AZ-400: Designing and Implementing Microsoft DevOps Solutions Study Guide

Exam Overview

• Certification: Microsoft DevOps Engineer Expert
• Exam Code: AZ-400
• Target Audience: DevOps engineers, developers, and infrastructure administrators
• Experience Required: Experience with both Azure administration AND development, plus GitHub and Azure DevOps

Prerequisites

• One of the following associate-level certifications:
  • Azure Administrator Associate (AZ-104)
  • Azure Developer Associate (AZ-204)

Skills Measured (as of July 26, 2024)

1. Design and Implement Processes and Communications (10-15%)

Design and Implement Traceability and Flow of Work

• Design and implement structure for flow of work (GitHub Flow)
• Design and implement strategy for feedback cycles (notifications, GitHub issues)
• Design and implement integration for tracking work (GitHub projects, Azure Boards, repositories)
• Design and implement source, bug, and quality traceability

Design and Implement Appropriate Metrics and Queries for DevOps

• Design and implement dashboard (cycle times, time to recovery, lead time)
• Appropriate metrics for project planning
• Appropriate metrics for development
• Appropriate metrics for testing
• Appropriate metrics for security
• Appropriate metrics for delivery
• Appropriate metrics for operations

Configure Collaboration and Communication

• Document projects using wikis and process diagrams (Markdown and Mermaid)
• Configure release documentation and API documentation
• Automate documentation creation from Git history
• Configure webhooks integration
• Configure integration between Azure Boards and GitHub repositories
• Configure integration with Microsoft Teams

2. Design and Implement a Source Control Strategy (10-15%)

Design and Implement Branching Strategies

• Design branch strategy (trunk-based, feature branch, release branch)
• Implement pull request workflow using branch policies and protections
• Implement branch merging restrictions

Configure and Manage Repositories

• Strategy for managing large files (Git LFS, git-fat)
• Strategy for scaling and optimizing Git repositories (Scalar, cross-repository sharing)
• Configure permissions in source control
• Configure tags to organize repository
• Recover specific data using Git commands
• Remove specific data from source control

3. Design and Implement Build and Release Pipelines (50-55%)

Design and Implement Package Management Strategy

• Recommend package management tools (GitHub Packages, Azure Artifacts)
• Design package feeds and views for local and upstream packages
• Implement dependency versioning strategy (SemVer, CalVer)
• Implement versioning strategy for pipeline artifacts

Design and Implement Testing Strategy for Pipelines

• Design and implement quality and release gates
• Design comprehensive testing strategy (local, unit, integration, load tests)
• Implement tests in pipeline (test tasks, test agents, test results)
• Implement code coverage analysis

Design and Implement Pipelines

• Select deployment automation solution (GitHub Actions, Azure Pipelines)
• Design GitHub runner or Azure DevOps agent infrastructure
• Integrate GitHub repositories with Azure Pipelines
• Develop pipeline trigger rules
• Develop pipelines using YAML
• Design job execution order strategy (parallelism, multi-stage)
• Develop complex pipeline scenarios (hybrid, VM templates, self-hosted runners)
• Create reusable pipeline elements (YAML templates, task groups, variables)
• Design checks and approvals using YAML environments

Design and Implement Deployments

• Design deployment strategy (blue-green, canary, ring, progressive exposure, feature flags, A/B testing)
• Ensure dependency deployments are reliably ordered
• Minimize downtime (VIP swap, load balancing, rolling deployments, deployment slots)
• Design hotfix path plan
• Implement resiliency strategy for deployment
• Implement feature flags using Azure App Configuration
• Implement application deployment (containers, binaries, scripts)
• Implement deployment with database tasks

Design and Implement Infrastructure as Code (IaC)

• Recommend configuration management technology
• Implement configuration management strategy
• Define IaC strategy (source control, automation of testing and deployment)
• Implement desired state configuration (Azure Automation, ARM, Bicep, Automanage)
• Implement Azure Deployment Environments

Maintain Pipelines

• Monitor pipeline health (failure rate, duration, flaky tests)
• Optimize pipeline for cost, time, performance, reliability
• Optimize pipeline concurrency
• Design retention strategy for artifacts and dependencies
• Migrate pipelines from classic to YAML

4. Develop a Security and Compliance Plan (10-15%)

Design and Implement Authentication and Authorization

• Choose between Service Principals and Managed Identity
• Implement GitHub authentication (GitHub Apps, GITHUB_TOKEN, PATs)
• Implement Azure DevOps service connections and PATs
• Design permissions and roles in GitHub
• Design permissions and security groups in Azure DevOps
• Configure appropriate access levels
• Configure projects and teams in Azure DevOps

Design and Implement Strategy for Managing Sensitive Information

• Implement secrets, keys, certificates using Azure Key Vault
• Implement secrets in GitHub Actions and Azure Pipelines
• Manage sensitive files during deployment (secure files)
• Design pipelines to prevent leakage of sensitive information

Automate Security and Compliance Scanning

• Design security and compliance scanning strategy
• Configure Microsoft Defender for Cloud DevOps Security
• Configure GitHub Advanced Security
• Integrate GitHub Advanced Security with Microsoft Defender
• Automate container scanning and CodeQL analysis
• Automate analysis using Dependabot alerts

5. Implement an Instrumentation Strategy (5-10%)

Configure Monitoring for DevOps Environment

• Configure Azure Monitor and Log Analytics integration
• Configure telemetry collection (Application Insights, VM Insights, Container Insights, Storage Insights, Network Insights)
• Configure monitoring in GitHub (insights, charts)
• Configure alerts for GitHub Actions and Azure Pipelines

Analyze Metrics from Instrumentation

• Inspect infrastructure performance indicators (CPU, memory, disk, network)
• Analyze metrics using collected telemetry
• Inspect distributed tracing using Application Insights
• Interrogate logs using basic KQL queries

Key Study Resources

Official Microsoft Learn Paths

• Get started with DevOps
• Development for enterprise DevOps
• Implement CI with Azure Pipelines and GitHub Actions
• Design and implement a release strategy
• Implement a secure continuous deployment using Azure Pipelines
• Manage infrastructure as code using Azure

Tools and Technologies

• Azure DevOps Services
• GitHub and GitHub Actions
• Azure Pipelines
• Azure Artifacts
• Azure Boards
• Azure Repos
• Azure Test Plans

Practice Resources

• Free Practice Assessment on Microsoft Learn
• Azure DevOps Labs
• GitHub Learning Lab
• Sample YAML pipelines

Exam Details

• Passing Score: 700
• Question Format: Case studies, multiple choice, drag-and-drop
• Exam Duration: 120 minutes (150 minutes for non-native English speakers)
• Languages Available: Multiple languages including English, Japanese, Chinese, Korean, German, French, Spanish, Portuguese, Italian
• Exam Cost: $165 USD (varies by region)

Key Technologies to Master

Version Control

• Git workflows and strategies
• GitHub Flow
• Branch policies and protections
• Pull request workflows
• Git LFS for large files

CI/CD Platforms

• Azure Pipelines YAML syntax
• GitHub Actions workflows
• Pipeline triggers and conditions
• Multi-stage pipelines
• Matrix builds

Package Management

• Azure Artifacts
• GitHub Packages
• NuGet, npm, Maven feeds
• Upstream sources
• Feed views and retention

Infrastructure as Code

• ARM Templates
• Bicep
• Terraform basics
• Azure CLI/PowerShell
• Desired State Configuration

Security Tools

• Azure Key Vault
• GitHub Secrets
• Secure files
• Service connections
• Managed identities

Monitoring

• Application Insights
• Azure Monitor
• Log Analytics
• KQL queries
• Alerts and dashboards

DevOps Practices

Continuous Integration

• Build automation
• Unit testing
• Code coverage
• Static code analysis
• Artifact publishing

Continuous Delivery

• Release pipelines
• Environment promotion
• Approval gates
• Rollback strategies
• Feature toggles

Testing Strategies

• Test pyramid
• Shift-left testing
• Test automation
• Performance testing
• Security testing

Deployment Patterns

• Blue-Green deployments
• Canary releases
• Ring deployments
• Progressive rollouts
• Feature flags

Certification Path

• Prerequisites: AZ-104 or AZ-204 required
• Renewal: Required every 12 months through Microsoft Learn
• Related Certifications:
  • Azure Solutions Architect Expert (with AZ-305)
  • Azure Security Engineer Associate (AZ-500)
  • GitHub certifications

Important Concepts

DevOps Culture

• Collaboration between Dev and Ops
• Shared responsibilities
• Continuous improvement
• Fail fast, learn quickly
• Infrastructure as Code

Agile Planning

• User stories and epics
• Sprint planning
• Burndown charts
• Velocity tracking
• Retrospectives

Security (DevSecOps)

• Shift security left
• Security scanning in pipelines
• Dependency scanning
• Container security
• Compliance as Code