Badge

Exam AZ-301: Microsoft Azure Architect Design

Candidates for this exam are Azure Solution Architects who advise stakeholders and translates business requirements into secure, scalable, and reliable solutions. Candidates should have advanced experience... and knowledge across various aspects of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data management, budgeting, and governance. This role requires managing how decisions in each area affects an overall solution. Candidates must be proficient in Azure administration, Azure development, and DevOps, and have expert-level skills in at least one of those domains.
More
 Less

Schedule exam

Exam AZ-301: Microsoft Azure Architect Design

Exam update: Effective May 22, 2019 | Review update details

Languages: English, Japanese, Chinese (Simplified), Korean

This exam measures your ability to accomplish the following technical tasks: determine workload requirements; design for identity and security; design a data platform solution; design a business continuity strategy; design for deployment, migration, and integration; and design an infrastructure strategy.

Schedule exam

Official Practice Test for Exam AZ-301

All objectives of the exam are covered in depth so you’ll be ready for any question on the exam.

Skills measured

Determine workload requirements (10-15%)

Gather Information and Requirements

  • identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability)
  • identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements
  • recommend changes during project execution (ongoing)
  • evaluate products and services to align with solution
  • create testing scenarios

Optimize Consumption Strategy

  • optimize app service, compute, identity, network, and storage costs

Design an Auditing and Monitoring Strategy

  • define logical groupings (tags) for resources to be monitored
  • determine levels and storage locations for logs
  • plan for integration with monitoring tools
  • recommend appropriate monitoring tool(s) for a solution
  • specify mechanism for event routing and escalation
  • design auditing for compliance requirements
  • design auditing policies and traceability requirements

Design for identity and security (20-25%)

Design Identity Management

  • choose an identity management approach
  • design an identity delegation strategy, identity repository (including directory, application, systems, etc.)
  • design self-service identity management and user and persona provisioning
  • define personas and roles
  • recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)

Design Authentication

  • choose an authentication approach
  • design a single-sign on approach
  • design for IPSec, logon, multi-factor, network access, and remote authentication

Design Authorization

  • choose an authorization approach
  • define access permissions and privileges
  • design secure delegated access (e.g., oAuth, OpenID, etc.)
  • recommend when and how to use API Keys

Design for Risk Prevention for Identity

  • design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access)
  • evaluate agreements involving services or products from vendors and contractors
  • update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures

Design a Monitoring Strategy for Identity and Security

  • design for alert notifications
  • design an alert and metrics strategy
  • recommend authentication monitors

Design a data platform solution (15-20%)

Design a Data Management Strategy

  • choose between managed and unmanaged data store
  • choose between relational and non-relational databases
  • design data auditing and caching strategies
  • identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.)
  • recommend Database Transaction Unit (DTU) sizing
  • design a data retention policy
  • design for data availability, consistency, and durability
  • design a data warehouse strategy

Design a Data Protection Strategy

  • recommend geographic data storage
  • design an encryption strategy for data at rest, for data in transmission, and for data in use
  • design a scalability strategy for data
  • design secure access to data
  • design a data loss prevention (DLP) policy

Design and Document Data Flows

  • identify data flow requirements
  • create a data flow diagram
  • design a data flow to meet business requirements
  • design a data import and export strategy

Design a Monitoring Strategy for the Data Platform

  • design for alert notifications
  • design an alert and metrics strategy

Design a business continuity strategy (15-20%)

Design a Site Recovery Strategy

  • design a recovery solution
  • design a site recovery replication policy
  • design for site recovery capacity and for storage replication
  • design site failover and failback (planned/unplanned)
  • design the site recovery network
  • recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO))
  • identify resources that require site recovery
  • identify supported and unsupported workloads
  • recommend a geographical distribution strategy

Design for High Availability

  • design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy
  • identify resources that require high availability
  • identify storage types for high availability

Design a Data Archiving Strategy

  • recommend storage types and methodology for data archiving
  • identify requirements for data archiving and business compliance requirements for data archiving
  • identify SLA(s) for data archiving

Design for deployment, migration, and integration (10-15%)

Design Deployments

  • design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy

Design Migrations

  • recommend a migration strategy
  • design data import/export strategies during migration
  • determine the appropriate application migration, data transfer, and network connectivity method
  • determine migration scope, including redundant, related, trivial, and outdated data
  • determine application and data compatibility

Design an API Integration Strategy

  • design an API gateway strategy
  • determine policies for internal and external consumption of APIs
  • recommend a hosting structure for API management

Design an infrastructure strategy (15-20%)

Design a Storage Strategy

  • design a storage provisioning strategy
  • design storage access strategy
  • identify storage requirements
  • recommend a storage solution and storage management tools

Design a Compute Strategy

  • design compute provisioning and secure compute strategies
  • determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.)
  • design an Azure HPC environment
  • identify compute requirements
  • recommend management tools for compute

Design a Networking Strategy

  • design network provisioning and network security strategies
  • determine appropriate network connectivity technologies
  • identify networking requirements
  • recommend network management tools

Design a Monitoring Strategy for Infrastructure

  • design for alert notifications
  • design an alert and metrics strategy

Prepare for exam

Self-paced

Free
Microlearning
Interactive
In-browser access
Start learning

Instructor-led

Paid
Personalized
In-person
On-demand
Explore courses

Guide to training

All self-paced and instructor-led courses in one comprehensive guide.

Download

Related certifications

Microsoft Certified: Azure Solutions Architect Expert

Microsoft Azure Solutions Architects must have expertise in compute, network, storage, and security so that they can design solutions that run on Azure.

*Pricing does not reflect any promotional offers or reduced pricing for Microsoft Imagine Academy program members, Microsoft Certified Trainers, and Microsoft Partner Network program members. Pricing is subject to change without notice. Pricing does not include applicable taxes. Please confirm exact pricing with the exam provider before registering to take an exam.

Additional resources

Guides to Role-based Certifications

Explore all certifications in a concise certification guide or the Role-based Certification Roadmap poster.

Training guide

Discover training resources to become a Microsoft Certified: Azure Solutions Architect Expert.

Updated topics for Exam AZ-301

This exam will be updated on May 22, 2019. To learn how the update will affect the skills measured, please download and review the updated topics.

Exam Replay

See two great offers to help boost your odds of success.