beginnerAZ-9002-3 weeks prep8 min read
AZ-900: Azure Fundamentals — Study Guide
Complete study guide for the AZ-900 Azure Fundamentals exam. Covers cloud concepts, Azure architecture, core services, security, compliance, and pricing — no prior cloud experience required.
azureaz-900cloud-fundamentalsbeginnermicrosoft
Domains
7
Key concepts
10
Study time
2-3 weeks
Exam Overview
| Detail | Info |
|---|---|
| Exam code | AZ-900 |
| Duration | 60 minutes |
| Questions | 40–60 (multiple choice, drag-and-drop, scenario) |
| Passing score | 700 / 1000 |
| Cost | ~$165 USD |
| Validity | Does not expire |
| Audience | Non-technical stakeholders, beginners, anyone starting Azure |
Domain Weightings
| Domain | Weight |
|---|---|
| Cloud Concepts | 25–30% |
| Azure Architecture and Services | 35–40% |
| Azure Management and Governance | 30–35% |
Domain 1: Cloud Concepts (25–30%)
Cloud service models
| Model | Provider manages | You manage | Example |
|---|---|---|---|
| IaaS | Hardware, networking, virtualisation | OS, runtime, app, data | Azure VMs |
| PaaS | + OS, runtime | App, data | Azure App Service |
| SaaS | Everything | Nothing (just use it) | Microsoft 365 |
Cloud deployment models
- Public cloud — shared infrastructure (Azure, AWS, GCP). Pay as you go, elastic.
- Private cloud — dedicated infrastructure (on-premises data centre). Full control, high cost.
- Hybrid cloud — mix of public and private. Use Azure Arc or VPN/ExpressRoute to connect.
Benefits of cloud
- High availability — SLAs guarantee uptime; deploy across availability zones.
- Scalability — vertical (bigger VM) + horizontal (more VMs).
- Elasticity — automatically scale in/out based on demand.
- Reliability — geo-redundant services.
- Predictability — consistent performance and pricing.
- Security — shared responsibility model; cloud providers handle physical security.
- Governance — Azure Policy, RBAC, Management Groups for compliance.
- Manageability — portal, CLI, APIs, ARM templates.
Consumption-based model
- Capital Expenditure (CapEx) — upfront investment in physical hardware.
- Operational Expenditure (OpEx) — pay for what you use. Cloud is OpEx.
Exam tip
AZ-900 loves asking: "What is a benefit of the consumption-based model?" Answer: you pay only for what you use — no upfront costs.
Domain 2: Azure Architecture and Services (35–40%)
Global infrastructure
- Region — geographical area with one or more datacentres (e.g., East US, UK South). Over 60 regions globally.
- Region pair — each region is paired with another in the same geography for disaster recovery (East US ↔ West US).
- Availability Zone — physically separate datacentres within a region (power, cooling, network). Protect against single datacentre failure.
- Azure Geography — a market (e.g., United States, Europe) preserving data residency.
Resource organisation
Azure Account
└── Management Groups (optional — org-wide governance)
└── Subscriptions (billing + access boundary)
└── Resource Groups (logical container)
└── Resources (VMs, storage, etc.)
Core compute services
| Service | Use case |
|---|---|
| Azure Virtual Machines | IaaS — full OS control |
| Azure App Service | PaaS — web apps, APIs, mobile backends |
| Azure Container Instances (ACI) | Run containers without managing VMs |
| Azure Kubernetes Service (AKS) | Managed Kubernetes cluster |
| Azure Functions | Serverless — event-driven code execution |
| Azure Virtual Desktop | Cloud-hosted Windows desktops |
Core storage services
| Service | Use case |
|---|---|
| Blob Storage | Unstructured data (images, videos, backups) |
| Azure Files | Managed file shares (SMB/NFS) |
| Azure Disks | Block storage for VMs |
| Azure Queue Storage | Message queue for decoupled apps |
| Azure Table Storage | NoSQL key-value store |
Storage account redundancy
| Option | Copies | Protects against |
|---|---|---|
| LRS | 3 in one datacentre | Hardware failure |
| ZRS | 3 across AZs in one region | AZ failure |
| GRS | 3 local + 3 in paired region | Regional disaster |
| GZRS | ZRS + GRS combined | AZ + regional failure |
Core networking services
| Service | Use case |
|---|---|
| Azure Virtual Network (VNet) | Isolated network for Azure resources |
| Azure VPN Gateway | Site-to-site VPN to on-premises |
| Azure ExpressRoute | Dedicated private line to Azure |
| Azure DNS | Host DNS zones in Azure |
| Azure CDN | Content delivery network |
| Azure Load Balancer | Layer 4 (TCP/UDP) load balancing |
| Azure Application Gateway | Layer 7 (HTTP) load balancing + WAF |
Core database services
| Service | Type |
|---|---|
| Azure SQL Database | Fully managed SQL Server PaaS |
| Azure Cosmos DB | Globally distributed NoSQL |
| Azure Database for MySQL/PostgreSQL | Managed open-source databases |
| Azure Synapse Analytics | Data warehouse + analytics |
AI and ML
- Azure Machine Learning — build, train, deploy ML models.
- Azure Cognitive Services — pre-built AI APIs (vision, speech, language, decision).
- Azure Bot Service — build conversational AI bots.
DevOps and monitoring
- Azure DevOps — Boards, Repos, Pipelines, Test Plans, Artifacts.
- GitHub Actions — CI/CD integrated with GitHub.
- Azure Monitor — metrics, logs, alerts for all Azure resources.
- Azure Advisor — personalised best practice recommendations (cost, security, reliability).
Domain 3: Azure Management and Governance (30–35%)
Cost management
- TCO Calculator — estimate cost savings of moving from on-premises to Azure.
- Azure Pricing Calculator — estimate cost of specific Azure services.
- Azure Cost Management — analyse and optimise actual Azure spend.
- Azure Advisor — identifies idle resources and savings opportunities.
Factors affecting cost: resource type, region, tier/SKU, bandwidth (egress charged), support plans.
Azure governance tools
| Tool | Purpose |
|---|---|
| Azure Policy | Enforce and audit resource compliance rules |
| Azure RBAC | Control who can do what on which resources |
| Resource Locks | Prevent accidental deletion/modification |
| Azure Blueprints | Package policies, RBAC, templates for repeatable env setup |
| Management Groups | Apply governance across multiple subscriptions |
| Tags | Metadata for organisation and cost allocation |
Azure Security tools
| Tool | Purpose |
|---|---|
| Microsoft Defender for Cloud | Security posture management + threat protection |
| Azure Key Vault | Store secrets, keys, certificates |
| Azure DDoS Protection | Protect against distributed denial-of-service attacks |
| Microsoft Sentinel | Cloud-native SIEM + SOAR |
| Microsoft Entra ID (Azure AD) | Identity and access management |
Shared responsibility model
| Layer | Microsoft | Customer |
|---|---|---|
| Physical datacentre | ✅ | |
| Host hardware | ✅ | |
| Network | ✅ | ✅ (VNet, NSG) |
| Virtualisation | ✅ | |
| OS | ✅ (PaaS/SaaS) | ✅ (IaaS) |
| Application | ✅ | |
| Data | ✅ | |
| Identity | ✅ |
SLAs and the Composite SLA
An SLA (Service Level Agreement) defines the uptime guarantee for each Azure service.
Composite SLA — when your app depends on multiple services, multiply their SLAs:
- App Service (99.95%) × SQL Database (99.99%) = 99.94% composite SLA
To increase availability: deploy across Availability Zones or use redundant components.
Study Plan (2–3 Weeks)
Week 1: Cloud Concepts + Architecture
- Microsoft Learn: AZ-900 learning path (free, official)
- Focus: IaaS/PaaS/SaaS, cloud benefits, global infrastructure
- Practice: identify which service model a given scenario uses
Week 2: Azure Services
- Work through each service category (Compute, Storage, Networking, Database)
- Use the Azure Free Account to explore services hands-on
- Flash cards for service names → use cases
Week 3: Governance + Practice Tests
- Azure Policy, RBAC, Cost Management, SLAs
- Take 3+ full practice exams (MeasureUp, Whizlabs, Microsoft practice assessment)
- Review every wrong answer — understand why
Key Resources
| Resource | Link / Notes |
|---|---|
| Microsoft Learn | Official free learning path for AZ-900 |
| Microsoft Practice Assessment | Free official practice questions at learn.microsoft.com |
| John Savill's AZ-900 Course | Free YouTube — highly recommended for visual learners |
| Whizlabs / MeasureUp | Paid practice exams (worth it for the final week) |
Common Exam Traps
- IaaS vs PaaS — Azure VMs = IaaS; App Service = PaaS. Know this cold.
- Availability Zones vs Region Pairs — AZs protect against datacentre failure; region pairs protect against regional disaster.
- CapEx vs OpEx — cloud = OpEx (operational); on-premises hardware = CapEx (capital).
- "Which supports hybrid cloud?" — Azure Arc (manage on-prem resources in Azure), VPN Gateway, ExpressRoute.
- NSG vs Azure Firewall — NSG is a basic IP/port filter; Azure Firewall is a full stateful Layer 7 firewall.
- SLA for Free tier services — Microsoft does not provide SLAs for free tier/Dev tier services.