AZ-305 - Designing Microsoft Azure Infrastructure Solutions Cheat Sheet

This sheet maps the AZ-305: Designing Microsoft Azure Infrastructure Solutions exam (skills measured as of 17 April 2026), the design-focused exam behind the Microsoft Certified: Azure Solutions Architect Expert credential. It is organized by the four official skill areas: identity, governance, and monitoring (25-30%), data storage (20-25%), business continuity (15-20%), and infrastructure (30-35%). AZ-305 is a design exam, so the graded answer is the Azure service or pattern that best satisfies the stated business requirements under the Well-Architected Framework and Cloud Adoption Framework, not merely a service that would technically work. Use it to drill the requirement-to-service mapping reflexes (match the SLA, the RTO/RPO, the data shape, and the cost ceiling) that separate the best design from a merely valid one.

What This Cheat Sheet Covers

This topic spans 26 focused tables and 280 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Design Logging and Monitoring SolutionsTable 2: Design Authentication and Identity ManagementTable 3: Design Authorization for Azure and On-Premises ResourcesTable 4: Design Secrets, Certificates, and Key ManagementTable 5: Design Resource Organization and Tagging StrategyTable 6: Design Compliance GovernanceTable 7: Design Identity GovernanceTable 8: Design Relational Data Storage and Service TiersTable 9: Design Relational Data Scalability and ProtectionTable 10: Design Semi-Structured Data StorageTable 11: Design Unstructured Data Storage and Cost BalanceTable 12: Design Data Integration and AnalyticsTable 13: Design Disaster Recovery and Compute BackupTable 14: Design Backup for Databases and Unstructured DataTable 15: Design for High AvailabilityTable 16: Design Virtual Machine Compute SolutionsTable 17: Design Container-Based Compute SolutionsTable 18: Design Serverless and Batch Compute SolutionsTable 19: Design Messaging and Event-Driven ArchitecturesTable 20: Design API Integration and CachingTable 21: Design Application Configuration and Automated DeploymentTable 22: Design Migration Strategy and AssessmentTable 23: Design Workload, Database, and Data MigrationTable 24: Design Network Connectivity to Internet and On-PremisesTable 25: Design Network Performance OptimizationTable 26: Design Network Security and Load Balancing

Table 1: Design Logging and Monitoring Solutions

AZ-305 area "Design identity, governance, and monitoring" (25-30%), objective "Design solutions for logging and monitoring": recommend a logging store, recommend how to route logs, and recommend a monitoring solution. Pick the destination by what you must DO with the logs (query, archive, or stream) and prefer Azure Monitor as the unified umbrella.

Service	Example	Description
Azure Monitor	Need one unified place for metrics, logs, traces, alerts across Azure and hybrid -> Azure Monitor	Microsoft's unified observability umbrella that collects metrics, logs, and traces and powers alerts, workbooks, and autoscale. The default recommendation; Sentinel and Defender for Cloud build on its data platform. Not a single store, it is the overall service.
Log Analytics Workspace	Need cross-resource KQL queries and log alerts across subscriptions -> Log Analytics workspace	The store for log and trace data, analyzed with KQL. Centralize into one (or few) workspace(s) for cross-resource correlation. • Start with a single workspace • Not for cheap raw archive (use Storage), not a metrics-only store
Diagnostic Settings	Send a key vault's resource logs to a workspace plus an archive -> one diagnostic setting per destination type	Routes platform metrics, resource logs, and the activity log to one or more of: Log Analytics, Storage, or Event Hubs. Resource logs are off by default and need this. Up to 5 settings per resource.
Azure Storage Account	Keep audit logs cheaply for 7 years, no querying needed -> Storage account (optionally immutable)	The cheap, long-term archive destination; logs can be kept indefinitely and made immutable for audit. • Cheapest option • No KQL, not for interactive analysis (that is Log Analytics)
Azure Event Hubs	Stream Azure logs to Splunk or a third-party SIEM in near real time -> Event Hubs	The streaming-egress destination that pushes logs out to external systems such as non-Microsoft SIEMs. • A pipe to outside tools, not a store or query engine • Not where you run KQL or archive

Table 1: Design Logging and Monitoring Solutions

Service	Example	Description
Azure Monitor	Need one unified place for metrics, logs, traces, alerts across Azure and hybrid -> Azure Monitor	Microsoft's unified observability umbrella that collects metrics, logs, and traces and powers alerts, workbooks, and autoscale. The default recommendation; Sentinel and Defender for Cloud build on its data platform. Not a single store, it is the overall service.
Log Analytics Workspace	Need cross-resource KQL queries and log alerts across subscriptions -> Log Analytics workspace	The store for log and trace data, analyzed with KQL. Centralize into one (or few) workspace(s) for cross-resource correlation. • Start with a single workspace • Not for cheap raw archive (use Storage), not a metrics-only store
Diagnostic Settings	Send a key vault's resource logs to a workspace plus an archive -> one diagnostic setting per destination type	Routes platform metrics, resource logs, and the activity log to one or more of: Log Analytics, Storage, or Event Hubs. Resource logs are off by default and need this. Up to 5 settings per resource.
Azure Storage Account	Keep audit logs cheaply for 7 years, no querying needed -> Storage account (optionally immutable)	The cheap, long-term archive destination; logs can be kept indefinitely and made immutable for audit. • Cheapest option • No KQL, not for interactive analysis (that is Log Analytics)
Azure Event Hubs	Stream Azure logs to Splunk or a third-party SIEM in near real time -> Event Hubs	The streaming-egress destination that pushes logs out to external systems such as non-Microsoft SIEMs. • A pipe to outside tools, not a store or query engine • Not where you run KQL or archive