Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Warning
This exam will retire on July 31, 2023, at 11:59 PM Central Standard Time.
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description |
|---|---|
| Review the skills measured as of April 18, 2023 | This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date. |
| Review the skills measured prior to April 18, 2023 | Study this list of skills if you take your exam PRIOR to the date provided. |
| Change log | You can go directly to the change log if you want to see the changes that will be made on the date provided. |
| How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. |
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
| Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. |
| Exam scoring and score reports | A score of 700 or greater is required to pass. |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
| Take a practice test | Are you ready to take the exam or do you need to study a bit more? |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of April 18, 2023
Audience profile
Candidates for the Microsoft Azure Support Engineer for Connectivity Specialty certification are support engineers with subject matter expertise in using advanced troubleshooting methods to resolve networking and connectivity issues in Azure.
Professionals in this role troubleshoot hybrid environments, including issues with Azure virtual machines, virtual networks, and connectivity between on-premises and Azure services. They use various tools and technologies to diagnose and identify root causes for complex issues.
Candidates for this exam should have experience with networking and with hybrid environments, including knowledge of routing, permissions, and subscription limits. They must be able to use available tools to diagnose issues related to business continuity, hybrid environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control, networking, and virtual machines connectivity.
Troubleshoot business continuity issues (5–10%)
Troubleshoot hybrid and cloud connectivity issues (20–25%)
Troubleshoot Platform as a Service (PaaS) issues (5–10%)
Troubleshoot authentication and access control issues (15–20%)
Troubleshoot networks (25–30%)
Troubleshoot VM connectivity issues (5–10%)
Troubleshoot business continuity issues (5–10%)
Troubleshoot backup issues
Review and interpret backup logs
Troubleshoot Azure virtual machines backup issues including restarting a failed backup job
Troubleshoot issues with Azure Backup agent
Troubleshoot Azure Backup Server issues
Troubleshoot scheduled backups
Troubleshoot recovery issues
Troubleshoot Azure Site Recovery issues
Troubleshoot site recovery in hybrid scenarios that include Hyper-V, or VMware ESX
Troubleshoot restore issues when using Azure Backup agent, Azure Backup, or Azure Backup Server
Troubleshoot issues recovering files from Azure VM backup
Troubleshoot hybrid and cloud connectivity issues (20–25%)
Troubleshoot virtual network (VNet) connectivity
Troubleshoot virtual private network (VPN) gateway transit issues
Troubleshoot hub-and-spoke VNet configuration issues
Troubleshoot global VNet peering connectivity issues
Troubleshoot VNet peering connections
Troubleshoot name resolution issues
Troubleshoot name resolution in scenarios that use Azure-provided name resolution
Troubleshoot name resolution in scenarios that use custom DNS servers
Review and interpret DNS audit logs
Troubleshoot name resolution for Azure private DNS zones
Troubleshoot issues with DNS records at public DNS providers
Troubleshoot domain delegation issues
Troubleshoot point-to-site virtual private network (VPN) connectivity
Troubleshoot Windows VPN client configuration issues
Troubleshoot OpenVPN VPN client configuration issues
Troubleshoot macOS VPN client configuration issues
Troubleshoot issues with certificate-based VPN connections
Troubleshoot issues with RADIUS-based VPN connections
Troubleshoot authentication issues in scenarios by using Microsoft Entra ID
Troubleshoot site-to-site virtual private network (VPN) connectivity
Review and interpret network logs and captured network traffic from a VPN gateway
Determine the root cause for latency issues within site-to-site VPNs
Review and interpret VPN gateway configuration scripts
Reset a VPN gateway
Troubleshoot VPN gateway issues by running Log Analytics queries
Troubleshoot Azure ExpressRoute connectivity issues
Determine whether routes are correctly configured and operational
Validate the peering configuration for an ExpressRoute circuit
Reset an ExpressRoute circuit
Troubleshoot route filtering
Determine the root cause of latency issues related to ExpressRoute
Troubleshoot Platform as a Service (PaaS) issues (5–10%)
Troubleshoot PaaS services
Troubleshoot PaaS connectivity issues
Troubleshoot firewalls for PaaS services
Troubleshoot PaaS configuration issues
Determine the root cause for service-level throttling
Troubleshoot PaaS integration issues
Troubleshoot issues integrating PaaS services with virtual networks
Troubleshoot subnet delegation issues
Troubleshoot issues with private endpoints and service endpoints
Troubleshoot issues with Azure Private Link
Troubleshoot authentication and access control issues (15–20%)
Troubleshoot Microsoft Entra authentication
Determine why on-premises systems cannot access Azure resources
Troubleshoot Microsoft Entra configuration issues
Troubleshoot self-service password reset issues
Troubleshoot issues with multifactor authentication
Troubleshoot hybrid authentication
Troubleshoot issues with Microsoft Entra Connect and Microsoft Entra Connect cloud sync
Troubleshoot issues with integration between Microsoft Entra ID and Microsoft Entra Domain Services
Troubleshoot issues with integration between Microsoft Entra ID and Active Directory Federation Services (AD FS)
Troubleshoot issues with pass-through authentication and password hash synchronization
Troubleshoot issues with Microsoft Entra application proxy
Troubleshoot authorization issues
Troubleshoot role-based access control (RBAC) issues
Troubleshoot issues storing passwords, keys, and certificates in Azure Key Vault
Troubleshoot authorization issues related to Microsoft Entra Conditional Access policies
Troubleshoot networks (25–30%)
Troubleshoot Azure network security issues
Determine why Azure Web Application Firewall is blocking traffic
Troubleshoot encryption and certificate issues for point-to-site and site-to-site scenarios
Troubleshoot connectivity to secure endpoints
Troubleshoot Azure network security groups (NSGs)
Troubleshoot NSG configuration issues
Review and interpret NSG flow logs
Determine whether one or more Azure network interfaces (NICs) are associated with an application security group (ASG)
Troubleshoot Azure Firewall issues
Troubleshoot application, network, and infrastructure rules
Troubleshoot network address translation (NAT) and destination network address translation (DNAT) rules
Troubleshoot Azure Firewall Manager configuration issues
Troubleshoot latency issues
Determine the root cause for Azure VM-level throttling
Determine the root cause for latency issues when connecting to Azure VMs
Determine the root cause for throttling between source and destination resources
Troubleshoot bandwidth availability issues
Determine whether resource response times meet service-level agreements (SLAs)
Troubleshoot routing and traffic control
Review and interpret route tables
Troubleshoot issues caused by asymmetric routing
Troubleshoot issues with user-defined routes
Troubleshoot issues related to forced tunneling
Troubleshoot Border Gateway Protocol (BGP) issues
Troubleshoot service chaining
Troubleshoot custom defined routes
Troubleshoot routing configuration issues in Azure
Troubleshoot load-balancing issues
Determine whether VMs in a load-balanced backend pool are healthy
Troubleshoot issues with Azure Load Balancer
Review and interpret load balancer rules
Troubleshoot traffic distribution issues
Evaluate the configuration of Azure Traffic Manager
Troubleshoot issues with Azure Traffic Manager profiles
Troubleshoot port exhaustion issues
Troubleshoot issues with Azure Front Door
Troubleshoot issues with Azure Application Gateway
Troubleshoot VM connectivity issues (5–10%)
Troubleshoot Azure Bastion
Troubleshoot issues deploying Azure Bastion
Troubleshoot connectivity issues
Troubleshoot authorization issues
Troubleshoot just-in-time (JIT) VM access
Validate connectivity with an Azure VM
Troubleshoot JIT VM configuration issues
Troubleshoot JIT VM authorization issues
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
| Study resources | Links to learning and documentation |
|---|---|
| Get trained | Choose from self-paced learning paths and modules or take an instructor-led course |
| Find documentation | Azure documentation Microsoft Entra ID Azure Policy Storage Storage Explorer Blob Storage |
| Ask a question | Microsoft Q&A | Microsoft Docs |
| Get community support | Azure Community Support |
| Follow Microsoft Learn | Microsoft Learn - Microsoft Tech Community |
| Find a video | Exam Readiness Zone Azure Fridays Browse other Microsoft Learn shows |
Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.
| Skill area prior to April 18, 2023 | Skill area as of April 18, 2023 | Change |
|---|---|---|
| Audience profile | Minor | |
| Troubleshoot business continuity issues | Troubleshoot business continuity issues | No % change |
| Troubleshoot backup issues | Troubleshoot backup issues | No change |
| Troubleshoot recovery issues | Troubleshoot recovery issues | Minor |
| Troubleshoot hybrid and cloud connectivity issues | Troubleshoot hybrid and cloud connectivity issues | No % change |
| Troubleshoot virtual network (VNet) connectivity | Troubleshoot virtual network (VNet) connectivity | Minor |
| Troubleshoot name resolution issues | Troubleshoot name resolution issues | No change |
| Troubleshoot point-to-site virtual private network (VPN) connectivity | Troubleshoot point-to-site virtual private network (VPN) connectivity | No change |
| Troubleshoot site-to-site virtual private network (VPN) connectivity | Troubleshoot site-to-site virtual private network (VPN) connectivity | No change |
| Troubleshoot Azure ExpressRoute connectivity issues | Troubleshoot Azure ExpressRoute connectivity issues | Minor |
| Troubleshoot Platform as a Service issues | Troubleshoot Platform as a Service (PaaS) issues | No % change |
| Troubleshoot PaaS services | Troubleshoot PaaS services | No change |
| Troubleshoot PaaS integration issues | Troubleshoot PaaS integration issues | No change |
| Troubleshoot authentication and access control issues | Troubleshoot authentication and access control issues | No % change |
| Troubleshoot Microsoft Entra authentication | Troubleshoot Microsoft Entra authentication | No change |
| Troubleshoot hybrid authentication | Troubleshoot hybrid authentication | No change |
| Troubleshoot authorization issues | Troubleshoot authorization issues | Minor |
| Troubleshoot networks | Troubleshoot networks | No % change |
| Troubleshoot Azure network security issues | Troubleshoot Azure network security issues | No change |
| Troubleshoot Azure network security groups (NSGs) | Troubleshoot Azure network security groups (NSGs) | No change |
| Troubleshoot Azure Firewall issues | Troubleshoot Azure Firewall issues | No change |
| Troubleshoot latency issues | Troubleshoot latency issues | No change |
| Troubleshoot routing and traffic control | Troubleshoot routing and traffic control | Minor |
| Troubleshoot load-balancing issues | Troubleshoot load-balancing issues | No change |
| Troubleshoot VM connectivity issues | Troubleshoot VM connectivity issues | No % change |
| Troubleshoot Azure Bastion | Troubleshoot Azure Bastion | No change |
| Troubleshoot just-in-time (JIT) VM access | Troubleshoot just-in-time (JIT) VM access | No change |
Skills measured prior to April 18, 2023
Audience profile
Candidates for the Azure Support Engineer for Connectivity Specialty certification are support engineers with subject matter expertise in using advanced troubleshooting methods to resolve networking and connectivity issues in Azure.
Professionals in this role troubleshoot hybrid environments, including issues with Azure virtual machines, virtual networks, and connectivity between on-premises and Azure services. They use various tools and technologies to diagnose and identify root causes for complex issues.
Candidates for this exam should have experience with networking and with hybrid environments, including knowledge of routing, permissions, and subscription limits. They must be able to use available tools to diagnose issues related to business continuity, hybrid environments, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), access control, networking, and virtual machines connectivity.
Troubleshoot business continuity issues (5–10%)
Troubleshoot hybrid and cloud connectivity issues (20–25%)
Troubleshoot Platform as a Service issues (5–10%)
Troubleshoot authentication and access control issues (15–20%)
Troubleshoot networks (25–30%)
Troubleshoot VM connectivity issues (5–10%)
Troubleshoot business continuity issues (5–10%)
Troubleshoot backup issues
Review and interpret backup logs
Troubleshoot Azure virtual machines backup issues including restarting a failed backup job
Troubleshoot issues with Azure Backup agent
Troubleshoot Azure Backup Server issues
Troubleshoot scheduled backups
Troubleshoot recovery issues
Troubleshoot Azure Site Recovery issues
Troubleshoot site recovery in hybrid scenarios that include Hyper-V, VMware ESX, or Microsoft Endpoint Manager
Troubleshoot restore issues when using Azure Backup agent, Azure Backup, or Azure Backup Server
Troubleshoot issues recovering files from Azure VM backup
Troubleshoot hybrid and cloud connectivity issues (20–25%)
Troubleshoot virtual network (VNet) connectivity
Troubleshoot virtual private network (VPN) gateway transit issues
Troubleshoot hub-and-spoke VNet configuration issues
Troubleshoot global VNet peering connectivity issues
Troubleshoot peered connections
Troubleshoot name resolution issues
Troubleshoot name resolution in scenarios that use Azure-provided name resolution
Troubleshoot name resolution in scenarios that use custom DNS servers
Review and interpret DNS audit logs
Troubleshoot name resolution for Azure private DNS zones
Troubleshoot issues with DNS records at public DNS providers
Troubleshoot domain delegation issues
Troubleshoot point-to-site virtual private network (VPN) connectivity
Troubleshoot Windows VPN client configuration issues
Troubleshoot OpenVPN VPN client configuration issues
Troubleshoot macOS VPN client configuration issues
Troubleshoot issues with certificate-based VPN connections
Troubleshoot issues with RADIUS-based VPN connections
Troubleshoot authentication issues in scenarios by using Microsoft Entra ID
Troubleshoot site-to-site virtual private network (VPN) connectivity
Review and interpret network logs and captured network traffic from a VPN gateway
Determine the root cause for latency issues within site-to-site VPNs
Review and interpret VPN gateway configuration scripts
Reset a VPN gateway
Troubleshoot VPN gateway issues by running Log Analytics queries
Troubleshoot Azure ExpressRoute connectivity issues
Determine whether routes are correctly configured and operational
Validate the peering configuration for an ExpressRoute circuit
Reset an ExpressRoute circuit
Troubleshoot route filtering
Troubleshoot custom defined routes
Determine the root cause of latency issues related to ExpressRoute
Troubleshoot Platform as a Service issues (5–10%)
Troubleshoot PaaS services
Troubleshoot PaaS connectivity issues
Troubleshoot firewalls for PaaS services
Troubleshoot PaaS configuration issues
Determine the root cause for service-level throttling
Troubleshoot PaaS integration issues
Troubleshoot issues integrating PaaS services with virtual networks
Troubleshoot subnet delegation issues
Troubleshoot issues with private endpoints and service endpoints
Troubleshoot issues with Azure Private Link
Troubleshoot authentication and access control issues (15–20%)
Troubleshoot Microsoft Entra authentication
Determine why on-premises systems cannot access Azure resources
Troubleshoot Microsoft Entra configuration issues
Troubleshoot self-service password reset issues
Troubleshoot issues with multifactor authentication
Troubleshoot hybrid authentication
Troubleshoot issues with Microsoft Entra Connect and Microsoft Entra Connect cloud sync
Troubleshoot issues with integration between Microsoft Entra ID and Microsoft Entra Domain Services
Troubleshoot issues with integration between Microsoft Entra ID and Active Directory Federation Services (AD FS)
Troubleshoot issues with pass-through authentication and password hash synchronization
Troubleshoot issues with Microsoft Entra application proxy
Troubleshoot authorization issues
Troubleshoot role-based access control (RBAC) issues
Troubleshoot issues storing encrypted passwords in Azure Key Vault
Troubleshoot authorization issues related to Microsoft Entra Conditional Access policies
Troubleshoot networks (25–30%)
Troubleshoot Azure network security issues
Determine why Azure Web Application Firewall is blocking traffic
Troubleshoot encryption and certificate issues for point-to-site and site-to-site scenarios
Troubleshoot connectivity to secure endpoints
Troubleshoot Azure network security groups (NSGs)
Troubleshoot NSG configuration issues
Review and interpret NSG flow logs
Determine whether one or more Azure network interfaces (NICs) are associated with an application security group (ASG)
Troubleshoot Azure Firewall issues
Troubleshoot application, network, and infrastructure rules
Troubleshoot network address translation (NAT) and destination network address translation (DNAT) rules
Troubleshoot Azure Firewall Manager configuration issues
Troubleshoot latency issues
Determine the root cause for Azure VM-level throttling
Determine the root cause for latency issues when connecting to Azure VMs
Determine the root cause for throttling between source and destination resources
Troubleshoot bandwidth availability issues
Determine whether resource response times meet service-level agreements (SLAs)
Troubleshoot routing and traffic control
Review and interpret route tables
Troubleshoot issues caused by asymmetric routing
Troubleshoot issues with user-defined routes
Troubleshoot issues related to forced tunneling
Troubleshoot Border Gateway Protocol (BGP) issues
Troubleshoot service chaining
Troubleshoot routing configuration issues in Azure
Troubleshoot load-balancing issues
Determine whether VMs in a load-balanced backend pool are healthy
Troubleshoot issues with Azure Load Balancer
Review and interpret load balancer rules
Troubleshoot traffic distribution issues
Evaluate the configuration of Azure Traffic Manager
Troubleshoot issues with Azure Traffic Manager profiles
Troubleshoot port exhaustion issues
Troubleshoot issues with Azure Front Door
Troubleshoot issues with Azure Application Gateway
Troubleshoot VM connectivity issues (5–10%)
Troubleshoot Azure Bastion
Troubleshoot issues deploying Azure Bastion
Troubleshoot connectivity issues
Troubleshoot authorization issues
Troubleshoot just-in-time (JIT) VM access
Validate connectivity with an Azure VM
Troubleshoot JIT VM configuration issues
Troubleshoot JIT VM authorization issues