HomeTrainingDevOps — Azure Track
Cloud & DevOps Series · Microsoft Azure · 4–5 Week Core + 6 Advanced Tracks

DevOps Training
Azure Track
— Islamabad 2026

Azure is the cloud platform of enterprise — banks, telecoms, government agencies, and large software vendors worldwide have standardised on Microsoft Azure. This program builds the DevOps foundation every Azure cloud engineer needs on a 4–5 week core, with six specialist add-on tracks covering AKS, security, serverless, platform engineering, AI/ML infrastructure, and SRE.

Core Duration
4–5 Weeks
👥
Seats / Batch
5 Maximum
☁️
Platform
Microsoft Azure
📍
Location
Islamabad + Online
🎓
Cert Aligned
AZ-104 + AZ-400 + more
📲 Book via WhatsApp View Full Curriculum ↓
Core Stack 🔵 Azure 🏗️ Bicep 🏗️ Terraform ⚙️ Azure DevOps Pipelines ⚙️ GitHub Actions 🐋 Docker / ACR 🔐 Entra ID / KV 📊 KQL / Monitor 📋 KQL Mastery ☸️ AKS (Track 1) 🧠 Azure OpenAI (Track 5)

🎓 Program Overview

Azure is the dominant cloud platform in enterprise IT — the majority of large Pakistani IT firms and their international enterprise clients run on Azure, making it the most commercially relevant cloud for the local outsourcing market. Microsoft Entra ID, Azure DevOps Pipelines, Bicep, and AKS are deeply embedded in enterprise workflows — knowing them is a prerequisite for corporate DevOps roles targeting international enterprise clients.

The core program builds the Azure DevOps foundation in 4–5 weeks. Six specialist advanced tracks — each 2–3 additional weeks — let students go deep on AKS, security (Sentinel, Defender, DevSecOps), serverless (Functions, Durable, APIM), platform engineering (Landing Zones, Backstage, FinOps), Azure AI/ML infrastructure, or SRE with Chaos Studio.

🔷 Azure vs AWS — Why the Enterprise Market Chooses Azure
Both clouds offer
Kubernetes (EKS vs AKS), containers, serverless, IaC
CI/CD pipelines, container registries, managed DBs
Security, observability, and cost management tooling
Azure uniquely owns
Microsoft Entra ID — the identity backbone of 95% of enterprise
Azure DevOps — deeply embedded in enterprise .NET/Microsoft shops
Bicep — Microsoft's native IaC replacing ARM (enterprise standard)
Azure OpenAI Service — enterprise AI on the Microsoft platform
GitHub ownership — Azure + GitHub Actions is one tightly integrated platform
📐 Program Structure — Core + Choose Your Azure Specialisation
Core (4–5 wks)
Linux, Docker, ACR, Azure services, Bicep + Terraform, Azure DevOps Pipelines, GitHub Actions, Container Apps + App Service deployments, Azure Monitor + KQL, Security, Cost Management · Aligned with AZ-104 + AZ-900
Track 1
Kubernetes & AKS — 3 weeks · Helm, Flux, ArgoCD, Workload Identity, KEDA, Istio, OPA Gatekeeper · Aligned with CKA
Track 2
Security & Compliance Engineering — 2 weeks · Sentinel, Defender, DevSecOps pipeline, Notation, SBOM, PIM · Aligned with AZ-500 + SC-200
Track 3
Serverless & Event-Driven Architecture — 2 weeks · Functions, Durable Functions, APIM, Event Grid, Service Bus, Event Hubs · Aligned with AZ-204
Track 4
Platform Engineering & Advanced IaC — 2 weeks · Azure Landing Zones, Bicep registry, Backstage, Deployment Environments, FinOps · Aligned with AZ-400 + AZ-305
Track 5
Azure AI & ML Infrastructure — 2 weeks · Azure OpenAI Service, AI Studio, AML, Databricks, Synapse, MLOps pipelines · Aligned with AI-102 + DP-100
Track 6
SRE & Advanced Observability — 2 weeks · Managed Prometheus, Managed Grafana, KQL mastery, Chaos Studio, SLOs · Aligned with AZ-400 advanced

💡 Why Azure DevOps in 2026

Azure is the dominant cloud platform in enterprise IT — the majority of large Pakistani IT firms and their international clients run on Azure, making it the most commercially relevant cloud for the outsourcing market
Microsoft Entra ID (formerly Azure Active Directory) is the identity backbone of most enterprise organisations — Azure DevOps engineers who understand identity are immediately valuable anywhere
Azure DevOps (Pipelines, Repos, Boards, Artifacts) is deeply embedded in enterprise development workflows — knowing it is a prerequisite for many corporate DevOps roles
GitHub Actions is now Microsoft-owned and deeply integrated with Azure — engineers who know both have a significant advantage in enterprise environments
Bicep is Microsoft's official IaC language for Azure — clean, concise, and the replacement for ARM templates that enterprises are actively migrating to
Azure's AI platform (Azure OpenAI Service, Azure AI Studio, Azure Machine Learning) is the enterprise default for AI workloads — creating massive demand for engineers who can provision and operate this infrastructure
AZ-104, AZ-400, and AZ-305 certifications are among the most widely recognised in Pakistan's IT job market — this program aligns directly with all three

📚 Core Program — 4 to 5 Weeks

W1
Week 1
Linux, Networking, Azure CLI & Shell Automation
12 topics · The OS layer everything Azure sits on

Every Azure VM, every AKS node, every GitHub Actions runner, and every Azure Container App runs on Linux. This week builds the OS and networking knowledge underpinning all Azure infrastructure — plus Azure CLI fluency from day one.

  1. Linux fundamentals: process management, systemd, file permissions, user management, and /proc + /sys virtual filesystems
  2. Shell scripting in Bash: variables, conditionals, loops, functions, error handling with set -euo pipefail — production-grade Azure automation scripts
  3. Text processing tools: grep, awk, sed, jq for JSON (essential for Azure CLI output), and yq for YAML — the DevOps data transformation toolkit
  4. Networking fundamentals: TCP/IP, CIDR notation, routing tables, DNS resolution, NAT, and packet flow through an Azure Virtual Network
  5. Linux networking tools: ip, ss, curl, dig, nslookup, tcpdump, and nc — debugging connectivity in Azure VNet environments
  6. TLS/SSL: how certificates work, the certificate chain, and inspecting with openssl — essential for Azure Application Gateway and App Service SSL
  7. SSH: key generation, SSH config files, agent forwarding, and hardening — managing Azure Linux VMs securely
  8. Azure CLI (az): installing, authenticating with service principals and Managed Identity, scripting resource operations, and querying with --query and JMESPath
  9. PowerShell for Azure (Az module): Get-AzResource, New-AzResourceGroup, and common administrative cmdlets for Windows-centric enterprise environments
  10. Git advanced workflows: rebasing, cherry-picking, reflog — working effectively with Azure Repos and GitHub in enterprise teams
  11. Python for Azure automation: azure-mgmt Python SDK, subprocess, pathlib, and argparse for complex infrastructure automation
  12. Azure Portal efficiency: navigating the portal effectively alongside CLI — no console-only workflows
W2
Week 2
Docker & Containers — From Internals to ACR
12 topics · Every Azure container service runs Docker images
+

Containers are the unit of deployment across every Azure container service — ACI, Container Apps, AKS, and App Service. This week covers Docker from OS fundamentals through production builds optimised for Azure Container Registry.

  1. Container fundamentals: Linux namespaces, cgroups, and the kernel features that make containers possible — what Azure Container Instances actually runs
  2. Docker architecture: Docker daemon, containerd, runc, image layers, and the OverlayFS union filesystem
  3. Writing production Dockerfiles: multi-stage builds, minimal base images (distroless, alpine, scratch), non-root users, and build cache optimisation
  4. Docker image security: scanning with Trivy and Microsoft Defender for Containers — removing secrets from build context, and .dockerignore
  5. Docker networking: bridge, host, overlay drivers — inter-container communication and Azure VNet integration
  6. Docker volumes: bind mounts vs named volumes, and mapping to Azure Files shares for persistent container storage
  7. Docker Compose: multi-container local development stacks — health checks, depends_on, and environment files
  8. Azure Container Registry (ACR): creating registries, pushing/pulling, geo-replication, repository permissions, and ACR Tasks for automated builds
  9. ACR vulnerability scanning: Microsoft Defender for Containers integration — continuous image assessment
  10. Multi-platform builds with buildx: ARM64 + AMD64 images for Azure's Ampere-based Dsv5 VMs
  11. Container image tagging strategies: semver tags, Git SHA tags, and immutable tags for production registries
  12. Docker in Azure DevOps Pipelines and GitHub Actions: layer caching strategies, parallel builds, and pushing to ACR from CI
W3
Week 3
Azure Core Services & IaC — Bicep & Terraform
24 topics · Azure provisioned as code, not clicks
+

Azure from a DevOps engineer's perspective — provisioning everything as code with Bicep and Terraform, with proper network topology, identity architecture, and security from the start.

Azure Fundamentals for DevOps
  1. Azure resource model: subscriptions, resource groups, management groups, and the ARM hierarchy
  2. Azure Virtual Network: subnets, route tables, NSGs, Application Security Groups, VNet peering, and Private Endpoints
  3. Azure Virtual Machines: VM sizes, VM Scale Sets, Spot VMs, Azure Image Builder, and VM extensions for automation
  4. Azure Load Balancer vs Application Gateway vs Front Door: Layer 4 vs Layer 7 — WAF integration and SSL offloading
  5. Azure Storage: Blob (Hot/Cool/Cold/Archive), Azure Files, Azure Queues, and storage security (private endpoints, SAS tokens, Managed Identity)
  6. Azure SQL Database and Azure Database for PostgreSQL: managed databases — geo-replication, elastic pools, and point-in-time restore
  7. Azure Cache for Redis: tiers, clustering, geo-replication, and Entra ID authentication
  8. Microsoft Entra ID: tenants, service principals, Managed Identities (system-assigned and user-assigned), app registrations, and RBAC assignments
  9. Azure RBAC: built-in roles, custom role definitions, and role assignments at management group, subscription, resource group, and resource scopes
  10. Azure DNS: public and private DNS zones, DNS private resolver, and split-horizon DNS patterns
  11. Azure Key Vault: secrets, keys, and certificates — RBAC vs access policies, Key Vault Firewall, and Private Endpoints
IaC — Bicep & Terraform
  1. Bicep fundamentals: the Azure-native IaC language — resources, parameters, variables, outputs, and the Bicep-to-ARM relationship
  2. Bicep modules: reusable, versioned building blocks — VNet, AKS, and App Service modules shared across projects
  3. Bicep deployment scopes: resource group, subscription, management group, and tenant deployments
  4. Bicep parameter files and bicepparam: environment-specific configuration for dev, staging, and production
  5. What-if deployments: previewing Bicep changes before applying — the Bicep equivalent of Terraform plan
  6. Azure Deployment Stacks: the new native mechanism for managing Bicep deployments as a single lifecycle unit
  7. Terraform with the AzureRM provider: provisioning Azure resources with Terraform — the multi-cloud IaC standard
  8. Terraform state on Azure: Azure Blob Storage backend + state locking with Azure Blob lease
  9. Terraform modules for Azure: Azure Verified Modules library — reusable VNet, AKS, and App Service modules
  10. Bicep vs Terraform decision framework: Microsoft-first argument for Bicep vs multi-cloud portability of Terraform
  11. Checkov and tfsec for Azure: static analysis of Bicep and Terraform code for Azure security misconfigurations
  12. Terragrunt: DRY Terraform configurations across multiple Azure environments
W4
Week 4
CI/CD — Azure DevOps Pipelines & GitHub Actions
21 topics · Both platforms, fully covered
+

From code commit to production deployment on Azure Container Apps and App Service — automated, secure, and repeatable. Both Azure DevOps Pipelines and GitHub Actions are covered because enterprise environments use both.

Azure DevOps Pipelines in Depth
  1. Azure DevOps organisation: projects, repos, pipelines, artifacts, boards, and test plans — the full enterprise platform
  2. YAML pipelines: stages, jobs, steps, triggers, and the pipeline execution model
  3. Pipeline agents: Microsoft-hosted agents (Ubuntu/Windows/macOS), self-hosted agents on Azure VMs, and Azure VMSS agents for cost-efficient elastic capacity
  4. Service connections: connecting Azure DevOps to Azure subscriptions, ACR, GitHub — Workload Identity Federation for keyless authentication
  5. Variable groups and Azure Key Vault integration: storing pipeline secrets in Key Vault and referencing them without embedding values in YAML
  6. Pipeline templates: reusable stage, job, and step templates in a central repository — the enterprise pipeline library pattern
  7. Environments and deployment gates: manual approval, automated quality gates, and deployment history per environment
  8. Azure Artifacts: internal npm, NuGet, Python, Maven, and Universal Package feeds
  9. Pipeline security: branch policies, required reviewers for pipeline changes, and least-privilege service connection permissions
GitHub Actions for Azure
  1. GitHub Actions architecture: workflows, jobs, steps, runners, and the event model
  2. Azure OIDC login: passwordless authentication from GitHub Actions to Azure using Workload Identity Federation — no stored client secrets
  3. Azure-specific GitHub Actions: azure/login, azure/arm-deploy, azure/container-apps-deploy, azure/aks-set-context, and azure/webapps-deploy
  4. Reusable workflows and composite actions: shared GitHub Actions library for Azure deployments across multiple repositories
  5. GitHub Environments with Azure: deployment protection rules, required reviewers, and environment secrets per Azure environment
  6. Self-hosted GitHub Actions runners on Azure Container Instances or VM Scale Sets for private network access
Azure Deployment Targets
  1. Azure Container Apps: the recommended serverless container platform — environments, revisions, replicas, traffic splitting, and KEDA-based scaling
  2. Azure App Service: PaaS web hosting — deployment slots, blue/green, auto-scaling, and custom domains
  3. Azure Container Instances: ephemeral containers for CI/CD jobs and batch processing
  4. Complete CI/CD pipeline: code push → Trivy scan → Docker build → ACR push → Bicep what-if → Bicep deploy → Container Apps update → health check → Slack notify
  5. Rollback strategy: Container Apps revision-based rollback and App Service slot swap reversal
  6. Lambda equivalents on Azure: Azure Functions deployment from Pipelines — Zip deploy and container-based Functions
W5
Week 5
Azure Monitor (KQL), Security & Cost Management
29 topics · The three operational disciplines of Azure engineering
+

The three concerns that occupy most of a working Azure DevOps engineer's week: understanding what systems are doing with KQL, keeping them secure and compliant, and controlling the Azure bill.

Observability with Azure Monitor & KQL
  1. Azure Monitor architecture: the unified observability platform — metrics, logs, traces, alerts, and dashboards in one system
  2. Log Analytics workspace: the central log store — diagnostic settings, and querying with KQL (Kusto Query Language)
  3. KQL in depth: where, project, summarize, extend, join, render, and time-series analysis — the most important Azure skill for SRE and DevOps
  4. Application Insights: APM — request tracking, dependency tracking, exception logging, custom events, and the Live Metrics stream
  5. Azure Monitor Metrics: platform metrics, custom metrics, and metric alerts with dynamic thresholds
  6. Azure Monitor Alerts: metric alerts, log query alerts, activity log alerts, and action groups (email, webhook, Azure Function, Logic App)
  7. Azure Dashboards and Workbooks: parameterised, interactive operational reports
  8. Container Insights: AKS and Container Apps monitoring — CPU/memory per pod, node status, and live container logs
  9. OpenTelemetry with Azure Monitor: the Azure Monitor OpenTelemetry Distro — exporting OTel traces, metrics, and logs to Application Insights
  10. Distributed tracing: end-to-end trace correlation across Container Apps, App Service, and Azure Functions
Azure Security Fundamentals
  1. Azure Key Vault in production: secrets rotation, Key Vault references in App Service and Container Apps, and audit logging
  2. Managed Identity in practice: assigning user-assigned Managed Identities to Container Apps, VMs, and Functions — eliminating stored credentials
  3. Microsoft Defender for Cloud: Secure Score, security recommendations, and defender plans for containers, VMs, and SQL
  4. Microsoft Defender for Containers: runtime threat protection for AKS and Container Apps — vulnerability assessment and anomaly detection
  5. Azure Policy: compliance rules — built-in policy definitions, custom policies, and policy initiatives
  6. Private Endpoints: removing public internet exposure for SQL, Storage, Key Vault, ACR, and other PaaS services
  7. Azure Firewall: managed network security — application rules, network rules, and threat intelligence-based filtering
  8. Shift-left security in pipelines: Trivy, Checkov, Semgrep, OWASP Dependency-Check, and Microsoft Security DevOps extension
  9. Microsoft Entra ID Conditional Access: enforcing MFA, device compliance, and location-based access for Azure DevOps and GitHub
Azure Cost Management
  1. Azure Cost Management + Billing: cost analysis, cost allocation by resource group and tag, and invoice downloads
  2. Tagging strategy: mandatory cost allocation tags (environment, team, project, owner) enforced via Azure Policy
  3. Azure Budgets: budget alerts and automated actions — stopping or deallocating resources when thresholds are exceeded
  4. Azure Advisor: cost recommendations — rightsizing VMs, deleting unused resources, and Reserved Instance opportunities
  5. Azure Reserved Instances and Savings Plans: 1 or 3-year commitments — 30–72% savings over pay-as-you-go
  6. Azure Spot VMs: using spot for CI/CD agents, batch jobs, and fault-tolerant stateless workloads
  7. Container Apps and App Service scaling to zero: eliminating idle costs for non-production environments
  8. Azure Storage cost optimisation: lifecycle management policies, Blob access tier transitions
  9. Private Endpoint vs Service Endpoint pricing: understanding the cost implications of different network security approaches
  10. FinOps principles applied to Azure: the FinOps Foundation Inform/Optimise/Operate framework with Azure tooling

🚀 Advanced Add-On Tracks

Six specialist tracks, each 2–3 additional weeks. Take any track individually after completing the core program. Each aligned with a specific Microsoft or industry certification.

T1
3 weeks · Add-On · Additional Fee
Kubernetes & AKS — Fundamentals, Production Operations & GitOps
Aligned with: CKA (Certified Kubernetes Administrator)
+

Kubernetes on Azure Kubernetes Service — the most in-demand enterprise container platform. Three weeks to cover it properly: the Kubernetes object model, AKS-specific operations, and the GitOps delivery layer.

Week 1 — Kubernetes Fundamentals
  1. Architecture: API server, etcd, scheduler, controller manager, kubelet, kube-proxy, and container runtime
  2. Core workload objects: Pods, ReplicaSets, Deployments, StatefulSets, DaemonSets, Jobs, CronJobs — when each is right
  3. Services: ClusterIP, NodePort, LoadBalancer — DNS-based discovery with CoreDNS
  4. Ingress: NGINX Ingress Controller and the Azure Application Gateway Ingress Controller (AGIC) — TLS termination and path routing
  5. Persistent Volumes: PV, PVC, StorageClass — the Azure Disk CSI driver and Azure Files CSI driver for RWO and RWX storage
  6. Namespaces and RBAC: isolating teams, ClusterRoles vs Roles, ServiceAccounts, and binding Azure AD groups to Kubernetes roles
  7. Resource requests/limits, LimitRanges, ResourceQuotas, and QoS classes
  8. Health checks: liveness, readiness, and startup probes — probes that avoid unnecessary restarts
  9. Pod scheduling: node affinity/anti-affinity, taints, tolerations, topology spread constraints, and PodDisruptionBudgets
Week 2 — AKS in Production
  1. AKS provisioning with Terraform and Bicep: system node pools, user node pools, Spot node pools, and network plugin selection (Azure CNI vs kubenet vs Azure CNI Overlay)
  2. AKS authentication: Azure AD integration, Azure AD-backed kubectl, and disabling local accounts for compliance
  3. Workload Identity for AKS: the replacement for AAD Pod Identity — federated credentials for Azure RBAC access from Kubernetes ServiceAccounts
  4. AKS networking: Azure CNI pod IP assignment, NSG rules for pods, Azure Network Policy, and Calico
  5. AKS autoscaling: Cluster Autoscaler and KEDA — scaling nodes and pods based on workload demand
  6. Secrets Store CSI Driver with Azure Key Vault: mounting Key Vault secrets directly as Kubernetes volumes
  7. AKS add-ons and extensions: AGIC, Container Insights, Secrets Store CSI Driver, and Open Service Mesh
  8. AKS observability: Managed Prometheus, Azure Managed Grafana, and Log Analytics for cluster and pod logs
  9. AKS cost optimisation: spot node pools, Start/Stop cluster schedules, and AKS Cost Analysis
Week 3 — GitOps & Advanced Delivery
  1. Helm: packaging applications — charts, values files, release management, and Azure-specific Helm charts
  2. Kustomize: environment-specific overlays — base + overlays for dev/staging/prod on AKS
  3. Flux CD on AKS: the GitOps operator built into AKS as an extension — source, kustomize, helm, and image automation controllers
  4. ArgoCD on AKS: Applications, ApplicationSets, App of Apps, and multi-cluster deployments
  5. Progressive delivery with Argo Rollouts: canary and blue/green on AKS with Application Insights metric analysis
  6. External Secrets Operator with Azure Key Vault: managing secrets safely in a GitOps repository
  7. OPA Gatekeeper and Azure Policy for AKS: restricting privileged containers, enforcing resource limits
  8. Istio add-on on AKS: mTLS, traffic management, and Kiali for mesh observability
T2
2 weeks · Add-On · Additional Fee
Azure Security & Compliance Engineering — DevSecOps & Sentinel
Aligned with: AZ-500 + SC-200 (Microsoft Security Operations)
+

Enterprise Azure environments operate under regulatory frameworks — GDPR, ISO 27001, SOC 2, PCI-DSS. This track covers Azure security tooling, DevSecOps pipeline integration, and compliance automation.

Week 1 — Azure Security Services in Depth
  1. Microsoft Defender for Cloud in depth: Secure Score, regulatory compliance (NIST, CIS, PCI-DSS), and Defender plans for VMs, SQL, Storage, Containers, and App Service
  2. Microsoft Sentinel: cloud-native SIEM — data connectors (Azure AD, Office 365, Activity), analytics rules, and incident investigation playbooks
  3. Azure DDoS Protection: Standard tier — adaptive tuning, attack telemetry, and Azure Monitor integration
  4. Azure Bastion: browser-based SSH and RDP to VMs without public IP addresses — eliminating jump boxes
  5. Just-in-time VM access: Defender for Cloud JIT — time-limited NSG rules for administrative access
  6. Customer-managed keys (CMK): bringing your own keys for Storage, SQL, Cosmos DB, and AKS — key rotation and emergency revocation
  7. Azure Active Directory Identity Protection: risk-based Conditional Access — sign-in risk, user risk, and automated remediation
  8. Privileged Identity Management (PIM): just-in-time elevation of Azure RBAC roles — approval workflows and access reviews
  9. Azure Private Link and Private DNS: end-to-end private connectivity to PaaS services from on-premises and hub-spoke networks
Week 2 — DevSecOps Pipeline & Compliance
  1. Shift-left security: Trivy (containers), Checkov (Bicep/Terraform), Semgrep (SAST), OWASP Dependency-Check, and the Microsoft Security DevOps Azure DevOps extension
  2. Microsoft Security DevOps GitHub Action: Credential Scanner, Template Analyzer, and Trivy in GitHub Actions
  3. SBOM: generating with Syft and Microsoft SBOM Tool — storing in ACR for audit and vulnerability tracking
  4. Container image signing with Notation (CNCF): signing ACR images with Key Vault-backed certificates and verifying with Ratify on AKS
  5. SLSA supply chain security on Azure: provenance attestation for container builds in Azure DevOps
  6. Azure Policy as code: managing Policy assignments with Terraform and Bicep — the policy-as-code DevOps workflow
  7. Compliance frameworks on Azure: ISO 27001, SOC 2, PCI-DSS, and NIST SP 800-53 initiatives — mapping controls to Azure services
  8. Incident response on Azure: isolating compromised resources, forensic investigation with Activity Logs and Sentinel, and runbook automation with Azure Automation
T3
2 weeks · Add-On · Additional Fee
Serverless & Event-Driven Architecture on Azure
Aligned with: AZ-204 (Azure Developer Associate)
+

Azure's serverless and event-driven services — Functions, Durable Functions, APIM, Event Grid, Service Bus, and Event Hubs — form a complete platform for building event-driven applications without managing servers.

  1. Azure Functions deep dive: execution model, cold starts, Flex Consumption plan, Durable Functions orchestration (chaining, fan-out/fan-in, human interaction, eternal orchestration)
  2. Azure Functions triggers and bindings: HTTP, Timer, Service Bus, Event Hubs, Blob, Cosmos DB, Queue Storage — the binding-based development model
  3. Azure Functions scaling: KEDA-based scaling on Container Apps vs Consumption plan automatic scaling
  4. Azure API Management (APIM): the enterprise API gateway — policies (rate limiting, transformation, caching, auth), products, subscriptions, and the developer portal
  5. Azure Event Grid: event routing across Azure services — topics, subscriptions, event filtering, and dead-letter queues
  6. Azure Service Bus: enterprise messaging — queues, topics, subscriptions, sessions for ordered processing, dead-letter queues
  7. Azure Event Hubs: high-throughput event streaming — partitions, consumer groups, capture to Blob, and the Kafka-compatible endpoint
  8. Azure Cosmos DB: globally distributed NoSQL — partition key design, consistency levels, change feed for event-driven patterns, serverless capacity
  9. Azure Logic Apps: low-code workflow automation — connectors, triggers, actions, and enterprise integration patterns
  10. Azure Static Web Apps: hosting SPAs with integrated Functions backends — GitHub Actions and Azure DevOps integration
  11. Event-driven architecture patterns: choreography vs orchestration, the outbox pattern, and saga coordination with Durable Functions
  12. Serverless observability: Application Insights for Azure Functions — request, dependency, exception tracking, and distributed tracing across Service Bus and Event Grid
T4
2 weeks · Add-On · Additional Fee
Platform Engineering & Advanced IaC — Landing Zones & Backstage
Aligned with: AZ-400 (DevOps Engineer Expert) + AZ-305 (Solutions Architect Expert)
+

Platform Engineering on Azure — building the internal developer platform that enterprise development teams use to self-service environments, deployments, and infrastructure without depending on the central infrastructure team for every change.

  1. Platform Engineering principles: golden paths, paved roads, and measuring developer experience with DORA and SPACE metrics
  2. Azure Landing Zones: Microsoft's reference architecture — management groups, policy assignments, hub-spoke networking, and the Enterprise-Scale CAF
  3. Azure Landing Zone Bicep accelerator: deploying the Microsoft reference landing zone from the ALZ Bicep repository
  4. Terraform Azure Landing Zones module: the community and Microsoft-maintained Terraform equivalent — when to choose Terraform over Bicep
  5. Azure Deployment Environments: developer self-service environment provisioning backed by Bicep or Terraform templates in Azure DevOps Catalogs
  6. Azure Developer CLI (azd): the developer-focused CLI for deploying Azure applications — azd templates, pipelines, and the developer workflow
  7. Backstage with Azure: internal developer portal — Azure DevOps plugin, ACR plugin, and Azure resource entity provider for service catalogue integration
  8. Bicep advanced patterns: modules registry with ACR, Bicep extensibility providers, and porting ARM templates to Bicep with decompile
  9. Terraform advanced patterns for Azure: Azure Verified Modules, provider aliasing for multi-subscription deployments, and AzureRM backend with state encryption
  10. Policy as code at enterprise scale: Azure Policy exemptions, remediation tasks, and compliance reports in pipelines
  11. Multi-account Azure strategy: AWS Organizations equivalent — Azure Management Groups, SCPs, delegated admin, and Control Tower customisations
  12. FinOps on Azure: the FinOps Foundation framework — Inform, Optimise, and Operate phases with Azure Cost Management tooling
T5
2 weeks · Add-On · Additional Fee
Azure AI & ML Infrastructure — OpenAI Service, AML & Databricks
Aligned with: AI-102 (Azure AI Engineer) + DP-100 (Azure Data Scientist)
+

Azure is the enterprise home for AI workloads. This track covers the infrastructure engineering required to provision, operate, and secure Azure OpenAI Service, Azure Machine Learning, Databricks, and Synapse in production.

  1. Azure OpenAI Service infrastructure: deploying GPT-4o and embedding models — model deployments, capacity planning, PTU (provisioned throughput units) vs standard
  2. Azure OpenAI private networking: Private Endpoints, network isolation, and routing enterprise traffic through Azure Firewall
  3. Azure AI Studio: hubs, projects, connections, and the compute infrastructure behind model deployments
  4. Azure AI Search: provisioning the enterprise vector search service — indexes, indexers, skillsets, and semantic ranking
  5. Azure Machine Learning workspace: compute clusters, compute instances, datastores, environments, and MLflow tracking integration
  6. AML compute targets: CPU and GPU compute clusters — NC-series and ND-series VMs, autoscaling, and low-priority (spot) nodes
  7. AML pipelines and components: building reusable ML pipeline steps as Docker containers — the infrastructure side of MLOps
  8. Model deployment infrastructure: AML Online Endpoints and Batch Endpoints — blue/green model deployments with traffic mirroring
  9. Azure Data Factory: managed ETL — pipelines, datasets, linked services, and integration runtimes for on-premises data
  10. Azure Synapse Analytics infrastructure: Spark pools, SQL pools, integration runtimes, and workspace networking with Managed VNet
  11. Azure Databricks infrastructure: workspace provisioning with Terraform, Unity Catalog, instance pools, and cluster policies for cost control
  12. Data platform security: Azure Purview data governance, row-level security in Synapse, and Unity Catalog fine-grained access control
  13. MLOps CI/CD: deploying AML pipelines and model endpoints from Azure DevOps Pipelines
T6
2 weeks · Add-On · Additional Fee
SRE & Advanced Observability — Chaos Studio, KQL Mastery & SLOs
Aligned with: AZ-400 (DevOps Engineer Expert) advanced scenarios
+

SRE principles applied to Azure — defining SLOs backed by Application Insights data, automating toil with Azure Automation, building chaos experiments with Azure Chaos Studio, and operating production Azure at enterprise scale.

Week 1 — Advanced Observability Stack
  1. Azure Monitor Logs in depth: workspace design (centralised vs decentralised), data collection rules (DCR), table retention tiers, and cost management
  2. KQL mastery: advanced patterns — time series analysis, series_decompose_anomalies(), machine learning functions, and exporting to Power BI
  3. Azure Managed Grafana: managed Grafana with Azure Monitor, Prometheus, and Log Analytics data sources — operational dashboards without managing Grafana infrastructure
  4. Azure Monitor Managed Service for Prometheus: scraping AKS metrics into a managed Prometheus-compatible store — PromQL and Grafana integration
  5. OpenTelemetry Collector on Azure: deploying as a DaemonSet on AKS or as a Container App — telemetry pipelines to Azure Monitor and Prometheus
  6. Application Insights in depth: custom events, custom metrics, availability tests (URL ping, multi-step), user flow analysis
  7. Azure Monitor Workbooks: interactive, parameterised reports — SLO dashboards and incident review workbooks
  8. Azure Monitor alerts at scale: alert processing rules for maintenance windows, programmatic alert management with Terraform
Week 2 — SRE Practice on Azure
  1. SLIs, SLOs, and error budgets on Azure: defining SLIs from Application Insights data — building SLO dashboards with KQL and Azure Monitor Workbooks
  2. Multi-window multi-burn-rate alerting: the Google SRE alerting approach with Azure Monitor metric alerts
  3. Azure Chaos Studio: managed chaos engineering — fault library (VM shutdown, AKS pod delete, network latency, Service Bus outage), experiment design, and safety guards
  4. Resilience testing: validating Container Apps scale-out, AKS node pool failover, Azure SQL failover group switchover under chaos
  5. Azure Automation: runbooks (PowerShell/Python), update management for VMs, and automated remediation triggered by Azure Monitor alerts
  6. Azure Logic Apps for incident management: automated response — alerting PagerDuty, creating Azure DevOps work items, and Teams notifications
  7. Toil reduction on Azure: automating repetitive operations with Azure Functions, Logic Apps, and Event Grid-triggered automation
  8. Blameless post-mortems: Azure incident timeline reconstruction using Activity Logs, Application Insights, and Sentinel — action items in Azure DevOps Boards
  9. Azure Service Health: configuring alerts for regional outages, planned maintenance, and health advisories — embedding in SRE dashboards

🎓 Microsoft Certifications Aligned

Every component of this program is aligned with one or more Microsoft or industry certifications. Hands-on project experience from each track substantially accelerates your certification path.

Core Program

AZ-104 — Azure Administrator Associate

VMs, VNet, Storage, IAM, Entra ID, Monitor — the foundational Azure cert

Core Program

AZ-900 — Azure Fundamentals

Cloud concepts, core Azure services, pricing, and SLAs

Track 1

CKA — Certified Kubernetes Administrator

The most in-demand Kubernetes certification globally

Track 2

AZ-500 — Azure Security Engineer Associate

Defender, Sentinel, Key Vault, Managed Identity, and DevSecOps

Track 2

SC-200 — Microsoft Security Operations

Microsoft Sentinel, Defender XDR, and incident investigation

Track 3

AZ-204 — Azure Developer Associate

Functions, Durable Functions, APIM, Service Bus, Event Grid, Cosmos DB

Track 4

AZ-400 — DevOps Engineer Expert

Azure DevOps Pipelines, GitHub Actions, Landing Zones, and FinOps

Track 5

AI-102 — Azure AI Engineer Associate

Azure OpenAI Service, AI Studio, AI Search, and AI Safety

📅 Schedule & Timings

📌
Choose one group based on your availability. Maximum 5 candidates per group — individual hands-on lab support and direct instructor access throughout.

Weekday Groups

Group 1Mon–Wed · 10 AM – 1 PM
Group 2Mon–Wed · 4 PM – 7 PM

Weekend Groups

Group 3Sat & Sun · 10 AM – 2 PM
Group 4Sat & Sun · 4 PM – 8 PM

📍 Location: In-house training, F-11 Markaz, Islamabad  ·  📱 Online option available for out-of-city participants

🎯 Who This Is For

Developers and system administrators transitioning into Azure DevOps and cloud engineering roles — your existing Linux and scripting skills transfer directly
Engineers at Pakistani IT firms building or operating enterprise systems for international clients on Azure — the most commercially relevant cloud for the Pakistani outsourcing market
.NET and Microsoft-stack developers who want to own the infrastructure and deployment pipeline — you already know the ecosystem, this fills in the DevOps layer
Engineers targeting remote Azure DevOps, platform engineering, or cloud architect roles — AZ-400 and AZ-305 are the certifications those roles require
Anyone pursuing AZ-104, AZ-400, AZ-305, or AZ-500 certification with hands-on lab training to complement exam prep
No prior Azure or DevOps experience required for the core program — only basic Linux command line and scripting familiarity