Study guide for Exam AZ-800: Administering Windows Server Hybrid Core Infrastructure
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description |
|---|---|
| Review the skills measured as of July 26, 2024 | This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date. |
| Review the skills measured prior to July 26, 2024 | Study this list of skills if you take your exam PRIOR to the date provided. |
| Change log | You can go directly to the change log if you want to see the changes that will be made on the date provided. |
| How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. |
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
| Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. |
| Exam scoring and score reports | A score of 700 or greater is required to pass. |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
| Take a free Practice Assessment | Test your skills with practice questions to help you prepare for the exam. |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of July 26, 2024
Audience profile
As a candidate for this exam, you’re responsible for configuring and managing Windows Server on-premises, hybrid, and infrastructure as a service (IaaS) platform workloads. As a Windows Server hybrid administrator, you’re tasked with:
Integrating Windows Server environments with Azure services.
Managing Windows Server in on-premises networks.
In this role, you manage and maintain Windows Server IaaS workloads in Azure as well as migrating and deploying workloads to Azure. You typically collaborate with:
Azure administrators
Enterprise architects
Microsoft 365 administrators
Network engineers
As a candidate for this exam, you deploy, package, secure, update, and configure Windows Server workloads using on-premises, hybrid, and cloud technologies. In this role, you implement and manage on-premises and hybrid solutions, such as identity, security, management, compute, networking, storage, monitoring, high availability, and disaster recovery.
You use administrative tools and technologies such as Windows Admin Center, PowerShell, Azure Arc, Azure Policy, Azure Monitor, Azure Automation Update Management, Microsoft Defender for Identity, Microsoft Defender for Cloud, and IaaS virtual machine (VM) administration.
As a candidate for this exam, you should have several years of experience with Windows Server operating systems.
Skills at a glance
Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (30–35%)
Manage Windows Servers and workloads in a hybrid environment (10–15%)
Manage virtual machines and containers (15–20%)
Implement and manage an on-premises and hybrid networking infrastructure (15–20%)
Manage storage and file services (15–20%)
Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (30–35%)
Deploy and manage AD DS domain controllers
Deploy and manage domain controllers on-premises
Deploy and manage domain controllers in Azure
Deploy read-only domain controllers (RODCs)
Troubleshoot flexible single master operation (FSMO) roles
Configure and manage multi-site, multi-domain, and multi-forest environments
Configure and manage forest and domain trusts
Configure and manage AD DS sites
Configure and manage AD DS replication
Create and manage AD DS security principals
Create and manage AD DS users and groups
Manage users and groups in multi-domain and multi-forest scenarios
Implement Group Managed Service Accounts (gMSAs)
Join Windows Servers to AD DS, Microsoft Entra Domain Services, and Microsoft Entra
Implement and manage hybrid identities
Integrate Microsoft Entra ID, AD DS and Microsoft Entra Domain Services
Implement Microsoft Entra Connect Sync
Manage Microsoft Entra Connect Sync synchronization
Implement Microsoft Entra Cloud Sync
Manage Microsoft Entra Domain Services
Manage Microsoft Entra Connect Health
Manage authentication in on-premises and hybrid environments
Configure and manage AD DS passwords
Manage Windows Server by using domain-based Group Policies
Implement Group Policy in AD DS
Implement Group Policy Preferences in AD DS
Implement Group Policy in Microsoft Entra Domain Services
Manage Windows Servers and workloads in a hybrid environment (10–15%)
Manage Windows Servers in a hybrid environment
Deploy a Windows Admin Center Gateway server
Configure a target machine for Windows Admin Center
Configure PowerShell remoting
Configure Credential Security Support Provider protocol (CredSSP) or Kerberos Delegation for 2nd Hop Remoting
Configure Just Enough Administration (JEA) for PowerShell remoting
Manage Windows Servers and workloads by using Azure services
Manage Windows Servers by using Azure Arc
Create and assign Azure Policy that uses guest configuration extension
Deploy Azure services using VM extensions on non-Azure machines
Manage updates for Windows machines
Integrate Windows Servers with Log Analytics
Integrate Windows Servers with Microsoft Defender for Cloud
Manage Windows Server Azure VMs
Implement Azure Automation for hybrid workloads
Create runbooks to automate tasks on target VMs
Implement Azure Automation State Configuration to prevent configuration drift in IaaS machines
Manage virtual machines and containers (15–20%)
Manage Hyper-V and guest virtual machines
Enable VM Enhanced session mode
Manage VM using PowerShell remoting, PowerShell Direct and Secure Shell (SSH) Direct for Linux VMs
Configure nested virtualization
Configure VM Memory
Configure integration services
Configure Discrete Device Assignment
Configure VM resource groups
Configure VM CPU groups
Configure hypervisor scheduling types
Manage VM checkpoints
Implementing high availability for virtual machines
Manage virtual hard disk (VHD) and virtual hard disk v2 (VHDX) files
Configure Hyper-V Network Adapter
Configure network interface card (NIC) Teaming
Configure Hyper-V Switch
Create and manage containers
Create Windows Server container images
Manage Windows Server container images
Configure container networking
Manage container instances
Manage Azure Virtual Machines that run Windows Server
Manage data disks
Resize Azure VM
Configure connections to VMs
Manage Azure VM network configuration
Implement and manage an on-premises and hybrid networking infrastructure (15–20%)
Implement on-premises and hybrid name resolution
Integrate DNS with AD DS
Create and manage DNS zones and records
Configure DNS forwarding/conditional forwarding
Integrate Windows Server DNS with Azure DNS private zones
Implement Domain Name System Security Extensions (DNSSEC)
Manage IP addressing in on-premises and hybrid scenarios
Implement and manage IP Address Management (IPAM)
Implement and configure the Dynamic Host Configuration protocol (DHCP) server role (on-premises only)
Resolve IP address issues in hybrid environments
Create and manage DHCP scopes
Create and manage IP reservations
Implement DHCP high availability
Implement on-premises and hybrid network connectivity
Implement and manage the Remote Access role
Implement and manage Azure Network Adapter
Implement and manage Azure extended network
Implement and manage Network Policy and Access Services role
Implement Web Application Proxy
Implement Azure Relay
Implement site-to-site VPN
Implement Azure Virtual WAN
Implement Microsoft Entra Application Proxy
Manage storage and file services (15–20%)
Configure and manage Azure File Sync
Create Azure File Sync Service
Create sync groups
Create cloud endpoints
Register servers
Create server endpoints
Configure cloud tiering
Monitor File Sync
Migrate Distributed File System (DFS) to Azure File Sync
Configure and manage Windows Server file shares
Configure Windows Server file share access
Configuring file screens
Configure file server resource manager (FSRM) quotas
Configure BranchCache
Implement and configure Distributed File System (DFS)
Configure Windows Server storage
Configure disks and volumes
Configure and manage Storage Spaces
Configure and manage Storage Replica
Configure Data Deduplication
Configure Server Message Block (SMB) direct
Configure Storage QoS
Configure file systems
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.
| Skill area prior to July 26, 2024 | Skill area as of July 26, 2024 | Change |
|---|---|---|
| Audience profile | No change | |
| Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments | Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments | No change |
| Deploy and manage AD DS domain controllers | Deploy and manage AD DS domain controllers | No change |
| Configure and manage multi-site, multi-domain, and multi-forest environments | Configure and manage multi-site, multi-domain, and multi-forest environments | No change |
| Create and manage AD DS security principals | Create and manage AD DS security principals | No change |
| Implement and manage hybrid identities | Implement and manage hybrid identities | Minor |
| Manage Windows Server by using domain-based Group Policies | Manage Windows Server by using domain-based Group Policies | No change |
| Manage Windows Servers and workloads in a hybrid environment | Manage Windows Servers and workloads in a hybrid environment | No change |
| Manage Windows Servers in a hybrid environment | Manage Windows Servers in a hybrid environment | No change |
| Manage Windows Servers and workloads by using Azure services | Manage Windows Servers and workloads by using Azure services | Minor |
| Manage virtual machines and containers | Manage virtual machines and containers | No change |
| Manage Hyper-V and guest virtual machines | Manage Hyper-V and guest virtual machines | No change |
| Create and manage containers | Create and manage containers | No change |
| Manage Azure Virtual Machines that run Windows Server | Manage Azure Virtual Machines that run Windows Server | No change |
| Implement and manage an on-premises and hybrid networking infrastructure | Implement and manage an on-premises and hybrid networking infrastructure | No change |
| Implement on-premises and hybrid name resolution | Implement on-premises and hybrid name resolution | No change |
| Manage IP addressing in on-premises and hybrid scenarios | Manage IP addressing in on-premises and hybrid scenarios | No change |
| Implement on-premises and hybrid network connectivity | Implement on-premises and hybrid network connectivity | No change |
| Manage storage and file services | Manage storage and file services | No change |
| Configure and manage Azure File Sync | Configure and manage Azure File Sync | No change |
| Configure and manage Windows Server file shares | Configure and manage Windows Server file shares | No change |
| Configure Windows Server storage | Configure Windows Server storage | No change |
Skills measured prior to July 26, 2024
Audience profile
As a candidate for this exam, you’re responsible for configuring and managing Windows Server on-premises, hybrid, and infrastructure as a service (IaaS) platform workloads. As a Windows Server hybrid administrator, you’re tasked with:
Integrating Windows Server environments with Azure services.
Managing Windows Server in on-premises networks.
In this role, you manage and maintain Windows Server IaaS workloads in Azure as well as migrating and deploying workloads to Azure. You typically collaborate with:
Azure administrators
Enterprise architects
Microsoft 365 administrators
Network engineers
As a candidate for this exam, you deploy, package, secure, update, and configure Windows Server workloads using on-premises, hybrid, and cloud technologies. In this role, you implement and manage on-premises and hybrid solutions, such as identity, security, management, compute, networking, storage, monitoring, high availability, and disaster recovery.
You use administrative tools and technologies such as Windows Admin Center, PowerShell, Azure Arc, Azure Policy, Azure Monitor, Azure Automation Update Management, Microsoft Defender for Identity, Microsoft Defender for Cloud, and IaaS virtual machine (VM) administration.
As a candidate for this exam, you should have several years of experience with Windows Server operating systems.
Skills at a glance
Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (30–35%)
Manage Windows Servers and workloads in a hybrid environment (10–15%)
Manage virtual machines and containers (15–20%)
Implement and manage an on-premises and hybrid networking infrastructure (15–20%)
Manage storage and file services (15–20%)
Deploy and manage Active Directory Domain Services (AD DS) in on-premises and cloud environments (30–35%)
Deploy and manage AD DS domain controllers
Deploy and manage domain controllers on-premises
Deploy and manage domain controllers in Azure
Deploy read-only domain controllers (RODCs)
Troubleshoot flexible single master operation (FSMO) roles
Configure and manage multi-site, multi-domain, and multi-forest environments
Configure and manage forest and domain trusts
Configure and manage AD DS sites
Configure and manage AD DS replication
Create and manage AD DS security principals
Create and manage AD DS users and groups
Manage users and groups in multi-domain and multi-forest scenarios
Implement Group Managed Service Accounts (gMSAs)
Join Windows Servers to AD DS, Microsoft Entra Domain Services, and Microsoft Entra
Implement and manage hybrid identities
Integrate Microsoft Entra ID, AD DS and Microsoft Entra Domain Services
Implement Microsoft Entra Connect
Manage Microsoft Entra Connect synchronization
Implement Microsoft Entra Connect cloud sync
Manage Microsoft Entra Domain Services
Manage Microsoft Entra Connect Health
Manage authentication in on-premises and hybrid environments
Configure and manage AD DS passwords
Manage Windows Server by using domain-based Group Policies
Implement Group Policy in AD DS
Implement Group Policy Preferences in AD DS
Implement Group Policy in Microsoft Entra Domain Services
Manage Windows Servers and workloads in a hybrid environment (10–15%)
Manage Windows Servers in a hybrid environment
Deploy a Windows Admin Center Gateway server
Configure a target machine for Windows Admin Center
Configure PowerShell remoting
Configure Credential Security Support Provider protocol (CredSSP) or Kerberos Delegation for 2nd Hop Remoting
Configure Just Enough Administration (JEA) for PowerShell remoting
Manage Windows Servers and workloads by using Azure services
Manage Windows Servers by using Azure Arc
Create and assign Azure Policy that uses guest configuration extension
Deploy Azure services using Azure VM extensions on non-Azure machines
Manage updates for Windows machines
Integrate Windows Servers with Log Analytics
Integrate Windows Servers with Microsoft Defender for Cloud
Manage IaaS VMs in Azure that run Windows Server
Implement Azure Automation for hybrid workloads
Create runbooks to automate tasks on target VMs
Implement Azure Automation State Configuration to prevent configuration drift in IaaS machines
Manage virtual machines and containers (15–20%)
Manage Hyper-V and guest virtual machines
Enable VM Enhanced session mode
Manage VM using PowerShell remoting, PowerShell Direct and Secure Shell (SSH) Direct for Linux VMs
Configure nested virtualization
Configure VM Memory
Configure integration services
Configure Discrete Device Assignment
Configure VM resource groups
Configure VM CPU groups
Configure hypervisor scheduling types
Manage VM checkpoints
Implementing high availability for virtual machines
Manage virtual hard disk (VHD) and virtual hard disk v2 (VHDX) files
Configure Hyper-V Network Adapter
Configure network interface card (NIC) Teaming
Configure Hyper-V Switch
Create and manage containers
Create Windows Server container images
Manage Windows Server container images
Configure container networking
Manage container instances
Manage Azure Virtual Machines that run Windows Server
Manage data disks
Resize Azure VM
Configure connections to VMs
Manage Azure VM network configuration
Implement and manage an on-premises and hybrid networking infrastructure (15–20%)
Implement on-premises and hybrid name resolution
Integrate DNS with AD DS
Create and manage DNS zones and records
Configure DNS forwarding/conditional forwarding
Integrate Windows Server DNS with Azure DNS private zones
Implement Domain Name System Security Extensions (DNSSEC)
Manage IP addressing in on-premises and hybrid scenarios
Implement and manage IP Address Management (IPAM)
Implement and configure the Dynamic Host Configuration protocol (DHCP) server role (on-premises only)
Resolve IP address issues in hybrid environments
Create and manage DHCP scopes
Create and manage IP reservations
Implement DHCP high availability
Implement on-premises and hybrid network connectivity
Implement and manage the Remote Access role
Implement and manage Azure Network Adapter
Implement and manage Azure extended network
Implement and manage Network Policy and Access Services role
Implement Web Application Proxy
Implement Azure Relay
Implement site-to-site VPN
Implement Azure Virtual WAN
Implement Microsoft Entra Application Proxy
Manage storage and file services (15–20%)
Configure and manage Azure File Sync
Create Azure File Sync Service
Create sync groups
Create cloud endpoints
Register servers
Create server endpoints
Configure cloud tiering
Monitor File Sync
Migrate Distributed File System (DFS) to Azure File Sync
Configure and manage Windows Server file shares
Configure Windows Server file share access
Configuring file screens
Configure file server resource manager (FSRM) quotas
Configure BranchCache
Implement and configure Distributed File System (DFS)
Configure Windows Server storage
Configure disks and volumes
Configure and manage Storage Spaces
Configure and manage Storage Replica
Configure Data Deduplication
Configure Server Message Block (SMB) direct
Configure Storage QoS
Configure file systems