Skip to main content
Before we begin the technical modules, review how the skills in this course map to the official AZ-700: Designing and Implementing Microsoft Azure Network Solutions certification. This page summarizes the exam structure, the relative weight of each domain, and the core topics you should master as an Azure Network Engineer. The AZ-700 exam is organized into five domains:
  • Design and implement core networking infrastructure
  • Design, implement, and manage connectivity services
  • Design and implement application delivery services
  • Design and implement private access to Azure services
  • Secure network connectivity to Azure resources
Each domain corresponds to practical, real-world skills Microsoft expects from a networking professional. The following sections describe each domain, highlight the key topics, and include visual references.

Exam domains at a glance

Domain (AZ-700)Approx. weightCore topics
Design and implement core networking infrastructure25–30%VNets and subnet design, Public IP SKUs, DNS and name resolution, VNet peering, routing (UDR, system routes, BGP), NAT Gateway / internet egress
Design, implement, and manage connectivity services20–25%VPN Gateway (S2S, P2S), ExpressRoute, Virtual WAN, hybrid connectivity patterns
Design and implement application delivery services15–20%Load Balancer (L4), Traffic Manager (DNS routing), Application Gateway (L7 + WAF), Front Door (global edge)
Design and implement private access to Azure services10–15%VNet service endpoints, Private Link, private endpoints
Secure network connectivity to Azure resources~Remaining %Network Security Groups, Azure Firewall design and policies, DDoS Protection, WAF configuration on App Gateway / Front Door
These weights guide how much emphasis to place on each topic while studying. Now we’ll examine each domain in more detail.

1) Core networking infrastructure (25–30%)

This is the largest domain and covers the foundational building blocks of Azure networking. Expect to design and implement scalable, secure network topologies. Key topics:
  • Azure Virtual Networks (VNets) and subnet design patterns
  • Public IP addressing and SKU decisions (basic vs. standard)
  • Name resolution and DNS design options
  • VNet peering and cross‑VNet connectivity
  • Routing: user-defined routes (UDRs), system routes, BGP
  • Internet egress patterns and source NAT using Azure NAT Gateway (Virtual NAT)
Mastery of these areas ensures you can build resilient, performant networking foundations in Azure.
A presentation slide titled "AZ-700 Certification: Topics" highlighting "Design and implement core networking infrastructure (25–30%)." It lists six Azure networking subtopics: Explore Azure Virtual Networks, Configure Public IPs, Design name resolution, Enable cross‑VNet connectivity, Implement traffic routing, and Configure internet access with Azure Virtual NAT.

2) Connectivity services (20–25%)

This domain focuses on connecting Azure to other networks and creating scalable transit topologies. Key topics:
  • Azure VPN Gateway: site-to-site and point-to-site configurations
  • Azure ExpressRoute: private connectivity to Microsoft and on-premises
  • Azure Virtual WAN: branch connectivity, hub-and-spoke, and transit patterns
  • Hybrid connectivity design choices and resiliency
Understanding these services prepares you to design secure, high-performance hybrid networks and global connectivity.
A presentation slide titled "AZ-700 Certification: Topics" highlighting "Design, implement, and manage connectivity services (20–25%)." It lists subtopics: Azure VPN gateway, Azure ExpressRoute, Azure Virtual WANs for remote resources, and hybrid connectivity methods.

3) Application delivery services (15–20%)

This domain is about reliable, high-performance delivery and global distribution of applications. Key topics:
  • Azure Load Balancer (Layer 4)
  • Azure Traffic Manager (DNS-based traffic routing)
  • Azure Application Gateway (Layer 7, WAF-capable)
  • Azure Front Door (global edge routing, caching, acceleration)
These services are used together to build resilient, globally distributed application architectures.
A presentation slide for the AZ-700 certification showing the topic "Design and implement application delivery services (15–20%)". It lists subtopics: Azure Load Balancer, Azure Traffic Manager, Azure Application Gateway, and Azure Front Door (© KodeKloud).

4) Private access to Azure services (10–15%)

This domain covers methods to ensure traffic to PaaS services remains private within your virtual networks. Key topics:
  • Virtual Network service endpoints
  • Azure Private Link and private endpoints
Use these features to avoid Internet egress and reduce exposure of PaaS endpoints to the public internet.
A presentation slide titled "AZ-700 Certification: Topics" with a purple banner reading "Design and implement private access to Azure services (10–15%)." It lists two subtopics: Virtual Network Service Endpoints and Private Link Services and Private Endpoints (© KodeKloud).

5) Secure network connectivity

This domain ensures your Azure network design defends against threats and enforces controls. Key topics:
  • Network Security Groups (NSGs) and how rules are evaluated
  • Azure Firewall architecture, policy management, and logging
  • DDoS Protection plans and tuning for applications
  • Web Application Firewall (WAF) configuration on Application Gateway and Front Door
Security is woven into every design decision; be ready to justify trade-offs between manageability, cost, and protection. So that’s the AZ-700 certification roadmap: practical domains mapped to exam objectives. Successfully completing the exam demonstrates you can design, secure, and operate Azure networking solutions at enterprise scale. For detailed requirements and to schedule the exam, visit the official certification page.
A screenshot of a Microsoft Learn page titled "Practice for the exam" for an Azure certification, showing sections for a practice assessment and an exam sandbox. It includes buttons labeled "Take the practice assessment" and "Launch the sandbox" and mentions the AZ-700 course.
Useful resources:
Use the Microsoft Learn practice assessment and sandbox to simulate exam conditions and get hands‑on experience. These tools are excellent for validating your knowledge before scheduling the real exam.
You can schedule the AZ-700 exam from the certification page. The base price is USD 165 (varies by country/region and local taxes).
A screenshot of a Microsoft Learn certification webpage (Azure Network Engineer Associate) showing a "Schedule exam" button and the exam price ($165 USD). The page also displays sections titled "Renew your certification" and "Certification resources" with links to study guides and support.
Final exam tip about the test environment: The exam allows access to Microsoft documentation via a side panel inside the exam interface. Use this embedded Docs/ Learn pane to confirm feature limits, SKU capacities, and exact syntax — even experienced engineers reference it during the test.
Do not pop out the Microsoft Learn/Docs pane during the exam. Use the side-by-side split view provided in the test interface. Popping out the documentation window has caused issues for some candidates in the past.
Study plan checklist
  • Review each domain and focus study time according to domain weight.
  • Practice labs that exercise VNets, routing, connectivity, and security features.
  • Use the Microsoft Learn sandbox and practice assessments.
  • Familiarize yourself with service limits and SKU differences in the Docs pane.
Practice consistently, use the resources linked above, and you’ll be prepared to earn the AZ-700 certification and work confidently as an Azure Network Engineer.

Watch Video