The AZ-303 Azure Architect exam will replace the older AZ-300 exam by end of June 2020. Since I received requests to continue to create study guides for the new Azure exams, I have prepared the AZ-303 Study Guide. This exam is in beta now.
If you haven't read about the exam changes and how they will impact your certification journey, read here
This post contains a curated list of articles from Microsoft documentation for each objective of the AZ-303 exam. Please share the post within your circles so it helps them to prepare for the exam.
AZ-303 Azure Architect Course (Online)
Pluralsight (Learning Path) Microsoft Azure Architect Technologies [Free Trial] LinkedIn Learning [Free Trial] Preparation for Azure Architect Certification Whizlabs Microsoft Azure Certified Architect Udemy Exam Preparation for Microsoft Architect Role
AZ-303 Azure Architect Other Learning Stuff
|Skylines Academy||AZ-300 & AZ-301 Certification Bundle|
|Labs Practice for AZ-300||Microsoft Azure Architect Technologies [Lab Practice]|
|Amazon||Azure Architect Exam Reference book|
Implement and Monitor an Azure Infrastructure (50-55%)
Implement Cloud Infrastructure Monitoring
Monitor security (Note: Log Analytics, Azure Security Center, Azure Sentinel)
o Configure diagnostic settings on resources
o Create a performance baseline for resources
o Monitor for unused resources
o Monitor performance capacity
o Visualize diagnostics data using Azure Monitor
Monitor health and availability
o Monitor networking
o Monitor service health
o Monitor spend
o Report on spend
Configure advanced logging
o Implement and configure Azure Monitor insights, including App Insights, Networks, Containers
o Configure a Log Analytics workspace
Configure logging for workloads
Initiate automated responses by using Action Groups
Configure and manage advanced alerts
o Collect alerts and metrics across multiple subscriptions
o View Alerts in Azure Monitor logs
Implement storage accounts
Select storage account options based on a use case
Configure Azure Files and blob storage
Configure network access to the storage account
Implement Shared Access Signatures and access policies
Implement Azure AD authentication for storage
Manage access keys
Implement Azure storage replication
Implement Azure storage account failover
Implement VMs for Windows and Linux
Configure High Availability
Configure storage for VMs
Select virtual machine size
Implement Azure Dedicated Hosts
Deploy and configure scale sets
Configure Azure Disk Encryption
Automate deployment and configuration of resources
Save a deployment as an Azure Resource Manager template
Modify Azure Resource Manager template
Evaluate location of new resources
Configure a virtual disk template
Deploy from a template
Manage a template library
Create and execute an automation runbook
Implement virtual networking
Implement VNet to VNet connections
Implement VNet peering
Implement Azure Active Directory
Add custom domains
Configure Azure AD Identity Protection
Implement self-service password reset
Implement Conditional Access including MFA
Configure user accounts for MFA
Configure fraud alerts
Configure bypass options
Configure Trusted IPs
Configure verification methods
Implement and manage guest accounts
Manage multiple directories
Implement and manage hybrid identities
Install and configure Azure AD Connect
Identity synchronization options
Configure and manage password sync and password writeback
Configure single sign-on
Use Azure AD Connect Health
Implement Management and Security Solutions (25-30%)
Manage workloads in Azure
Migrate workloads using Azure Migrate
o Assess infrastructure
o Select a migration method
o Prepare the on-premises for migration
o Recommend target infrastructure
Implement Azure Backup for VMs
Implement disaster recovery
Implement Azure Update Management
Implement load balancing and network security
Implement Azure Load Balancer
Implement an application gateway
Implement a Web Application Firewall
Implement Azure Firewall
Implement the Azure Front Door Service
Implement Azure Traffic Manager
Implement Network Security Groups and Application Security Groups
Implement and manage Azure governance solutions
Create and manage hierarchical structure that contains management groups, subscriptions and resource groups
Assign RBAC roles
Create a custom RBAC role
Configure access to Azure resources by assigning roles
Configure management access to Azure
Interpret effective permissions
Set up and perform an access review
Implement and configure an Azure Policy
Implement and configure an Azure Blueprint
Manage security for applications
Implement and configure Key Vault
Implement and configure Azure AD Managed Identities
Register and manage applications in Azure AD
Implement Solutions for Apps (10-15%)
Implement an application infrastructure
Create and configure Azure App Service
Create an App Service Web App for Containers
Create and configure an App Service plan
Configure an App Service
Configure networking for an App Service
Create and manage deployment slots
Implement Logic Apps
Implement Azure Functions
Implement container-based applications
Create a container image
Configure Azure Kubernetes Service
Publish and automate image deployment to the Azure Container Registry
Publish a solution on an Azure Container Instance
Implement and Manage Data Platforms (10-15%)
Implement NoSQL databases
Configure storage account tables
Don't get confused with the Table API in Cosmos DB and Azure Table storage. They both share the same data model and expose similar query operations through their SDKs. But, Table API in Cosmos DB has premium capabilities like global distribution, throughput & high availability. So, you should look to migrate your existing app to Table API, given a chance.
Select appropriate CosmosDB APIs
Cosmos DB is a Multi-Model Database Service. It means that you can build any of the NoSQL database models with the following APIs:
1. Gremlin (Graph) API – To describe the relationship between entities.
2. Azure Table API – use only to migrate applications using Azure Table Storage to Cosmos DB. Else just avoid.
3. MongoDB API – If your project is already using MongoDB, use this API. Migration is as simple as just updating the connection string.
4. Cassandra API – If your team already uses Cassandra DB / skillful of Cassandra Query Language (CQL), use this API.
5. Core SQL API – For all other cases & for new projects, use SQL API. Superior in functionality to other APIs. When in doubt, use Core SQL.
Set up replicas in CosmosDB
a. Why data replication is important in Azure Cosmos DB?
1. To reduce the latency of your application. If you have a global audience, then the users farther from the database may experience high latency (time duration between request & response). By enabling Cosmos DB replication, you direct the request to the nearest data center. The SDK will make sure of that.
2. Replication enables Business Continuity. If there is a natural disaster in a data center, you know the data is safe elsewhere.
b. In addition, to read replication, you can set up multi-region writes. But why? Same reason! To reduce write latency. But, this may cause conflicts as the data is updated in different regions.
Implement Azure SQL databases
Configure Azure SQL database settings
Configure security features of Azure SQL Database like:
You need to open port 1433 if you try to connect the Azure SQL database from your system (with a client tool like SSMS).
You can create Server-level firewall rules in the Azure portal and T-SQL (with SSMS). Database-level firewall rules can be configured with only T-SQL statements.
Server-level firewall rules apply to all the databases in the server & they are created in the master database. The rules for the database-level firewall are stored in the individual database making them easily portable.
Implement Azure SQL Database managed instances
Best used for migrating existing on-premises applications with minimal effort (lift-and-shift). Provides the latest stable DB engine version.
Azure SQL Managed Instance = Best of Azure SQL Database + Best of SQL Server on Azure VM
Configure HA for an Azure SQL database
What High Availability ensures for Azure SQL Database?
- That data is immune to failures.
- SQL, Windows maintenance operations do not impact the workload.
High-availability models available:
Standard: Basic, Standard & General Purpose tiers use the standard model: Two layers – a stateless compute layer & a stateful data layer (the .mdf & .ldf files) stored in Azure premium storage (built-in high availability). In the case of failure, Azure Service Fabric kickstarts another stateless compute node. Not suitable for a heavy workload, as the new compute node does not have any files (cold cache).
Premium (leveraged by Premium & Business Critical service tiers): Unlike the previous model, both the compute and the storage is in the same node. This node is replicated 3-4 times (others are secondary nodes) to provide high availability (implemented with Always On availability groups).
Additional benefits of Premium availability model:
Read Scale-Out: You can redirect read operations to the secondary nodes
Availability Zones: You can place the databases in availability zones so the data is replicated across data centers in a region. Although the data is immune to data center-specific failures, you may observe network latency (due to distance between data centers) as transactions are committed across availability zones.
This brings us to the end of AZ-303 Study Guide
What do you think? Let me know in the Comments section if I have missed out on anything. Also, I love to hear from you how your preparation is going on!
In case you are looking for other Azure certification exams check out this page
Follow/Like ravikirans.com to receive updates
Sign up for Newsletter
Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.