πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided DP-300 Domain 4
Domain 4 β€” Module 3 of 4 75%
21 of 28 overall

DP-300 Study Guide

Domain 1: Plan and Implement Data Platform Resources

  • Choose Your Azure SQL Platform Free
  • Deploy and Configure Azure SQL Free
  • Scale, Performance, and Compression Free
  • Migration Planning: Online vs Offline Free
  • Execute and Troubleshoot Migrations Free

Domain 2: Implement a Secure Environment

  • Entra Authentication for Azure SQL
  • Security Principals, Permissions, and T-SQL
  • Encryption: TDE, Always Encrypted, and VBS Enclaves
  • Network Security: Firewalls, Private Links, and Endpoints
  • Data Classification and Auditing
  • Data Masking, Ledger, and Row-Level Security

Domain 3: Monitor, Configure, and Optimize Database Resources

  • Performance Baselines and Monitoring Tools
  • Database Watcher and Extended Events
  • Query Store: Configure and Monitor
  • Blocking, DMVs, and Execution Plans
  • Index and Query Optimization
  • Database Maintenance: Indexes, Statistics, and Integrity
  • Automatic Tuning and Performance Settings

Domain 4: Configure and Manage Automation of Tasks

  • Automation Landscape: What Runs Where
  • SQL Server Agent Jobs
  • Deploy with ARM, Bicep, PowerShell, and CLI
  • Elastic Jobs and Azure Automation

Domain 5: Plan and Configure an HA/DR Environment

  • HA/DR Strategy: RPO, RTO, and Architecture
  • Backup and Restore: Strategy and Native Tools
  • Point-in-Time Restore, LTR, and Cloud Backup
  • Geo-Replication and Failover Groups
  • Always On: Availability Groups and FCIs
  • Log Shipping and HA/DR Operations

DP-300 Study Guide

Domain 1: Plan and Implement Data Platform Resources

  • Choose Your Azure SQL Platform Free
  • Deploy and Configure Azure SQL Free
  • Scale, Performance, and Compression Free
  • Migration Planning: Online vs Offline Free
  • Execute and Troubleshoot Migrations Free

Domain 2: Implement a Secure Environment

  • Entra Authentication for Azure SQL
  • Security Principals, Permissions, and T-SQL
  • Encryption: TDE, Always Encrypted, and VBS Enclaves
  • Network Security: Firewalls, Private Links, and Endpoints
  • Data Classification and Auditing
  • Data Masking, Ledger, and Row-Level Security

Domain 3: Monitor, Configure, and Optimize Database Resources

  • Performance Baselines and Monitoring Tools
  • Database Watcher and Extended Events
  • Query Store: Configure and Monitor
  • Blocking, DMVs, and Execution Plans
  • Index and Query Optimization
  • Database Maintenance: Indexes, Statistics, and Integrity
  • Automatic Tuning and Performance Settings

Domain 4: Configure and Manage Automation of Tasks

  • Automation Landscape: What Runs Where
  • SQL Server Agent Jobs
  • Deploy with ARM, Bicep, PowerShell, and CLI
  • Elastic Jobs and Azure Automation

Domain 5: Plan and Configure an HA/DR Environment

  • HA/DR Strategy: RPO, RTO, and Architecture
  • Backup and Restore: Strategy and Native Tools
  • Point-in-Time Restore, LTR, and Cloud Backup
  • Geo-Replication and Failover Groups
  • Always On: Availability Groups and FCIs
  • Log Shipping and HA/DR Operations
Domain 4: Configure and Manage Automation of Tasks Premium ⏱ ~12 min read

Deploy with ARM, Bicep, PowerShell, and CLI

Automate Azure SQL deployment using ARM templates, Bicep, Azure PowerShell, and Azure CLI. Monitor and troubleshoot automated deployments.

Infrastructure as Code for Azure SQL

β˜• Simple explanation

Instead of clicking buttons in the Azure Portal, you write a recipe.

ARM/Bicep templates are like a blueprint β€” β€œI want a SQL server in East US with a 4-vCore database.” You hand it to Azure, and it builds exactly that. Run the same blueprint in another region, get the exact same result.

PowerShell and CLI are like verbal instructions β€” β€œFirst create the server, then create the database, then set the firewall.” More flexible, but you control each step.

Module 2 covered when to use each deployment method. This module covers how β€” practical implementation with templates and scripts, plus monitoring and troubleshooting deployments.

Bicep deployment

Bicep is Microsoft’s recommended IaC language for Azure (compiles to ARM JSON):

// deploy-sql.bicep β€” Azure SQL Database
param location string = resourceGroup().location
param serverName string
param databaseName string
param adminLogin string
@secure()
param adminPassword string

resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
  name: serverName
  location: location
  properties: {
    administratorLogin: adminLogin
    administratorLoginPassword: adminPassword
    minimalTlsVersion: '1.2'
  }
}

resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = {
  parent: sqlServer
  name: databaseName
  location: location
  sku: {
    name: 'GP_Gen5'
    tier: 'GeneralPurpose'
    capacity: 4
  }
  properties: {
    collation: 'SQL_Latin1_General_CP1_CI_AS'
    maxSizeBytes: 34359738368  // 32 GB
    zoneRedundant: false
    requestedBackupStorageRedundancy: 'Local'
  }
}

Deploy:

az deployment group create \
  --resource-group NorthStarRG \
  --template-file deploy-sql.bicep \
  --parameters serverName=northstar-sql databaseName=NorthStarERP \
               adminLogin=sqladmin adminPassword=<secure>

Azure PowerShell deployment

# Create a SQL server
New-AzSqlServer -ResourceGroupName "ScaleWaveRG" `
  -ServerName "scalewave-sql" `
  -Location "EastUS" `
  -SqlAdministratorCredentials (Get-Credential)

# Create a database
New-AzSqlDatabase -ResourceGroupName "ScaleWaveRG" `
  -ServerName "scalewave-sql" `
  -DatabaseName "TenantDB" `
  -Edition "GeneralPurpose" `
  -Vcore 4 `
  -ComputeGeneration "Gen5"

# Set firewall rule
New-AzSqlServerFirewallRule -ResourceGroupName "ScaleWaveRG" `
  -ServerName "scalewave-sql" `
  -FirewallRuleName "AllowOffice" `
  -StartIpAddress "203.0.113.10" `
  -EndIpAddress "203.0.113.10"

Azure CLI deployment

# Create a SQL server
az sql server create \
  --resource-group ScaleWaveRG \
  --name scalewave-sql \
  --location eastus \
  --admin-user sqladmin \
  --admin-password <secure>

# Create a database
az sql db create \
  --resource-group ScaleWaveRG \
  --server scalewave-sql \
  --name TenantDB \
  --edition GeneralPurpose \
  --capacity 4 \
  --compute-model Provisioned

# Set firewall rule
az sql server firewall-rule create \
  --resource-group ScaleWaveRG \
  --server scalewave-sql \
  --name AllowOffice \
  --start-ip-address 203.0.113.10 \
  --end-ip-address 203.0.113.10

Monitoring deployments

Azure Portal

  • Resource group β†’ Deployments β†’ view status, inputs, outputs, errors
  • Each Bicep/ARM deployment creates a deployment record

CLI / PowerShell

# Check deployment status
az deployment group show --resource-group NorthStarRG --name deploy-sql

# List all deployments
az deployment group list --resource-group NorthStarRG --output table

Common deployment failures

ErrorCauseFix
NameNotAvailableServer name already taken (globally unique)Choose a different name
QuotaExceededSubscription limit hit (vCores, servers)Request quota increase or use different region
InvalidParameterValueWrong SKU, tier, or capacity combinationCheck valid combinations in docs
AuthorizationFailedDeploying identity lacks RBAC permissionsGrant Contributor on the resource group
ConflictErrorResource already exists with different configUse incremental mode or delete existing first
πŸ’‘ Exam tip: declarative vs imperative troubleshooting
  • Bicep/ARM failures: Check the deployment record in the portal β€” it shows the exact resource and property that failed
  • PowerShell/CLI failures: Check the error output β€” often includes a correlation ID for support tickets
  • Idempotent retry: Bicep/ARM deployments can be rerun safely. PowerShell/CLI may create duplicates unless you add existence checks.
Question

What is the advantage of Bicep over raw ARM JSON?

Click or press Enter to reveal answer

Answer

Cleaner, more readable syntax (no JSON boilerplate). Bicep compiles to ARM templates β€” same deployment engine, same capabilities, but much easier to write and maintain.

Click to flip back
Question

Where do you check the status of a failed Bicep deployment?

Click or press Enter to reveal answer

Answer

Azure Portal: Resource group β†’ Deployments β†’ click the failed deployment to see error details. Or use az deployment group show --name <deployment-name>.

Click to flip back
Knowledge Check

Priya's Bicep deployment fails with 'QuotaExceeded β€” not enough vCore quota in East US.' What are her two options?

🎬 Video coming soon

Next up: Elastic Jobs and Azure Automation β€” run T-SQL across multiple databases and automate Azure resource management.

← Previous

SQL Server Agent Jobs

Next β†’

Elastic Jobs and Azure Automation

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.