What are the prerequisites for the AZ-305 exam?
To earn the Azure Solutions Architect Expert certification, you must pass both the AZ-104 (Microsoft Azure Administrator) and the AZ-305 exams. The AZ-104 is a formal prerequisite -- you must hold an active AZ-104 certification before taking AZ-305. Most candidates have 3-5 years of hands-on Azure experience before attempting the expert-level exam.
The Microsoft Certified: Azure Solutions Architect Expert is the most prestigious Azure certification outside of specialty credentials. Earning it requires passing the AZ-305 exam while holding an active AZ-104 certification. This expert-level credential signals that you can design comprehensive Azure solutions that balance technical requirements with business constraints -- security, reliability, cost, and operational excellence across complex, multi-service architectures.
Azure Solutions Architects work at the intersection of business strategy and technical implementation. They translate organizational requirements into architectural decisions: which Azure services to use, how to connect them, how to handle failure, and how to keep costs predictable. The exam tests this decision-making process directly, presenting complex scenarios and requiring you to select the optimal design approach rather than the technically correct one in isolation.
Microsoft data from 2024 shows that the Azure Solutions Architect Expert is among the top three most in-demand Azure certifications by employers posting Azure positions on LinkedIn and Indeed. The average advertised salary for roles specifically requesting this certification ranges from $145,000 to $185,000 in North America.
AZ-305 Exam Overview
The AZ-305 exam contains 40-60 questions with 170 minutes allowed (2 hours 50 minutes). The passing score is 700 out of 1000. Unlike the AZ-104, the AZ-305 contains no performance-based lab simulations -- all questions are case study, multiple choice, and scenario-based. The case studies are extensive, presenting a business scenario with multiple constraints across several pages, followed by a series of questions requiring you to justify architectural decisions.
| Domain | Approximate Weight |
|---|---|
| Design identity, governance, and monitoring solutions | 25-30% |
| Design data storage solutions | 20-25% |
| Design business continuity solutions | 15-20% |
| Design infrastructure solutions | 30-35% |
Objectives verified against Microsoft Learn as of 2024. Microsoft revises exam content regularly.
The case study format is the defining feature of the AZ-305. Each case study describes a fictitious organization with specific business requirements, existing infrastructure, compliance constraints, and budget limitations. Questions ask you to identify which architectural approach best meets all stated requirements -- not just one or two of them.
Domain 1: Design Identity, Governance, and Monitoring Solutions (25-30%)
Identity Architecture
At the expert level, identity design involves more than configuring users and groups. The exam tests architectural decisions around:
Hybrid identity scenarios where on-premises Active Directory must coexist with Microsoft Entra ID. Architects must choose between:
- Microsoft Entra Connect Sync: Synchronizes on-premises AD objects to Entra ID, supporting password hash synchronization, pass-through authentication, and federation with ADFS
- Microsoft Entra Cloud Sync: Lighter-weight agent-based sync designed for disconnected forests and simpler topologies
- Entra ID P2 features: Privileged Identity Management (PIM), Identity Protection, and access reviews
Privileged Identity Management (PIM) enables just-in-time privileged access to Azure and Microsoft 365 resources. Rather than permanently assigning privileged roles, PIM requires users to request and activate roles for specific time periods with optional approval workflows and MFA requirements.
"Permanent privileged role assignments are one of the highest-risk configurations in any Azure tenant. Every organization with PIM available should be converting standing access to just-in-time access. The residual risk from permanent Global Admin assignments is simply too high." -- Alex Weinert, Vice President of Identity Security at Microsoft, from the Microsoft Security Blog 2023
Governance Architecture
Landing zone architecture is a core AZ-305 topic. A landing zone is a pre-provisioned environment within Azure that includes networking, identity, management, and security configurations aligned to organizational policy. Microsoft's Cloud Adoption Framework defines landing zone archetypes for different organizational needs.
Management group hierarchies in enterprise scenarios typically follow this pattern:
- Root Management Group
- Platform (contains connectivity, identity, management subscriptions)
- Landing Zones (application teams)
- Corp (connected to hub network)
- Online (internet-facing, less stringent segmentation)
- Sandbox (experimentation, no connectivity to production)
- Decommissioned
Azure Policy at scale: Architects must design initiative assignments that enforce compliance without blocking legitimate workloads. The DeployIfNotExists policy effect automatically remediates non-compliant resources, which is appropriate for monitoring configurations but requires careful scoping to avoid unintended changes.
Monitoring Architecture
Azure Monitor at the architect level involves designing a centralized observability strategy. Key architectural decisions:
- Log Analytics workspace topology: Single centralized workspace versus per-region or per-environment workspaces, considering data sovereignty, cost, and operational simplicity
- Azure Monitor Agent deployment strategy for VMs (via Azure Policy DeployIfNotExists)
- Application Insights for application performance monitoring, distributed tracing, and availability testing
- Azure Sentinel (now Microsoft Sentinel) for security information and event management (SIEM) and security orchestration, automation, and response (SOAR)
Domain 2: Design Data Storage Solutions (20-25%)
Choosing the Right Database Service
The AZ-305 extensively tests the ability to select appropriate Azure database services for given workload requirements. This is one of the most nuanced skill areas on the exam.
| Scenario | Recommended Service | Rationale |
|---|---|---|
| Relational data, SQL Server compatibility | Azure SQL Database | Managed PaaS, automatic updates |
| Relational, SQL Server with OS-level access needed | SQL Server on Azure VMs | Full control, IaaS |
| Relational, PostgreSQL workload | Azure Database for PostgreSQL | Open-source managed |
| Global low-latency multi-region writes | Azure Cosmos DB | Multi-master, 99.999% SLA |
| IoT telemetry, time-series data | Azure Data Explorer | Optimized for time-series analytics |
| Analytics, large-scale data warehousing | Azure Synapse Analytics | Massively parallel processing |
| Cache layer for high-read workloads | Azure Cache for Redis | In-memory, sub-millisecond latency |
Azure Cosmos DB is a high-frequency exam topic at the architect level. Key design decisions include:
- Consistency levels: Strong, Bounded Staleness, Session, Consistent Prefix, Eventual -- each representing a tradeoff between consistency guarantees and performance/availability
- Partition key selection: The partition key determines data distribution and query efficiency; a poor partition key creates hot partitions and degrades performance
- Request Units (
RUs): Cosmos DB measures throughput in Request Units, a normalized measure of compute, memory, and I/O operations
Storage Architecture
Azure Data Lake Storage Gen2 (ADLS Gen2) combines Azure Blob Storage capabilities with a hierarchical namespace optimized for big data analytics workloads. It integrates natively with Azure Synapse Analytics, Azure Databricks, and Azure HDInsight.
Storage lifecycle management policies automatically transition blobs between access tiers or delete them based on age and access patterns, critical for cost optimization in large-scale storage architectures.
"Data architecture decisions made at design time are exponentially more expensive to change than compute architecture decisions. Choosing the wrong database service or storage strategy for a production workload at scale can lock an organization into years of technical debt." -- Arun Ulag, Corporate Vice President, Azure Data, Microsoft Ignite 2023
Domain 3: Design Business Continuity Solutions (15-20%)
Availability Targets
Architects must translate business availability requirements into Azure architectural patterns. The starting point is defining Recovery Time Objective (RTO) and Recovery Point Objective (RPO):
- RTO: Maximum acceptable time between a failure and service restoration
- RPO: Maximum acceptable data loss measured in time (how old can the most recent backup be)
Azure offers multiple approaches to achieving different availability targets:
| Availability Target | Architecture Approach |
|---|---|
| 99.9% (8.7 hrs/year downtime) | Single VM with premium SSD |
| 99.95% | Availability Set (2+ VMs) |
| 99.99% | Availability Zones (2+ zones) |
| 99.999% | Multi-region active-active |
Backup and Disaster Recovery Design
Azure Backup provides operational backup for VMs, databases, and file shares. The exam tests architects on:
- Cross-region backup restore for VMs (secondary region restore capability)
- Soft delete for Recovery Services vaults (protects against accidental or malicious deletion)
- Backup center as a centralized management interface for all backup workloads
Azure Site Recovery (ASR) provides disaster recovery by replicating VMs and workloads to a secondary Azure region. RPO can be as low as 15-30 seconds for VMs. Key architectural concepts:
- Replication policy configuration (replication frequency, recovery point retention)
- Recovery plan creation and testing (automated failover orchestration)
- Network mapping between source and target regions
- Re-protection after failover (reversing replication direction)
Azure Front Door enables globally distributed traffic management with automatic failover to healthy backends. Combined with Azure Traffic Manager (DNS-based routing) and Application Gateway (regional load balancing), architects can design multi-layer resilience patterns.
Domain 4: Design Infrastructure Solutions (30-35%)
Compute Architecture
This is the largest domain, reflecting the central role of compute decisions in overall solution architecture. Architects must navigate:
Choosing between IaaS and PaaS compute:
The decision matrix is not simply about cost or simplicity -- it involves compliance requirements (some regulations require OS-level access, pushing toward VMs), application dependencies (legacy apps with specific OS or driver requirements), and team capabilities (PaaS requires different skill sets than VM administration).
Azure Virtual Desktop (AVD) is a significant exam topic. Architects must design host pool configurations, session host sizing, profile management with FSLogix, and network topology for AVD deployments serving hundreds or thousands of users.
Azure Kubernetes Service (AKS) at the architect level involves:
- Node pool design (system pools versus user pools, spot node pools for batch workloads)
- Network plugin selection (Azure CNI versus kubenet)
- Cluster autoscaler configuration
- Integration with Azure Container Registry, Azure Monitor, and Entra ID
Network Architecture
Hub-and-spoke network topology is the foundation of most enterprise Azure network architectures. The hub VNet contains shared services (Azure Firewall, VPN/ExpressRoute gateway, DNS). Spoke VNets contain application workloads and connect to the hub via VNet peering.
Azure Virtual WAN (vWAN) simplifies large-scale hub-and-spoke deployments by providing a managed hub infrastructure with automated routing. It is preferred for organizations with many branch offices or Azure regions requiring interconnectivity.
Azure Private Endpoint and Private Link connect Azure PaaS services to VNets using private IP addresses, ensuring traffic never traverses the public internet. Designing private endpoint connectivity for storage accounts, databases, and other PaaS services is heavily tested.
ExpressRoute architectures: The exam tests scenarios requiring dedicated connectivity, including ExpressRoute Global Reach (connecting on-premises sites via Microsoft backbone), ExpressRoute FastPath (bypassing the gateway for high-throughput workloads), and dual-circuit designs for redundancy.
"The architects who design the most effective Azure solutions are not the ones who know the most Azure services. They are the ones who understand the tradeoffs -- what you sacrifice in one dimension when you optimize for another. That judgment only comes from building real systems." -- Mark Russinovich, CTO of Microsoft Azure, at Microsoft Ignite 2023
Migration Architecture
Azure Migrate is the hub for Azure migration projects. The exam covers:
- Assessment: Analyzing on-premises workloads for Azure readiness and cost estimation
- Replication: Moving VMs with Azure Migrate: Server Migration (agentless for VMware, agent-based for others)
- Database migration: Azure Database Migration Service for SQL Server, Oracle, and other database migrations
- The Five Rs of cloud migration: Rehost (lift and shift), Refactor (PaaS migration), Rearchitect (code changes), Rebuild, and Replace
Exam Preparation Strategy
Case Study Practice
The AZ-305's case study format is distinctive. Practice reading complex scenarios, extracting the key requirements and constraints, and mapping them to Azure architectural patterns. Microsoft Learn practice assessments and third-party case studies from Thomas Mitchell's "AZ-305 Real World Scenarios" are effective resources.
Understanding the "Why"
AZ-305 questions frequently present two architecturally sound approaches and ask which one better meets the stated requirements. The answer is almost always determined by a specific constraint in the scenario: a compliance requirement, a cost ceiling, an existing infrastructure dependency, or an operational team's skill set. Train yourself to identify and prioritize these constraints.
Recommended Resources
| Resource | Focus Area |
|---|---|
| Microsoft Learn AZ-305 path | All domains, official content |
| Azure Architecture Center | Reference architectures, design patterns |
| John Savill AZ-305 YouTube series | Deep scenario walkthroughs |
| Microsoft Well-Architected Framework | Design principles for all domains |
| A Cloud Guru AZ-305 course | Structured video with labs |
The Microsoft Azure Well-Architected Framework (WAF) is not just a study resource -- it is a frequently cited framework in exam questions. Understanding the five pillars (Reliability, Security, Cost Optimization, Operational Excellence, and Performance Efficiency) and how Azure services contribute to each pillar is essential.
Frequently Asked Questions
What are the prerequisites for the AZ-305 exam?
To earn the Azure Solutions Architect Expert certification, you must pass both the AZ-104 (Microsoft Azure Administrator) and the AZ-305 exams. The AZ-104 is a formal prerequisite -- you must hold an active AZ-104 certification before taking AZ-305. Most candidates have 3-5 years of hands-on Azure experience before attempting the expert-level exam.
How does AZ-305 differ from the retired AZ-303 and AZ-304 exams?
The AZ-305 replaced the two-exam AZ-303/AZ-304 path in November 2021. The current single-exam format covers similar content but places greater emphasis on design decision-making and case study analysis rather than implementation knowledge. Candidates who previously held the Azure Solutions Architect Expert certification via AZ-303/AZ-304 needed to pass AZ-305 by a specified deadline to maintain their credential.
Is there a recommended order for taking AZ-104 and AZ-305?
Yes. Always complete AZ-104 first. Beyond the formal prerequisite requirement, the AZ-104 builds the technical knowledge of Azure services that the AZ-305 assumes. Candidates who attempt AZ-305 without first developing the hands-on Azure skills validated by AZ-104 consistently report struggling with scenario interpretation.
References
- Microsoft. "Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions." Microsoft Learn, 2024.
- Microsoft. "Azure Solutions Architect Expert Certification." Microsoft Learn, 2024.
- Microsoft. "Azure Architecture Center." learn.microsoft.com/azure/architecture, 2024.
- Microsoft. "Microsoft Azure Well-Architected Framework." learn.microsoft.com/azure/architecture/framework, 2024.
- Microsoft. "Cloud Adoption Framework for Azure." learn.microsoft.com/azure/cloud-adoption-framework, 2024.
- Weinert, Alex. "Identity Security Fundamentals." Microsoft Security Blog, 2023.
- Savill, John. "AZ-305 Study Guide Series." John Savill's Technical Training, YouTube, 2024.