Azure solutions architect aligned - 10 focused content sections

AZ-305 Azure Solutions Architect

A structured, learner-friendly pathway through Microsoft Certified: Azure Solutions Architect Expert preparation, covering requirements analysis, identity and governance design, observability, data storage, business continuity, compute, application architecture, networking, migration, and cost-aware Azure solution design in a way that is easier to revise and easier to use.

10 focused sections AZ-305 aligned Architect decision focus Scenario-driven revision Design-led Azure coverage
10
Focused sectionsOne major admin domain at a time
AZ
Exam alignedBuilt around core architect decisions
Design
to executionIdentity, data, continuity, migration
Fast
Quick accessOpen any section instantly

Exam coverage

What This AZ-305 Page Covers

This AZ-305 page is organized into 10 clear sections so learners can revise with structure instead of treating Azure solution architecture as one large block. It covers requirements analysis, identity and governance design, monitoring, data platform choices, resilience planning, compute and application architecture, networking, migration, and cost-aware solution readiness in a more practical and manageable way.

Study tip

Move between requirements, security, data, resilience, compute, and networking during revision so Azure design decisions connect more naturally and architect-level trade-offs become easier to interpret.

Section 1

Architecture Fundamentals and Design Requirements

Practice

Build the architect-level judgement AZ-305 expects before selecting Azure services. This section helps you translate business goals into functional and non-functional requirements, assess workload characteristics, identify constraints, and make defensible trade-off decisions across reliability, security, performance, governance, and cost.

  • Gather business, technical, regulatory, migration, and operational requirements before recommending a solution
  • Separate functional requirements from non-functional requirements such as availability, scalability, performance, security, compliance, cost, and maintainability
  • Assess workload patterns including bursty or steady demand, stateful or stateless behavior, latency sensitivity, and throughput pressure
  • Recognize constraints such as data residency, regional availability, legacy dependencies, delivery timelines, skills, and budget boundaries
  • Apply Azure Well-Architected Framework pillars to design decisions rather than treating Azure services as isolated products
  • Use Cloud Adoption Framework concepts including landing zones, governance, management, and migration planning
  • Evaluate design trade-offs involving consistency, availability, recovery objectives, operational complexity, and total cost
Section 2

Logging Strategy Design

Practice

Learn how to design a logging solution that captures the right signals, routes them to the right destinations, and supports audit, security, troubleshooting, compliance, and cost control. This section focuses on what to log, where logs should go, and why each routing choice matters in an Azure architecture.

  • Differentiate platform logs, resource logs, activity logs, audit logs, security logs, and workload telemetry
  • Identify security-relevant logs such as sign-in logs, audit logs, Key Vault access logs, NSG flow logs, firewall logs, and application events
  • Design Log Analytics workspace strategy using centralized, per-subscription, or per-workload models where appropriate
  • Route diagnostic settings to Log Analytics, Storage accounts, Event Hubs, SIEM platforms, or third-party monitoring tools
  • Use Event Hub as a log streaming backbone for SIEM, SOAR, and external analytics integrations
  • Plan retention, archive, filtering, table selection, and data volume control to manage log cost without losing critical evidence
  • Consider multi-region logging, separation of duties, tenant boundaries, and subscription boundaries in enterprise designs
Section 3

Monitoring and Observability Design

Practice

Prepare to recommend monitoring designs that combine metrics, logs, traces, alerts, dashboards, health signals, and incident response. This section helps candidates understand how Azure Monitor, Application Insights, Service Health, Resource Health, and Sentinel fit into operationally mature solutions.

  • Distinguish platform metrics, log-based insights, distributed traces, dependency telemetry, and user-impact signals
  • Use Azure Monitor for metrics, log queries, alerts, action groups, dashboards, and operational workbooks
  • Design alerting strategies using metric alerts, log alerts, SLO/SLA thresholds, customer-impact signals, and escalation paths
  • Apply action groups for email, SMS, webhook, ITSM, and automation-driven response patterns
  • Use Application Insights for instrumentation, distributed tracing, dependency tracking, and application performance monitoring
  • Understand when Service Health and Resource Health are needed for platform awareness and resource-level diagnostics
  • Integrate security monitoring through Microsoft Sentinel when SIEM correlation, incident management, and advanced detection are required
Section 4

Authentication Design

Practice

Strengthen your ability to recommend secure sign-in architectures for cloud-only, hybrid, internal, external, and customer-facing scenarios. This section focuses on identity models, tenant strategy, MFA, Conditional Access, legacy authentication blocking, and external identity decisions.

  • Compare cloud-only and hybrid identity models and understand where Microsoft Entra ID, synchronization, and identity boundaries matter
  • Evaluate single-tenant and multi-tenant identity approaches based on isolation, administration, compliance, and collaboration requirements
  • Design MFA strategy by user risk, workload sensitivity, privileged access, device status, and business impact
  • Use Conditional Access patterns based on location, device risk, user group, application sensitivity, and session controls
  • Plan legacy authentication blocking to reduce identity compromise risk in modern Azure environments
  • Design B2B collaboration with guest access controls, invitation governance, and lifecycle management
  • Recognize when customer identity or a separate identity architecture is needed for external-facing applications
Section 5

Authorization Design

Practice

Learn how to recommend access-control designs that give users, teams, applications, and administrators the right level of access at the right scope. This section focuses on Azure RBAC, custom roles, least privilege, privileged access, managed identities, service principals, and hybrid authorization considerations.

  • Design Azure RBAC assignments across management groups, subscriptions, resource groups, and individual resources
  • Choose built-in roles or custom roles based on job function, operational need, and least-privilege requirements
  • Model access for platform teams, application teams, auditors, security teams, and managed service providers
  • Use Privileged Identity Management for just-in-time activation, approvals, time-bound access, and access reviews
  • Plan break-glass administrator accounts with controlled use, strong monitoring, and clear emergency procedures
  • Recommend managed identities or service principals instead of shared credentials for applications and automation
  • Consider on-premises authorization patterns, trust boundaries, and secure access paths in hybrid solutions
Section 6

Secrets, Certificates, and Key Management Design

Practice

Design secure handling of secrets, keys, and certificates across applications, platforms, pipelines, and regulated workloads. This section covers Azure Key Vault architecture, access models, rotation, certificate lifecycle, HSM requirements, managed identities, and secure configuration patterns.

  • Design Key Vault boundaries by environment, region, application ownership, sensitivity, and operational model
  • Choose Azure RBAC or vault access policies based on governance, administration, security, and compatibility needs
  • Plan key rotation, secret expiration, certificate renewal, and lifecycle monitoring to reduce operational risk
  • Decide when HSM-backed keys or managed HSM are required for regulatory, security, or key isolation reasons
  • Use managed identities and Key Vault references to prevent secrets from being stored in code, scripts, configuration files, or pipelines
  • Support secure deployment patterns where applications retrieve secrets safely at runtime
  • Align secret, certificate, and key management with auditability, separation of duties, and compliance expectations
Section 7

Governance, Compliance, and Identity Governance Design

Practice

Understand how enterprise Azure environments are structured, controlled, and kept compliant at scale. This section covers management groups, subscriptions, resource groups, tagging, Azure Policy, initiatives, remediation, identity governance, access reviews, entitlement concepts, and separation of duties.

  • Design management group hierarchies that reflect enterprise scale, policy inheritance, compliance boundaries, and administration models
  • Choose subscription strategies based on environment, business unit, workload criticality, ownership, or regulatory boundary
  • Use resource groups by lifecycle, ownership, deployment pattern, and operational management requirements
  • Create tagging strategies for owner, cost center, environment, data classification, workload criticality, and lifecycle status
  • Apply Azure Policy initiatives, assignments, effects, remediation, and compliance reporting to enforce standards
  • Use policy-driven tagging, deny, audit, append, and deployIfNotExists patterns where appropriate
  • Design identity governance through access reviews, lifecycle controls, entitlement concepts, and separation of duties
Section 8

Data Storage Design: Relational Data

Practice

Prepare to recommend relational data platforms based on compatibility, performance, scalability, manageability, resilience, and cost. This section focuses on Azure SQL Database, SQL Managed Instance, SQL Server on Azure VMs, managed PostgreSQL and MySQL, service tiers, scaling patterns, backup, encryption, and failover design.

  • Compare Azure SQL Database, SQL Managed Instance, and SQL Server on Azure VMs using compatibility, administration, migration, and control requirements
  • Recognize when Azure Database for PostgreSQL or Azure Database for MySQL is a better architectural fit
  • Select service tiers, compute tiers, provisioned models, serverless models, and sizing approaches based on workload behavior
  • Design vertical scaling, read replicas, sharding concepts, and elastic pool patterns for performance and cost optimization
  • Plan backup strategy, point-in-time restore, long-term retention, and operational recovery requirements
  • Use encryption at rest and in transit as part of secure relational data architecture
  • Tie geo-replication and failover choices to RPO, RTO, availability, regional strategy, and business continuity needs
Section 9

Data Storage Design: Semi-Structured, Unstructured, Integration, and Analytics

Practice

Learn how to choose storage and analytics architectures for documents, key-value data, large files, data lakes, ingestion pipelines, streaming patterns, reporting, and analytical workloads. This section connects data shape, access pattern, protection, durability, performance, cost, and downstream analysis.

  • Use Cosmos DB-style design thinking for global distribution, partitioning, consistency, and semi-structured access patterns
  • Compare document, key-value, and wide-column data models at a scenario and architecture level
  • Choose Blob Storage, Data Lake Storage Gen2, or Azure Files based on analytics needs, hierarchical namespace, file sharing, and application access patterns
  • Select redundancy options such as LRS, ZRS, GRS, and GZRS based on durability, availability, recovery, and regional requirements
  • Design hot, cool, and archive tiering with lifecycle policies to balance performance and cost
  • Protect data using soft delete, versioning, immutability, replication, and backup concepts with clear design intent
  • Recommend batch, streaming, ETL, ELT, pipeline, messaging, warehouse, lakehouse, BI, API, and ML-serving patterns where appropriate
Section 10

Business Continuity and Infrastructure: HA/DR, Compute, App Architecture, Network, and Migration

Practice

Complete the AZ-305 syllabus with the combined architecture decisions that support resilient, scalable, secure, and migration-ready Azure solutions. This section covers backup, disaster recovery, high availability, compute selection, application architecture, integration, caching, deployment, migration, connectivity, network security, and traffic routing.

  • Translate RPO and RTO targets into backup, recovery, replication, failover, and high availability designs
  • Design availability for compute, relational data, semi-structured data, unstructured data, hybrid workloads, and multi-region solutions
  • Select VM-based, container-based, serverless, and batch compute options based on control, scaling, operational effort, and workload behavior
  • Design application architecture using messaging, event-driven patterns, API integration, caching, configuration management, and automated deployment
  • Assess servers, applications, databases, and unstructured data for migration using Cloud Adoption Framework-aligned thinking
  • Recommend migration approaches for IaaS, PaaS, databases, files, and phased modernization scenarios
  • Design Internet connectivity, VPN, ExpressRoute, private access, segmentation, firewalling, WAF, routing, acceleration, load balancing, and global or regional traffic distribution

This 10-section structure supports stronger AZ-305 preparation by breaking Azure solution architecture into manageable domains while still showing how requirements, governance, security, data, continuity, compute, networking, migration, and cost control connect across the platform.

AZ-305 aligned 10-section layout Architecture focus Targeted revision
Begin revising

Choose an AZ-305 Practice Section

Open any section directly to begin focused revision. Topic-based practice makes it easier to strengthen weak areas, connect services, and build confidence with architect-level Azure scenarios.

Architecture Fundamentals and Design Requirements Logging Strategy Design Monitoring and Observability Design Authentication Design Authorization Design Secrets, Certificates, and Key Management Design Governance, Compliance, and Identity Governance Design Data Storage Design: Relational Data Data Storage Design: Semi-Structured, Unstructured, Integration, and Analytics Business Continuity and Infrastructure: HA/DR, Compute, App Architecture, Network, and Migration

Each section opens in a new tab so learners can move easily between notes, review, and targeted AZ-305 practice.

AZ-305 preparation overview

Why this AZ-305 page is stronger and easier to use

This page does more than list Azure topic headings. It gives learners a practical revision pathway through the major solutions architect domains, with clearer organization, stronger user-facing text, and faster movement from topic overview to focused practice.

The structure separates Azure solution design into recognizable domains so learners can quickly identify whether they need to review requirements, governance, monitoring, data platform choices, continuity planning, networking, migration, or application architecture.

This is especially useful for learners who want a more manageable way to revise AZ-305, strengthen service-to-service understanding, and improve their ability to interpret real architect scenarios instead of memorizing isolated facts.

Design FoundationsStrengthen core understanding of requirements analysis, governance boundaries, identity strategy, and architect trade-offs.
Solution ArchitectureImprove handling of data platforms, continuity patterns, compute choices, application design, networking, and migration in realistic Azure scenarios.
Structured PreparationUse the 10-section format to revise deliberately instead of treating Azure architecture as one undefined mass.

Why this structure works for learners

Better diagnosis of weak areasSection-based study helps learners see whether difficulties come from requirements analysis, identity, governance, data design, continuity planning, networking, or migration strategy.
More efficient revision flowLearners can alternate among governance, data, continuity, networking, and application design topics for a more balanced Azure preparation routine.
Stronger exam readinessFocused topic review supports better service recognition, scenario interpretation, and confidence across AZ-305 architect questions.

Have questions?

Frequently Asked Questions

These short answers explain how to use the AZ-305 page effectively.

What is the purpose of this AZ-305 page?

This page gives learners a structured overview of the major AZ-305 areas before they move into section-based practice. It helps break Azure solution architecture into clearer, more manageable domains for revision.

How should I use the 10 sections on this page?

Start with one section at a time, complete the practice for that section, review the explanations, and then move to the next area. After covering all sections, return to weaker domains for more targeted revision.

Do the practice links open in a new tab?

Yes. Each section is set to open in a new tab so you can move easily between revision notes, topic overview, and focused practice.

Is this page useful even if I already studied AZ-305 once?

Yes. The page works well as a revision map because it lets you return quickly to weak areas such as governance design, data platform selection, resilience planning, networking strategy, or migration readiness without restarting your entire study flow.