How hard is the AZ-305 exam compared to AZ-104?
The AZ-305 is significantly harder than AZ-104 because it tests design decisions and trade-offs rather than implementation procedures. You must justify architectural choices based on requirements like cost, scalability, security, and resiliency. Most candidates need 3-6 months of preparation and real-world Azure architecture experience before attempting AZ-305.
The AZ-305 Designing Microsoft Azure Infrastructure Solutions exam is one of Microsoft's most challenging certifications and the gateway to the prestigious Microsoft Certified: Azure Solutions Architect Expert credential. Unlike the AZ-104 Administrator exam, which tests how to perform Azure tasks, AZ-305 tests your ability to design solutions that meet specific business and technical requirements.
The Solutions Architect Expert is one of the most valued certifications in enterprise IT, recognized by organizations worldwide as a mark of deep Azure expertise. Professionals holding this certification in the United States earn median salaries of $130,000-$175,000 according to multiple 2024 salary surveys. The exam costs $165 USD, and candidates must already hold the AZ-104 certification to pursue the full Architect Expert credential.
This study guide covers all four domains of the AZ-305 exam objectives, explains the design principles and trade-offs you must understand, and provides a structured preparation approach.
Exam Overview and Structure
| Detail | Information |
|---|---|
| Exam Code | AZ-305 |
| Full Name | Designing Microsoft Azure Infrastructure Solutions |
| Number of Questions | 40-60 |
| Time Limit | 120 minutes |
| Passing Score | 700/1000 |
| Cost | $165 USD |
| Prerequisites | AZ-104 required for Expert credential |
| Expert Credential | Microsoft Certified: Azure Solutions Architect Expert |
| Renewal | Every 12 months via free online assessment |
The exam covers four domains:
- Design identity, governance, and monitoring solutions (25-30%)
- Design data storage solutions (20-25%)
- Design business continuity solutions (15-20%)
- Design infrastructure solutions (30-35%)
"AZ-305 is about judgment, not procedures. The questions give you a scenario and ask what you should do. There is almost always more than one technically valid answer -- the skill is identifying which answer best satisfies all the stated requirements simultaneously." -- Skylines Academy, Microsoft Learning Partner
Domain 1: Identity, Governance, and Monitoring (25-30%)
Designing Identity Solutions
Architecture decisions for identity center on choosing between and combining multiple identity services:
Microsoft Entra ID (Azure AD) serves as the primary cloud identity platform. Architects must design:
- Authentication methods: Password hash synchronization (most common), pass-through authentication, or federation with AD FS. Each has different security, availability, and compliance trade-offs.
- Hybrid identity: Azure AD Connect synchronizes on-premises Active Directory to Entra ID. Architects must choose the sync method that balances security and operational complexity.
- Conditional Access policies: Risk-based access controls that enforce MFA, device compliance, or location restrictions based on evaluated signal combinations.
- Privileged Identity Management (PIM): Just-in-time privileged access for Azure roles, reducing the standing attack surface.
Designing Governance Solutions
Enterprise-scale governance requires layered controls:
- Management group hierarchy: Organizing subscriptions into management groups aligned with business units, environments (production/development), or regulatory requirements
- Azure Policy: Designing initiative assignments that enforce naming conventions, allowed regions, required tags, and security configurations
- Cost management: Tagging strategies, budget alerts, Azure Cost Management dashboards, and reserved instance purchasing to optimize spend
- Azure Blueprints: Packaging policies, role assignments, and resource templates into repeatable governance artifacts (note: Blueprints are being superseded by Azure Deployment Environments)
Designing Monitoring Solutions
| Monitoring Need | Azure Service | Key Consideration |
|---|---|---|
| Infrastructure metrics | Azure Monitor Metrics | Real-time, 90-day retention |
| Application performance | Application Insights | SDK instrumentation or auto-instrumentation |
| Security events | Microsoft Sentinel | SIEM/SOAR, custom analytics rules |
| Log aggregation | Log Analytics Workspace | Data retention costs increase with volume |
| Audit trail | Azure Activity Log | 90-day default; archive to storage for compliance |
Domain 2: Design Data Storage Solutions (20-25%)
Choosing the Right Storage Service
This domain tests your ability to select appropriate storage services based on requirements. The key decision framework:
Relational data requirements: If the workload needs ACID transactions, complex queries with joins, and a familiar SQL interface, the answer is Azure SQL Database (fully managed PaaS), Azure SQL Managed Instance (near-full SQL Server compatibility), or SQL Server on VMs (maximum control at the cost of management overhead).
Unstructured and semi-structured data: Azure Blob Storage for objects, Azure Data Lake Storage Gen2 for big data analytics with hierarchical namespace, Azure Cosmos DB for globally distributed NoSQL with multiple consistency levels.
Caching: Azure Cache for Redis for session state, leaderboards, and frequently accessed data that reduces database load.
"The most common mistake in AZ-305 data storage questions is selecting a service based solely on functional fit. Architects must also consider replication requirements, consistency requirements, latency requirements, and cost. A candidate who answers 'use Cosmos DB' without justifying why its consistency model fits the stated requirements will often select incorrectly." -- Thomas Maurer, Microsoft Cloud Advocate
Data Replication and Redundancy
Azure Storage offers multiple replication options with significant cost differences:
| Replication Option | Description | Use Case |
|---|---|---|
| LRS (Locally Redundant) | 3 copies in one datacenter | Dev/test; lowest cost |
| ZRS (Zone Redundant) | 3 copies across 3 availability zones | High availability in a region |
| GRS (Geo-Redundant) | 6 copies; 3 in primary, 3 in secondary region | Disaster recovery |
| GZRS (Geo-Zone Redundant) | ZRS in primary + LRS in secondary | Maximum durability |
| RA-GRS / RA-GZRS | GRS/GZRS + read access to secondary | Read availability during primary outage |
Domain 3: Design Business Continuity Solutions (15-20%)
Recovery Objectives
Two critical metrics drive business continuity design:
- RTO (Recovery Time Objective): How quickly must systems be back online after a failure? Lower RTO requires more expensive active-active or warm standby architectures.
- RPO (Recovery Point Objective): How much data loss is acceptable? Lower RPO requires more frequent replication or synchronous replication.
Backup and Restore
Azure Backup provides native backup for VMs, SQL databases, SAP HANA, Azure Files, and on-premises workloads. Design considerations include:
- Backup frequency and retention policies aligned with RPO requirements
- Cross-region restore capability for disaster recovery
- Soft delete protection to guard against ransomware and accidental deletion
- Azure Backup Center for centralized management across vaults
High Availability Patterns
- Availability Zones: Physically separate datacenters within an Azure region. Deploying VMs across availability zones provides 99.99% SLA. Requires zone-redundant load balancers and storage.
- Availability Sets: Legacy high availability for VMs within a single datacenter, using fault domains and update domains to prevent simultaneous hardware failures.
- Azure Site Recovery: Orchestrated VM replication for disaster recovery. Supports Azure-to-Azure, on-premises-to-Azure, and Azure-to-on-premises scenarios.
- Multi-region active-active: The highest availability pattern, distributing load across multiple Azure regions with Azure Front Door or Traffic Manager routing traffic based on latency or health.
Domain 4: Design Infrastructure Solutions (30-35%)
Compute Solution Design
The compute domain requires architects to evaluate trade-offs across service tiers:
Virtual Machines provide maximum control but require the most management. Appropriate for workloads requiring specific OS configurations, legacy applications, or specialized hardware (GPU, high-memory).
Azure Kubernetes Service (AKS) is appropriate for microservices architectures, containerized applications requiring orchestration, and development teams practicing DevOps workflows. Architects must design node pool configurations, networking (kubenet vs. Azure CNI), and cluster autoscaling.
Azure Functions and Logic Apps are appropriate for event-driven, stateless workloads with variable load. Architects choose between consumption (pay-per-execution) and premium plans based on latency, VNet integration, and sustained load requirements.
Network Architecture Design
Network design scenarios constitute a major portion of Domain 4. Key patterns:
- Hub-and-spoke topology: A central hub VNet contains shared services (firewall, DNS, VPN/ExpressRoute gateway). Spoke VNets connect to the hub via VNet peering and route traffic through the hub. This enforces centralized security policy.
- Azure Firewall vs. Network Virtual Appliance (NVA): Azure Firewall is a managed, cloud-native firewall. NVAs (third-party appliances from Palo Alto, Fortinet, etc.) provide advanced features at higher management cost.
- Private endpoints vs. service endpoints: Private endpoints assign a private IP to a PaaS service, making it accessible within the VNet without public internet exposure. Service endpoints provide optimized routing to PaaS services but do not eliminate the public endpoint.
Migration Design
The Azure Migrate service provides assessment and migration tools for:
- Server migration (VMs from on-premises or other clouds)
- Database migration (Azure Database Migration Service)
- Web application migration
- Virtual desktop infrastructure migration
Architects select between lift-and-shift (fastest, lowest initial cost, misses cloud optimization), re-platforming (modernizing specific components like databases to managed services), and re-architecting (maximum cloud benefit, highest effort and risk).
Study Strategy for AZ-305
Unlike AZ-104, AZ-305 rewards architectural thinking over memorization. Effective preparation:
- Study real-world architecture patterns: The Azure Architecture Center (learn.microsoft.com/azure/architecture) contains hundreds of reference architectures. Study them to understand why design decisions were made.
- Practice with scenario questions: AZ-305 questions describe business requirements and ask which architecture best satisfies them. Practice interpreting requirements and eliminating wrong answers.
- Take AZ-104 first: Hands-on Azure experience from AZ-104 preparation makes AZ-305 architecture decisions more intuitive.
- Use John Savill's AZ-305 study material: His architecture-focused YouTube playlist is consistently ranked as the best free resource.
- Read Azure CAF: The Cloud Adoption Framework describes enterprise patterns for identity, governance, networking, and operations at scale.
Frequently Asked Questions
Do I need AZ-104 before taking AZ-305? AZ-104 is not a formal prerequisite for taking the AZ-305 exam, but it is required to earn the Microsoft Certified: Azure Solutions Architect Expert credential. More importantly, the hands-on experience gained preparing for AZ-104 is essential for understanding the design trade-offs tested in AZ-305. Most successful AZ-305 candidates have at least one year of Azure administration experience.
What resources are best for AZ-305 preparation? The most recommended resources are: Microsoft Learn's official AZ-305 learning paths (free), John Savill's AZ-305 study series on YouTube (free), the Azure Architecture Center for reference architectures (free), and the Microsoft Azure Solutions Architect Expert study guide by Barry Luijbregts. Practice exams from Whizlabs or MeasureUp are also valuable for familiarizing yourself with scenario question formats.
How is AZ-305 scored and what is the passing score? AZ-305 requires a score of 700 out of 1000 to pass. The exam uses scaled scoring, meaning questions are weighted differently based on difficulty. There is no penalty for guessing, so you should answer every question. Case study scenarios contain multiple questions that share a common scenario document; read the scenario carefully before answering.
References
- Microsoft. (2025). Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions. https://learn.microsoft.com/en-us/credentials/certifications/exams/az-305/
- Microsoft. (2025). Azure Architecture Center. https://learn.microsoft.com/en-us/azure/architecture/
- Microsoft. (2025). Cloud Adoption Framework for Azure. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/
- Luijbregts, B. (2024). Microsoft Azure Solutions Architect Expert: Exam Guide AZ-305. Packt Publishing.
- Skylines Academy. (2025). AZ-305 Course. https://www.skylinesacademy.com/az-305-azure-expert
- Global Knowledge. (2025). IT Skills and Salary Survey. https://www.globalknowledge.com/us-en/resources/resource-library/articles/it-skills-and-salary-report/