The Microsoft AZ-700 certification is tailored for professionals with expertise in designing, implementing, and managing Azure networking solutions. It validates your ability to build secure, reliable, and scalable network infrastructure in Microsoft Azure. Candidates pursuing this certification are expected to demonstrate proficiency in the following core domains:

• Designing and implementing core network infrastructure
• Configuring hybrid connectivity solutions
• Deploying application delivery services
• Enabling private access to Azure services
• Implementing network security and monitoring

– Role of an Azure Network Engineer

As an Azure Network Engineer, you are responsible for enhancing the performance, scalability, and security of cloud networking environments. Your day-to-day tasks involve:

• Proactively monitoring network performance
• Troubleshooting and resolving connectivity and configuration issues
• Minimizing risk through effective network design and oversight

You play a vital role in ensuring seamless network operations across Azure workloads and hybrid environments.

– Collaboration with Other Roles

To effectively deliver Azure-based networking solutions, you frequently collaborate with:

• Solution Architects – to align network architecture with overall system design
• Cloud Administrators – for deployment and resource management
• Security Engineers – to enforce network protection measures
• Application Developers – for integrating networking with app services
• DevOps Engineers – to support CI/CD pipelines and automation

– Prerequisites and Foundational Knowledge

Before attempting the AZ-700 exam, it’s important to have hands-on experience with:

• Managing Azure compute, storage, and networking resources
• Understanding core networking concepts, including:
  • Domain name resolution (DNS)
  • Network protocols (TCP/IP, HTTP/S, etc.)
  • IP addressing and subnetting
  • Routing and network address translation (NAT)

Exam Details

The AZ-700: Designing and Implementing Microsoft Azure Networking Solutions certification exam is designed for professionals at the intermediate level, specifically targeting individuals in the role of a Network Engineer. Candidates are given 100 minutes to complete the exam, which includes both standard and interactive components, and the assessment is proctored to ensure exam integrity. The exam is available in multiple languages, including English, German, Spanish, French, Italian, Japanese, Korean, Portuguese (Brazil), Simplified Chinese, and Traditional Chinese. To pass the exam, a minimum score of 700 is required.

Microsoft also provides accommodations for individuals who use assistive technology, need extended time, or require modifications to the exam experience. These can be requested in advance to ensure a fair and accessible testing environment for all candidates.

Course Outline

The exam covers the following topics:

1. Designing and implementing core networking infrastructure (25–30%)

Designing and implementing private IP addressing for Azure resources

• Planning and implementing network segmentation and address spaces (Microsoft Documentation: Implement network segmentation patterns on Azure)
• Creating a virtual network (VNet) (Microsoft Documentation: Create a virtual network using the Azure portal)
• Planning and configuring subnetting for services, including VNet gateways, private endpoints, firewalls, application gateways, VNet-integrated platform services, and Azure Bastion (Microsoft Documentation: Integrate your app with an Azure virtual network, Create a site-to-site VPN connection in the Azure portal, Azure networking services overview)
• Planning and configuring subnet delegation (Microsoft Documentation: What is subnet delegation, Add or remove a subnet delegation)
• Planning and configuring shared or dedicated subnets
• Creating a prefix for public IP addresses (Microsoft Documentation: Public IP address prefix)
• Choosing when to use a public IP address prefix
• Planning and implementing a custom public IP address prefix (bring your own IP) (Microsoft Documentation: Custom IP address prefix (BYOIP))
• Creating a public IP address (Microsoft Documentation: Create, change, or delete an Azure public IP address)
• Associate public IP addresses to resources (Microsoft Documentation: Associate a public IP address to a virtual machine)
• Upgrading IP address SKU

Designing and implementing name resolution

• Designing name resolution inside a VNet (Microsoft Documentation: Name resolution for resources in Azure virtual networks)
• Configuring DNS settings for a VNet
• Designing public DNS zones (Microsoft Documentation: Overview of DNS zones and records)
• Designing private DNS zones (Microsoft Documentation: What is a private Azure DNS zone)
• Configuring a public or private DNS zone (Microsoft Documentation: Azure Private Endpoint DNS configuration)
• Linking a private DNS zone to a VNet (Microsoft Documentation: What is a virtual network link)
• Designing and implementing Azure DNS Private Resolver

Designing and implementing VNet connectivity and routing

• Designing service chaining, including gateway transit (Microsoft Documentation: Virtual network peering, Configure VPN gateway transit for virtual network peering)
• Implementing VNet peering
• Implementing and managing virtual networks by using Azure Virtual Network Manager
• Design and implement user-defined routes (UDRs) (Microsoft Documentation: Virtual network traffic routing)
• Associating a route table with a subnet (Microsoft Documentation: Create, change, or delete a route table)
• Configuring forced tunneling
• Diagnose and resolve routing issues (Microsoft Documentation: Diagnose a virtual machine routing problem)
• Designing and implementing Azure Route Server (Microsoft Documentation: What is Azure Route Server)
• Identifying appropriate use cases for a network address translation (NAT) gateway
• Implementing a NAT gateway (Microsoft Documentation: Create a NAT gateway using the Azure portal)

Monitoring networks

• Configuring monitoring, network diagnostics, and logs in Azure Network Watcher (Microsoft Documentation: What is Azure Network Watcher)
• Monitoring and troubleshooting network health by using Azure Network Watcher
• Monitor and troubleshoot networks by using Azure Monitor Network Insights
• Activating and monitoring distributed denial-of-service (DDoS) protection (Microsoft Documentation: What is Azure DDoS Protection)
• Evaluating network security recommendations identified by Microsoft Defender for Cloud Secure Score
• Evaluating network security recommendations identified by Microsoft Defender For Cloud Attack Path Analysis
• Identifying network resources by using Microsoft Defender for Cloud Security Explorer

2. Designing, implementing, and managing connectivity services (20–25%)

Design, implement, and manage a site-to-site VPN connection

• Designing a site-to-site VPN connection, including for high availability (Microsoft Documentation: Highly Available cross-premises and VNet-to-VNet connectivity)
• Selecting an appropriate VNet gateway stock-keeping unit (SKU) for site-to-site VPN requirements (Microsoft Documentation: What is Azure VPN Gateway)
• Implementing a site-to-site VPN connection (Microsoft Documentation: Create a site-to-site VPN connection)
• Identifying when to use a policy-based VPN versus a route-based VPN connection
• Creating and configuring a local network gateway
• Create and configure an IPsec/Internet Key Exchange (IKE) policy (Microsoft Documentation: Configure custom IPsec/IKE connection policies for S2S VPN and VNet-to-VNet: PowerShell)
• Creating and configuring a virtual network gateway
• Diagnose and resolve virtual network gateway connectivity issues
• Implementing Azure Extended Network (Microsoft Documentation: Extend your on-premises subnets into Azure)

Designing, implementing, and managing a point-to-site VPN connection

• Selecting an appropriate virtual network gateway SKU for point-to-site VPN requirements
• Selecting and configuring a tunnel type
• Selecting an appropriate authentication method
• Configuring RADIUS authentication (Microsoft Documentation: Plan NPS as a RADIUS server, RADIUS authentication with Azure Active Directory)
• Configuring authentication by using Microsoft Entra ID (Microsoft Documentation: Azure Active Directory authentication)
• Implementing a VPN client configuration file (Microsoft Documentation: Configure the Azure VPN Client)
• Diagnose and resolve client-side and authentication issues
• Specifying Azure requirements for Always On VPN
• Specifying Azure requirements for Azure Network Adapter (Microsoft Documentation: Use Azure Network Adapter to connect a server to an Azure Virtual Network)

Designing, implementing, and managing Azure ExpressRoute

• Selecting an ExpressRoute connectivity model (Microsoft Documentation: ExpressRoute connectivity models)
• Selecting an appropriate ExpressRoute SKU and tier (Microsoft Documentation: ExpressRoute virtual network gateways)
• Design and implement ExpressRoute to meet requirements, including cross-region connectivity, redundancy, and disaster recovery (Microsoft Documentation: Designing for disaster recovery with ExpressRoute private peering, Designing for high availability with ExpressRoute)
• Designing and implementing ExpressRoute options, including Global Reach, FastPath, and ExpressRoute Direct (Microsoft Documentation: ExpressRoute FastPath, About ExpressRoute Direct, ExpressRoute Global Reach)
• Choosing between Azure private peering only, Microsoft peering only, or both
• Configuring Azure private peering
• Configuring Microsoft peering (Microsoft Documentation: Create and modify peering for an ExpressRoute)
• Create and configure an ExpressRoute gateway (Microsoft Documentation: Configure a virtual network gateway for ExpressRoute)
• Connecting a virtual network to an ExpressRoute circuit (Microsoft Documentation: Connect a virtual network to an ExpressRoute)
• Recommending a route advertisement configuration
• Configure encryption over ExpressRoute (Microsoft Documentation: ExpressRoute encryption)
• Implementing Bidirectional Forwarding Detection (Microsoft Documentation: Configure BFD over ExpressRoute)
• Diagnose and resolve ExpressRoute connection issues (Microsoft Documentation: Verify ExpressRoute connectivity)

Designing and implementing an Azure Virtual WAN architecture

• Selecting a Virtual WAN SKU (Microsoft Documentation: What is Azure Virtual WAN)
• Designing a Virtual WAN architecture, including selecting types and services
• Creating a hub in Virtual WAN
• Choosing an appropriate scale unit for each gateway type (Microsoft Documentation: Scaling Application Gateway v2 and WAF v2)
• Deploying a gateway into a Virtual WAN hub
• Configuring virtual hub routing (Microsoft Documentation: How to configure virtual hub routing)
• Integrating a Virtual WAN hub with a third-party NVA for cloud connectivity

3. Designing and implementing application delivery services (15–20%)

Designing and implementing Azure Load Balancer and Azure Traffic Manager

• Mapping requirements to features and capabilities of Azure Load Balancer (Microsoft Documentation: What is Azure Load Balancer)
• Identifying appropriate use cases for Azure Load Balancer
• Choosing an Azure Load Balancer SKU and tier (Microsoft Documentation: Azure Load Balancer SKUs)
• Choosing between public and internal load balancers
• Choosing between regional and global load balancer
• Creating and configuring an Azure Load Balancer (Microsoft Documentation: Create a public load balancer to load balance VMs using the Azure portal)
• Implementing Azure Traffic Manager
• Implementing a gateway load balancer
• Implement a load balancing rule (Microsoft Documentation: Manage rules for Azure Load Balancer using the Azure portal)
• Creating and configuring inbound NAT rules (Microsoft Documentation: Create a single virtual machine inbound NAT rule using the Azure portal)
• Creating and configuring explicit outbound rules, including source network address translation (SNAT) (Microsoft Documentation: Use Source Network Address Translation (SNAT) for outbound connections)

Designing and implementing Azure Application Gateway

• Mapping requirements to features and capabilities of Azure Application Gateway (Microsoft Documentation: Azure Application Gateway features)
• Identifying appropriate use cases for Azure Application Gateway
• Choosing between manual and autoscale
• Create a back-end pool (Microsoft Documentation: Backend pool management)
• Configuring health probes (Microsoft Documentation: Azure Load Balancer health probes)
• Configuring listeners (Microsoft Documentation: Application Gateway listener configuration)
• Configuring routing rules
• Configuring HTTP settings (Microsoft Documentation: Application Gateway HTTP settings configuration)
• Configuring Transport Layer Security (TLS) (Microsoft Documentation: Transport Layer Security (TLS) registry settings)
• Configuring rewrite sets (Microsoft Documentation: Rewrite URL with Azure Application Gateway)

Designing and implementing Azure Front Door

• Mapping requirements to features and capabilities of Azure Front Door (Microsoft Documentation: What is Azure Front Door)
• Identifying appropriate use cases for Azure Front Door
• Choosing an appropriate tier
• Configuring an Azure Front Door, including routing, origins, and endpoints (Microsoft Documentation: Origins and origin groups in Azure Front Door, What is Azure Front Door)
• Configuring SSL termination and end-to-end SSL encryption (Microsoft Documentation: Overview of TLS termination and end to end TLS with Application Gateway)
• Configuring caching
• Configuring traffic acceleration (Microsoft Documentation: Load-balancing options)
• Implementing rules, URL rewrite, and URL redirect (Microsoft Documentation: Creating Rewrite Rules for the URL Rewrite Module)
• Securing an origin by using Azure Private Link in Azure Front Door (Microsoft Documentation: Secure your Origin with Private Link in Azure Front Door Premium)

4. Designing and implementing private access to Azure services (10–15%)

Designing and implementing Azure Private Link service and Azure private endpoints

• Planning private endpoints
• Creating private endpoints
• Configuring access to private endpoints
• Creating a Private Link service
• Integrating Private Link and Private Endpoint with DNS
• Integrating a Private Link service with on-premises clients

Designing and implementing service endpoints

• Choosing when to use a service endpoint (Microsoft Documentation: Virtual Network service endpoints)
• Creating service endpoints (Microsoft Documentation: Create, change, or delete service endpoint policy using the Azure portal)
• Configuring service endpoint policies
• Configuring access to service endpoints

5. Designing and implementing Azure network security services (15–20%)

Implementing and managing network security groups

• Creating a network security group (NSG) (Microsoft Documentation: Create, change, or delete a network security group)
• Associating an NSG to a resource
• Creating an application security group (ASG) (Microsoft Documentation: Application security groups)
• Associate an ASG to a network interface card (NIC) (Microsoft Documentation: Create, change, or delete a network interface)
• Creating and configuring NSG rules
• Interpreting NSG flow logs (Microsoft Documentation: Introduction to flow logs for network security groups)
• Validating NSG flow rules
• Verify ingIP flow
• Configuring an NSG for remote server administration, including Azure Bastion (Microsoft Documentation: Working with NSG access and Azure Bastion)
• Implement and manage virtual network security by using Azure Virtual Network Manager

Designing and implementing Azure Firewall and Azure Firewall Manager

• Mapping requirements to features and capabilities of Azure Firewall (Microsoft Documentation: Azure Firewall Standard features)
• Selecting an appropriate Azure Firewall SKU
• Designing an Azure Firewall deployment (Microsoft Documentation: Deploy and configure Azure Firewall using the Azure portal)
• Creating and implementing an Azure Firewall deployment
• Configuring Azure Firewall rules (Microsoft Documentation: What is Azure Firewall?)
• Creating and implementing Azure Firewall Manager policies (Microsoft Documentation: Azure Firewall Manager policy overview)
• Creating a secure hub by deploying Azure Firewall inside an Azure Virtual WAN hub (Microsoft Documentation: Configure Azure Firewall in a Virtual WAN hub)

Designing and implementing a Web Application Firewall (WAF) deployment

• Mapping requirements to features and capabilities of WAF
• Designing a WAF deployment (Microsoft Documentation: What is Azure Web Application Firewall on Azure Application Gateway?)
• Configuring detection or prevention mode
• Configuring rule sets for WAF on Azure Front Door (Microsoft Documentation: Create a Web Application Firewall policy on Azure Front Door)
• Configuring rule sets for WAF on Application Gateway
• Implementing a WAF policy (Microsoft Documentation: Create Web Application Firewall policies for Application Gateway)
• Associating a WAF policy

Microsoft AZ-700 Exam FAQs

Click Here for FAQs!

Microsoft Certification Exam Policies

Microsoft enforces a standardized and transparent set of certification exam policies designed to uphold fairness, consistency, and integrity across the entire certification process. These policies are applied uniformly, regardless of whether the exam is taken online under supervision or at an authorized testing center.

Exam Retake Policy

Candidates who do not pass an exam on their first attempt must wait a minimum of 24 hours before retaking it. For all subsequent attempts, a 14-day waiting period is required between each try. Microsoft permits up to five attempts for the same exam within a 12-month period. Once a candidate successfully passes an exam, additional retakes are not allowed unless a recertification is required due to expiration. Standard exam fees apply to every retake.

Rescheduling and Cancellation Policy

Candidates may reschedule or cancel their exam appointments at no charge if the request is made at least six business days before the scheduled exam date. Changes made within five business days may incur a rescheduling or cancellation fee. If a cancellation is made within 24 hours of the exam or if the candidate fails to appear, the full exam fee will be forfeited.

Microsoft AZ-700 Exam Study Guide

Step 1: Understand the Exam Objectives Thoroughly

Begin your preparation by reviewing the official AZ-700 exam skills outline provided by Microsoft. This document details every topic and subtopic covered in the exam, including areas like network design, hybrid connectivity, private access, application delivery, and network security. Familiarizing yourself with these domains helps you build a roadmap for your study plan and ensures that you focus your efforts on the most relevant skills assessed during the exam.

Step 2: Use Official Microsoft Learning Resources

Leverage the official learning paths and modules available on Microsoft Learn, which are curated specifically for the AZ-700 exam. These self-paced, interactive materials provide hands-on experience and scenario-based instruction aligned with real-world networking challenges in Azure. Additionally, consider using the Microsoft Instructor-Led Training (ILT) if you prefer a structured classroom environment guided by certified trainers. This includes a training course for the AZ-700 exam:

– Designing and Implementing Microsoft Azure Networking Solutions

This course equips Network Engineers with the skills to design, implement, and manage secure and scalable networking solutions in Microsoft Azure. Key topics include core Azure networking, hybrid connectivity, load balancing, routing, private access, and network security and monitoring. Ideal for Network Engineers aiming to specialize in Azure networking, this course is suited for professionals with experience in enterprise networking, cloud or on-prem infrastructure, and network security. Azure Network Engineers are responsible for optimizing the performance, security, and scalability of network solutions in Azure.

Step 3: Gain Practical Experience in Azure

While theoretical knowledge is essential, the AZ-700 exam heavily emphasizes practical application. Set up a test environment in the Azure portal or use Azure free credits to experiment with configuring virtual networks, route tables, VPN gateways, application gateways, and network security groups. This hands-on experience reinforces your understanding of how Azure networking components interact and prepares you to solve practical challenges.

Step 4: Join Study Groups and Online Communities

Engaging with fellow learners and professionals can enhance your preparation significantly. Join Azure-focused study groups on platforms like Reddit, LinkedIn, or Microsoft Tech Community, where members share resources, discuss complex topics, and offer insights based on their exam experiences. Participating in these communities also keeps you updated on any recent changes in exam content or Azure services.

Step 5: Take Practice Tests and Assess Readiness

Regularly assess your progress by taking AZ-700-specific practice tests from reputable platforms. These mock exams simulate the actual testing environment and help you identify areas where you need improvement. Analyze your results carefully to address weak points and reinforce key concepts. Some platforms even provide detailed explanations and performance analytics to guide your review.

Step 6: Review and Reinforce Before the Exam

In the final days before your exam, revisit the exam objectives to ensure complete coverage of all topics. Focus on reviewing complex concepts like hybrid network architectures, ExpressRoute, and secure application delivery. Use flashcards, whiteboards, or mind maps to reinforce retention. Rest adequately and avoid cramming the night before—clarity of mind is just as important as preparation.