Exam AZ-800: Administering Windows Server Hybrid Core Infrastructure Cheat Sheet 2025

Starting on the journey to master hybrid core infrastructure administration within the Microsoft ecosystem demands a robust understanding of both on-premises Windows Server environments and their seamless integration with Azure. The AZ-800: Administering Windows Server Hybrid Core Infrastructure certification stands as a testament to your proficiency in this complex domain, validating your ability to deploy, manage, and troubleshoot critical services spanning traditional data centers and the cloud. This comprehensive AZ-800 cheat sheet is meticulously crafted to serve as your indispensable companion, condensing the vast expanse of exam objectives into a digestible, readily accessible format.

Whether you’re fine-tuning your knowledge before the exam, seeking a quick reference during real-world troubleshooting, or simply aiming to solidify your expertise in areas like Active Directory Domain Services, Hyper-V, Azure AD Connect, Azure Arc, and advanced networking configurations, this guide will equip you with the essential terms, services, and practical insights necessary to navigate the AZ-800 exam and the dynamic landscape of modern hybrid infrastructure with confidence.

The Importance of a Microsoft AZ-800 Cheat Sheet

Due to its broad scope, preparing for the Microsoft Exam AZ-800 can be overwhelming. A well-structured cheat sheet condenses key concepts, commands, and configurations, making revision efficient and effective. It serves as a study aid and a quick reference for real-world Windows Server hybrid administration.

Quick Review & Reinforcement
- Summarizes essential topics for fast revision.
- Provides a last-minute study boost.
Targeted Focus
- Highlights critical services, configurations, and troubleshooting.
- Helps identify knowledge gaps.
Practical Reference
- Offers quick access to commands and configurations.
- Assists in real-world troubleshooting.
Exam Confidence Boost
- Familiarizes candidates with key exam content.
- Reinforces essential skills and reduces anxiety.
Hybrid Infrastructure Clarity
- Explains integration of Windows Server with Azure.
- Covers identity, security, and hybrid management.
Efficient Knowledge Retrieval
- Organizes information logically for quick access.
- Uses clear, concise language for better comprehension.
PowerShell & Command-Line Reference
- Lists key PowerShell cmdlets and Azure CLI commands.
- Reduces errors and improves efficiency.
Troubleshooting Support
- Provides quick fixes for common errors.
- Offers best practices for resolving hybrid issues.
Azure Arc Integration
- Outlines steps to onboard on-premises servers.
- Summarizes Azure policies and governance best practices.

Microsoft AZ-800 Exam Cheat Sheet

This cheat sheet provides a quick reference for key topics covered in the Microsoft AZ-800 exam, which focuses on administering Windows Server in hybrid and on-premises environments. It covers core infrastructure services, identity and access management, storage solutions, networking, virtualization, and monitoring. Use this guide to reinforce your knowledge and prepare efficiently for the exam.

Exam AZ-800: Overview

The Microsoft AZ-800 exam is designed for IT professionals responsible for configuring, managing, and maintaining Windows Server workloads across on-premises, hybrid, and Infrastructure as a Service (IaaS) environments. As a Windows Server Hybrid Administrator, you play a key role in integrating Windows Server environments with Azure services, managing on-premises infrastructure, and migrating workloads to Azure.

– Key Responsibilities

Hybrid Integration: Seamlessly integrate Windows Server environments with Azure services.
On-Premises & Cloud Workloads: Administer and maintain Windows Server in on-premises networks and Azure IaaS.
Deployment & Migration: Manage workload deployment, migration, and security across hybrid environments.

– Collaboration & Expertise

Professionals in this role work closely with:

Azure administrators
Enterprise architects
Microsoft 365 administrators
Network engineers

– Skills & Technologies Covered

Candidates must demonstrate expertise in deploying, securing, updating, and configuring Windows Server workloads using a mix of on-premises, hybrid, and cloud technologies. The exam focuses on:

Identity & Access Management (e.g., Active Directory, Azure AD)
Security & Compliance (e.g., Microsoft Defender for Identity, Defender for Cloud)
Infrastructure Management (e.g., Windows Admin Center, PowerShell, Azure Arc, Azure Policy)
Networking & Storage (e.g., hybrid networking, high availability, disaster recovery)
Monitoring & Automation (e.g., Azure Monitor, Azure Update Manager)

– Prerequisites

To succeed in this exam, candidates should have several years of experience working with Windows Server operating systems, including administration, deployment, and security in hybrid environments.

Core Windows Server Administration (On-Premises)

Windows Server remains the backbone of enterprise IT environments, providing essential services for networking, storage, virtualization, security, and application hosting. In the AZ-800: Administering Windows Server Hybrid Core Infrastructure exam, candidates must demonstrate expertise in managing Windows Server on-premises while integrating hybrid solutions with Azure.

This section delves into the fundamental aspects of Windows Server administration, covering installation, storage management, networking, virtualization, and security. Mastering these concepts ensures efficient deployment, management, and maintenance of Windows Server in enterprise environments.

– Installing and Configuring Windows Server

A solid understanding of Windows Server installation and configuration is critical for maintaining an efficient and secure IT infrastructure.

1. Installation Options

Windows Server offers different installation modes, each suited for specific use cases:

Server Core: A minimal installation without a graphical user interface (GUI), reducing the attack surface and resource consumption while requiring command-line administration via PowerShell or remote tools.
Desktop Experience: A full-featured installation with a GUI, ideal for administrators who prefer traditional interface-based management.
Installation Methods: Windows Server can be installed via ISO, USB, network-based deployment (PXE boot), or Windows Deployment Services (WDS).
Unattended Installation: Automated deployments can be achieved using answer files (unattend.xml) to configure settings during installation.

2. Storage Configuration

Efficient storage management ensures high availability, performance, and reliability in Windows Server environments.

Disk Partitioning:
- MBR (Master Boot Record): Limited to 2 TB disks and four primary partitions.
- GPT (GUID Partition Table): Supports larger disks and unlimited partitions, recommended for modern systems.
File Systems:
- NTFS (New Technology File System): Standard file system with support for permissions, encryption, and quotas.
- ReFS (Resilient File System): Designed for high availability, offering better fault tolerance and data integrity.
Storage Spaces & Storage Spaces Direct (S2D):
- Software-defined storage solutions that enable disk pooling, mirroring, tiering, and high-performance storage for Hyper-V environments.

3. Network Configuration

Proper network configuration ensures seamless communication and security within a Windows Server environment.

IP Addressing: Understanding IPv4 and IPv6 addressing, subnet masks, and default gateways.
DNS (Domain Name System): Essential for name resolution; configuring forwarders, conditional forwarding, and zone transfers.
DHCP (Dynamic Host Configuration Protocol): Automating IP address assignments with scopes, reservations, and options.
Network Adapters: Configuring network interfaces, NIC teaming for load balancing, and virtual adapters for Hyper-V environments.

4. Roles and Features Installation

Windows Server allows administrators to deploy and manage various services through Server Manager and PowerShell (Install-WindowsFeature).

Key roles include:

Hyper-V: Microsoft’s native hypervisor for virtualization.
File and Storage Services: Management of SMB (Server Message Block), NFS (Network File System), and iSCSI storage.
Active Directory Domain Services (AD DS): Centralized authentication and identity management.

– Managing Windows Server Storage

Efficient storage management optimizes performance, redundancy, and disaster recovery.

1. Disk and Volume Management

Basic vs. Dynamic Disks: Dynamic disks allow for flexible volume management, including spanned, striped, mirrored, and RAID-5 volumes.
Disk Initialization: Setting disks online/offline, formatting, and partitioning.

2. Storage Spaces Direct (S2D)

Cluster-based storage pooling for high availability.
Fault tolerance via mirroring, parity, and caching.
Health monitoring using PowerShell and Windows Admin Center.

3. File and Storage Services

SMB and NFS Shares: Configuring network file shares with access-based enumeration and permission management.
iSCSI Configuration: Setting up iSCSI target servers and initiators for network-based storage solutions.

4. Data Deduplication and Compression

Reducing storage overhead by enabling data deduplication for file servers.
Implementing compression techniques to optimize disk usage.

– Windows Server Networking

Networking in Windows Server is crucial for communication, security, and remote management.

1. Network Adapter Management

Updating drivers and troubleshooting connectivity issues.
Enabling advanced adapter features like jumbo frames and offloading for better performance.

2. IP Addressing and Subnetting

Subnet calculations, IP address management, and static vs. dynamic addressing.
Configuring DHCP for automated IP management.

3. DNS and DHCP Configuration

Managing DNS zones (forward lookup, reverse lookup) and troubleshooting name resolution issues.
Configuring DHCP reservations, scope options, and failover settings.

4. Network Security and Firewalls

Windows Defender Firewall: Configuring inbound/outbound rules and connection security policies.
IPsec (Internet Protocol Security): Securing communications with transport and tunnel modes.

5. Software-Defined Networking (SDN)

Hyper-V Network Virtualization (HNV): Creating isolated networks within virtualized environments.
Network Controller: Centralized management for SDN-based networks.

– Hyper-V and Virtualization

Windows Server includes Hyper-V, a powerful virtualization platform for creating and managing virtual machines (VMs).

1. Hyper-V Installation and Configuration

Enabling Hyper-V via Server Manager or PowerShell.
Configuring virtual switches (external, internal, private) for network connectivity.
Nested virtualization for running Hyper-V inside a VM.

2. Virtual Machine (VM) Management

Creating and configuring VMs with memory, CPU, and disk settings.
Snapshots (checkpoints) for restoring VM states.
Live Migration and Hyper-V Replica for disaster recovery and failover.

3. Shielded VMs and Guarded Fabric

Protecting VMs with encryption and securing host environments using the Host Guardian Service (HGS).

– Windows Server Security

Security is a core component of Windows Server administration, ensuring data protection and compliance.

1. Group Policy and Access Control

Group Policy Management Console (GPMC) for enforcing security settings across domain-joined machines.
Implementing security templates and baselines to harden systems.

2. Windows Defender and Security Hardening

Configuring Windows Defender Antivirus and Exploit Guard for real-time threat detection.
Applying Microsoft security baselines to enforce best practices.

3. BitLocker and Encryption

Encrypting system drives and removable storage to prevent unauthorized access.
Managing recovery keys and enforcing encryption policies via Group Policy.

4. Auditing and Event Logging

Configuring security audit policies to track authentication attempts and administrative actions.
Analyzing event logs to detect potential security incidents.

5. Just Enough Administration (JEA)

Implementing JEA endpoints to limit administrative privileges.
Defining role-based access with PowerShell constraints.

Active Directory Domain Services (AD DS)

Active Directory Domain Services (AD DS) is a critical component of Microsoft Windows Server, providing a centralized framework for identity and access management. It allows organizations to manage users, computers, and other networked devices within a structured directory. AD DS enables authentication and authorization, helping to enforce security policies, streamline resource management, and ensure seamless communication within an enterprise environment. This section delves into the essential aspects of AD DS, covering deployment, user and group management, Group Policy, replication, and advanced features in a detailed and professional manner.

– AD DS Deployment

1. Domain Controller Installation and Promotion

Deploying AD DS requires careful planning to ensure a stable and secure directory environment. Before installing a domain controller, prerequisites such as proper DNS configuration and the assignment of static IP addresses must be met. DNS is integral to AD DS, as it facilitates name resolution and domain controller discovery.

To install AD DS and create a new forest, administrators can use PowerShell:

Install-ADDSForest -DomainName example.com

If adding a domain controller to an existing domain, the following command is used:

Install-ADDSDomainController -DomainName example.com

In cases where a domain controller needs to be removed, demotion can be achieved with:

Uninstall-ADDSDomainController

The Domain and Forest Functional Levels determine the features available in an Active Directory environment. Upgrading these levels allows the utilization of newer security enhancements and features, achieved via:

Set-ADForestMode -Identity example.com -ForestMode Windows2016Forest
Set-ADDomainMode -Identity example.com -DomainMode Windows2016Domain

2. Forests, Domains, and Organizational Units (OUs)

Active Directory is structured hierarchically, starting with forests, which act as the topmost security boundary containing one or more domains. Each domain within a forest shares a schema, Global Catalog, and trust relationships with other domains. Organizational Units (OUs) allow further structuring within domains, enabling delegation of administrative control and the application of Group Policy settings.

Trust Relationships play a crucial role in cross-domain authentication. Different trust types include:

Forest Trusts: Enable resource sharing across different forests.
External Trusts: Provide access to resources between AD and non-AD domains.
Shortcut Trusts: Improve authentication performance in large AD structures.

3. DNS Integration

Since AD DS is heavily dependent on DNS, ensuring proper configuration is essential. Active Directory-integrated DNS zones allow for automatic registration of domain controllers and seamless name resolution.

Service (SRV) records, such as:

_ldap._tcp.dc._msdcs.example.com

are crucial for locating domain controllers. Troubleshooting DNS-related AD issues often involves:

nslookup example.com

dcdiag /test:dns

4. Global Catalog and FSMO Roles

The Global Catalog (GC) plays a significant role in cross-domain searches and authentication processes by storing a partial replica of all objects in the forest. It ensures users can log in and locate directory objects efficiently.

AD DS also relies on five Flexible Single Master Operations (FSMO) roles:

Schema Master: Controls schema modifications.
Domain Naming Master: Manages additions and removals of domains.
RID Master: Allocates unique security identifiers (SIDs).
PDC Emulator: Responsible for password updates, time synchronization, and Group Policy updates.
Infrastructure Master: Maintains references to objects in other domains.

Transferring FSMO roles can be done using:

Move-ADDirectoryServerOperationMasterRole

In cases of failure, roles can be seized with ntdsutil.

– User and Group Management

1. User Account Creation and Management

User accounts are a fundamental component of AD DS, representing individuals who require access to network resources. Accounts can be created manually using the Active Directory Users and Computers (ADUC) console or via PowerShell:

New-ADUser -Name "John Doe" -SamAccountName jdoe -UserPrincipalName [email protected] -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true

User attributes such as password expiration, logon scripts, and profile paths can be modified using:

Set-ADUser -Identity jdoe -Title "IT Administrator"

2. Group Management

AD DS utilizes groups to simplify permissions management. The two main types are:

Security Groups: Used to assign permissions for resources.
Distribution Groups: Used primarily for email distribution.

Groups can be created and managed through:

New-ADGroup -Name "ITAdmins" -GroupScope Global -GroupCategory Security

Add-ADGroupMember -Identity "ITAdmins" -Members jdoe

3. Delegation of Control

The Delegation of Control Wizard allows administrators to assign specific permissions to non-administrator users or groups. Delegation is particularly useful in large environments where administrative responsibilities need to be distributed securely.

4. Password and Account Lockout Policies

To enforce security, AD DS supports domain-wide password and account lockout policies. Fine-Grained Password Policies (FGPPs) allow different policies to be applied to specific users or groups. These are configured using:

New-ADFineGrainedPasswordPolicy -Name "StrictPolicy" -Precedence 1 -MinPasswordLength 12 -LockoutThreshold 5

– Group Policy Management

Group Policy Objects (GPOs) are a powerful tool for enforcing security settings, deploying software, and configuring user environments. They are managed using the Group Policy Management Console (GPMC).

Policies are applied hierarchically:

Local (applied to individual computers)
Site (applied to all computers in a geographical location)
Domain (affects all users and computers in the domain)
OU (applied at a granular level to organizational units)

Troubleshooting Group Policy issues can be done using:

gpresult /r

rsop.msc

– AD DS Replication and Sites

Replication ensures consistency across domain controllers. It occurs intra-site (within a single site) for fast updates and inter-site (between geographically separated sites) for optimized bandwidth use.

Replication health can be monitored using:

repadmin /showrepl

repadmin /replsummary

– Advanced AD DS Features

1. Active Directory Recycle Bin

The Active Directory Recycle Bin allows recovery of deleted objects without needing a full restore:

Enable-ADOptionalFeature -Identity "Recycle Bin Feature"

2. Read-Only Domain Controllers (RODCs)

RODCs provide secure domain controller functionality for remote offices with limited security.

3. Active Directory Federation Services (AD FS)

AD FS enables Single Sign-On (SSO) for web applications using claims-based authentication.

Hybrid Infrastructure Management (Azure Integration)

As organizations adopt cloud computing, integrating on-premises infrastructure with cloud environments has become essential for efficiency, security, and scalability. Hybrid infrastructure management ensures seamless connectivity, identity synchronization, and workload extension between Windows Server environments and Azure cloud services. The AZ-800 exam evaluates knowledge of these integrations, requiring expertise in identity federation, virtual networking, hybrid identity, and storage synchronization. This section provides a detailed understanding of the core technologies that enable a hybrid IT ecosystem, blending theoretical knowledge with practical implementation strategies.

– Azure AD Connect: Synchronizing Identities

1. Overview of Azure AD Connect

Azure AD Connect is a crucial tool for enabling hybrid identity by synchronizing on-premises Active Directory with Azure Active Directory (Azure AD). It ensures that users can access both cloud and on-premises resources using a single identity, simplifying authentication and reducing administrative overhead.

2. Installation and Configuration

The installation process involves choosing between Express and Custom installations. Express mode is suitable for most organizations, configuring default settings for synchronization, while Custom mode provides granular control over sync options and filtering rules.

3. Synchronization Methods

Azure AD Connect offers multiple authentication and synchronization methods, each with specific use cases:

Password Hash Synchronization (PHS): Hashes user passwords and syncs them to Azure AD, enabling Single Sign-On (SSO) with Azure-based services.
Pass-through Authentication (PTA): Authenticates users directly against on-premises Active Directory without storing password hashes in Azure AD.
Federation with AD FS: Leverages Active Directory Federation Services (AD FS) for organizations requiring advanced authentication mechanisms such as SAML or WS-Federation.

4. Monitoring and Troubleshooting

Common troubleshooting techniques include:

Using Synchronization Service Manager to check sync status and resolve errors.
Reviewing Event Logs for Azure AD Connect issues.
Using Azure AD Connect Health to monitor synchronization activities and detect anomalies.

– Azure Virtual Machines: Extending On-Premises Workloads

1. Deploying Windows Server VMs in Azure

Azure Virtual Machines (VMs) allow organizations to extend their on-premises workloads to the cloud. Key deployment considerations include:

Selecting the appropriate VM size based on workload requirements.
Choosing between Windows Server editions (Datacenter, Standard, or specialized roles such as domain controllers).

2. Networking for Hybrid VMs

Azure networking plays a vital role in connecting on-premises environments with Azure-based VMs:

Virtual Networks (VNets): Provide an isolated network environment for Azure resources.
Subnets: Segment VNets to enhance security and resource organization.
Network Security Groups (NSGs): Define inbound and outbound traffic rules for VMs.

3. Storage Management for Azure VMs

Managed Disks: Provide scalable, high-performance storage for Azure VMs.
Azure Blob Storage and File Shares: Enable hybrid storage solutions accessible by on-premises systems.

4. Backup and Disaster Recovery

Azure Backup: Automates VM backups and supports point-in-time recovery.
Azure Site Recovery: Ensures business continuity by replicating VMs to Azure for failover scenarios.

– Azure AD and Hybrid Identity: Unified Access Management

1. Role of Azure AD in Hybrid Environments

Azure AD provides identity and access management across cloud and hybrid infrastructures. It enables centralized authentication, reducing the need for on-premises identity services.

2. Role-Based Access Control (RBAC)

Azure AD RBAC defines permissions for users, groups, and applications.
Assigning roles such as Global Administrator, User Administrator, and Security Administrator helps enforce security best practices.

3. Conditional Access and Multi-Factor Authentication (MFA)

To enhance security, organizations implement:

Conditional Access Policies: Restrict access based on user location, device compliance, or risk level.
Multi-Factor Authentication (MFA): Adds an extra layer of security by requiring secondary authentication methods such as mobile app approval or SMS verification.

– Azure File Sync: Centralized File Sharing

1. Overview of Azure File Sync

Azure File Sync enables hybrid cloud file storage by synchronizing on-premises file servers with Azure Files. This allows organizations to maintain local file access while benefiting from cloud-based scalability and redundancy.

2. Deployment and Configuration

Deploy Storage Sync Services in Azure.
Register on-premises file servers and create Sync Groups.
Define Cloud Tiering Policies to automatically offload infrequently accessed files to Azure, optimizing storage efficiency.

3. Monitoring and Troubleshooting

Use Azure Monitor to track sync status and performance.
Review Storage Sync Event Logs for error diagnosis.
Utilize PowerShell commands to check sync health.

– Azure Arc: Managing Hybrid Resources

1. Introduction to Azure Arc

Azure Arc extends Azure’s management capabilities to on-premises servers, Kubernetes clusters, and multi-cloud environments, allowing organizations to unify operations across hybrid infrastructures.

2. Connecting On-Premises Servers to Azure Arc

Steps to onboard servers:

Install the Azure Connected Machine Agent on on-premises Windows or Linux servers.
Register machines in Azure Arc using PowerShell or Azure CLI.
Manage connected servers via the Azure Portal.

3. Policy and Governance with Azure Arc

Implement Azure Policy to enforce security compliance across hybrid environments.
Enable Azure Monitor for performance tracking and alerts.

– Azure Networking: Establishing Hybrid Connectivity

1. Hybrid Networking Essentials

Organizations require secure connectivity between on-premises infrastructure and Azure. Options include:

Azure Virtual Network Gateways for encrypted communications.
VPN Gateways for site-to-site or point-to-site connections.
ExpressRoute for high-bandwidth, low-latency private connections.

2. VPN and ExpressRoute Configuration

Deploy a VPN Gateway in Azure and configure IPSec tunnels to on-premises networks.
Set up ExpressRoute circuits for dedicated Azure connectivity, improving performance and security.

3. Monitoring and Troubleshooting Connectivity

Use Azure Network Watcher to diagnose connectivity issues.
Enable Azure Traffic Analytics for real-time network insights.
Implement NSG Flow Logs to analyze traffic patterns and troubleshoot network anomalies.

Monitoring and Troubleshooting

Effective monitoring and troubleshooting are essential for maintaining a healthy and efficient hybrid infrastructure. The AZ-800 exam emphasizes the ability to identify, diagnose, and resolve issues across both on-premises Windows Server environments and Azure cloud services. This section outlines key tools, techniques, and best practices for proactive monitoring and reactive troubleshooting.

– Performance Monitoring: Proactive Health Checks

Performance monitoring involves collecting and analyzing data to identify performance bottlenecks and potential issues before they impact users. Windows Server and Azure provide a range of tools for this purpose.

1. Performance Monitor and Resource Monitor

These built-in Windows Server tools provide real-time and historical performance data for various system resources, including CPU, memory, disk, and network.
Understanding key performance counters and how to interpret their values is crucial for diagnosing system performance issues.

2. Data Collector Sets (DCS)

DCS allows for customized performance data collection configurations, enabling targeted monitoring of specific resources and applications.
Schedule DCS to run periodically and log data for trend analysis to detect early signs of system degradation.

3. Analyzing Performance Data

Utilize tools like Performance Monitor and Event Viewer to analyze collected performance data and identify patterns and anomalies.
Establish performance baselines to compare against current metrics and identify potential issues proactively.

– Event Logging: Auditing and Diagnostics

Event logs provide a record of system events, including errors, warnings, and informational messages. They are invaluable for diagnosing issues and auditing security events.

1. Event Viewer and Event Log Analysis

The Event Viewer provides a centralized interface for viewing and analyzing event logs.
Understanding different event log types (Application, Security, System) and their significance is crucial for effective troubleshooting.

2. Custom Event Views

Creating custom event views allows for filtering specific events of interest, reducing the complexity of log analysis.
Custom views improve efficiency in diagnosing application and system issues.

3. Forwarding Events

Configuring event forwarding enables centralized event log collection and analysis.
Centralized logging enhances security monitoring and ensures compliance with auditing policies.

– Troubleshooting Tools: Resolving Issues Efficiently

A variety of tools and techniques are available for troubleshooting issues in Windows Server and Azure environments.

1. Windows Admin Center (WAC)

WAC provides a centralized web-based management interface for Windows Server, simplifying troubleshooting tasks.
Utilize WAC’s built-in tools for performance monitoring, event log analysis, and remote management.

2. PowerShell Troubleshooting Cmdlets

PowerShell offers a rich set of cmdlets for troubleshooting various aspects of Windows Server and Azure.
Key cmdlets include Test-ComputerSecureChannel for Active Directory connectivity, Get-WinEvent for event log analysis, and Test-NetConnection for network diagnostics.

3. Azure Monitor

Azure Monitor provides comprehensive monitoring and diagnostics for Azure resources, including VMs, networks, and applications.
Use Azure Monitor’s alerts and logs to detect and resolve issues proactively.

– Backup and Recovery: Ensuring Data Protection and Resilience

Robust backup and recovery strategies are essential for minimizing downtime and data loss in hybrid environments.

1. Windows Server Backup

Windows Server Backup enables the creation of backups for on-premises servers and critical data.
Understanding backup scheduling, storage targets, and recovery procedures is crucial for maintaining data integrity.

2. Azure Backup Integration

Azure Backup extends backup capabilities by providing off-site protection and disaster recovery for on-premises and cloud-based resources.
Utilize Azure Backup to automate and manage backups for Azure VMs, ensuring business continuity in the event of failure.

4. Disaster Recovery Planning

Developing a comprehensive disaster recovery plan is essential for ensuring business continuity during major outages.
The plan should include procedures for failover, failback, and data recovery, with regular testing to validate effectiveness.

Key PowerShell Cmdlets and Commands

PowerShell is a critical tool for administrators managing hybrid infrastructure, enabling automation, configuration, and troubleshooting. The AZ-800 exam expects proficiency in using PowerShell cmdlets for various tasks. This section outlines key cmdlets and commands, categorized for easy reference.

– Essential PowerShell Cmdlets for Windows Server Administration

Windows Server relies on PowerShell for efficient management of storage, networking, Hyper-V, and general system administration. Mastering these commands enhances automation and simplifies complex administrative tasks.

1. Storage Management

Get-Disk: Retrieves disk information.
Initialize-Disk: Initializes a new disk.
New-Partition: Creates a new partition.
New-Volume: Creates a new volume.
Get-StoragePool, New-StoragePool, New-VirtualDisk: Manages Storage Spaces Direct.
Enable-Dedup, Get-DedupStatus: Manages Data Deduplication.

2. Network Management

Get-NetIPAddress: Retrieves IP address information.
New-NetIPAddress: Assigns a new IP address.
Get-NetAdapter: Retrieves network adapter details.
New-NetSwitchTeam: Creates a NIC team.
Add-DnsServerZone, Add-DnsServerResourceRecord: DNS management.
Add-DhcpServerv4Scope, Add-DhcpServerv4Reservation: DHCP management.
New-NetFirewallRule, Get-NetFirewallRule: Windows Defender Firewall management.

3. Hyper-V Management

New-VM, Set-VM, Get-VM: Manages virtual machines.
New-VMSwitch, Get-VMSwitch: Virtual switch management.
Checkpoint-VM, Restore-VMCheckpoint: Manages VM checkpoints.
Move-VM: Migrates virtual machines.

4. General System Administration

Get-Process, Stop-Process: Manages system processes.
Get-Service, Start-Service, Stop-Service: Service management.
Get-EventLog, Get-WinEvent: Event log management.
Install-WindowsFeature, Uninstall-WindowsFeature: Manages server roles and features.
Enable-PSRemoting, Enter-PSSession: Enables remote management.
Get-ScheduledTask, New-ScheduledTask: Manages scheduled tasks.

– Essential PowerShell Cmdlets for Active Directory

PowerShell provides robust tools for managing Active Directory (AD), user accounts, group policies, and replication. Understanding these cmdlets is essential for hybrid identity management.

1. User and Group Management

New-ADUser, Set-ADUser, Get-ADUser: Manages user accounts.
New-ADGroup, Add-ADGroupMember, Get-ADGroup: Manages groups and memberships.
Get-ADOrganizationalUnit, New-ADOrganizationalUnit: Manages Organizational Units (OUs).
Get-ADPrincipalGroupMembership: Retrieves user group memberships.

2. Group Policy Management

Get-GPO, New-GPO, Set-GPO: Creates and modifies Group Policy Objects (GPOs).
Get-GPResultantSetOfPolicy: Retrieves policy results.
Get-GPPermission, Set-GPPermission: Manages GPO permissions.

3. AD DS Management

Install-ADDSForest, Install-ADDSDomainController: Deploys AD DS.
Move-ADDirectoryServerOperationMasterRole: Manages FSMO roles.
Get-ADReplicationSite, New-ADReplicationSite: Manages AD replication sites.
Get-ADReplicationConnection, Get-ADReplicationPartnerMetadata: Analyzes AD replication.
Get-ADDeletedObject, Restore-ADObject: Manages the AD Recycle Bin.

– Essential Azure-Related PowerShell and Azure CLI Commands

Hybrid infrastructure requires knowledge of Azure PowerShell and Azure CLI for cloud resource management.

1. Azure AD Connect

Get-ADSyncScheduler, Start-ADSyncSyncCycle: Manages Azure AD Connect synchronization.

2. Azure Virtual Machines

Get-AzVM, New-AzVM, Start-AzVM, Stop-AzVM: Manages Azure VMs.
Get-AzVirtualNetwork, New-AzVirtualNetwork: Creates virtual networks.
Get-AzNetworkSecurityGroup, New-AzNetworkSecurityGroup: Configures Network Security Groups.
Get-AzDisk, New-AzDisk: Manages Azure disks.
Enable-AzVMBackup, Restore-AzVMBackup: Manages VM backups and restores.

3. Azure File Sync

New-AzStorageSyncService, New-AzStorageSyncGroup: Manages Azure File Sync services.

4. Azure Arc

az connectedmachine connect: Connects on-premises servers to Azure Arc.
az policy assignment create: Assigns Azure Policies.

5. Azure Networking

Get-AzVirtualNetworkGateway, New-AzVirtualNetworkGateway: Manages Virtual Network Gateways.
New-AzVpnConnection, New-AzExpressRouteCircuit: Configures VPN and ExpressRoute connections.

6. Azure CLI General

az login: Authenticates with Azure.
az group create, az group delete: Manages resource groups.
az storage account create, az storage blob upload: Manages Azure Storage and blobs.

AZ-800 Exam Preparation Tips and Strategies

Passing the AZ-800 exam requires a combination of technical knowledge, practical experience, and effective study strategies. This certification tests your ability to administer a Windows Server hybrid core infrastructure, requiring a deep understanding of both on-premises and cloud-based solutions. To succeed, candidates must develop a structured study plan, gain hands-on experience, and familiarize themselves with key concepts and technologies. Below are comprehensive strategies to help you prepare thoroughly and confidently for the exam.

1. Understand the Exam Objectives

The first step in your preparation should be a thorough review of the official Microsoft AZ-800 exam objectives. These objectives outline the key domains covered in the exam, providing a roadmap for your study plan. Understanding the weightage of each domain allows you to allocate study time efficiently, focusing on high-priority topics. Microsoft’s official documentation is an invaluable resource, offering detailed explanations of the technologies tested. Familiarizing yourself with the exam structure will help you approach each question with confidence. The topics are:

Topic 1: Deploy and manage Azure Directory Domain Services (AD DS) in on-premises and cloud environments (30–35%)

Deploy and manage AD DS domain controllers

deploy and manage domain controllers on-premises (MicrosoftDocumentation: Deploy and manage Azure IaaS Active Directory domain controllers in Azure)
deploying and managing domain controllers in Azure (MicrosoftDocumentation: Deploy AD DS in an Azure virtual network)
deploying read-only domain controllers (RODCs) (MicrosoftDocumentation: AD DS: Read-Only Domain Controllers)
troubleshoot flexible single master operation (FSMO) roles (MicrosoftDocumentation: Active Directory FSMO roles in Windows)

Configure and manage multi-site, multi-domain, and multi-forest environments

configuring and manage forest and domain trusts (MicrosoftDocumentation: How trust relationships work for resource forests in Azure Active Directory Domain Services)
configure and manage AD DS sites (MicrosoftDocumentation: Create and configure an Azure Active Directory Domain Services managed domain)
configure and manage AD DS replication (MicrosoftDocumentation: Active Directory Replication Concepts)

Create and manage AD DS security principals

create and manage AD DS users and groups (MicrosoftDocumentation: Create and configure an Azure Active Directory Domain Services managed domain)
manage users and groups in multi-domain and multi-forest scenarios (MicrosoftDocumentation: Multiple forests with AD DS and Azure AD)
implement group managed service accounts (gMSAs) (MicrosoftDocumentation: Group Managed Service Accounts Overview)
Join Windows Servers to AD DS, Microsoft Entra Domain Services, and Microsoft Entra

Implement and manage hybrid identities

Integrate Microsoft Entra ID, AD DS and Microsoft Entra Domain Services
implement Microsoft Entra Connect
manage Microsoft Entra Connect Synchronization
implement Microsoft Entra Connect cloud sync
manage Microsoft Entra Domain Services
managing Microsoft Entra Connect Health
manage authentication in on-premises and hybrid environments (MicrosoftDocumentation: Microsoft 365 integration with on-premises environments)
configure and manage AD DS passwords (MicrosoftDocumentation: Password and account lockout policies)

Manage Windows Server by using domain-based Group Policies

implement Group Policy in AD DS (MicrosoftDocumentation: Administer Group Policy in an Azure Active Directory Domain Services managed domain)
implementing Group Policy Preferences in AD DS (MicrosoftDocumentation: Group Policy Preferences)
implement Group Policy in Microsoft Entra Domain Services

Topic 2: Manage Windows Servers and workloads in a hybrid environment (10–15%)

Manage Windows Servers in a hybrid environment

deploy a Windows Admin Center Gateway server (MicrosoftDocumentation: Install Windows Admin Center)
configure a target machine for Windows Admin Center Gateway server (MicrosoftDocumentation: Troubleshooting Windows Admin Center)
configuring PowerShell Remoting (MicrosoftDocumentation: Enable-PSRemoting)
configure Credential Security Support Provider protocol (CredSSP) or Kerberos Delegation for 2nd Hop Remoting (MicrosoftDocumentation: Making the second hop in PowerShell Remoting)
configure Just Enough Administration (JEA) for PowerShell Remoting (MicrosoftDocumentation: Just Enough Administration)

Manage Windows Servers and workloads by using Azure services

manage Windows Servers by using Azure Arc (MicrosoftDocumentation: What is Azure Arc-enabled servers?)
Create and assign Azure Policy that uses guest configuration extension
deploy Azure services using Azure VM extensions on non-Azure machines (MicrosoftDocumentation: Virtual machine extensions and features for Windows)
manage updates for Windows machines (MicrosoftDocumentation: Update Management overview)
integrate Windows Servers with Log Analytics (MicrosoftDocumentation: Install Log Analytics agent on Windows computers)
Integrate Windows Servers with Microsoft Defender for Cloud
manage IaaS VMs in Azure that run Windows Server (MicrosoftDocumentation: Administer and manage Windows Server IaaS Virtual Machine remotely)
implement Azure Automation for hybrid workloads (MicrosoftDocumentation: Automation Hybrid Runbook Worker overview)
create runbooks to automate tasks on target VMs (MicrosoftDocumentation: Manage runbooks in Azure Automation)
Implement Azure Automation State Configuration to prevent configuration drift in IaaS machines (MicrosoftDocumentation: Azure Automation State Configuration overview)

Topic 3: Manage virtual machines and containers (15–20%)

Manage Hyper-V and guest virtual machines

enable VM enhanced session mode (MicrosoftDocumentation: Enable enhanced console session in VMM)
Manage VM using PowerShell remoting, PowerShell Direct and Secure Shell (SSH) Direct for Linux VMs
configure nested virtualization (MicrosoftDocumentation: Run Hyper-V in a Virtual Machine with Nested Virtualization)
configuring VM memory (MicrosoftDocumentation: Configure virtual machine settings in the VMM compute fabric)
configure Integration Services (MicrosoftDocumentation: Install Integration Services (SSIS))
configuring Discrete Device Assignment (MicrosoftDocumentation: Deploy graphics devices using Discrete Device Assignment)
configure VM Resource Groups (MicrosoftDocumentation: Manage Azure Resource Manager resource groups by using the Azure portal)
configuring VM CPU Groups (MicrosoftDocumentation: Virtual Machine Resource Controls)
configure hypervisor scheduling types (MicrosoftDocumentation: Managing Hyper-V hypervisor scheduler types)
manage VM Checkpoints (MicrosoftDocumentation: Enable or disable checkpoints)
implement high availability for virtual machines (MicrosoftDocumentation: Availability options for Azure Virtual Machines)
manage virtual hard disk (VHD) and virtual hard disk v2 (VHDX) files (MicrosoftDocumentation: Manage Virtual Hard Disks (VHD))
configure Hyper-V network adapter (MicrosoftDocumentation: Create a virtual switch for Hyper-V virtual machines)
configuring network interface card (NIC) Teaming (MicrosoftDocumentation: Create a new NIC Team on a host computer or VM)
configure Hyper-V switch

Create and manage containers

create Windows Server container images (MicrosoftDocumentation: Container Base Images)
manage Windows Server container images
configure Container networking (MicrosoftDocumentation: Windows container networking)
managing container instances (MicrosoftDocumentation: What is Azure Container Instances?)

Manage Azure Virtual Machines that run Windows Server

manage data disks (MicrosoftDocumentation: Introduction to Azure managed disks)
resize Azure VM (MicrosoftDocumentation: Change the size of a virtual machine)
configure connections to VMs (MicrosoftDocumentation: How to connect and sign on to an Azure virtual machine running Windows)
manage Azure VM network configuration (MicrosoftDocumentation: Virtual networks and virtual machines in Azure)

Topic 4: Implement and manage an on-premises and hybrid networking infrastructure (15–20%)

Implement on-premises and hybrid name resolution

integrate DNS with AD DS (MicrosoftDocumentation: DNS and AD DS)
create and manage DNS zones and records (MicrosoftDocumentation: Overview of DNS zones and records)
configure DNS forwarding/conditional forwarding (MicrosoftDocumentation: Forwarders and conditional forwarders resolution timeouts)
integrate Windows Server DNS with Azure DNS private zones (MicrosoftDocumentation: Azure Private Endpoint DNS configuration)
implement Domain Name System Security Extensions (DNSSEC) (MicrosoftDocumentation: Overview of DNSSEC)

Manage IP addressing in on-premises and hybrid scenarios

implement and manage IP Address Management (IPAM) (MicrosoftDocumentation: IP Address Management (IPAM))
implement and configure the Dynamic Host Configuration protocol (DHCP) server role (on-premises only) (MicrosoftDocumentation: How To Install and Configure a DHCP Server in a Workgroup)
resolve IP address issues in hybrid environments (MicrosoftDocumentation: Troubleshoot migration issues in Exchange Server hybrid environment)
create and manage DHCP scopes
create and manage IP reservations (MicrosoftDocumentation: Managing IP Address Space)
implementing DHCP high availability (MicrosoftDocumentation: Deploy DHCP Failover)

Implement on-premises and hybrid network connectivity

implementing and managing the Remote Access role (MicrosoftDocumentation: Manage Remote Access)
implement and manage Azure Network Adapter (MicrosoftDocumentation: Connect standalone servers by using Azure Network Adapter)
implementing and managing Azure Extended Network (MicrosoftDocumentation: What is Azure Virtual Network?)
implement and manage Network Policy Server role (MicrosoftDocumentation: Network Policy Server (NPS))
implementing Web Application Proxy (MicrosoftDocumentation: Web Application Proxy in Windows Server)
implement Azure Relay (MicrosoftDocumentation: What is Azure Relay?)
implementing site-to-site VPN (MicrosoftDocumentation: Create a Site-to-Site connection in the Azure portal)
implement Azure Virtual WAN (MicrosoftDocumentation: What is Azure Virtual WAN?)
implement Microsoft Entra Application Proxy

Topic 5: Manage storage and file services (15–20%)

Configure and manage Azure File Sync

create Azure File Sync service (MicrosoftDocumentation: Deploy Azure File Sync)
creating sync groups
create cloud endpoints (MicrosoftDocumentation: az storagesync sync-group cloud-endpoint)
register servers (MicrosoftDocumentation: Register Servers)
create server endpoints (MicrosoftDocumentation: Create a service endpoint)
configure cloud tiering (MicrosoftDocumentation: Cloud tiering overview)
monitor File Sync (MicrosoftDocumentation: Monitor Azure File Sync)
Migrate Distributed File System (DFS) to Azure File Sync

Configure and manage Windows Server file shares

configure Windows Server file share access (MicrosoftDocumentation: Overview of file sharing using the SMB 3 protocol in Windows Server)
configuring file screens (MicrosoftDocumentation: Create a File Screen)
configure file server resource manager (FSRM) quotas (MicrosoftDocumentation: File Server Resource Manager (FSRM) overview)
configure BranchCache
implement and configure Distributed File System (DFS) (MicrosoftDocumentation: Distributed File System (DFS) Functions)

Configure Windows Server storage

configure disks and volumes (MicrosoftDocumentation: Overview of Disk Management)
configuring and managing Storage Spaces (MicrosoftDocumentation: Deploy Storage Spaces Direct)
configure and manage Storage Replica (MicrosoftDocumentation: Storage Replica overview)
configuring Data Deduplication (MicrosoftDocumentation: Install and enable Data Deduplication)
Configure Server Message Block (SMB) direct (MicrosoftDocumentation: SMB Direct)
configuring Storage QoS (MicrosoftDocumentation: Storage Quality of Service)
configure file systems (MicrosoftDocumentation: Deploy Network File System)

2. Hands-on Practice is Crucial

Theoretical knowledge is essential, but practical experience is what truly cements your understanding. Setting up a lab environment, whether physical or virtual, allows you to practice configuring Windows Server, Active Directory, Azure AD Connect, Azure Virtual Machines, and Azure Arc. By simulating real-world scenarios, such as troubleshooting authentication issues or configuring hybrid networking, you develop problem-solving skills that are critical for the exam. Additionally, Microsoft offers Azure Sandbox environments, providing a cost-effective way to explore Azure services hands-on without incurring high usage fees.

3. Leverage Microsoft Learn

Microsoft Learn offers free, structured learning paths that align with the AZ-800 exam objectives. These interactive modules include theoretical lessons, practical exercises, and quizzes to reinforce your understanding. Engaging with Microsoft Learn ensures that you are not only absorbing key concepts but also applying them in guided scenarios. Reviewing official documentation and taking advantage of Microsoft’s training resources can further strengthen your grasp of complex topics such as hybrid identity management and Azure governance.

4. Use Practice Exams and Assessments

Taking practice exams is one of the most effective ways to evaluate your readiness for the AZ-800 exam. These assessments help identify knowledge gaps, allowing you to focus on areas that require further study. Microsoft offers official practice tests, and third-party platforms also provide high-quality sample exams. Analyzing your results from these tests can reveal patterns in question types and help you develop effective time management strategies for the actual exam. Additionally, practice exams familiarize you with the question format, reducing exam-day anxiety and boosting confidence.

5. Master PowerShell and Azure CLI

Proficiency in PowerShell and Azure CLI is essential for managing Windows Server and hybrid cloud environments efficiently. The AZ-800 exam places significant emphasis on automation and scripting, making it important to practice key cmdlets and commands. Learning how to perform administrative tasks such as configuring network settings, managing user accounts, and troubleshooting system issues using PowerShell will enhance your problem-solving abilities. Similarly, understanding Azure CLI commands for managing Azure resources will help you navigate hybrid infrastructure scenarios more effectively.

6. Focus on Hybrid Scenarios

Since the AZ-800 exam is centered on hybrid infrastructure management, a deep understanding of hybrid scenarios is critical. This includes integrating on-premises Windows Server environments with Azure services using tools like Azure AD Connect, Azure File Sync, and Azure Arc. Learning how to configure hybrid identity solutions, implement secure networking between on-premises and cloud environments, and manage hybrid workloads will prepare you for the practical applications of the exam objectives. Studying networking concepts such as VPNs, ExpressRoute, and Azure Virtual Network Gateways will further strengthen your ability to design and troubleshoot hybrid environments.

7. Time Management During the Exam

Time management is a crucial skill when taking the AZ-800 exam. With a limited timeframe to answer a variety of complex questions, it’s important to practice pacing yourself during mock exams. Allocate a specific amount of time per question and avoid spending too long on any single one. If a question seems particularly challenging, mark it for review and move forward. This approach ensures that you address all questions and have time left for reviewing flagged items before submission. Familiarizing yourself with the exam format and practicing under timed conditions can significantly improve your efficiency.

8. Join Online Communities and Forums

Engaging with other IT professionals and AZ-800 candidates through online communities and forums can be highly beneficial. Platforms such as Microsoft Tech Community, Reddit, and LinkedIn groups provide valuable insights, study tips, and real-world experiences from those who have already taken the exam. Participating in discussions, asking questions, and sharing your own understanding can deepen your knowledge and expose you to different perspectives on exam topics. Additionally, study groups offer a collaborative learning environment, making preparation more interactive and engaging.

9. Stay Updated with Latest Changes

The IT landscape is constantly evolving, and Microsoft frequently updates its certification exams to reflect the latest technological advancements. Keeping up with changes in Azure services, Windows Server updates, and new best practices is essential. Following Microsoft’s official blogs, attending webinars, and subscribing to newsletters can help you stay informed about modifications to the exam syllabus. By staying up to date with current trends and updates, you ensure that your knowledge remains relevant and aligned with industry standards.

10. Build a Study Schedule

Creating a structured study schedule is key to maintaining consistency in your exam preparation. Breaking down the exam objectives into manageable study sessions allows you to cover all topics methodically. Allocate dedicated time slots for studying, hands-on practice, reviewing notes, and taking practice exams. Balancing your study routine with sufficient rest and avoiding last-minute cramming will enhance retention and comprehension. Sticking to a disciplined study plan will maximize your efficiency and improve your chances of success.

Conclusion

In navigating the complexities of modern hybrid infrastructure, the AZ-800 certification serves as a critical validation of your expertise in seamlessly integrating on-premises Windows Server environments with the expansive capabilities of Microsoft Azure. This comprehensive cheat sheet, meticulously designed to distill the core objectives of the exam, has equipped you with a concise yet powerful toolkit for mastering essential domains, from foundational Windows Server administration and Active Directory Domain Services management to the intricate orchestration of hybrid identity, networking, and cloud-integrated services like Azure Arc and Azure File Sync.

By focusing on practical applications, key PowerShell and Azure CLI commands, and strategic monitoring and troubleshooting techniques, you’ve not only enhanced your readiness for the AZ-800 exam but also solidified your ability to address real-world hybrid infrastructure challenges. Remember, continuous learning and hands-on practice are paramount in this dynamic field. As you leverage the resources and strategies outlined herein, you’ll be well-positioned to confidently deploy, manage, and optimize hybrid environments, driving innovation and efficiency within your organization.

Pulkit Dheer

With a background in Engineering and a great enthusiasm for writing, Pulkit focuses on intensive research to create targeted content. He brings his years of learning and experience to his current role. With a zeal towards technological research and powerful use of words dedicated to inspire and help professionals onset their career.

Categories