AZ-301: Microsoft Azure Architect Design – Study Guide

Now that AZ-302 has officially been retired, there is only one route to earn your Microsoft Certified: Azure Solutions Architect Expert certification. That route is to sit and pass both the AZ-300 and the AZ-301 exams. Currently this is arguably the most difficult exam certification path as it is one of only two Expert level certifications for Azure. This post will cover AZ-301, here is what Microsoft have to say about it:

This exam measures your ability to accomplish the following technical tasks: determine workload requirements; design for identity and security; design a data platform solution; design a business continuity strategy; design for deployment, migration, and integration; and design an infrastructure strategy.

Below I’ve put together a collection of links relevant to the sections highlighted as being part of the skills measured for this exam. As always, these are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it. Hopefully these study materials will help guide you to successfully passing AZ-301!

If you spot something, or have a better link for a topic, get in touch! I will update this post as regularly as possible and always appreciate any feedback.

A good place to start is Microsoft Learn. there are several interactive learning paths that are free that you can work through at your own pace. I find this a great way to study and gain greater understanding of the services by actually using them.

Determine workload requirements

Gather Information and Requirements

This section requires broad knowledge of the platform and general IT architecture experience. My recommendation would be to familiarise yourself with the Azure Architecture Center.

Optimize Consumption Strategy

Design an Auditing and Monitoring Strategy

Design for identity and security

Design Identity Management

Design Authentication

Design Authorization

Design for Risk Prevention for Identity

Design a Monitoring Strategy for Identity and Security

Design a data platform solution

Design a Data Management Strategy

Design a Data Protection Strategy

Design and Document Data Flows

Design a Monitoring Strategy for the Data Platform

Design a business continuity strategy

Design a Site Recovery Strategy

Design for High Availability

Design a Data Archiving Strategy

Design for deployment, migration, and integration

Design Deployments

Design Migrations

Design an API Integration Strategy

Design an infrastructure strategy

Design a Storage Strategy

Design a Compute Strategy

Design a Networking Strategy

Design a Monitoring Strategy for Infrastructure

AZ-500 Microsoft Azure Security Technologies – Study Guide

The latest Azure exam is now out of beta, AZ-500 Microsoft Azure Security Technologies. Passing this single exam will allow you to earn a Microsoft Certified: Azure Security Engineer Associate certification. I recently got the results for my exam which I sat in beta back in April and thankful to say I passed!

So, if you’re interested and wondering if you should take this exam? Here is what Microsoft have to say:

Candidates for this exam are Microsoft Azure security engineers who implement security controls, maintain the security posture, manages identity and access, and protects data, applications, and networks. Candidates identify and remediate vulnerabilities by using a variety of security tools, implements threat protection, and responds to security incident escalations. As a Microsoft Azure security engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.

Candidates for this exam should have strong skills in scripting and automation, a deep understanding of networking, virtualization, and cloud N-tier architecture, and a strong familiarity with cloud capabilities, Microsoft Azure products and services, and other Microsoft products and services.

Below, I’ve put together a collection of links relevant to the sections highlighted as being part of the skills measured for this exam. As always, these are only guide links, sometimes you need to explore a topic much more deeply if you are not familiar with it.

If you spot something, or have a better link for a topic, get in touch! I will update this post as regularly as possible and always appreciate any feedback.

A good place to start is the Azure Security Documentation page. This site includes most of the key concepts and services covered in this exam, as well as several best practice approaches you should consider.

Manage Identity and Access

App registration

MFA

Groups

Users

Adconnect

CA

AADIP

PIM

Tenant

Implement Platform Protection

VNET

NSG & ASG

Firewall

Remote Accesss Management

Baseline Security

Resource Firewall

Endpoint Security VM

VM Security

Harden VM

Container Networks

Container Isolation & Security

AKS Security

Container Registry Security & Authentication

Container Instance Security

Resource Locks

Resource Group Security

Azure Policy

Custom RBAC

Manage Security Operations

Azure Monitor

Log Analytics

Diagnostic Logs

Vulnerability Scanning

Security Center Policies & JIT

Security Alerts

Secure Data and Applications

Data Security Policies

Data Infrastructure

Data at Rest

Application Delivery

Application Security

Key Vault