This video provides guidance for the AZ-305, Designing Microsoft Azure Infrastructure Solutions exam and an overview of all key content. This is the final step in the new path for the Azure Solutions Architect Expert certification.

🔎 Looking for content on a particular topic? Search the channel. If I have something it will be there!

▬▬▬▬▬▬  C H A P T E R S ⏰  ▬▬▬▬▬▬
0:00 - Introduction
0:35 - Path to Architect certification
4:00 - Exam structure
7:43 - Identity, governance and monitoring
8:00 - Core Azure structure
13:52 - Policy example
15:19 - RBAC, PIM and Access Reviews
20:50 - Blueprints
22:40 - Azure AD and identity
34:48 - Application identities, managed identity
38:50 - Azure Key Vault
43:58 - Monitoring
50:15 - Alerting
54:07 - Business continuity
54:50 - Resiliency in region
55:05 - Availability sets and zones
1:00:30 - Cross-region
1:03:33 - Regional and global balancers
1:06:30 - Backup and restore
1:13:03 - Design data solutions
1:14:54 - Storage account services
1:33:16 - Managed disks
1:40:40 - Storage account security
1:44:30 - SQL-based solutions
1:59:50 - Tables and CosmosDB
2:03:08 - Azure Data Factory
2:07:00 - Data lake
2:12:23 - Infrastructure and responsibilities
2:16:03 - Compute options
2:27:15 - Component communication with events and messages
2:33:55 - Azure API Management
2:35:00 - Networking core concepts
2:43:49 - Migration
2:49:50 - Well architected framework concepts
2:51:00 - Cost optimization
3:04:54 - Operational excellence
3:15:50 - Performance efficiency
3:24:08 - Reliability
3:29:19 - Security
3:35:30 - WAF closing thoughts
3:36:40 - Exam closing thoughts

▬▬▬▬▬▬  K E Y   L I N K S 🔗 ▬▬▬▬▬▬
► AZ-305 Cram Whiteboard:
🔗 https://github.com/johnthebrit/CertificationMaterials/raw/main/whiteboards/AZ-305-Whiteboard.png
► My Learn guided path:
🔗 https://learn.onboardtoazure.com
► AZ-305 Study Playlist:
🔗 https://youtube.com/playlist?list=PLlVtbbG169nHSnaP4ae33yQUI3zcmP5nP
► AZ-104 Study Playlist:
🔗 https://youtube.com/playlist?list=PLlVtbbG169nGlGPWs9xaLKT1KfwqREHbs
► AZ-305 Study Page:
🔗 https://docs.microsoft.com/learn/certifications/exams/az-305
► Blob pricing:
🔗 https://azure.microsoft.com/pricing/details/storage/blobs/
► Azure SQL comparison:
🔗 https://docs.microsoft.com/azure/azure-sql/database/service-tier-hyperscale-frequently-asked-questions-faq#general-questions
► Azure SQL feature comparison:
🔗 https://docs.microsoft.com/azure/azure-sql/database/features-comparison
► Azure Compute decision tree:
🔗 https://docs.microsoft.com/azure/architecture/guide/technology-choices/compute-decision-tree
► Message service comparison
🔗 https://docs.microsoft.com/azure/event-grid/compare-messaging-services
► WAF documentation
🔗 https://docs.microsoft.com/azure/architecture/framework/

▬▬▬▬▬▬  Want to learn more? 🚀  ▬▬▬▬▬▬ 
📖 Recommended Learning Path for Azure
🔗 https://learn.onboardtoazure.com
📅 Weekly Azure Update
🔗  https://youtube.com/playlist?list=PLlVtbbG169nEv7jSfOVmQGRp9wAoAM0Ks
☁ Azure Master Class
🔗  https://youtube.com/playlist?list=PLlVtbbG169nGccbp8VSpAozu3w9xSQJoY
⚙ DevOps Master Class
🔗  https://youtube.com/playlist?list=PLlVtbbG169nFr8RzQ4GIxUEznpNR53ERq
💻 PowerShell Master Class
🔗 https://youtube.com/playlist?list=PLlVtbbG169nFq_hR7FcMYg32xsSAObuq8
🎓 Certification Cram Videos
🔗  https://youtube.com/playlist?list=PLlVtbbG169nHz2qfLvPsAz9CnnXofhmcA
 ❔ Question about my setup?
🔗 https://youtube.com/playlist?list=PLlVtbbG169nHuSSHudxXDdn9Vz3T4-0mS

SUBSCRIBE  ✅  https://www.youtube.com/channel/UCpIn7ox7j7bH_OFj7tYouOQ?sub_confirmation=1

#microsoft #azure #johnsavillstechnicaltraining #onboardtoazure #cloud

Hey everyone, in this video I want to provide an AZ305 study cram.

I want to look at what is the path to actually get to the Azure Architect Solutions Expert Certification.

What to expect in the exam and then cover at a high level all of the different knowledge you will actually need.

Something you could watch just before taking it.

As always please like, subscribe, comment and share.

Huge amount of work especially this video goes in and hit that bell icon.

So that's really that final exam towards that architect

the new path to actually get there and to get the architect cert we need 2 exams.

So the AZ-305 is the second exam but what we do first is the

So that is kind of the infrastructure administration exam.

if I've done the Azure Administrator Associate, i.e.

AZ-104, and then I take AZ-305, I get that architect certification.

I already have a full playlist of prep for the AZ-104 and my assumption for this video is

There's a lot of videos in there, including my masterclass and browser.

So you take the AZ-104 admin, then you do additional study more around the architecture components for the AZ-305.

And this isn't particularly that much more complex.

It's not focused on how you do the things, it's focused on which components do I need to use.

Your starting point, as always, should really be the MS Learn.

So if you go to the AZ305 page, it kind of talks through that path that I just talked about.

I.e., hey look, take that Azure Administrator Associate cert then pass this 305.

It talks about the key areas, the skills measured, and then how to prepare.

Now I'm going to break this down based on its learning paths so you can kind of refresh.

Notice it finishes with the hey Microsoft Azure well architected framework.

There's no rocket science to that, it really just builds on some of the key components we think about with architecture.

But I will frame this study cram in the same way as those learned modules just to help out.

Again, it doesn't have the same content as the 104.

These are additional things that maybe go into more detail, maybe more architecture related, that go to the AZ-305.

Yes, Microsoft are changing the path to get to architect, but if you have it already, this does not apply to you.

If you have it already, you just go through that annual renewal.

If you've got your architect expert, you're done.

You're just gonna do that annual renewal.

just because I was trying to get an understanding of what is the exam like.

I did not need to take it because I already have the Architect Cert.

I took it just so I knew what to expect, so

I could help create this exam cram for all of you.

Now, out of those, I think I had 3 case studies.

Now, remember, a case study, typically it's, hey, the scenario, current state, and then requirements, business, technical, and that detail is going to vary, but I did find them quite clear.

It wasn't like the network certification when they were all intertwined, you were jumping about 50 different pages.

The questions for the case studies really refer to a particular page of the case study.

a quick browse through, look for key details, then read the question, and it's typically gonna direct you to a particular page of the case study materials.

Hey, app 1 has these technical requirements, how would you meet them?

So, oh okay, I need to go and look at app one's technical requirements.

In addition, there were just regular questions.

there's a list of components, which of these would solve that problem.

Maybe it's, hey you're using these components how many instances of that component would you need?

You need to know its limits, what its boundaries are, maybe it's subscription, maybe it's region, so you need to pay, how many do I need of these?

You did have the ones where it's a problem statement, so they give you, hey, we're trying to solve this, then you have to say, they give you a solution,

and you have to say, would this meet the requirement or not?

Once you answer, you can't go back, because they're gonna give you that same problem statement again, 2 or 3 times, with different answers, and you have to say, would this meet it?

So you'll see a newer 1 might say, oh no, that was wrong, so you cannot go back for those.

They're not in order, either they don't get better as they go through, it might be the yes, the correct answer was first, and they get worse.

So just look at the problem statement, look at, hey, the solution

of offering, think all the different scenarios through, does this meet it or not?

Multiple ones might meet it, maybe none of them meet it, but you can't go back, so just think about this.

Now I rushed through, because again, I didn't care, particularly about the exam,

but I did answer everything, and I thought it was a fairly simple exam.

There was nothing super complex about it.

In the end of the day, realise there's no trick questions in here.

An Azure as A solution is designed to be usable by the public.

So if ever you're stuck, try and eliminate the obviously wrong things

and then just think, what is the most logical way to solve this?

If I was gonna solve this, how would I architect it?

That's probably gonna be the right answer.

So generally there's a couple of answers you can just eliminate.

So you can eliminate probably a couple of obviously wrong things, and just go for the 1 you want.

some things at the end, but just take your time, relax, and yeah.

So let's get down to the review of the particular areas.

saw my 104 study cram, you know the board started to fail because the new Whiteboard app has scale limitations.

So I'm going to create a new board for each of the key sections, but I'll try and bring them all together at the end for 1 download.

So what we're thinking about here is the whole designing identity,

If I think about Azure management, there are really 4 key constructs we ever think about.

Now the first thing we have is Azure AD itself.

have a particular tenant that is the identity provider for the environment.

of management constructs, we have management groups.

So remember, there's always a root management group directly under the Azure AD tenant, but then I can have a hierarchy of these.

So I can have this whole hierarchy of management groups.

So we have the whole idea of management groups.

up to 6 levels deep, not including the route or the subscriptions.

And we can use those for various different things.

So at management groups, I can apply things like policy, i.e.

I can have things like role-based access control, who.

So I have those things, those constructs.

which is really that idea of a logical container in which I can, it's a unit of management.

Now I have those same options for the subscription as well.

For the subscription as well, hey, I can apply policy, role-based access control, and budget.

So if I was to put a policy, for example, at the root or some high level management group, it would get inherited down to

Within the subscription, I can create 1 or more resource groups, which again, I can apply policy, RBAC, budget, and I can have multiple resource groups in a subscription.

A resource group is not a boundary of communication.

I could have resources in here using resources in other resource groups.

So it's not a boundary of any kind of communication.

When I think about architecting these constructs, realize resource groups typically I'm gonna put things in together that have

They're gonna get created together, they're gonna get deleted together, they're gonna run together.

Typically I'm gonna give people the same sets of permissions to all the things in a resource group.

is a boundary for certain types of things.

A virtual network, for example, lives within a certain subscription.

I might have a core subscription for core services, like my ExpressRoute connections, my domain controllers.

so maybe I have to have multiple subscriptions because of some limit I'm hitting.

But I don't want to have too many subscriptions.

So as part of my design, I think about, okay, what's the right number based on the various requirements?

So if I can, hey, I'd rather use a resource group.

just where the metadata for that resource group is stored.

It does not impact the resources I can put in it.

So if I create a resource group in East US, I could put resources in West US inside that resource group.

So if I was trying to limit, hey, where can you create resources, putting a policy just on resource groups, so only resource groups can get created, wouldn't do anything.

I need to make sure, hey, I'm limiting all types of resource.

I could apply it to the resource group because it gets inherited down, but I wouldn't be targeting where can resource groups get created.

I'll be targeting where can resources get created.

So resource groups lives in a region, that's just its metadata.

Has no impact on what can actually be inside it.

A resource can be in 1 and only 1 resource group.

I can't nest resource groups, it is a flat structure.

So those are kind of the key constructs we think about.

to these, but really we think about policy is kind of what I can do, budget is who can do it, budget is really how much.

If we see questions like, hey, we need to control

We need to control only this type of something.

And then what level depends on, hey, what is the scope they're asking you to actually do those things for?

I can group policies into initiatives and then apply the initiative to 1 of these scopes.

Subscription, management group, resource group etc.

So resource tags, again, it's just metadata.

It can be really useful, for example, to track maybe certain aspects of my management structure.

It might be a creation date I put on things.

So if I create a tag at the resource group, it is not inherited by the resources inside it, But we can use policy to accomplish that.

So if we jump over for a quick second, if we go and actually look at policy, if I just search for policy, and again it's really doing 2 things.

So policy I can use to enforce, to actually control.

It's the guardrails to say what you can do.

But I can also use it for compliance checking.

I can go back and look, oh, okay, based on my initiatives, for example, how in line am I with all of these things?

And here, if I search for, let's say, tag, Notice I have options here, inherit a tag from the resource group, is an example here.

So what this would do is, hey, if I don't set tags on the individual resource, and that's a requirement, hey, I could use Azure Policy to copy it from the resource group onto the resources.

And then instead of assigning individual policies, I can create initiatives, and initiatives

can see there's a lot of policies in some of these.

That makes it easier to assign them and obviously it makes them easier as well to actually track that compliance of, because generally I care about multiple policies together are achieving some desired state.

When I think about the role-based access control,

so remember we have these different scopes, management groups, subscriptions, resource groups, policy can apply to any of those.

If I think role-based access control, This is about the idea of

Remember that's going to be living in my Azure AD.

Now again, those scopes could be kind of that management group, subscription, resource group.

It's very hard from a management perspective.

Now a role is really just a set of defined actions.

And what we do is we give an identity, a certain role at a certain scope.

When we think about these roles, they're really divided into the control plane, i.e.

But also now we start to see some of them have roles at the data plane.

So not going through the ARM API, actually maybe talking to blob storage or Q or maybe SQL.

So there's other types of roles available.

So if I quickly jump over to a storage account, it doesn't matter which 1.

If I look at access control, so if I look at the roles,

let's just expand these titles out so I can see them.

I might say, okay, storage account contributor.

So if we look at the storage account contributor role, notice there's Actions and Data Actions.

So Actions, there's all these different things it can do.

So this is not a role that would give me any access directly to the data itself using the role.

But if I go and look at a different type of role, where it's like full access to storage blob containers.

So this role is a storage blob data owner.

It still has some Azure Resource Manager actions, but now it also has data actions.

It can actually do read blob, write blob.

So this is how I could, using Azure AD, also get access to the underlying data stored in that resource.

And that's really what we want to try and get to as much as possible.

That's kind of a key direction for a lot of these different things.

So if I had certain role assigned maybe at

the management group, and then another role at the subscription, another role at the resource group, I get the sum of those permissions.

There is no deny assignment outside of something called a blueprint

Today they are the only places I can do an explicit deny.

So I start off with no permissions and then I get permissions added to me by the roles that are granted to me.

Now ordinarily those roles are just applied to us all of the time.

A good architecture practice is about just in time.

So a good way to do that is we actually think about privileged identity management.

So that is basically giving it to me just in time.

I can go and request, hey, I need this role.

Maybe I have to go for a strong authentication like MFA, then I get it for a duration of time.

So that's about getting something only when I need it.

Another big challenge is, well who has roles?

So another common thing you're gonna see is access reviews.

So access reviews, they're very flexible.

And that is actually part of the identity governance.

Again, it can be about who has certain roles, who is in certain groups,

See all John Savill's Technical Training transcripts on Youtube

AZ-305 Designing Microsoft Azure Infrastructure Solutions Study Cram - Over 100,000 views