Microsoft Azure Networking Solutions (AZ-700) is a role-based certification course designed for IT professionals who design, implement, manage, and troubleshoot networking solutions in Microsoft Azure. This course focuses entirely on Azure networking services, making it essential for anyone responsible for cloud infrastructure and connectivity.
What this course is about
This course teaches students how Azure networking works in real-world enterprise environments. It covers the design and implementation of virtual networks, hybrid connectivity, routing, load balancing, traffic security, private access, and monitoring within Azure. Students learn how to build secure, scalable, and highly available network architectures using Microsoft best practices.
Why we need this course
Modern organizations rely heavily on cloud networking to connect users, applications, and data securely. Azure is one of the most widely used cloud platforms, and networking is the backbone of every Azure deployment. This course is needed to:
- Understand how Azure networking differs from traditional on-premises networking
- Design secure and optimized cloud network architectures
- Support hybrid and multi-cloud environments
- Prepare students for real enterprise cloud networking roles
How this course is useful
By completing this course, students gain hands-on knowledge of:
- Azure Virtual Networks (VNets) and subnet design
- Network security (NSGs, Azure Firewall, DDoS Protection)
- Hybrid connectivity (VPN Gateway, ExpressRoute)
- Traffic management (Load Balancer, Application Gateway, Azure Front Door)
- Private access solutions (Private Endpoint, Private Link)
- Network monitoring and troubleshooting using Azure tools
These skills are directly applicable to production environments and enterprise cloud projects.
How it helps students
This course helps students:
- Build strong cloud networking fundamentals
- Prepare for Azure Network Engineer and Cloud Engineer roles
- Improve job readiness for Azure-focused positions
- Confidently design and troubleshoot Azure network architectures
- Gain a globally recognized Microsoft certification
Target audience
- Network Engineers moving to cloud networking
- Azure Administrators and Cloud Engineers
- System Engineers working with hybrid infrastructure
- IT professionals preparing for Azure certifications
Certification validity (Expiry / Renewal)
- The AZ-700 certification is valid for 1 year
- Renewal is free
- Renewal is done by passing an online assessment on Microsoft Learn
- No exam fee is required for renewal
- Renewal can be completed before the certification expires
Prerequisites (Recommended)
- Basic understanding of networking concepts (IP addressing, routing, firewalls)
- Familiarity with Azure fundamentals (AZ-900 is helpful but not mandatory)
Course outcome
After completing this course, students will be able to design, implement, secure, and troubleshoot Azure networking solutions confidently and will be fully prepared to pass the AZ-700: Microsoft Azure Networking Solutions certification exam.
1. Design and Implement Core Networking Infrastructure (25–30%)
1.1 Design and Implement IP Addressing for Azure Resources
- Plan and implement network segmentation and address spaces
- Create a virtual network (VNet)
- Plan and configure subnetting for services, including:
- Plan and configure subnet delegation
- Plan and configure shared or dedicated subnets
- Create a prefix for public IP addresses
- Choose when to use a public IP address prefix
- Plan and implement a custom public IP address prefix (bring your own IP)
- Create a public IP address
- Associate public IP addresses to resources
1.2 Design and Implement Name Resolution
- Design name resolution inside a VNet
- Configure DNS settings for a VNet
- Design public DNS zones
- Design private DNS zones
- Configure public and private DNS zones
- Link a private DNS zone to a VNet
- Design and implement Azure DNS Private Resolver
1.3 Design and Implement VNet Connectivity and Routing
- Design service chaining, including gateway transit
- Implement VNet peering
- Implement and manage virtual network connectivity using Azure Virtual Network Manager
- Design and implement user-defined routes (UDRs)
- Associate a route table with a subnet
- Configure forced tunneling
- Diagnose and resolve routing issues
- Design and implement Azure Route Server
- Identify appropriate use cases for a NAT gateway
- Implement a NAT gateway
1.4 Monitor Networks
- Configure monitoring, network diagnostics, and logs in Azure Network Watcher
- Monitor and troubleshoot network health using Azure Network Watcher
- Monitor and troubleshoot networks using Azure Monitor Network Insights
- Activate and monitor Distributed Denial-of-Service (DDoS) protection
- Evaluate network security recommendations using Microsoft Defender for Cloud Secure Score
- Evaluate attack paths using Microsoft Defender for Cloud Attack Path Analysis
- Identify network resources using Microsoft Defender for Cloud Security Explorer
2. Design, Implement, and Manage Connectivity Services (20–25%)
2.1 Site-to-Site (S2S) VPN Connectivity
- Design a site-to-site VPN connection, including high availability
- Select an appropriate VNet gateway SKU
- Implement a site-to-site VPN connection
- Identify when to use policy-based vs route-based VPN
- Create and configure a local network gateway
- Create and configure an IPsec/IKE policy
- Create and configure a virtual network gateway
- Diagnose and resolve virtual network gateway connectivity issues
- Implement Azure Extended Network
2.2 Point-to-Site (P2S) VPN Connectivity
- Select an appropriate VNet gateway SKU
- Select and configure a tunnel type
- Select an appropriate authentication method
- Configure RADIUS authentication
- Configure authentication using Microsoft Entra ID
- Implement a VPN client configuration file
- Diagnose and resolve client-side and authentication issues
- Specify Azure requirements for Always On VPN
- Specify Azure requirements for Azure Network Adapter
2.3 Azure ExpressRoute
- Select an ExpressRoute connectivity model
- Select an appropriate ExpressRoute SKU and tier
- Design ExpressRoute for cross-region connectivity, redundancy, and disaster recovery
- Design and implement ExpressRoute options:
- Global Reach
- FastPath
- ExpressRoute Direct
- Choose between:
- Azure private peering
- Microsoft peering
- Both
- Configure Azure private peering
- Configure Microsoft peering
- Create and configure an ExpressRoute gateway
- Connect a VNet to an ExpressRoute circuit
- Recommend a route advertisement configuration
- Configure encryption over ExpressRoute
- Implement Bidirectional Forwarding Detection (BFD)
- Diagnose and resolve ExpressRoute connectivity issues
2.4 Azure Virtual WAN
- Select a Virtual WAN SKU
- Design a Virtual WAN architecture
- Create a hub in Virtual WAN
- Choose an appropriate scale unit for each gateway type
- Deploy a gateway into a Virtual WAN hub
- Configure virtual hub routing
- Integrate a Virtual WAN hub with third-party NVAs
3. Design and Implement Application Delivery Services (15–20%)
3.1 Azure Load Balancer and Traffic Manager
- Map requirements to Azure Load Balancer features
- Identify appropriate use cases for Azure Load Balancer
- Choose a Load Balancer SKU and tier
- Choose between public and internal load balancers
- Choose between regional and global load balancers
- Create and configure an Azure Load Balancer
- Implement Azure Traffic Manager
- Implement a gateway load balancer
- Implement load balancing rules
- Create and configure inbound NAT rules
- Create and configure outbound rules, including SNAT
3.2 Azure Application Gateway
- Map requirements to Application Gateway features
- Identify appropriate use cases
- Choose between manual and autoscale
- Create a backend pool
- Configure health probes
- Configure listeners
- Configure routing rules
- Configure HTTP settings
- Configure TLS
- Configure rewrite sets
3.3 Azure Front Door
- Map requirements to Azure Front Door features
- Identify appropriate use cases
- Choose an appropriate tier
- Configure routing, origins, and endpoints
- Configure SSL termination and end-to-end SSL encryption
- Configure caching
- Configure traffic acceleration
- Implement rules, URL rewrite, and URL redirect
- Secure an origin using Azure Private Link
4. Design and Implement Private Access to Azure Services (10–15%)
4.1 Azure Private Link and Private Endpoints
- Plan private endpoints
- Create private endpoints
- Configure access to private endpoints
- Create a Private Link service
- Integrate Private Link and Private Endpoint with DNS
- Integrate a Private Link service with on-premises clients
4.2 Service Endpoints
- Choose when to use a service endpoint
- Create service endpoints
- Configure service endpoint policies
- Configure access to service endpoints
5. Design and Implement Azure Network Security Services (15–20%)
5.1 Network Security Groups (NSGs) and ASGs
- Create a network security group (NSG)
- Associate an NSG to a resource
- Create an application security group (ASG)
- Associate an ASG to a NIC
- Create and configure NSG inbound and outbound rules
- Configure NSGs for remote administration, including Azure Bastion
5.2 Network Traffic Monitoring and Analysis
- Implement virtual network flow logs
- Interpret VNet flow logs
- Interpret NSG flow logs
- Validate NSG flow rules
- Verify IP flow
5.3 Azure Virtual Network Manager Security
- Implement and manage virtual network security using Azure Virtual Network Manager
5.4 Azure Firewall and Firewall Manager
- Map requirements to Azure Firewall features
- Select an appropriate Azure Firewall SKU
- Design an Azure Firewall deployment
- Create and implement an Azure Firewall
- Configure Azure Firewall rules
- Create and implement Azure Firewall Manager policies
- Create a secure hub using Azure Firewall in Virtual WAN
5.5 Web Application Firewall (WAF)
- Map requirements to WAF features
- Design a WAF deployment
- Configure detection or prevention mode
- Configure WAF rule sets for:
- Azure Front Door
- Application Gateway
- Implement a WAF policy
- Associate a WAF policy
