Career Roadmap
Azure Solutions Architect: Zero to Hero
This roadmap covers the complete path to Microsoft Certified Azure Solutions Architect Expert. Both AZ-104 (Azure Administrator Associate) and AZ-305 (Designing Microsoft Azure Infrastructure Solutions) are required — you cannot earn the Expert certification without both. The roadmap reflects the April 17, 2026 updates to both exams and is structured to build the right knowledge in the right order. AZ-104 builds the operational foundation. AZ-305 builds the design judgment on top of it. Use ExamOS practice quizzes at every step to make progress measurable before each exam attempt.
Embark on your career roadmap by setting a target and staying accountable
Set targetStep 0 - Cloud and IT foundations
Build the technical and conceptual foundation that every Azure architecture decision depends on. These fundamentals surface constantly in both AZ-104 and AZ-305 scenario questions.
2-3 weeks2-3 weeks
Step 0 - Cloud and IT foundations
Build the technical and conceptual foundation that every Azure architecture decision depends on. These fundamentals surface constantly in both AZ-104 and AZ-305 scenario questions.
- Networking fundamentals — TCP/IP, IP addressing, subnets, CIDR, DNS, routing, load balancing, firewalls
- Compute concepts — virtual machines, containers, serverless, scaling patterns
- Storage types — block storage, file storage, object storage, their characteristics and appropriate use cases
- Database fundamentals — relational versus non-relational, ACID properties, consistency models, replication
- Security principles — CIA triad, authentication, authorization, least privilege, defense in depth
- Business continuity concepts — RTO, RPO, high availability, disaster recovery patterns
- Architecture patterns — monolithic versus microservices, synchronous versus asynchronous, event-driven design
💡 AZ-305 scenario questions frequently embed RTO and RPO values as constraints that determine the correct architecture. Understanding what these numbers mean and what Azure services can meet them is essential before studying the specific services.
💡 Candidates with existing IT or cloud experience can move through this step in a week. Candidates without that background should invest the full 2-3 weeks.
Step 1 - Azure fundamentals (AZ-900)
Build familiarity with the Azure platform, service categories, pricing models, and management interfaces before working with services in depth.
2-3 weeks2-3 weeks
Step 1 - Azure fundamentals (AZ-900)
Build familiarity with the Azure platform, service categories, pricing models, and management interfaces before working with services in depth.
- Azure global infrastructure — regions, availability zones, availability sets, region pairs
- Azure service categories — compute, networking, storage, databases, AI, DevOps, security
- Azure management interfaces — portal, CLI, PowerShell, ARM, Azure Resource Manager concepts
- Azure pricing models — consumption versus reserved, Azure Hybrid Benefit, total cost of ownership
- Azure governance basics — subscriptions, management groups, resource groups, resource locks
- Azure compliance and trust — compliance offerings, Microsoft Privacy Statement, service trust portal
- Free Azure account — what is available and how to use it for labs throughout this path
Certifications
💡 AZ-900 is optional for candidates with existing cloud or IT backgrounds. It is recommended for those new to Azure or cloud computing generally.
💡 The most important outcome from this step is comfort navigating the Azure portal and familiarity with the service landscape. Every subsequent step builds on this.
💡 Use ExamOS quizzes to confirm Azure fundamentals before moving into AZ-104 preparation.
Step 2 - Azure administration and AZ-104 (Phase 1 — Identity and Networking)
Build the Azure administration knowledge required to earn AZ-104 and to have the operational foundation AZ-305 assumes. This is the most critical step in the roadmap — candidates who rush AZ-104 consistently struggle with AZ-305.
6-8 weeks6-8 weeks
Step 2 - Azure administration and AZ-104 (Phase 1 — Identity and Networking)
Build the Azure administration knowledge required to earn AZ-104 and to have the operational foundation AZ-305 assumes. This is the most critical step in the roadmap — candidates who rush AZ-104 consistently struggle with AZ-305.
- Microsoft Entra ID — users, groups, external identities, hybrid identity with Entra Connect
- Azure RBAC — built-in roles, custom roles, scope hierarchy and inheritance, role assignment
- Entra ID roles versus Azure RBAC roles — the most consistently confused concept on both exams
- Azure Policy — definitions, initiatives, assignment scopes, effect types (Audit, Deny, DeployIfNotExists)
- Management Groups and subscription governance — hierarchy design, policy inheritance
- Virtual Networks — address space planning, subnets, system routes, DNS configuration
- Network Security Groups — rule evaluation order, application security groups, flow logs
- VNet peering — regional and global, non-transitivity, gateway transit configuration
- User Defined Routes — route tables, next hop types, when UDRs override system routes
- Azure Firewall — standard versus premium, DNAT rules, network rules, application FQDN rules
- Azure Bastion — AzureBastionSubnet naming requirement, browser-based access model
- Private Endpoints versus Service Endpoints — what each does and when each is appropriate
- VPN Gateway and ExpressRoute — hybrid connectivity patterns and when each is appropriate
- Azure DNS — public zones, private zones, VNet links, auto-registration
Certifications
💡 Identity and Governance (20-25%) and Virtual Networking (15-20%) together cover up to 45% of AZ-104. Both are also the most heavily tested domains on AZ-305. Invest disproportionately here.
💡 VNet peering non-transitivity is the concept that causes the most networking scenario mistakes on both exams. Internalize it completely before moving forward.
💡 Build real Azure resources throughout this step. Creating VNets, configuring NSG rules, setting up RBAC assignments, and testing connectivity builds the operational intuition that scenario questions test.
💡 Use ExamOS daily networking and identity practice. These are the two areas where preparation depth most directly predicts exam performance.
Step 3 - Azure administration and AZ-104 (Phase 2 — Compute, Storage, and Monitoring)
Complete the AZ-104 preparation across compute, storage, and monitoring domains and earn the Azure Administrator Associate certification — the required prerequisite for AZ-305.
4-6 weeks4-6 weeks
Step 3 - Azure administration and AZ-104 (Phase 2 — Compute, Storage, and Monitoring)
Complete the AZ-104 preparation across compute, storage, and monitoring domains and earn the Azure Administrator Associate certification — the required prerequisite for AZ-305.
- Virtual Machines — sizes, availability options (availability sets versus zones), VM Scale Sets, extensions
- ARM templates and Bicep — deployment modes, template structure, what-if operations, modules
- Azure Container Instances and Azure Kubernetes Service basics — when to use each
- App Service — plans, deployment slots, custom domains, TLS, autoscaling
- Storage Accounts — types, redundancy options (LRS, ZRS, GRS, GZRS, RA-GRS), access tiers
- Blob storage — lifecycle management policies, soft delete, versioning, access control
- Azure Files — SMB and NFS shares, Azure File Sync, identity-based authentication
- Managed Disks — types, snapshots, disk encryption, customer-managed keys
- Azure Monitor — metrics, diagnostic settings, metric alerts, log alerts, action groups
- Log Analytics workspaces — data sources, KQL basics, retention settings
- Application Insights — distributed tracing, availability tests, performance monitoring
- Azure Backup — Recovery Services vault, VM backup, Azure Files backup, backup policies
- Azure Site Recovery — replication, failover, failback, recovery plans
- Azure Advisor — cost, security, reliability, operational excellence, performance recommendations
Certifications
💡 AZ-104 is the mandatory prerequisite for AZ-305. You can sit AZ-305 without it, but you will not receive the Azure Solutions Architect Expert certification until both are passed. Complete AZ-104 before beginning AZ-305 preparation.
💡 The Azure Backup versus Azure Site Recovery distinction is consistently tested on AZ-104. Backup protects data. Site Recovery protects infrastructure availability. They solve different problems and the exam tests whether you know which is appropriate for described failure scenarios.
💡 Consistent performance above 80% on Legend mode across multiple ExamOS sessions is the clearest AZ-104 readiness signal. Stable scores across multiple timed sessions matter more than a single strong performance.
Step 4 - Architecture thinking and the Azure Well-Architected Framework
Make the transition from operational thinking to design thinking before beginning AZ-305 preparation. This mindset shift is the single most important preparation step for the Expert exam and the one most candidates skip.
2-3 weeks2-3 weeks
Step 4 - Architecture thinking and the Azure Well-Architected Framework
Make the transition from operational thinking to design thinking before beginning AZ-305 preparation. This mindset shift is the single most important preparation step for the Expert exam and the one most candidates skip.
- Azure Well-Architected Framework — five pillars (Reliability, Security, Cost Optimization, Operational Excellence, Performance Efficiency) and how they interact
- Well-Architected Framework Review — assessment methodology, workload analysis, improvement planning
- Microsoft Cloud Adoption Framework (CAF) — strategy, plan, ready, adopt, govern, manage phases
- Azure Landing Zones — conceptual architecture, platform versus application landing zones, design areas
- Design trade-offs — how reliability, performance, cost, and security requirements conflict and how architects prioritize them
- Architecture decision records — how to document design choices and their rationale
- How AZ-305 questions work — scenario language ("recommend," "design," "evaluate"), case study format, constraint identification
💡 AZ-305 uses the language of architecture throughout. Questions describe a business scenario with technical and organizational constraints, then ask you to recommend or design an appropriate solution. This is fundamentally different from AZ-104 operational questions and requires a different reasoning approach.
💡 The Well-Architected Framework is the lens through which AZ-305 design questions should be evaluated. Every design recommendation should be defensible against one or more pillars. Candidates who don't have this framework internalized approach each question in isolation and miss the underlying principle.
💡 The Cloud Adoption Framework appears in AZ-305 governance and migration scenarios. Understanding where Landing Zones fit in the CAF is specifically tested.
💡 Case study questions are a significant component of AZ-305. Practice reading extended scenarios and identifying all constraints before evaluating answer options. The constraint that determines the correct answer is often buried in a secondary paragraph.
💡 Use ExamOS scenario practice to start building the design reasoning habit before formal AZ-305 study begins.
Step 5 - AZ-305 Domain 1 — Design Identity, Governance, and Monitoring Solutions (25-30%)
Design identity, governance, and observability solutions for enterprise Azure environments. This is jointly the highest-weighted domain at 25-30% and builds directly on the AZ-104 foundation.
4-5 weeks4-5 weeks
Step 5 - AZ-305 Domain 1 — Design Identity, Governance, and Monitoring Solutions (25-30%)
Design identity, governance, and observability solutions for enterprise Azure environments. This is jointly the highest-weighted domain at 25-30% and builds directly on the AZ-104 foundation.
- Identity architecture — single tenant versus multi-tenant, hybrid identity design, Entra ID Connect topology options
- Privileged Identity Management (PIM) at the design level — when eligible versus active assignments, approval workflows, access review design
- Entra ID Governance — entitlement management, access packages, lifecycle workflows for enterprise access design
- Conditional Access architecture — policy design for different user populations, device compliance, named locations, risk-based policies
- Workload identity design — managed identity versus service principal selection, federation for CI/CD pipelines
- Governance architecture — management group hierarchy design for enterprise organizations, policy initiative design, Azure Blueprints versus Landing Zones
- Cost management architecture — budget design, cost allocation with tags, chargeback and showback models
- Azure Monitor architecture — workspace design for multi-subscription environments, centralized versus distributed logging
- Log Analytics workspace design — single workspace versus multiple workspaces trade-offs, data retention, access control
- Azure Sentinel (Microsoft Sentinel) deployment architecture — workspace design, data connector selection
Certifications
💡 Identity design questions on AZ-305 are significantly deeper than AZ-104 identity questions. AZ-104 tests whether you can configure identity correctly. AZ-305 tests whether you can design the right identity architecture for a described organizational structure and security requirement.
💡 Management group hierarchy design for enterprises is specifically tested. Know the standard enterprise landing zone hierarchy pattern and be able to explain why policy assignments belong at specific scopes.
💡 Log Analytics workspace design trade-offs — single workspace for simplicity versus multiple workspaces for data sovereignty or access isolation — appear in monitoring architecture scenarios.
💡 Use ExamOS for identity and governance design scenario practice. These questions require reading organizational context carefully and selecting the architecture that satisfies all stated requirements.
Step 6 - AZ-305 Domain 2 — Design Data Storage Solutions (25-30%)
Design data storage architectures that match workload characteristics across relational, non-relational, analytical, and file storage requirements. Jointly the highest-weighted domain at 25-30%.
4-5 weeks4-5 weeks
Step 6 - AZ-305 Domain 2 — Design Data Storage Solutions (25-30%)
Design data storage architectures that match workload characteristics across relational, non-relational, analytical, and file storage requirements. Jointly the highest-weighted domain at 25-30%.
- Storage account design — selecting the right redundancy tier for described availability requirements, lifecycle policy design
- Azure Blob Storage advanced scenarios — immutable storage, object replication, large-scale data landing zone design
- Azure Files and Azure NetApp Files — when to use each, performance tier selection, hybrid file share scenarios
- Azure SQL Database — service tiers (DTU versus vCore), elastic pools, Business Critical versus General Purpose versus Hyperscale
- SQL Database design trade-offs — managed instance versus single database versus elastic pool for described workloads
- Azure Cosmos DB — API selection (NoSQL, MongoDB, Cassandra, Gremlin, Table), consistency level design, global distribution design, multi-write regions
- Azure Database for PostgreSQL and MySQL — flexible server design, high availability options, read replicas
- Data architecture patterns — OLTP versus OLAP, data warehousing with Azure Synapse Analytics, real-time analytics with Azure Stream Analytics
- Data migration design — Azure Database Migration Service, offline versus online migration trade-offs
- Data governance with Microsoft Purview — data catalog design, sensitivity label deployment, data lineage
Certifications
💡 Cosmos DB consistency level selection is one of the most consistently tested AZ-305 topics. The five levels (Strong, Bounded Staleness, Session, Consistent Prefix, Eventual) each have specific use cases and the exam tests whether you can select the correct level for a described scenario requirement. Session consistency is the most frequently correct answer for single-user scenarios. Strong consistency is the answer when linearizable reads are explicitly required.
💡 Azure SQL Database tier selection requires understanding the trade-offs between General Purpose (balanced), Business Critical (high IOPS, in-memory), and Hyperscale (massive scale, fast backup). The scenario's IOPS requirement, scale requirement, or backup speed requirement determines the correct tier.
💡 Data storage design questions often combine multiple constraints simultaneously — cost, performance, availability, and compliance. Practice identifying which constraint is the binding one before evaluating options.
💡 Use ExamOS for data storage design scenario practice that tests service selection under competing requirements.
Step 7 - AZ-305 Domain 3 — Design Business Continuity Solutions (10-15%)
Design resilient architectures that meet specific recovery objectives. The lightest-weighted domain at 10-15% but one where scenario questions require precise RTO and RPO reasoning.
2-3 weeks2-3 weeks
Step 7 - AZ-305 Domain 3 — Design Business Continuity Solutions (10-15%)
Design resilient architectures that meet specific recovery objectives. The lightest-weighted domain at 10-15% but one where scenario questions require precise RTO and RPO reasoning.
- Business continuity design — mapping RTO and RPO requirements to specific Azure architecture patterns
- High availability patterns — availability sets versus availability zones for VMs, zonal versus zone-redundant service configurations
- Disaster recovery patterns — backup and restore, pilot light, warm standby, multi-site active-active and when each maps to specific RTO/RPO values
- Azure Site Recovery design — replication configuration, recovery plan design, failover and failback orchestration
- Azure Backup design — vault design, backup policy design, cross-region restore, soft delete configuration
- Database resilience design — Azure SQL Database Business Critical versus geo-replication versus failover groups
- Multi-region application design — active-active versus active-passive, Traffic Manager versus Front Door for global routing
- Chaos engineering principles — designing for failure, testing resilience with Azure Fault Injection Simulator
Certifications
💡 RTO and RPO values in scenario questions are not decorative. They are the constraints that determine the correct architecture. An RTO of 1 hour rules out architectures requiring manual intervention. An RPO of zero rules out asynchronous replication. Practice mapping specific values to specific patterns before your exam.
💡 Business continuity questions are among the most scenario-dense on AZ-305. They combine multiple requirements simultaneously and the wrong answer is often a valid DR approach that does not meet the specific RTO or RPO stated.
💡 Use ExamOS for business continuity scenario practice that presents specific RTO/RPO values and asks you to select the appropriate Azure architecture pattern.
Step 8 - AZ-305 Domain 4 — Design Infrastructure Solutions (25-30%)
Design compute, networking, application architecture, and migration solutions at the enterprise scale. Jointly the highest-weighted domain at 25-30% and the broadest in scope.
4-5 weeks4-5 weeks
Step 8 - AZ-305 Domain 4 — Design Infrastructure Solutions (25-30%)
Design compute, networking, application architecture, and migration solutions at the enterprise scale. Jointly the highest-weighted domain at 25-30% and the broadest in scope.
- Compute architecture — selecting between VMs, Azure App Service, Azure Container Apps, AKS, Azure Functions, and Azure Batch for described workloads
- VM sizing and availability — right-sizing strategy, Reserved Instances versus Spot versus On-Demand, availability zone design
- Container architecture — when AKS versus Container Apps versus ACI versus App Service for containers
- Serverless architecture — Azure Functions trigger and binding design, Durable Functions for long-running workflows, KEDA-based scaling
- Application architecture patterns — microservices on AKS, event-driven architecture with Event Grid and Service Bus, API gateway patterns with API Management
- Network architecture — hub-and-spoke topology design, Virtual WAN for large organizations, network segmentation strategy
- Hybrid network design — ExpressRoute versus VPN Gateway selection, Global Reach for multi-site interconnect
- Azure Front Door versus Application Gateway versus Traffic Manager — selecting the right global and regional load balancing combination
- Migration design — Azure Migrate assessment and migration phases, lift-and-shift versus re-platform versus re-architect decisions
- Landing Zone design — reference architectures, connectivity subscription, identity subscription, management subscription patterns
Certifications
💡 Compute service selection is the topic that produces the most AZ-305 mistakes. The key signal in each scenario is the workload characteristic that determines the correct service. Event-driven and short-duration workloads point to Functions. Containerized microservices needing orchestration point to AKS. Simple containerized workloads without orchestration requirements point to Container Apps. Long-running batch processing points to Azure Batch.
💡 Hub-and-spoke versus Virtual WAN is a specific design decision the exam tests. Hub-and-spoke is appropriate for organizations managing their own networking with specific control requirements. Virtual WAN is appropriate for large organizations that want managed connectivity at scale without the operational overhead of hub-and-spoke.
💡 Migration scenarios test the three migration strategies and when each is appropriate. Lift-and-shift (rehost) for speed and minimum change. Re-platform for moderate optimization without application rearchitecture. Re-architect for maximum cloud benefit when time and cost allow.
💡 Use ExamOS for infrastructure design scenario practice focusing on service selection under competing workload requirements and network topology design for described organizational structures.
Step 9 - AZ-305 exam readiness and case study mastery
Consolidate AZ-305 preparation through integrated scenario practice, case study technique, and targeted gap closure before booking the exam.
2-3 weeks2-3 weeks
Step 9 - AZ-305 exam readiness and case study mastery
Consolidate AZ-305 preparation through integrated scenario practice, case study technique, and targeted gap closure before booking the exam.
- Case study question technique — reading requirements section before background, identifying constraints explicitly, answering only from stated requirements
- Domain-weighted practice — allocating remaining preparation time proportional to the 25-30% domains
- Cross-domain scenario practice — questions that combine identity, storage, networking, and compute requirements simultaneously
- Architecture justification — practicing the ability to explain why one architecture is better than another for specific requirements
- Microsoft Learn and documentation access strategy — how to use the available documentation during the exam efficiently
Certifications
💡 AZ-305 includes case study sections presenting extended organizational scenarios with multiple related questions. Candidates who have only practiced standalone questions are often caught off guard by case studies. The technique is different — read the requirements document first, identify all constraints explicitly, then answer questions only from what is stated rather than what you would normally recommend.
💡 Microsoft documentation is available during AZ-305 via a split-screen. Use it for verification on genuine uncertainty, not as a substitute for preparation. Time pressure makes extensive documentation searching impractical.
💡 Consistent performance above 80% on Legend mode across five or more consecutive ExamOS sessions is the clearest AZ-305 readiness signal. One strong session is not sufficient. The real exam presents scenarios you have not seen before and your stable reasoning floor predicts that performance better than your best session.
💡 The Azure Well-Architected Framework should feel like your primary reasoning tool at this stage. If you reach a scenario where you are uncertain, apply the five pillars to evaluate each option before selecting.
Step 10 - Follow-on specialization paths
Azure Solutions Architect Expert opens several high-value specialization paths. The right follow-on depends on where you want your architecture career to go.
OngoingOngoing
Step 10 - Follow-on specialization paths
Azure Solutions Architect Expert opens several high-value specialization paths. The right follow-on depends on where you want your architecture career to go.
- Azure DevOps Engineer Expert (AZ-400) — for architects who want to own the delivery pipeline alongside the architecture
- Azure AI Engineer Associate (AI-103) — for architects whose organizations are building generative AI applications and agents on Azure
- Azure AI Cloud Developer (AI-200) — for architects working on the infrastructure layer of AI-powered cloud solutions
- Cloud and AI Security Engineer (SC-500) — for architects who need deep security specialization alongside their architecture credential
- Microsoft Cybersecurity Architect Expert (SC-100) — for architects moving into security architecture roles
- Google Cloud Professional Cloud Architect — for architects building multi-cloud credibility alongside Azure
- AWS Solutions Architect Professional — for architects working in multi-cloud enterprise environments
💡 AZ-400 is the most natural immediate follow-on for architects who also own DevOps practices. AZ-104 satisfies the AZ-400 prerequisite, so you already have it.
💡 AI-103 and AI-200 are new 2026 exams in beta. AI-103 focuses on building AI applications and agents on Azure Foundry. AI-200 focuses on the cloud infrastructure that AI workloads run on. Both are highly relevant for Azure architects in organizations deploying AI solutions.
💡 SC-100 (Cybersecurity Architect Expert) is the natural follow-on for architects moving into security-focused roles. It requires holding at least one Associate-level security exam alongside AZ-305.
💡 Multi-cloud credibility is increasingly valued in senior architect roles. AWS SAA-C03 alongside AZ-305 creates a credential profile that large enterprises specifically value.
Final step - Certification, validation, and what the credential actually means
The Azure Solutions Architect Expert is one of the most respected cloud certifications in the market. It requires passing both AZ-104 and AZ-305, and the combination signals genuine depth — operational Azure knowledge from AZ-104 plus design judgment from AZ-305. Before booking AZ-305, ensure your AZ-104 foundation is solid. Candidates who rush AZ-104 and move quickly to AZ-305 consistently encounter scenario questions in the infrastructure domain that require operational depth they have not built. Use ExamOS practice across both exams to track progress objectively. For AZ-305 specifically, consistent 80%+ on Legend mode across multiple sessions, particularly on the 25-30% domains, is the readiness benchmark that correlates most strongly with exam success. The certification opens doors. The architecture judgment you build preparing for it is what keeps them open.
Final step - Certification, validation, and what the credential actually means
The Azure Solutions Architect Expert is one of the most respected cloud certifications in the market. It requires passing both AZ-104 and AZ-305, and the combination signals genuine depth — operational Azure knowledge from AZ-104 plus design judgment from AZ-305. Before booking AZ-305, ensure your AZ-104 foundation is solid. Candidates who rush AZ-104 and move quickly to AZ-305 consistently encounter scenario questions in the infrastructure domain that require operational depth they have not built. Use ExamOS practice across both exams to track progress objectively. For AZ-305 specifically, consistent 80%+ on Legend mode across multiple sessions, particularly on the 25-30% domains, is the readiness benchmark that correlates most strongly with exam success. The certification opens doors. The architecture judgment you build preparing for it is what keeps them open.
Certifications
Realistic timeline
- 2 hours per day: approximately 8-12 months for the complete path including both AZ-104 and AZ-305
- 3-4 hours per day: approximately 5-7 months
- Candidates who already hold AZ-104: approximately 3-4 months to AZ-305 readiness
- AZ-104 alone typically requires 8-12 weeks for candidates with general IT experience
- AZ-305 typically requires 10-16 weeks of preparation after AZ-104 is solid
- Steps 5-8 (the four AZ-305 domains) should receive preparation time roughly proportional to their exam weights — spend more time on the 25-30% domains than the 10-15% domain
- Hands-on lab time in Azure building real resources for every major topic produces significantly better outcomes than passive study alone
- Daily consistent practice across both exams produces better outcomes than periodic marathon sessions
Embark on your career roadmap by setting a target and staying accountable
Set target