AZ-304: Microsoft Azure Architect Design (beta) – Study Guide

Microsoft continues to update it’s role based exams and next on the list is AZ-304. This is the updated version of AZ-301 and launched at the end of June 2020. Currently this exam is arguably part of the most difficult certification path as it is one of only two Expert level certifications for Azure. Here is what Microsoft have to say about it:

Candidates for this exam are Azure Solutions Architects who advise stakeholders and translate business requirements into secure, scalable, and reliable solutions. Candidates should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution. Candidates must have expert-level skills in Azure administration and have experience with Azure development processes and DevOps processes.

As the exam is still in beta, if you take it, it will not be scored immediately. So bear that in mind before you sit it! Of course, if you pass the exam, once scored, it will count towards the certification.

As always, a great place to start is Microsoft Learn. There are several interactive learning paths that are free that you can work through at your own pace. I find this a great way to study and gain greater understanding of the services by actually using them and you will need to be very familiar with Azure to pass this exam.

Below I’ve put together a collection of links relevant to the sections Microsoft have highlighted as being part of the skills measured for this exam. These are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it. Hopefully these study materials will help guide you to successfully passing AZ-304!

Design Monitoring (10-15%)

Design for cost optimization

Design a solution for logging and monitoring

Design Identity and Security (25-30%)

Design authentication

Design authorization

Design governance

Design security for applications

Design Data Storage (15-20%)

Design a solution for databases

Design data integration

Select an appropriate storage account

Design Business Continuity (10-15%)

Design a solution for backup and recovery

Design for High Availability

Design Infrastructure (25-30%)

Design a compute solution

Design a network solution

Design an application architecture

Design migrations

AZ-301: Microsoft Azure Architect Design – Study Guide

Now that AZ-302 has officially been retired, there is only one route to earn your Microsoft Certified: Azure Solutions Architect Expert certification. That route is to sit and pass both the AZ-300 and the AZ-301 exams. Currently this is arguably the most difficult exam certification path as it is one of only two Expert level certifications for Azure. This post will cover AZ-301, here is what Microsoft have to say about it:

This exam measures your ability to accomplish the following technical tasks: determine workload requirements; design for identity and security; design a data platform solution; design a business continuity strategy; design for deployment, migration, and integration; and design an infrastructure strategy.

Below I’ve put together a collection of links relevant to the sections highlighted as being part of the skills measured for this exam. As always, these are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it. Hopefully these study materials will help guide you to successfully passing AZ-301!

If you spot something, or have a better link for a topic, get in touch! I will update this post as regularly as possible and always appreciate any feedback.

A good place to start is Microsoft Learn. there are several interactive learning paths that are free that you can work through at your own pace. I find this a great way to study and gain greater understanding of the services by actually using them.

Determine workload requirements

Gather Information and Requirements

This section requires broad knowledge of the platform and general IT architecture experience. My recommendation would be to familiarise yourself with the Azure Architecture Center.

Optimize Consumption Strategy

Design an Auditing and Monitoring Strategy

Design for identity and security

Design Identity Management

Design Authentication

Design Authorization

Design for Risk Prevention for Identity

Design a Monitoring Strategy for Identity and Security

Design a data platform solution

Design a Data Management Strategy

Design a Data Protection Strategy

Design and Document Data Flows

Design a Monitoring Strategy for the Data Platform

Design a business continuity strategy

Design a Site Recovery Strategy

Design for High Availability

Design a Data Archiving Strategy

Design for deployment, migration, and integration

Design Deployments

Design Migrations

Design an API Integration Strategy

Design an infrastructure strategy

Design a Storage Strategy

Design a Compute Strategy

Design a Networking Strategy

Design a Monitoring Strategy for Infrastructure

AZ-103: Microsoft Azure Administrator – Study Guide

Microsoft recently made a change to the certification path to earn your Microsoft Certified: Azure Administrator Associate. Gone is the requirement to pass two exams, instead the content has been collated and a single new exam is now required. Here is what Microsoft have to say:

This new exam combines the skills covered in AZ-100 and AZ-101 (which retired on May 1, 2019), with the majority of the new exam coming from AZ-100. Candidates for this exam are Azure Administrators who manage cloud services that span storage, security, networking, and compute cloud capabilities. Candidates have a deep understanding of each service across the full IT lifecycle, and take requests for infrastructure services, applications, and environments. They make recommendations on services to use for optimal performance and scale, as well as provision, size, monitor, and adjust resources as appropriate. Candidates for this exam should have proficiency in using PowerShell, the Command Line Interface, Azure Portal, ARM templates, operating systems, virtualization, cloud infrastructure, storage structures, and networking.

Below I’ve put together a collection of links relevant to the sections highlighted as being part of the skills measured for this exam. As always, these are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it. Hopefully these study materials will help guide you to successfully passing AZ-103!

If you spot something, or have a better link for a topic, get in touch! I will update this post regularly as I work my way towards taking this exam and appreciate any feedback.

A good place to start is Microsoft Learn. there are several interactive learning paths that are free that you can work through at your own pace. I find this a great way to study and gain greater understanding of the services by actually using them.

Manage Azure Subscriptions and Resources

Manage Azure subscriptions

Analyze resource utilization and consumption

Manage resource groups

Managed role based access control (RBAC)

Implement and Manage Storage

Create and configure storage accounts

Import and export data to Azure

Configure Azure files

Implement Azure backup

Deploy and Manage Virtual Machines (VMs)

Create and configure a VM for Windows and Linux

Manage Azure VM

Automate deployment of VMs

Manage VM backups

Configure and Manage Virtual Networks

Create connectivity between virtual networks

Implement and manage virtual networking

Configure name resolution

Create and configure a Network Security Group (NSG)

Implement Azure load balancer

Monitor and troubleshoot virtual networking

Integrate on premises network with Azure virtual network

Manage Identities

Manage Azure Active Directory (AD)

Implement and manage hybrid identities

Manage Azure AD objects (users, groups, and devices)

Implement multi-factor authentication (MFA)

AZ-302: Microsoft Azure Solutions Architect Certification Transition Study Guide

NOTE: This exam is now retired. I now have guides for AZ-300 and AZ-301.

The first thing to note about this exam is that it is intended only for those who have previously sat and passed the 70-535: Architecting Microsoft Azure Solutions exam. So if you’ve passed that exam, read on!

Next thing to note, this exam isn’t here to stay. It’s a transition exam to earn the more up to date certification. As such, Microsoft are retiring it on June 30, 2019.

What’s great is that if you pass, you will earn the Microsoft Certified: Azure Solutions Architect Expert with just the one exam.

Here is what Microsoft have to say about this exam:

The transition exam is intended for people who have already demonstrated skills in the content domain by passing the existing exam(s) that the new role-based certification exams will be replacing. They cover the delta between the current certification and what we expect people who earn the new certification to be able to do. We don’t want to retest people on the same content where they have already demonstrated competence by passing the existing exam.

Transition exams cover net new content, content that wasn’t covered in enough depth, and content on aspects of the technology that have likely changed since someone took the exam. As a result, the transition exam is not shorter than a typical exam but more focused on the key tasks and skills that were not assessed in the existing exam or certification that is being replaced.

Candidates for this exam are Azure Solution Architects who advise stakeholders and translates business requirements into secure, scalable, and reliable solutions.

Candidates should have advanced experience and knowledge across various aspects of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data management, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution.

Candidates must be proficient in Azure administration, Azure development, and DevOps, and have expert-level skills in at least one of those domains.

Below I’ve put together a collection of links relevant to the sections highlighted as being part of the skills measured for this exam. As always, these are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it.

One final important note, as this is a solution architecture exam, there is a presumption that you are aware of service SLAs, performance tiers, dependencies etc. This sort of knowledge will only come with experience and practise. Again, you would have needed to know these to pass 70-535 so nothing new there!

If you spot something, or have a better link for a topic, get in touch! I will update this post regularly as I work my way towards taking this exam and appreciate any feedback.

Determine workload requirements

Determine feasibility and refine requirements

  • There are no real links that help with this section as it is so broad. This requires that prior over-arching knowledge of the platform I mentioned earlier.

Optimize consumption strategy

Design for identity and security

Design authorization

Design a business continuity strategy

Design a site recovery strategy

Design for high availability

Implement workloads and security

Configure serverless computing

Implement authentication and secure data

Implement secure data solutions

Develop for the cloud

Develop long-running tasks

Configure a message-based integration architecture

Develop for asynchronous processing

Develop for autoscaling

Implement distributed transactions

Develop advanced cloud workloads

**This section is vast. A lot of practise and reading required**

https://docs.microsoft.com/en-us/azure/cognitive-services/computer-vision/home

https://docs.microsoft.com/en-us/azure/cognitive-services/speech-service/overview

https://docs.microsoft.com/en-us/azure/bot-service/bot-builder-tutorial-basic-deploy?view=azure-bot-service-4.0&tabs=csharp

https://docs.microsoft.com/en-us/azure/machine-learning/service/samples-notebooks

https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-services-and-technologies

AZ-500 Microsoft Azure Security Technologies – Study Guide

Updated August 2020

The latest Azure exam is now out of beta, AZ-500 Microsoft Azure Security Technologies. Passing this single exam will allow you to earn a Microsoft Certified: Azure Security Engineer Associate certification. I recently got the results for my exam which I sat in beta back in April and thankful to say I passed!

So, if you’re interested and wondering if you should take this exam? Here is what Microsoft have to say:

Candidates for this exam are Microsoft Azure security engineers who implement security controls, maintain the security posture, manages identity and access, and protects data, applications, and networks. Candidates identify and remediate vulnerabilities by using a variety of security tools, implements threat protection, and responds to security incident escalations. As a Microsoft Azure security engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.

Candidates for this exam should have strong skills in scripting and automation, a deep understanding of networking, virtualization, and cloud N-tier architecture, and a strong familiarity with cloud capabilities, Microsoft Azure products and services, and other Microsoft products and services.

Below, I’ve put together a collection of links relevant to the sections highlighted as being part of the skills measured for this exam. As always, these are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it.

If you spot something, or have a better link for a topic, get in touch! I will update this post as regularly as possible and always appreciate any feedback.

A good place to start is the Azure Security Documentation page. This site includes most of the key concepts and services covered in this exam, as well as several best practice approaches you should consider.

Manage Identity and Access

App registration

MFA

Groups

Users

Adconnect

CA

AADIP

PIM

Tenant

Implement Platform Protection

VNET

NSG & ASG

Firewall

Remote Accesss Management

Baseline Security

Resource Firewall

Endpoint Security VM

VM Security

Harden VM

Container Networks

Container Isolation & Security

AKS Security

Container Registry Security & Authentication

Container Instance Security

Resource Locks

Resource Group Security

Azure Policy

Custom RBAC

Manage Security Operations

Azure Monitor

Log Analytics

Diagnostic Logs

Vulnerability Scanning

Security Center Policies & JIT

Security Alerts

Secure Data and Applications

Data Security Policies

Data Infrastructure

Data at Rest

Application Delivery

Application Security

Key Vault