How do you pass Microsoft AZ-305 (Designing Microsoft Azure Infrastructure Solutions)?

Group classes
  • Confirm the certification path before studying: Azure Solutions Architect Expert requires AZ-104 and AZ-305.
  • Study design trade-offs rather than product trivia, because AZ-305 tests architectural judgement across identity, networking, data, governance, and resilience.
  • Use labs to prove each design choice, especially where cost, security, operations, and business continuity pull in different directions.

AZ-305 is the Microsoft Azure design exam for architects who need to select and justify cloud and hybrid infrastructure decisions. Formally named Designing Microsoft Azure Infrastructure Solutions, it is one exam, not a series of exams, and it sits alongside AZ-104: Microsoft Azure Administrator in the certification path for Microsoft Azure Solutions Architect Expert.

That distinction matters because the two exams test different instincts. AZ-104 is closer to implementation and administration: configuring resources, managing identities, operating networks, and maintaining workloads. AZ-305 expects the candidate to decide what should be designed, why it should be designed that way, and how the decision affects security, reliability, operations, cost, and future change.

What AZ-305 really tests

Microsoft describes the AZ-305 role as an Azure Solutions Architect role, and the official exam page and skills measured outline should be treated as the source of truth before any study plan is built. The current outline groups the work around designing identity, governance, monitoring, data storage, business continuity, and infrastructure solutions. Microsoft Learn, the Azure Architecture Center, and the Azure Well-Architected Framework are especially useful because they explain the reasoning behind design decisions rather than presenting features in isolation.

The exam is aimed at people who already understand IT operations at a mature level. Networking, virtualization, identity, security, disaster recovery, data platforms, and governance are not background topics; they are the material from which most design questions are built. A candidate who can deploy a virtual network but cannot explain when to use hub-spoke topology, Private Endpoints, Azure Firewall, or network security groups in combination will find the design questions difficult.

The same applies to identity and governance. A common mistake is to spend most preparation time memorising service names while giving too little attention to Microsoft Entra ID design, privileged access, conditional access, Azure Policy, tagging, budgets, and management group structure. AZ-305 scenarios often reward the candidate who can reduce risk and operational complexity with a sound governance model before recommending another service.

Start with the official blueprint, then turn it into work

The best preparation begins with the Microsoft skills measured document, but reading it once is not enough. Each line should be translated into a design question. If the outline mentions business continuity, the candidate should ask what recovery point objective and recovery time objective would mean for Azure Backup, Azure Site Recovery, multi-region storage replication, database failover, and application routing. If it mentions governance, the candidate should connect that topic to management groups, policy initiatives, resource locks, tags, budgets, and role assignments.

This is where many candidates drift into passive study. Watching modules and taking notes can build vocabulary, but the exam frequently asks for the most appropriate design under constraints. Those constraints might include regulatory boundaries, latency, cost limits, operational skills, existing on-premises dependencies, or a requirement to minimise administrative effort. In practice, the candidate needs enough hands-on exposure to recognise what a design choice enables and what it prevents.

A productive lab environment does not need to be large. A personal Azure subscription or Microsoft Learn sandbox can be used to build a hub-spoke network, test Private Endpoints, configure Key Vault access with managed identities, apply Azure Policy, enable diagnostic settings, and rehearse backup and recovery choices. The goal is not to become faster at clicking through the portal; it is to see how services interact when a design becomes real.

A realistic 6–8 week preparation cadence

Most serious candidates benefit from a rhythm that alternates design reading with build-and-break practice. The first phase should confirm the prerequisite path, review AZ-104 weak spots, and map the AZ-305 skills outline into a study tracker. The output from this phase should be a short list of areas that need proof through labs, not a vague intention to “study Azure architecture.”

The next phase should focus on identity, governance, and network design. A useful milestone is the ability to explain how management groups, subscriptions, role-based access control, privileged identity management, conditional access, hub-spoke networking, DNS, and private connectivity fit together in one enterprise design. When these topics are studied separately, they can appear manageable; when they appear together in a case study, weak connections become obvious.

Storage, data platforms, observability, and business continuity should follow. Candidates should practise choosing between storage redundancy options, backup patterns, database availability designs, monitoring approaches, and recovery strategies based on stated business requirements. RPO and RTO should be treated as design inputs, not as afterthoughts. If the requirement says that data loss must be tightly limited, the architecture has to reflect that in replication, backup frequency, failover design, and testing.

The final phase should be scenario rehearsal. Instead of taking practice questions repeatedly, the candidate should write brief design rationales: what was chosen, what was rejected, and which requirement drove the decision. This builds the habit that AZ-305 rewards. Learners who want a structured instructor-led route can compare options through the Readynez AZ-305 Azure Solutions Architect course, but the same principle applies in any format: design reasoning has to be practised, not merely read.

Use the Well-Architected pillars as a decision framework

The Azure Well-Architected Framework is useful for AZ-305 because it gives candidates a way to defend trade-offs under exam pressure. Reliability asks whether the workload can recover from failure. Security asks whether access, data, and network paths are protected appropriately. Cost optimisation asks whether the design avoids unnecessary spend. Operational excellence asks whether the solution can be monitored, updated, and supported. Performance efficiency asks whether it can scale and respond to demand.

This framework helps prevent overbuilding, which is one of the classic architect-level failure patterns. A multi-region active-active design may sound resilient, but it can be the wrong answer if the scenario has modest recovery requirements, limited operational capability, and strong cost constraints. By contrast, a simpler regional design with zone redundancy, tested backups, clear monitoring, and documented recovery procedures may better satisfy the stated requirement.

It also prevents narrow technical answers. If a question asks for secure access to a platform service from a private workload, the decision is not just about selecting Private Endpoint. The architect also has to think about DNS resolution, managed identity, least-privilege access, diagnostic logging, policy enforcement, and the operational impact on teams that troubleshoot the environment later.

A worked scenario: designing a multi-region web application

Consider a company running a customer-facing web application that must remain available during a regional outage, protect secrets, avoid public exposure for data services, and keep cloud spend explainable to finance. A weak answer would list several high-availability services without tying them to requirements. A stronger AZ-305 answer starts by separating business requirements from implementation choices.

Identity should be designed first because it controls how people, applications, and automation interact with the platform. Microsoft Entra ID should provide central identity, role assignments should follow least privilege, and privileged roles should be eligible rather than permanently assigned where privileged identity management is in scope. For application access to secrets, managed identities and Key Vault reduce the need to handle credentials directly. Conditional access may be relevant for administrative access, especially where risk, location, or device state influences policy.

The network design can then support the security model. A hub-spoke topology is often appropriate when shared inspection, connectivity, and DNS services are needed, while workload spokes isolate application environments. Private Endpoints can keep data platform access on private addresses, but they introduce DNS design requirements that must be planned rather than discovered during deployment. Public access should be disabled where the scenario requires private-only connectivity, but that decision must be matched with operational access paths for monitoring and support.

Storage and data decisions depend on the application’s tolerance for downtime and data loss. If the business requires continuity through a regional outage, the design may need geo-redundant storage, database replication or failover capabilities, and an application routing layer that can direct users to a healthy region. The rejected alternative might be a single-region deployment with local backups only; it may be cheaper, but it fails the regional resilience requirement. If the recovery target is less demanding, however, full active-active architecture may be unnecessary.

Observability and governance complete the design. Diagnostic settings, alerts, dashboards, and log retention should be planned so the operations team can detect failure and prove recovery. Azure Policy can enforce required tags, allowed regions, diagnostic settings, and private connectivity rules. Budgets and cost alerts help stop a technically correct architecture from becoming financially opaque. In AZ-305 terms, the strongest answer is usually the one that satisfies the stated requirement with the least unnecessary complexity.

How to practise without relying on exam folklore

Practice tests can be useful as a diagnostic tool, especially early in preparation, but repeating question banks is a weak substitute for learning the architecture. AZ-305 questions often include exhibits, case studies, drag-and-drop design tasks, and answer sets where several options look plausible. The candidate’s job is to identify the requirement that decides between them.

Unsafe test-taking folklore should be avoided. Choosing the longest answer, assuming every premium service is correct, or treating the real exam as a practice run can create expensive and misleading habits. A safer approach is to eliminate answers that violate a stated constraint, then compare the remaining options against security, reliability, cost, operations, and performance. If two answers are technically possible, the better answer is usually the one that fits the scenario with fewer unsupported assumptions.

Forums and study groups can help when used carefully. Microsoft Community discussions and technical forums can clarify confusing behaviour, but candidates should verify advice against Microsoft Learn, the exam skills outline, the Azure Architecture Center, and product documentation. Unofficial dumps should be avoided because they can be inaccurate, unethical, and disconnected from the design skills the certification is meant to validate.

Exam-day tactics that match the way AZ-305 is written

On exam day, the first task is to read the instructions on screen carefully. Microsoft exams may include case studies, exhibits, review screens, and question types that behave differently from simple multiple choice. Some sections may not allow the same review behaviour as others, so candidates should pay attention before moving forward rather than assuming every question can be revisited in the same way.

Time management should be deliberate. Case studies and exhibit-heavy questions often take longer because the relevant detail is hidden among business requirements, technical constraints, and existing architecture. A practical method is to identify the decision driver first: compliance, identity, resilience, migration effort, cost, latency, or operational simplicity. Once the driver is clear, the answer set becomes easier to narrow.

The on-screen whiteboard can be useful for brief notes, especially for case studies with multiple requirements. It should be used to capture constraints, not to redraw the whole architecture. During review, candidates should change answers only when they find a specific missed requirement or misread constraint. Changing an answer because another option “sounds more Azure” is rarely a reliable strategy.

Frequently asked questions about AZ-305

Is AZ-305 enough to earn Azure Solutions Architect Expert?

No. The Azure Solutions Architect Expert certification path requires both AZ-104: Microsoft Azure Administrator and AZ-305: Designing Microsoft Azure Infrastructure Solutions. Candidates often prepare for AZ-305 after building the administration knowledge expected in AZ-104 because the architect exam assumes a working understanding of Azure operations.

How long should AZ-305 preparation take?

A practical preparation window for many working professionals is 6–8 weeks, especially when study time is split between official learning material, architecture reading, labs, and scenario practice. Candidates with recent Azure architecture experience may move faster, while those coming from administration or on-premises infrastructure may need more time on cloud design patterns.

What should be built in hands-on labs?

Useful labs include a hub-spoke network, private access to platform services with Private Endpoints, managed identity access to Key Vault, Azure Policy assignments, diagnostic settings, backup configuration, and a basic recovery scenario using Azure Backup or Azure Site Recovery where appropriate. The value comes from explaining why each control exists and what trade-off it introduces.

Are practice exams enough to pass AZ-305?

Practice exams are useful for checking readiness, but they are not enough on their own. The exam tests judgement across scenarios, so candidates need to practise reading requirements, rejecting unsuitable designs, and defending choices against the Well-Architected pillars.

Building the judgement AZ-305 expects

Passing AZ-305 is less about memorising every Azure feature and more about learning how Azure architecture decisions behave under constraints. The strongest preparation combines the official skills outline, Microsoft Learn, the Azure Architecture Center, the Well-Architected Framework, and hands-on labs that make design trade-offs visible.

The key takeaway is to study like an architect before sitting an architect exam. Build small designs, break them, record why one option was chosen over another, and keep returning to identity, governance, resilience, observability, and cost. Readynez can support that path through structured AZ-305 training, but the durable skill is the ability to justify a design when several Azure services could work.

Two people monitoring systems for security breaches

Unlimited Security Training

Get Unlimited access to ALL the LIVE Instructor-led Security courses you want - all for the price of less than one course. 

  • 60+ LIVE Instructor-led courses
  • Money-back Guarantee
  • Access to 50+ seasoned instructors
  • Trained 50,000+ IT Pro's

Basket

{{item.CourseTitle}}

Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}