Study guide for Exam AZ-801: Configuring Windows Server Hybrid Advanced Services
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description | |
|---|---|---|
| Review the skills measured as of August 24, 2023 | This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date. | |
| Review the skills measured prior to August 24, 2023 | Study this list of skills if you take your exam PRIOR to the date provided. | |
| Change log | You can go directly to the change log if you want to see the changes that will be made on the date provided. | |
| How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. | |
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. | |
| Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. | |
| Exam scoring and score reports | A score of 700 or greater is required to pass. | |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. | |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. | |
| Take a free Practice Assessment | Test your skills with practice questions to help you prepare for the exam. |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when the localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of August 24, 2023
Audience profile
Candidates for this exam are responsible for configuring and managing Windows Server on-premises, hybrid, and Infrastructure as a Service (IaaS) platform workloads. The Windows Server Hybrid Administrator is tasked with integrating Windows Server environments with Azure services and managing Windows Server in on-premises networks. This role manages and maintains Windows Server IaaS workloads in Azure as well as migrating and deploying workloads to Azure. This role typically collaborates with Azure Administrators, Enterprise Architects, Microsoft 365 administrators, and network engineers.
Candidates for this exam deploy, package, secure, update, and configure Windows Server workloads using on-premises, hybrid, and cloud technologies. This role implements and manages on-premises and hybrid solutions, such as identity, security, management, compute, networking, storage, monitoring, high availability, and disaster recovery. This role uses administrative tools and technologies such as Windows Admin Center, PowerShell, Azure Arc, Azure Policy, Azure Monitor, Azure Automation Update Management, Microsoft Defender for Identity, Microsoft Defender for Cloud, and IaaS VM administration.
Candidates for this exam have several years of experience with Windows Server operating systems.
Secure Windows Server on-premises and hybrid infrastructures (25–30%)
Implement and manage Windows Server high availability (10–15%)
Implement disaster recovery (10–15%)
Migrate servers and workloads (20–25%)
Monitor and troubleshoot Windows Server environments (20–25%)
Secure Windows Server on-premises and hybrid infrastructures (25–30%)
Secure Windows Server operating system
Configure and manage Exploit Protection
Configure and manage Windows Defender Application Control
Configure and manage Microsoft Defender for Servers
Configure and manage Windows Defender Credential Guard
Configure SmartScreen
Implement operating system security by using Group Policies
Secure a hybrid Active Directory infrastructure
Configure password policies
Enable password block lists
Manage protected users
Manage account security on an RODC
Harden domain controllers
Configure authentication policy silos
Restrict access to domain controllers
Configure account security
Manage AD built-in administrative groups
Manage AD delegation
Implement and manage Microsoft Defender for Identity
Identify and remediate Windows Server security issues by using Azure services
Monitor on-premises servers and Azure IaaS VMs by using Microsoft Sentinel
Identify and remediate security issues on-premises servers and Azure IaaS VMs by using Microsoft Defender for Cloud
Secure Windows Server networking
Manage Windows Defender Firewall
Implement domain isolation
Implement connection security rules
Secure Windows Server storage
Manage Windows BitLocker Drive Encryption (BitLocker)
Manage and recover encrypted volumes
Enable storage encryption by using Azure Disk Encryption
Manage disk encryption keys for IaaS virtual machines
Implement and Manage Windows Server high availability (10–15%)
Implement a Windows Server failover cluster
Implement a failover cluster on-premises, hybrid, or cloud-only
Create a Windows failover cluster
Implement a stretch cluster across datacenters or Azure regions
Configure storage for failover clustering
Modify quorum options
Configure network adapters for failover clustering
Configure cluster workload options
Configure cluster sets
Configure Scale-Out File servers
Create an Azure witness
Configure a floating IP address for the cluster
Implement load balancing for the failover cluster
Manage failover clustering
Implement cluster-aware updating
Recover a failed cluster node
Upgrade a node to Windows Server 2022
Failover workloads between nodes
Install Windows updates on cluster nodes
Manage failover clusters using Windows Admin Center
Implement and manage Storage Spaces Direct
Create a failover cluster using Storage Spaces Direct
Upgrade a Storage Spaces Direct node
Implement networking for Storage Spaces Direct
Configure Storage Spaces Direct
Implement disaster recovery (10–15%)
Manage backup and recovery for Windows Server
Back up and restore files and folders to Azure Recovery Services Vault
Install and manage Azure Backup Server
Back up and recover using Azure Backup Server
Manage backups in Azure Recovery Services Vault
Create a backup policy
Configure backup for Azure VM using the built-in backup agent
Recover VM using temporary snapshots
Recover VMs to new Azure VMs
Restore a VM
Implement disaster recovery by using Azure Site Recovery
Configure Azure Site Recovery networking
Configure Site Recovery for on-premises VMs
Configure a recovery plan
Configure Site Recovery for Azure VMs
Implement VM replication to secondary datacenter or Azure region
Configure Azure Site Recovery policies
Protect virtual machines by using Hyper-V replicas
Configure Hyper-V hosts for replication
Manage Hyper-V replica servers
Configure VM replication
Perform a failover
Migrate servers and workloads (20–25%)
Migrate on-premises storage to on-premises servers or Azure
Transfer data and share
Cut over to a new server by using Storage Migration Service (SMS)
Use Storage Migration Service to migrate to Azure VMs
Migrate to Azure file shares
Migrate on-premises servers to Azure
Deploy and configure Azure Migrate appliance
Migrate VM workloads to Azure IaaS
Migrate physical workloads to Azure IaaS
Migrate by using Azure Migrate
Migrate workloads from previous versions to Windows Server 2022
Migrate IIS
Migrate Hyper-V hosts
Migrate RDS host servers
Migrate DHCP
Migrate print servers
Migrate IIS workloads to Azure
Migrate IIS workloads to Azure Web Apps
Migrate IIS workloads to containers
Migrate an AD DS infrastructure to Windows Server 2022 AD DS
Migrate AD DS objects, including users, groups and Group Policies using AD Migration Tool
Migrate to a new Active Directory forest
Upgrade an existing forest
Monitor and troubleshoot Windows Server environments (20–25%)
Monitor Windows Server by using Windows Server tools and Azure services
Monitor Windows Server by using Performance Monitor
Create and configure Data Collector Sets
Monitor servers and configure alerts by using Windows Admin Center
Analyze Windows Server system data by using System Insights
Manage event logs
Deploy Azure Monitor agents
Collect performance counters to Azure
Create alerts
Monitor Azure VMs by using Azure diagnostics extension
Monitor Azure VMs performance by using VM Insights
Troubleshoot Windows Server on-premises and hybrid networking
Troubleshoot hybrid network connectivity
Troubleshoot on-premises connectivity
Troubleshoot Windows Server virtual machines in Azure
Troubleshoot deployment failures
Troubleshoot booting failures
Troubleshoot VM performance issues
Troubleshoot VM extension issues
Troubleshoot disk encryption issues
Troubleshoot storage
Troubleshoot VM connection issues
Troubleshoot Active Directory
Restore objects from AD recycle bin
Recover Active Directory database using Directory Services Restore mode
Recover SYSVOL
Troubleshoot Active Directory replication
Troubleshoot Hybrid authentication issues
Troubleshoot on-premises Active Directory
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.
| Skill area prior to August 24, 2023 | Skill area as of August 24, 2023 | Change |
|---|---|---|
| Audience profile | No change | |
| Secure Windows Server On-premises and Hybrid Infrastructures | Secure Windows Server on-premises and hybrid infrastructures | No change |
| Secure Windows Server operating system | Secure Windows Server operating system | Minor |
| Secure a hybrid Active Directory infrastructure | Secure a hybrid Active Directory infrastructure | No change |
| Identify and remediate Windows Server security issues by using Azure Services | Identify and remediate Windows Server security issues by using Azure Services | No change |
| Secure Windows Server networking | Secure Windows Server networking | No change |
| Secure Windows Server storage | Secure Windows Server storage | No change |
| Implement and Manage Windows Server High Availability | Implement and manage Windows Server high availability | No change |
| Implement a Windows Server failover cluster | Implement a Windows Server failover cluster | No change |
| Manage failover clustering | Manage failover clustering | No change |
| Implement and manage Storage Spaces Direct | Implement and manage Storage Spaces Direct | No change |
| Implement Disaster Recovery | Implement disaster recovery | No change |
| Manage backup and recovery for Windows Server | Manage backup and recovery for Windows Server | No change |
| Implement disaster recovery by using Azure Site Recovery | Implement disaster recovery by using Azure Site Recovery | No change |
| Protect virtual machines by using Hyper-V replicas | Protect virtual machines by using Hyper-V replicas | No change |
| Migrate Servers and Workloads | Migrate servers and workloads | No change |
| Migrate on-premises storage to on-premises servers or Azure | Migrate on-premises storage to on-premises servers or Azure | No change |
| Migrate on-premises servers to Azure | Migrate on-premises servers to Azure | No change |
| Migrate workloads from previous versions to Windows Server 2022 | Migrate workloads from previous versions to Windows Server 2022 | No change |
| Migrate IIS workloads to Azure | Migrate IIS workloads to Azure | No change |
| Migrate an AD DS Infrastructure to Windows Server 2022 AD DS | Migrate an AD DS Infrastructure to Windows Server 2022 AD DS | No change |
| Monitor and Troubleshoot Windows Server Environments | Monitor and troubleshoot Windows Server environments | No change |
| Monitor Windows Server by using Windows Server tools and Azure services | Monitor Windows Server by using Windows Server tools and Azure services | No change |
| Troubleshoot Windows Server On-premises and Hybrid networking | Troubleshoot Windows Server On-premises and Hybrid networking | No change |
| Troubleshoot Windows Server virtual machines in Azure | Troubleshoot Windows Server virtual machines in Azure | No change |
| Troubleshoot Active Directory | Troubleshoot Active Directory | No change |
Skills measured prior to August 24, 2023
Audience profile
Candidates for this exam are responsible for configuring and managing Windows Server on-premises, hybrid, and Infrastructure as a Service (IaaS) platform workloads. The Windows Server Hybrid Administrator is tasked with integrating Windows Server environments with Azure services and managing Windows Server in on-premises networks. This role manages and maintains Windows Server IaaS workloads in Azure as well as migrating and deploying workloads to Azure. This role typically collaborates with Azure Administrators, Enterprise Architects, Microsoft 365 administrators, and network engineers.
Candidates for this exam deploy, package, secure, update, and configure Windows Server workloads using on-premises, hybrid, and cloud technologies. This role implements and manages on-premises and hybrid solutions, such as identity, security, management, compute, networking, storage, monitoring, high availability, and disaster recovery. This role uses administrative tools and technologies such as Windows Admin Center, PowerShell, Azure Arc, Azure Policy, Azure Monitor, Azure Automation Update Management, Microsoft Defender for Identity, Microsoft Defender for Cloud, and IaaS VM administration.
Candidates for this exam have several years of experience with Windows Server operating systems.
Secure Windows Server on-premises and hybrid infrastructures (25–30%)
Implement and manage Windows Server high availability (10–15%)
Implement disaster recovery (10–15%)
Migrate servers and workloads (20–25%)
Monitor and troubleshoot Windows Server environments (20–25%)
Secure Windows Server on-premises and hybrid infrastructures (25–30%)
Secure Windows Server operating system
Configure and manage Exploit Protection
Configure and manage Windows Defender Application Control
Configure and manage Microsoft Defender for Endpoint
Configure and manage Windows Defender Credential Guard
Configure SmartScreen
Implement operating system security by using Group Policies
Secure a hybrid Active Directory infrastructure
Configure password policies
Enable password block lists
Manage protected users
Manage account security on an RODC
Harden domain controllers
Configure authentication policy silos
Restrict access to domain controllers
Configure account security
Manage AD built-in administrative groups
Manage AD delegation
Implement and manage Microsoft Defender for Identity
Identify and remediate Windows Server security issues by using Azure Services
Monitor on-premises servers and Azure IaaS VMs by using Microsoft Sentinel
Identify and remediate security issues on-premises servers and Azure IaaS VMs by using Microsoft Defender for Cloud
Secure Windows Server networking
Manage Windows Defender Firewall
Implement domain isolation
Implement connection security rules
Secure Windows Server storage
Manage Windows BitLocker Drive Encryption (BitLocker)
Manage and recover encrypted volumes
Enable storage encryption by using Azure Disk Encryption
Manage disk encryption keys for IaaS virtual machines
Implement and manage Windows Server high availability (10–15%)
Implement a Windows Server failover cluster
Implement a failover cluster on-premises, hybrid, or cloud-only
Create a Windows failover cluster
Implement a stretch cluster across datacenters or Azure regions
Configure storage for failover clustering
Modify quorum options
Configure network adapters for failover clustering
Configure cluster workload options
Configure cluster sets
Configure Scale-Out File servers
Create an Azure witness
Configure a floating IP address for the cluster
Implement load balancing for the failover cluster
Manage failover clustering
Implement cluster-aware updating
Recover a failed cluster node
Upgrade a node to Windows Server 2022
Failover workloads between nodes
Install Windows updates on cluster nodes
Manage failover clusters using Windows Admin Center
Implement and manage Storage Spaces Direct
Create a failover cluster using Storage Spaces Direct
Upgrade a Storage Spaces Direct node
Implement networking for Storage Spaces Direct
Configure Storage Spaces Direct
Implement disaster recovery (10–15%)
Manage backup and recovery for Windows Server
Back up and restore files and folders to Azure Recovery Services Vault
Install and manage Azure Backup Server
Back up and recover using Azure Backup Server
Manage backups in Azure Recovery Services Vault
Create a backup policy
Configure backup for Azure VM using the built-in backup agent
Recover VM using temporary snapshots
Recover VMs to new Azure VMs
Restore a VM
Implement disaster recovery by using Azure Site Recovery
Configure Azure Site Recovery networking
Configure Site Recovery for on-premises VMs
Configure a recovery plan
Configure Site Recovery for Azure VMs
Implement VM replication to secondary datacenter or Azure region
Configure Azure Site Recovery policies
Protect virtual machines by using Hyper-V replicas
Configure Hyper-V hosts for replication
Manage Hyper-V replica servers
Configure VM replication
Perform a failover
Migrate servers and workloads (20–25%)
Migrate on-premises storage to on-premises servers or Azure
Transfer data and share
Cut over to a new server by using Storage Migration Service (SMS)
Use Storage Migration Service to migrate to Azure VMs
Migrate to Azure file shares
Migrate on-premises servers to Azure
Deploy and configure Azure Migrate appliance
Migrate VM workloads to Azure IaaS
Migrate physical workloads to Azure IaaS
Migrate by using Azure Migrate
Migrate workloads from previous versions to Windows Server 2022
Migrate IIS
Migrate Hyper-V hosts
Migrate RDS host servers
Migrate DHCP
Migrate print servers
Migrate IIS workloads to Azure
Migrate IIS workloads to Azure Web Apps
Migrate IIS workloads to containers
Migrate an AD DS infrastructure to Windows Server 2022 AD DS
Migrate AD DS objects, including users, groups and Group Policies using AD Migration Tool
Migrate to a new Active Directory forest
Upgrade an existing forest
Monitor and troubleshoot Windows Server environments (20–25%)
Monitor Windows Server by using Windows Server tools and Azure services
Monitor Windows Server by using Performance Monitor
Create and configure Data Collector Sets
Monitor servers and configure alerts by using Windows Admin Center
Analyze Windows Server system data by using System Insights
Manage event logs
Deploy Azure Monitor agents
Collect performance counters to Azure
Create alerts
Monitor Azure VMs by using Azure diagnostics extension
Monitor Azure VMs performance by using VM Insights
Troubleshoot Windows Server on-premises and hybrid networking
Troubleshoot hybrid network connectivity
Troubleshoot on-premises connectivity
Troubleshoot Windows Server virtual machines in Azure
Troubleshoot deployment failures
Troubleshoot booting failures
Troubleshoot VM performance issues
Troubleshoot VM extension issues
Troubleshoot disk encryption issues
Troubleshoot storage
Troubleshoot VM connection issues
Troubleshoot Active Directory
Restore objects from AD recycle bin
Recover Active Directory database using Directory Services Restore mode
Recover SYSVOL
Troubleshoot Active Directory replication
Troubleshoot Hybrid authentication issues
Troubleshoot on-premises Active Directory