Microsoft Azure Architecture Boot Camp – AZ-303-304

Who should take this boot camp?

This course is geared towards individuals that focus on advising stakeholders and design business solutions. The person should have finished the AZ-103/104 exam before taking this course. They should have advanced knowledge in IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. This role will be the starting point for a company to make a transition into Azure. They will design the overall solution and recommend the product and services that the company will require. The student should have expert knowledge of Azure Administration and a clear understanding of DevOps processes.

AZ-303/4 Exam Breakdown – Microsoft Azure Architect Technologies

Subject Area % of Exam
Implement and Monitor an Azure Infrastructure50-55%
Implement Management and Security Solutions 25-30%
Implement Solutions for Apps 10-15%
Implement and Manage Data Platforms 10-15%

AZ-304 Exam Breakdown – Microsoft Azure Architect Design Exam

Subject Area % of Exam
Design Monitoring 10-15%
Design Identity and Security 25-30%
Design Data Storage 15-20%
Design Business Continuity 10-15%
Design Infrastructure 25-30%

What will you learn?

Module 1 – Implementing cloud infrastructure monitoring
• Monitoring Security
• Monitoring performance
• Configure diagnostic settings on resources
• Create a performance baseline for resources
• Monitor for unused resources
• Monitor performance capacity
• Visualize diagnostic data using Azure Monitor
• Monitor health and availability
• Monitor networking
• Monitor service health
• Monitor cost
• Monitor spend
• Spend reports
• Configuring advanced logging
• Implement and configure Azure Monitor insights
• Application
• Network
• Containers
• Configure a Log Analytics workspace
• Configure logging of workloads
• Initiate automated responses by using Action groups
• Configure and manage advanced alerts
• Collect alerts and metrics across multiple subscriptions
• View Alerts in Azure Monitor Logs

Module 2 – Implement storage accounts
• Select storage account options based on a use case
• Configure Azure Files and blob storage
• Configure network access to the storage account
• Implement Shared Access Signatures and access policies
• Implement Azure AD authentication for storage
• Manage access keys
• Implement Azure storage replication
• Implement Azure storage account failover

Module 3 – Implement the Azure Active Directory
• Add custom domains
• Azure AD Editions
• Configure Azure AD Identity Protection
• Implement SSPR (Self-Service Password Reset)
• Implementing Conditional Access including MFA
• Configure user accounts for MFA
• Configure fraud alerts
• Configure bypass options
• Configuring Trusted IP addresses
• Configure verification methods
• Implementing and managing guest accounts
• Managing multiple directories

Module 4 – Implementing and managing hybrid identities
• Install and configure Azure AD Connect
• Identity synchronization options
• Configure and manage password sync and password writeback
• Configure single sign-on
• Use Azure AD Connect Health

Module 5 – Implement Virtual Networking
• Implement VNet to VNet connections
• Implement VNet peering
• Configuring Site-to-Site VPNs
• Hybrid configurations for VNets
• Comparison of connectivity

Module 6 – Implementing VMs for Windows and Linux
• Configuring High Availability
• Configure storage for VMs
• Select Virtual machine size
• Implement Azure Dedicated Hosts
• Deploy and configure scale sets
• Configure Azure Disk Encryption

Module 7 – Automate deployment and configuration of resources
• Save a deployment as an Azure Resource Template
• Modify Azure Resource Manager Templates
• Evaluate location of new resources
• Configure a virtual disk template
• Deploy from a template library
• Create and execute an automation runbook

Module 8 – Manage workloads in Azure
• Migrate workloads using Azure Migrate
• Assess infrastructure
• Select a migration method
• Prepare the on-premises for migration
• Recommend target infrastructure
• Implement Azure Backup for VMs
• Implement disaster recovery
• Implement Azure Update Management

Module 9 – Implement load balancing and network security
• Implement Azure Load Balancer
• Implement an application gateway
• Implement a Web Application Firewall
• Implement the Azure Front Door Service
• Implement Azure Traffic Manager
• Implement Network Security Groups (NSG) and Application Security, Groups

Module 10 – Implement and manage Azure governance solutions
• Create and manage hierarchical structure that contains management
groups, subscriptions and resource groups
• Assign RBAC roles
• Create a custom RBAC role
• Configure access to Azure resources by assigning roles
• Configure management access to Azure
• Interpret effective permissions
• Setup and perform an access review
• Implement and configure an Azure Policy
• Implement and configure an Azure Blueprint

Module 11 – Manage Security Applications
• Implement and configure Azure KeyVault
• Implement and configure Azure AD Managed Identities
• Register and manage applications in Azure AD

Module 12 – Implement an application infrastructure
• Create and Configure Azure App Service
• Create an App Service Web App for Containers
• Create and Configure an App Service plan
• Configure an App Service
• Configure networking for an App Service
• Create and manage deployment slots
• Implement Logic Apps
• Implement Azure Functions

Module 13 – Implement container-based applications
• Create a container image
• Configure Azure Kubernetes Service
• Publish and automate image deployment to the Azure Container Registry
• Publish a solution on an Azure Container Instance

Module 14 – Implement NoSQL databases
• Configure storage account tables
• Select appropriate CosmoDB APIs
• Setup replicas in CosmoDB

Module 15 – Implement Azure SQL databases
• Configure Azure SQL database settings
• Implement Azure SQL Database managed instances
• Configure HA for an Azure SQL database
• Publish an Azure SQL database

Module 16 – Design for cost optimization
• Recommend a solution for cost management and cost reporting
• Recommend solutions to minimize costs

Module 17 – Design a solution for logging and monitoring
• Determine levels of storage locations for logs
• Plan for integration with Monitoring tools including Azure Monitor and
Azure Sentinel
• Recommend appropriate monitoring tool(s) for a solution
• Choose a mechanism for event routing and escalation
• Recommend a logging solution for compliance requirements

Module 18 – Design authentication
• Recommend a solution for an SSO
• Recommend a solution for authentication
• Recommend a solution for Conditional Access, including MFA
• Recommend a solution for network access authentication
• Recommend a solution for hybrid identity including Azure AD Connect and
Azure AD Connect Health
• Recommend a solution for user self-service
• Recommend and implement a solution for B2B integration

Module 19 – Design authorization
• Choose an authorization approach
• Recommend a hierarchical structure that includes management groups,
subscriptions, and resource groups
• Recommend an access management solution including RBAC policies,
access reviews, role assignments, physical access, Privileged Identity
Management (PIM), Azure AD Identity Protection, Just-In-Time (JIT) access

Module 20 – Design governance
• Recommend a strategy for tagging
• Recommend a solution for using Azure Policy
• Recommend a solution for using Azure Blueprint

Module 21 – Design security for applications
• Recommend a solution that includes KeyVault
• What can be stored in KeyVault
• KeyVault operations
• KeyVault Regions
• Recommend a solution that includes Azure AD Managed Identities
• Recommend a solution for integrating applications into Azure AD

Module 22 – Design a solution for databases
• Select an appropriate data platform based
• Recommend database service tier sizing
• Recommend a solution for database scalability
• Recommend a solution for encrypting data at rest in transmission and data
in use

Module 23 – Design data integration
• Recommend a data flow to meet business requirements
• Recommend a solution for data integration, including Azure Data Factory,
Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics

Module 24 – Select an appropriate storage account
• Choose between storage tiers
• Recommend a storage access solution
• Recommend storage management tools

Module 25 – Design a solution for backup and recovery
• Recommend a recovery solution for Azure hybrid and on-premises
workloads that meet recovery objectives (RTO, RLO, RPO)
• Design and Azure Site Recovery solution
• Recommend a Site Recovery replication policy
• Recommend a solution for site recovery capacity
• Recommend a solution for site failover and failback (planned/unplanned)
• Recommend a solution for the site recovery network
• Recommend a solution for recovery in different regions
• Recommend a solution for Azure Backup management
• Design a solution for data archiving and retention
• Recommend storage types and methodology for data archiving
• Identity business compliance requirements for data archiving
• Identify requirements for data archiving
• Identify SLA(s) for data archiving
• Recommend a data retention policy

Module 26 – Design for High Availability
• Recommend a solution for application and workload redundancy, including
compute, database, and storage
• Recommend a solution for autoscaling
• Identify resources that require high availability
• Identify storage types for high availability
• Recommend a solution for geo-redundancy of workloads

Module 27 – Design a compute solution
• Recommend a solution for compute provisioning
• Determine appropriate compute technologies, including virtual machines,
App Services, Service Fabric, Azure Functions, Windows Virtual Desktop and
• Recommend a solution for containers
• AKS versus ACI and the configuration or each one
• Recommend a solution for automating compute management

Module 28 – Design a network solution
• Recommend a solution for network addressing and name resolution
• Recommend a solution for network provisioning
• Recommend solutions for network security, private endpoints, firewalls,
• Recommend a solution for network connectivity to the Internet, on-
premises networks, and other Azure virtual networks
• Recommend a solution for automating network management
• Recommend a solution for load balancing and traffic routing

Module 29 – Design an application architecture
• Recommend a microservices architecture including Event Grid, Event Hubs,
Service Bus, Storage Queues, Logic Apps, Azure Functions and webhooks
• Recommend an orchestration solution for the deployment of applications
including ARM templates, Logic Apps or Azure Functions
• Select an automation method
• Choose which resource or lifecycle steps will be automated
• Design integration with other sources as an ITSM solution
• Recommend a solution for monitoring automation
• Recommend a solution API integration
• Design an API gateway strategy
• Determine policies for internal and external consumption of APIs
• Recommend a hosting structure for API management
• Recommend when how to use API Keys

Module 30 – Design Migrations
• Assess and interpret on-premises servers, data, and applications for
• Recommend a solution for migrating applications and VMs
• Recommend a solution for migration of databases
• Determine migration scope, including redundant, related, trivial and
outdated data