My Microsoft Azure solution architect expert [AZ-305] journey

Fabiani Raquel TOUOYEM
4 min readAug 30, 2023

--

Among all the Microsoft Azure certs, the AZ-305 is certainly the most difficult. This exam is well described on the Microsoft learn page that you can found here. The Az-305 is designed for those who have a subject matter expertise in designing, securing and operating in Azure hybrid solutions. Let me share my certification journey:

1- Step 1:Azure AZ-104 administrator Associate

Since the prerequisite of taking az-305 is Azure administrator associate, i started my learning journey in Febuary 2023.According to the exam guide, the most relevant services to be mastered before taking the exam, per section:

a-Networking

In this section you must master azure network services and solutions. Azure Vnet is the core service and a network background is a must here.A Vnet is an isolated zone within your Azure cloud infrastructure where you can deploy all your services and control network flows to/from your services. The AZ-104 is focusing on IP subnetting, Vnet Peering, network monitoring, network security group (NSG), Load balancing services. A little overview of Azure Express route is also embedded in the learning path. You must master how those network services work, and how to operate them using Azure console, Azure CLI and PowerShell commands.

b-Storage

Azure storage account is highly tackled in the learning path. the Exam is focusing on how to manage and operate different storage services (block, blob, files, queue…). It’s also very important to understand services tiers available for each of those storage type, in terms of resilience, availability and security. You must dive deep on how share access signature works and how to manage access control to those services using Azure AD, using PowerShell, Azure Console.

c-Compute

This is a very strong section to tackle in the exam preparation since many compute core services are available, depending of the application needs in terms of performance, availability, security and cost. I strongly recommend to master the following organigram that will help you to choose which compute service to choose depending of the workload type:

Compute services workflow (source:https://learn.microsoft.com/fr-fr/azure/architecture/guide/technology-choices/compute-decision-tree)

You must also master how to manage log and insights for each of those services.

d- Identity management

Another big session, based on Azure core IAM service, Azure AD. You need to understand how roles and privileges are assigned to existing/new users, how to integrate Azure AD and Active Directory in an hybrid environment, how to manage privileges accounts, managed identities.You need also to understand how external users (partners, contractors…) can access your organisation services with Azure B2B, or how customers can access your apps with B2C integration.

e-Security

Security is a big topic also, since it’s the main concern for every organisation concern on public cloud. For AZ-104 you mus have security in mind, for every service you too to deploy (network flow filtering, trafic encryption with TLS, data encryption at rest, incident management, IAM, application security). Core services are Azure key vault to store your keys, certificates and secrets. You must also master how to operate data encryption on SQL databases with TDE.

e-Governance

You need ton understand how resources can be organized in an Azure tenant. Management groups, subscriptions, resources groups are core services here and you need to understand how access control and Azures policies are managed withing this organisation.

The main resource i used to prepare the AZ-104 are:

2- Step 2: Azure AZ-305 (Designing Microsoft Azure Infrastructure Solutions)

This exam is the second and last step to handle to have the Solution Architect expert certification. It’s focusing on architecting Azure solution in an hybrid environment.I strongly suggest you to understand the Microsoft well architected framework, which exposes best practices for designing and integrating a sustainable azure infrastructure in terms of reliability, security, cost management, performance, operational excellence.

The AZ-305 dives deeper on core azure services like:

Compute: Web apps, Azure Kubernetes Services, Azure Functions, Azure batch.

Identity and governance: Privileges Identity Management, Azure policy, Access reviews, Conditional access policies, Azure B2B and B2C,Azure tags, management groups and suscriptions.

Structured data management services:Azure SQL. For this section i strongly recommend to have a dedicated learning session on Azure SQL services. You need a deep undestanding of Azure SQL, Azure SQL managed instance and Azure SQL on VM and associated services tiers for different azure SQL offers(DTU vs vCore). You need to understand scaling mechanism available (Elastics pools, sharding).

Unstructured data management services: this includes Cosmos DB, Azure Blobstorage.

Security: You need to understand high availability mechanism available for Azure Key Vault. Azure Firewall and Azure security services like security groups, data encryption mus also be mastered for you to be comfortable with the exam.

Since the Exam is focusing on Hybrid Azure environment, you need to understand Azure Migration services like Azure Migrate, Hybrid networking services like Azure Express Route and its different services tiers, Azure VPN S2S, Azure Client VPN, Azure Bastion, Azure Data migration service, Azure DataFactory, Azure Database migration services (you need to dedicate learning sections to this also)

The Exam itself is very though and a strong preparation is nessecary, since its an expert level certification. Don’t count the time, train yourself until you are ready.

The resources i used are:

You can find my certification link:

AZ-104,Microsoft Certified: Azure Administrator Associate:https://learn.microsoft.com/api/credentials/share/en-us/FabianiRaquelTOUOYEM-3370/A4C05AC82DA07A17?sharingId=D8FA1506919C3D5

AZ-305:Microsoft Certified: Azure Solutions Architect Expert:https://learn.microsoft.com/api/credentials/share/en-us/FabianiRaquelTOUOYEM-3370/5FBD36F4A3E802D4?sharingId=D8FA1506919C3D5

Feel free to share your comments.

--

--

Fabiani Raquel TOUOYEM
0 Followers

Cloud and Cybersecurity Architect, with more than 11 years designing and improving customers cloud journey and securing critical services.