Overview
This course teaches Solutions Architects how to translate business requirements into secure, scalable, and reliable solutions. Lessons include virtualization, automation, networking, storage, identity, security, data platform, and application infrastructure. This course outlines how decisions in each theses area affects an overall solution.
Audience profile
This course is for IT Professionals with expertise in designing and implementing solutions running on Microsoft Azure. They should have broad knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. Azure Solution Architects use the Azure Portal and as they become more adept they use the Command Line Interface. Candidates must have expert-level skills in Azure administration and have experience with Azure development processes and DevOps processes.
Exams Included
- Exam AZ-303: Microsoft Azure Architect Technologies
- Exam AZ-304: Microsoft Azure Architect Design
Prerequisites
While there are no exam/certification prerequisites required to achieve this Expert level certification, it is strongly recommended that you attend one of the Associate level classes below (or possess the beginner Azure knowledge/skills), prior to attending this boot camp:
AZ-104: Microsoft Azure Administrator
OR
AZ-204: Developing Solutions for Microsoft Azure
About TechSherpas Boot Camps
TechSherpas 365’s boot camps are geared towards providing students with the necessary skills and knowledge to not only pass the Microsoft Certification exams, but to also excel in their IT career paths. All of our boot camps are all-inclusive and include benefits such as:
- 100% Test Pass Guarantee
- All course materials, practice exams and official certification exams
- Onsite Pearson Vue Testing Center
- Hands-on instruction by a certified instructor
- Lunch provided each day (in-classroom delivery only)
- Airfare, lodging and transportation packages available (Option 2)
Description
Exam AZ-303: Microsoft Azure Architect Technologies
Implement and Monitor an Azure Infrastructure (50-55%)
Implement cloud infrastructure monitoring
- monitor security
- monitor performance
- configure diagnostic settings on resources
- create a performance baseline for resources
- monitor for unused resources
- monitor performance capacity
- visualize diagnostics data using Azure Monitor
- monitor health and availability
- monitor networking
- monitor service health
- monitor cost
- monitor spend
- report on spend
- configure advanced logging
- implement and configure Azure Monitor insights, including App Insights
Networks, Containers
- configure a Log Analytics workspace
- configure logging for workloads
- initiate automated responses by using Action Groups
- configure and manage advanced alerts
- collect alerts and metrics across multiple subscriptions
- view Alerts in Azure Monitor logs
Implement storage accounts
- select storage account options based on a use case
- configure Azure Files and blob storage
- configure network access to the storage account
- implement Shared Access Signatures and access policies
- implement Azure AD authentication for storage
- manage access keys
- implement Azure storage replication
- implement Azure storage account failover
Implement VMs for Windows and Linux
- configure High Availability
- configure storage for VMs
- select virtual machine size
- implement Azure Dedicated Hosts
- deploy and configure scale sets
- configure Azure Disk Encryption
Automate deployment and configuration of resources
- save a deployment as an Azure Resource Manager template
- modify Azure Resource Manager template
- evaluate location of new resources
- configure a virtual disk template
- deploy from a template
- manage a template library
- create and execute an automation runbook
Implement virtual networking
- implement VNet to VNet connections
- implement VNet peering
Implement Azure Active Directory
- add custom domains
- configure Azure AD Identity Protection
- implement self-service password reset
- implement Conditional Access including MFA
- configure user accounts for MFA
- configure fraud alerts
- configure bypass options
- configure Trusted IPs
- configure verification methods
- implement and manage guest accounts
- manage multiple directories
Implement and manage hybrid identities
- install and configure Azure AD Connect
- identity synchronization options
- configure and manage password sync and password writeback
- configure single sign-on
- use Azure AD Connect Health
Implement Management and Security Solutions (25-30%)
Manage workloads in Azure
- migrate workloads using Azure Migrate
- assess infrastructure
- select a migration method
- prepare the on-premises for migration
- recommend target infrastructure
- implement Azure Backup for VMs
- implement disaster recovery
- implement Azure Update Management
Implement load balancing and network security
- implement Azure Load Balancer
- implement an application gateway
- implement a Web Application Firewall
- implement Azure Firewall
- implement the Azure Front Door Service
- implement Azure Traffic Manager
- implement Network Security Groups and Application Security Groups
- implement Bastion
- Implement and manage Azure governance solutions
- create and manage hierarchical structure that contains management groups,
- subscriptions and resource groups
- assign RBAC roles
- create a custom RBAC role
- configure access to Azure resources by assigning roles
- configure management access to Azure
- interpret effective permissions
- set up and perform an access review
- implement and configure an Azure Policy
- implement and configure an Azure Blueprint
Manage security for applications
- implement and configure KeyVault
- implement and configure Azure AD Managed Identities
- register and manage applications in Azure AD
Implement Solutions for Apps (10-15%)
Implement an application infrastructure
- create and configure Azure App Service
- create an App Service Web App for Containers
- create and configure an App Service plan
- configure an App Service
- configure networking for an App Service
- create and manage deployment slots
- implement Logic Apps
- implement Azure Functions
Implement container-based applications
- create a container image
- configure Azure Kubernetes Service
- publish and automate image deployment to the Azure Container Registry
- publish a solution on an Azure Container Instance
Implement and Manage Data Platforms (10-15%)
Implement NoSQL databases
- configure storage account tables
- select appropriate CosmosDB APIs
- set up replicas in CosmosDB
Implement Azure SQL databases
- configure Azure SQL database settings
- implement Azure SQL Database managed instances
- configure HA for an Azure SQL database
- publish an Azure SQL database
Exam AZ-304: Microsoft Azure Architect Design
Skills Measured
Design Monitoring (10-15%)
Design for cost optimization
- recommend a solution for cost management and cost reporting
- recommend solutions to minimize costs
Design a solution for logging and monitoring
- determine levels and storage locations for logs
- plan for integration with monitoring tools including Azure Monitor and Azure Sentinel
- recommend appropriate monitoring tool(s) for a solution
- choose a mechanism for event routing and escalation
- recommend a logging solution for compliance requirements
Design Identity and Security (25-30%)
Design authentication
- recommend a solution for single-sign on
- recommend a solution for authentication
- recommend a solution for Conditional Access, including multi-factor authentication
- recommend a solution for network access authentication
- recommend a solution for a hybrid identity including Azure AD Connect and Azure AD
Connect Health
- recommend a solution for user self-service
- recommend and implement a solution for B2B integration
Design authorization
- choose an authorization approach
- recommend a hierarchical structure that includes management groups, subscriptions and resource groups
- recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD, Identity Protection, Just In Time (JIT) access
Design governance
- recommend a strategy for tagging
- recommend a solution for using Azure Policy
- recommend a solution for using Azure Blueprint
Design security for applications
- recommend a solution that includes KeyVault
- What can be stored in KeyVault
- KeyVault operations
- KeyVault regions
- recommend a solution that includes Azure AD Managed Identities
- recommend a solution for integrating applications into Azure AD
Design Data Storage (15-20%)
Design a solution for databases
- select an appropriate data platform based on requirements
- recommend database service tier sizing
- recommend a solution for database scalability
- recommend a solution for encrypting data at rest, data in transmission, and data in use
Design data integration
- recommend a data flow to meet business requirements
- recommend a solution for data integration, including Azure Data Factory, Azure Data
Bricks, Azure Data Lake, Azure Synapse Analytics
Select an appropriate storage account
- choose between storage tiers
- recommend a storage access solution
- recommend storage management tools
Design Business Continuity (10-15%)
Design a solution for backup and recovery
- recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)
- design and Azure Site Recovery solution
- recommend a site recovery replication policy
- recommend a solution for site recovery capacity
- recommend a solution for site failover and failback (planned/unplanned
- recommend a solution for the site recovery network
- recommend a solution for recovery in different regions
- recommend a solution for Azure Backup management
- design a solution for data archiving and retention
- recommend storage types and methodology for data archiving
- identify business compliance requirements for data archiving
- identify requirements for data archiving
- identify SLA(s) for data archiving
- recommend a data retention policy
Design for high availability
- recommend a solution for application and workload redundancy, including compute, database, and storage
- recommend a solution for autoscaling
- identify resources that require high availability
- identify storage types for high availability
- recommend a solution for geo-redundancy of workloads
Design Infrastructure (25-30%)
Design a compute solution
- recommend a solution for compute provisioning
- determine appropriate compute technologies, including virtual machines, App Services,
- Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
- recommend a solution for containers
- AKS versus ACI and the configuration of each one
- recommend a solution for automating compute management
Design a network solution
- recommend a solution for network addressing and name resolution
- recommend a solution for network provisioning
- recommend a solution for network security
- private endpoints
- Firewalls
- Gateways
- recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
- recommend a solution for automating network management
- recommend a solution for load balancing and traffic routing
Design an application architecture
- recommend a microservices architecture including Event Grid, Event Hubs, Service Bus,
Storage Queues, Logic Apps, Azure Functions, and webhooks
- recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions
- select an automation method
- choose which resources or lifecycle steps will be automated
- design integration with other sources such as an ITSM solution
- recommend a solution for monitoring automation
- recommend a solution for API integration
- design an API gateway strategy
- determine policies for internal and external consumption of APIs
- recommend a hosting structure for API management
- recommend when and how to use API Keys
Design migrations
- assess and interpret on-premises servers, data, and applications for migration
- recommend a solution for migrating applications and VMs
- recommend a solution for migration of databases
- determine migration scope, including redundant, related, trivial, and outdated data