The AZ-301 Microsoft Azure Architect Design certification exam tests and validates your expertise as an Azure Architect around Azure administration, Azure development, and DevOps; among a list of specific expertise categories within each of these.

Certification Target Audience

The AZ-301 Microsoft Azure Architect Design certification exam is geared towards Azure Solution Architects who advice stakeholders and translate business requirements into secure, scalable, and reliable solutions.

Candidates should have advanced experience and knowledge across various aspects of IT operations, including:

  • Networking
  • Virtualization
  • Identity
  • Security
  • Business Continuity
  • Disaster Recovery
  • Data Management
  • Budgeting
  • Governance

Overall, this exam tests a cross-cutting set of expertise in the areas of Azure Administration, Azure Development, and DevOps. It is recommended to have expert-level skills in at least one of these 3 expertise areas.

Skills Measured

Here’s a very high level list of the skills and objectives measured on this AZ-300 Microsoft Azure Architect Technologies certification exam. The percentages next to each objective area represents the number of questions on the exam in that objective area.

Determine Workload Requirements (10-15%)

  • Gather Information and Requirements
    • May include but not limited to: Identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability); identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements; recommend changes during project execution (ongoing); evaluate products and services to align with solution; create testing scenarios
  • Optimize Consumption Strategy
    • May include but not limited to: Optimize app service, compute, identity, network, and storage costs
  • Design an Auditing and Monitoring Strategy
    • May include but not limited to: Define logical groupings (tags) for resources to be monitored; determine levels and storage locations for logs; plan for integration with monitoring tools; recommend appropriate monitoring tool(s) for a solution; specify mechanism for event routing and escalation; design auditing for compliance requirements; design auditing policies and traceability requirements

Design for Identity and Security (20-25%)

  • Design Identity Management
    • May include but not limited to: Choose an identity management approach; design an identity delegation strategy, identity repository (including directory, application, systems, etc.); design self-service identity management and user and persona provisioning; define personas and roles; recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)
  • Design Authentication
    • May include but not limited to: Choose an authentication approach; design a single-sign on approach; design for IPSec, logon, multi-factor, network access, and remote authentication
  • Design Authorization
    • May include but not limited to: Choose an authorization approach; define access permissions and privileges; design secure delegated access (e.g., oAuth, OpenID, etc.); recommend when and how to use API Keys.
  • Design for Risk Prevention for Identity
    • May include but not limited to: Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access); evaluate agreements involving services or products from vendors and contractors; update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
  • Design a Monitoring Strategy for Identity and Security
    • May include but not limited to: Design for alert notifications; design an alert and metrics strategy; recommend authentication monitors

Design a Data Platform Solution (15-20%)

  • Design a Data Management Strategy
    • May include but not limited to: Choose between managed and unmanaged data store; choose between relational and non-relational databases; design data auditing and caching strategies; identify data attributes (e.g., relevancy, structure, frequency, size, durability, etc.); recommend Database Transaction Unit (DTU) sizing; design a data retention policy; design for data availability, consistency, and durability; design a data warehouse strategy
  • Design a Data Protection Strategy
    • May include but not limited to: Recommend geographic data storage; design an encryption strategy for data at rest, for data in transmission, and for data in use; design a scalability strategy for data; design secure access to data; design a data loss prevention (DLP) policy
  • Design and Document Data Flows
    • May include but not limited to: Identify data flow requirements; create a data flow diagram; design a data flow to meet business requirements; design a data import and export strategy
  • Design a Monitoring Strategy for the Data Platform
    • May include but not limited to: Design for alert notifications; design an alert and metrics strategy

Design a Business Continuity Strategy (15-20%)

  • Design a Site Recovery Strategy
    • May include but not limited to: Design a recovery solution; design a site recovery replication policy; design for site recovery capacity and for storage replication; design site failover and failback (planned/unplanned); design the site recovery network; recommend recovery objectives (e.g., Azure, on-prem, hybrid, Recovery Time Objective (RTO), Recovery Level Objective (RLO), Recovery Point Objective (RPO)); identify resources that require site recovery; identify supported and unsupported workloads; recommend a geographical distribution strategy
  • Design for High Availability
    • May include but not limited to: Design for application redundancy, autoscaling, data center and fault domain redundancy, and network redundancy; identify resources that require high availability; identify storage types for high availability
  • Design a disaster recovery strategy for individual workloads
    • May include but not limited to: Design failover/failback scenario(s); document recovery requirements; identify resources that require backup; recommend a geographic availability strategy
  • Design a Data Archiving Strategy
    • May include but not limited to: Recommend storage types and methodology for data archiving; identify requirements for data archiving and business compliance requirements for data archiving; identify SLA(s) for data archiving

Design for Deployment, Migration, and Integration (10-15%)

  • Design Deployments
    • May include but not limited to: Design a compute, container, data platform, messaging solution, storage, and web app and service deployment strategy
  • Design Migrations
    • May include but not limited to: Recommend a migration strategy; design data import/export strategies during migration; determine the appropriate application migration, data transfer, and network connectivity method; determine migration scope, including redundant, related, trivial, and outdated data; determine application and data compatibility
  • Design an API Integration Strategy
    • May include but not limited to: Design an API gateway strategy; determine policies for internal and external consumption of APIs; recommend a hosting structure for API management

Design an Infrastructure Strategy (15-20%)

  • Design a Storage Strategy
    • May include but not limited to: Design a storage provisioning strategy; design storage access strategy; identify storage requirements; recommend a storage solution and storage management tools
  • Design a Compute Strategy
    • May include but not limited to: Design compute provisioning and secure compute strategies; determine appropriate compute technologies (e.g., virtual machines, functions, service fabric, container instances, etc.); design an Azure HPC environment; identify compute requirements; recommend management tools for compute
  • Design a Networking Strategy
    • May include but not limited to: Design network provisioning and network security strategies; determine appropriate network connectivity technologies; identify networking requirements; recommend network management tools
  • Design a Monitoring Strategy for Infrastructure
    • May include but not limited to: Design for alert notifications; design an alert and metrics strategy

To view the full list of these exam objectives, and to schedule to take the exam, please reference the official AZ-301 exam page.

Azure Solutions Architect Expert Certification

This is one of a total of 2 exams required to pass in order to earn the Microsoft Certified: Azure Solutions Architect Expert certification. The other exam is the AZ-300 Microsoft Azure Architect Technologies exam. One you pass both individual exams, then you will earn the full Microsoft Certified: Azure Solutions Architect Expert certification.

This Azure Solutions Architect certification is part of a large restructuring of the Microsoft Certifications on a more job-role specific orientation.

Happy Studying!

GET MORE STUFF LIKE THIS

Subscribe to the Build Azure Weekly newsletter to receive similar updates about Microsoft Azure and related topics!


We respect your privacy and take protecting it seriously. We do not sell our email list, and you can unsubscribe at any time.

Posted by Chris Pietschmann

Chris is a Microsoft MVP and has nearly 20 years of experience building enterprise systems both in the cloud and on-premises. He is also a Certified Microsoft Azure Solutions Architect (both MCSD and MCSE), a Microsoft Certified Trainer, and self proclaimed Cloud Advocate. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.

2 Comments

  1. Hi Chris,

    I am a ERP functional consultant. Which of these new Azure certifications will add value to my current role and growth.

    Thank you.

    Reply

    1. Chris Pietschmann December 5, 2018 at 2:42 pm

      That’s a really broad question. I recommend you look at the exam / certification path that most closely fits your current expertise and the future direction you see your role going.

      Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.