Outline
Design Monitoring (10-15%) Design for cost optimization
recommend a solution for cost management and cost reporting (Microsoft Documentation: Choose between Azure Cost Management and Cloudyn) recommend solutions to minimize costs (Microsoft Documentation: Optimize costs from recommendations) Design a solution for logging and monitoring determine levels and storage locations for logs (Microsoft Documentation: Configure metrics alerts) plan for integration with monitoring tools including Azure Monitor and Azure Sentinel (Microsoft Documentation: Introducing Microsoft Azure Sentinel, intelligent security analytics for your entire enterprise) recommend appropriate monitoring tool(s) for a solution choose a mechanism for event routing and escalation recommend a logging solution for compliance requirements (Microsoft Documentation: Audit activity reports in the Azure Active Directory portal) Design Identity and Security (25-30%) Design authentication
recommend a solution for single-sign on (Microsoft Documentation: What is single sign-on) recommend a solution for authentication (Microsoft Documentation: Choose the right authentication method for your Azure Active Directory hybrid identity solution) recommend a solution for Conditional Access, including multi-factor authentication (Microsoft Documentation: Common Conditional Access policies) recommend a solution for network access authentication (Microsoft Documentation: Azure network security overview) recommend a solution for a hybrid identity including Azure AD Connect and Azure AD (Microsoft Documentation: Choose the right authentication method for your Azure Active Directory hybrid identity solution) recommend a solution for user self-service (Microsoft Documentation: self-service sign-up for Azure Active Directory) recommend and implement a solution for B2B integration Design authorization
choose an authorization approach (Microsoft Documentation: Authorization behavior) recommend a hierarchical structure that includes management groups, subscriptions, and resource groups (Microsoft Documentation: What are Azure management groups?) recommend an access management solution including RBAC policies, access reviews, role assignments, Privileged Identity Management (PIM), Azure AD (Microsoft Documentation: Grant user access to Azure resources using the Azure portal) Identity Protection, Just In Time (JIT) access (Microsoft Documentation: Identity Protection policies, Secure your management ports with just-in-time access) Design governance
recommend a strategy for tagging (Microsoft Documentation: Resource naming and tagging decision guide) recommend a solution for using Azure Policy (Microsoft Documentation: Enabling and managing a Azure Key Vault policy through the Azure portal) recommend a solution for using Azure Blueprint Design security for applications
recommend a solution that includes KeyVault (Microsoft Documentation: About keys, secrets, and certificates) recommend a solution that includes Azure AD Managed Identities (Microsoft Documentation: Use a Windows VM system-assigned managed identity to access Resource Manager) recommend a solution for integrating applications into Azure AD (Microsoft Documentation: Integrating Azure Active Directory with applications getting started guide) Design Data Storage (15-20%) Design a solution for databases
select an appropriate data platform based on requirements recommend database service tier sizing (Microsoft Documentation: Service tiers in the DTU-based purchase model) recommend a solution for database scalability (Microsoft Documentation: Dynamically scale database resources with minimal downtime) recommend a solution for encrypting data at rest, data in transmission, and data in use Design data integration Design data integration recommend a data flow to meet business requirements recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics (Microsoft Documentation: Copy and transform data in Azure Synapse Analytics) Select an appropriate storage account
choose between storage tiers (Microsoft Documentation: Azure Blob storage: hot, cool, and archive access tiers) recommend a storage access solution (Microsoft Documentation: Microsoft client tools for working with Azure Storage) recommend storage management tools Design Business Continuity (10-15%) Design a solution for backup and recovery
recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO) (Microsoft Documentation: Reduce disaster recovery time with Azure Site Recovery) design and Azure Site Recovery solution (Microsoft Documentation: Replication policy) recommend a solution for recovery in different regions (Microsoft Documentation: Plan capacity for Hyper-V VM disaster recovery) recommend a solution for Azure Backup management (Microsoft Documentation: About on-premises disaster recovery failover/failback) design a solution for data archiving and retention Design for high availability
recommend a solution for application and workload redundancy, including compute, database, and storage (Microsoft Documentation: Make all things redundant, Azure Storage redundancy) recommend a solution for autoscaling (Microsoft Documentation: Autoscaling) identify resources that require high availability identify storage types for high availability (Microsoft Documentation: Introduction to the core Azure Storage Queue, Azure Storage Queue, Azure Storage services) Design Infrastructure (25-30%) Design a compute solution
recommend a solution for compute provisioning (Microsoft Documentation: Choose an Azure compute service for your application) determine appropriate compute technologies, including virtual machines, Azure App Service, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers recommend a solution for containers recommend a solution for automating compute management Design a network solution
recommend a network architecture (hub and spoke, Virtual WAN) recommend a solution for network addressing and name resolution (Microsoft Documentation: Public IP addresses) recommend a solution for network provisioning recommend a solution for network security (Microsoft Documentation: What is Azure Private Endpoint) recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks (Microsoft Documentation: Connectivity services) recommend a solution for automating network management recommend a solution for load balancing and traffic routing (Microsoft Documentation: Traffic Manager routing methods, Load balance Windows virtual machines in Azure to create a highly available application with Azure PowerShell) Design an application architecture
recommend a microservices architecture including Azure event grid, Azure event hub, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks (Microsoft Documentation: Building serverless microservices in Azure – sample architecture, Building microservices on Azure) recommend an orchestration solution for the deployment of applications includingARM_template , Logic Apps, or Azure Functions (Microsoft Documentation: Azure Automation runbook types) recommend a solution for API integration Design migrations
assess and interpret on-premises servers, data, and applications for migration (Microsoft Documentation: Assess VMware VMs with Server Assessment, Migrate SQL Server to Azure SQL Database offline using DMS) recommend a solution for migrating applications and VMs recommend a solution for migration of databases (Microsoft Documentation: Migration of virtual machines) determine migration scope, including redundant, related, trivial, and outdated data recommend a solution for migrating data (Storage Migration Service, Azure Data Box, Azure File Sync-based migration to a hybrid file server)