πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AZ-305 Domain 4
Domain 4 β€” Module 7 of 12 58%
25 of 30 overall

AZ-305 Study Guide

Domain 1: Design Identity, Governance, and Monitoring Solutions

  • Monitoring & Logging Design
  • Choosing Authentication Methods
  • Designing Identity Management
  • Authorizing Access to Resources
  • Secrets, Keys & Certificates
  • Governance at Scale
  • Compliance & Identity Governance

Domain 2: Design Data Storage Solutions

  • Relational Data: Choosing Your SQL Platform
  • Database Performance & Scalability
  • Database Security & Compliance
  • Cosmos DB & Semi-Structured Data
  • Blob, Data Lake & Azure Files
  • Data Integration & Analytics

Domain 3: Design Business Continuity Solutions

  • Recovery Objectives: RPO, RTO & SLA Free
  • Backup & Recovery for Compute Free
  • Backup for Databases & Unstructured Data Free
  • High Availability for Compute Free
  • High Availability for Data Free

Domain 4: Design Infrastructure Solutions

  • Compute Design: VMs & When to Use Them
  • Container Solutions: AKS, ACI & Container Apps
  • Serverless & Batch Processing
  • Messaging Architecture
  • Event-Driven Architecture
  • API Integration & Caching
  • App Configuration & Automated Deployment
  • Migration Strategy & Assessment
  • Executing Migrations
  • Network Connectivity: Internet & Hybrid
  • Network Security & Performance
  • Load Balancing & Routing

AZ-305 Study Guide

Domain 1: Design Identity, Governance, and Monitoring Solutions

  • Monitoring & Logging Design
  • Choosing Authentication Methods
  • Designing Identity Management
  • Authorizing Access to Resources
  • Secrets, Keys & Certificates
  • Governance at Scale
  • Compliance & Identity Governance

Domain 2: Design Data Storage Solutions

  • Relational Data: Choosing Your SQL Platform
  • Database Performance & Scalability
  • Database Security & Compliance
  • Cosmos DB & Semi-Structured Data
  • Blob, Data Lake & Azure Files
  • Data Integration & Analytics

Domain 3: Design Business Continuity Solutions

  • Recovery Objectives: RPO, RTO & SLA Free
  • Backup & Recovery for Compute Free
  • Backup for Databases & Unstructured Data Free
  • High Availability for Compute Free
  • High Availability for Data Free

Domain 4: Design Infrastructure Solutions

  • Compute Design: VMs & When to Use Them
  • Container Solutions: AKS, ACI & Container Apps
  • Serverless & Batch Processing
  • Messaging Architecture
  • Event-Driven Architecture
  • API Integration & Caching
  • App Configuration & Automated Deployment
  • Migration Strategy & Assessment
  • Executing Migrations
  • Network Connectivity: Internet & Hybrid
  • Network Security & Performance
  • Load Balancing & Routing
Domain 4: Design Infrastructure Solutions Premium ⏱ ~15 min read

App Configuration & Automated Deployment

Azure App Configuration, feature flags, and IaC with ARM/Bicep β€” design configuration management and deployment pipelines that enable safe, repeatable releases.

Configuration and deployment design

β˜• Simple explanation

Configuration is the knobs and dials of your application. Connection strings, feature toggles, environment-specific settings. Azure App Configuration centralises these so you don’t scatter settings across app code, environment variables, and Key Vault.

Deployment automation means your infrastructure and applications are deployed by code (IaC), not by clicking buttons. ARM templates, Bicep, Terraform, and CI/CD pipelines make deployments repeatable, auditable, and safe.

Configuration management and deployment architecture:

  • Azure App Configuration: Centralised configuration store with feature flags, labels (per-environment), and Key Vault references
  • Infrastructure as Code (IaC): ARM templates, Bicep, Terraform β€” declarative infrastructure definition
  • CI/CD: GitHub Actions, Azure DevOps Pipelines β€” automated build, test, deploy
  • Deployment patterns: Blue-green, canary, ring-based β€” safe rollout strategies

Azure App Configuration

FeatureDescription
Key-value storeCentralised settings for all apps and environments
LabelsSame key, different values per environment (dev/staging/prod)
Feature flagsToggle features on/off without redeployment
Key Vault referencesReference secrets in Key Vault β€” App Config stores the reference, not the secret
Sentinel keyWatch a single key for changes β€” triggers config refresh in connected apps
SnapshotsPoint-in-time snapshots of configuration for rollback

πŸš€ Marcus’s config design: NovaSaaS uses App Configuration as the single source of truth:

  • Labels: dev, staging, prod β€” same keys, environment-specific values
  • Feature flags: New features rolled out to 10% of tenants, then 50%, then 100%
  • Key Vault references: Connection strings stored in Key Vault, referenced from App Config
  • Sentinel key: AppConfig:Version β€” when changed, all apps refresh their configuration

Infrastructure as Code

IaC Tools Comparison
FactorARM TemplatesBicepTerraform
LanguageJSON (verbose)DSL (clean, readable)HCL (HashiCorp)
Azure-nativeYes β€” first-partyYes β€” compiles to ARMNo β€” multi-cloud
State managementAzure handles (deployment history)Azure handles (compiles to ARM)State file (local/remote)
Multi-cloudNo β€” Azure onlyNo β€” Azure onlyYes β€” AWS, GCP, Azure
Modules/reuseLinked templates (complex)Modules (simple)Modules (mature ecosystem)
What-if/planYes (what-if)Yes (what-if)Yes (plan)
Best forLegacy templates, complex nested deploymentsNew Azure deployments, ARM migrationMulti-cloud, existing Terraform investment
πŸ’‘ Exam tip: Bicep is the recommended Azure IaC tool

Microsoft recommends Bicep for new Azure IaC projects. It compiles to ARM JSON, so there’s no risk β€” it’s syntactic sugar over ARM templates. If the exam asks about β€œAzure-native IaC” or β€œinfrastructure as code for Azure,” Bicep is the expected answer unless the scenario mentions multi-cloud (then Terraform).

Deployment patterns

PatternHow It WorksRiskBest For
Blue-GreenDeploy to inactive slot, swap when validatedLow β€” instant rollback by swapping backWeb apps with App Service deployment slots
CanaryRoute small % of traffic to new versionLow β€” limited blast radiusAPIs, microservices with traffic splitting
Ring-basedDeploy to ring 0 (team) β†’ ring 1 (early adopters) β†’ ring 2 (all)Lowest β€” progressive exposureLarge-scale services, multi-tenant SaaS
RollingUpdate instances in batchesMedium β€” mixed versions during rolloutVMSS, AKS rolling updates

πŸ›οΈ David’s deployment discipline: CloudPath Advisory requires:

  • All infrastructure defined in Bicep β€” no portal clicking for production
  • GitHub Actions pipelines β€” automated lint β†’ validate β†’ what-if β†’ deploy
  • Blue-green deployments for App Service β€” swap slots after smoke test
  • Ring-based for multi-tenant updates β€” internal users first, then pilot tenants, then all

Knowledge check

Question

What does Azure App Configuration provide that Key Vault doesn't?

Click or press Enter to reveal answer

Answer

App Configuration stores non-secret settings (feature flags, app settings, configuration metadata) with labels per environment, sentinel-based refresh, and feature management. Key Vault is for secrets, keys, certificates, and connection strings (which are secrets). Use both together: App Config for non-secret settings + Key Vault references for any sensitive values.

Click to flip back
Question

What's the recommended IaC tool for Azure-native deployments?

Click or press Enter to reveal answer

Answer

Bicep. It compiles to ARM JSON, uses clean readable syntax, and has native Azure module support. ARM templates are legacy (verbose JSON). Terraform is for multi-cloud scenarios. For Azure-only, Bicep is the standard recommendation.

Click to flip back
Question

What's the advantage of deployment slots over direct deployment?

Click or press Enter to reveal answer

Answer

Slots let you deploy to a staging slot, validate, then swap into production with zero downtime. The swap is instant (just a VIP change). If something is wrong, swap back immediately. Slots also warm up the app before production traffic hits it β€” eliminating cold-start issues during deployments.

Click to flip back
Knowledge Check

πŸš€ Marcus wants to release a new billing feature to 5% of NovaSaaS tenants first, then gradually expand to all tenants. The feature should be toggleable without redeployment. Which approach should he use?
Knowledge Check

πŸ›οΈ David's government client requires all infrastructure changes to be version-controlled, peer-reviewed, and deployed through an automated pipeline with no manual portal changes. Development, staging, and production must use identical configurations. Which approach should David recommend?

🎬 Video coming soon

Next up: Moving to the cloud β€” Migration Strategy & Assessment.

← Previous

API Integration & Caching

Next β†’

Migration Strategy & Assessment

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.