- Module 1: Design Monitoring (10-15%)
- Module 2: Design Identity and Security (25-30%)
- Module 3: Design Data Storage (15-20%)
- Module 4: Design Business Continuity (10-15%)
- Module 5: Design Infrastructure
Module 1: Design Monitoring (10-15%)
Design for cost optimization
- Recommend a solution for cost management and cost reporting
- Recommend solutions to minimize costs
Design a solution for logging and monitoring
- Determine levels and storage locations for logs
- Plan for integration with monitoring tools including Azure Monitor and Azure Sentinel Recommend appropriate monitoring tool(s) for a solution
- Choose a mechanism for event routing and escalation
- Recommend a logging solution for compliance requirements
Module 2: Design Identity and Security (25-30%)
Design authentication
- Recommend a solution for single-sign on
- Recommend a solution for authentication
- Recommend a solution for Conditional Access, including multi-factor authentication Recommend a solution for network access authentication
- Recommend a solution for a hybrid identity including Azure AD Connect and Azure AD Connect Health
- Recommend a solution for user self-service
- Recommend and implement a solution for B2B integration
- NOT: federation with ADFS
Design authorization
- Choose an authorization approach
- Recommend a hierarchical structure that includes management groups, subscriptions and resource groups
- Recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) access
Design governance
- Recommend a strategy for tagging
- Recommend a solution for using Azure Policy
- Recommend a solution for using Azure Blueprint
Design security for applications
- Recommend a solution that includes KeyVault
What can be stored in KeyVault
- KeyVault operations
- KeyVault regions
Recommend a solution that includes Azure AD Managed Identities
Recommend a solution for integrating applications into Azure AD
Module 3: Design Data Storage (15-20%)
Design a solution for databases
- Select an appropriate data platform based on requirements
- Recommend database service tier sizing
- Recommend a solution for database scalability
- Recommend a solution for encrypting data at rest, data in transmission, and data in use
Design data integration
- Recommend a data flow to meet business requirements
- Recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics
Select an appropriate storage account
- Choose between storage tiers
- Recommend a storage access solution
- Recommend storage management tools
Module 4: Design Business Continuity (10-15%)
Design a solution for backup and recovery
- Recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)
- Design and Azure Site Recovery solution
- Recommend a site recovery replication policy
- Recommend a solution for site recovery capacity
- Recommend a solution for site failover and failback (planned/unplanned)
- Recommend a solution for the site recovery network
- Recommend a solution for recovery in different regions
- Recommend a solution for Azure Backup management
- Design a solution for data archiving and retention
- Recommend storage types and methodology for data archiving
- Identify business compliance requirements for data archiving
- Identify requirements for data archiving
- Identify SLA(s) for data archiving
- Recommend a data retention policy
Design for high availability
- Recommend a solution for application and workload redundancy, including compute, database, and storage
- Recommend a solution for autoscaling
- Identify resources that require high availability
- Identify storage types for high availability
- Recommend a solution for geo-redundancy of workloads
Module 5: Design Infrastructure (25-30%)
Design a compute solution
- Recommend a solution for compute provisioning
- Determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
- Recommend a solution for containers
- AKS versus ACI and the configuration of each one
- Recommend a solution for automating compute management
Design a network solution
- Recommend a solution for network addressing and name resolution
- Recommend a solution for network provisioning
- Recommend a solution for network security
- Private endpoints
- Firewalls
- Gateways
- Recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
- Recommend a solution for automating network management
- Recommend a solution for load balancing and traffic routing
Design application architecture
- Recommend a microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks
- Recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions
- Select an automation method
- Choose which resources or lifecycle steps will be automated
- Design integration with other sources such as an ITSM solution
- Recommend a solution for monitoring automation recommend a solution for API integration
- Design an API gateway strategy
- Determine policies for internal and external consumption of APIs
- Recommend a hosting structure for API management
- Recommend when and how to use API Keys
Design migrations
- Assess and interpret on-premises servers, data, and applications for migration
- Recommend a solution for migrating applications and VMs
- Recommend a solution for migration of databases
- Determine migration scope, including redundant, related, trivial
- Determine migration scope, including redundant, related, trivial