πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided DP-300 Domain 1
Domain 1 β€” Module 2 of 5 40%
2 of 28 overall

DP-300 Study Guide

Domain 1: Plan and Implement Data Platform Resources

  • Choose Your Azure SQL Platform Free
  • Deploy and Configure Azure SQL Free
  • Scale, Performance, and Compression Free
  • Migration Planning: Online vs Offline Free
  • Execute and Troubleshoot Migrations Free

Domain 2: Implement a Secure Environment

  • Entra Authentication for Azure SQL
  • Security Principals, Permissions, and T-SQL
  • Encryption: TDE, Always Encrypted, and VBS Enclaves
  • Network Security: Firewalls, Private Links, and Endpoints
  • Data Classification and Auditing
  • Data Masking, Ledger, and Row-Level Security

Domain 3: Monitor, Configure, and Optimize Database Resources

  • Performance Baselines and Monitoring Tools
  • Database Watcher and Extended Events
  • Query Store: Configure and Monitor
  • Blocking, DMVs, and Execution Plans
  • Index and Query Optimization
  • Database Maintenance: Indexes, Statistics, and Integrity
  • Automatic Tuning and Performance Settings

Domain 4: Configure and Manage Automation of Tasks

  • Automation Landscape: What Runs Where
  • SQL Server Agent Jobs
  • Deploy with ARM, Bicep, PowerShell, and CLI
  • Elastic Jobs and Azure Automation

Domain 5: Plan and Configure an HA/DR Environment

  • HA/DR Strategy: RPO, RTO, and Architecture
  • Backup and Restore: Strategy and Native Tools
  • Point-in-Time Restore, LTR, and Cloud Backup
  • Geo-Replication and Failover Groups
  • Always On: Availability Groups and FCIs
  • Log Shipping and HA/DR Operations

DP-300 Study Guide

Domain 1: Plan and Implement Data Platform Resources

  • Choose Your Azure SQL Platform Free
  • Deploy and Configure Azure SQL Free
  • Scale, Performance, and Compression Free
  • Migration Planning: Online vs Offline Free
  • Execute and Troubleshoot Migrations Free

Domain 2: Implement a Secure Environment

  • Entra Authentication for Azure SQL
  • Security Principals, Permissions, and T-SQL
  • Encryption: TDE, Always Encrypted, and VBS Enclaves
  • Network Security: Firewalls, Private Links, and Endpoints
  • Data Classification and Auditing
  • Data Masking, Ledger, and Row-Level Security

Domain 3: Monitor, Configure, and Optimize Database Resources

  • Performance Baselines and Monitoring Tools
  • Database Watcher and Extended Events
  • Query Store: Configure and Monitor
  • Blocking, DMVs, and Execution Plans
  • Index and Query Optimization
  • Database Maintenance: Indexes, Statistics, and Integrity
  • Automatic Tuning and Performance Settings

Domain 4: Configure and Manage Automation of Tasks

  • Automation Landscape: What Runs Where
  • SQL Server Agent Jobs
  • Deploy with ARM, Bicep, PowerShell, and CLI
  • Elastic Jobs and Azure Automation

Domain 5: Plan and Configure an HA/DR Environment

  • HA/DR Strategy: RPO, RTO, and Architecture
  • Backup and Restore: Strategy and Native Tools
  • Point-in-Time Restore, LTR, and Cloud Backup
  • Geo-Replication and Failover Groups
  • Always On: Availability Groups and FCIs
  • Log Shipping and HA/DR Operations
Domain 1: Plan and Implement Data Platform Resources Free ⏱ ~13 min read

Deploy and Configure Azure SQL

Learn automated deployment methods for Azure SQL β€” Azure Portal, ARM templates, Bicep, PowerShell, and CLI. Plus hybrid SQL Server solutions and patching strategies.

Deploying Azure SQL resources

β˜• Simple explanation

Think of deployment like building a house.

You can build it by hand (Azure Portal β€” clicking buttons), or you can hire a builder with blueprints (templates and scripts). The portal is great for your first time. But when you need to build the same house 50 times across different cities, you want blueprints.

That’s what ARM templates, Bicep, PowerShell, and Azure CLI do β€” they’re your blueprints. Write once, deploy everywhere, and know every house is identical.

Azure SQL resources can be deployed using multiple methods, ranging from interactive (Azure Portal) to fully automated (Infrastructure as Code). The exam tests your ability to choose the right deployment method for the scenario and deploy to the correct platform.

Key deployment methods:

  • Azure Portal β€” GUI-based, interactive. Good for one-off deployments and learning.
  • ARM templates (JSON) β€” Declarative Infrastructure as Code. JSON format, verbose but battle-tested.
  • Bicep β€” Declarative IaC that compiles to ARM. Cleaner syntax than raw ARM JSON.
  • Azure PowerShell β€” Imperative scripting with Az modules. Good for procedural deployment steps.
  • Azure CLI β€” Cross-platform imperative command-line tool. Similar to PowerShell but Bash-friendly.
  • Terraform β€” Third-party IaC tool with Azure provider. Supports multi-cloud.

Deployment methods compared

Deployment Methods
MethodTypeIdempotent?Best For
Azure PortalInteractive (GUI)NoLearning, one-off deploys, troubleshooting
ARM templatesDeclarative (JSON)YesEnterprise IaC, CI/CD pipelines, compliance
BicepDeclarative (compiles to ARM)YesModern IaC β€” cleaner syntax than ARM JSON
Azure PowerShellImperative (scripting)No (unless coded)Procedural tasks, conditional logic, admin automation
Azure CLIImperative (command-line)No (unless coded)Cross-platform scripting, Bash environments
TerraformDeclarative (HCL)YesMulti-cloud, existing Terraform teams
πŸ’‘ Declarative vs imperative β€” what does the exam care about?

Declarative (ARM, Bicep, Terraform): You describe the desired end state. The engine figures out what to create, update, or skip. These are idempotent β€” run them twice, same result.

Imperative (PowerShell, CLI): You describe the steps to take. You control the sequence. NOT inherently idempotent β€” running twice might create duplicates unless you add checks.

The exam loves asking: β€œWhich deployment method ensures the environment matches a defined state?” β†’ Answer: ARM/Bicep (declarative, idempotent).

Deploying each platform

Azure SQL Database

Priya deploys a new Azure SQL Database for ScaleWave:

  1. Create a logical server (server-level firewall, admin login, Azure region)
  2. Create a database on that server (choose tier: DTU or vCore, size, backup redundancy)
  3. Optionally add it to an elastic pool for shared resources

Key settings at deployment:

  • Compute tier: Provisioned (always-on) or Serverless (auto-pause)
  • Service tier: General Purpose, Business Critical, or Hyperscale
  • Backup redundancy: Locally redundant (LRS), zone-redundant (ZRS), or geo-redundant (GRS)

Azure SQL Managed Instance

Kenji deploys MI for NorthStar’s migration:

  1. Create a virtual network and dedicated subnet (MI lives inside your VNet)
  2. Deploy the Managed Instance (choose tier, vCores, storage, time zone)
  3. First deployment can take 4-6 hours (subsequent operations are faster)

Key differences from SQL Database deployment:

  • MI requires a dedicated subnet β€” no other resources can share it
  • MI is deployed at the instance level, not individual database level
  • You can deploy multiple databases within one MI after creation

SQL Server on Azure VMs

Kenji also deploys a SQL VM for the legacy reporting server:

  1. Choose a VM image (Windows + SQL Server pre-installed from Azure Marketplace)
  2. Configure VM size (memory-optimised recommended for SQL workloads)
  3. Configure storage (Premium SSD or Ultra Disk, separate data/log/tempdb disks)
  4. Register with the SQL IaaS Agent extension for Azure portal management
ℹ️ SQL IaaS Agent extension β€” why it matters

The SQL IaaS Agent extension registers your SQL VM with Azure, unlocking:

  • Automated backups and patching via the Azure portal
  • Integration with Microsoft Defender for SQL
  • License management (pay-as-you-go or Azure Hybrid Benefit)
  • Storage configuration best practices

Without the extension, your SQL VM is just a generic VM to Azure β€” you lose all SQL-specific management features.

Hybrid SQL Server solutions

Not everything moves to Azure at once. Hybrid architectures bridge on-premises and cloud:

Hybrid SolutionWhat It Does
Azure Arc-enabled SQL ServerManage on-prem SQL instances from Azure portal (covered in Module 1)
SQL Server on Azure VMs + VPN/ExpressRouteSQL on VMs connected to on-prem network via site-to-site VPN or ExpressRoute
Azure SQL MI + VNet peeringMI in Azure VNet peered with on-prem network for seamless connectivity
Distributed Availability GroupsSpan an AG across on-prem and Azure VM SQL instances for DR
Log shippingShip transaction logs from on-prem to Azure (one-way, async)

Kenji’s hybrid approach: NorthStar migrates databases in waves. During migration, some databases stay on-prem while others run in MI. A site-to-site VPN connects both environments. Applications see all databases as if they were on the same network.

Patching and updates β€” who does what?

This is a favourite exam topic. Know who is responsible for patching on each platform:

PlatformOS PatchingSQL Engine PatchingYou Manage?
SQL DatabaseMicrosoftMicrosoftNo β€” fully automatic
Managed InstanceMicrosoftMicrosoftNo β€” you pick a maintenance window
SQL on Azure VMsYou (or Azure Update Manager)You (or automated patching)Yes β€” schedule via SQL IaaS extension
ℹ️ Azure Update Manager for SQL VMs

For SQL VMs, Azure Update Manager (formerly Update Management) automates OS and SQL patching:

  • Define maintenance windows (day, time, duration)
  • Apply patches during low-traffic periods
  • Reboot policy: always, never, or if required
  • Works across multiple VMs simultaneously

The SQL IaaS Agent extension integrates with Azure Update Manager to provide SQL-specific patching visibility and scheduling.

Tomas’s learning moment: His mentor Sam says: β€œThe more managed the service, the less patching you do. SQL Database = zero effort. MI = pick a window. SQL VM = you own the schedule and the risk.”

Question

What makes ARM/Bicep deployments idempotent?

Click or press Enter to reveal answer

Answer

Declarative templates describe the desired end state. The deployment engine compares current state to desired state and only makes necessary changes. Running the same template twice produces the same result without creating duplicates.

Click to flip back
Question

What is required before deploying Azure SQL Managed Instance?

Click or press Enter to reveal answer

Answer

A virtual network with a dedicated subnet. The MI subnet cannot contain any other resources. First deployment can take 4-6 hours.

Click to flip back
Question

What does the SQL IaaS Agent extension enable for SQL on Azure VMs?

Click or press Enter to reveal answer

Answer

Azure portal management of SQL VMs β€” automated backups, automated patching, Defender integration, license management, and storage configuration best practices.

Click to flip back
Question

Who is responsible for OS patching on each Azure SQL platform?

Click or press Enter to reveal answer

Answer

SQL Database: Microsoft (automatic). Managed Instance: Microsoft (you pick maintenance window). SQL on VMs: You β€” via Azure Update Manager or manual patching.

Click to flip back
Knowledge Check

Priya needs to deploy 15 identical Azure SQL databases across three Azure regions for a new product launch. Which deployment method should she choose?
Knowledge Check

Kenji's SQL Server on an Azure VM needs the latest cumulative update applied during a weekend maintenance window. What should he configure?

🎬 Video coming soon

Next up: Scale, Performance, and Compression β€” configure each Azure SQL platform for optimal scale, plus table partitioning and data compression.

← Previous

Choose Your Azure SQL Platform

Next β†’

Scale, Performance, and Compression

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.