Passed AZ-304 Exam: Microsoft Azure Architect Design #MicrosoftLearn

10 min read

In this article, I would share my experience and impressions to help you prepare and tackle the new AZ-304 – Microsoft Azure Architect Design exam successfully.

Introduction

Microsoft is keeping evolving their learning programs to help you and your career keep pace with today’s demanding IT environments. The new updated role-based certifications will help you to keep pace with today’s business requirements. Microsoft Learning is constantly evolving its learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities—you’ve earned.

In January 2020, Microsoft announced new updates to several Azure and Data certifications which were released in March 2020. The certifications that you earned are not changing, but the exams required to earn the certifications are changed.

CertificationOld ExamNew ExamExpected Release
Microsoft Certified: Azure Administrator Associate AZ-103AZ-104March, 2020
Microsoft Certified: Azure Developer AssociateAZ-203AZ-204February 20, 2020
Microsoft Certified: Azure Solutions ArchitectAZ-300 & AZ-301AZ-303 & AZ-304June, 2020

Last year, I passed the AZ-302 transition exam to earn the Microsoft Certified Azure Solutions Architect Expert. I decided to update my skills and take the new AZ-304 since Microsoft introduced a lot of new topics. I did the beta exam on August 10, 2020, and by the end of the exam, I received a message that the result won’t be available until two weeks after the exam’s live publication date. Additionally, you should receive the printed score report by email within eight weeks after the exam’s live publication date.

Please make sure to check how to prepare for the AZ-303 exam before you take the AZ-304 exam.

To get the Microsoft Certified: Azure Solutions Architect Expert certification, you are required to pass the AZ-303 Microsoft Azure Architect Technologies certification, and the AZ-304 Microsoft Azure Architect Design certification as shown in the learning path below:

I am so happy and grateful now that I passed the AZ-304 exam – Microsoft Azure Architect Design. I figured that I would share my experience and impressions in this article to help you prepare and tackle this exam successfully.

During Ignite in September 2020, Microsoft released the AZ-304 for the public, and yesterday I received the result with Passing Score including the performance by exam section as follows:

This will give you a detailed report to know in which area you need to develop your skills further, this will also reflect your strength which is obvious to me Design Business Continuity at 100% where my area of expertise ;)

In this exam, I got around 67 questions in total (58 multiple-choice questions and 2 case studies), and the total time for this exam is 180 minutes (3 hours) so you have enough time to finish it. However, Azure exams are getting tougher, and the AZ-304 is more difficult than the AZ-303 exam, so you need to prepare very well.

The questions do pretty much match the list of skills measured below.

Exam Profile Audience

This course is for IT Professionals with expertise in designing and implementing solutions running on Microsoft Azure. They should have a broad knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. Azure Solution Architects use the Azure Portal and as they become more adept they use the Command Line Interface.

The candidates for this exam must have intermediate-level skills in Azure administration and have experience with Azure development processes and DevOps processes.

Prerequisites

Successful Azure Solution Architects start this role with experience in operating systems, virtualization, cloud infrastructure, storage structures, governance, and networking. You should have:

  • Understanding of on-premises virtualization technologies, including VMs, virtual networking, and virtual hard disks.
  • Understanding of network configuration, including TCP/IP, Domain Name System (DNS), virtual private networks (VPNs), firewalls, and encryption technologies.
  • Understanding of Active Directory concepts, including domains, forests, domain controllers, replication, and Kerberos protocol.
  • Understanding of resilience and disaster recovery, including backup and restore operations.

You should have a minimum of 12 months of hands-on experience with Azure, and a strong understanding of core Azure services, Azure workloads, security, monitoring, and governance. You should also have experience in using PowerShell, the Command Line Interface (CLI), Azure Portal, and ARM templates.

Skills measured on this exam

This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft.

Design Monitoring (10-15%)

Design for cost optimization

  • Recommend a solution for cost management and cost reporting
  • Recommend solutions to minimize costs

Design a solution for logging and monitoring

  • Determine levels and storage locations for logs
  • Plan for integration with monitoring tools including Azure Monitor and Azure Sentinel
  • Recommend appropriate monitoring tool(s) for a solution
  • Choose a mechanism for event routing and escalation
  • Recommend a logging solution for compliance requirements

Design Identity and Security (25-30%)

Design authentication

  • Recommend a solution for single sign-on
  • Recommend a solution for authentication
  • Recommend a solution for Conditional Access, including multi-factor authentication
  • Recommend a solution for network access authentication
  • Recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect Health
  • Recommend a solution for user self-service
  • Recommend and implement a solution for B2B integration

Design authorization

  • Choose an authorization approach
  • Recommend a hierarchical structure that includes management groups, subscriptions and resource groups
  • Recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) VM access

Design governance

  • Recommend a strategy for tagging
  • Recommend a solution for using Azure Policy
  • Recommend a solution for using Azure Blueprint

Design security for applications

  • Recommend a solution that includes KeyVault
    • What can be stored in KeyVault
    • KeyVault operations
    • KeyVault regions
  • Recommend a solution that includes Azure AD Managed Identities
  • Recommend a solution for integrating applications into Azure AD

Design Data Storage (15-20%)

Design a solution for databases

  • Select an appropriate data platform based on requirements
  • Recommend database service tier sizing
  • Recommend a solution for database scalability
  • Recommend a solution for encrypting data at rest, data in transmission, and data in use

Design data integration

  • Recommend a data flow to meet business requirements
  • Recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics

Select an appropriate storage account

  • Choose between storage tiers
  • Recommend a storage access solution
  • Recommend storage management tools

Design Business Continuity (10-15%)

Design a solution for backup and recovery

  • Recommend a recovery solution for Azure hybrid and on-premises workloads that meet recovery objectives (RTO, RPO)
  • Design and Azure Site Recovery solution
    • recommend a site recovery replication policy
    • recommend a solution for site recovery capacity
    • recommend a solution for site failover and failback (planned/unplanned)
    • recommend a solution for the site recovery network
  • Recommend a solution for recovery in different regions
  • Recommend a solution for Azure Backup management
  • Design a solution for data archiving and retention
    • recommend storage types and methodology for data archiving
    • identify business compliance requirements for data archiving
    • identify requirements for data archiving
    • identify SLAs for data archiving
    • recommend a data retention policy

Design for high availability

  • Recommend a solution for application and workload redundancy, including compute, database, and storage
  • Recommend a solution for autoscaling
  • Identify resources that require high availability
  • Identify storage types for high availability
  • Recommend a solution for geo-redundancy of workloads

Design Infrastructure (25-30%)

Design a compute solution

  • Recommend a solution for compute provisioning
  • Determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
  • Recommend a solution for containers
    • AKS versus ACI and the configuration of each one
  • Recommend a solution for automating compute management

Design a network solution

  • Recommend a solution for network addressing and name resolution
  • Recommend a solution for network provisioning
  • Recommend a solution for network security
    • Private endpoints
    • Firewalls
    • Gateways
  • Recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
  • Recommend a solution for automating network management
  • Recommend a solution for load balancing and traffic routing

Design an application architecture

  • Recommend a micro-services architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks
  • Recommend an orchestration solution for the deployment of applications including ARM templates, Logic Apps, or Azure Functions
    • select an automation method
    • choose which resources or life-cycle steps will be automated
    • design integration with other sources such as an ITSM solution
    • recommend a solution for monitoring automation
  • Recommend a solution for API integration
    • design an API gateway strategy
    • determine policies for internal and external consumption of APIs
    • recommend a hosting structure for API management
    • recommend when and how to use API Keys

Design migrations

  • Assess and interpret on-premises servers, data, and applications for migration
  • Recommend a solution for migrating applications and VMs
  • Recommend a solution for migration of databases
    • determine migration scope, including redundant, related, trivial, and outdated data

Lessons Learned

As announced by Microsoft Worldwide learning due to the pandemic situation, it appears they have suspended performance-based lab questions given their need to reserve Azure capacity for paying customers. So you better get your exams registered as soon as possible to take advantage of this situation. The biggest subjects areas that I saw on AZ-304 are identity, security, storage, and business continuity. So you need to prepare and be an expert on those subjects.

Overall, I think Microsoft Worldwide Learning is doing a good job of gradually shaping these exams to reflect real-world Azure practice scenarios. The AZ-304 objective domain is more logically organized now compare to the previous AZ-300 and AZ-301 exams.

Exam Preparation

Practice, practice, and read… I cannot stress enough that hands-on experience and understanding all the concepts will help you to pass this exam.

Microsoft Learn – Study Resources

To prepare for this exam, I use the new Microsoft Learn which is a great resource and provides self-paced skills training on a variety of Azure Architect topics. I highly recommend to check the following modules:

Microsoft Documentation – Study Resources

Links to relevant reading from the official Microsoft documentation for each skill tested in the AZ-304 exam are listed below to help you prepare:

Identity

Governance and Compliance

Azure Administration

Virtual Networking

Inter-site Connectivity

Network Traffic Management

Azure Storage

Azure Virtual Machines

Serverless Computing

Data Protection

Monitoring

Practice & Lab

The key success to pass this exam is to work with Microsoft Azure on daily basis. You can create your free Azure account today and start practicing the AZ-304 labs by following the step by step instructions below:

Instructor-led virtual training

If you prefer an instructor-led training course, Microsoft released the AZ-304T00-A course (4 days). This course teaches Azure Architect Design how to translate business requirements into secure, scalable, and reliable solutions. Lessons include design considerations related to logging, cost analysis, authentication and authorization, governance, security, storage, high availability, and migration. This role requires decisions in multiple areas that affect an overall design solution.

If you prefer to get prepare for this exam with a Microsoft MCT instructor-led virtual training, you can get in contact with me here.

Skills gained

By preparing and passing the AZ-304 exam, you will gain the following skills:

  • Recommend solutions to minimize costs.
  • Recommend a solution for Conditional Access, including multi-factor authentication.
  • Recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect.
  • Recommend a solution for using Azure Policy.
  • Recommend a solution that includes KeyVault.
  • Recommend a solution that includes Azure AD Managed Identities.
  • Recommend a storage access solution.
  • Design an Azure Site Recovery solution.
  • Recommend a solution for autoscaling.
  • Recommend a solution for containers.
  • Recommend a solution for network security.
  • Recommend a solution for migrating applications and VMs.
  • Recommend a solution for the migration of databases.

Certification

Bypassing the AZ-304 – Microsoft Azure Architect Design, and the AZ-303 – Microsoft Azure Architect Technologies, you will earn the Microsoft Azure Solutions Architect Expert certificate. The certification is valid only for 2 years.

I hope you enjoyed my AZ-304 certification experience and exam preparation. Did I miss any link, or do you have any recommended AZ-304 Microsoft Azure Architect Design Certification exam study resources? Please let me know in the comment section below.

If you are planning to take this exam… I wish you all the best and Happy Studying!!!

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts

About Charbel Nemnom 570 Articles
Charbel Nemnom is a Cloud Architect, Swiss Certified ICT Security Expert, Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems. Excellent communicator is adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design, business continuity, and cloud security.

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.