AZ-305 Azure Solutions Architect Expert learning pathways (part 4)

April 24, 2025•3888 words•20 min read•

certification

azure

AZ-305 Azure Solutions Architect Expert

The Accelerate cloud adoption with the Microsoft Cloud Adoption Framework (CAF) for Azure learning path covers parts the 8 methodologies that the CAF is comprised of. Each methodology is part of a broad cloud adoption lifecycle:

CAF overview

Strategy
Plan
Ready
Adopt
Govern
Manage
Secure
Organize
Resources

Strategy

The Strategy phase is the foundation of the Cloud Adoption Framework (CAF), ensuring your cloud journey is purpose-driven and aligned with business goals. This phase defines why your organization is adopting the cloud and what you expect to achieve, setting the direction for all subsequent actions.

Strategy

🎯 Key Concepts

Business Alignment: The strategy phase connects cloud adoption to your organization’s core objectives, such as cost savings, agility, innovation, or entering new markets. This ensures every cloud initiative supports measurable business outcomes.
Motivations and Objectives: Identify the drivers for cloud adoption (e.g., scalability, modernization, compliance) and translate them into clear, quantifiable goals. This step lays the groundwork for prioritizing cloud projects and investments.
Stakeholder Engagement: Engage leadership and key stakeholders early to secure buy-in and clarify expectations. This alignment bridges the gap between executive vision and operational execution.
Strategy Team: Assemble a cross-functional team responsible for defining and executing the cloud strategy. This team helps maintain alignment between business and technical priorities.
Organizational Readiness: Assess your organization’s preparedness for cloud adoption, including culture, skills, and existing processes. Consider shifts in operating models or moving from project-based to product-based approaches.
Strategic Considerations: Factor in areas like financial efficiency, AI integration, resiliency, security, and sustainability to inform a holistic strategy.

Strategy Phase Steps

Step	Description
Assess your strategy	Evaluate readiness and current state.
Define motivations	Identify and classify reasons for cloud adoption.
Define mission and objectives	Set a clear mission and measurable goals for cloud adoption.
Define your strategy team	Identify key individuals and teams for strategy development and execution.
Prepare your organization	Secure leadership buy-in, align strategies, assess operating model readiness, and partnerships.
Inform your strategy	Address critical areas: cost, AI, resiliency, security, and sustainability.

Use a checklist to ensure all steps are addressed, adapting tasks for startups or enterprises as needed.

Why the Strategy Phase Matters

Purposeful Adoption: Ensures cloud investments directly support business priorities, avoiding wasted effort and resources.
Measurable Outcomes: Sets clear success criteria, enabling you to track progress and demonstrate value.
Risk Reduction: Early alignment and assessment help anticipate challenges and mitigate risks before major investments are made.

💡 Tip: Revisit and refine your strategy as business needs evolve to keep your cloud journey aligned and effective.

For details, refer to the Azure Strategy Phase documentation.

Plan

The Plan phase of the Cloud Adoption Framework (CAF) translates your cloud strategy into a practical, actionable roadmap. It ensures your cloud adoption aligns with business goals, addresses risks, and prepares your organization for a successful migration.

🗺️ Key Concepts

Cloud Adoption PlanDefinition: A detailed document that outlines the steps, resources, timelines, and responsibilities for moving workloads to the cloud. Intuitive Description: Think of it as your “travel itinerary” for cloud migration—mapping out what to move, when, how, and who’s involved.
Assessment and Gap Analysis Evaluate your current IT landscape, identify gaps between your current state and cloud goals, and prioritize workloads for migration or modernization.
Resource Planning Determine which Azure services, deployment models, and tools are needed to support your workloads and business objectives.
Governance and Compliance Establish governance frameworks early to ensure accountability, security, and compliance throughout your cloud journey.
Risk Mitigation Identify potential risks and define mitigation strategies to minimize disruptions and ensure a smooth transition.

Plan Phase Steps

Assess Current State: Use assessments and readiness tools to understand your starting point and business motivations.
Rationalize Workloads: Apply the “5 Rs” (Rehost, Refactor, Rearchitect, Rebuild, Replace) to determine the best migration approach for each application or workload.
Build the Cloud Adoption Plan:
- Prioritize workloads and define migration waves.
- Set timelines, assign responsibilities, and allocate resources.
- Align technical tasks with business outcomes.
Establish Governance: Define policies for security, compliance, and cost management to guide cloud operations from the start.
Use Tools and Templates: Leverage Azure’s planning resources, templates, and assessments to standardize and accelerate the planning process.

Why the Plan Phase Matters

Alignment: Ensures cloud adoption efforts directly support business goals and priorities.
Risk Reduction: Proactively addresses challenges, reducing the chance of project delays or failures.
Efficiency: Streamlines the migration process, saving time and resources.
Accountability: Clearly defines roles, responsibilities, and success metrics for all stakeholders.

💡 Tip: Treat your plan as a living document—review and update it regularly as your cloud journey evolves and business needs change.

For details, refer to the Azure Plan Phase documentation.

Ready

The Ready phase prepares your organisation for cloud adoption by establishing foundational structures like landing zones and defining your operating model.

🛠️ Landing Zones

Definition: Landing zones are pre-configured environments that provide a secure, scalable, and compliant foundation for deploying cloud workloads.

Intuitive Description: Think of landing zones as a "cloud blueprint" – like building the plumbing and electrical systems in a house before moving in furniture. They ensure resources adhere to governance, security, and networking standards from day one.

Importance:

Scalability: Streamline deployment of new workloads.
Security: Enforce guardrails for compliance (e.g., data residency, encryption).
Governance: Centralize cost management and policy enforcement.

🔄 Operating Model

Definition: An operating model defines how your organisation manages cloud operations, including roles, processes, and tools.

Intuitive Description: It’s the "playbook" for your cloud journey – clarifying who does what, how decisions are made, and how teams collaborate (e.g., DevOps vs. centralized IT).

Importance:

Alignment: Ensures cloud workflows match business priorities.
Efficiency: Reduces silos by standardizing processes.
Adaptability: Supports iterative improvements as needs evolve.

Azure Common Operating Models Comparison:

Characteristic	Centralized Operations	Enterprise Operations	Distributed Operations	Decentralized Operations
Strategic Priority	Control, cost optimization	Stability, compliance, and governance	Agility with oversight	Innovation and autonomy
Organization	Central IT	Cloud center of excellence (CCoE)	Business units with some shared services	Fully autonomous teams
Portfolio Scope	Small to medium workloads	Broad enterprise portfolio	Business unit–aligned portfolios	Team- or product-specific portfolios
Accountability	Central cloud team	CCoE	Business units	Individual teams
Standardization	High	Very high	Moderate	Low
Operation Priority	Control and repeatability	Compliance, stability, and risk mitigation	Business responsiveness	Speed and team agility
Platform Dev Velocity	Moderate	Moderate to slow	Fast per team	Very fast
Workload Environment	Shared environment	Shared environment	Isolated or shared	Isolated
Landing Zone	Common landing zone	Common landing zone	Dedicated or shared landing zones	Team-owned landing zones
Foundation Utilities	Centralized	Centralized	Centralized or shared	Decentralized or team-managed
Cloud Foundation	Centrally managed and operated	Centrally managed and operated	Coordinated across teams	Team-built and team-operated
Starting Point	Central IT	Enterprise architecture	Business units or dev teams	DevOps teams
Iterations	Central team iterations	Shared or cross-org iterations	Independent BU/team iterations	Continuous, team-level iterations
Business Alignment	IT-driven	Business-aligned through governance	Direct business engagement	Full business ownership
Cloud Operations	Centralized	IT-led with some BU coordination	BU-level operations	DevOps-managed ops
Cloud Governance	Centralized	Enterprise-wide via policy	BU-defined within standards	Team-defined, minimal oversight
Cloud Security	Central security team	Enterprise-wide security governance	BU/app teams aligned with security standards	Team-level security practices
Cloud Automation	Central automation	Enterprise or platform team–led	Embedded automation teams	Fully DevOps-driven automation
DevOps	Central DevOps or platform team	Platform DevOps teams	Team-aligned DevOps	Embedded full DevOps ownership

Azure Operating Models – Quick Reference Overview:

Operating Model	Best For
Centralized	Organizations starting cloud adoption with a need for tight control
Enterprise	Mature organizations requiring standardization, compliance, and scale
Distributed	Organizations balancing innovation and governance across BUs
Decentralized	DevOps-driven teams prioritizing speed, autonomy, and innovation

Key Components of the Ready Phase

Landing Zone Design:
- Network topology, identity management, and resource organization.
- Use Azure’s reference architectures for best practices.
Operating Model Alignment:
- Define roles (e.g., Cloud Center of Excellence).
- Establish governance workflows (cost monitoring, policy audits).

💡 Best Practice: Start with a minimum viable landing zone and evolve it iteratively to avoid over-engineering.

For details, refer to the Azure Ready Phase documentation.

Adopt

The Adopt phase focuses on executing cloud initiatives through three paths: migrate, modernize, and innovate. Each path aligns with distinct business goals and technical outcomes: Adopt

🚚 Migrate

Move workloads to the cloud or between clouds.

Goals:

Exit on-premises environments.
Align with Azure Well-Architected Framework principles.

Key Strategy:

Rehosting (Lift-and-Shift): Migrate applications without code changes.

Benefits:

Improved security, reliability, and operations via managed solutions.
No need to manage hardware.

Use Case:

Enterprise-scale workload migration with minimal business logic changes.

🔄 Modernize

Enhance existing workloads for efficiency and scalability.

Goals:

Reduce technical debt.
Modernize applications and data platforms.

Key Strategy:

Replatforming: Shift toward PaaS (e.g., Azure App Service, Azure SQL Database).

Benefits:

Lower total cost of ownership.
Focus on core business instead of infrastructure.

Use Case:

Optimizing legacy apps for cloud-native scalability.

🚀 Innovate

Build cloud-native solutions to transform business outcomes.

Goals:

Create AI-powered applications.
Unlock predictive analytics and automation.

Key Strategies:

Rearchitect: Optimize for cloud scalability (e.g., microservices).
Rebuild: Use cloud-native tech (e.g., serverless, containers).
Replace: Adopt SaaS or low-code solutions.

Benefits:

Faster time-to-market for new capabilities.
Enhanced customer engagement through AI/ML.

Use Case:

Developing predictive tools or automating business processes.

Next Steps

Choose the path that aligns with your goals:

Migrate: For quick cloud onboarding.
Modernize: To optimize existing workloads.
Innovate: For disruptive, cloud-native solutions.

For details, refer to the Azure Adopt Phase documentation.

Govern

The Govern phase establishes policies, controls, and processes to ensure secure, compliant, and cost-effective cloud usage.

🛡️ Cloud Governance

Definition: Cloud governance is the framework of policies, procedures, and tools that regulate and control cloud usage across your organisation.

Intuitive Description: Think of governance as setting the "rules of the road" for your cloud journey—ensuring everyone follows the same standards for security, compliance, and cost management.

Why Governance Matters

Mitigates Risks: Prevents unauthorized or unmanaged cloud use.
Ensures Compliance: Aligns cloud activities with regulations and internal policies.
Supports Business Goals: Keeps cloud use aligned with strategic objectives.

Governance Process Steps

Build a Governance Team: Assign responsibility for defining and maintaining governance policies.
Assess Cloud Risks: Identify and prioritize risks (security, compliance, cost, etc.).
Document Policies: Clearly define acceptable and unacceptable cloud activities.
Enforce Policies: Use automation and tools (e.g., Azure Policy, Blueprints) to ensure compliance.
Monitor Governance: Continuously track compliance and adjust policies as needed.

For details, refer to the Azure Govern Phase documentation.

Manage

The Manage phase focuses on the ongoing operation, monitoring, and optimization of your cloud environment to maintain performance, reliability, and security.

🔧 Cloud Management

Definition: Cloud management is the set of practices and tools used to maintain, monitor, and protect your cloud resources and operations.

Intuitive Description: Cloud management is like maintaining a car after purchase—regular check-ups, monitoring, and quick responses to issues keep everything running smoothly.

Why Management Matters

Ensures Business Continuity: Minimizes downtime and disruption.
Controls Costs: Optimizes resource usage and spending.
Strengthens Security: Proactively manages risks and incidents.

RAMP Process for Management

Ready: Prepare your environment and teams for cloud operations.
Administer: Manage changes, security, compliance, data, and costs.
Monitor: Track service health, security, compliance, and costs using monitoring tools and alerts.
Protect: Safeguard reliability, business continuity, and security through proactive measures.

Use checklists and Azure’s management tools to ensure all critical tasks are covered and your cloud estate remains healthy and secure.

For details, refer to the Azure Manage Phase documentation.

Secure

The Secure phase of the Azure Cloud Adoption Framework ensures your cloud environment is protected through a comprehensive, proactive, and collaborative approach. Security is integrated into every stage of cloud adoption, not treated as an afterthought.

🛡️ Key Principles

Zero Trust: Assume breach, enforce least privilege, and require explicit verification for all access. Trust is never implicit—every request, user, and device must be verified.
Holistic Security: Security spans people, processes, and technology. Every component—users, applications, infrastructure—can be a potential attack vector. Security is a shared responsibility across business, IT, and security teams.
Continuous Improvement: Security posture must be regularly reviewed and updated to address evolving threats and maintain compliance.

🏗️ Core Security Areas

Identity & Access Management: Use Azure Active Directory, enable Multi-Factor Authentication (MFA), and apply Role-Based Access Control (RBAC) to ensure only authorized users have access.
Data Protection: Encrypt data both at rest and in transit. Regularly audit encryption settings and rotate keys to protect sensitive information.
Network Security: Implement Network Security Groups (NSGs), Application Security Groups (ASGs), Azure Firewall, and Web Application Firewall (WAF) to control and monitor traffic.
Security Monitoring & Posture Management: Use tools like Microsoft Defender for Cloud and Azure Policy for continuous monitoring, threat detection, and automated compliance enforcement.
Incident Response: Prepare for security incidents with clear response plans, ensuring rapid detection, investigation, and recovery.

🔄 Security in Practice

Integrate Security Early: Apply security controls when designing landing zones and during workload migration or modernization to avoid gaps later.
Shared Responsibility Model: Understand which security tasks are managed by Microsoft and which are your organisation’s responsibility. Train all teams to recognize and address their part in securing the cloud.

Definitions & Intuitive Descriptions

Zero Trust:Definition: A security model that assumes every access request could be malicious and verifies every user, device, and connection. Intuitive Description: Like locking every door in a building and checking ID every time someone enters, even if they work there.
Security Posture:Definition: The overall strength and effectiveness of your security controls and processes. Intuitive Description: Your cloud’s “immune system”—how well it can detect, prevent, and respond to threats.
Shared Responsibility Model:Definition: A framework outlining which security tasks are handled by the cloud provider and which by the customer. Intuitive Description: Like renting an apartment—your landlord secures the building, but you lock your own doors and windows.

Why the Secure Phase Matters

Prevents breaches and data loss by embedding security from the start.
Ensures compliance with regulations and industry standards.
Builds resilience against evolving cyber threats.

💡 Best Practice: Make security a continuous, organisation-wide effort—integrate it into every phase of your cloud journey and empower all teams to contribute.

For details, refer to the Azure Secure Phase documentation.

Organize

The Organize phase focuses on aligning your people, teams, and roles to ensure effective cloud adoption and ongoing operations. Proper organization is essential for turning strategy into action and sustaining cloud success.

🏢 Key Concepts

Organizational Structure: Defines how cloud-related responsibilities are distributed. This structure doesn’t have to match your formal org chart—it can include virtual teams or a mix of both traditional and agile models.
Cloud Functions: Identify the essential cloud capabilities your organization needs, such as architecture, operations, security, and governance.
Team Maturity: Establish teams with the right skills and maturity to deliver cloud functions effectively.
RACI Matrix: Use a RACI (Responsible, Accountable, Consulted, Informed) matrix to clarify who does what for each cloud function, ensuring clear accountability and communication.

Types of Organizational Structures

Structure Type	Definition & Intuitive Description
Org Chart Alignment	Traditional management hierarchies. Roles and responsibilities are mapped to existing reporting lines.
Virtual Teams	Cross-functional teams formed specifically for cloud adoption, without changing the org chart.
Mixed Model	Combines elements of both—using existing structures for some functions and virtual teams for others.

Intuitive Description: Imagine organizing a sports team: sometimes you use your existing roster (org chart), sometimes you form special squads for tournaments (virtual teams), and often you blend both.

Why the Organize Phase Matters

Alignment: Ensures everyone understands their role in cloud adoption.
Agility: Enables rapid response to changing business needs by forming flexible teams.
Clarity: Reduces confusion and overlap by clearly defining responsibilities.

Steps in the Organize Phase

Define Structure Type: Choose the organizational structure that best fits your operating model and cloud goals.
Map Cloud Functions: Identify the cloud capabilities needed and which teams will deliver them.
Establish Teams: Build or mature teams to provide the required cloud functions.
Apply the RACI Matrix: Assign responsibilities for each function to ensure accountability and effective collaboration.

💡 Best Practice: Organizational alignment is an ongoing process—regularly review team structures and responsibilities as your cloud journey evolves.

For details, refer to the Azure Organize Phase documentation.

Resources

The Resources phase in the Cloud Adoption Framework (CAF) is about structuring, organizing, and managing your Azure resources to ensure scalability, security, and efficient operations as your cloud environment grows.

🗂️ Key Concepts

Resource Organization: Organizing cloud resources is foundational for effective management, security, and scaling. Azure provides a hierarchy: management groups, subscriptions, resource groups, and resources.
Management Groups:Definition: Top-level containers that allow you to apply governance (policies, access controls) across multiple Azure subscriptions. Intuitive Description: Like folders for your cloud accounts, making it easier to manage rules for many teams or departments at once.
Subscriptions:Definition: Logical containers for resource groups and resources, often used to separate environments (e.g., production, development) or manage costs and quotas. Intuitive Description: Think of subscriptions as separate projects or business units, each with its own budget and boundaries.
Resource Groups:Definition: Logical containers for related Azure resources that share a lifecycle, such as all components of a single application. Intuitive Description: Like putting all parts of an app (web, database, storage) in one basket so you can manage them together.
Resources:Definition: Individual services or components (VMs, databases, storage accounts) deployed in Azure. Intuitive Description: The actual building blocks—servers, databases, etc.—that run your workloads.

🏗️ Best Practices for Resource Organization

Plan for Growth: Design your resource hierarchy to accommodate future scaling, new applications, and changing business needs.
Apply Policies at the Right Level: Assign governance and security settings at higher levels (management group, subscription) for broad enforcement, and use lower levels (resource group) for specific requirements.
Use Naming Conventions and Tagging: Consistent naming and tags make it easier to find, manage, and report on resources across your environment.
Leverage Tools and Templates: Use Azure-provided tools (like the Azure naming tool, Terraform modules, and DevOps templates) to automate and standardize resource deployment and management.

Why the Resources Phase Matters

Scalability: A well-designed resource organization supports rapid growth and onboarding of new workloads without chaos.
Security & Compliance: Centralized control at higher levels ensures consistent application of security and compliance policies.
Operational Efficiency: Logical grouping and clear structure simplify management, monitoring, and cost tracking.

💡 Tip: Start with a simple structure and evolve it as your cloud adoption matures. Regularly review your resource organization to ensure it continues to meet your business and technical needs.

For details, refer to the Azure Resources Phase documentation.

* all images taken and used without modifications from Accelerate cloud adoption with the Microsoft Cloud Adoption Framework (CAF) for Azure