Professional Documents
Culture Documents
The Microsoft Azure environment is constantly evolving. This document includes the most recent updates to
Exam 70-534 that address both deprecated and new technologies and processes. These changes are effective
as of March 10, 2016.
Skills measured
1. Design Microsoft Azure Infrastructure and Networking (15-20%)
1.1. Describe how Azure uses Global Foundation Services (GFS) datacenters
Understand Azure datacenter architecture, regional availability, and high availability
1.2. Design Azure virtual networks, networking services, DNS, DHCP, and IP addressing configuration
Extend on-premises Active Directory, deploy Active Directory, define static IP reservations, understand Network
Security Groups; design resource groups
1.3. Design Azure compute
Design Azure virtual machines (VMs) and VM architecture for IaaS and PaaS; understand availability sets, fault
domains, and update domains in Azure; differentiate between machine classifications
1.4. Describe Azure VPN and ExpressRoute architecture and design
Describe Azure P2S and S2S VPN, understand the architectural differences between Azure VPN and
ExpressRoute
1.5. Describe Azure services
Understand at a high level Azure Load Balancing options, including Traffic Manager, Azure Media Services,
CDN, Azure Active Directory (Azure AD), Azure Cache, Multi-Factor Authentication, and Service Bus
2. Secure Resources (15-20%)
2.1. Secure resources by using managed identities
Describe the differences between Active Directory on-premises and Azure AD, programmatically access Azure
AD using Graph API, secure access to resources from Azure AD applications using OAuth and OpenID Connect
2.2. Secure resources by using hybrid identities
Use SAML claims to authenticate to on-premises resources, describe DirSync synchronization, implement
federated identities using Active Directory Federation Services (AD FS)
2.3. Secure resources by using identity providers
Provide access to resources using identity providers such as Microsoft account, Facebook, Google, and Yahoo;
manage identity and access by using Azure Active Directory B2C
2.4. Identify an appropriate data security solution
Use the appropriate Network Security Group, identify security requirements for data in transit and data at rest;
identify, assess, and mitigate security risks by using Azure Operations Management Suite