Training: Design and Implement Microsoft Azure Network Solutions (AZ-700)

Ref. AZ-700T00

Download PDF

Duration:

jours

Exam:

Optionnel

Level:

Intermédiaire

Funding:

Eligible

Home > Trainings > IT Pro > Systems and Networking > Design and Implement Microsoft Azure Network Solutions (AZ-700)

Design and Implement Microsoft Azure Network Solutions Training (AZ-700)

The AZ-700 training prepares you to design and implement comprehensive network solutions on Microsoft Azure in three days. This official Microsoft course covers virtual networks (VNet) and peering, hybrid connectivity with VPN Gateway and ExpressRoute, load balancing with Azure Load Balancer, Application Gateway and Front Door, network security with Azure Firewall and NSGs, and monitoring with Network Watcher. You develop the expertise needed to manage enterprise-grade Azure network architectures tailored to the needs of organizations in Switzerland.

Delivered in Geneva and Lausanne by MCT certified trainers, this AZ-700 training relies on intensive hands-on labs on the Microsoft cloud platform. You configure VNets with regional and global peering, deploy site-to-site VPN gateways, set up Azure Application Gateway with Web Application Firewall, secure outbound traffic with Azure Firewall, and diagnose network flows with Network Watcher. The Azure Network Engineer Associate certification is included and validates your mastery of Azure network solutions.

Participant Profiles

Network engineers and system administrators
Cloud solution architects
IT professionals in charge of infrastructures
Digital transformation consultants
Technicians looking to specialize in Azure

Objectives

Design, implement, and manage core Azure networking infrastructure
Configure hybrid networking including VPN Gateway and ExpressRoute
Design and implement routing strategies and network security groups
Implement load balancing solutions using Azure Load Balancer and Application Gateway
Configure private access to Azure services using Private Link and service endpoints
Design and implement Azure Virtual WAN architectures
Monitor and troubleshoot Azure networking using Network Watcher and diagnostics

Prerequisites

Basic knowledge of computer networks (TCP/IP, DNS, routing)
Familiarity with virtualization and cloud computing concepts
General understanding of the Microsoft Azure ecosystem

Course Content

Module 1: Introduction to Azure Virtual Networks

Explore Azure Virtual Networks
Configure public IP services
Design name resolution for your virtual network
Enable cross-virtual network connectivity with peering
Implement virtual network traffic routing
Configure internet access with Azure Virtual NAT

Module 2: Design and implement hybrid networking

Design and implement Azure VPN Gateway
Connect networks with Site-to-site VPN connections
Connect devices to networks with Point-to-site VPN connections
Connect remote resources by using Azure Virtual WANs
Create a network virtual appliance (NVA) in a virtual hub

Module 3: Design and implement Azure ExpressRoute

Explore Azure ExpressRoute
Design an ExpressRoute deployment
Configure peering for an ExpressRoute deployment
Design an ExpressRoute circuit for resiliency
Connect geographically dispersed networks with ExpressRoute global reach
Improve data path performance between networks with ExpressRoute FastPath
Troubleshoot ExpressRoute connection issues

Module 4: Load balance non-HTTP(S) traffic in Azure

Explore load balancing
Design and implement Azure load balancer using the Azure portal
Explore Azure Traffic Manager

Module 5: Load balance HTTP(S) traffic in Azure

Design Azure Application Gateway
Configure Azure Application Gateway
Design and configure Azure Front Door

Module 6: Design and implement network security

Get network security recommendations with Microsoft Defender for Cloud
Deploy Azure DDoS Protection by using the Azure portal
Deploy Network Security Groups by using the Azure portal
Design and implement Azure Firewall
Secure your networks with Azure Firewall Manager
Implement a Web Application Firewall

Module 7: Design and implement private access to Azure Services

Explain virtual network service endpoints
Define Private Link Service and private endpoint
Integrate private endpoint with Domain Name Service

Module 8: Design and implement network monitoring

Monitor your networks using Azure Monitor
Monitor your networks using Azure Network Watcher

Documentation

Access to Microsoft Learn, Microsoft’s online learning platform, offering interactive resources and educational content to deepen your knowledge and develop your technical skills.

Lab / Exercises

This course provides you with exclusive access to the official Microsoft lab, enabling you to practice your skills in a professional environment.

Exam

This course prepares you to the AZ-700: Azure Network Engineer Associate exam.

Complementary Courses

Eligible Funding

ITTA is a partner of a continuing education fund dedicated to temporary workers. This fund can subsidize your training, provided that you are subject to the “Service Provision” collective labor agreement (CCT) and meet certain conditions, including having worked at least 88 hours in the past 12 months.

Additional Information

AZ-700 Training: Design and Implement Microsoft Azure Network Solutions

Networking is the backbone of every cloud architecture. Connectivity quality, traffic segmentation, and flow protection determine the performance and security of applications deployed on Azure. Companies in Switzerland, which frequently operate in hybrid mode between their datacenters and the cloud, need network engineers capable of designing robust and scalable architectures.

The AZ-700 training gives you the skills to design and implement all Microsoft Azure network solutions in three days in Geneva or Lausanne, from virtual networks to hybrid connections through security and load balancing.

Azure Virtual Networks: Architecture, Peering and Advanced Routing

Virtual networks (VNet) are the fundamental building blocks of Azure network topology. The AZ-700 training covers IP address space design, subnet segmentation, regional and global VNet peering to interconnect networks, and custom route tables (UDR) to control traffic flows. Azure Private DNS and DNS zones ensure name resolution within your networks without internet exposure.

Azure Virtual WAN simplifies multi-site architectures by centralizing routing, security, and hybrid connectivity in a managed hub. This approach is particularly suited to organizations with multiple offices in French-speaking Switzerland and Europe that need to connect their sites to each other and to Azure with simplified management and consistent security.

Hybrid Connectivity: VPN Gateway, ExpressRoute and Virtual WAN

Site-to-site VPN connections encrypt traffic between your sites and Azure over the internet. Point-to-site connections allow individual users to connect from any location. Azure VPN Gateway supports IKEv2 and OpenVPN protocols with bandwidth up to 10 Gbps in active-active configuration.

ExpressRoute provides a private, high-bandwidth connection that does not transit over the internet, offering reduced latency and guaranteed bandwidth. For Swiss companies in the banking and healthcare sectors, ExpressRoute meets data confidentiality and performance requirements for sensitive data. The training covers circuit provisioning, private and Microsoft peering configuration, routing, and high availability strategies with redundant circuits.

Load Balancing and Azure Application Delivery

Azure offers four complementary load balancing solutions. Azure Load Balancer distributes TCP/UDP traffic at layer 4 with minimal latency. Azure Application Gateway operates at layer 7 with SSL termination, URL-based routing, and Web Application Firewall (WAF) for web application protection. Azure Front Door provides global load balancing with CDN integration and automatic failover between regions. Azure Traffic Manager directs DNS traffic based on performance, geography, or priority routing methods.

Choosing the right load balancing solution depends on the type of traffic, geographic scope, and security requirements. The AZ-700 training provides a clear decision framework for each scenario. Swiss companies hosting multi-region applications benefit from combining Front Door for global traffic management and Application Gateway for local layer 7 inspection.

Network Security: Azure Firewall, NSG and DDoS Protection

Azure Firewall is a managed cloud firewall that inspects and filters traffic at the network and application levels. The training covers DNAT, network, and application rule configuration, FQDN-based filtering, threat intelligence, and integration with Azure Firewall Manager for centralized management. Network security groups (NSGs) provide granular filtering at the subnet and network interface level.

Azure DDoS Protection defends your public endpoints against distributed denial-of-service attacks. Azure Web Application Firewall (WAF) protects web applications against OWASP threats. Network Watcher provides diagnostic tools: IP flow verification, next hop, connection troubleshooting, and NSG flow log analysis. These complementary solutions form a defense-in-depth strategy essential for the security of Azure architectures.

Azure Network Engineer Associate Certification: AZ-700 Exam

The AZ-700 exam (Designing and Implementing Microsoft Azure Networking Solutions) validates the Azure Network Engineer Associate title. It contains between 40 and 60 questions (multiple choice, scenarios, case studies) and lasts approximately 120 minutes. The passing score is 700 out of 1000. The certification is valid for one year, renewable free of charge via Microsoft Learn.

In Switzerland, Azure networking expertise is particularly sought after by companies operating hybrid architectures. Targeted roles include Azure network engineer, cloud infrastructure architect, network security consultant, and hybrid connectivity specialist. Financial institutions, multinationals, and technology companies in Geneva and Lausanne value this certification.

At ITTA, a Microsoft Learning Partner in Switzerland You benefit from hands-on labs on real Microsoft cloud environments, official course materials (MOC), and MCT certified trainers. Sessions are held in-person in Geneva and Lausanne or via virtual classroom.

FAQ

What are the prerequisites for the AZ-700 training?

Experience in Azure administration (AZ-104 level) is required. You should understand virtual networks, subnets, and network security groups. Networking fundamentals knowledge (TCP/IP, DNS, routing) is essential.

Is this training suitable for network engineers without Azure experience?

The course requires Azure administration foundations. If you are a network engineer new to Azure, it is recommended to take the AZ-104 training first, then the AZ-700 for Azure networking specialization.

Does the training cover ExpressRoute in detail?

Yes. The training covers ExpressRoute circuit provisioning, private and Microsoft peering, routing, redundancy, and high availability scenarios. Labs allow you to configure and test ExpressRoute connections.

Is the training available as a virtual classroom?

Yes. ITTA offers the AZ-700 training in-person in Geneva and Lausanne as well as via virtual classroom with the same content, the same labs, and the same MCT trainer.

What is the difference between AZ-700 and AZ-104 for networking?

AZ-104 covers networking basics as part of general Azure administration. AZ-700 goes much deeper into advanced network design, hybrid connectivity, and enterprise load balancing. AZ-700 is the networking specialization.

Does the training cover Azure Virtual WAN?

Yes. Azure Virtual WAN is covered as a managed solution for multi-site connectivity, centralized routing, and integrated security with secured virtual hubs.

Is this certification complementary to Cisco or Fortinet certifications?

Yes. The AZ-700 certification adds cloud networking expertise to traditional network certifications. Professionals with Cisco, Fortinet, or Palo Alto certifications strengthen their profile by adding Azure network specialization.