Study Guide

Preparation Course for Exam AZ-300

Microsoft Azure Architect Technologies

Deploy and Configure Infrastructure (25-30%)

Analyze resource utilization and consumption

Configure diagnostic settings on resources; create baseline for resources; create and test alerts;
analyze alerts across subscription; analyze metrics across subscription; create action groups;
monitor for unused resources; monitor spend; report on spend; utilize Log Search query
functions; view alerts in Log Analytics
• Azure Monitor Overview
• Monitoring data collected by Azure Monitor
• Create, view, and manage metric alerts using Azure Monitor
• Collect and consume log data from your Azure resources
• Alerts with dynamic thresholds in Azure Monitor (Note: Public Preview but may be
covered)
• Create and manage action groups in the Azure Portal
• Log alerts in Azure Monitor
• Analyze Log Analytics data in Azure Monitor
• Alert Management solution in Azure Log Analytics

Create and configure storage accounts

Configure network access to the storage account; create and configure storage account;
generate shared access signature; install and use Azure Storage Explorer; manage access keys;
monitor activity log by using Log Analytics; implement Azure storage replication
• Configure Azure Storage Firewalls and Virtual Networks
• Create a storage account
• Using shared access signatures (SAS)
• Get started with Storage Explorer
• Azure Storage security guide
• Analyze Log Analytics data in Azure Monitor
• Replication

© All rights reserved

 Study Guide

Create and configure a VM for Windows and Linux

Configure high availability; configure monitoring, networking, storage, and virtual machine size;
deploy and configure scale sets
• Manage the availability of Windows virtual machines in Azure
• How to monitor virtual machines in Azure
• Frequently asked questions about Azure IaaS VM disks and managed and unmanaged
premium disks
• Command PowerShell commands for Azure Virtual Networks
• Resize a Windows VM
• Virtual Machine Scale Sets Documentation

Automate deployment of VMs

Modify Azure Resource Manager (ARM) template; configure location of new VMs; configure
VHD template; deploy from template; save a deployment as an ARM template; deploy
Windows and Linux VMs
• Update a resource in an Azure Resource Manager template
• Create a Windows VM from a specialized disk by using PowerShell
• Create a Windows virtual machines from a Resource Manager template
• Download the template for a VM
• Create a Windows virtual machine in the Azure portal
• Create a Linux virtual machine in the Azure portal

Create connectivity between virtual networks

Create and configure VNET peering; create and configure VNET to VNET; verify virtual
network connectivity; create virtual network gateway

• Create, change, or delete virtual network peering

• Tutorial: Connect virtual networks with virtual network peering using the Azure portal
• Virtual network peering

© All rights reserved

 Study Guide

• Troubleshoot connections with Azure Network Watcher using the Azure portal
• Create Site-to-Site connection in the Azure portal

Implement and manage virtual networking

Configure private and public IP addresses, network routes, network interface, subnets, and
virtual network

• Quickstart: Create a virtual network using the Azure portal

Manage Azure Active Directory (AD)

Add custom domains; configure Azure AD Identity Protection, Azure AD Join, and Enterprise
State Roaming; configure self-service password reset; implement conditional access policies;
manage multiple directories; perform an access review

• How to: Add your custom domain name using the Azure Active Directory portal
• Enabling Azure Active Directory Identity Protection
• Quickstart: Self-service password reset
• How to: Configure conditional access policies for access attempts from untrusted
networks
• Manage your Azure Active Directory tenant
• Azure AD access reviews

Implement and manage hybrid identities

Install and configure Azure AD Connect; configure federation and single sign-on; manage Azure
AD Connect; manage password sync and writeback

• Getting started with Azure AD Connect using express settings

• Deploying Active Directory Federation Services in Azure
• Azure Active Directory Seamless Single Sign-On
• Next steps and how to manage Azure AD Connect

© All rights reserved

 Study Guide

• Enable password hash synchronization

• How-to: Configure password writeback

© All rights reserved

 Study Guide

Implement Workloads and Security (20-25%)

Migrate servers to Azure

Migrate by using Azure Site Recovery (ASR); migrate using P2V; configure storage; create a
backup vault; prepare source and target environments; backup and restore data; deploy Azure
Site Recovery (ASR) agent; prepare virtual network

• Migrate on-premises machines to Azure

• Prepare Azure resources for disaster recovery on-premises machines
• Create a replication policy

Configure serverless computing

Manage a Logic App resource; manage Azure Function app settings; manage Event Grid; manage
Service Bus

• Create and route custom events with Azure portal and Event Grid
• Dead letter retry policies
• How to manage a function app in the Azure portal
• Monitor status, set up diagnostics logging, and turn on alerts for Azure Logic Apps
• Azure Service Bus metrics in Azure Monitor

Implement application load balancing

Configure application gateway and load balancing rules; implement front end IP configurations;
manage application load balancing

• Quickstart: Direct web traffic with Azure Application Gateway – Azure portal
• Manage web traffic with an application gateway using Azure PowerShell
• Create and configure an application gateway to host multiple web sites using the Azure
portal

© All rights reserved

 Study Guide

Integrate on premises network with Azure virtual network

Create and configure Azure VPN Gateway; create and configure site to site VPN; configure
Express Route; verify on premises connectivity; manage on-premise connectivity with Azure

• Create and modify an ExpressRoute circuit

• Tutorial: Connect virtual networks with virtual network peering using the Azure portal
• What is a VPN Gateway?
• Verify a VPN Gateway connection
• Configure a VNet-to-VNet VPN gateway connection using the Azure portal

Manage role-based access control (RBAC)

Create a custom role; configure access to Azure resources by assigning roles; configure
management access to Azure; troubleshoot RBAC; implement RBAC policies; assign RBAC
roles

• Manage access using RBAC and the Azure portal

• Troubleshoot RBAC in Azure

Implement Multi-Factor Authentication (MFA)

Enable MFA for an Azure tenant; configure user accounts for MFA; configure fraud alerts;
configure bypass options; configure trusted IPs; configure verification methods; manage role-
based access control (RBAC); implement RBAC policies; assign RBAC Roles; create a custom
role; configure access to Azure resources by assigning roles; configure management access to
Azure

• Fraud alert
• Deploy cloud-based Azure Multi-Factor Authentication
• Trusted IPs

© All rights reserved

 Study Guide

Create and Deploy Apps (5-10%)

Create web apps by using PaaS

Create an Azure App Service Web App; create documentation for the API; create an App
Service Web App for containers; create an App Service background task by using WebJobs;
enable diagnostics logging
• Create an ASP.NET Core web app in Azure
• Tutorial: Build a .NET Core and SQL Database app in Azure App Service
• Azure App Service, Virtual Machines, Service Fabric, and Cloud Services comparison
• Migrate an ASP.NET app to Azure App Service using a Windows container (Preview)
• Run Background tasks with WebJobs in Azure App Service
• Azure App Service diagnostics overview

Design and develop apps that run in containers

Configure diagnostic settings on resources; create a container image by using a Docker file;
create an Azure Container Service (ACS/AKS); publish an image to the Azure Container
Registry; implement an application that runs on an Azure Container Instance; manage container
settings by using code
• Monitor container resources in Azure Container Instances
• Container instance logging with Azure Log Analytics
• Retrieve container logs and events in Azure Container Instances
• Tutorial: Create a container image for deployment to Azure Container Instances
• Quickstart: Run a container application in Azure Container Instances in the Azure portal
• Tutorial: Deploy an Azure container registry and push a container image
• Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal
• Tutorial: Deploy a container application to Azure Container Instances
• Update containers in Azure Container Instances
• Container groups in Azure Container Instances

© All rights reserved

 Study Guide

Implement and Authenticate Secure Data (5-10%)

Implement authentication
Implement authentication by using certificates, forms-based authentication, tokens, or
Windows-integrated authentication; implement multi-factor authentication by using Azure AD;
implement OAuth2 authentication; implement Managed Service Identity (MSI) Service Principal
authentication
• What methods are available for authentication?
• Authentication and authorization in Azure App Service
• Windows Authentication and Azure Multi-Factor Authentication Server
• Advanced certificate signing options in the SAML token for gallery apps in Azure Active
Directory
• How it works: Azure Multi-Factor Authentication
• Understanding the OAuth2 implicit grant flow in Azure Active Directory (AD)
• What is managed identities for Azure resources?
• Use a Windows VM system-assigned managed identity to access Resource Manager
• Use a Linux VM system-assigned managed identity to access Azure Resource Manager

Implement secure data solutions

Encrypt and decrypt data at rest and in transit; encrypt data with Always Encrypted; implement
Azure Confidential Compute and SSL/TLS communications; create, read, update, and delete
keys, secrets, and certificates by using the KeyVault API
• Azure Data Encryption-at-Rest
• Always Encrypted: Protect sensitive data and store encryption keys in the Windows
certificate store
• Always Encrypted: Protect sensitive data and store encryption keys in Azure Key Vault
• Transparent data encryption or always encrypted?
• Azure confidential computing
• Azure Data Security and Encryption Best Practices
• What is Azure Key Vault?
• Azure Key Vault REST API reference

© All rights reserved

 Study Guide

• Azure Key Vault Developer's Guide

© All rights reserved

 Study Guide

Develop for the Cloud and for Azure Storage (20-25%)

Configure a message-based integration architecture

Configure an app or service to send emails, Event Grid, and the Azure Relay Service; create and
configure Notification Hub, Event Hub, and Service Bus; configure queries across multiple
products
• Tutorial: Route custom events to Azure Relay Hybrid Connections with Azure CLI and
Event Grid
• Azure Service Bus to Azure Event Grid integration examples
• Tutorial: Route custom events to Azure Relay Hybrid Connections with Azure CLI and
Event Grid
• Enterprise push architectural guidance
• Azure Messaging and event based architecture in the real world: Lessons learned rebuilding
Microsoft's Supply chain on Azure Serverless
• Choose between Azure messaging services - Event Grid, Event Hubs, and Service Bus
• Use the Microsoft Graph API

Develop for autoscaling

Implement autoscaling rules and patterns (schedule, operational/system metrics, code that
addresses singleton application instances); implement code that addresses transient state
• Overview of autoscale with Azure virtual machine scale sets
• Transient fault handling
• Design to scale out

© All rights reserved