tier was named Pay-as-you-go (Per GB 2018)

5) Click OK

6) Now that you have created your Log Analytics workspace, let’s join a VM to this new work space

Note that adding servers to the work space will automatically deploy a monitoring extension (agent) to the server

7) Click your new Log Analytics workspace

8) From the left pane under Workspace Data Sources, click Virtual Machines. As you can see from the screenshot, you can also connect other resources to your workspace

Note: Workspaces work across different regions, so you could add servers to a workspace no matter what region they are located in.

9) As you can see from the right pane, I have two virtual servers and the Log Analytics Connection is showing as not connected

10) Click a VM you wish to add to this work space (Ensure the VM is powered on)

11) As you can see from the below screen shot, the server is not connected to the work space, but we have the option to connect.

12) Click Connect

13) Wait for the virtual server to connect (A monitoring agent (Extension) is being deployed to the virtual server)

14) Now that the machine is connected to your workspace, the status is displayed as below. If you wish to disconnect, click disconnect.

Note: Now that the extension agent is deployed, you will find that the monitoring agent has been deployed to the VM. Locate the VM under virtual machines and click extensions from the left pane. The screenshot below shows the MicrosoftMonitoringAgent has been provisioned successfully.

15) If we go back to our workspace, we’ll find the server is now showing as a connection of this workspace along with a green tick.

16) Now, let’s enable logging for this workspace. Note that these logs will apply for all resources attached to this resource, so if you have different logging requirements for different resources, create different work spaces. You could also complete this step straight after the Logs Analytics Workspace has been deployed.

17) Click on your Log Analytics Workspace, and click Advanced Settings from the left pane.

18) The screen below will appear

Note: If you wish to connect physical servers to your Log Analytics Workspace, you can do so by downloading the required agent.

19) Click Data

20) A few different options appear which may be of interest to you. For this demo let’s click Windows Event Logs. Click the plus icon (blue box) to the right of the screen

21) For this demo, we will monitor the system logs, type system into the text box, select system and click the plus icon located within the blue box.

22) All logs are selected by default. You can select the logs as per your requirements.

23) Click Save and OK

Hope this helps 🙂

How to enable Azure VM System Identity

Reading Time: < 1 minute

A system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. Once enabled, all necessary permissions can be granted via Azure role-based-access-control.

To enable system assigned identity within a Azure VM:

1) Click the VM within Azure
2) From the left pane, click identity

3) Change status to On and click save

4) Click yes to confirm

5) Once enabled, you’ll find an additional message appears confirming what this feature will enable:

‘This resource is registered with Azure Active Directory. You can control its access to services like Azure Resource Manager, Azure Key Vault, etc.’

Passed AZ-500 Microsoft Azure Security Technologies

Reading Time: 2 minutes

While most of you were away relaxing, i focused on preparing for my AZ-500 Microsoft Azure Security exam, and what a great way to end 2019, passing this exam was a great achievement.

A few have already asked me what i did to prepare so i would like to take this opportunity to blog about my experience.

First of all, i highly recommend you setup an Azure account if you don’t already have one. You can sign up for an account at Azure Free Account. The exam included labs so research and implement the various security features within the Azure portal.

So what did i do to prepare for my exam? Firstly, I can not stress enough that hands on experience and understanding all Azure security features is an important part for you to pass this exam.

Preparing for the exam:

1) Azure Updates – Keep up to date via the Microsoft Azure updates site

2) Azure Social Media accounts. I follow most Microsoft Azure twitter accounts. A great way to stay up to date with what’s going on with Microsoft Azure.

3) Research what Microsoft recently announced at events such as Microsoft Ignite. There are blog articles available from those who have attended the previous Microsoft Ignite events where new features are announced. I am looking forward to attend the event in London this month 🙂

4) Azure Security course available from (Microsoft AZ-500 Certification: Azure Security Technologies by Nick Colyer from Skylines Academy). A really good course and highly recommended.

5) Azure training material available at Plural Sight

6) If you don’t understand something, look it up. There are a ton of Microsoft you tube videos and articles out there which explain the features well. I have lost count, but i did go through a large number of Microsoft videos and articles. You really need to understand what you’re learning. If you’re watching a training video, pause the video and go look up the feature being explained and implement within your test Azure Portal if required.

8) View Azure Security Expert Series

More info on what you will be tested on can be located at Microsoft Azure AZ-500 Exam (The exam format was recently updated so keep an eye on this article)

Overall, i did spend a large number of hours preparing for this exam but the end result was well worth it. I spent about 3 weeks studying, and was working within the Azure Portal everyday. I really enjoyed preparing for this exam and i am sure you will too. All the best

How to configure Azure Bastion

Reading Time: 3 minutes

The Azure Bastion service is a great new fully platform managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL. When you connect via Azure Bastion, your virtual machines do not need a public IP address! So, you can basically connect to your virtual servers from the portal securely and internal to Azure. What a cool feature from Microsoft. The feature does require some pre-work before it can be used, such as an AzureBastionSubnet

At the time of writing this blog post, this feature was only available at the below regions:

  • West US
  • East US
  • East US 2
  • West Europe
  • South Central US
  • Australia East
  • Japan East

Below is a diagram demonstrating how Bastion works:

To try out this feature, I deployed a test VM in the East US 2 region

How to configure Azure Bastion:

1) Login to your Azure Portal
2) Click Bastions

3) Configure your Bastion service. As you can see from the screenshot below, the service is not available at all regions but Microsoft are working to push out this feature to all regions

4) If you have not created a AzureBastionSubnet with a prefix of at least /27, you will receive the below error. Ensure you have created a Subnet within your VNET.

5) Click create. It took approx. 5 minutes to deploy this service after clicking create

If you attempt to connect to your virtual server using Bastion whilst the service is still deploying, you will receive the below error

6) Now that we have deployed the service, lets connect to a VM located in the same VNET as the BastionSubnet. Because the Bastion service was not available within the UK region, I created a test VM in the East US 2 region.

7) Locate your VM, click Connect and select Bastion. Login with your credentials

Information: You may see a prompt to enable just-in-time access on this VM. This is a useful feature which is currently available as part of Security Center standard. If you have VM’s which are open to RDP, you can configure Just in Time so that RDP is always denied but opened for a small amount of time if an admin needs to logon to perform management tasks. Just In Time will automatically create an allow rule within your NSG/Azure Firewall when access is required. The rule will be removed when Just In Time access expires. A good feature you may want to look into at a later date.

8) Let’s continue with the demo. So once you have inputted your credentials, the VM will connect to the Bastion service

7) and we’re logged on securely!