# 2-Week Azure Solutions Architect Study Plan ## Your Situation - **Interview in:** 2 weeks (April 24 → May 8, 2026) - **Background:** Used Azure casually for projects - **Target roles:** Solutions Architect, DevOps Architect, Security Architect, Cloud Modernization Architect - **Primary cert:** AZ-305 --- ## Daily Schedule Template | Block | Time | Activity | |---|---|---| | Morning | 2 hours | Deep learning (read + understand) | | Afternoon | 2 hours | Hands-on labs (do it yourself) | | Evening | 1 hour | Review + interview practice | **Total: 5 hours/day × 14 days = 70 hours** --- # WEEK 1: FOUNDATIONS & CORE SERVICES --- ## Day 1 (Fri Apr 25): Identity, Governance & Monitoring ### Morning (2h) — Read & Understand - [ ] Read `roles/04-azure-solutions-architect.md` — Identity & Access section - [ ] Read `part6-identity-access.md` — Entra ID, RBAC, Key Vault, PIM - [ ] Understand these deeply: - Conditional Access policies (what, why, order of implementation) - PIM (eligible vs active, why no permanent admin) - Managed Identity (system-assigned vs user-assigned, DefaultAzureCredential) - Key Vault (RBAC vs access policy, Private Endpoint, purge protection) ### Afternoon (2h) — Hands-On Labs - [ ] Lab 9: Configure Key Vault + Managed Identity - [ ] Lab 35: Set up Log Analytics + KQL queries - [ ] Lab 10: Set up Azure Monitor & Alerts - [ ] Enable PIM on your subscription (make yourself eligible, not permanent) - [ ] Create a Conditional Access policy (report-only mode) ### Evening (1h) — Review & Practice - [ ] Review: 10 gotchas from identity section - [ ] Practice answering these out loud: 1. "How do you implement least privilege in Azure?" 2. "Explain Conditional Access and how you'd roll it out" 3. "What is PIM and why is it critical?" 4. "How do you manage secrets across 50 microservices?" --- ## Day 2 (Sat Apr 26): Networking Core ### Morning (2h) — Read & Understand - [ ] Read `part2-networking.md` — ALL sections - [ ] Read `roles/10-azure-network-engineer.md` - [ ] Master these concepts: - VNet, subnets, IP addressing - VNet peering (NOT transitive!) - NSGs (evaluation order, Service Tags, ASGs) - UDRs (forced tunneling through Firewall) - Private Endpoints vs Service Endpoints - DNS (Public, Private, split-brain) ### Afternoon (2h) — Hands-On Labs - [ ] Lab 1: Create VNet with 3 subnets - [ ] Lab 4: Configure NSGs for 3-tier app - [ ] Lab 8: Implement VNet Peering - [ ] Lab 12: Implement Private Endpoint for Storage - [ ] Lab 14: Implement User-Defined Routes ### Evening (1h) — Review & Practice - [ ] Review: 10 networking gotchas - [ ] Practice answering: 1. "Is VNet peering transitive?" 2. "Private Endpoint vs Service Endpoint?" 3. "How do you force all traffic through Azure Firewall?" 4. "Design a hub-spoke network for a 3-workload organization" 5. "NSG on both subnet and NIC — evaluation order?" --- ## Day 3 (Sun Apr 27): Advanced Networking & Load Balancing ### Morning (2h) — Read & Understand - [ ] Read `part2-networking.md` — Load Balancer, App Gateway, Front Door, VPN, ExpressRoute, Firewall - [ ] Master these decisions: - LB vs App Gateway vs Front Door vs Traffic Manager (decision matrix) - VPN Gateway vs ExpressRoute (when to use which) - Azure Firewall Standard vs Premium - WAF on App Gateway vs Front Door - DDoS Protection ### Afternoon (2h) — Hands-On Labs - [ ] Lab 13: Deploy Application Gateway with WAF - [ ] Lab 16: Build Hub-Spoke with Azure Firewall - [ ] Lab 19: Configure Azure Front Door - [ ] Lab 29: Configure Azure Firewall Premium ### Evening (1h) — Review & Practice - [ ] Review: Load balancing decision matrix (write it from memory) - [ ] Practice answering: 1. "When to use Front Door vs App Gateway?" 2. "VPN Gateway vs ExpressRoute?" 3. "Azure Firewall Standard vs Premium?" 4. "Design hybrid connectivity with redundancy" 5. "How do you implement zero-trust networking?" --- ## Day 4 (Mon Apr 28): Compute Services ### Morning (2h) — Read & Understand - [ ] Read `part1-compute.md` — ALL sections - [ ] Master these decisions: - VMs vs App Service vs AKS vs Container Apps vs Functions - Availability Set vs Availability Zone - VM sizing and families - App Service tiers and deployment slots - AKS networking (Kubenet vs CNI vs Overlay) - Functions hosting plans - Container Apps vs AKS vs App Service ### Afternoon (2h) — Hands-On Labs - [ ] Lab 2: Deploy Windows VM - [ ] Lab 7: Set Up App Service with deployment slots - [ ] Lab 17: Deploy AKS with Azure CNI - [ ] Lab 21: Deploy Functions with Service Bus trigger ### Evening (1h) — Review & Practice - [ ] Review: Compute decision matrix (write from memory) - [ ] Practice answering: 1. "App Service vs AKS vs Container Apps?" 2. "Availability Set vs Availability Zone?" 3. "How do deployment slots work?" 4. "Kubenet vs Azure CNI?" 5. "When to use serverless (Functions) vs containers?" --- ## Day 5 (Tue Apr 29): Storage & Databases ### Morning (2h) — Read & Understand - [ ] Read `part3-storage.md` — Blob, Files, Managed Disks, ADLS Gen2 - [ ] Read `part4-databases.md` — SQL, SQL MI, PostgreSQL, Cosmos DB, Redis, Synapse - [ ] Master these: - Blob Storage: tiers, redundancy, lifecycle, SAS vs RBAC - Cosmos DB: consistency levels, partition key, RU/s, APIs - Azure SQL: tiers, geo-replication, failover groups - Redis: tiers, use cases - Synapse: dedicated vs serverless SQL ### Afternoon (2h) — Hands-On Labs - [ ] Lab 5: Create Storage Account + lifecycle policy - [ ] Lab 6: Deploy Azure SQL Database - [ ] Lab 20: Implement SQL Geo-Replication & Failover Group - [ ] Lab 23: Deploy Cosmos DB with multi-region writes ### Evening (1h) — Review & Practice - [ ] Review: Storage + Database gotchas - [ ] Practice answering: 1. "Azure SQL vs Cosmos DB?" 2. "Explain Cosmos DB consistency levels" 3. "How do you choose a partition key?" 4. "Blob Hot vs Cool vs Archive?" 5. "Active Geo-Replication vs Failover Groups?" --- ## Day 6 (Wed Apr 30): Messaging, Integration & Security ### Morning (2h) — Read & Understand - [ ] Read `part5-messaging-integration.md` — Service Bus, Event Grid, Event Hubs, APIM, Logic Apps - [ ] Read `part7-security.md` — Defender for Cloud, Sentinel, Policy, WAF - [ ] Master these: - Service Bus vs Event Grid vs Event Hubs (when to use which) - APIM: policies, products, subscriptions - Azure Policy: effects (Deny, Audit, DeployIfNotExists) - Defender for Cloud: Secure Score, JIT VM access - Sentinel: SIEM + SOAR ### Afternoon (2h) — Hands-On Labs - [ ] Lab 22: Implement API Management - [ ] Lab 32: Implement Azure Policy (allowed locations, required tags) - [ ] Enable Microsoft Defender for Cloud on your subscription - [ ] Configure JIT VM access ### Evening (1h) — Review & Practice - [ ] Review: Messaging decision matrix + security checklist - [ ] Practice answering: 1. "Service Bus vs Event Grid vs Event Hubs?" 2. "How do you secure APIs with APIM?" 3. "Azure Policy vs RBAC?" 4. "How do you detect and respond to threats?" 5. "How do you implement compliance (HIPAA/PCI)?" --- ## Day 7 (Thu May 1): WEEK 1 REVIEW — Architecture Design Practice ### Morning (2h) — Review All Week 1 Material - [ ] Re-read your notes on: Identity, Networking, Compute, Storage, Databases, Messaging, Security - [ ] Review all 50 gotchas from `sa-gotchas-playbook-waf.md` - [ ] Review cross-role collaboration guide ### Afternoon (2h) — Architecture Design Practice - [ ] Whiteboard design: "Design a highly available web application on Azure" - Draw it, explain each component choice - [ ] Whiteboard design: "Design a microservices architecture" - [ ] Whiteboard design: "Design a hybrid cloud with ExpressRoute" - [ ] Time yourself: 30 minutes per design ### Evening (1h) — Self-Assessment - [ ] What topics are you still weak on? - [ ] Write down your weak areas — focus Week 2 on these - [ ] Practice explaining architecture decisions out loud (this is the interview skill) --- # WEEK 2: ARCHITECTURE, MODERNIZATION & INTERVIEW PREP --- ## Day 8 (Fri May 2): Well-Architected Framework + HA/DR ### Morning (2h) — Read & Understand - [ ] Read `sa-gotchas-playbook-waf.md` — WAF ALL 5 Pillars section - [ ] For each pillar, memorize: - Design principles (3-4 per pillar) - Key patterns - Checklist items **5 Pillars:** 1. **Reliability** — AZ, geo-replication, health probes, circuit breaker, retry 2. **Security** — Zero-trust, Private Endpoints, WAF, PIM, Managed Identity 3. **Cost** — Right-size, RI, Spot, serverless, lifecycle policies 4. **Operational Excellence** — IaC, CI/CD, monitoring, runbooks 5. **Performance** — Autoscaling, caching, CDN, partitioning, read replicas ### Afternoon (2h) — Hands-On Labs - [ ] Lab 24: Implement Azure Site Recovery - [ ] Lab 37: Deploy Multi-Region Active-Active Web App - [ ] Lab 36: Build Complete Hub-Spoke with All Security ### Evening (1h) — Review & Practice - [ ] Practice answering: 1. "Explain the Well-Architected Framework" (all 5 pillars) 2. "How do you design for 99.99% availability?" 3. "Active-Active vs Active-Passive DR?" 4. "How do you calculate composite SLA?" 5. "How do you design cost-optimized architecture?" --- ## Day 9 (Sat May 3): Brownfield & Cloud Modernization ### Morning (2h) — Read & Understand - [ ] Read `modernization/modernization-part1-migration-strategies.md` - [ ] Read `modernization/modernization-part2-patterns-hybrid-legacy.md` - [ ] Master these: - 6 Rs framework (when to use each, with real examples) - Lift & Shift → Optimize → Modernize → Cloud-Native journey - Strangler Fig pattern for monolith decomposition - SQL Server → SQL MI migration (online, <30 min downtime) - Hybrid identity (ADFS → Entra ID) - Hybrid networking cutover ### Afternoon (2h) — Hands-On Labs - [ ] Lab 44: Implement Azure Migrate Assessment - [ ] Lab 31: Deploy Multi-Tier App with Terraform - [ ] Lab 46: Implement Azure Arc for Hybrid Management ### Evening (1h) — Review & Practice - [ ] Practice answering: 1. "Walk me through a cloud migration you'd lead" 2. "When would you lift-and-shift vs refactor?" 3. "Explain the Strangler Fig pattern" 4. "How do you migrate SQL Server to Azure?" 5. "How do you handle hybrid identity migration?" --- ## Day 10 (Sun May 4): DevOps & Governance ### Morning (2h) — Read & Understand - [ ] Read `roles/06-azure-devops-engineer.md` - [ ] Read `roles-labs/06-devops-package.md` - [ ] Master these: - CI/CD pipeline design (build → test → deploy → verify) - Deployment strategies (blue/green, canary, rolling) - IaC: Bicep vs Terraform (when to use which) - GitOps for AKS (Flux) - DevSecOps (SAST, SCA, container scanning, IaC scanning) - Azure Policy for governance - Management groups + landing zones ### Afternoon (2h) — Hands-On Labs - [ ] Lab 42: Implement Complete CI/CD with Azure DevOps - [ ] Lab 32: Implement Azure Blueprints & Policy - [ ] Write a Bicep template for a web app + SQL + Key Vault ### Evening (1h) — Review & Practice - [ ] Practice answering: 1. "Walk me through your CI/CD pipeline" 2. "How do you implement blue/green deployment?" 3. "Bicep vs Terraform — when to use which?" 4. "How do you implement DevSecOps?" 5. "What is GitOps?" --- ## Day 11 (Mon May 5): Advanced Architecture Patterns ### Morning (2h) — Read & Understand - [ ] Re-read `roles/04-azure-solutions-architect.md` — Architecture Patterns section - [ ] Study these patterns in detail: - Enterprise web application (Front Door → App Gateway → App Service → SQL) - Microservices on AKS (AGIC, Workload Identity, CSI Driver) - Event-driven serverless (Event Grid → Functions → Cosmos DB) - Data analytics pipeline (IoT Hub → Event Hubs → Stream Analytics → Synapse → Power BI) - Hybrid enterprise (ExpressRoute → Hub → Spoke) ### Afternoon (2h) — Full Architecture Design Practice - [ ] Design from scratch: E-commerce platform (30 min, draw + explain) - [ ] Design from scratch: Real-time chat app (30 min) - [ ] Design from scratch: Healthcare data platform (30 min) - [ ] Design from scratch: Multi-tenant SaaS (30 min) ### Evening (1h) — Review & Practice - [ ] Time yourself. Can you design a complete architecture in 20 minutes? - [ ] Practice explaining your design decisions out loud - [ ] Focus on: WHY you chose each service (not just WHAT) --- ## Day 12 (Tue May 6): Security Deep Dive + Data Architecture ### Morning (2h) — Read & Understand - [ ] Re-read `part7-security.md` - [ ] Re-read `roles/07-azure-security-engineer.md` - [ ] Master security architecture checklist (all items) - [ ] Master data architecture decision matrix (SQL vs Cosmos vs Synapse vs Redis) ### Afternoon (2h) — Hands-On Labs - [ ] Lab 40: Implement Zero-Trust Security Architecture - [ ] Lab 36: Build Complete Hub-Spoke with All Security - [ ] Configure Sentinel: data connector + analytics rule + playbook ### Evening (1h) — Review & Practice - [ ] Practice answering ALL 10 security interview questions - [ ] Practice: "How do you design for compliance (HIPAA/PCI/GDPR)?" - [ ] Practice: "How do you choose between Azure SQL and Cosmos DB?" --- ## Day 13 (Wed May 7): FULL MOCK INTERVIEW DAY ### Morning (2h) — Timed Architecture Challenges Set a timer. For each, spend exactly 20 minutes designing, then 10 minutes reviewing: 1. **Design a highly available e-commerce platform on Azure** - Must handle 100K concurrent users - 99.99% availability - PCI DSS compliant - Multi-region 2. **Design a microservices architecture for a food delivery app** - Real-time order tracking - Payment processing - Restaurant management - Customer notifications 3. **Design a data platform for an IoT manufacturing company** - 10,000 sensors - Real-time alerts - Historical analytics - ML-based predictive maintenance ### Afternoon (2h) — Behavioral + Scenario Questions Practice answering these out loud (record yourself if possible): 1. "Tell me about a time you made a difficult architecture decision" 2. "How do you handle disagreements with developers about technology choices?" 3. "A client's Azure bill doubled this month. How do you investigate?" 4. "How do you convince leadership to invest in security?" 5. "Walk me through how you'd migrate a datacenter to Azure" 6. "How do you handle a P1 production outage?" 7. "What's your approach to cost optimization?" 8. "How do you stay current with Azure updates?" 9. "Describe a project that didn't go as planned. What did you learn?" 10. "How do you balance speed of delivery with quality?" ### Evening (1h) — Review Weak Areas - [ ] Go back to your Day 7 weak areas list - [ ] Focus on the topics you're least confident about - [ ] Re-read relevant sections - [ ] Do one more hands-on lab in your weak area --- ## Day 14 (Thu May 8): INTERVIEW DAY — Light Review Only ### Morning (1h max) — Light Review - [ ] Review your architecture decision frameworks (not deep reading) - [ ] Review the playbook: "How to Approach Any Architecture Design" - [ ] Review: compute decision matrix, data store decision matrix, LB decision matrix - [ ] Skim the 50 gotchas one more time - [ ] **Do NOT try to learn new things today** ### Before the Interview - [ ] Have your framework ready: Clarify → Draw → Detail → Security → HA/DR → Monitor → Trade-offs - [ ] Remember: interviewers want to see HOW you think, not just WHAT you know - [ ] Ask clarifying questions before designing - [ ] Think out loud — explain your reasoning - [ ] It's OK to say "I'd need to check" for specifics — show you know WHERE to look ### Key Reminders - **Don't just list services — explain WHY you chose them** - **Always mention security and cost** (most candidates forget) - **Draw diagrams** (even if on a whiteboard or describing verbally) - **Ask about non-functional requirements** (availability, latency, budget) - **Mention trade-offs** for every decision (shows maturity) --- # QUICK REFERENCE CARDS ## Compute Decision | Need | Choose | |---|---| | Standard web app/API | App Service | | Microservices, K8s | AKS | | Serverless containers | Container Apps | | Event-driven functions | Azure Functions | | Legacy/custom OS | VMs | | Static site + API | Static Web Apps | ## Data Store Decision | Data Type | Choose | |---|---| | Relational, transactional | Azure SQL / SQL MI | | NoSQL, global, flexible | Cosmos DB | | Open-source relational | PostgreSQL Flexible | | Caching | Redis | | Analytics/warehouse | Synapse | | Big data/Spark | Databricks | | Object storage | Blob Storage | | File shares | Azure Files | ## Load Balancer Decision | Need | Choose | |---|---| | L4, any protocol | Azure Load Balancer | | L7, WAF, regional | Application Gateway | | Global, CDN, multi-region | Front Door | | DNS-based (any protocol) | Traffic Manager | ## HA/DR Decision | Need | Design | |---|---| | 99.9% | Availability Zones | | 99.95% | Active-Passive with geo-replication | | 99.99% | Active-Active multi-region | ## Interview Whiteboard Framework (20 min) 1. Clarify requirements (5 min) 2. Draw high-level architecture (5 min) 3. Add security (3 min) 4. Add HA/DR (3 min) 5. Discuss trade-offs (4 min) --- *Good luck! You've got this. 🎯*