Browse Microsoft Certification Guides

Azure AZ-305 Identity and Governance Guide

Study Azure AZ-305 Identity and Governance: key concepts, common traps, and exam decision cues.

This chapter gives AZ-305 its control-plane logic. Microsoft is testing whether you can separate who can act, what is allowed, where governance applies, and how telemetry flows before you start naming application services.

Current weight in the study guide

Microsoft currently weights this skill area at 25-30% of the exam.

Work this skill area in order

Lesson Focus
1.1 Logging, Monitoring and Log Routing Learn the monitoring stack and how log destinations change the design.
1.2 Authentication, Authorization and Secrets Learn how identity choice, access model, and secret handling drive architecture.
1.3 Governance Scope, Compliance and Identity Governance Learn how management groups, subscriptions, Policy, tags, locks, and privileged access fit together.

Fast routing inside this chapter

If the question is really about… Go first to…
metrics, logs, telemetry, SIEM export, or archive retention 1.1 Logging, Monitoring and Log Routing
workload identity, Azure access, partner access, or secret reduction 1.2 Authentication, Authorization and Secrets
scope hierarchy, compliance guardrails, tags, or privileged review 1.3 Governance Scope, Compliance and Identity Governance

What strong answers usually do

  • separate monitoring architecture from access-control architecture
  • choose managed identity before stored secrets whenever the target service supports it
  • keep RBAC, Policy, tags, and locks in separate mental buckets
  • treat management-group structure as an organization design question, not a resource-group naming exercise

In this section

Revised on Sunday, May 10, 2026
2. Data