AZ-800 Study Guide: Managing Hybrid Core Infrastructure in Windows Server

The AZ-800 exam, titled Administering Windows Server Hybrid Core Infrastructure, is one of two exams required to earn the Windows Server Hybrid Administrator Associate certification, the other being AZ-801. Microsoft designed this credential for IT professionals who manage on-premises Windows Server environments alongside Azure services, reflecting the reality that most enterprise organizations operate in a hybrid state rather than being fully cloud-native or fully on-premises. The exam validates practical competence across a wide range of Windows Server administration tasks, with particular emphasis on how traditional server workloads integrate with Azure management services.

Candidates approaching this exam should already possess working experience with Windows Server in a production context. The exam assumes familiarity with core concepts including Active Directory Domain Services, DNS, DHCP, file services, storage management, Hyper-V virtualization, and basic networking. It does not teach these subjects from scratch but tests the ability to apply them in hybrid scenarios that combine on-premises infrastructure with Azure Arc, Azure Monitor, Azure Backup, Azure Site Recovery, and related cloud services. Candidates who approach AZ-800 without hands-on server administration experience tend to struggle significantly, because the question format is scenario-based and rewards applied judgment over memorized facts.

Active Directory Domain Services Administration and Deployment

Active Directory Domain Services remains the identity backbone of the vast majority of Windows Server environments, and the AZ-800 exam places substantial weight on its administration. Candidates must understand how to deploy new domain controllers, including the specific roles and features that must be installed before promoting a server, the options available during the promotion process such as domain functional level selection and DNS delegation, and the implications of placing domain controllers in different sites. The exam also covers read-only domain controllers, which are deployed in branch offices or locations with limited physical security, and the specific configuration differences between writable and read-only controllers.

Active Directory replication is another area the exam probes in depth. Candidates should understand how the Knowledge Consistency Checker automatically generates replication topology, how to manually create connection objects when the automatic topology is insufficient, and how to monitor replication health using tools such as repadmin and the Active Directory Replication Status Tool. Flexible Single Master Operation roles, commonly called FSMO roles, are a persistent exam topic because misplacement or loss of these roles produces specific, diagnosable failure patterns. Candidates should know which FSMO roles exist, which domain controller holds them by default, how to transfer them gracefully, and how to seize them when the current role holder is unrecoverable.

Group Policy Management Across Domains and Sites

Group Policy is the primary mechanism for enforcing configuration standards, security baselines, and software deployment across Active Directory environments. The AZ-800 exam tests Group Policy in considerable depth, covering both the mechanics of policy processing and the practical skills required to design, implement, and troubleshoot Group Policy Objects in enterprise environments. Candidates should understand the order in which Group Policy Objects are applied, the effect of blocking inheritance and enforcing links, and how security filtering and WMI filtering control which computers and users receive specific policies.

Troubleshooting Group Policy is a skill the exam assesses through scenario-based questions that present a symptom and ask for the most appropriate diagnostic step. The gpresult command and the Group Policy Results and Modeling wizards in the Group Policy Management Console are the primary tools for this purpose, and candidates should be comfortable interpreting their output. Understanding the difference between computer configuration and user configuration policy settings, and knowing which half of a policy applies in loopback processing scenarios, is particularly important for questions involving terminal server or kiosk environments where user settings must be overridden by computer-based policy regardless of which user account is logged in.

DNS Server Configuration and Zone Management

DNS is foundational infrastructure for Active Directory and for network connectivity broadly, making it one of the most heavily tested topics on AZ-800. The exam covers DNS server installation and configuration, zone creation and management, resource record types, and the specific DNS requirements that Active Directory relies upon. Candidates must understand the difference between primary, secondary, and stub zones, how Active Directory-integrated zones replicate through the Active Directory database rather than through traditional zone transfers, and the replication scope options available for integrated zones including domain-wide and forest-wide application partitions.

Conditional forwarders and DNS policies are advanced configuration topics that appear in exam scenarios involving split-brain DNS, where internal and external clients must receive different responses to the same DNS query. DNS aging and scavenging is another topic that produces real operational problems when misconfigured, causing either stale records to accumulate or valid records to be prematurely deleted. Candidates should understand how aging is configured at both the zone and server level and what the no-refresh and refresh interval settings control. DNSSEC, which provides cryptographic validation of DNS responses, appears in security-focused scenarios and requires understanding of zone signing, trust anchor distribution, and the Name Resolution Policy Table used to enforce DNSSEC validation on client systems.

DHCP Server Deployment and Failover Configuration

Dynamic Host Configuration Protocol server administration covers a smaller portion of the exam than DNS or Active Directory but includes topics that require precise knowledge to answer correctly. The exam tests DHCP scope creation and configuration, including the definition of address ranges, exclusions, reservations, and scope options such as default gateway and DNS server assignments. Superscopes and multicast scopes address specific scenarios involving multiple subnets or multicast applications, and candidates should understand when each is appropriate.

DHCP failover is the mechanism that provides high availability for DHCP services without requiring a clustered configuration. Two DHCP servers can be configured in either hot standby or load sharing mode. In hot standby mode, one server handles all client requests under normal conditions while the other takes over if the primary becomes unavailable. In load sharing mode, both servers actively respond to client requests according to a configurable ratio. The exam tests the configuration parameters involved in failover relationships, including the maximum client lead time setting that controls how long a failover partner will continue to honor leases after losing contact with its partner. DHCP authorization in Active Directory, which prevents rogue DHCP servers from operating in a domain environment, is a security topic that also appears in exam scenarios.

Implementing and Managing Storage Solutions

Storage management in Windows Server spans several technologies that the AZ-800 exam addresses across multiple scenario types. Storage Spaces and Storage Spaces Direct provide software-defined storage capabilities that allow organizations to build resilient storage pools from commodity disk hardware. Candidates should understand the resiliency options available in Storage Spaces, including simple, mirror, and parity configurations, and the trade-offs each makes between performance, capacity efficiency, and fault tolerance. Storage Spaces Direct extends this capability to hyper-converged infrastructure scenarios where compute and storage are combined on the same physical hosts.

iSCSI is a block storage protocol that allows servers to access storage devices over standard Ethernet networks as if they were locally attached disks. The exam tests iSCSI configuration on both the target side, where storage is presented, and the initiator side, where it is consumed. Configuring iSCSI Qualified Names, establishing initiator-to-target connections, and managing CHAP authentication for iSCSI sessions are all within scope. Distributed File System Namespaces and DFS Replication allow organizations to present a unified namespace for shared folders distributed across multiple servers and to keep folder contents synchronized between locations. DFS Replication topology design, replication group configuration, and troubleshooting replication backlogs appear regularly in exam scenarios involving branch office file access and business continuity requirements.

Hyper-V Virtualization and Virtual Machine Management

Hyper-V is Windows Server’s built-in hypervisor, and managing virtual machine infrastructure is a core component of the AZ-800 exam. Candidates should be comfortable with the full lifecycle of virtual machine management including creation, configuration, checkpointing, live migration, and storage migration. Virtual switch configuration is a prerequisite topic, covering the three switch types available in Hyper-V, external, internal, and private, and the network isolation implications of each. Virtual machine generation selection, specifically the difference between Generation 1 and Generation 2 virtual machines, affects boot firmware, disk format compatibility, and secure boot support in ways that exam questions frequently probe.

Live migration allows running virtual machines to be moved between Hyper-V hosts without service interruption, and the exam tests both the configuration prerequisites and the specific steps involved in initiating and monitoring migrations. Hyper-V Replica provides asynchronous replication of virtual machines to a secondary host or site, serving as a disaster recovery mechanism for virtualized workloads. Candidates should understand how to configure replication relationships, the recovery point options available, and how to perform planned and unplanned failovers. Nested virtualization, which enables Hyper-V to run inside a virtual machine, appears in scenarios involving lab environments and certain container workloads.

Implementing Windows Server Containers

Containers represent a more lightweight form of workload isolation than full virtual machines, and their management in Windows Server is an increasingly relevant skill that AZ-800 addresses. Windows Server supports two container isolation modes. Process isolation runs containers sharing the host operating system kernel, providing high density and fast startup times but requiring that the container image’s operating system version match the host. Hyper-V isolation runs each container inside a lightweight virtual machine, providing stronger isolation and relaxing the version matching requirement at the cost of additional overhead.

Docker is the primary toolset used to manage Windows Server containers, and candidates should be comfortable with the commands used to pull images, create and start containers, manage container networking, and persist data through volume mounts. The exam also covers Windows Admin Center as a management interface for container operations on Windows Server hosts. Container networking involves several modes including NAT, transparent, and overlay, each appropriate for different deployment scenarios. Understanding how containers connect to external networks and how port mapping works in NAT mode is tested through practical scenario questions that present a connectivity requirement and ask for the correct configuration.

Integrating On-Premises Servers With Azure Arc

Azure Arc is the technology that extends Azure management capabilities to servers running outside of Azure, whether on-premises or at other cloud providers. It is a central theme of the AZ-800 exam because it represents the hybrid management paradigm that the entire certification is built around. When a Windows Server is connected to Azure Arc, it becomes visible and manageable through the Azure portal alongside native Azure resources, and Azure services such as Policy, Monitor, Defender for Cloud, and Update Manager can be applied to it consistently with how they apply to Azure virtual machines.

Onboarding servers to Azure Arc requires installing the Azure Connected Machine agent, which can be done interactively for individual servers or at scale using scripts, Azure Automation, or Group Policy. The exam tests both the onboarding process and the ongoing management capabilities that Arc enables, including applying Azure Policy guest configuration assignments to enforce settings on Arc-connected servers, using Azure Monitor to collect performance and event data, and deploying extensions such as the Log Analytics agent, the Dependency agent, and the Azure Monitor agent through the Arc management plane. Candidates should understand the network requirements for Arc connectivity, including the specific Azure endpoints that the Connected Machine agent must be able to reach and the options for routing agent traffic through a proxy server.

Azure Monitor and Log Analytics for Hybrid Environments

Operational visibility across a hybrid environment requires collecting and analyzing data from both Azure resources and on-premises servers in a unified platform. Azure Monitor, with Log Analytics workspaces as its data store, provides this capability and is tested throughout the AZ-800 exam in the context of monitoring Windows Server infrastructure. Candidates should understand how to configure data collection rules that specify which performance counters and event log channels are collected from monitored servers and how frequently data is sampled.

Kusto Query Language, commonly called KQL, is the query language used to analyze data stored in Log Analytics workspaces, and the exam expects basic familiarity with its syntax. Candidates will not be asked to write complex multi-stage queries from memory, but they should be able to interpret queries presented in exam scenarios and understand what data they return. Azure Monitor Alerts allow administrators to define conditions that trigger notifications or automated responses when specific thresholds are breached or specific events occur. Configuring alert rules, action groups, and notification channels for Windows Server health events is within the exam scope and reflects a standard operational practice in hybrid environments.

Azure Backup and Recovery for On-Premises Workloads

Protecting on-premises Windows Server workloads with Azure Backup is a significant topic area in AZ-800. The Microsoft Azure Recovery Services agent, also known as the MARS agent, enables backup of files, folders, and system state from Windows Server directly to an Azure Recovery Services vault without requiring any additional on-premises infrastructure. Candidates should understand how to install and configure the MARS agent, how to define backup schedules and retention policies, and how to perform both full and item-level restores from cloud backups.

Azure Backup Server provides a more comprehensive on-premises backup solution that can protect entire workloads including Hyper-V virtual machines, SQL Server databases, SharePoint farms, and Exchange servers, with recovery points stored locally and optionally replicated to Azure for long-term retention. The exam distinguishes between scenarios appropriate for the MARS agent and scenarios that require Azure Backup Server, and candidates should be able to match backup requirements to the correct solution. Recovery Services vault configuration including redundancy options, soft delete settings, and cross-region restore capabilities are also within scope, as are the specific steps involved in registering on-premises backup sources with a vault.

Azure Site Recovery for Disaster Recovery Planning

Azure Site Recovery provides disaster recovery capabilities for both physical servers and virtual machines, replicating workloads to Azure so that they can be failed over in the event of an on-premises outage. The AZ-800 exam covers Azure Site Recovery in the context of protecting Hyper-V virtual machines and physical Windows Server workloads. Candidates should understand the replication architecture, including the components that must be deployed on-premises such as the configuration server for physical machine replication and the Site Recovery provider for Hyper-V scenarios.

Recovery plans are an important concept that the exam tests in detail. A recovery plan defines the order in which protected workloads are failed over during a disaster recovery event, including the ability to add manual steps and automated scripts at specific points in the sequence. This sequencing is critical for workloads with dependencies, such as database servers that must be available before application servers begin their failover. Test failovers, which allow administrators to validate recovery plans without affecting production replication, are a best practice that the exam addresses through questions about how to conduct and clean up after a test failover operation.

Conclusion

A structured preparation approach for AZ-800 should begin with an honest assessment of existing knowledge across the topics the exam covers. Candidates with deep Active Directory and networking experience may need less preparation on those topics and should redirect study time toward hybrid integration areas such as Azure Arc, Azure Monitor, and Azure Backup where on-premises administrators may have less practical exposure. The official Microsoft Learn path for AZ-800 maps directly to the skills measured and provides a reliable framework for ensuring that no major topic area is overlooked.

Hands-on practice is particularly valuable for this exam because many questions present operational scenarios that require judgment built through actual experience rather than memorization. Setting up a lab environment with Windows Server virtual machines, configuring Active Directory with multiple sites and domain controllers, deploying Hyper-V and testing live migration, and connecting servers to Azure Arc using a trial Azure subscription all build the practical mental models that scenario-based questions test. Practice exams help identify specific knowledge gaps and build comfort with the question format, but they are most effective when used after substantive study rather than as a substitute for it. Combining structured content review with regular lab practice and periodic assessment through practice tests represents the preparation strategy best aligned with the competencies the AZ-800 exam is designed to verify.