Azure Solutions Architect Expert
Summary
*This post is a working copy of notes for those studying for the Azure Solutions Architect role. I will continue to update with the relevant links and the practice questions as I go through the documents myself.
There are over 206 areas that an Azure Solutions architect should confidently know. Below is an extract of both the AZ-300 (Microsoft Azure Architect Technologies) and AZ-301 (Microsoft Azure Architect Design) exams.
The official documentation for both is listed here: https://www.microsoft.com/en-us/learning/azure-solutions-architect.aspx
For those that want to download the official sets of documents:
for row in $(curl https://api.github.com/repositories/72685026/contents/articles | jq -c -r '.[] | select(.type | contains("dir")) | "\(.name)"'); do wget -O "${row}.pdf" "https://docs.microsoft.com/en-us/azure/opbuildpdf/${row}/toc.pdf?branch=live"; done
*I’m not sure how I happen to get hold of this script, but I found it somewhere on a blog. If anyone happens to know where this script comes from, pleased do let me know so that I can give credit where it’s due.
Deploy and Configure Infrastructure
Analyze resource utilization and consumption
- configure diagnostic settings on resources
- create baseline for resources
- create and rest alerts
- analyze alerts across subscription
- analyze metrics across subscription
- create action groups
- monitor for unused resources
- monitor spend
- report on spend
- utilize Log Search query functions
- view alerts in Azure Monitor logs
Create and configure storage accounts
- configure network access to the storage account
- create and configure storage account
- generate shared access signature
- install and use Azure Storage Explorer
- manage access keys
- monitor activity log by using Azure Monitor logs
- implement Azure storage replication
Create and configure a Virtual Machine (VM) for Windows and Linux
- configure high availability
- configure monitoring, networking, storage, and virtual machine size
- deploy and configure scale sets
Automate deployment of Virtual Machines (VMs)
- Modify Azure Resource Manager template
- configure location of new VMs
- configure VHD template
- deploy from template
- save a deployment as an Azure Resource Manager template
- deploy Windows and Linux VMs
Implement solutions that use virtual machines (VM)
- provision VMs
- create Azure Resource Manager templates
- configure Azure Disk Encryption for VMs
Create connectivity between virtual networks
- create and configure VNET peering
- create and configure VNET to VNET
- verify virtual network connectivity
- create virtual network gateway
Implement and manage virtual networking
- configure private and public IP addresses, network routes, network interface, subnets, and virtual network
Manage Azure Active Directory (AD)
- Add custom domains: [1] [2]
- configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming
- Configure self-service password reset: [1]
- Implement conditional access policies: [1]
- Manage multiple directories: [1] [2] [3]
- Perform an access review: [1]
Implement and manage hybrid identities
- install and configure Azure AD Connect
- configure federation and single sign-on
- manage Azure AD Connect
- manage password sync and writeback
Implement Workloads and Security
Migrate servers to Azure
- migrate by using Azure Site Recovery
- migrate using P2V
- configure storage
- create a backup vault
- prepare source and target environments
- backup and restore data
- deploy Azure Site Recovery agent
- prepare virtual network
Configure serverless computing
- manage a Logic App resource
- manage Azure Function app settings
- manage Event Grid
- manage Service Bus
Implement application load balancing
- configure application gateway and load balancing rules
- implement front end IP configurations
- manage application load balancing
Integrate on-premises network with Azure virtual network
- create and configure Azure VPN Gateway
- create and configure site to site VPN
- configure Express Route
- verify on-premises connectivity
- manage on-premises connectivity with Azure
Manage role-based access control (RBAC)
- create a custom role
- configure access to Azure resources by assigning roles
- configure management access to Azure
- troubleshoot RBAC
- implement RBAC policies
- assign RBAC roles
Implement Multi-Factor Authentication (MFA)
- enable MFA for an Azure tenant
- configure user accounts for MFA
- configure fraud alerts
- configure bypass options
- configure trusted IPs
- configure verification methods
- manage role-based access control (RBAC)
- implement RBAC policies
- assign RBAC Roles
- create a custom role
- configure access to Azure resources by assigning roles
- configure management access to Azure
Create and Deploy Apps
Create web apps by using PaaS
- create an Azure App Service Web App
- create documentation for the API
- create an App Service Web App for containers
- create an App Service background task by using WebJobs
- enable diagnostics logging
Design and develop apps that run in containers
- configure diagnostic settings on resources
- create a container image by using a Docker file
- create an Azure Kubernetes Service
- publish an image to the Azure Container Registry
- implement an application that runs on an Azure Container Instance
- manage container settings by using code
Implement Authentication and Secure Data
Implement authentication
- implement authentication by using certificates, forms-based authentication, tokens, or Windows-integrated authentication
- implement multi-factor authentication by using Azure AD
- implement OAuth2 authentication
- implement Managed identities for Azure resources Service Principal authentication
Implement secure data solutions
- encrypt and decrypt data at rest and in transit
- encrypt data with Always Encrypted
- implement Azure Confidential Compute and SSL/TLS communications
- create, read, update, and delete keys, secrets, and certificates by using the KeyVault API
Develop for the Cloud and for Azure Storage
Develop solutions that use Cosmos DB storage
- create, read, update, and delete data by using appropriate APIs
- implement partitioning schemes
- set the appropriate consistency level for operations
Develop solutions that use a relational database
- provision and configure relational databases
- configure elastic pools for Azure SQL Database
- create, read, update, and delete data tables by using code
Configure a message-based integration architecture
- configure an app or service to send emails, Event Grid, and the Azure Relay Service
- create and configure Notification Hub, Event Hub, and Service Bus
- configure queries across multiple products
Develop for autoscaling
- implement autoscaling rules and patterns (schedule, operational/system metrics, code that addresses singleton application instances)
- implement code that addresses transient state
Determine Workload Requirements
Gather Information and Requirements
- identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability)
- identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements
- recommend changes during project execution (ongoing)
- evaluate products and services to align with solution
- create testing scenarios
Optimize Consumption Strategy
- optimize app service, compute, identity, network, and storage costs
Design an Auditing and Monitoring Strategy
- define logical groupings (tags) for resources to be monitored
- determine levels and storage locations for logs
- plan for integration with monitoring tools
- recommend appropriate monitoring tool(s) for a solution
- specify mechanism for event routing and escalation
- design auditing for compliance requirements
- design auditing policies and traceability requirements
Design for Identity and Security
Design Identity Management
- choose an identity management approach
- design an identity delegation strategy, identity repository (including directory, application, systems, etc.)
- design self-service identity management and user and persona provisioning
- define personas and roles
- recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)
Design Authentication
- choose an authentication approach
- design a single-sign on approach
- design for IPSec, logon, multi-factor, network access, and remote authentication
Design Authorization
- choose an authorization approach
- define access permissions and privileges
- design secure delegated access (e.g., oAuth, OpenID, etc.)
- recommend when and how to use API Keys
Design for Risk Prevention for Identity
- design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access)
- evaluate agreements involving services or products from vendors and contractors
- update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
Design a Monitoring Strategy for Identity and Security
- design for alert notifications
- design an alert and metrics strategy
- recommend authentication monitors
Design a Data Platform Solution
Design a Data Management Strategy
- choose between managed and unmanaged data store
- choose between relational and non-relational databases
- design data auditing and caching strategies
- identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.)
- recommend Database Transaction Unit (DTU) sizing
- design a data retention policy
- design for data availability, consistency, and durability
- design a data warehouse strategy
Design a Data Protection Strategy
- recommend geographic data storage
- design an encryption strategy for data at rest, for data in transmission, and for data in use
- design a scalability strategy for data
- design secure access to data
- design a data loss prevention (DLP) policy
Design and Document Data Flows
- identify data flow requirements
- create a data flow diagram
- design a data flow to meet business requirements
- design a data import and export strategy
Design a Monitoring Strategy for the Data Platform
- design for alert notifications
- design an alert and metrics strategy
Design a Business Continuity Strategy
Design a Site Recovery Strategy
- design a recovery solution
- design a site recovery replication policy
- design for site recovery capacity and for storage replication
- design site failover and failback (planned/unplanned)
- design the site recovery network
- recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO))
- identify resources that require site recovery
- identify supported and unsupported workloads
- recommend a geographical distribution strategy
Design for High Availability
- design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy
- identify resources that require high availability
- identify storage types for high availability
Design a disaster recovery strategy for individual workloads
- design failover/failback scenario(s)
- document recovery requirements
- identify resources that require backup
- recommend a geographic availability strategy
Design a Data Archiving Strategy
- recommend storage types and methodology for data archiving
- identify requirements for data archiving and business compliance requirements for data archiving
- identify SLA(s) for data archiving
Design for Deployment, Migration, and Integration
Design Deployments
- design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy
Design Migrations
- recommend a migration strategy
- design data import/export strategies during migration
- determine the appropriate application migration, data transfer, and network connectivity method
- determine migration scope, including redundant, related, trivial, and outdated data
- determine application and data compatibility
Design an API Integration Strategy
- design an API gateway strategy
- determine policies for internal and external consumption of APIs
- recommend a hosting structure for API management
Design an Infrastructure Strategy
Design a Storage Strategy
- design a storage provisioning strategy
- design storage access strategy
- identify storage requirements
- recommend a storage solution and storage management tools
Design a Compute Strategy
- design compute provisioning and secure compute strategies
- determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.)
- design an Azure HPC environment
- identify compute requirements
- recommend management tools for compute
Design a Networking Strategy
- design network provisioning and network security strategies
- determine appropriate network connectivity technologies
- identify networking requirements
- recommend network management tools
Design a Monitoring Strategy for Infrastructure
- design for alert notifications
- design an alert and metrics strategy
Leave a comment