AZ-303 Exam Study Guide (Microsoft Azure Architect Technologies)
You can access AZ-303 Exam Microsoft official page here
Preparing for the AZ-303 Microsoft Azure Architect Technologies exam? Don’t know where to start? This post is the AZ-303 Study Guide, which helps you to achieve the Microsoft Azure Certified Solutions Architect expert certification.
Note: You also need to clear AZ-304 to achieve this certification.
This post contains a curated list of articles from Microsoft documentation for each objective of the AZ-303 exam. Please share the post within your circles so it helps them to prepare for the exam.
Skills Measured
- Implement and Monitor an Azure Infrastructure (50-55%)
- Implement Management and Security Solutions (25-30%)
- Implement Solutions for Apps (10-15%)
- Implement and Manage Data Platforms (10-15%)
AZ-303 Exam Free Study Guide
For each test objective, I’ve compiled a thorough collection of articles from Microsoft documentation. Please feel free to forward this page to your friends and coworkers in order to assist them in preparing for the test .
Implement and Monitor an Azure Infrastructure (50-55%)
Implement Cloud Infrastructure Monitoring
- Monitor security (Note: Log Analytics, Azure Security Center, Azure Sentinel)
- Visualize and monitor your data
- What is Azure Security Center?
- What is Azure Sentinel?
- Monitor performance
- Configure diagnostic settings on resources
- Linkedin Learning: Configure Diagnostic Setting (check with a free trial)
- Create a performance baseline for resources
- LinkedIn: Performance Baseline (Check with a free trial)
- Monitor for unused resources
- Finding Unused Resources Impacting Azure Costs
- Monitor performance capacity
- How to chart performance with Azure Monitor for VMs
- Visualize diagnostics data using Azure Monitor
- Visualizing data from Azure Monitor
- Monitor health and availability
- Monitor networking
- Azure Monitor for Networks (Preview)
- Monitor service health
- See current issues which impact your services
- Monitor cost
- Monitor spend
- Use cost alerts to monitor usage & spending
- Report on spend
- Download or view your Azure billing invoice & daily usage data
- Configure advanced logging
- Implement and configure Azure Monitor insights, including App Insights, Networks, Containers
- Overview of Insights in Azure Monitor
- Configure a Log Analytics workspace
- Create a Log Analytics workspace in the Azure portal
- Log Analytics Workspace
- Configure logging for workloads
- Monitor workload – Azure portal
- Initiate automated responses by using Action Groups
- Create & manage action groups in the Azure portal
- How to trigger complex actions with Azure Monitor alerts
- Configure and manage advanced alerts
- Collect alerts and metrics across multiple subscriptions
- Azure Monitor alerting just got better!
- View Alerts in Azure Monitor logs
- Create, view & manage activity log alerts using Azure Monitor
Implement Storage Accounts
- Select storage account options based on a use case
- Introduction to the core Azure Storage services
- Configure Azure Files and blob storage
- Create an Azure file share
- Configure network access to the storage account
- Configure Azure Storage firewalls & virtual networks
- Implement Shared Access Signatures and access policies
- Grant limited access to Azure Storage resources using SAS
- Define a stored access policy
- Implement Azure AD authentication for storage
- Azure Active Directory (AD) based access control
- Authorize access to blobs & queues using Azure AD
- Manage access keys
- Manage storage account access keys
- Implement Azure storage replication
- The explanation for Azure storage replication
- Implement Azure storage account failover
- Disaster recovery & storage account failover
- Initiate a storage account failover
Implement VMs for Windows and Linux
- Configure High Availability
- Create & deploy highly available VMs with Azure PowerShell
- Configure storage for VMs
- Introduction to Azure managed disks
- Select virtual machine size
- Sizes for virtual machines in Azure
- Implement Azure Dedicated Hosts
- Deploy VMs to dedicated hosts using the portal
- Deploy and configure scale sets
- Creating VM scale sets in the Azure portal
- Configure Azure Disk Encryption
- Create & encrypt a Windows VM with the Azure portal
Automate Deployment and Configuration of Resources
- Save a deployment as an Azure Resource Manager template
- Download the template for a VM
- Modify Azure Resource Manager template
- Updating resource in an Azure Resource Manager template
- Evaluate the location of new resources
- Set resource location in the ARM template
- Configure a virtual disk template
- Deploy Azure virtual machines from VHD templates
- Deploy from a template
- Create a Windows VM from a Resource Manager template
- Manage a template library
- What are ARM templates?
- Create and execute an automation runbook
- Deploy an ARM template in a PowerShell runbook
Implement Virtual Networking
- Implement VNet to VNet connections
- VNet-to-VNet VPN gateway connection using PowerShell
- Implement VNet peering
- YouTube video: VNet Peering demo
Implement Azure Active Directory
- Add custom domains
- Add your custom domain name using the Azure AD portal
- Configure Azure AD Identity Protection
- Configure notifications in Azure AD Identity Protection
- Configure the Azure MFA registration policy
- Implement self-service password reset
- Using Azure AD self-service password reset
- Implement Conditional Access including MFA
- Conditional Access: MFA for all users
- Configure user accounts for MFA
- Enable per-user Azure MFA to secure sign-in events
- Configure fraud alerts
- Fraud alert feature
- Configure bypass options
- Configure Azure MFA settings
- Configure Trusted IPs
- Trusted IPs feature of Azure MFA
- Configure verification methods
- Verification methods in Azure MFA
- Implement and manage guest accounts
- Add guest users to your directory in the Azure portal
- Manage guest access with Azure AD access reviews
- Manage multiple directories
- Understand how multiple Azure AD organizations interact
Implement and Manage Hybrid Identities
- Install and configure Azure AD Connect
- Getting started with Azure AD Connect using express settings
- Identity synchronization options
- Objects and credentials in an Azure AD DS
- Configure and manage password sync and password writeback
- Implement password hash synchronization with Azure AD Connect sync
- Azure Azure AD self-service password reset
- Configure single sign-on
- Using Azure AD as your Identity & Access Management
- Use Azure AD Connect Health
- Azure AD Connect Health: Monitoring the sync engine
Implement Management and Security Solutions (25-30%)
Manage Workloads in Azure
- Migrate workloads using Azure Migrate
- Assess infrastructure
- Assess VMware VMs for migration to Azure VMs
- Select a migration method
- Select a VMware migration option
- Prepare the on-premises for migration
- Prepare on-premises machines for migration to Azure
- Recommend target infrastructure
- Pluralsight: Target environment (Free trial)
- Implement Azure Backup for VMs
- Back up an Azure VM from the VM settings
- Implement disaster recovery
- Set up disaster recovery for Azure VMs
- Implement Azure Update Management
- Enable Update Management from the Azure portal
Implement Load Balancing and Network Security
- Implement Azure Load Balancer
- Load balance internet traffic to VMs using the Azure portal
- Implement an application gateway
- Using Azure PowerShell to create an application gateway
- Implement a Web Application Firewall
- Using the Azure portal to create an Application Gateway with a WAF
- Implement Azure Firewall
- Deploy & configure Azure Firewall using the Azure portal
- Implement Azure Firewall Manager
- Secure your virtual hub using Azure Firewall Manager
- Implement the Azure Front Door Service
- Use the Azure Front Door – Redirect HTTP to HTTPS
- Implement Azure Traffic Manager
- Create a Traffic Manager profile using the Azure portal
- Implement Network Security Groups and Application Security, Groups
- Create, change, or delete a network security group
- Application security groups
- Implement Bastion
- Connect to a VM using a private IP address & Azure Bastion
Implement and Manage Azure Governance Solutions
- Create and manage hierarchical structure that contains management groups, subscriptions, and resource groups
- Create a management group
- Assign RBAC roles
- Grant a user access to Azure resources by Azure portal
- Create a custom RBAC role
- Create an Azure custom role using Azure PowerShell
- Configure access to Azure resources by assigning roles
- Add a role assignment
- Configure management access to Azure
- Best practices for Azure RBAC
- Interpret effective permissions
- View the access a user has to Azure resources
- Set up and perform an access review
- What are Azure AD access reviews?
- Implement and configure an Azure Policy
- Create & manage policies to enforce compliance
- Implement and configure an Azure Blueprint
- Working with Azure Blueprints
Manage Security for Applications
- Implement and configure Key Vault
- Pluralsight course on Azure Key Vault (Free trial)
- Implement and configure Azure AD Managed Identities
- Windows VM system-assigned managed identity to access ARM
- Register and manage applications in Azure AD
- Register an application with the Microsoft identity platform
Implement Solutions for Apps (10-15%)
Implement an Application Infrastructure
- Create and configure Azure App Service
- Create an ASP.NET Core web app in Azure
- Create an App Service Web App for Containers
- Run a custom container in Azure
- Create and configure an App Service plan
- Azure App Service plan overview
- Configure an App Service
- Configure an App Service app in the Azure portal
- Configure networking for an App Service
- Integrate your app with an Azure virtual network
- Create and manage deployment slots
- Set up staging environments in Azure App Service
- YouTube video: Deployment slots
- Implement Logic Apps
- Azure Logic Apps for schedule-based & recurring automation workflows
- Implement Azure Functions
- Create a function in Azure that’s triggered by Blob storage
Implement Container-based Applications
- Create a container image
- Build & deploy container images in the cloud with ACR Tasks
- Configure Azure Kubernetes Service
- Deploy an AKS cluster using the Azure portal
- Publish and automate image deployment to the Azure Container Registry
- Private Docker container registry using the Docker CLI
- Automate container image builds & maintenance with ACR Tasks
- Publish a solution on an Azure Container Instance
- Deploy a container instance in Azure using the Azure portal
Implement and Manage Data Platforms (10-15%)
Implement NoSQL Databases
- Configure storage account tables
Create an Azure Storage table in the Azure portal
Create a table dynamically with the .NET SDK (Table API)
Notes:
Don’t get confused with the Table API in Cosmos DB and Azure Table storage. They both share the same data model and expose similar query operations through their SDKs.
But, Table API in Cosmos DB has premium capabilities like global distribution, throughput & high availability. So, you should look to migrate your existing app to Table API, given a chance.
Select appropriate CosmosDB APIs
Review the Learning Path: Choose the appropriate API for Azure Cosmos DB
Notes:
Cosmos DB is a Multi-Model Database Service. It means that you can build any of the NoSQL database models with the following APIs:
1. Gremlin (Graph) API – To describe the relationship between entities.
2. Azure Table API – use only to migrate applications using Azure Table Storage to Cosmos DB. Else just avoid.
3. MongoDB API – If your project is already using MongoDB, use this API. Migration is as simple as just updating the connection string.
4. Cassandra API – If your team already uses Cassandra DB / skillful of Cassandra Query Language (CQL), use this API.
5. Core SQL API – For all other cases & for new projects, use SQL API. Superior in functionality to other APIs. When in doubt, use Core SQL.
Set up replicas in CosmosDB
A Pluralsight module on understanding global distribution & replication
Add/remove regions from your Cosmos DB account
Configure Multiple write-regions
Configure Multi-master in your app (To write to the nearest write location)
Notes:
a. Why data replication is important in Azure Cosmos DB?
1. To reduce the latency of your application. If you have a global audience, then the users farther from the database may experience high latency (time duration between request & response). By enabling Cosmos DB replication, you direct the request to the nearest data center. The SDK will make sure of that.
2. Replication enables Business Continuity. If there is a natural disaster in a data center, you know the data is safe elsewhere.
b. In addition, to read replication, you can set up multi-region writes. But why? Same reason! To reduce write latency. But, this may cause conflicts as the data is updated in different regions.
Implement Azure SQL Databases
Configure Azure SQL database settings
Configure Server-level IP firewall rules
Configure security features of Azure SQL Database like:
a. Advanced data security (Detects security threats like SQL injection)
b. Auditing (Tracks & logs database events to gain insights into discrepancies)
c. Dynamic data masking (Hides sensitive data in your DB)
d. Transparent Data Encryption [TDE] (Encryption at rest)
Notes:
You need to open port 1433 if you try to connect the Azure SQL database from your system (with a client tool like SSMS).
You can create Server-level firewall rules in the Azure portal and T-SQL (with SSMS). Database-level firewall rules can be configured with only T-SQL statements.
Server-level firewall rules apply to all the databases in the server & they are created in the master database. The rules for the database-level firewall are stored in the individual database making them easily portable.
Implement Azure SQL Database managed instances
Getting started with Azure SQL Managed Instance
Creating an Azure SQL Database Managed Instance
Notes:
Best used for migrating existing on-premises applications with minimal effort (lift-and-shift). Provides the latest stable DB engine version.
Azure SQL Managed Instance = Best of Azure SQL Database + Best of SQL Server on Azure VM
- Configure HA for an Azure SQL database
High-availability for Azure SQL Database
Notes:
What High Availability ensures for Azure SQL Database?
That data is immune to failures.
SQL, Windows maintenance operations do not impact the workload.
High-availability models available:
Standard: Basic, Standard & General Purpose tiers use the standard model: Two layers – a stateless compute layer & a stateful data layer (the .mdf & .ldf files) stored in Azure premium storage (built-in high availability). In the case of failure, Azure Service Fabric kickstarts another stateless compute node. Not suitable for a heavy workload, as the new compute node does not have any files (cold cache).
Premium (leveraged by Premium & Business Critical service tiers): Unlike the previous model, both the compute and the storage is in the same node. This node is replicated 3-4 times (others are secondary nodes) to provide high availability (implemented with Always On availability groups).
Additional benefits of Premium availability model:
Read Scale-Out: You can redirect read operations to the secondary nodes
Availability Zones: You can place the databases in availability zones so the data is replicated across data centers in a region. Although the data is immune to data center-specific failures, you may observe network latency (due to distance between data centers) as transactions are committed across availability zones.
Publish an Azure SQL database
This brings us to the end of the AZ-303 Microsoft Azure Architect Technologies Study Guide
Follow Me to Receive Updates on AZ-303 Exam
