Passed Exam AZ-500: Microsoft Azure Security Technologies

I’m very happy to share that I passed Microsoft Exam AZ-500: Microsoft Azure Security Technologies yesterday.

Azure Security Engineer Associate Badge

Although I expected a decent result, I had the usual trepidation before the exam and woke up really early on the day. This started building up naturally as the date approached, but in the days leading up to the exam I noticed that the length of the exam was the longest I have seen at 210 minutes. (Part of my preparation methods is to put an appointment in my diary for the exam and location – I’ll write this up as part of my exam prep post one day!). The length got me thinking about labs and things and confirmed when I got the announcement at the beginning of the sitting that it included 1 lab.

A “lab” is a practical test of your skills on a particular subject and although it’s getting on for a year or so that Microsoft Azure exams have included labs, so far I’ve not had any and I was a bit nervous.

I progressed through the various sections steadily and I kept an eye on the clock. I’d read a few horror stories of candidate’s time keeping going awry and them running out of time. As it was I didn’t get too bogged down and proceeding at my usual pace. The curve of dread was quite amusing (in hindsight) and peaked about a third of the way in to the exam as I got a bit stressed at what I didn’t know. Then as I progressed through the questions it settled down as I encountered elements that I was confident in.

The practical test came at the end and I had over 2 hours left and actually began to enjoy that part. I’ll admit that I just used the portal to complete my activities but was reassured that the direction giving acknowledged that certain parts would take time to complete and that I could progress with the tasks as needed while it waited. I’m fortunate that my “day job” has a lot of hands-on work and I’m logged in to an azure subscription almost every day (after elevating my permissions through privileged identity management!). I applied the same deliberate pace and double checked each setting and user. If I was to build a test system against a live portal then I could imagine the type of process that I would interrogate the Azure Resource Model to check that configuration had been carried out correctly. This is just the same as naming conventions and azure policy checking so at each pivotal point I paused and made sure that I was reading things correctly – just like following a technical design. In a real life situation I would also use scripting as a confirmation step but took a pragmatic approach with the tools I had.

I was ambivalent at the end and it doesn’t do to be overconfident, and the lab introduced another twist at the end. I clicked the Finish Exam button and the response came back almost immediately:

‘Thank you for taking this Microsoft Certification exam. Your test results will be available once scoring is complete. You may exit the exam now without affecting the scoring process by clicking the “End” button. Your score report will be available online in your Microsoft Learning dashboard at www.microsoft.com/learning/dashboard

Talk about an anti-climax and it even sent it to the printer (the chap at the test centre asked if I really wanted to keep it!). So I was a little high and dry and while in limbo decided to get the bus back to the office while I waited and then I collected my stuff from the locker and fired up my work phone for the colleague support network on Microsoft Teams!

Anyway to wind forward I was about 10 minutes in to my bus journey when the congratulatory email came through on my phone and I was able to see my score report. Although it doesn’t really matter, the score was a good 100 points over the pass mark which I’m happy about as it’s content I should know in my day job.

My thoughts on the exam – here’s a summary without any NDA busting:

  • Like the admin exam the exam outline calls out the Azure services that will be included and these will be in the exam. Inevitably this is not everything that the extensive platform provides and this is a relief!
  • The exam has good coverage of the built in protection in Virtual Networks and Azure AD. Unlike the real world where you might have federation or Network Virtual Appliances in the mix, this exam rightly focuses on the “out of box” provision.
  • Time management is crucial in giving yourself space to address the lab. That said my first lab was a really good experience – it was actually the easiest part of the whole exam to understand and answer as it covered things I do almost every day. The flip side was that it took me as long to do the single lab I had as it did to answer the other sections.

And finally, as well as building on the other hands-on work (and exams) the preparation material I used for this exam was:

  • Featured training for exam AZ-500 – as a certification that counts towards a Microsoft Partner Competency, it is called out by Microsoft.
  • Skylines Academy AZ-500 Course – Nick Colyer’s course on udemy has a good step by step coverage of most of the content. As ever remember to follow along in your own portal. I bought it months ago during one of the regular sales on the platform.
  • Skylines Academy AZ-500 Practice Questions – this came through as I was in my latter stages of preparation. About 60 odd questions and a good way to poke me out of exam fatigue. Not a huge number but again so cheap that it was a no brainer to further my learning.
  • Pixel Robots bunch of links for AZ-500 – this saved a bunch of time looking for references but compared to some of Richard’s other blog posts is a little out of date at the time of writing.

Of course you should spend lots of time in the Azure Documentation as this is an awesome reference and gets lots of feedback through GitHub. I also found a pluralsight path for AZ-500 but at a total of 42 Hours when I looked there was no time I would be able to cover it all in the time I wanted to spend.

Azure DevTest Lab Artifact Secure Channel Error

As part of my work in Azure Architecture and Operations we make extensive use of Azure DevTest Labs as they are a useful way to facilitate end user compute for advanced users like Developers and Data Scientists.

In that we tend to use the Azure Data Science Virtual Machine as it includes a whole bunch of tools that cover 90% of our end-user needs and it is very easy to provide secure access with a self-service element and maintain control while managing the demand on our small team.

Recently I was preparing a lighter machine based on a Windows 2016 image with just the tools we required for 6 months of Python related development. Many of the sample artifacts make use of Chocolately which is really handy for deploying applications as there is a great library of packages.

I developed and tested the Artifact set last week but when it went to initial UAT it failed with “ERROR: Exception calling “DownloadString” with “1” argument(s): “The request was aborted: Could not create SSL/TLS secure channel.”.

I traced this to the Ensure-Chocolatey function and specifically the line that downloads and runs install.ps1 . Hunting around the internet let me do a discussion about TLS versions and that the webclient defaults to TLS 1.0. I wasn’t able to confirm this in the environment I had but I was able to check SSL on the chocolatey target using ssl labs i.e. https://www.ssllabs.com/ssltest/analyze.html?d=chocolatey.org

This indicated that the server the machine was connecting to was only accepting TLS 1.2 and above. I forced the script to use this using [Net.ServicePointManager]::SecurityProtocol¬†=¬†“tls12” above the webclient call and this fixed the issue for the time being.

Update 04/02/2020

In examining the pull request 613 related to this in azure devtest labs I discovered that Chocolatey previewed the change in their blog post Removing Support For Old TLS Versions On The Chocolatey Website.

Passed AZ-900

I’m happy to say that I’ve passed AZ-900 as part of my employer’s initiative to have everyone go through the Azure Fundamentals exam. This is a recognition that cloud is a core part of their business.

My thoughts? I perhaps underestimated the exam and although I passed well I didn’t ace it. I’ve scored more in other “harder” exams so I’d recommend what I try to tell myself – look through the actual product being tested (Azure Portal Features) and if you want to score more you’ll have to remember some of the detail of features and charging structures. I think the classic learning tips of What? How? When? for each exam objective will serve you well.

I’m beginning to realise that all of the exams are treated seriously and a pass (even for fundamentals) actually means something. Respect to my non technical colleagues and a little nudge to myself to treat things seriously!

I passed Microsoft Exam 70-339 Managing Microsoft SharePoint Server 2016

I’m really happy to say that I (finally) passed 70-339 Managing Microsoft SharePoint Server 2016 on Friday after a couple of failed attempts. This was my 32nd exam pass and my first time pass percentage is quite high, mainly as I tend to be very careful about booking exams when I think I am well and ready for an exam. So what was different this time ?

1. I didn’t respect the exam

I think a run of first time passes on exams made me a little complacent and I relied too much on the good results I got with the official practice exam. I should have remembered how hard I found the breadth of the previous generation of SharePoint exams and though about the implications of a single exam for the whole product (there used to be two administrative exams for each version of SharePoint). I probably came short and should have thought harder about the implications of elements in the exam outline.

Having the product in front of you to try things out is also a proper lesson well remembered.

2. Study and exams don’t exist in a bubble

When I failed first time I took the standard approach and booked for a couple of weeks after, on the basis that my fail mark was just short of the required pass mark. Then some family stuff came up which meant that I didn’t get a lot of sleep the night before the exam and had a lot on my mind. This happens and there isn’t a lot that can be done; life is unpredictable and it’s important to work to live rather than get things the wrong way around. Reflecting on this made me think about my attitude during preparation and what techniques and methods might help with all of the aspects of my life.

3. Sit exams when you know stuff

This inelegant heading refers to my experience that sitting exams on subjects that directly relate to your day job is so much easier than others. I’ve not been working daily with SharePoint 2016 since my last job and I think that even that was focused on a narrow band of deployment. Both this exam and 70-532 Azure development were tough and that was because I didn’t have the day to day depth in a subject area like I have with Azure Architecture and Administration. Stretch targets are good but they need the work.

4. Sit exams when they are current

What I mean by this is that there is a natural curve to an exam lifetime. Some Microsoft exam areas are particularly current like the Azure Administration and Architecture exams and apart from tweaks to the platform will be active and up to date. I think the perfect set of circumstances is a year or so after an exam goes live in a technology that is in wide use. Contrast this to 70-339 which has been available since mid 2016 and relates to a product which has undergone a fundamental change in delivery – most users of SharePoint will now use the online product.

The other thing (excuse) is that the online documentation has shifted to the next iteration of the product and a whole bunch of historical items have got harder to find. To be blunt with myself I think this highlights that you need to have hands-on access to the product for proper study and in not doing this I set myself up (see point 1). That said, the exam outline still has the objective “configure connections to Access Control Service” which at the time of writing has been retired for almost a year!

5. Back off and regroup

Like my car driving test (I love driving!) sometimes I have to work hard to achieve something and sticking at it is a test of personality. Unfortunately due to what must be a bit of a personality defect it can take a couple of fails for me to realise that I have to buckle down and examine my strategy. In the case of 70-339 I waited a month or two after my second fail to have a think, see how things were going and take a bit more time out. In something I think is like a classic retry pattern I introduced a delay. Of course in development the delay would be a bit more regular in nature but hopefully you get my point.

In summary

I’m now going to pick off the two Microsoft cloud fundamentals exams for a bit of light relief and in support of my employer’s plan to have everyone in the company certified in AZ-900 and I’m also planning to do the next generation of the expert certification in Microsoft 365.

As it was the SharePoint pass gave me the 2019 badge for my MCSE in Cloud Productivity – perhaps this was my last 70-XXX exam!

MoPOP Museum of Pop Culture Seattle

I changed jobs just over a year ago and an awesome part of my new Employer’s approach to staff development is that they send members of the team to conferences and training.

I had the privilege of attending a boot camp for cloud architects in Bellevue, run by Microsoft for their Partners and also had a day in between travelling from Scotland to Seattle to have a look at the city with my colleagues.

We basically got lost after visiting Pike Place Market, we thought we were heading towards lake Union but hadn’t read the map quite correctly. So we looked around and spotted the Space Needle fairly nearby (it’s a bit of a spottable land mark) and headed towards that.

The majority view was that we didn’t want to spend the money on going up the Space Needle so we went next door in to MoPOP Museum of Pop Culture. As I discovered this has a fairly significant connection to Microsoft as I saw one exhibit after another from the Paul G. Allen collection and it slowly dawned that a founder of the museum was also co-founder of Microsoft.

This place is amazing; it starts with the swoopy architecture which has a monorail bursting through it. Then the inside is all modern clean lines with doors and stairs leading to themed exhibits.

There are closed off exhibitions behind doors that cover elements like films or people or open areas that open out to the full height of the museum.

Well worth a visit.

50055: This exam is not currently offered. Please select another exam.

I failed a Microsoft Exam last Friday – yes it’s true, on occasion I fail an exam. One (amongst the many) fantastic attitude at my current employer is that a Microsoft exam fail is part of the journey of discovery. A couple of my new colleagues also remark that any significant score over the “pass” mark is a waste of study time and I can kind of see where that comes from.

The error message above was displayed by the web page when I attempted to book a resit of 70-339 Managing Microsoft SharePoint Server 2016 and let to discovery of an interesting quirk of the system and what retake policy means in practice.

If you’ve booked exams for the last few years you will have been informed of the latest on retake policy which has been tweaked and firmed up to an extent to give candidates a proper chance between resits and not to try to brute force the attempts. At the time of writing the Exam retake policy states:

  1. If a candidate does not achieve a passing score on an exam the first time, the candidate must wait at least 24 hours before retaking the exam.

This time I was particularly keen to book my resit as soon as possible, the practicalities of availability in Edinburgh means that I was expecting to have to wait a couple of weeks at least for availability so I didn’t expect the 24 hours to be a problem. I went through the exam details page, clicked “Schedule Exam”, confirmed my details and the link accounts page and got redirected back to the same page with a light yellow banner “50055: This exam is not currently offered. Please select another exam.”

Exam Booking – 50055: This exam is not currently offered. Please select another exam.

So I tried a few different ways without success; inprivate, different devices and all gave the same error. I tried telephoning to be told that I would have to wait 24 hours to book. So I waited 24 hours after the end of my exam and still couldn’t book.

I was finally able to rebook through the Pearson Vue site at 18:30 on the Monday after my exam on the Friday; the exam was scheduled to end at 12:30 (My times are BST). The half hour seems more than coincidental and the take away is that the systems will prevent the booking taking place until at least a number of hours have passed on business days.

I don’t fail exams often and I certainly don’t plan to, and hopefully you don’t either. So when the unthinkable happens don’t panic and take time to regroup and make plans. And wait a day and a bit before you try to rebook!

Cosmos DB Failed to read item

Interesting one today – standing up a Cosmos DB to record the output of a CycleCloud job run which happened to be written in C++ and started getting “Failed to read item”. Data Explorer stopped showing the results from the item when browsing.

Issue was that our new id had been delimited with slashes and Cosmos DB didn’t like it. If you get “Failed to read item” when clicking through then you might have a character in your document Id that Cosmos doesn’t like.

https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.documents.resource.id?view=azure-dotnet