Exam AZ-303: Microsoft Azure Architect Technologies
Implement and Monitor an Azure Infrastructure (50-55%)
Implement cloud infrastructure monitoring
- monitor security
- monitor performance
- configure diagnostic settings on resources
- create a performance baseline for resources
- monitor for unused resources
- monitor performance capacity
- visualize diagnostics data using Azure Monitor
- monitor health and availability
- monitor networking
- monitor service health
- monitor cost
- monitor spend
- report on spend
- configure advanced logging
- implement and configure Azure Monitor insights, including App Insights
Networks, Containers
- configure a Log Analytics workspace
- configure logging for workloads
- initiate automated responses by using Action Groups
- configure and manage advanced alerts
- collect alerts and metrics across multiple subscriptions
- view Alerts in Azure Monitor logs
Implement storage accounts
- select storage account options based on a use case
- configure Azure Files and blob storage
- configure network access to the storage account
- implement Shared Access Signatures and access policies
- implement Azure AD authentication for storage
- manage access keys
- implement Azure storage replication
- implement Azure storage account failover
Implement VMs for Windows and Linux
- configure High Availability
- configure storage for VMs
- select virtual machine size
- implement Azure Dedicated Hosts
- deploy and configure scale sets
- configure Azure Disk Encryption
Automate deployment and configuration of resources
- save a deployment as an Azure Resource Manager template
- modify Azure Resource Manager template
- evaluate location of new resources
- configure a virtual disk template
- deploy from a template
- manage a template library
- create and execute an automation runbook
Implement virtual networking
- implement VNet to VNet connections
- implement VNet peering
Implement Azure Active Directory
- add custom domains
- configure Azure AD Identity Protection
- implement self-service password reset
- implement Conditional Access including MFA
- configure user accounts for MFA
- configure fraud alerts
- configure bypass options
- configure Trusted IPs
- configure verification methods
- implement and manage guest accounts
- manage multiple directories
Implement and manage hybrid identities
- install and configure Azure AD Connect
- identity synchronization options
- configure and manage password sync and password writeback
- configure single sign-on
- use Azure AD Connect Health
Implement Management and Security Solutions (25-30%)
Manage workloads in Azure
- migrate workloads using Azure Migrate
- assess infrastructure
- select a migration method
- prepare the on-premises for migration
- recommend target infrastructure
- implement Azure Backup for VMs
- implement disaster recovery
- implement Azure Update Management
Implement load balancing and network security
- implement Azure Load Balancer
- implement an application gateway
- implement a Web Application Firewall
- implement Azure Firewall
- implement the Azure Front Door Service
- implement Azure Traffic Manager
- implement Network Security Groups and Application Security Groups
- implement Bastion
- Implement and manage Azure governance solutions
- create and manage hierarchical structure that contains management groups,
- subscriptions and resource groups
- assign RBAC roles
- create a custom RBAC role
- configure access to Azure resources by assigning roles
- configure management access to Azure
- interpret effective permissions
- set up and perform an access review
- implement and configure an Azure Policy
- implement and configure an Azure Blueprint
Manage security for applications
- implement and configure KeyVault
- implement and configure Azure AD Managed Identities
- register and manage applications in Azure AD
Implement Solutions for Apps (10-15%)
Implement an application infrastructure
- create and configure Azure App Service
- create an App Service Web App for Containers
- create and configure an App Service plan
- configure an App Service
- configure networking for an App Service
- create and manage deployment slots
- implement Logic Apps
- implement Azure Functions
Implement container-based applications
- create a container image
- configure Azure Kubernetes Service
- publish and automate image deployment to the Azure Container Registry
- publish a solution on an Azure Container Instance
Implement and Manage Data Platforms (10-15%)
Implement NoSQL databases
- configure storage account tables
- select appropriate CosmosDB APIs
- set up replicas in CosmosDB
Implement Azure SQL databases
- configure Azure SQL database settings
- implement Azure SQL Database managed instances
- configure HA for an Azure SQL database
- publish an Azure SQL database
Exam AZ-304: Microsoft Azure Architect Design
Skills Measured
Design Monitoring (10-15%)
Design for cost optimization
- recommend a solution for cost management and cost reporting
- recommend solutions to minimize costs
Design a solution for logging and monitoring
- determine levels and storage locations for logs
- plan for integration with monitoring tools including Azure Monitor and Azure Sentinel
- recommend appropriate monitoring tool(s) for a solution
- choose a mechanism for event routing and escalation
- recommend a logging solution for compliance requirements
Design Identity and Security (25-30%)
Design authentication
- recommend a solution for single-sign on
- recommend a solution for authentication
- recommend a solution for Conditional Access, including multi-factor authentication
- recommend a solution for network access authentication
- recommend a solution for a hybrid identity including Azure AD Connect and Azure AD
Connect Health
- recommend a solution for user self-service
- recommend and implement a solution for B2B integration
Design authorization
- choose an authorization approach
- recommend a hierarchical structure that includes management groups, subscriptions and resource groups
- recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD, Identity Protection, Just In Time (JIT) access
Design governance
- recommend a strategy for tagging
- recommend a solution for using Azure Policy
- recommend a solution for using Azure Blueprint
Design security for applications
- recommend a solution that includes KeyVault
- What can be stored in KeyVault
- KeyVault operations
- KeyVault regions
- recommend a solution that includes Azure AD Managed Identities
- recommend a solution for integrating applications into Azure AD
Design Data Storage (15-20%)
Design a solution for databases
- select an appropriate data platform based on requirements
- recommend database service tier sizing
- recommend a solution for database scalability
- recommend a solution for encrypting data at rest, data in transmission, and data in use
Design data integration
- recommend a data flow to meet business requirements
- recommend a solution for data integration, including Azure Data Factory, Azure Data
Bricks, Azure Data Lake, Azure Synapse Analytics
Select an appropriate storage account
- choose between storage tiers
- recommend a storage access solution
- recommend storage management tools
Design Business Continuity (10-15%)
Design a solution for backup and recovery
- recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)
- design and Azure Site Recovery solution
- recommend a site recovery replication policy
- recommend a solution for site recovery capacity
- recommend a solution for site failover and failback (planned/unplanned
- recommend a solution for the site recovery network
- recommend a solution for recovery in different regions
- recommend a solution for Azure Backup management
- design a solution for data archiving and retention
- recommend storage types and methodology for data archiving
- identify business compliance requirements for data archiving
- identify requirements for data archiving
- identify SLA(s) for data archiving
- recommend a data retention policy
Design for high availability
- recommend a solution for application and workload redundancy, including compute, database, and storage
- recommend a solution for autoscaling
- identify resources that require high availability
- identify storage types for high availability
- recommend a solution for geo-redundancy of workloads
Design Infrastructure (25-30%)
Design a compute solution
- recommend a solution for compute provisioning
- determine appropriate compute technologies, including virtual machines, App Services,
- Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
- recommend a solution for containers
- AKS versus ACI and the configuration of each one
- recommend a solution for automating compute management
Design a network solution
- recommend a solution for network addressing and name resolution
- recommend a solution for network provisioning
- recommend a solution for network security
- private endpoints
- Firewalls
- Gateways
- recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
- recommend a solution for automating network management
- recommend a solution for load balancing and traffic routing
Design an application architecture
- recommend a microservices architecture including Event Grid, Event Hubs, Service Bus,
Storage Queues, Logic Apps, Azure Functions, and webhooks
- recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions
- select an automation method
- choose which resources or lifecycle steps will be automated
- design integration with other sources such as an ITSM solution
- recommend a solution for monitoring automation
- recommend a solution for API integration
- design an API gateway strategy
- determine policies for internal and external consumption of APIs
- recommend a hosting structure for API management
- recommend when and how to use API Keys
Design migrations
- assess and interpret on-premises servers, data, and applications for migration
- recommend a solution for migrating applications and VMs
- recommend a solution for migration of databases
- determine migration scope, including redundant, related, trivial, and outdated data