AZ-301: Microsoft Azure Architect Design

AZ-301: Microsoft Azure Architect Design is part of the requirements for the Microsoft Certified: Azure Solutions Architect Expert

Exam requirements

The official exam document are published here:

Exam preparation

Books covering the exam

Exam Ref AZ-300 Microsoft Azure Architect Technologies, 1st Edition

  • Author(s): Mike Pfeiffer, Derek Schauland, Nicole Stevens, Timothy L Warner
  • ISBN-13: 978-0135802540
  • ISBN-10: 0135802547

Video training for the exam



Online training

Microsoft Learn (free)

OpenEdx (free)

Instructor-led training

Microsoft Learning Partner

Exam Objectives

Determine workload requirements (10-15%)

  • Gather information and requirements
    • identify compliance requirements
    • identify identity and access management infrastructure
    • identify service-oriented architectures
    • identify accessibility requirements
    • identify availability requirements
    • identify capacity planning and scalability requirements
    • identify deploy-ability requirements
    • identify configurability
    • identify governance requirements
    • identify maintainability requirements
    • identify security requirements
    • identify sizing requirements
    • recommend changes during project execution
    • evaluate products and services to align with solution
    • create testing scenarios
  • Optimize consumption strategy
    • optimize app service costs
    • optimize compute costs
    • optimize identity costs
    • optimize network costs
    • optimize storage costs
  • Design an auditing and monitoring strategy
    • define logical groupings (tags) for resources to be monitored
    • determine levels and storage locations for logs
    • plan for integration with monitoring tools
    • recommend appropriate monitoring tool(s) for a solution
    • specify mechanism for event routing and escalation
    • design auditing for compliance requirements
    • design auditing policies and traceability requirements

Design for identity and security (20-25%)

  • Design identity management
    • choose an identity management approach
    • design an identity delegation strategy
    • design an identity repository
    • design self-service identity management
    • design user and persona provisioning
    • define personas
    • define roles
    • recommend appropriate access control strategy
  • Design authentication
    • choose an authentication approach
    • design a single-sign on approach
    • design for IPSec authentication
    • design for logon authentication
    • design for multi-factor authentication
    • design for network access authentication
    • design for remote authentication
  • Design authorization
    • choose an authorization approach
    • define access permissions and privileges
    • design secure delegated access
    • recommend when and how to use API Keys
  • Design for risk prevention for identity
    • design a risk assessment strategy
    • evaluate agreements involving services or products from vendors and contractors
    • update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
  • Design a monitoring strategy for identity and security
    • design for alert notifications
    • design an alert and metrics strategy
    • recommend authentication monitors

Design a data platform solution (15-20%)

  • Design a data management strategy
    • choose between managed and unmanaged data store
    • choose between relational and non-relational databases
    • design a data auditing strategy
    • design a data caching strategy
    • identify data attributes
    • recommend database service tier sizing
    • design a data retention policy
    • design for data availability
    • design for data consistency
    • design for data durability
    • design a data warehouse strategy
  • Design a data protection strategy
    • recommend geographic data storage
    • design an encryption strategy for data at rest
    • design an encryption strategy for data in transmission
    • design an encryption strategy for data in use
    • design a scalability strategy for data
    • design secure access to data
    • design a data loss prevention (DLP) policy
  • Design and document data flows
    • identify data flow requirements
    • create a data flow diagram
    • design a data flow to meet business requirements
    • design data flow solutions
    • design a data import and export strategy
  • Design a monitoring strategy for the data platform
    • design for alert notifications
    • design an alert and metrics strategy
    • monitor Azure Data Factory pipelines

Design a business continuity strategy (10-15%)

  • Design a site recovery strategy
    • design a recovery solution
    • design a site recovery replication policy
    • design for site recovery capacity
    • design for storage replication
    • design site failover and failback
    • design the site recovery network
    • recommend recovery objectives (Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO))
    • identify resources that require site recovery
    • identify supported and unsupported workloads
    • recommend a geographical distribution strategy
  • Design for high availability
    • design for application redundancy
    • design for autoscaling
    • design for data center and fault domain redundancy
    • design for network redundancy
    • identify resources that require high availability
    • identify storage types for high availability
    • design a disaster recovery strategy for individual workloads
    • design failover/failback scenarios
    • document recovery requirements
    • identify resources that require backup
    • recommend a geographic availability strategy
  • Design a data archiving strategy
    • recommend storage types and methodology for data archiving
    • identify business compliance requirements for data archiving
    • identify requirements for data archiving
    • identify SLA(s) for data archiving

Design for deployment, migration, and integration (10-15%)

  • Design deployments
    • design a compute deployment strategy
    • design a container deployment strategy
    • design a data platform deployment strategy
    • design a messaging solution deployment strategy
    • design a storage deployment strategy
    • design a web app and service deployment strategy
  • Design migrations
    • recommend a migration strategy
    • design data import/export strategies during migration
    • determine the appropriate application migration method
    • determine the appropriate data transfer method
    • determine the appropriate network connectivity method
    • determine migration scope, including redundant, related, trivial, and outdated data
    • determine application and data compatibility
  • Design an API integration strategy
    • design an API gateway strategy
    • determine policies for internal and external consumption of APIs
    • recommend a hosting structure for API management

Design an infrastructure strategy (15-20%)

  • Design a storage strategy
    • design a storage provisioning strategy
    • design storage access strategy
    • identify storage requirements
    • recommend a storage solution
    • recommend storage management tools
  • Design a compute strategy
    • design a compute provisioning strategy
    • design a secure compute strategy
    • determine appropriate compute technologies
    • design an Azure HPC environment
    • identify compute requirements
    • recommend management tools for compute
  • Design a networking strategy
    • design a network provisioning strategy
    • design a network security strategy
    • determine appropriate network connectivity technologies
    • identify networking requirements
    • recommend network management tools
    • recommend network security solutions
  • Design a monitoring strategy for infrastructure
    • design for alert notifications
    • design an alert and metrics strategy