AZ-304: Microsoft Azure Architect Design

Important - this course will retire and  be replaced by AZ-305

The AZ-304 course and AZ-304 exam will be retired from Microsoft 31 March 2022. The course will be replaced by a new and updated course for Azure Architects:

AZ-305: Microsoft Azure Architect Design

Check out the new paths towards earning the 

Azure Solutions Architect Expert certification





This course teaches Solutions Architects how to translate business requirements into secure, scalable, and reliable solutions. Lessons include design considerations related to logging, cost analysis, authentication and authorization, governance, security, storage, high availability, and migration. This role requires decisions in multiple areas that affect an overall design solution.

Skills gained from this course

  • Recommend solutions to minimize costs
  • Recommend a solution for Conditional Access, including multi-factor authentication
  • Recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect
  • Recommend a solution for using Azure Policy
  • Recommend a solution that includes KeyVault and Azure AD Managed Identities
  • Recommend a storage access solution
  • Design an Azure Site Recovery solution
  • Recommend a solution for autoscaling, containers and network security
  • Recommend a solution for migrating applications and VMs
  • Recommend a solution for migration of databases


This course is for IT Professionals with expertise in designing and implementing solutions running on Microsoft Azure. They should have broad knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance. Candidates must have expert-level skills in Azure administration and have experience with Azure development processes and DevOps processes.


  • Understanding of on-premises virtualization technologies, including: VMs, virtual networking, and virtual hard disks.
  • Understanding of network configuration, including TCP/IP, Domain Name System (DNS), virtual private networks (VPNs), firewalls, and encryption technologies.
  • Understanding of Active Directory concepts, including domains, forests, domain controllers, replication, Kerberos protocol, and Lightweight Directory Access Protocol (LDAP).
  • Understanding of resilience and disaster recovery, including backup and restore operations.

Course content

Module 1: Design for Cost Optimization

In this module, you will learn how to optimize costs from recommendations, breakdown costs by Azure Service, and download and review usage details. 01-View:

  • Recommend Solutions for Cost Management
  • Recommended Viewpoints for Minimizing Costs

Module 2: Design a Solution for Logging and Monitoring

In this module, you will learn about Azure Monitor, Azure Application Insights, and Azure Sentinel. You will be able to monitor Azure Resources with Azure Monitor and collect and analyze resource Logs for Azure:

  • Azure Monitoring Services
  • Azure Monitor

Module 3: Design Authentication

In this module, you will learn to implement Conditional Access and Azure Multi-Factor Authentication and also be able to recommend an Authentication Methodology for Hybrid Identity:

  • Recommend a Solution for Multi-Factor Authentication
  • Recommend a Solution for Single-Sign On (SSO) 
  • Five Steps for Securing Identity Infrastructure
  • Recommend a Solution for a Hybrid Identity
  • Recommend a Solution for B2B Integration

Module 4: Design Authorization

In this module, you will learn how to provide Identities to services and understand the hierarchy of Management Groups and Subscriptions:

  • Infrastructure Protection
  • Recommend a Hierarchical Structure for Management Groups, Subscriptions and Resource Groups

Module 5: Design Governance

In this module, you will learn to apply an Azure Policy, Identify non-compliant resources, and manage tag governance with Azure Policy.

  • Recommend a Solution for using Azure Policy
  • Recommend a Solution for using Azure Blueprint

Module 6: Design Security for Applications

In this module, you will understand Azure Key Vault availability and redundancy, managed Identities for Azure resources. Also, learn about system-assigned Managed Identity and Azure VMs.

  • Recommend a Solution using KeyVault
  • Recommend a Solution using Azure AD Managed Identities

Module 7: Design a Solution for Databases

In this module, you will be able to recommend the appropriate data store and recommend Azure SQL Database and Azure SQL Managed Instance Service tiers.

  • Select an Appropriate Data Platform Based on Requirements
  • Overview of Azure Data Storage
  • Recommend Database Service Tier Sizing
  • Dynamically Scale Azure SQL Database and Azure SQL Managed Instances
  • Recommend a Solution for Encrypting Data at Rest, Transmission, and In Use

Module 8: Design Data Integration

In this module, you will learn about data flows using Azure Data Factory and Azure Synapse Analytics architecture.

  • Recommend a Data Flow
  • Recommend a Solution for Data Integration

Module 9: Select an Appropriate Storage Account

In this module, you will learn about recommend a design a strategy for using tiered storage and manage tiered Storage using Azure tools.

Understanding Storage Tiers
Recommend a Storage Access Solution
Recommend Storage Management Tools

Module 10: Design a Solution for Backup and Recovery
In this module, you will learn about solutions for site recovery capacity and site failover and failback. You will be able to recommend solutions for recovery in different regions.

Recommend a Recovery Solution for Hybrid and On-Premises Workloads
Design and Azure Site Recovery Solution
Recommend a Solution for Recovery in Different Regions
Recommend a Solution for Azure Backup Management
Design a Solution for Data Archiving and Retention

Module 11: Design for High Availability
In this module, you will learn about solutions for application and workload redundancy, including compute, database, and storage.

Recommend a Solution for Application and Workload Redundancy
Recommend a Solution for Autoscaling
Identify Resources that Require High Availability
Identify Storage Tpes for High Availability
Recommend a Solution for Geo-Redundancy of Workloads

Module 12: Design a Compute Solution
In this module, you will learn about the appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers.

Recommend a Solution for Compute Provisioning
Determine Appropriate Compute Technologies
Recommend a Solution for Containers
Recommend a Solution for Automating Compute Management

Module 13: Design a Network Solution
In this module, you will learn about solutions for network addressing and name resolution, network provisioning, and network security.

Recommend a Solution for Network Addressing and Name Resolution
Recommend a Solution for Network Provisioning
Recommend a Solution for Network Security
Recommend a Solution for iInternete Connectivity and On-Premises Networks,
Recommend a Solution for Automating Network Management
Recommend a Solution for Load Balancing and Rraffic Routing

Module 14: Design an Application Architecture
In this module, you will learn about solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions. You will also learn about microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks.

Recommend a Microservices Architecture
Recommend an Orchestration Solution for Deployment of Applications
Recommend a Solution for API Integration

Module 15: Design Migrations
In this module, you will learn about recommend a solution for migrating applications and VMs and a solution for migration of databases.

Assess and On-Premises Servers and Applications for Migration
Recommend a Solution for Migrating Applications and VMs
Recommend a Solution for Migration of Databases

Certification - important information about changes!

This course will prepare you for the exam AZ-304: Microsoft Azure Architect Design.
NOTE! Exam AZ-304 will retire 31 March 2022.

This exam is part of the Microsoft Certified: Azure Solutions Architect Associate certification

Read this blog post about the certification changes:

Reimagining the Azure Solutions Architect Expert certification