AZ-304 Exam Study Guide (Microsoft Azure Architect Design)

The AZ-304 Azure Architect Design exam will replace the older AZ-301 exam by end of June 2020. Since I received requests to continue to create study guides for the new Azure exams, I have prepared the AZ-304 Study Guide. This exam is in beta now.

If you haven’t read about the exam changes and how they will impact your certification journey, read here

This post contains a curated list of articles from Microsoft documentation for each objective of the AZ-304 exam. Please share the post within your circles so it helps them to prepare for the exam.

AZ-304 Azure Architect Design Online Course

AZ-304 Azure Architect Design Practice Test

AZ-304 Azure Architect Other Learning Materials

To view other Azure certificate study guides, click here

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Looking for AZ-304 Dumps? Read This!

Using az-304 exam dumps can get you permanently banned from taking any future Microsoft certificate exam. Read the FAQ page for more information. However, I strongly suggest you validate your understanding with practice questions.

Design Monitoring (10-15%)

Design for Cost Optimization

Recommend a solution for cost management and cost reporting

What is Azure Cost Management & Billing?

Recommend solutions to minimize costs

Optimization of costs

Design a Solution for Logging and Monitoring

Determine levels and storage locations for logs

Configure logging

Plan for integration with monitoring tools including Azure Monitor and Azure Sentinel

Microsoft Azure Sentinel

Recommend appropriate monitoring tool(s) for a solution

Check this PS module on the recommendation for monitoring tools (Free Trial)

Choose a mechanism for event routing and escalation

Check this PS module on Event Routing and Escalation (Free trial)

Recommend a logging solution for compliance requirements

Audit activity reports in the Azure Active Directory portal

az-304

Amazon link (affiliate)

Design Identity and Security (25-30%)

Design Authentication

Recommend a solution for single-sign-on

What is single sign-on (SSO)?

Recommend a solution for authentication

Right authentication method for Azure AD hybrid identity solution

Authentication & verification methods available in Azure AD

Identity & access management (IAM)

Recommend a solution for Conditional Access, including multi-factor authentication

Common conditional access policies

Recommend a solution for network access authentication

Azure network security overview

Recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect Health

Authentication method for Azure AD hybrid identity solution

Recommend a solution for user self-service

Self-service sign-up for Azure AD?

Recommend and implement a solution for B2B integration

YouTube video: Azure AD B2B authentication

Design Authorization

Choose an authorization approach

Authorization behavior

Recommend a hierarchical structure that includes management groups, subscriptions, and resource groups

What are the Azure management groups?

Recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD

Grant a user access to Azure resources using the Azure portal

Manage user access with Azure AD access reviews

Add or remove Azure role assignments

Start using Privileged Identity Management

Create a new tenant in Azure AD

Identity Protection, Just In Time (JIT) access

Identity Protection policies

Secure your management ports with just-in-time access

az-304 Exam details & Tips

Design Governance

Recommend a strategy for tagging

Resource naming & tagging decision guide

Recommend a solution for using Azure Policy

Enabling & managing a Key Vault policy

Recommend a solution for using Azure Blueprint

Working with Azure Blueprints

Design Security for Applications

Recommend a solution that includes KeyVault

  • What can be stored in KeyVault? & KeyVault operations

Azure Key Vault keys, secrets & certificates overview

  • KeyVault regions

Products available by region

Recommend a solution that includes Azure AD Managed Identities

Using managed identity to access Azure Resource Manager

Recommend a solution for integrating applications into Azure AD

Integrating applications with Azure AD

Design Data Storage (15-20%)

Design a Solution for Databases

Select an appropriate data platform based on requirements

Selecting an Appropriate Data Storage Service in Microsoft Azure

Recommend database service tier sizing

Service tiers in the DTU-based purchase model

Recommend a solution for database scalability

Dynamically scale database resources with minimal downtime

Scaling out with Azure SQL Database

Recommend a solution for encrypting data at rest, data in transmission, and data in use

Information protection & encryption

Design Data Integration

Recommend a data flow to meet business requirements

PS Course: Design and Document Data Flow (Free trial)

Recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics

Copy & transform data in Azure Synapse Analytics using Azure Data Factory

Select an Appropriate Storage Account

Design Business Continuity (10-15%)

Design a Solution for Backup and Recovery

Recommend a recovery solution for Azure hybrid and on-premises workloads that meet recovery objectives (RTO, RLO, RPO)

Reduce disaster recovery time with Azure Site Recovery

Design an Azure Site Recovery solution

  • Recommend a site recovery replication policy

Replication policy

  • Recommend a solution for site recovery capacity

Plan capacity for Hyper-V VM disaster recovery

Plan capacity & scaling for VMware disaster recovery to Azure

  • Recommend a solution for site failover and failback (planned/unplanned)

About on-premises disaster recovery failover/failback

Disaster recovery drill

Run a failover from on-premises to Azure

  • Recommend a solution for the site recovery network

About networking in Azure VM disaster recovery

Recommend a solution for recovery in different regions

Set up disaster recovery to a secondary Azure region for an Azure VM

Recommend a solution for Azure Backup management

Management for Azure VM backup in Recovery Services vault

Design a solution for data archiving and retention

o Recommend storage types and methodology for data archiving

o Identify business compliance requirements for data archiving

o Identify requirements for data archiving

o Identify SLA(s) for data archiving

o Recommend a data retention policy

Design for High Availability

Recommend a solution for application and workload redundancy, including compute, database, and storage

Make all things redundant

Azure Storage redundancy

Recommend a solution for autoscaling

Learn about Autoscaling

Identify resources that require high availability

Azure High Availability: Basic Concepts and a Checklist

Identify storage types for high availability

Introduction to the core Azure Storage services

Recommend a solution for geo-redundancy of workloads

Use geo-redundancy to design highly available applications

Design Infrastructure (25-30%)

Design a Compute Solution

Recommend a solution for compute provisioning

Choose an Azure compute service for your application

Determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers

Pluralsight course: Choose an appropriate compute solution

Recommend a solution for containers

  • AKS versus ACI and the configuration of each one

The best choice between ACI or AKS or Web App for containers

Recommend a solution for automating compute management

Design a Network Solution

Recommend a solution for network addressing and name resolution

Public IP addresses

Name resolution for resources in Azure virtual networks

Recommend a solution for network provisioning

Recommend a solution for network security

  • Private endpoints

What is Azure Private Endpoint?

  • Firewalls

What is Azure Firewall?

  • Gateways

What is Azure Application Gateway?

Recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks

Connectivity services

Recommend a solution for automating network management

Recommend a solution for load balancing and traffic routing

Traffic Manager routing methods

Load balance Windows VM in Azure

Azure certification Frequently Asked Questions

Design an Application Architecture

Recommend a microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks

Building serverless microservices in Azure

Building microservices on Azure

Recommend an orchestration solution for the deployment of applications including ARM templates, Logic Apps, or Azure Functions

  • Select an automation method

Azure Automation runbook types

o Choose which resources or lifecycle steps will be automated

o Design integration with other sources such as an ITSM solution

IT Service Management Connector Overview

  • recommend a solution for monitoring automation

Monitor runbooks with metric alerts

Recommend a solution for API integration

  • Design an API gateway strategy

Design an API Gateway Strategy

  • Determine policies for internal and external consumption of APIs

Policies in Azure API Management

Publishing internal APIs to external users

o Recommend a hosting structure for API management

o Recommend when and how to use API Keys

Design Migrations

Assess and interpret on-premises servers, data, and applications for migration

Assess VMware VMs for migration to Azure VMs

Migrate your .NET web app or service to Azure App Service

Migrate SQL Server to Azure SQL Database offline using DMS

Recommend a solution for migrating applications and VMs

YouTube video: How to migrate your VMs, databases, and apps to Azure using Azure Migrate

Recommend a solution for migration of databases

  • Determine migration scope, including redundant, related, trivial, and outdated data

Supported scopes of migration

This brings us to the end of AZ-304 Study Guide

What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!

In case you are looking for other Azure certification exams check out this page

Follow/Like ravikirans.com to Receive Updates

Sign up for Newsletter

Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the Article in Your Social Media Networks

  • 1
  •  
  •  
  •  
  •  
    1
    Share

You may also like