Preparing for the Microsoft Azure AZ-202 exam (70-532 Developer Migration)

So I’ve been preparing for the new AZ-202 exam, and the first place you should always start is looking at the exam objectives. I generally parse them, see what i might need to brush up on (if i’m taking an exam its usually because i think i already know the subject quite well).

Exam Objective Scrape

Given half a chance, i always go to automate everything and this was no exception when i noticed we’d restyled the Exam pages… the Powershell comes out.

It scrapes the contents from the exam page and creates a CSV file with links to find documentation on the exam topics.

I then apply the standard Microsoft levels to say which subject areas i’m confident in. I apply some conditional formatting to make it look nice, and i’ve got my revision prep list ready to go.

So what was the AZ-202 like?

I took the AZ-202 in Beta in order to provide feedback to the exam team for when the exam goes live. The format of the exam is much the same as all the other Microsoft exams I’ve taken, a mix of case-study focused questions, a set of questions you can’t hit previous on, and a bulk of general questions with different answer formats.

The quality of the exam questions, even in Beta was really high. I only commented on about 10% of the questions, the rest were sufficiently clear in their phrasing and testing strategy.

The AZ-202 is the migration exam for the 70-532 exam, and i can tell you – it felt much harder. Microsoft exams getting harder can only be a good thing, it means that holding the associated certification is seen to be of higher value. What really struck me was the depth some of the questions went to, i can’t speak about specifics for obvious reasons… but the exam felt it was really trying to test for the practical knowledge of “has this person actually done this” rather than “has this person read about this and mostly understands it”.

My revision strategy is minimal to say the least. I broadly think that exams should test what you already know, and you shouldn’t dedicate a bunch of time to prepare for an exam in a subject you’re not confident in. True to my self assessment (the 100-400 levels above), the areas i was weakest in were the IOT questions. This is the other good thing about exam certification, there will ultimately be a couple of areas you’ll need to brush up in to provide a completeness of knowledge.

Producing animated gifs on Windows 10

I’ve had a real struggle trying to find capable apps for Windows 10 that do a decent job taking screengrabs and producing an animated gif. Several comparison guides have been read, followed and led to quite a poor experience.

I’m going to be pretty prescriptive in my recommendations; 2 tools. One for capturing a persistent screen region to file with minimum fuss, and the other for producing a nice animated gif with variable delays and slick editing experience.

Screen capture

It’s really easy in Windows 10 to capture the whole screen to file, Windows+PrintScreen. However when you’re trying to make a specific resolution gif, or even just a window you need to find a 3rd party tool. Lightshot is that tool, it’s free, simple to use and has just the features needed without bloatware or advertising.

You can see some of the Lightshot tools in the image above, but by far the most important is once the screen region is set that it persists for future screengrabs and saves straight to file.

Animated Gif Production

Now that you’ve got a nice set of image files in a directory, the task to create the Gif begins.
ScreenToGif is an Open Source project that does an awesome job. For my purposes i’m going to focus on the Editor capabilities, although it does have a capture mode but that doesn’t align with what I need from it.

The editor gives the ability to tweak the order of the images, the delays and transitions between the images and works with high-res images nicely. The project output also saves as a STG file which means you can return to it at any time.
The last feature I find really handy is the ability to draw on the image inside ScreenToGif, it means I can quickly annotate the screengrab and save it.

To see an example of what the final version looks like, check this out.

Auditing the use of Managed Service Identity in Azure

Managed Identity in Azure quite simply provides an AAD backed identity for your Web App or Virtual Machine, in order to communicate with other Azure services without explicitly providing credentials.

The range of Azure services that you can communicate with is growing, for the sake of this blog post we’re not going to focus on a specific service – instead querying the control plane to find all applicable RBAC assignments that have been set up for our Managed Identity. Please note that the script and example is all focussed around App Service, not a VM.

Switching it on

Turning on Managed Identity for a Web App you’ve published to Azure is easy. Navigate to the Web App, under settings you’ll finding Managed Service Identity, then flip the toggle box on before hitting Save.

This is what happens under the covers;

The App Gets a nice GUID assigned, this should be familiar to those working with ApplicationId’s and ServicePrincipals.

Toggling it

If you remove the Managed Identity from the app, and then set it back on again then a new PrincipalId is generated and any permissions you’d set up for this identity onto other Azure services will have been removed.

Auditing the Identity permissions

In an ideal world you’ll have a deployment script that sets up permissions for your Web App or VM on it’s dependant services with the least privilege required, however having a way of auditing a deployed applications permissions is going to be helpful in getting to that state. The script I’ve made looks at;

  • All Web Apps in your Azure subscription
  • Reports RBAC assignments for the Web Apps Identity
  • Checks all Keyvaults for Access Policies that the Identity has been allowed to use

The script:

The script populates two arrays with the pertinent information that you want to capture. From these arrays you can then start building a script that would restore the permissions to be used in a failure scenario.
Here’s what the they look like;

AlternativeIdentifierRefs problems with ACME New Certificate

The AlternativeIdentifierRefs parameter is used by the New-ACMECertificate cmdlet in ACMESharp when you want Let’s encrypt to have an secondary domain in the same certificate as your primary alias.
This is handy because Let’s Encrypt doesn’t support wildcards. EDIT: Let’s Encrypt ACMEv2 endpoint DOES support wildcards, but the Powershell module as it stands does not use ACMEv2.

I was having an issue when trying to do this;

New-ACMECertificate : The given key was not present in the dictionary

This was because in the previous steps in my script, I was only validating my ownership of the first alias – not of the alternative domains. I need to validate all domains before a certificate will be issued.

Here’s some code snippets of what I ended up with;

TemplateParameterObject Parameter in Azure Powershell New-AzureRmResourceGroupDeployment

If you’re initiating a deployment to Azure using an ARM template, then you can make use of the TemplateParameterObject to pass through a hashtable that contains the parameters for the template.


When you come to deploy the template using Powershell, you can therefore run something like this.