AZ-300 Section

Deploy and Configure Infrastructure

• Analyze resource utilization and consumption
  • May include but not limited to: Configure diagnostic settings on resources; create baseline for resources; create and rest alerts; analyze alerts across subscription; analyze metrics across subscription; create action groups; monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; view alerts in Azure Monitor logs
• Create and configure storage accounts
  • May include but not limited to: Configure network access to the storage account; create and configure storage account; generate shared access signature; install and use Azure Storage Explorer; manage access keys; monitor activity log by using Azure Monitor logs; implement Azure storage replication
• Create and configure a Virtual Machine (VM) for Windows and Linux
  • May include but not limited to: Configure high availability; configure monitoring, networking, storage, and virtual machine size; deploy and configure scale sets
• Automate deployment of Virtual Machines (VMs)
  • May include but not limited to: Modify Azure Resource Manager template; configure location of new VMs; configure VHD template; deploy from template; save a deployment as an Azure Resource Manager template; deploy Windows and Linux VMs
• Implement solutions that use virtual machines (VM)
  • May include but not limited to: Provision VMs; create Azure Resource Manager templates; configure Azure Disk Encryption for VMs
• Create connectivity between virtual networks
  • May include but not limited to: Create and configure VNET peering; create and configure VNET to VNET; verify virtual network connectivity; create virtual network gateway
• Implement and manage virtual networking
  • May include but not limited to: Configure private and public IP addresses, network routes, network interface, subnets, and virtual network
• Manage Azure Active Directory (AD)
  • May include but not limited to: Add custom domains; configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming; configure self-service password reset; implement conditional access policies; manage multiple directories; perform an access review
• Implement and manage hybrid identities
  • May include but not limited to: Install and configure Azure AD Connect; configure federation and single sign-on; manage Azure AD Connect; manage password sync and writeback

Implement Workloads and Security 

• Migrate servers to Azure
  • May include but not limited to: Migrate by using Azure Site Recovery; migrate using P2V; configure storage; create a backup vault; prepare source and target environments; backup and restore data; deploy Azure Site Recovery agent; prepare virtual network
• Configure serverless computing
  • May include but not limited to: Create and manage objects; manage a Logic App resource; manage Azure Function app settings; manage Event Grid; manage Service Bus
• Implement application load balancing
  • May include but not limited to: Configure application gateway and load balancing rules; implement front end IP configurations; manage application load balancing
• Integrate on-premises network with Azure virtual network
  • May include but not limited to: Create and configure Azure VPN Gateway; create and configure site to site VPN; configure ExpressRoute; verify on-premises connectivity; manage on-premises connectivity with Azure
• Manage role-based access control (RBAC)
  • May include but not limited to: Create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure; troubleshoot RBAC; implement RBAC policies; assign RBAC roles
• Implement Multi-Factor Authentication (MFA)
  • May include but not limited to: Enable MFA for an Azure tenant; configure user accounts for MFA; configure fraud alerts; configure bypass options; configure trusted IPs; configure verification methods; manage role-based access control (RBAC); implement RBAC policies; assign RBAC Roles; create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure

Create and Deploy Apps 

• Create web apps by using PaaS
  • May include but not limited to: Create an Azure App Service Web App; create documentation for the API; create an App Service Web App for containers; create an App Service background task by using WebJobs; enable diagnostics logging
• Design and develop apps that run in containers
  • May include but not limited to: Configure diagnostic settings on resources; create a container image by using a Docker file; create an Azure Kubernetes Service; publish an image to the Azure Container Registry; implement an application that runs on an Azure Container Instance; manage container settings by using code

Implement Authentication and Secure Data 

• Implement authentication
  • May include but not limited to: Implement authentication by using certificates, forms-based authentication, tokens, or Windows-integrated authentication; implement multi-factor authentication by using Azure AD; implement OAuth2 authentication; implement Managed identities for Azure resources Service Principal authentication
• Implement secure data solutions
  • May include but not limited to: Encrypt and decrypt data at rest and in transit; encrypt data with Always Encrypted; implement Azure Confidential Compute and SSL/TLS communications; create, read, update, and delete keys, secrets, and certificates by using the KeyVault API

Develop for the Cloud and for Azure Storage

• Develop solutions that use Cosmos DB storage
  • May include but not limited to: Create, read, update, and delete data by using appropriate APIs; implement partitioning schemes; set the appropriate consistency level for operations
• Develop solutions that use a relational database
  • May include but not limited to: Provision and configure relational databases; configure elastic pools for Azure SQL Database; create, read, update, and delete data tables by using code
• Configure a message-based integration architecture
  • May include but not limited to: Configure an app or service to send emails, Event Grid, and the Azure Relay Service; create and configure Notification Hub, Event Hub, and Service Bus; configure queries across multiple products
• Develop for autoscaling
  • May include but not limited to: Implement autoscaling rules and patterns (schedule, operational/system metrics, code that addresses singleton application instances); implement code that addresses transient state

AZ-301 Section

Determine Workload Requirements 

• Gather Information and Requirements
  • May include but not limited to: Identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability); identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements; recommend changes during project execution (ongoing); evaluate products and services to align with solution; create testing scenarios
• Optimize Consumption Strategy
  • May include but not limited to: Optimize app service, compute, identity, network, and storage costs
• Design an Auditing and Monitoring Strategy
  • May include but not limited to: Define logical groupings (tags) for resources to be monitored; determine levels and storage locations for logs; plan for integration with monitoring tools; recommend appropriate monitoring tool(s) for a solution; specify mechanism for event routing and escalation; design auditing for compliance requirements; design auditing policies and traceability requirements

Design for Identity and Security

• Design Identity Management
  • May include but not limited to: Choose an identity management approach; design an identity delegation strategy, identity repository (including directory, application, systems, etc.); design self-service identity management and user and persona provisioning; define personas and roles; recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)
• Design Authentication
  • May include but not limited to: Choose an authentication approach; design a single-sign on approach; logon, multi-factor, network access, and remote authentication
• Design Authorization
  • May include but not limited to: Choose an authorization approach; define access permissions and privileges; design secure delegated access (e.g., oAuth, OpenID, etc.); recommend when and how to use API Keys.
• Design for Risk Prevention for Identity
  • May include but not limited to: Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access); evaluate agreements involving services or products from vendors and contractors; update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
• Design a Monitoring Strategy for Identity and Security
  • May include but not limited to: Design for alert notifications; design an alert and metrics strategy; recommend authentication monitors

Design a Data Platform Solution

• Design a Data Management Strategy
  • May include but not limited to: Choose between managed and unmanaged data store; choose between relational and non-relational databases; design data auditing and caching strategies; identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.); recommend Database Transaction Unit (DTU) sizing; design a data retention policy; design for data availability, consistency, and durability; design a data warehouse strategy
• Design a Data Protection Strategy
  • May include but not limited to: Recommend geographic data storage; design an encryption strategy for data at rest, for data in transmission, and for data in use; design a scalability strategy for data; design secure access to data; design a data loss prevention (DLP) policy
• Design and Document Data Flows
  • May include but not limited to: Identify data flow requirements; create a data flow diagram; design a data flow to meet business requirements; design a data import and export strategy
• Design a Monitoring Strategy for the Data Platform
  • May include but not limited to: Design for alert notifications; design an alert and metrics strategy

Design a Business Continuity Strategy 

• Design a Site Recovery Strategy
  • May include but not limited to: Design a recovery solution; design a site recovery replication policy; design for site recovery capacity and for storage replication; design site failover and failback (planned/unplanned); design the site recovery network; recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO)); identify resources that require site recovery; identify supported and unsupported workloads; recommend a geographical distribution strategy
• Design for High Availability
  • May include but not limited to: Design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy; identify resources that require high availability; identify storage types for high availability
• Design a disaster recovery strategy for individual workloads
  • May include but not limited to: Design failover/failback scenario(s); document recovery requirements; identify resources that require backup; recommend a geographic availability strategy
• Design a Data Archiving Strategy
  • May include but not limited to: Recommend storage types and methodology for data archiving; identify requirements for data archiving and business compliance requirements for data archiving; identify SLA(s) for data archiving

Design for Deployment, Migration, and Integration

• Design Deployments
  • May include but not limited to: Design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy
• Design Migrations
  • May include but not limited to: Recommend a migration strategy; design data import/export strategies during migration; determine the appropriate application migration, data transfer, and network connectivity method; determine migration scope, including redundant, related, trivial, and outdated data; determine application and data compatibility
• Design an API Integration Strategy
  • May include but not limited to: Design an API gateway strategy; determine policies for internal and external consumption of APIs; recommend a hosting structure for API management

Design an Infrastructure Strategy 

• Design a Storage Strategy
  • May include but not limited to: Design a storage provisioning strategy; design storage access strategy; identify storage requirements; recommend a storage solution and storage management tools
• Design a Compute Strategy
  • May include but not limited to: Design compute provisioning and secure compute strategies; determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.); design an Azure HPC environment; identify compute requirements; recommend management tools for compute
• Design a Networking Strategy
  • May include but not limited to: Design network provisioning and network security strategies; determine appropriate network connectivity technologies; identify networking requirements; recommend network management tools
• Design a Monitoring Strategy for Infrastructure
  • May include but not limited to: Design for alert notifications; design an alert and metrics strategy