Skip to main content

Microsoft Azure Certifications review

· 4 min read

Following on from an earlier post, this post covers the Azure area of Microsoft certifications and how they may be of relevance from a security perspective.

Azure

The AZ line of certifications is by far the most extensive as far as Microsoft certifications go.

As these line up with securing Cloud workloads in some capacity, these are perhaps the most relevant to this blog.

The coverage area are running workloads in Azure and working with particular Azure service offerings, as well as securing these.

Unlike the other certification areas, there is much less user security concern, or endpoint. There is no assumption of Office 365 or even of Windows, to a large extent.

While the service offerings include Linux as well as Windows, and various open source databases as well as MS-SQL, understanding Microsoft proprietary offerings is still important.

As such, the exams are split into several task areas, or cover specific Microsoft technologies.

The available certifications are the ones listed below, plus a number of very highly specialised certifications that will not be covered such as SAP on Azure, Azure Virtual Desktop, or Cosmos DB:

  • Microsoft Certified: Azure Fundamentals
  • Microsoft Certified: Azure Support Engineer for Connectivity Specialty (retired July 2023)
  • Microsoft Certified: Azure Network Engineer Associate
  • Microsoft Certified: Azure Administrator Associate
  • Microsoft Certified: Azure Developer Associate
  • Microsoft Certified: Windows Server Hybrid Administrator Associate
  • Microsoft Certified: Azure Security Engineer Associate
  • Microsoft Certified: Azure Solutions Architect Expert
  • Microsoft Certified: DevOps Engineer Expert

Analysis

Azure Fundamentals is perhaps the best of the various Microsoft fundamentals series, it covers Cloud computing basics well, and is still challenging enough that candidates have failed it if they didn't study sufficiently.

Microsoft no longer offers Azure Support Engineer for Connectivity Specialty, potentially because the topics overlapped substantially with the Network Engineer role. In the latter case, this can be very relevant to security roles as there is generous treatment of site to site VPNs and other secure connectivity concerns.

Azure Administrator is one of the most difficult Microsoft exams as it tests familiarity with administering nearly all Microsoft Azure services, it is not to be taken lightly. However, due to the breadth of topics covered, it may be too broad for smaller security teams to benefit from, as not many organisations use all the Azure services.

Experienced Azure Administrators may consider pursuing Azure Solutions Architect - security is an important consideration in this role, however like Azure Administrator, this is still a solutions creator role, with a large scope.

Despite its name, Azure Developer isn't about writing code - rather it's about service principal accounts and their security and leveraging various Azure services for application deployment. Despite not being intended as a security certification, the material on service principals is well worth reading at least once.

Experience Azure Developers (or Administrators, for that matter), may want to look at DevOps Engineer - there is far more "developer" topics in this one, such as managing Azure DevOps / Github and its workflows. There are some security considerations, but it's not the main topic.

Windows Server Hybrid Administrator is a very unusual certification. Firstly, it is the only Associate Certification that I can think of that needs two exams. Secondly, it is oddly placed in the cloud certification line up as it is a certification about Windows Server: Active Directory Domains, file sharing, and the like. It is however about Hybrid solutions and leans heavily into supplementing Windows Server with Cloud solutions. While not a security certification, the material is immensely useful as there are currently no longer any Microsoft certification paths that cover Active Directory in such detail.

Lastly, the Azure Security Engineer is a tremendously important certification as it is the only offering from Microsoft that specifically covers securing Cloud workloads. As such it is in high demand in partner environments, and it extensively covers Azure security options. It is also a suitably challenging certification, like the Azure Administrator.

Summary

Due to the number of certifications available, it's easy to get lost in the mix.

In terms of both topic coverage and resume recognition, Azure Security Engineer is the top pick, provided you are concerned with securing cloud workloads.

If your interests lie with traditional Windows Server, and you'd like to explore a modern take on the MCSA/MCSE with some cloud flavour added, then the Hybrid Administrator may be a good fit.

Other certifications have more of a specialised niche, though I am still impressed at the amount of security content crammed into Azure Developer.