CtrlK

Search...

Trending this month -AWS CCP•CISSP•AZ-900•A+•TOGAF•AI-102•Sec+•AZ-104•CSA•ITIL 4

Quick Feedback

Azure Solutions Architect Expert Study Notes

Identity Architecture

Design identity and access management solutions

Domain Weight

Design identity, governance, and monitoring solutions: 25-30% of exam.

Authentication Methods

Method	Best For	Considerations
Cloud-only	New organizations	No on-premises dependency
Password Hash Sync	Hybrid, simplicity	Passwords synced to cloud
Pass-through Auth	Hybrid, on-prem validation	Requires agents on-prem
Federation (AD FS)	Complex requirements	Higher complexity, full control

Conditional Access

Signals

User, location, device, app, risk level

Decisions

Block, allow, require MFA, compliant device

Named Locations

Trusted IPs, countries for policies

Session Controls

Sign-in frequency, persistent browser

Privileged Identity Management (PIM)

Just-in-time privileged access to Azure resources
Time-bound access with start and end dates
Approval required for role activation
Audit history for compliance and review

Exam Focus Areas

PHS provides high availability (no on-prem dependency)
Use Conditional Access for Zero Trust architecture
PIM for all privileged roles (Entra and Azure)
Entitlement Management for external user lifecycle

Governance Architecture

Design governance and compliance solutions

Management Group Strategy

Organize subscriptions hierarchically (up to 6 levels)
Apply policies and RBAC at management group level
Segregate by environment, business unit, or geography
Root management group for organization-wide policies

Azure Policy Use Cases

Scenario	Policy Effect	Example
Restrict regions	Deny	Only allow East US, West US
Enforce tagging	Deny/Modify	Require cost center tag
Audit compliance	Audit	Check for encryption
Auto-configure	DeployIfNotExists	Enable diagnostics

Azure Blueprints

Artifacts

ARM templates, policies, RBAC, resource groups

Versioning

Track changes, update assignments

Locking

Prevent modification of deployed resources

Landing Zone Design

Use Azure Landing Zone accelerator for:

• Platform landing zones (shared services)

• Application landing zones (workloads)

• Subscription vending for self-service

Exam Focus Areas

Blueprints for repeatable environment deployment
Policy initiatives bundle related policies
Use resource locks for critical production resources
Microsoft Cloud Adoption Framework for governance design

Azure Solutions Architect Expert Study Notes

Identity Architecture

Design identity and access management solutions

Domain Weight

Design identity, governance, and monitoring solutions: 25-30% of exam.

Authentication Methods

Method	Best For	Considerations
Cloud-only	New organizations	No on-premises dependency
Password Hash Sync	Hybrid, simplicity	Passwords synced to cloud
Pass-through Auth	Hybrid, on-prem validation	Requires agents on-prem
Federation (AD FS)	Complex requirements	Higher complexity, full control

Conditional Access

Signals

User, location, device, app, risk level

Decisions

Block, allow, require MFA, compliant device

Named Locations

Trusted IPs, countries for policies

Session Controls

Sign-in frequency, persistent browser

Privileged Identity Management (PIM)

Just-in-time privileged access to Azure resources
Time-bound access with start and end dates
Approval required for role activation
Audit history for compliance and review

Exam Focus Areas

PHS provides high availability (no on-prem dependency)
Use Conditional Access for Zero Trust architecture
PIM for all privileged roles (Entra and Azure)
Entitlement Management for external user lifecycle

Governance Architecture

Design governance and compliance solutions

Management Group Strategy

Organize subscriptions hierarchically (up to 6 levels)
Apply policies and RBAC at management group level
Segregate by environment, business unit, or geography
Root management group for organization-wide policies

Azure Policy Use Cases

Scenario	Policy Effect	Example
Restrict regions	Deny	Only allow East US, West US
Enforce tagging	Deny/Modify	Require cost center tag
Audit compliance	Audit	Check for encryption
Auto-configure	DeployIfNotExists	Enable diagnostics

Azure Blueprints

Artifacts

ARM templates, policies, RBAC, resource groups

Versioning

Track changes, update assignments

Locking

Prevent modification of deployed resources

Landing Zone Design

Use Azure Landing Zone accelerator for:

• Platform landing zones (shared services)

• Application landing zones (workloads)

• Subscription vending for self-service

Exam Focus Areas

Blueprints for repeatable environment deployment
Policy initiatives bundle related policies
Use resource locks for critical production resources
Microsoft Cloud Adoption Framework for governance design