The AZ-304 Microsoft Azure Architect Design certification exam tests and validates your expertise as an Azure Solutions Architect.
EXAM IS RETIRED: This exam has been retired, and replaced with the AZ-305 exam.
Certification Target Audience
The AZ-304 Microsoft Azure Architecture Design certification exam is geared towards Azure Solution Architects who advise stakeholders and translate business requirements into secure, scalable, and reliable solutions.
Overall, this exam tests a cross-cutting set of expertise in the areas of Azure Administration, Azure Development, and DevOps. It is recommended to have expert-level skills in at least one of these 3 expertise areas.
Exam Objective Domains
Here is a list of the skills and objective domains measured on the AZ-304 Microsoft Azure Architect Design certification exam. The percentages next to each objective area represents the number of questions in that objective area on the exam.
Design Monitoring (10-15%)
- Design for cost optimization
- recommend a solution for cost management and cost reporting
- recommend solutions to minimize costs
- Design a solution for logging and monitoring
- determine levels and storage locations
- plan for integration with monitoring tools including Azure Monitor and Azure Sentinel
- recommend appropriate monitoring tool(s) for a solution
- choose a mechanism for event routing and escalation
- recommend a logging solution for compliance requirements
- NOT: resource-specific monitoring. This objective should ONLY cover the all-up holistic monitoring strategy
Design Identity and Security (25-30%)
- Design authentication
- recommend a solution for single-sign on
- recommend a solution for authentication
- recommend a solution for Conditional Access, including multi-factor authentication
- recommend a solution for network access authentication
- recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect Health
- recommend a solution for user self-service
- recommend and implement a solution for B2B integration
- NOT: federation with ADFS
- Design authentication
- choose an authentication approach
- recommend a hierarchical structure that included management groups, subscriptions and resource groups
- recommend an access management solution including RBAC policies, access reviews, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) access
- Design governance
- recommend a strategy for tagging
- recommend a solution for using Azure Policy
- recommend a solution for using Azure Blueprint
- Design security for applications
- recommend a solution that included KeyVault
- what can be stored in KeyVault
- KeyVault operations
- KeyVault regions
- recommend a solution that includes Azure AD Management Identities
- recommend a solution for integrating applications into Azure AD
- recommend a solution that included KeyVault
Design Data Storage (15-20%)
- Design a solution for databases
- select an appropriate data platform based on requirements
- recommend database service tier sizing
- recommend a solution for database scalability
- recommend a solution for encrypting data at rest, data in transmission, and data in use
- NOT: data caching
- NOT: MariaDB, PostgreSQL, MySQL
- Design data integration
- recommend a data flow to meet business requirements
- recommend a solution for data integration, including Azure Data Factory, Azure Databricks, Azure Data Lake, Azure Synapse Analytics
- Select an appropriate storage account
- choose between storage tiers
- recommend a storage access solution
- recommend storage management tools
Design Business Continuity (10-15%)
- Design a solution for backup and recovery
- recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)
- design an Azure Site Recovery solution
- recommend a site recovery replication policy
- recommend a solution for site recovery capacity
- recommend a solution for site failover and fallback (planned / unplanned)
- recommend a solution for the site recovery network
- recommend a solution for recovery in different regions
- recommend a solution for Azure Backup management
- design a solution for data archiving and retention
- recommend storage types and methodology for data archiving
- identify business compliance requirements for data archiving
- identity requirements for data archiving
- identify SLA(s) for data archiving
- recommend a data retention policy
- Design for high availability
- recommend a solution for application and workload redundancy, including compute, database, and storage
- recommend a solution for autoscaling
- identify resources that require high availability
- identify storage types for high availability
- recommend a solution for geo-redundancy of workloads
Design Infrastructure (25-20%)
- Design a compute solution
- recommend a solution for compute provisioning
- determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
- recommend a solution for containers
- AKS versus ACI and the configuration of each one
- recommend a solution for automating compute management
- NOT: monitoring, backups, recovery, availability, security, storage; VMWare
- Design a network solution
- recommend a solution for network addressing and name resolution
- recommend a solution for network provisioning
- recommend a solution for network security
- private endpoints
- firewalls
- gateways
- etc.
- recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
- recommend a solution for automating network management
- recommend a solution for load balancing and traffic routing
- Design an application architecture
- recommend a microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks
- recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions
- select an automation method
- choose which resource or lifecycle steps will be automated
- design integration with other sources such as an ITSM solution
- recommend a solution for monitoring automation
- recommend a solution for API integration
- design an API gateway strategy
- determine policies for internal and external consumption for APIs
- recommend a hosting structure for API management
- recommend when and how to use API Keys
- Design migrations
- assess and interpret on-premises servers, data, and applications for migration
- recommend a solution for migrating applications and VMs
- recommend a solution for migration of databases
- determine migration scope, including redundant, related, trivial, and outdated data
To view the full list of exam objectives, please reference the official AZ-301 exam objectives PDF from Microsoft. Currently, it’s released in the same document as the AZ-301 objectives, until the official release of the AZ-304 exam expected in March 2020.
Azure Architect Design Training Courses
With the AZ-304 Azure Architect Design exam objectives just recently being announced, and the exam not yet being available, there aren’t any specific video courses that target this new exam just yet. Although, with this exam being a replacement for the similar AZ-301 Azure Architect Design certification exam, you could begin studying for this exam now by utilizing existing AZ-301 training courses and comparing them to the AZ-304 exam objectives as your guided study path.
NOTE: The AZ-304 exam is a replacement for the AZ-301 Microsoft Azure Architect Design certification exam. Instead of a straight replacement, Microsoft has a 90-day phased release schedule where both exams will be available until AZ-301 is finally retired on or around September 30, 2020.
Azure Solutions Architect Expert Certification
This is one of a total of 2 exams required to pass in order to earn the Microsoft Certified: Azure Solutions Architect Expert certification. The other exam is the AZ-303 Microsoft Azure Architect Technologies certification exam. Once you pass both of these individual exams, then you will earn the full Microsoft Certified: Azure Solutions Architect Expert certification.
Happy Studying!
About the Author
Chris Pietschmann
Chris Pietschmann is a Microsoft MVP, HashiCorp Ambassador, and Microsoft Certified Trainer (MCT) with 20+ years of experience designing and building Cloud & Enterprise systems. He has worked with companies of all sizes from startups to large enterprises. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.
Terraform: If/Else Conditional Resource and Module Deployment
Azure Functions: Extend Execution Timeout Past 5 Minutes
IPv4 Address CIDR Range Reference and Calculator
Terraform: Import Existing Azure Resource Group
Terraform: Use for_each to deploy multiple resources
Hi,
Thanks for great content as always!
Might be typo at the end “Once you pass both…” (instead of “One you pass…”)
Thanks for catching this. It’s fixed. 🙂
Did you mean “NOT:” as “NOTE:” in above?
I’m sorry but a lot of text in above makes the certification more confusing.
That is correct. Thanks for catching this, it’s fixed. 🙂
What if one has passed AZ-300? Does one need to quickly pass AZ-301 as well, before it get’s retired?
Or could one try to pass AZ-304 instead to achieve the Azure Solutions Architect Expert certification?
Currently, Microsoft hasn’t stated whether you will be able to mix the old and new exams to earn the full certification. As it stands, you will need to pass AZ-301 before it’s retired to earn the cert while keeping your AZ-300 pass counting. Only time will tell if Microsoft states any ability to mix the new and old certs passed to earn the certification. This is a common concern from many people.
Has Microsoft released an update on the previous comment:
What if one has passed AZ-300? Does one need to quickly pass AZ-301 as well, before it get’s retired?
Or could one try to pass AZ-304 instead to achieve the Azure Solutions Architect Expert certification?
Sorry, there has not been any official statement from Microsoft that you could mix the old and new exams. You will need to pass either both old exams before they are retired, or both new exam in order to earn the full certification.
How can I register for AZ-304 and AZ-303 Exams? I only see registration button on old exams,
while notice states that new exams will be held 29.06 till 31.09, which is exactly the period I was planning to take exam.
There is a notice that the AZ-303 and AZ-304 exams will be available on or around June 29, 2020.
Microsoft have stated you can indeed gain certification by passing the new AZ-304 after having passed the AZ-301…ref https://trainingsupport.microsoft.com/en-us/mcp/forum/all/mixing-az-300-az-304-will-i-still-get/6c0db22b-0d3e-41f2-acef-5845b5960568
Interesting. I have not seen this posted in any official Microsoft Certification channels. This would be a good thing for those pursuing the certification as the exams change, but I’m uncertain of the reliability of this information. I would recommend still contacting Microsoft directly with any questions regarding this just to be certain before taking the exams you think you need.