Next month AZ-140 receives a minor update, just some minor clarifications on some of the topics, rather than the addition or removal of anything. In other words, great news for those of you already part way through your preparation, concerned that you might have to go back to the drawing board.
First off, there was no change in the weightings.
- Plan and implement an Azure Virtual Desktop infrastructure (40–45%)
- Plan and implement identity and security (15–20%)
- Plan and implement user environments and apps (20–25%)
- Monitor and maintain an Azure Virtual Desktop infrastructure (10–15%)
When I talk to people who are considering this exam, or who have already started their preparation, it’s quite common to find that they fall into three different categories. First of all, there are those who are already working closely with Azure Virtual Desktop, and have broad exposure to the technologies that the exam covers. The second group are those with traditional/on-premises VDI solutions, who tend to have good skills with technologies such as Active Directory, Group Policy etc. The third group are those who work closely with a variety of different Azure technologies, and their job now requires them to start deploying AVD solutions for their organisation. You may not neatly fit into one of these categories, but the chances are you might hover between two of them. Let’s break each of these groups down to discuss where they should focus their preparation efforts.
Those of you familiar with AVD, with some deployment experience under your belt, should be looking at deployment scenarios and technologies that aren’t used in your environments, or maybe they are used, but they aren’t technologies that you are responsible for. A short list, not comprehensive in any way, could be the following
- providing full desktop experiences, without any RemoteApp experience
- not having exposure to certain storage solutions
- deploying the compute components, but the networking components are deployed and managed by another team
- consuming, but not configuring Azure monitoring solutions
- Intune only without Group Policy exposure
For the second group, those with traditional, on-premises VDI exposure, the biggest challenge here is going to be the broader understanding of a wide variety of different Azure services, as well as other Microsoft cloud offerings like Entra ID and Intune. I’m not going to downplay how overwhelming this might be if you are thrown into the deep end and expected to be an expert in a short timeframe. I do think it’s worth the effort though, because these Azure skills can be applied to a very wide variety of solutions you will most likely end up deploying over a long period of time.
And finally, the third group, the Azure fluent, but no or very limited exposure to Active Directory, Group Policy etc. The biggest challenge I tend to see here is that if you weren’t planning to spend time learning about what were traditionally on-premises technologies. Maybe Azure AD (Entra ID) was the only AD you thought you would ever have to deal with, and you aren’t all that motivated to dig into things you thought may not be part of your skills acquisition plan. The best advice I can give here is to make sure you are staying on-topic when it comes to your preparation is to not go much deeper than what the exam topics require.
Plan and implement an Azure Virtual Desktop infrastructure (40–45%)
Plan, implement, and manage networking for Azure Virtual Desktop
- Assess network capacity and speed requirements for Azure Virtual Desktop
- Design network configuration for session hosts to meet requirements for Azure Virtual Desktop
- Plan and implement Remote Desktop Protocol (RDP) Shortpath and quality of service (QoS) policies
- Plan and implement an Azure Private Link solution for Azure Virtual Desktop
- Monitor and troubleshoot network connectivity
Plan and implement storage for Azure Virtual Desktop user data
- Plan storage for Azure Virtual Desktop user data
- Implement storage for FSLogix components
- Implement storage accounts for Azure Virtual Desktop
- Implement file shares for Azure Virtual Desktop
- Implement Azure NetApp Files for Azure Virtual Desktop
Plan host pools and session hosts
- Recommend resource groups, subscriptions, and management groups for Azure Virtual Desktop resources
- Recommend an operating system (OS) for Azure Virtual Desktop session hosts
- Recommend an appropriate licensing model for Azure Virtual Desktop based on requirements
- Plan a host pool architecture
- Design an Azure Virtual Desktop configuration for performance requirements
- Design an Azure Virtual Desktop configuration for Azure Virtual Machines capacity requirements
Implement host pools and session hosts
- Create host pools and session hosts by using the Azure portal
- Automate creation of Azure Virtual Desktop hosts and host pools by using PowerShell, Azure CLI, Azure Resource Manager templates (ARM templates), and Bicep files
- Configure host pool and session host settings
- Apply a Windows client or Windows Server license to a session host
Create and manage session host images
- Create an image manually
- Create an image by using Azure VM Image Builder
- Modify an image
- Plan and implement lifecycle management for images
- Apply OS and application updates to an image
- Create a session host by using a custom image
- Plan and implement image storage, including Azure compute gallery
Plan and implement identity and security (15–20%)
Plan and implement identity integration
- Select an identity scenario for Azure Virtual Desktop, including Active Directory Domain Services (AD DS), Microsoft Entra ID, and Microsoft Entra Domain Services
- Specify requirements to configure the Azure Virtual Desktop session host for an identity scenario
- Plan and implement Azure roles and role-based access control (RBAC) for Azure Virtual Desktop
- Plan and implement Conditional Access policies for connections to Azure Virtual Desktop
- Plan and implement authentication options in Azure Virtual Desktop, including passwordless, smart card, and multifactor authentication
- Manage roles, groups, and rights assignments on Azure Virtual Desktop session hosts
- Configure single sign-on
Plan and implement security
- Plan, implement, and manage security for Azure Virtual Desktop session hosts by using Microsoft Defender for Cloud
- Configure session host protection by using Microsoft Defender Antivirus
- Configure session host protection by using Microsoft Defender for Endpoint, including onboarding and scanning options
- Implement and manage network security for connections to Azure Virtual Desktop, including user defined routes (UDRs), network security groups (NSGs), and Azure Firewall
- Configure Azure Bastion or just-in-time (JIT) for administrative access to session hosts
- Plan and implement Windows threat protection features on Azure Virtual Desktop session hosts, including Windows Defender Application Control and Controlled Folder Access
- Plan for and implement Confidential VM and Trusted Launch security features for Azure Virtual Desktop session host provisioning
Plan and implement user environments and apps (20–25%)
Plan and implement FSLogix
- Recommend FSLogix configuration
- Configure FSLogix Profile Containers
- Configure FSLogix Office Containers
- Configure FSLogix Cloud Cache
- Implement FSLogix application masking
Plan and implement user experience and client settings
- Choose an Azure Virtual Desktop client
- Choose a deployment method for the client
- Deploy and troubleshoot Azure Virtual Desktop clients
- Configure device redirection
- Configure multimedia redirection
- Configure printing and Universal Print
- Configure user settings through Microsoft Intune policies or Group Policy
- Configure Remote Desktop Protocol (RDP) properties on a host pool
- Configure session timeout properties
- Implement the Start Virtual Machine on Connect feature
- Assign and unassign personal desktops to users
Install and configure apps on a session host
- Choose a method for deploying an app to Azure Virtual Desktop
- Create and configure an application group
- Assign users to application groups
- Publish an application as a RemoteApp
- Implement and manage Microsoft 365 apps on Azure Virtual Desktop session hosts
- Implement and manage OneDrive, including multisession environments
- Implement and manage Microsoft Teams, including the Remote Desktop WebRTC Redirector Service
- Implement and manage browsers for Azure Virtual Desktop sessions
- Configure dynamic application delivery by using app attach
- Create an application package for app attach
Monitor and maintain an Azure Virtual Desktop infrastructure (10–15%)
Monitor and manage Azure Virtual Desktop services
- Configure log collection and analysis for Azure Virtual Desktop session hosts
- Monitor Azure Virtual Desktop by using Azure Monitor
- Customize Azure Monitor workbooks for Azure Virtual Desktop Insights
- Optimize session host capacity and performance
- Implement autoscaling in host pools
- Monitor and manage active sessions and application groups
Plan and implement updates, backups, and disaster recovery
- Recommend an update strategy for session hosts
- Plan and implement a disaster recovery plan for Azure Virtual Desktop
- Plan for multi-region implementation
- Design and implement a backup strategy for Azure Virtual Desktop
- Configure backup and restore for FSLogix user profiles, personal virtual desktop infrastructures (VDIs), and images
intunedin.net 