Preparing for AZ-300 and 301: Azure Solutions Architect Expert

Skylines Academy Approach 

What is the Azure Solutions Architect Certification? 

Microsoft Certified Solutions Architect Experts are those who have taken and passed both the AZ-300 and AZ-301 Exams. 

Who should take these exams? 

Experienced IT experts with knowledge of cloud infrastructure and services: networking, storage, compute, governance, identity, security, data management, DevOps etc. 

In order to take and pass these exams, you must be able to not only administer the Azure environment but advise your customers on direction based on their specific objectives and business environments. Passing this exam implies that you are able to take customer requirements and translate them into solutions based on best practices and experience.  

*Core areas of learning include: 

AZ-300: 

  • Deploy and configure infrastructure 

  • Implement workloads and security 

  • Create and deploy apps 

  • Implement authentication and security 

  • Develop for the cloud and for Azure storage 

AZ-301: 

  • Determine workload requirements 

  • Design for identity and security 

  • Design a data platform solution 

  • Design a business continuity strategy 

  • Design for deployment, migration, and integration 

  • Design and infrastructure strategy 

*see in-depth curriculum for this exam at the bottom of this post 

What are the main differences between the two exams? 

AZ-300 is applied (there are labs!), whereas AZ-301 tests against theory via Azure design. 

Once you’ve studied and sat the exam and get that passing score, you’ll now be a rightfully proud Microsoft Certified: Azure Solutions Architect Expert.  

 
lrn_browse-cert_simplebadge-microsoft-certified-expert.png
 

What if I’m not ready to take the expert-level 300 and 301 exams? 

If you are just starting out, we recommend you look at the AZ-900: Microsoft Azure Fundamentals for core Azure cloud concepts. If you have some cloud experience, the AZ-103: Microsoft Azure Administrator will be the exam for you. Neither the AZ-900 nor the AZ-103 exams are pre-requisites to becoming an Azure Solutions Architect Expert but we do recommend you take at least the 103 prior to sitting for the 300 and 301 exams. 

Here’s a sample plan for taking Microsoft exams: 

roadmap.png

Source: Microsoft Role-based Certification Roadmap 

Why take the exams: 

Whether it's an employer requirement or you are looking to validate your skills, these tests certify your Azure knowledge and are a great addition to your resume. These exams will prove your knowledge and expertise of the Azure platform across several services. An added perk is Azure Architect jobs pay well! While money is not everything, PayScale and other job sites say that the average Solutions Architect with Microsoft Azure skills (in the US) makes on average ~$120,00 per year.   

How to Prepare: 

  1. Review the Microsoft Exam Blueprints - This should be your first stop during exam preparation. Microsoft uses the blueprint to break down topics and assign a weight (% of questions) to the exams so you’ll have an idea how much to study for each section. 
     

  2. Invest in an online course to help walk you through what’s going to be on the Exam. Throughout the Skylines Academy Microsoft AZ-300 and AZ-301 courses, Master Instructor Nick Colyer will walk you through objectives and demo with the portal and PowerShell knowledge you will need to take and pass the exam. Make sure to be hands-on and spin up your own Azure environment to follow along. Note: For those of you who like to save money, there is also a bundle for both courses available at a discounted price. 
     

  3. Set up your own Azure subscription to familiarize yourself with Azure services which are covered in the exam. Check out the free Azure Trial Account Creation demo to help you get set up.  
     

  4. Brush up on PowerShell commands by downloading the free PowerShell Guide. You can complete the exam with the GUI or PowerShell, Microsoft doesn’t score differently; As long as, you complete the task correctly. A command line option may come up as the only way to solve an issue, so it is good to familiarize yourselves with PowerShell commands. 
     

  5. Gain more detail with Microsoft Documentation. We’ve put together some handy Study Guides which reference the most-relevant links for studying for the exam. Study guides are also found within each course at the bottom section. We understand that everyone has different learning styles. Some people require additional post-course reading and Microsoft makes it easy to read up on any Azure topic imaginable though docs.  
     

  6. Take practice tests. Specifically, for the 300, but applicable to the 301, we’ve put together 80 practice questions based on our experience taking the exam and feedback from students.  
     

  7. Ask your peers! There thousands of like-minded individuals who are studying for or have already taken the AZ-300 and 301 exams. Check out the Azure Study Group and feel free to join, post, and see what your fellow Azure students are up to. 

Other Useful Resources 

  1. Microsoft Learning Paths: There are also Microsoft learning paths online available for different topics.   

  2. GitHub Repo: Here you can find labs to deploy code in your own environment. 

  3. Blogs: Here’s a list of blogs we found useful in studying for the exams: 

    1. Build Azure: Chris Pietschmann provides comprehensive Azure updates and Microsoft certification paths. We highly recommend this blog to keep up-to-date and find your path to learning Azure. 

    2. Azure Greg: Gregor Suttie has a ton of passion and knowledge about all things Azure. H also has some great posts on best practices and study links/resources. 

    3. PixelRobots: Richard Hooper is an MVP and was awarded the top 20 Azure blogs and you will see why.  His up to date content is a great resource to stay on top of the ever-changing Azure services. 

 

Let us know about your success! We love to empower our students and promote them. You can reach us on Twitter, LinkedIn or Facebook 

 
academycloud_magical.png
 

AZ-300 Skills Measured: 

  • Deploy and configure infrastructure (25-30%) 

    • Analyze resource utilization and consumption 

    • configure diagnostic settings on resources 

    • create baseline for resources 

    • create and rest alerts 

    • analyze alerts across subscription 

    • analyze metrics across subscription 

    • create action groups 

    • monitor for unused resources 

    • monitor spend 

    • report on spend 

    • utilize Log Search query functions 

    • view alerts in Azure Monitor logs 

    • Create and configure storage accounts 

    • configure network access to the storage account 

    • create and configure storage account 

    • generate shared access signature 

    • install and use Azure Storage Explorer 

    • manage access keys 

    • monitor activity log by using Azure Monitor logs 

    • implement Azure storage replication 

    • Create and configure a Virtual Machine (VM) for Windows and Linux 

    • configure high availability 

    • configure monitoring, networking, storage, and virtual machine size 

    • deploy and configure scale sets 

    • Automate deployment of Virtual Machines (VMs) 

    • Modify Azure Resource Manager template 

    • configure location of new VMs 

    • configure VHD template 

    • deploy from template 

    • save a deployment as an Azure Resource Manager template 

    • deploy Windows and Linux VMs 

    • Implement solutions that use virtual machines (VM) 

    • provision VMs 

    • create Azure Resource Manager templates 

    • configure Azure Disk Encryption for VMs 

    • Create connectivity between virtual networks 

    • create and configure VNET peering 

    • create and configure VNET to VNET 

    • verify virtual network connectivity 

    • create virtual network gateway 

    • Implement and manage virtual networking 

    • configure private and public IP addresses, network routes, network interface, subnets, and virtual network 

    • Manage Azure Active Directory (AD) 

    • add custom domains 

    • configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming 

    • configure self-service password reset 

    • implement conditional access policies 

    • manage multiple directories 

    • perform an access review 

    • Implement and manage hybrid identities 

    • install and configure Azure AD Connect 

    • configure federation and single sign-on 

    • manage Azure AD Connect 

    • manage password sync and writeback 

     

    Implement workloads and security (20-25%) 

    Migrate servers to Azure 

    • migrate by using Azure Site Recovery 

    • migrate using P2V 

    • configure storage 

    • create a backup vault 

    • prepare source and target environments 

    • backup and restore data 

    • deploy Azure Site Recovery agent 

    • prepare virtual network 

    Configure serverless computing 

    • manage a Logic App resource 

    • manage Azure Function app settings 

    • manage Event Grid 

    • manage Service Bus 

    Implement application load balancing 

    • configure application gateway and load balancing rules 

    • implement front end IP configurations 

    • manage application load balancing 

    Integrate on-premises network with Azure virtual network 

    • create and configure Azure VPN Gateway 

    • create and configure site to site VPN 

    • configure Express Route 

    • verify on-premises connectivity 

    • manage on-premises connectivity with Azure 

    Manage role-based access control (RBAC) 

    • create a custom role 

    • configure access to Azure resources by assigning roles 

    • configure management access to Azure 

    • troubleshoot RBAC 

    • implement RBAC policies 

    • assign RBAC roles 

    Implement Multi-Factor Authentication (MFA) 

    • enable MFA for an Azure tenant 

    • configure user accounts for MFA 

    • configure fraud alerts 

    • configure bypass options 

    • configure trusted IPs 

    • configure verification methods 

    • manage role-based access control (RBAC) 

    • implement RBAC policies 

    • assign RBAC Roles 

    • create a custom role 

    • configure access to Azure resources by assigning roles 

    • configure management access to Azure 

    Create and deploy apps (5-10%) 

    Create web apps by using PaaS 

    • create an Azure App Service Web App 

    • create documentation for the API 

    • create an App Service Web App for containers 

    • create an App Service background task by using WebJobs 

    • enable diagnostics logging 

    Design and develop apps that run in containers 

    • configure diagnostic settings on resources 

    • create a container image by using a Docker file 

    • create an Azure Kubernetes Service 

    • publish an image to the Azure Container Registry 

    • implement an application that runs on an Azure Container Instance 

    • manage container settings by using code 

    Implement authentication and secure data (5-10%) 

    Implement authentication 

    • implement authentication by using certificates, forms-based authentication, tokens, or Windows-integrated authentication 

    • implement multi-factor authentication by using Azure AD 

    • implement OAuth2 authentication 

    • implement Managed identities for Azure resources Service Principal authentication 

    Implement secure data solutions 

    • encrypt and decrypt data at rest and in transit 

    • encrypt data with Always Encrypted 

    • implement Azure Confidential Compute and SSL/TLS communications 

    • create, read, update, and delete keys, secrets, and certificates by using the KeyVault API 

    Develop for the cloud and for Azure storage (20-25%) 

    Develop solutions that use Cosmos DB storage 

    • create, read, update, and delete data by using appropriate APIs 

    • implement partitioning schemes 

    • set the appropriate consistency level for operations 

    Develop solutions that use a relational database 

    • provision and configure relational databases 

    • configure elastic pools for Azure SQL Database 

    • create, read, update, and delete data tables by using code 

    Configure a message-based integration architecture 

    • configure an app or service to send emails, Event Grid, and the Azure Relay Service 

    • create and configure Notification Hub, Event Hub, and Service Bus rules and patterns (schedule, operational/system metrics, code that addresses singleton application instances) 

    • implement code that addresses transient state 

     

    AZ-301 Skills Measured: 

    Determine workload requirements (10-15%) 

    Gather Information and Requirements 

    • identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability) 

    • identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements 

    • recommend changes during project execution (ongoing) 

    • evaluate products and services to align with solution 

    • create testing scenarios 

    Optimize Consumption Strategy 

    • optimize app service, compute, identity, network, and storage costs 

    Design an Auditing and Monitoring Strategy 

    • define logical groupings (tags) for resources to be monitored 

    • determine levels and storage locations for logs 

    • plan for integration with monitoring tools 

    • recommend appropriate monitoring tool(s) for a solution 

    • specify mechanism for event routing and escalation 

    • design auditing for compliance requirements 

    • design auditing policies and traceability requirements 

    Design for identity and security (20-25%) 

    Design Identity Management 

    • choose an identity management approach 

    • design an identity delegation strategy, identity repository (including directory, application, systems, etc.) 

    • design self-service identity management and user and persona provisioning 

    • define personas and roles 

    • recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based) 

    Design Authentication 

    • choose an authentication approach 

    • design a single-sign on approach 

    • design for IPSec, logon, multi-factor, network access, and remote authentication 

    Design Authorization 

    • choose an authorization approach 

    • define access permissions and privileges 

    • design secure delegated access (e.g., oAuth, OpenID, etc.) 

    • recommend when and how to use API Keys 

    Design for Risk Prevention for Identity 

    • design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access) 

    • evaluate agreements involving services or products from vendors and contractors 

    • update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures 

    Design a Monitoring Strategy for Identity and Security 

    • design for alert notifications 

    • design an alert and metrics strategy 

    • recommend authentication monitors 

    Design a data platform solution (15-20%) 

    Design a Data Management Strategy 

    • choose between managed and unmanaged data store 

    • choose between relational and non-relational databases 

    • design data auditing and caching strategies 

    • identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.) 

    • recommend Database Transaction Unit (DTU) sizing 

    • design a data retention policy 

    • design for data availability, consistency, and durability 

    • design a data warehouse strategy 

    Design a Data Protection Strategy 

    • recommend geographic data storage 

    • design an encryption strategy for data at rest, for data in transmission, and for data in use 

    • design a scalability strategy for data 

    • design secure access to data 

    • design a data loss prevention (DLP) policy 

    Design and Document Data Flows 

    • identify data flow requirements 

    • create a data flow diagram 

    • design a data flow to meet business requirements 

    • design a data import and export strategy 

    Design a Monitoring Strategy for the Data Platform 

    • design for alert notifications 

    • design an alert and metrics strategy 

    Design a business continuity strategy (15-20%) 

    Design a Site Recovery Strategy 

    • design a recovery solution 

    • design a site recovery replication policy 

    • design for site recovery capacity and for storage replication 

    • design site failover and failback (planned/unplanned) 

    • design the site recovery network 

    • recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO)) 

    • identify resources that require site recovery 

    • identify supported and unsupported workloads 

    • recommend a geographical distribution strategy 

    Design for High Availability 

    • design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy 

    • identify resources that require high availability 

    • identify storage types for high availability 

    Design a Data Archiving Strategy 

    • recommend storage types and methodology for data archiving 

    • identify requirements for data archiving and business compliance requirements for data archiving 

    • identify SLA(s) for data archiving 

    Design for deployment, migration, and integration (10-15%) 

    Design Deployments 

    • design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy 

    Design Migrations 

    • recommend a migration strategy 

    • design data import/export strategies during migration 

    • determine the appropriate application migration, data transfer, and network connectivity method 

    • determine migration scope, including redundant, related, trivial, and outdated data 

    • determine application and data compatibility 

    Design an API Integration Strategy 

    • design an API gateway strategy 

    • determine policies for internal and external consumption of APIs 

    • recommend a hosting structure for API management 

    Design an infrastructure strategy (15-20%) 

    Design a Storage Strategy 

    • design a storage provisioning strategy 

    • design storage access strategy 

    • identify storage requirements 

    • recommend a storage solution and storage management tools 

    Design a Compute Strategy 

    • design compute provisioning and secure compute strategies 

    • determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.) 

    • design an Azure HPC environment 

    • identify compute requirements 

    • recommend management tools for compute 

    Design a Networking Strategy 

    • design network provisioning and network security strategies 

    • determine appropriate network connectivity technologies 

    • identify networking requirements 

    • recommend network management tools 

    Design a Monitoring Strategy for Infrastructure 

    • design for alert notifications 

    • design an alert and metrics strategy