AZ-305 for SCBx (21-APR-2025)

Microsoft Learn

Microsoft Learn is a free, online resource that provides learning materials and training for Microsoft products

• Microsoft Learn
• Microsoft Certified Poster
• Azure Documents
• Azure Architecture Center
• Azure Pricing Calculator
• Service Level Agreements (SLA) for Online Services
• Microsoft Cloud Adoption Framework for Azure
• Azure Well-Architected Framework
• Well-Architected Framework perspective on Azure services
• What is an Azure landing zone?
• Choose the best Azure landing zone to support your requirements for cloud operations (Leaning module)
• AZ-305 : Study guide
• AZ-305 : Exam Infomation
• AZ-305 : Case Study
• Draw.IO(Diagram Drawing Tools)
• Azure architecture icons

Module 01 : Design a governance solution

• Design governance (Learning module)

Design for governance

• Organize your Azure resources effectively

Design for management groups

• What are Azure management groups?

Design for Azure subscriptions

• Create additional subscriptions to scale your Azure environment
• Subscription considerations and recommendations

Design for resource groups

• What is a resource group?

Design for resource tagging

• Resource naming and tagging decision guide
• Define your tagging strategy

Design for Azure Policy and RBAC

• What is Azure Policy?
• Azure Policy built-in policy definitions
• Azure Policy built-in initiative definitions
• Best practices for Azure RBAC
• What is Microsoft Entra Privileged Identity Management?

Module references

• Control and organize Azure resources with Azure Resource Manager (Learning module)
• Describe the core architectural components of Azure (Learning module)
• Microsoft Azure Fundamentals: Describe Azure management and governance (Learning module)
• Introduction to the Microsoft Azure Well-Architected Framework (Learning module)

Module 02 : Design a compute solution

• Design an Azure compute solution (Learning module)

Choose a compute solution

• Choose an Azure compute service

Design for Azure virtual machine solutions

• Shared responsibility in the cloud
• Sizes for virtual machines in Azure
• Virtual machines in Azure
• Architecture best practices for Virtual Machines and scale sets
• Availability options for Azure Virtual Machines
• Store and share images in an Azure Compute Gallery

Design for Azure Batch solutions

• What is Azure Batch?
• Azure Batch best practices

Design for Azure App Services solutions

• What are Azure App Service plans?
• Plan and manage costs for Azure App Service
• Set up staging environments in Azure App Service
• Quickstart: Run a custom container in Azure
• Run background tasks with WebJobs in Azure App Service

Design for Azure Container Instances solutions

• What is Azure Container Instances?
• Security considerations for Azure Container Instances
• https://learn.microsoft.com/en-us/virtualization/windowscontainers/about/containers-vs-vm

Design for Azure Kubernetes Service solutions

• Core concepts for Azure Kubernetes Service (AKS)
• Azure Kubernetes Service (AKS) pricing
• Scaling options for applications in Azure Kubernetes Service (AKS)
• Best practices for cluster isolation in Azure Kubernetes Service (AKS)
• What is Azure Kubernetes Service (AKS)?
• Cluster operator and developer best practices to build and manage applications on Azure Kubernetes Service (AKS)

Design for Azure Functions

• What is Azure Functions?
• Azure Functions scenarios
• What are Durable Functions?
• Best practices for reliable Azure Functions

Design for Azure Logic App solutions

• What is Azure Logic Apps?
• Choose the right integration and automation services in Azure
• Azure Logic Apps documentation
• List of all Logic Apps connectors

Module reference

• Create serverless logic with Azure Functions (Learn module)
• Introduction to Azure Logic Apps (Learn module)
• Host a web application with Azure App Service (Learn module)
• Introduction to Azure Kubernetes Service (Learn module)
• Introduction to Azure virtual machines (Learn module)

Module 03: Design a non-relational data storage solution

• Design a data storage solution for non-relational data (Learn module)

Design for Azure storage accounts

• Introduction to Azure Storage
• Storage account overview
• Overview of Azure page blobs

Design for data redundancy

• Azure Storage redundancy

Design for Azure blob storage

• Access tiers for blob data
• Optimize costs by automatically managing the data lifecycle
• Store business-critical blob data with immutable storage in a write once, read many (WORM) state

Design for Azure files

• What is Azure Files
• Plan to deploy Azure Files
• What is Azure NetApp Files?
• Compare Azure Files and Azure NetApp Files
• Compare access to Azure Files, Blob Storage, and Azure NetApp Files with NFS
• Solution architectures using Azure NetApp Files
• When to use Azure NetApp Files (Learn module)

Design an Azure disk solution

• Azure managed disk types
• Overview of managed disk encryption options
• Azure premium storage: Design for high performance
• Introduction to Azure managed disks

Design for storage security

• Manage storage account access keys
• Grant limited access to Azure Storage resources using shared access signatures (SAS)
• Configure Azure Storage firewalls and virtual networks
• Use private endpoints for Azure Storage
• Enforce a minimum required version of Transport Layer Security (TLS) for requests to a storage account
• Require secure transfer to ensure secure connections
• Security recommendations for Blob storage
• Customer-managed keys for Azure Storage encryption

Module reference

• Choose the right disk storage for your virtual machine workload (Learn module)
• Configure Azure Blob Storage
• Optimize performance and costs by using Azure Disk Storage
• Caching and performance in Azure storage disks
• Introduction to securing data at rest on Azure

Module 04: Design a data storage solution for relational data

• Design a data storage solution for relational data (Learn module)

Design for Azure SQL databases

• What is Azure SQL?
• Features comparison: Azure SQL Database and Azure SQL Managed Instance

Recommend a solution for database scalability

• Dynamically scale database resources with minimal downtime - Azure SQL Database & Azure SQL Managed Instance
• Elastic pools help you manage and scale multiple databases in Azure SQL Database

Recommend a solution for database availability

• Compare vCore and DTU-based purchasing models of Azure SQL Database
• DTU-based purchasing model overview
• vCore purchasing model - Azure SQL Database
• Serverless compute tier for Azure SQL Database
• Availability through redundancy - Azure SQL Database
• Hyperscale service tier
• Azure SQL Database Hyperscale FAQ
• Failover groups overview & best practices (Azure SQL Database)
• Active geo-replication
• Disaster recovery guidance - Azure SQL Database

Design security for data at rest, data in transit, and data in use

• Azure encryption overview
• An overview of Azure SQL Database and SQL Managed Instance security capabilities
• Transparent data encryption for SQL Database, SQL Managed Instance, and Azure Synapse Analytics
• Always Encrypted
• Dynamic data masking
• Microsoft Entra authentication for Azure SQL
• Authorize database access to SQL Database, SQL Managed Instance, and Azure Synapse Analytics

Design for Azure SQL Edge

• What is Azure SQL Edge?

Design for Azure Cosmos DB

• Azure Cosmos DB - Database for the AI Era
• Databases architecture design
• What is Azure Cosmos DB for Table?
• Choose an API in Azure Cosmos DB

Module reference

• Review your data options
• Work with Azure Cosmos DB (Learn module)
• Introduction to securing data at rest on Azure (Learn module)
• Secure your Azure SQL Database (Learn module)
• Scale multiple Azure SQL Databases with SQL elastic pools (Learn module)
• Configure database authentication and authorization (Learn module)

Module 05: Design a data integration solution

• Design data integration (Learn module)
• Analytics end-to-end with Azure Synapse

Design a data integration solution with Azure Data

• Choose a data pipeline orchestration technology in Azure
• Automated enterprise BI
• What is Azure Data Factory?

Design a data integration solution with Azure Data Lake

• Introduction to Azure Data Lake Storage
• Azure Data Lake Storage hierarchical namespace
• What is a data lake?
• Blob Storage feature support in Azure Storage accounts
• Select an Azure data store for your application
• Access control model in Azure Data Lake Storage
• Best practices for using Azure Data Lake Storage
• Use Apache Spark in Azure Databricks (Learn module)
• Choose a big data storage technology in Azure

Design a data integration and analytics solution with Azure Databricks

• What is Azure Databricks?

Design a data integration and analytics solution with Azure Synapse Analytics

• What is Azure Synapse Analytics?
• Data integration in Azure Synapse Analytics versus Azure Data Factory
• What is Microsoft Fabric?

Design Azure Stream Analytics solution for Data Analysis

• Welcome to Azure Stream Analytics

Module reference

• Explore concepts of data analytics (Learn module)
• Data integration at scale with Azure Data Factory or Azure Synapse Pipeline (Learn module)
• Explore Azure Databricks (Learn module)
• Introduction to Azure Data Lake Storage Gen2 (Learn module)
• Introduction to end-to-end analytics using Microsoft Fabric (Learn module)

Module 06: Design an application architecture solution

• Design an application architecture

Describe message and event scenarios

• Choose between Azure messaging services - Event Grid, Event Hubs, and Service Bus

Design a messaging solution

• What is Azure Queue Storage?
• Storage queues and Service Bus queues - compared and contrasted
• Service Bus queues, topics, and subscriptions
• Service Bus premium messaging tier
• Overview of Service Bus transaction processing

Design an event solution

• Azure Event Hubs: A real-time data streaming platform with native Apache Kafka support
• What is Azure Event Hubs for Apache Kafka?
• What is Azure Event Grid?
• Event handlers in Azure Event Grid
• When to use IoT Hub (Learn module)
• What is Azure IoT Hub?
• Connecting IoT Devices to Azure: IoT Hub and Event Hubs

Design an application optimization solution

• What is Azure Cache for Redis?
• What is Azure Cache for Redis? (Learn module)
• What is Azure API Management?

Design an application lifecycle

• What is infrastructure as code (IaC)?
• What are ARM templates?
• What is Bicep?
• About Azure Update Manager
• Azure DevOps documentation
• GitHub Actions documentation
• Terraform Documentation
• Jenkins User Documentation
• What is Azure App Configuration?

Module reference

• Implement message-based communication workflows with Azure Service Bus (Learn module)
• Explore Azure Event Hubs
• Deploy Azure infrastructure by using JSON ARM templates
• Introduction to infrastructure as code using Bicep
• Message queues and stream processing

Module 07: Design Authentication and Authorization Solutions

• Design authentication and authorization solutions (Learn module)

Design for identity and access management

• Protect and modernize your organization with a Zero Trust strategy
• Azure identity management security overview

Design for Microsoft Entra ID

• What is Microsoft Entra ID?

Design for Microsoft Entra Business to Business

• Introduction to Microsoft Entra External ID
• Tutorial: Enforce multifactor authentication for B2B guest users
• How users in your organization can invite guest users to an app
• Invite internal users to B2B collaboration
• Add self-service sign-up user flows for B2B collaboration
• Microsoft Entra B2B best practices

Design for Azure AD Business to Customer

• What is Azure Active Directory B2C?
• Technical and feature overview of Azure Active Directory B2C
• User flows and custom policies overview

Design for conditional access

• What is Conditional Access?

Design for identity protection

• What is Microsoft Entra ID Protection?

Design for access reviews

• What are access reviews?

Design service principals for applications

• What are managed identities for Azure resources?
• Application and service principal objects in Microsoft Entra ID

Design for Azure key vault

• Azure Key Vault basic concepts

Module reference

• Understand Microsoft Entra ID (Learn module)
• Plan, implement, and administer Conditional Access (Learn module)
• Plan, implement, and manage access review (Learn module)
• Configure and manage secrets in Azure Key Vault (Learn module)
• Manage secrets in your server apps with Azure Key Vault (Learn module)

Module 08: DEsign a solution to log and monitor Azure resources

• Design a solution to log and monitor Azure resources (Learn module)

Design for Azure Monitor data sources

• Azure Monitor overview
• Monitoring and diagnostics guidance
• Azure Monitor data sources and data collection methods

Design for Log Analytics

• Overview of Log Analytics in Azure Monitor
• Design a Log Analytics workspace architecture
• Azure Monitor Agent overview

Design for Azure workbooks and Azure Insights

• Azure Workbooks
• Introduction to Application Insights with OpenTelemetry

Design for Azure Data Explorer

• Azure Data Explorer

Module reference

• Design a full-stack monitoring strategy on Azure (Learn module)
• Analyze your Azure infrastructure by using Azure Monitor logs (Learn module)
• Monitor your Azure virtual machines with Azure Monitor (Learn module)
• Monitor app performance (Learn module)

Module 09: Design a network infrastructure solution

• Design network solutions (Learn module)

Recommend a network architecture solution based on workload requirements

• Defense in depth security in Azure (Video)
• Plan virtual networks

Design for Azure network connectivity services

• Virtual network peering
• Traditional Azure networking topology
• Create, change, or delete a route table

Design for on-premises connectivity to Azure virtual networks

• VPN Gateway topology and design
• What is Azure ExpressRoute?
• Virtual WAN network topology

Design for application delivery services

• Load-balancing options
• What is Azure Load Balancer?
• What is Azure Application Gateway?
• Architecture best practices for Azure Application Gateway v2
• What is Traffic Manager?
• Multi-region load balancing with Traffic Manager, Azure Firewall, and Application Gateway
• What is Azure Front Door?
• Architecture best practices for Azure Front Door
• What is a content delivery network on Azure?
• Comparison between Azure Front Door and Azure CDN services

Design for application protection services

• Virtual Network service endpoints
• What is Azure Private Link?
• What is a private endpoint?
• What is Azure Private Link service?
• Recommendations for networking and connectivity
• Network security groups
• Application security groups
• Azure best practices for network security
• Introduction to Azure Firewall (Learn module)
• What is Azure Firewall?
• Architecture best practices for Azure Firewall
• What is Azure Web Application Firewall?
• What is Azure DDoS Protection?
• Azure DDoS Protection reference architectures
• About Azure DDoS Protection Tier Comparison
• What is Azure Bastion?
• Just-in-time machine access

Module reference

• AZ-700 Designing and Implementing Microsoft Azure Networking Solutions (Learn module)
• Architect network infrastructure in Azure (Learn module)

Module 10: Design a business continuity solution

• Design a solution for backup and disaster recovery (Learn module)

Design for backup and recovery

• Recommendations for designing a disaster recovery strategy
• Business continuity and disaster recovery

Design for Azure Backup

• Azure Backup service documentation
• What is the Azure Backup service?
• Support matrix for Azure Backup
• Frequently asked questions-Back up Azure VMs
• Overview of Archive tier in Azure Backup
• Recovery Services vaults overview
• Backup vaults overview
• Backup cloud and on-premises workloads to cloud

Design for blob backup and recovery

• Data protection overview
• Enable and manage soft delete for containers
• Enable soft delete for blobs
• Enable and manage blob versioning
• Point-in-time restore for block blobs

Design for Azure Files backup and recovery

• Use share snapshots with Azure Files

Design for virtual machine backup and recovery

• An overview of Azure VM backup
• Backup cloud and on-premises workloads to cloud

Design for Azure SQL backup and recovery

• Automated backups in Azure SQL Database
• Overview of business continuity with Azure SQL Database
• Full database backups (SQL Server)
• Differential backups (SQL Server)
• Transaction log backups (SQL Server)
• Manage Azure SQL Database long-term backup retention
• Restore a database from a backup in Azure SQL Database

Design for Azure Site Recovery

• About Site Recovery
• Support for using Site Recovery with Azure Backup

Module reference

• Protect your virtual machines by using Azure Backup (Learn module)
• Disaster recovery and backup (Learn module)
• Back up and restore your Azure SQL database (Learn module)
• Protect your Azure infrastructure with Azure Site Recovery (Learn module)
• Design your site recovery solution in Azure (Learn module)

Module 11: Design a migration solution

• Design migrations (Learn module)

Evaluate migration with the Cloud Adoption Framework

• The cloud adoption journey
• Migrate overview
• Introduction to the Microsoft Cloud Adoption Framework (Learn module)
• Azure Migrate documentation
• Cloud adoption scenarios

Describe the Azure Migration Framework

• Review product migration scenarios

Assess your workloads / Migration tools

• Migration deployment checklist

Migrate your databases

• Migration guide: SQL Server to Azure SQL Database
• What is Azure Database Migration Service?

Select an online migration tool

• Planning for an Azure File Sync deployment
• Migrate to SMB Azure file shares
• What is Azure Storage Mover?

Select an offline migration tool

• What is Azure Import/Export service?
• Export large amounts of data from Azure by using Azure Import/Export (Learn module)
• Get started with AzCopy
• Azure Data Box
• What is Azure Data Box?
• Migrate data offline to Azure File Sync with Azure Data Box
• Move large amounts of data to the cloud by using Azure Data Box family (Learn module)
• Choose an Azure solution for data transfer

Module reference

• Accelerate your migration, modernization, and innovation journey to Azure (Learn module)
• Migrate SQL Server workloads to Azure SQL Database (Learn module)
• Prepare on-premises workloads for migration to Azure (Learn module)
• Migrate on-premises workloads to Azure (Learn module)
• Export large amounts of data from Azure by using Azure Import/Export (Learn module)
• Move large amounts of data to the cloud by using Azure Data Box family (Learn module)
• Introduction to Azure Migrate for server migration (Learn module)

In-class Diagram

• Governance Map (Flat)
  
• Governance Map (Heirarchy)
  
• Storage Account Security