Please enable JavaScript.
Coggle requires JavaScript to display documents.
Microsoft Role Based Certifications Microsoft Role-based Certifications…
Microsoft Role-based Certifications
Microsoft Certified
Azure DevOps Engineer
Microsoft 365 Certified Enterprise Administrator
Microsoft 365 Certified Modern Desktop Administrator
Microsoft Certified
Azure Solutions Architect
Explore this certification
Exam AZ-300
Microsoft Azure Architect Technologies
Schedule Exam
Deploy and Configure Infrastructure
(25-30%)
Analyze resource utilization and consumption
May include but not limited to:
Configure diagnostic settings on resources
Create baseline for resources
Create and rest alerts
Analyze alerts across subscription
Analyze metrics across subscription
Create action groups
Monitor for unused resources
Monitor spend; report on spend
Utilize Log Search query functions
View alerts in Log Analytics
Create and configure storage accounts
May include but not limited to:
Configure network access to the storage account
Create and configure storage account
Generate shared access signature
Install and use Azure Storage Explorer
Manage access keys
Monitor activity log by using Log Analytics
Implement Azure storage replication
Create and configure a Virtual Machine (VM) for Windows and Linux
May include but not limited to:
Configure high availability
configure monitoring, networking, storage, and virtual machine size
deploy and configure scale sets
Automate deployment of Virtual Machines (VMs)
May include but not limited to:
Modify Azure Resource Manager (ARM) template
Configure location of new VMs
Configure VHD template
Deploy from template
Save a deployment as an ARM template
Deploy Windows and Linux VMs
Create connectivity between virtual networks
May include but not limited to:
Create and configure VNET peering
create and configure VNET to VNET
verify virtual network connectivity
create virtual network gateway
Implement and manage virtual networking
May include but not limited to:
Configure private and public IP addresses, network routes, network interface, subnets, and virtual network
Manage Azure Active Directory (AD)
May include but not limited to:
Add custom domains
Configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming
Configure self-service password reset
Implement conditional access policies
Manage multiple directories
Perform an access review
Implement and manage hybrid identities
May include but not limited to:
Azure AD Connect
Configure federation and single sign-on
Manage Azure AD Connect
Manage password sync and writeback
Implement Workloads and Security
(20-25%)
Migrate servers to Azure
May include but not limited to:
Migrate by using Azure Site Recovery (ASR);
Migrate using P2V;
Configure storage;
Create a backup vault;
Prepare source and target environments;
Backup and restore data;
Deploy Azure Site Recovery (ASR) agent;
Prepare virtual network
Configure serverless computing
May include but not limited to:
Create and manage objects;
Manage a Logic App resource;
Manage Azure Function app settings;
Manage Event Grid;
Manage Service Bus
Implement application load balancing
May include but not limited to:
Configure application gateway and load balancing rules;
Implement front end IP configurations;
Manage application load balancing
Integrate on premises network with Azure virtual network
May include but not limited to:
Create and configure Azure VPN Gateway
Create and configure site to site VPN; configure Express Route; verify on premises connectivity; manage on-premise connectivity with Azure
Manage role-based access control (RBAC)
May include but not limited to:
Create a custom role;
Configure access to Azure resources by assigning roles;
Configure management access to Azure
Troubleshoot RBAC;
Implement RBAC policies;
Assign RBAC roles
Implement Multi-Factor Authentication (MFA)
May include but not limited to:
Enable MFA for an Azure tenant;
Configure user accounts for MFA;
Configure fraud alerts;
Configure bypass options;
Configure trusted IPs
Configure verification methods;
Manage role-based access control (RBAC);
Implement RBAC policies
Assign RBAC Roles;
Create a custom role;
Configure access to Azure resources by assigning roles;
Configure management access to Azure
Create and Deploy Apps
(5-10%)
Create web apps by using PaaS
May include but not limited to:
Create an Azure App Service Web App;
Create documentation for the API;
Create an App Service Web App for containers;
Create an App Service background task by using Web Jobs;
Enable diagnostics logging
Design and develop apps that run in containers
May include but not limited to:
Configure diagnostic settings on resources;
Create a container image by using a Docker file;
Create an Azure Container Service (ACS/AKS);
Publish an image to the Azure Container Registry;
Implement an application that runs on an Azure Container Instance;
Manage container settings by using code
Implement Authentication and Secure Data
(5-10%)
Implement Authentication
May include but not limited to:
Implement authentication by using certificates, forms-based authentication, tokens, or Windows-integrated authentication;
Implement multi-factor authentication by using Azure AD;
Implement OAuth2 authentication;
Implement Managed Service Identity (MSI) Service Principal authentication
Implement secure data solutions
May include but not limited to:
Encrypt and decrypt data at rest and in transit;
Encrypt data with Always Encrypted;
Implement Azure Confidential Compute and SSL/TLS communications;
Create, read, update, and delete keys, secrets, and certificates by using the KeyVault API
Develop for the Cloud
(20-25%)
Configure a message-based integration architecture
May include but not limited to:
Configure an app or service to send emails, Event Grid, and the Azure Relay Service;
Create and configure Notification Hub, Event Hub, and Service Bus;
Configure queries across multiple products
Develop for autoscaling
May include but not limited to:
Implement auto-scaling rules and patterns (schedule, operational/system metrics, code that addresses singleton application instances);
Implement code that addresses transient state
Exam AZ-301
Microsoft Azure Architect Design
Schedule Exam
Determine Workload Requirements
(10-15%)
Gather Information and Requirements
May include but not limited to:
Identify compliance requirements, identity and access management infrastructure, and service-oriented architectures (e.g., integration patterns, service design, service discoverability);
Identify accessibility (e.g. Web Content Accessibility Guidelines), availability (e.g. Service Level Agreement), capacity planning and scalability, deploy-ability (e.g., repositories, failback, slot-based deployment), configurability, governance, maintainability (e.g. logging, debugging, troubleshooting, recovery, training), security (e.g. authentication, authorization, attacks), and sizing (e.g. support costs, optimization) requirements; recommend changes during project execution (ongoing); evaluate products and services to align with solution; create testing scenarios
Optimize Consumption Strategy
May include but not limited to:
Optimize app service, compute, identity, network, and storage costs
Optimize Consumption Strategy
May include but not limited to:
Define logical groupings (tags) for resources to be monitored
Determine levels and storage locations for logs
Plan for integration with monitoring tools;
Recommend appropriate monitoring tool(s) for a solution
Specify mechanism for event routing and escalation; design auditing for compliance requirements
Design auditing policies and traceability requirements
Design for Identity and Security
(20-25%)
Design Identity Management
May include but not limited to:
Choose an identity management approach;
Design an identity delegation strategy, identity repository (including directory, application, systems, etc.)
Design self-service identity management and user and persona provisioning
Define personas and roles
Recommend appropriate access control strategy (e.g., attribute-based, discretionary access, history-based, identity-based, mandatory, organization-based, role-based, rule-based, responsibility-based)
Design Authentication
May include but not limited to:
Choose an authentication approach
Design a single-sign on approach
Design for IPSec, logon, multi-factor, network access, and remote authentication
Design Authorization
May include but not limited to:
Choose an authorization approach
Define access permissions and privileges
Design secure delegated access (e.g., oAuth, OpenID, etc.)
Recommend when and how to use API Keys
Design for Risk Prevention for Identity
May include but not limited to:
Design a risk assessment strategy (e.g., access reviews, RBAC policies, physical access); evaluate agreements involving services or products from vendors and contractors
Update solution design to address and mitigate changes to existing security policies, standards, guidelines and procedures
Design a Monitoring Strategy for Identity and Security
May include but not limited to:
Design for alert notifications; design an alert and metrics strategy
Recommend authentication monitors
Design a Data Platform Solution
(15-20%)
Design a Data Management Strategy
May include but not limited to:
Design for alert notifications; design an alert and metrics strategy
Recommend authentication monitors
Design a Data Protection Strategy
Design a Monitoring Strategy for the Data Platform
May include but not limited to:
Design for alert notifications;
Design an alert and metrics strategy
Design a Business Continuity Strategy
(15-20%)
Design for Deployment, Migration, and Integration
(10-15%)
Design an Infrastructure Strategy (15-20%)
Exam AZ-302
Microsoft Azure Solutions Architect Certification Transition
Schedule Exam
Microsoft Certified
Azure Administrator
Microsoft Certified
Azure Developer
Browse Certifications
Open Pakistan Education Network (OPEN)
open.com.pk
