Passed Exam AZ-500: Microsoft Azure Security Technologies

I’m very happy to share that I passed Microsoft Exam AZ-500: Microsoft Azure Security Technologies yesterday.

Azure Security Engineer Associate Badge

Although I expected a decent result, I had the usual trepidation before the exam and woke up really early on the day. This started building up naturally as the date approached, but in the days leading up to the exam I noticed that the length of the exam was the longest I have seen at 210 minutes. (Part of my preparation methods is to put an appointment in my diary for the exam and location – I’ll write this up as part of my exam prep post one day!). The length got me thinking about labs and things and confirmed when I got the announcement at the beginning of the sitting that it included 1 lab.

A “lab” is a practical test of your skills on a particular subject and although it’s getting on for a year or so that Microsoft Azure exams have included labs, so far I’ve not had any and I was a bit nervous.

I progressed through the various sections steadily and I kept an eye on the clock. I’d read a few horror stories of candidate’s time keeping going awry and them running out of time. As it was I didn’t get too bogged down and proceeding at my usual pace. The curve of dread was quite amusing (in hindsight) and peaked about a third of the way in to the exam as I got a bit stressed at what I didn’t know. Then as I progressed through the questions it settled down as I encountered elements that I was confident in.

The practical test came at the end and I had over 2 hours left and actually began to enjoy that part. I’ll admit that I just used the portal to complete my activities but was reassured that the direction giving acknowledged that certain parts would take time to complete and that I could progress with the tasks as needed while it waited. I’m fortunate that my “day job” has a lot of hands-on work and I’m logged in to an azure subscription almost every day (after elevating my permissions through privileged identity management!). I applied the same deliberate pace and double checked each setting and user. If I was to build a test system against a live portal then I could imagine the type of process that I would interrogate the Azure Resource Model to check that configuration had been carried out correctly. This is just the same as naming conventions and azure policy checking so at each pivotal point I paused and made sure that I was reading things correctly – just like following a technical design. In a real life situation I would also use scripting as a confirmation step but took a pragmatic approach with the tools I had.

I was ambivalent at the end and it doesn’t do to be overconfident, and the lab introduced another twist at the end. I clicked the Finish Exam button and the response came back almost immediately:

‘Thank you for taking this Microsoft Certification exam. Your test results will be available once scoring is complete. You may exit the exam now without affecting the scoring process by clicking the “End” button. Your score report will be available online in your Microsoft Learning dashboard at www.microsoft.com/learning/dashboard

Talk about an anti-climax and it even sent it to the printer (the chap at the test centre asked if I really wanted to keep it!). So I was a little high and dry and while in limbo decided to get the bus back to the office while I waited and then I collected my stuff from the locker and fired up my work phone for the colleague support network on Microsoft Teams!

Anyway to wind forward I was about 10 minutes in to my bus journey when the congratulatory email came through on my phone and I was able to see my score report. Although it doesn’t really matter, the score was a good 100 points over the pass mark which I’m happy about as it’s content I should know in my day job.

My thoughts on the exam – here’s a summary without any NDA busting:

  • Like the admin exam the exam outline calls out the Azure services that will be included and these will be in the exam. Inevitably this is not everything that the extensive platform provides and this is a relief!
  • The exam has good coverage of the built in protection in Virtual Networks and Azure AD. Unlike the real world where you might have federation or Network Virtual Appliances in the mix, this exam rightly focuses on the “out of box” provision.
  • Time management is crucial in giving yourself space to address the lab. That said my first lab was a really good experience – it was actually the easiest part of the whole exam to understand and answer as it covered things I do almost every day. The flip side was that it took me as long to do the single lab I had as it did to answer the other sections.

And finally, as well as building on the other hands-on work (and exams) the preparation material I used for this exam was:

  • Featured training for exam AZ-500 – as a certification that counts towards a Microsoft Partner Competency, it is called out by Microsoft.
  • Skylines Academy AZ-500 Course – Nick Colyer’s course on udemy has a good step by step coverage of most of the content. As ever remember to follow along in your own portal. I bought it months ago during one of the regular sales on the platform.
  • Skylines Academy AZ-500 Practice Questions – this came through as I was in my latter stages of preparation. About 60 odd questions and a good way to poke me out of exam fatigue. Not a huge number but again so cheap that it was a no brainer to further my learning.
  • Pixel Robots bunch of links for AZ-500 – this saved a bunch of time looking for references but compared to some of Richard’s other blog posts is a little out of date at the time of writing.

Of course you should spend lots of time in the Azure Documentation as this is an awesome reference and gets lots of feedback through GitHub. I also found a pluralsight path for AZ-500 but at a total of 42 Hours when I looked there was no time I would be able to cover it all in the time I wanted to spend.

Azure DevTest Lab Artifact Secure Channel Error

As part of my work in Azure Architecture and Operations we make extensive use of Azure DevTest Labs as they are a useful way to facilitate end user compute for advanced users like Developers and Data Scientists.

In that we tend to use the Azure Data Science Virtual Machine as it includes a whole bunch of tools that cover 90% of our end-user needs and it is very easy to provide secure access with a self-service element and maintain control while managing the demand on our small team.

Recently I was preparing a lighter machine based on a Windows 2016 image with just the tools we required for 6 months of Python related development. Many of the sample artifacts make use of Chocolately which is really handy for deploying applications as there is a great library of packages.

I developed and tested the Artifact set last week but when it went to initial UAT it failed with “ERROR: Exception calling “DownloadString” with “1” argument(s): “The request was aborted: Could not create SSL/TLS secure channel.”.

I traced this to the Ensure-Chocolatey function and specifically the line that downloads and runs install.ps1 . Hunting around the internet let me do a discussion about TLS versions and that the webclient defaults to TLS 1.0. I wasn’t able to confirm this in the environment I had but I was able to check SSL on the chocolatey target using ssl labs i.e. https://www.ssllabs.com/ssltest/analyze.html?d=chocolatey.org

This indicated that the server the machine was connecting to was only accepting TLS 1.2 and above. I forced the script to use this using [Net.ServicePointManager]::SecurityProtocol¬†=¬†“tls12” above the webclient call and this fixed the issue for the time being.

Update 04/02/2020

In examining the pull request 613 related to this in azure devtest labs I discovered that Chocolatey previewed the change in their blog post Removing Support For Old TLS Versions On The Chocolatey Website.

Windows 10 and my old QNAP NAS

Whether it’s connected or not, shortly after the January 2020 patch for Windows 10 I started seeing boot drive errors on my PC at home. For some reason the Crucial MP500 m.2 127 Gb boot drive started throwing corruptions and disk repair started coming up every other day.

Then another update stalled so I tried a repair – bad move. Part way through this process Disk Repair was run automatically and this stalled. I watched it for 20 minutes and restarted to see what would happen. That appeared to corrupt the contents of the disk.

So I scrambled around and created a bootable Windows 10 USB key on my work laptop and fired up the PC. Not a good story – the M.2 drive was showing as corrupt. So I went for a clean install and wiped the drive and resintalled.

The good news is that it took the reinstall, though in the meantime I’ve ordered a 512 Samsung 970 pro from Amazon as a replacement and will rebuild later. The MP500 is still a fast SSD but I’m now a bit wary of it and will swap it out soon. Fast SSD means really fast install so I had basic windows up and running in 15 minutes and fast internet and an Office 365 subscription means I had basic computing in 30 minutes.

Ultimately I’ll wipe the other two SSD drives (a bit of a long story, involving impatience) when I install the 970 but with another exam looming at the end of the week I wanted to get it up and running with base functionality as soon as possible.

One thing I struggled with for longer than 30 minutes was getting my printer up and running. I have a rather old but excellent Canon ip3000 printer which just happens to hang off the back of my similarly old QNAP TS-109 NAS Drive which gives me network printing. Unfortunately I couldn’t see a thing and no matter what combination of settings I thought I couldn’t see it. I took a break from proceedings to lament my fortune and then had a think. I started wondering about SMB and right enough, SMB1 is disabled by default in the recent builds of Windows 10. I dropped to PowerShell and enabled it and voila – the NAS box appeared on the network. I was able to add it and point the machine to the driver (which was still on one of the SSD data drives which I hadn’t wiped yet).

I’m now uploading a bunch of random stuff to OneDrive for Business in lieu of a rebuild at a later date. AZ-500 preparation beckons…

My year in Microsoft exams 2019

I completed my last Microsoft exam of 2019 a week ago with a successful attempt at MS-900. With December approaching and a two week vacation approaching I’m taking a little rest before diving in to preparation for my next exam. I have AZ-500 booked for the earliest opportunity at a local test centre which turned out to be February.

A year is a long time and with a couple of significant personal events in 2019 I’d forgotten how much I’d achieved.

Azure Architecture AZ-30x exams

I began the year with Exam AZ-300: Microsoft Azure Architect Technologies as my second iteration of Azure Architecture exams (having done 70-534: Architecting Microsoft Azure Solutions in my first iteration). That was followed just over a month later with Exam AZ-301: Exam AZ-301: Microsoft Azure Architect Design.

I’ll be honest and say I don’t remember a huge amount about the exams (a family bereavement in April being the probable reason) but historically I’ve enjoyed them as they really make you think about how to use Azure technology.

Passing these two exams obtained Microsoft Certified: Azure Solutions Architect Expert.

Managing SharePoint 2016 Server

I started the year with hopes to get another year for my MCSE Productivity but personal events somewhat got in the way and I struggled with this one, mainly due to it being outside of my current core working set and because the real world needed attention at the time.

I’ve got a post dedicated to this one but needless to say, my repeated attempts reduced my run rate somewhat.

Everything is an experience and I really benefit from an understanding employer who doesn’t add to the pressure I put on myself. The last time I had a challenge like this was with 70-532: Developing Microsoft Azure Solutions which was my last exam nemesis!

The low run rate meant that I missed a mini goal of grabbing the transition exam for the new MS pieces but to be honest I just had to let it go. Sometimes the pace of the transition exams doesn’t allow enough time between personal life and exam centre availability.

Passing this exam refreshed for 2019 my Microsoft Certified Solutions Expert: Productivity.

Microsoft Cloud Fundamentals

So I found myself in November and with life settling down I decided to hit two of the fundamentals exams as my employer had an initiative to get everyone through AZ-900: Microsoft Azure Fundamentals and was paying a one-off bonus for this and the other cloud fundamentals exam MS-900: Microsoft 365 Fundamentals.

The first gave me a bit of a jolt as I didn’t sail it like I thought I would, so I worked harder and got a bit more of a respectable pass in the latter. (See – technically a pass is a pass but I still measure based on score!?)

Passing these exams got me certifications for Azure Fundamentals and Microsoft 365 Fundamentals.

2019 my exam year

  • Number of exams passed in 2019 : 5.
  • Number of exams sat in 2019 : 7.
  • Certifications Gained / Refreshed in 2019 : 4.

Passed MS-900

I’m happy to say that I passed MS-900: Microsoft 365 Fundamentals as part of my employer’s initiative to get everyone through the Microsoft Cloud fundamentals exams.

I got a slightly higher score than I got for AZ-900 which either means nothing (question pools and all that) or that you can take the person out of SharePoint but not the Office 365 out of …

Again it is impressive to see that Fundamentals is a proper exam and even if Azure is a bit more interesting for an old (ex) developer like me, Microsoft 365 components are used by almost everyone on a day to day basis.

It also played to themes that I’ve seen with Microsoft 365 projects in real life – customers have a whole bunch of questions to answer about their IT basics i.e. where do my emails go, where do my files go and can you reset my password for me ?

Passed AZ-900

I’m happy to say that I’ve passed AZ-900 as part of my employer’s initiative to have everyone go through the Azure Fundamentals exam. This is a recognition that cloud is a core part of their business.

My thoughts? I perhaps underestimated the exam and although I passed well I didn’t ace it. I’ve scored more in other “harder” exams so I’d recommend what I try to tell myself – look through the actual product being tested (Azure Portal Features) and if you want to score more you’ll have to remember some of the detail of features and charging structures. I think the classic learning tips of What? How? When? for each exam objective will serve you well.

I’m beginning to realise that all of the exams are treated seriously and a pass (even for fundamentals) actually means something. Respect to my non technical colleagues and a little nudge to myself to treat things seriously!

Year 1 with my R1250 GS Adventure

With overnight temperatures dropping in Scotland and salt being laid to mitigate icing, my motorbike is now tucked up for the winter and I’ve had a little time to reflect on the few months I’ve had of ownership.

With the finance concluding on my R1200GS Adventure earlier in the year I did the deal and went for the subdued choice of the Exclusive in Kalamata Olive. The Rallye was a little too bright for me and in the absence of a triple black was my natural choice.

In summary the styling has really come on with the latest generation of the adventure and the tank and bars are more integrated with the visual centre of mass having shifted down and forward to make the bike look smaller.

The engine and suspension are simply amazing – I didn’t have the adaptive suspension on my 1200 so it is impressive, the engine is better again (and I didn’t really explore the best of the 1200) and the various gadgets are a bit of fun.

My only criticism is the same as ever – the ergonomics are more mainstream meaning I miss the colossal seat to peg height of the older adventure, and I still miss the funny indicators of the old bmws.

A brilliant machine and I’m really looking forward to getting back out on it.