AZ-300 Azure Architect Technologies Certification

8 minute read

I took AZ-300 exam today and cleared it , this was my first-ever official certification ever. Not that I didn’t value them earlier, was never motivated to take one. Even though I have around 5 years of solid experience in developing/architecting solutions on Azure, I hadn’t read or worked on many of the services that Azure has. Studying for the above said certification definitely helped in brushing and also exploring newer services that Azure has to offer.

Exam format was very simple and most of the questions were case study based, hence your experience on the subject do matter. I wanted to share some of the notes that I had made while preparing for the exam topicwise.

A big thanks to Gregor Suttie’s curated list of links to study, I have added a few myself along with some highlights.

Deploy and Configure Infrastructure (25-30%)

Analyze resource utilization and consumption

Configure diagnostic setting on resources

Create baseline for resources - Metrics alerts

Create and raise alerts; analyse alerts across subscription

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-metric

Monitor for unused resources

https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
Advisor benefits are :
- Get proactive, actionable and personalized best practices
- Improve performance, security and high availability
- Proposed actions inline
Categories
- High Availability
- Security - Security advisor recommendations
- Performance
  - Db performance with SQL db advisor
  - App Service performance and reliabilty
  - Use managed disks
  - Premium storage
Cost - Cost management advisor (applicable only for enterprise agreement)
- Virtual machine resizing : <5% CPU for 14 day
- Express route circuts
- Idle virtual network gateways
- Reserved instances vs pay as you go

Monitor spend; report on spend

https://docs.microsoft.com/en-us/azure/billing/billing-getting-started You have to be account admin to see billing, ways to monitor your costs

Add tags to your resources to group your billing data
Regularly check the portal for cost breakdown and burn rate
Consider enabling cost cutting features like auto shutdown for VMs
Turn on and check on azure advisor recommendations

Utilize Log Search query functions

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview Log queries are used

Portals
Alert rules
Dashboards
Views
Export
Powershell
Log Analytics API
Application insights portal

Create and configure storage accounts

Create and configure Storage account

https://docs.microsoft.com/en-us/azure/storage/common/storage-quickstart-create-account?tabs=azure-portal

Configure network access to storage account

https://azure.microsoft.com/en-gb/blog/announcing-virtual-network-integration-for-azure-storage-and-azure-sql/

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

Firewall rules and Vnet endpoints
SAS token generated for IP address do not grant access beyond the configured Vnet rules
Virtual machine disk traffic is not affected by network rules but REST access to blobs are
Vnet service endpoint for azure storage
Only primary and paired region Vnets are allowed. i.e. A storage account created in central india can have Vnet created in central india and south india, across subscriptions under same tenant id

Monitor activity log by using Log Analytics

Storage account comprising of Diagnostic logs are added by default

Generate shared access signature

https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1

Account SAS

Service SAS

Storage Replication

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

Locally-redundant storage (LRS) - 1 instance in datacenter (11 9’s)
Zone-redundant storage (ZRS) - 3 instances in same datacenter but different zones (12 9’s)
Geo-redundant storage (GRS) - 2 instances in different regions (16 9s)
Read-access GRS - 2 instance in different region with read access on secondary regions (16 9’s), In GRS RPO is less than 15 mins

Install and use Azure Storage Explorer

https://azure.microsoft.com/en-gb/features/storage-explorer/

Manage access keys

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-storage-keys

Create and configure a VM for windows and linux

VMs Important

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-manage-vm

Disks
- OS Disk - Created by default, can go up to 2 TB, should not be used for applications and data
Temporary Disk
- Created by default, size based on VM size, not for data used by application to process faster. SSD
Data Disks
- Not created by default, should be used to install applications and store data. For each VM’s vCPU 4 data disks can be attached
Standard (HDD) disk and Premium (SSD) disks

Boot diagnostics are not enabled by default must be configured while creating the VM
Host Metrics are collected by default and can be viewed from portal
Diagnostic extension needs to be enabled (“Enable guest level monitoring” ) to collect VM metrics and can be viewed from portal
Updates to VM can be managed using OMS solution and Hybrid worker concept

Automate deployment of Virtual Machines (VMs)

Modify Azure Resource Manager (ARM) template

https://docs.microsoft.com/en-us/azure/devops/pipelines/apps/cd/azure/build-azure-vm-template?view=azdevops&viewFallbackFrom=vsts

https://github.com/Azure/azure-quickstart-templates

https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/allversions

Configure location of new VMs

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-manage-vm

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-portal

Configure VHD template

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sa-create-vm-specialized

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/create-vm-specialized

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image

Deploy from template, Save a deployment as a template

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/ps-template

Deploy windows and linux VMs

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/download-template

Create connectivity between virtual networks

Create and configure VNET peering; create and configure VNET to VNET

For peering Vnet should be in the same region
Should not have overlapping IP Addresses
No derived transitive relationship

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

Verify virtual network connectivity;

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal#VerifyConnection

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Create a virtual network gateway

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

Implement and manage virtual networking

Configure private and public IP addresses

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-deploy-static-pip-arm-portal

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-static-private-ip-arm-pportal

Network routes

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

Configure network interfaces

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-addresses

Configure subnets, and virtual network

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-subnet

Manage Azure Active Directory (AD)

Add custom domains

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming

https://docs.microsoft.com/en-gb/azure/active-directory/identity-protection/enable

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview

https://docs.microsoft.com/en-gb/azure/active-directory/user-help/user-help-join-device-on-network

https://docs.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-overview

configure self-service password reset

https://docs.microsoft.com/en-gb/azure/active-directory/authentication/concept-sspr-howitworks

Implement conditional access policies

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

Manage multiple directories

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-administer#how-can-i-add-and-manage-multiple-directories

Perform an access review

https://docs.microsoft.com/en-gb/azure/active-directory/governance/access-reviews-overview

Implement and manage hybrid identities

Install and configure Azure AD Connect

https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/whatis-hybrid-identity

Configure federation and single sign on

https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn

Manage AD connect

https://docs.microsoft.com/en-gb/azure/active-directory/hybrid/how-to-connect-install-express

manage password sync and writeback

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-writeback

Implement Workloads and Security (20-25%)

Migrate servers to Azure

Migrate by using ASR, Migrate using P2V, configure storage account

https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure

https://channel9.msdn.com/Series/Azure-Site-Recovery/Hyper-V-to-Azure-with-ASR-Video1-Infrastructure-Setup

Create a backup vault

https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure#create-a-recovery-services-vault

Prepare source and target environments

https://docs.microsoft.com/en-us/azure/site-recovery/migrate-tutorial-on-premises-azure#set-up-the-source-environment

Backup and restore data

https://docs.microsoft.com/en-us/azure/backup/backup-azure-recovery-services-vault-overview

Deploy Azure Site Recovery (ASR) agent

https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-tutorial#install-the-provider

Prepare virtual network

https://docs.microsoft.com/en-us/azure/site-recovery/tutorial-prepare-azure#set-up-an-azure-network

Configure Serverless Computing

Create and manage objects

https://azure.microsoft.com/en-gb/overview/serverless-computing/

Manage a logic app resource

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview Do a little bit of hands-on

Workflow oriented
Trigger and Actions
Ton of connectors including enterprise applications such as SAP https://docs.microsoft.com/en-us/azure/azure-functions/functions-compare-logic-apps-ms-flow-webjobs

Manage Azure function app settings

https://docs.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-azure-function-app-settings

Manage Eventgrid

https://docs.microsoft.com/en-us/azure/event-grid/overview Webhook triggers need validation for custom endpoints through validation code or ValidationURL