Microsoft Certified: Azure Solutions Architect Expert
Azure Solutions Architect, With my 10 years of IT journey and 5+ years of Cloud engineer, my thought was that I could take the Azure Solution Architect exam in 2021 first quarter.
I have been working with Azure for the majority of my professional career. I always started to a find solution to the problem that I faced and I would find the solution most of the time.
My milestone to obtain to the “Azure solutions Architect” certification. you need to complete the following 2 exams:
Following key areas, I would like to mention under studying aspect of both exams.
Past cloud solution design experience
If you work with Azure for at least 1-3 years, I think you on the correct approach to services offed by azure. During the experience again mode, you might come across different approaches on how to provide correct solutions while researching documents. Azure technologies
Pluralsight Video Tutorials
If you have a business subscription you can gain perfect core tutorials on pluralsight website.
Udemy
Udemy and in this platform, there is quite some content available if you want to study for anything and thus also for Azure certifications. Scott Duffy video tutorials are very much helping me to understand the concept of each segment of the AZ-303 and AZ-304.
Study Guide
AZ-303 Microsoft Azure Architect Technologies Certification Exam Study Guide
It is essential to get familiar with the exam objectives and skills measured first. That is why I recommend reading the description of the exam and the skills measured.
Exam AZ-303: Microsoft Azure Architect Technologies
Candidates for this exam are Azure Solutions Architects who advise stakeholders and translate business requirements into secure, scalable, and reliable solutions. Candidates should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution.
Candidates must have expert-level skills in Azure administration and have experience with Azure development processes and DevOps processes.
The high-level view of the skills measured in the exam:
- Implement and Monitor an Azure Infrastructure (50-55%)
- Implement Management and Security Solutions (25-30%)
- Implement Solutions for Apps (10-15%)
- Implement and Manage Data Platforms (10-15%)
Free Online Microsoft Learn
AZ-303 Exam
Microsoft Learn provides you with free online training and learning paths for different Microsoft technologies. They not just offer reading material, but also control questions and free online labs.
Implement and Monitor an Azure Infrastructure (50-55%)
Implement cloud infrastructure monitoring
- monitor security
- monitor performance
- monitor health and availability
- monitor cost
- configure advanced logging
- configure logging for workloads
- initiate automated responses by using Action Groups
- configure and manage advanced alerts
Implement storage accounts
- select storage account options based on a use case
- configure Azure Files and blob storage
- configure network access to the storage account
- implement Shared Access Signatures and access policies
- implement Azure AD authentication for storage
- manage access keys
- implement Azure storage replication
- implement Azure storage account failover
Implement VMs for Windows and Linux
- configure High Availability
- configure storage for VMs
- select virtual machine size
- implement Azure Dedicated Hosts
- deploy and configure scale sets
- configure Azure Disk Encryption
Automate deployment and configuration of resources
- save a deployment as an Azure Resource Manager template
- modify Azure Resource Manager template
- evaluate location of new resources
- configure a virtual disk template
- deploy from a template
- manage a template library
- create and execute an automation runbook
Implement virtual networking
- implement VNet to VNet connections
- implement VNet peering
Implement Azure Active Directory
- add custom domains
- configure Azure AD Identity Protection
- implement self-service password reset
- implement Conditional Access including MFA
- configure user accounts for MFA
- configure fraud alerts
- configure bypass options
- configure Trusted IPs
- configure verification methods
- implement and manage guest accounts
- manage multiple directories
Implement and manage hybrid identities
- install and configure Azure AD Connect
- identity synchronization options
- configure and manage password sync and password writeback
- configure single sign-on
- use Azure AD Connect Health
Implement Management and Security Solutions (25-30%)
Manage workloads in Azure
- migrate workloads using Azure Migrate
- implement Azure Backup for VMs
- implement disaster recovery
- implement Azure Update Management
Implement load balancing and network security
- implement Azure Load Balancer
- implement an application gateway
- implement a Web Application Firewall
- implement Azure Firewall
- implement the Azure Front Door Service
- implement Azure Traffic Manager
- implement Network Security Groups and Application Security Groups
- implement Bastion
Implement and manage Azure governance solutions
- create and manage hierarchical structure that contains management groups, subscriptions and resource groups
- assign RBAC roles
- create a custom RBAC role
- configure access to Azure resources by assigning roles
- configure management access to Azure
- interpret effective permissions
- set up and perform an access review
- implement and configure an Azure Policy
- implement and configure an Azure Blueprint
Manage security for applications
- implement and configure KeyVault
- implement and configure Azure AD Managed Identities
- register and manage applications in Azure AD
Implement Solutions for Apps (10-15%)
Implement an application infrastructure
- create and configure Azure App Service
- create an App Service Web App for Containers
- create and configure an App Service plan
- configure an App Service
- configure networking for an App Service
- create and manage deployment slots
- implement Logic Apps
- implement Azure Functions
Implement container-based applications
- create a container image
- configure Azure Kubernetes Service
- publish and automate image deployment to the Azure Container Registry
- publish a solution on an Azure Container Instance
Implement and Manage Data Platforms (10-15%)
Implement NoSQL databases
- configure storage account tables
- select appropriate CosmosDB APIs
- Choose the appropriate API for Azure Cosmos DB storage (Microsoft Learn module)
- set up replicas in CosmosDB
Implement Azure SQL databases
- configure Azure SQL database settings
- implement Azure SQL Database managed instances
- configure HA for an Azure SQL database
- publish an Azure SQL database
AZ-304 Microsoft Azure Architect Technologies Certification Exam Study Guide
Exam AZ-304: Microsoft Azure Architect Design
Candidates for this exam are Azure Solutions Architects who advise stakeholders and translate business requirements into secure, scalable, and reliable solutions.
Candidates should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution.
Candidates must have expert-level skills in Azure administration and have experience with Azure development processes and DevOps processes.
The high-level view of the skills measured in the exam:
- Design Monitoring (10-15%)
- Design Identity and Security (25-30%)
- Design Data Storage (15-20%)
- Design Business Continuity (10-15%)
- Design Infrastructure (25-30%)
Free Online Microsoft Learn AZ-304 Exam
Microsoft Learn provides you with free online training and learning paths for different Microsoft technologies. They not just offer reading material, but also control questions and free online labs.
Design Monitoring (10-15%)
Design for cost optimization
- recommend a solution for cost management and cost reporting
- recommend solutions to minimize costs
- How to reduce the costs of your Azure IaaS VMs (Thomas Maurer)
Design a solution for logging and monitoring
- determine levels and storage locations for logs
- plan for integration with monitoring tools including Azure Monitor and Azure Sentinel
- recommend appropriate monitoring tool(s) for a solution
- choose a mechanism for event routing and escalation
- recommend a logging solution for compliance requirements
Design Identity and Security (25-30%)
Design authentication
- recommend a solution for single-sign on
- recommend a solution for authentication
- recommend a solution for Conditional Access, including multi-factor authentication
- recommend a solution for network access authentication
- recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect Health
- recommend a solution for user self-service
- recommend and implement a solution for B2B integration
Design authorization
- choose an authorization approach
- recommend a hierarchical structure that includes management groups, subscriptions and resource groups
- recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) access
Design governance
- recommend a strategy for tagging
- Use Azure Tags to organize Resources (Thomas Maurer)
- recommend a solution for using Azure Policy
- recommend a solution for using Azure Blueprint
Design security for applications
- recommend a solution that includes KeyVault
- recommend a solution that includes Azure AD Managed Identities
- recommend a solution for integrating applications into Azure AD
Design Data Storage (15-20%)
Design a solution for databases
- select an appropriate data platform based on requirements
- recommend database service tier sizing
- recommend a solution for database scalability
- recommend a solution for encrypting data at rest, data in transmission, and data in use
Design data integration
- recommend a data flow to meet business requirements
- recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics
Select an appropriate storage account
- choose between storage tiers
- recommend a storage access solution
- recommend storage management tools
Design Business Continuity (10-15%)
Design a solution for backup and recovery
- recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)
- design and Azure Site Recovery solution
- recommend a solution for recovery in different regions
- recommend a solution for Azure Backup management
- design a solution for data archiving and retention
Design for high availability
- recommend a solution for application and workload redundancy, including compute, database, and storage
- recommend a solution for autoscaling
- identify resources that require high availability
- identify storage types for high availability
- recommend a solution for geo-redundancy of workloads
Design Infrastructure (25-30%)
Design a compute solution
- recommend a solution for compute provisioning
- determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
- recommend a solution for containers
- recommend a solution for automating compute management
Design a network solution
- recommend a solution for network addressing and name resolution
- recommend a solution for network provisioning
- recommend a solution for network security
- recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
- recommend a solution for automating network management
- recommend a solution for load balancing and traffic routing
Design an application architecture
- recommend a microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks
- recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions
- recommend a solution for API integration
Design migrations
- assess and interpret on-premises servers, data, and applications for migration
- recommend a solution for migrating applications and VMs
- recommend a solution for migration of databases
Conclusion
In this blog post, I shared with web readers way of gain exam objective. Of course, this is my learning path, someone may have another approach to manage the exam objective. But sharing the thoughts is very much helpful to the global readers.