AZ-300 Section
Deploy and Configure Infrastructure
- Analyze resource utilization and consumption
- May include but not limited to: Configure diagnostic settings on resources; create baseline for resources; create and rest alerts; analyze alerts across subscription; analyze metrics across subscription; create action groups; monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; view alerts in Azure Monitor logs
- Create and configure storage accounts
- May include but not limited to: Configure network access to the storage account; create and configure storage account; generate shared access signature; install and use Azure Storage Explorer; manage access keys; monitor activity log by using Azure Monitor logs; implement Azure storage replication
- Create and configure a Virtual Machine (VM) for Windows and Linux
- May include but not limited to: Configure high availability; configure monitoring, networking, storage, and virtual machine size; deploy and configure scale sets
- Automate deployment of Virtual Machines (VMs)
- May include but not limited to: Modify Azure Resource Manager template; configure location of new VMs; configure VHD template; deploy from template; save a deployment as an Azure Resource Manager template; deploy Windows and Linux VMs
- Implement solutions that use virtual machines (VM)
- May include but not limited to: Provision VMs; create Azure Resource Manager templates; configure Azure Disk Encryption for VMs
- Create connectivity between virtual networks
- May include but not limited to: Create and configure VNET peering; create and configure VNET to VNET; verify virtual network connectivity; create virtual network gateway
- Implement and manage virtual networking
- May include but not limited to: Configure private and public IP addresses, network routes, network interface, subnets, and virtual network
- Manage Azure Active Directory (AD)
- May include but not limited to: Add custom domains; configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming; configure self-service password reset; implement conditional access policies; manage multiple directories; perform an access review
- Implement and manage hybrid identities
- May include but not limited to: Install and configure Azure AD Connect; configure federation and single sign-on; manage Azure AD Connect; manage password sync and writeback
Implement Workloads and Security
- Migrate servers to Azure
- May include but not limited to: Migrate by using Azure Site Recovery; migrate using P2V; configure storage; create a backup vault; prepare source and target environments; backup and restore data; deploy Azure Site Recovery agent; prepare virtual network
- Configure serverless computing
- May include but not limited to: Create and manage objects; manage a Logic App resource; manage Azure Function app settings; manage Event Grid; manage Service Bus
- Implement application load balancing
- May include but not limited to: Configure application gateway and load balancing rules; implement front end IP configurations; manage application load balancing
- Integrate on-premises network with Azure virtual network
- May include but not limited to: Create and configure Azure VPN Gateway; create and configure site to site VPN; configure ExpressRoute; verify on-premises connectivity; manage on-premises connectivity with Azure
- Manage role-based access control (RBAC)
- May include but not limited to: Create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure; troubleshoot RBAC; implement RBAC policies; assign RBAC roles
- Implement Multi-Factor Authentication (MFA)
- May include but not limited to: Enable MFA for an Azure tenant; configure user accounts for MFA; configure fraud alerts; configure bypass options; configure trusted IPs; configure verification methods; manage role-based access control (RBAC); implement RBAC policies; assign RBAC Roles; create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure
Create and Deploy Apps
- Create web apps by using PaaS
- May include but not limited to: Create an Azure App Service Web App; create documentation for the API; create an App Service Web App for containers; create an App Service background task by using WebJobs; enable diagnostics logging
- Design and develop apps that run in containers
- May include but not limited to: Configure diagnostic settings on resources; create a container image by using a Docker file; create an Azure Kubernetes Service; publish an image to the Azure Container Registry; implement an application that runs on an Azure Container Instance; manage container settings by using code
Implement Authentication and Secure Data
- Implement authentication
- May include but not limited to: Implement authentication by using certificates, forms-based authentication, tokens, or Windows-integrated authentication; implement multi-factor authentication by using Azure AD; implement OAuth2 authentication; implement Managed identities for Azure resources Service Principal authentication
- Implement secure data solutions
- May include but not limited to: Encrypt and decrypt data at rest and in transit; encrypt data with Always Encrypted; implement Azure Confidential Compute and SSL/TLS communications; create, read, update, and delete keys, secrets, and certificates by using the KeyVault API
Develop for the Cloud and for Azure Storage
- Develop solutions that use Cosmos DB storage
- May include but not limited to: Create, read, update, and delete data by using appropriate APIs; implement partitioning schemes; set the appropriate consistency level for operations
- Develop solutions that use a relational database
- May include but not limited to: Provision and configure relational databases; configure elastic pools for Azure SQL Database; create, read, update, and delete data tables by using code
- Configure a message-based integration architecture
- May include but not limited to: Configure an app or service to send emails, Event Grid, and the Azure Relay Service; create and configure Notification Hub, Event Hub, and Service Bus; configure queries across multiple products
- Develop for autoscaling
- May include but not limited to: Implement autoscaling rules and patterns (schedule, operational/system metrics, code that addresses singleton application instances); implement code that addresses transient state
AZ-301 Section
Determine Workload Requirements
- Gather Information and Requirements
- May include but not limited to: Identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability); identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements; recommend changes during project execution (ongoing); evaluate products and services to align with solution; create testing scenarios
- Optimize Consumption Strategy
- May include but not limited to: Optimize app service, compute, identity, network, and storage costs
- Design an Auditing and Monitoring Strategy
- May include but not limited to: Define logical groupings (tags) for resources to be monitored; determine levels and storage locations for logs; plan for integration with monitoring tools; recommend appropriate monitoring tool(s) for a solution; specify mechanism for event routing and escalation; design auditing for compliance requirements; design auditing policies and traceability requirements
Design for Identity and Security
- Design Identity Management
- May include but not limited to: Choose an identity management approach; design an identity delegation strategy, identity repository (including directory, application, systems, etc.); design self-service identity management and user and persona provisioning; define personas and roles; recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)
- Design Authentication
- May include but not limited to: Choose an authentication approach; design a single-sign on approach; logon, multi-factor, network access, and remote authentication
- Design Authorization
- May include but not limited to: Choose an authorization approach; define access permissions and privileges; design secure delegated access (e.g., oAuth, OpenID, etc.); recommend when and how to use API Keys.
- Design for Risk Prevention for Identity
- May include but not limited to: Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access); evaluate agreements involving services or products from vendors and contractors; update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
- Design a Monitoring Strategy for Identity and Security
- May include but not limited to: Design for alert notifications; design an alert and metrics strategy; recommend authentication monitors
Design a Data Platform Solution
- Design a Data Management Strategy
- May include but not limited to: Choose between managed and unmanaged data store; choose between relational and non-relational databases; design data auditing and caching strategies; identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.); recommend Database Transaction Unit (DTU) sizing; design a data retention policy; design for data availability, consistency, and durability; design a data warehouse strategy
- Design a Data Protection Strategy
- May include but not limited to: Recommend geographic data storage; design an encryption strategy for data at rest, for data in transmission, and for data in use; design a scalability strategy for data; design secure access to data; design a data loss prevention (DLP) policy
- Design and Document Data Flows
- May include but not limited to: Identify data flow requirements; create a data flow diagram; design a data flow to meet business requirements; design a data import and export strategy
- Design a Monitoring Strategy for the Data Platform
- May include but not limited to: Design for alert notifications; design an alert and metrics strategy
Design a Business Continuity Strategy
- Design a Site Recovery Strategy
- May include but not limited to: Design a recovery solution; design a site recovery replication policy; design for site recovery capacity and for storage replication; design site failover and failback (planned/unplanned); design the site recovery network; recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO)); identify resources that require site recovery; identify supported and unsupported workloads; recommend a geographical distribution strategy
- Design for High Availability
- May include but not limited to: Design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy; identify resources that require high availability; identify storage types for high availability
- Design a disaster recovery strategy for individual workloads
- May include but not limited to: Design failover/failback scenario(s); document recovery requirements; identify resources that require backup; recommend a geographic availability strategy
- Design a Data Archiving Strategy
- May include but not limited to: Recommend storage types and methodology for data archiving; identify requirements for data archiving and business compliance requirements for data archiving; identify SLA(s) for data archiving
Design for Deployment, Migration, and Integration
- Design Deployments
- May include but not limited to: Design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy
- Design Migrations
- May include but not limited to: Recommend a migration strategy; design data import/export strategies during migration; determine the appropriate application migration, data transfer, and network connectivity method; determine migration scope, including redundant, related, trivial, and outdated data; determine application and data compatibility
- Design an API Integration Strategy
- May include but not limited to: Design an API gateway strategy; determine policies for internal and external consumption of APIs; recommend a hosting structure for API management
Design an Infrastructure Strategy
- Design a Storage Strategy
- May include but not limited to: Design a storage provisioning strategy; design storage access strategy; identify storage requirements; recommend a storage solution and storage management tools
- Design a Compute Strategy
- May include but not limited to: Design compute provisioning and secure compute strategies; determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.); design an Azure HPC environment; identify compute requirements; recommend management tools for compute
- Design a Networking Strategy
- May include but not limited to: Design network provisioning and network security strategies; determine appropriate network connectivity technologies; identify networking requirements; recommend network management tools
- Design a Monitoring Strategy for Infrastructure
- May include but not limited to: Design for alert notifications; design an alert and metrics strategy