AZ-304 Study Guide: Microsoft Azure Architect Design

To get the Microsoft Certified: Azure Solutions Architect Expert certification, there are two new exams which you need to pass, the AZ-303: Microsoft Azure Architect Technologies and the AZ-304: Microsoft Azure Architect Design exam. In this blog post, I am going to share my AZ-304: Microsoft Azure Architect Design Certification Exam Study Guide with you. To learn and prepare for the exam, I usually use a couple of online resources, mainly Microsoft Docs and Microsoft Learn, which I am going to share with you. You can find more information about how I prepare for a Microsoft Certification exam on my blog post: How to prepare and pass Microsoft Certification Exam.

NOTE: Before starting with this exam, check out the new AZ-305 exam and my AZ-305 Microsoft Azure Solutions Architect Certification Exam Study Guide.

Also, check out other Microsoft Azure Certification Exam Study Guides:

• Exam AZ-900: Microsoft Azure Fundamentals Exam Study Guide
• Exam AZ-104: Microsoft Azure Administrator Exam Study Guide
• Exam AZ-204: Developing Solutions for Microsoft Azure Exam Study Guide
• Exam AZ-303: Microsoft Azure Architect Technologies Exam Study Guide
• Exam AZ-500: Microsoft Azure Security Technologies Exam Study Guide
• Exam AZ-600: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub Exam Study Guide
• Exam AZ-700: Microsoft Azure Network Engineer Exam Study Guide
• Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals Exam Study Guide
• Exam DP-300: Azure Database Administrator Exam Study Guide

Here is my AZ-304 Microsoft Azure Architect Technologies Certification Exam Study Guide

It is essential to get familiar with the exam objectives and skills measured first. That is why I recommend reading the description of the exam and the skills measured.

Exam AZ-304: Microsoft Azure Architect Design

Candidates for this exam are Azure Solutions Architects who advise stakeholders and translate business requirements into secure, scalable, and reliable solutions.

Candidates should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution.

Candidates must have expert-level skills in Azure administration and have experience with Azure development processes and DevOps processes.

The high-level view of the skills measured in the exam:

• Design Monitoring (10-15%)
• Design Identity and Security (25-30%)
• Design Data Storage (15-20%)
• Design Business Continuity (10-15%)
• Design Infrastructure (25-30%)

You can find more information on the exam website.

Free Online Microsoft Learn AZ-304 Exam Study Guide resources

Microsoft Learn provides you with free online training and learning paths for different Microsoft technologies. They not just offer reading material, but also control questions and free online labs. Here are some relevant Microsoft Learn modules and learning paths for the AZ-304 Microsoft Azure Architect Design Certification Exam. Microsoft Learn is an important part of my AZ-304 exam study guide.

• Architect great solutions in Azure
• Architect network infrastructure in Azure
• Architect a data platform in Azure
• Architect storage infrastructure in Azure
• Architect compute infrastructure in Azure
• Architect infrastructure operations in Azure
• Architect migration, business continuity, and disaster recovery in Azure
• Architect modern applications in Azure
• Architect secure infrastructure in Azure

Microsoft Docs AZ-304 study guide resources

One thing I always used to prepare for my Microsoft exams is Microsoft Docs. Here are the relevant Microsoft Docs which I used to prepare and study for the AZ-304 exam.

Design Monitoring (10-15%)

Design for cost optimization

• recommend a solution for cost management and cost reporting
  • Manage Azure costs and usage
  • What is Azure Cost Management and Billing?
  • Quickstart: Explore and analyze costs with cost analysis
• recommend solutions to minimize costs
  • Reduce service costs using Azure Advisor
  • Azure Reserved VM Instances (RIs)
  • What are Azure Reservations?
  • How to reduce the costs of your Azure IaaS VMs (Thomas Maurer)

Design a solution for logging and monitoring

• determine levels and storage locations for logs
  • Logs in Azure Monitor
  • Azure diagnostic logs
  • Enable diagnostics logging for apps in Azure App Service
  • Create diagnostic setting to collect platform logs and metrics in Azure
• plan for integration with monitoring tools including Azure Monitor and Azure Sentinel
  • Azure Monitor overview
  • Tutorial: Collect and analyze resource logs from an Azure resource
  • What is Azure Sentinel?
  • Quickstart: On-board Azure Sentinel
• recommend appropriate monitoring tool(s) for a solution
  • Azure Monitor overview
  • Best practices for monitoring cloud applications
• choose a mechanism for event routing and escalation
  • What is Azure Event Grid?
  • Stream Azure monitoring data to an event hub
  • Create and manage action groups in the Azure portal
• recommend a logging solution for compliance requirements
  • Azure security logging and auditing
  • Azure security management and monitoring overview
  • What is Azure Security Center?

Design Identity and Security (25-30%)

Design authentication

• recommend a solution for single-sign on
  • Azure Active Directory Seamless Single Sign-On
  • Single sign-on to applications in Azure Active Directory
  • Configure SaaS apps for B2B collaboration
  • Azure Active Directory Seamless Single Sign-On: Quick start
  • Azure Active Directory Seamless Single Sign-On: Frequently asked questions
• recommend a solution for authentication
  • Authentication basics
  • Authentication flows and application scenarios
• recommend a solution for Conditional Access, including multi-factor authentication
  • Conditional Access: Require MFA for all users
  • Conditional Access: Risk-based Conditional Access
  • Tutorial: Secure user sign-in events with Azure Multi-Factor Authentication
• recommend a solution for network access authentication
  • Quickstart: Configure named locations in Azure Active Directory
  • What is the location condition in Azure Active Directory Conditional Access?
•  recommend a solution for a hybrid identity including Azure AD Connect, Azure AD
  Connect cloud sync and Azure AD Connect Health
  • Custom installation of Azure AD Connect
  • Select which installation type to use for Azure AD Connect
  • Azure Active Directory Connect Health operations
  • What is Azure AD Connect?
  • What is Azure AD Connect cloud sync?
• recommend a solution for user self-service
  • Plan an Azure Active Directory self-service password reset
• recommend and implement a solution for B2B integration
  • What is guest user access in Azure Active Directory B2B?
  • Compare B2B collaboration and B2C in Azure Active Directory

Design authorization

• choose an authorization approach
  • Authentication basics
• recommend a hierarchical structure that includes management groups, subscriptions and resource groups
  • Overview of Management services in Azure
  • Azure Resource Manager overview
  • Organize your resources with Azure management groups
  • Create management groups for resource organization and management
  • Manage Azure Resource Manager resource groups by using the Azure portal
  • Azure subscription and service limits, quotas, and constraints
• recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) access
  • Add or remove role assignments using Azure RBAC and the Azure portal
  • What is role-based access control (RBAC) for Azure resources?
  • Quickstart: View the access a user has to Azure resources
  • What are Azure AD access reviews?
  • What is Azure Active Directory Identity Protection?
  • Secure your management ports with just-in-time access
  • What is Azure AD Privileged Identity Management?

Design governance

• recommend a strategy for tagging
  • Use tags to organize your Azure resources
  • Use Azure Tags to organize Resources (Thomas Maurer)
• recommend a solution for using Azure Policy
  • What is Azure Policy?
  • Tutorial: Create and manage policies to enforce compliance
• recommend a solution for using Azure Blueprint
  • What is Azure Blueprints?
  • Quickstart: Define and assign a blueprint in the portal
• recommend a solution that leverages Azure Resource Graph
  • What is Azure Resource Graph?

Design security for applications

• recommend a solution that includes KeyVault
  • What is Azure Key Vault?
  • About keys, secrets, and certificates
• recommend a solution that includes Azure AD Managed Identities
  • What are managed identities for Azure resources?
  • Use a Windows VM system-assigned managed identity to access Resource Manager
• recommend a solution for integrating applications into Azure AD
  • Tutorial: Register an application in Azure Active Directory B2C

Design Data Storage (15-20%)

Choose the right data store

Design a solution for databases

• select an appropriate data platform based on requirements
  • What is the Azure SQL Database service?
  • Choose the right deployment option in Azure SQL
• recommend database service tier sizing
  • Azure SQL Database service tiers
  • General purpose service tier – Azure SQL Database
• recommend a solution for database scalability
  • Scalability
• recommend a solution for encrypting data at rest, data in transmission, and data in use
  • Azure Data Encryption-at-Rest
  • Azure encryption overview
  • Transparent data encryption for SQL Database and Azure Synapse

Design data integration

• recommend a data flow to meet business requirements
  • Create Azure Data Factory Data Flow
  • Source transformation in mapping data flow
• recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics
  • What is Azure Data Factory?
  • What is Azure Databricks?
  • What is Azure Data Lake Storage Gen1?
  • Introduction to Azure Data Lake Storage Gen2
  • What is Azure Synapse Analytics (formerly SQL DW)?

Select an appropriate storage account

• choose between storage tiers
  • Azure Blob storage: hot, cool, and archive access tiers
• recommend a storage access solution
  • Manage storage account access keys
  • Introduction to Azure Storage
  • Authorize access to blobs and queues using Azure Active Directory
• recommend storage management tools
  • Microsoft client tools for working with Azure Storage
  • Get started with AzCopy

Design Business Continuity (10-15%)

Design a solution for backup and recovery

• recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)
  • About Site Recovery
  • General questions about Azure Site Recovery
  • Common questions about VMware to Azure replication
  • Common questions – Hyper-V to Azure disaster recovery
  • What is the Azure Backup service?
  • Azure Backup architecture and components
  • Azure Backup Server protection matrix
• design and Azure Site Recovery solution
  • About Site Recovery
  • General questions about Azure Site Recovery
• recommend a solution for recovery in different regions
  • Set up disaster recovery to a secondary Azure region for an Azure VM
  • Azure Storage redundancy
  • Disaster recovery and account failover (preview)
  • Designing highly available applications using read-access geo-redundant storage
• recommend a solution for geo-redundancy of workloads
  • Use geo-redundancy to design highly available applications
  • Azure Storage redundancy
  • What is Traffic Manager?
• recommend a solution for Azure Backup management
  • Monitor and manage Recovery Services vaults
  • Azure Backup architecture and components
• design a solution for data archiving and retention
  • Manage the Azure Blob storage lifecycle
  • Azure Blob storage: hot, cool, and archive access tiers

Design for high availability

• recommend a solution for application and workload redundancy, including compute, database, and storage
  • What are Availability Zones in Azure?
  • Tutorial: Create and deploy highly available virtual machines with Azure PowerShell
  • Azure Storage redundancy
  • High-availability and Azure SQL Database
  • Overview of business continuity with Azure SQL Database
• recommend a solution for autoscaling
  • What are virtual machine scale sets?
  • Autoscaling
  • Overview of autoscale in Microsoft Azure Virtual Machines, Cloud Services, and Web Apps
  • Dynamically scale database resources with minimal downtime
  • Scaling out with Azure SQL Database
• identify resources that require high availability
  • Review your data options
  • Achieving Compliant Data Residency and Security with Azure (White Paper)
• identify storage types for high availability
  • Disaster recovery and account failover (preview)

Design Infrastructure (25-30%)

Design a compute solution

• recommend a solution for compute provisioning
  • Choose an Azure compute service for your application
• determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
  • Choose an Azure compute service for your application
  • App Service
  • Azure Kubernetes Service (AKS)
  • Batch
  • Container Instances
  • Functions
  • Service Fabric
  • Virtual machines
  • What is Windows Virtual Desktop?
• recommend a solution for containers
  • Azure Kubernetes Service (AKS)
  • What is Azure Container Instances?
  • Introduction to private Docker container registries in Azure
• recommend a solution for automating compute management
  • An introduction to Azure Automation
  • Overview – What is Azure Logic Apps?

Design a network solution

• recommend a network architecture (hub and spoke, Virtual WAN)
  • Hub-spoke network topology with Azure Virtual WAN
• recommend a solution for network addressing and name resolution
  • Name resolution for resources in Azure virtual networks
  • Use Azure DNS to provide custom domain settings for an Azure service
  • Tutorial: Host your domain in Azure DNS
  • Quickstart: Create an Azure private DNS zone using the Azure portal
• recommend a solution for network provisioning
  • What is Azure Virtual Network?
  • Virtual network service endpoint policies for Azure Storage
  • Virtual Network service endpoints
• recommend a solution for network security including Private Link, firewalls, gateways,
  network segmentation (perimeter networks/DMZs/NVAs)
  • Network security groups
  • Application security groups
  • Virtual network service endpoints
  • Virtual network security FAQ
  • What is Azure Firewall?
  • Deploy highly available NVAs
• recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
  • What is VPN Gateway?
  • ExpressRoute overview
• recommend a solution for automating network management
  • What is Azure Virtual Network?
• recommend a solution for load balancing and traffic routing
  • Overview of load-balancing options in Azure
  • Front Door
  • Traffic Manager
  • Application Gateway
  • Azure Load Balancer

Design an application architecture

• recommend a microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks
  • Microservices architecture style
  • Event Grid
  • Event Hub
  • Service Bus
  • Storage Queues
  • Logic Apps
  • Azure Functions
  • webhooks
• recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions
  • Extend Azure Resource Manager template functionality
  • Azure Resource Manager templates overview
  • Tutorial: Create and deploy your first Azure Resource Manager template
  • Logic Apps
  • Azure Functions
• recommend a solution for API integration
  • Basic enterprise integration on Azure
  • API Management
  • Integration Services

Design migrations

• assess and interpret on-premises servers, data, and applications for migration
  • Azure migration center
  • About Azure Migrate
  • Prepare VMware VMs for assessment and migration to Azure
  • Assess VMware VMs by using Azure Migrate Server Assessment
  • About assessments in Azure Migrate
  • Assess the readiness of a SQL Server data estate migrating to Azure SQL Database using the Data Migration Assistant
• recommend a solution for migrating applications and VMs
  • About Azure Migrate
  • Select a VMware migration option
• recommend a solution for migration of databases
  • Assess the readiness of a SQL Server data estate migrating to Azure SQL Database using the Data Migration Assistant
  • SQL Server Migration Assistant
• determine migration scope, including redundant, related, trivial, and outdated data
  • How to migrate
• recommend a solution for migrating data (Storage Migration Service, Azure Data Box,
  Azure File Sync-based migration to hybrid file server)
  • Storage Migration Service overview
  • What is Azure Data Box?
  • What is Azure File Sync?

Tips and Resources

I hope this AZ-304 Microsoft Azure Architect Design Certification Exam Study Guide helps you pass the exam and get the Azure Solutions Architect certification. I also recommend that you open a free Azure account if you don’t have one yet. You can create your free Azure account here. Also, check out my blog posts about Microsoft Azure Certification:

• Why you should become Microsoft Azure certified
• How to pick the right Azure exam certification path
• How to prepare and pass a Microsoft Azure exam
• Learn Microsoft Azure in 2020
• AZ-104 Microsoft Azure Administrator Exam Study Guide

I hope you enjoyed my AZ-304 Study Guide and it helps you as exam prep. Did I miss any link, or do you have any recommended AZ-304 Microsoft Azure Architect Design Certification Exam Study resources? Let me know in the comments.