AZ-900 Microsoft Azure

Fundamentals Training Guide

This is my AZ-900 training guide. I have decided to reference the skills
measured section for the updated Azure Fundamentals Exam (28/05/2020) to
Microsoft Docs. In this AZ-900 Training Guide post, Some bits I have
explained in my own writing, some I have shamelessly copy and pasted. But
hopefully having a breakdown of components and quick access to reference
material hopes someone as much as it helped me during training. So bear
with me and here you go.. 
I would also recommend looking into the Microsoft learning paths for
this exam:
Explore Microsoft Azure cloud concepts (AZ-900)
Distinguish Microsoft Azure Core Services (AZ-900)
Examine Microsoft Azure security, privacy, compliance, and trust (AZ-900)
Review Microsoft Azure pricing, service level agreements, and lifecycles (AZ-
900)
See more of our Azure posts here: https://ourcloudnetwork.com/tag/azure/
Describe cloud concepts
Describe the benefits and considerations of using cloud services
Identify the benefits of cloud computing, such as high availability,
scalability, elasticity, agility, and disaster recovery.
 High Availability: this includes Redundancy, monitoring and failover.
Ensuring critical system have a redundant component such as a second
server that is monitored and will failover over in the event of an issue.
(https://docs.microsoft.com/en-
gb/azure/architecture/framework/resiliency/overview)
 Scalability: ability to increase or decrease the resources and services
used based on the demand and workload. Scaling up is the process of
adding resources to an existing server such as more RAM and CPU.
Scaling out is the process of adding more servers that function together.
(https://docs.microsoft.com/en-us/azure/architecture/best-practices/auto-
scaling)
 Elasticity: ability to automatically compensate by demand by allocating
more resources and deallocating resources when demand drops.
(https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/)
 Agility: Azure is rapidly developing to drive business growth.
(https://docs.microsoft.com/en-us/azure/cloud-adoption-
framework/strategy/business-outcomes/agility-outcomes)
Identify the principles of economies of scale
This is the ability to do things more efficiently when operating at a larger scale.
So, by increasing your production you can offer a cheaper cost for a service.
Azure can offer these benefits to you. (https://docs.microsoft.com/en-
us/learn/modules/principles-cloud-computing/3b-economies-of-scale)
 Identify the differences between Capital Expenditure (CapEx) and
Operational Expenditure (OpEx) (https://docs.microsoft.com/en-
us/learn/modules/principles-cloud-computing/3c-capex-vs-opex)
 CapEx: Capital expenditure is the spending of money of physical
infrastructure or equipment up front. As you purchase this infrastructure up
front, it will depreciate over time and will eventually need to be replaced.
 OpEx: Operation expenditure meaning you are paying for a service and
being billed for them as you use them (or on a monthly/annual basis). There
are no upfront costs. Azure is OpEx.
Describe the consumption-based model
With the consumption-based pricing model the customer pays for the
resources that they use. So, if you use more resources or have a heavy
workload for a period, you may pay a little more. On the other hand, with
Azure you could pay for a reserved instance and save costs by deciding on a
fix amount of resource you are going to use for the year. It is recommended
that when creating a resource, you run it as pay as you go, when once you
have fine-tuned your resource usage, you can switch to a reserved instance,
in simpler scenarios.
Describe the differences between Infrastructure-as-a-Service (IaaS),
Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)
(https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/5-
types-of-cloud-services)
Describe the shared responsibility model
You are responsible for ensuring the service is configure correctly and Azure
is responsible for ensuring the cloud infrastructure is functioning correctly,
referred to as the shared responsibility model.
describe Infrastructure-as-a-Service (IaaS)
Infrastructure as a service is what is says, you do not purchase the underlying
hardware for your cloud infrastructure but instead rent it from somewhere else,
in our case Azure. It does give you complete control of the hardware that runs
your virtualised infrastructure and it is provisioned almost instantly. IaaS is a
shared responsibility between you and Azure.
Describe Platform-as-a-Service (PaaS)
Platform as a service removes your responsibility from managing the
underlying hardware and operating system. It is an environment for building,
testing a deploying software on Azure. You do not have to worry about
hardware, virtual machines or patching the operating systems, it is all
managed by Azure. It is commonly used in development as it allows
developers to create applications using built in components to the cloud
platform. The features mentioned above such as high-availability and
scalability are built in.
describe Software-as-a-Service (SaaS)
Software as a service is hosted and managed by the cloud providers and is
usually licensed through a monthly or annually subscription. A good example
of SaaS is Office 365 (Exchange, Skype, Onedrive etc…).
Below are some key management responsibilities

Azure Training Guide

 
Identify a service type based on a use case
*
*
*
AZ900 Exam Training.
Describe the differences between public, private and hybrid cloud
models
(https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/4-
cloud-deployment-models)
Define cloud computing
Cloud computing is renting resources, like storage space or CPU cycles, on
another company’s computers. You only pay for what you use. The company
providing these services is referred to as a cloud provider. Some example
providers are Microsoft, Amazon, and Google.
The cloud provider is responsible for the physical hardware required to
execute your work, and for keeping it up to date.
Describe public cloud
In the public cloud model, all your infrastructure is in the cloud and you have
no on-premises infrastructure which you need to manage and maintain. In our
case Azure is the public cloud provider. Public cloud allows you to only pay for
what you use, this is OpEx and there are no up-front costs. Being fully public
cloud is not always the preferred scenario for a business, but it would be a
perfect fit for a public website or web app.
Describe private cloud
The private cloud model means you own your own data centre (or private
cloud). You are giving the impression of public cloud to your end users, but
you manage and maintain the infrastructure. You can support legacy apps and
maintain strict compliance where required, however while owning the
equipment you need the required skill to manage it, upfront CapEx costs to
purchase/replace the infrastructure and you own the responsibility.
Describe hybrid cloud
Hybrid cloud is the best of both worlds, you have your public cloud and private
cloud working together to give your users the best experience. For example,
you may have on premises databases which communicates with your cloud-
based web application. Or you may have a legacy application which requires
the low latency of an on-premises server. Utilising the public cloud in with your
private cloud allows you to easily scale out if required and even provides
flexibility for your users to work in the cloud also. You still have CapEx costs
and it can be complicated to setup and support.
Describe core Azure services
Describe the core Azure architectural components
Describe the benefit and usage of Regions
An Azure region consists of multiple datacentres in a geographical area (or
region). Each datacentre is connected by a dedicated low latency connection
within the region, of which there are currently 52 (06/03/2020).
(https://azure.microsoft.com/en-gb/global-infrastructure/regions/)
Describe the benefit and usage of Availability Zones
An availability zone is a different physical location within a region. Each
availability zone contains 1 or more datacentres which are completely
independent of each other. This allows customers to run their cloud systems
with high availability and disaster recovery in mind.
(https://docs.microsoft.com/en-us/azure/availability-zones/az-overview)
Describe the benefit and usage of resource groups
Resource groups are containers that hold related resources in Azure, they are
resources that you want to manage in a group. For example, of virtual
machines may be part of a single resource group, or all the components of
your virtual machine (VM, NIC, Disks) may be in a resource group.
(https://docs.microsoft.com/en-us/azure/azure-resource-
manager/management/overview#resource-groups)
Describe the benefit and usage of Subscriptions
When you sign up, an Azure subscription is created by default. An Azure
subscription is a logical container used to provision resources in Azure. It
holds the details of all your resources like virtual machines (VMs), databases,
and more. When you create an Azure resource like a VM, you identify the
subscription it belongs to. As you use the VM, the usage of the VM is
aggregated and billed monthly. (https://docs.microsoft.com/en-gb/azure/cost-
management-billing/cost-management-billing-overview)
Describe the benefit and usage of Management Groups
Azure management groups provide a level of scope above subscriptions. You
organize subscriptions into containers called “management groups” and apply
your governance conditions to the management groups. All subscriptions
within a management group automatically inherit the conditions applied to the
management group. Management groups give you enterprise-grade
management at a large scale no matter what type of subscriptions you might
have. All subscriptions within a single management group must trust the same
Azure Active Directory tenant. (https://docs.microsoft.com/en-
us/azure/governance/management-groups/overview)
Describe the benefit and usage of Azure Resource Manager
Azure Resource Manager allows you to deploy and manage your Azure
resources, you allow for consistency across your tenant by way of declarative
templates, access controls, locks and tags to keep your environment
organised and secure.
(https://docs.microsoft.com/en-us/azure/azure-resource-
manager/management/overview#resource-groups).
Describe core workload products available in Azure
Describe the benefits and usage of Virtual Machines, Azure App
Services, Azure Container Instances (ACI) Azure Kubernetes Services
(AKS) and Windows Virtual Desktop
 Virtual machines: on-demand scalable virtual machine in Azure which
you can configure and maintain. (https://docs.microsoft.com/en-
us/azure/virtual-machines/windows/overview)
 Azure App Services: Quickly build, deploy and scale web apps created
with popular frameworks like .NET, .NET Core, Node.js, Java, PHP, Ruby
or Python, in containers or running on any operating system. Meet rigorous,
enterprise-grade performance, security and compliance requirements by
using the fully managed platform for your operational and monitoring tasks.
(https://azure.microsoft.com/en-gb/services/app-service/)
 Azure container Instances: ACI allows you to run docker containers in a
serverless azure environment. ACI run without orchestration. It is a fast and
simple way to run a container in Azure without having to manage any virtual
machines. (https://docs.microsoft.com/en-us/azure/container-
instances/container-instances-overview)
 Azure Kubernetes Service (AKS), the future: AKS is a managed
Kubernetes environment, making it quick and easy to deploy and manage
containerised applications without container orchestration expertise.
(https://azuredevopslabs.com/labs/vstsextend/kubernetes/)
 Windows Virtual Desktop: Windows Virtual Desktop is a comprehensive
desktop and app virtualisation service running in the cloud. It’s the only
virtual desktop infrastructure (VDI) that delivers simplified management,
multi-session Windows 10, optimisations for Office 365 ProPlus and
support for Remote Desktop Services (RDS) environments. Deploy and
scale your Windows desktops and apps on Azure in minutes, and get built-
in security and compliance features. (https://docs.microsoft.com/en-
gb/azure/virtual-desktop/overview)
Describe the benefit and usage of Virtual Networks and Express route
 Virtual network: Azure virtual network (vNET) is your network in the
cloud. Your vNET contains your cloud resource and allows for
communication between them. vNET’s in Azure should be treated the same
way as your own datacentre. (https://docs.microsoft.com/en-
us/azure/virtual-network/virtual-networks-faq)
 Express Route: ExpressRoute lets you extend your on-premises
networks into the Microsoft cloud over a private connection facilitated by a
connectivity provider. With ExpressRoute, you can establish connections to
Microsoft cloud services, such as Microsoft Azure and Office 365.
(https://docs.microsoft.com/en-us/azure/expressroute/expressroute-
introduction)
Describe the benefits and usage of Container (blob) Storage, Disk
Storage, File Storage, and Storage Tiers.
 Container (Blob) storage: Blob storage is unstructured meaning there
are no restrictions on the kinds of data it can hold. They are not limited to
common file format and allow you to hold large amounts of data. It is also
used to store data for backup and disaster recovery.
(https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-blobs-
overview)
 Disk Storage: This provides disk that can be attached to virtual
machines, applications and other services to access and use as they need,
similar to on premise. Typically they are used if you have application which
require read and write operations to persistent disks.
(https://docs.microsoft.com/en-us/azure/virtual-
machines/windows/managed-disks-overview)
 File Storage: Azure files are fully managed files shares which are
accessible via the SMB protocol. They can be mounted by on-cloud or on-
premise workstations/servers in the same way you would mount a typical
 SMB share. (https://docs.microsoft.com/en-us/azure/storage/files/storage-
files-introduction)
 Storage Tiers: Azure offers three storage tiers to store data in blob
storage: Hot Access tier, Cool Access tier, and Archive tier. These tiers
target data at different stages of its lifecycle and offer cost-effective storage
options for different use cases. (https://docs.microsoft.com/en-
us/azure/storage/blobs/storage-blob-storage-tiers?tabs=azure-portal)
Describe the benefits and usage of Cosmos DB, Azure SQL Database,
Azure Database for MySQL and Azure Database for PostgreSQL
 Cosmos DB: Microsoft’s globally distributed, multi-model database
service. It provides you with elastic saleability all around the globe with
99.999% high availability. (https://docs.microsoft.com/en-us/azure/cosmos-
db/introduction)
 Azure SQL database: General purpose relational database that is fully
managed with built in high availability, backups and other common
maintenance operations. Azure SQL Database is PaaS.
(https://docs.microsoft.com/en-gb/azure/sql-database/sql-database-
technical-overview)
 Azure Database for PostgreSQL: Open source relational database
service based on the open-source Postgres database engine.
(https://docs.microsoft.com/en-us/azure/postgresql/)
 Azure Database for MySQL: zure Database for MySQL is a relational
database service powered by the MySQL community edition. It’s a fully
managed database as a service offering that can handle mission-critical
workloads with predictable performance and dynamic scalability.
(https://docs.microsoft.com/en-us/azure/mysql/)
 Describe the benefits and usage of Azure Marketplace
Describe Core Solutions and Management Tools on Azure
Describe the benefits and usage of IoT Hub, IoT Central and Azure
Sphere.
The Azure Internet of Things (IoT) is a collection of Microsoft-managed cloud
services that connect, monitor, and control billions of IoT assets. In simpler
terms, an IoT solution is made up of one or more IoT devices that
communicate with one or more back-end services hosted in the cloud.
 IoT Hub: This is an Azure managed service which acts as a central
message hub for bi-directional communication between your IOT
applications and the devices it manages. (https://docs.microsoft.com/en-
gb/azure/iot-hub/about-iot-hub)
 IoT Central: An application platform that reduces the burden and cost of
developing, managing and maintaining enterprise grade IoT solutions.
(https://docs.microsoft.com/en-gb/azure/iot-central/core/overview-iot-
central)
 Azure Sphere: Azure Sphere is a secured, high-level application
platform with built-in communication and security features for internet-
connected devices. It comprises a secured, connected, crossover
 microcontroller unit (MCU), a custom high-level Linux-based operating
system (OS), and a cloud-based security service that provides continuous,
renewable security. (https://docs.microsoft.com/en-gb/azure-
sphere/product-overview/what-is-azure-sphere)
Describe the benefits and usage of Azure Synapse Analytics, HDInsight
and Azure
Databricks
 SQL Data Warehouse (now Azure Synapse Analytics): Azure Synapse
is a limitless analytics service that brings together enterprise data
warehousing and Big Data analytics. It gives you the freedom to query data
on your terms, using either serverless on-demand or provisioned resources
—at scale. Azure Synapse brings these two worlds together with a unified
experience to ingest, prepare, manage, and serve data for immediate BI
and machine learning needs. (https://docs.microsoft.com/en-us/azure/sql-
data-warehouse/sql-data-warehouse-overview-what-is)
 HD Insight: Azure HDInsight is a cloud distribution of Hadoop
components. Azure HDInsight makes it easy, fast, and cost-effective to
process massive amounts of data. You can use the most popular open-
source frameworks such as Hadoop, Spark, Hive, LLAP, Kafka, Storm, R,
and more. With these frameworks, you can enable a broad range of
scenarios such as extract, transform, and load (ETL), data warehousing,
machine learning, and IoT. (https://docs.microsoft.com/en-
us/azure/hdinsight/hdinsight-overview)
 Azure Databricks: Azure Databricks is an Apache Spark-based
analytics platform optimized for the Microsoft Azure cloud services platform.
Designed with the founders of Apache Spark, Databricks is integrated with
Azure to provide one-click setup, streamlined workflows, and an interactive
workspace that enables collaboration between data scientists, data
engineers, and business analysts. (https://docs.microsoft.com/en-
gb/azure/azure-databricks/what-is-azure-databricks)
Describe the benefits and usage of Azure Machine Learning, Cognitive
Services and
Azure Bot Service
 Azure machine learning: An environment you can use to train, deploy,
automate, manage and track machine learning models.
(https://docs.microsoft.com/en-gb/azure/machine-learning/overview-what-
is-azure-ml)
 Cognitive Services: Are services which can allow you to build intelligent
applications without the need for data science or AI skills. It allows
development to add cognitive features to their applications.
(https://docs.microsoft.com/en-gb/azure/cognitive-services/welcome)
 Azure Bot Service: Azure Bot Service and Bot Framework provide tools
to build, test, deploy, and manage intelligent bots, all in one place. Through
the use of modular and extensible framework provided by the SDK, tools,
templates, and AI services developers can create bots that use speech,
understand natural language, handle questions and answers, and more.
 (https://docs.microsoft.com/en-us/azure/bot-service/bot-service-overview-
introduction?view=azure-bot-service-4.0)
Describe the benefits and usage of serverless computing solutions that
include Azure Functions, Logic Apps and Event Grid
 Azure Functions: Azure functions allow you to run small pieces of code
called functions without worrying about the infrastructure. These functions
are triggered by a specific event. (https://docs.microsoft.com/en-
gb/azure/azure-functions/functions-overview)
 Logic Apps: Azure Logic Apps is a cloud service that helps you
schedule, automate, and orchestrate tasks, business processes, and
workflows when you need to integrate apps, data, systems, and services
across enterprises or organizations. (https://docs.microsoft.com/en-
us/azure/logic-apps/logic-apps-overview)
 Event Grid: Azure Event Grid allows you to easily build applications with
event-based architectures. First, select the Azure resource you would like
to subscribe to, and then give the event handler or WebHook endpoint to
send the event to. (https://docs.microsoft.com/en-us/azure/event-
grid/overview)
Describe solutions for software development including Azure DevOps
and Azure DevTest Labs
 Azure DevOps: Azure DevOps provides developer services to support
teams to plan work, collaborate on code development, and build and deploy
applications. Developers can work in the cloud using Azure DevOps
Services or on-premises using Azure DevOps Server. Azure DevOps
Server was formerly named Visual Studio Team Foundation Server (TFS).
(https://docs.microsoft.com/en-us/azure/devops/user-guide/what-is-azure-
devops?view=azure-devops)
 Azure DevTest Labs: DevTest Labs creates labs consisting of pre-
configured bases or Azure Resource Manager templates. These have all
the necessary tools and software that you can use to create environments.
You can create environments in a few minutes, as opposed to hours or
days. (https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-
overview)
Describe Azure management tools
Describe the functionality and usage of the Azure Portal, Azure
PowerShell, Azure CLI, Cloud Shell and Azure Mobile App
 Azure Portal: Azure portal allows you to manage your Azure tenant
through a GUI on your web browser. It is compatible on any modern
desktop/tablet device. (https://docs.microsoft.com/en-us/azure/azure-
portal/azure-portal-overview)
 Azure Powershell: Designed to allow you to manage your resources
directly through powershell command line. It runs on Windows, however if
you are on a Mac or Linux, you will need to install PowerShell Core first.
(https://docs.microsoft.com/en-us/powershell/azure/?view=azps-3.5.0)
 Azure CLI: The Azure command-line interface (CLI) is Microsoft’s cross-
platform command-line experience for managing Azure resources. It can
 run on Windows, MacOS, Linux, in Docker and Azure Cloud Shell.
(https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli?view=azure-cli-
latest)
 Azure Cloud Shell: Azure Cloud Shell is an interactive, authenticated,
browser-accessible shell for managing Azure resources. It provides the
flexibility of choosing the shell experience that best suits the way you work,
either Bash or PowerShell. Cloud shell supports the latest versions of:
Edge, IE, Chrome, Firefox and Safari. (https://docs.microsoft.com/en-
us/azure/cloud-shell/overview)
 Azure mobile app: Read the following announcement to see what the
mobile app can do. Please do no use it to manage your Azure tenant.
(https://azure.microsoft.com/en-gb/blog/azure-mobile-app-now-generally-
available/)
Describe the functionality and usage of Azure Advisor
Azure advisor will continuously monitor your cloud environment to ensure it is
secure, costs effective and well managed. By following the Azure best
practices the Advisor will give you personalised recommendations to ensure
the following feature are optimised: high availability, security, performance,
cost, operational excellence. (https://docs.microsoft.com/en-
us/azure/advisor/advisor-overview)
Describe the functionality and usage of Azure Monitor
Azure Monitor collect and aggregates data from multiple sources where is can
be visualised, analysed and used of alerting. You can get deep insights across
your Azure resources and even include custom resources that utilise Azure for
data storage. (https://docs.microsoft.com/en-us/azure/azure-monitor/overview)
Describe the functionality and usage of Azure Service Health
Azure service health combines the Azure status, Azure Service health service
and resource health. It aims to give you personalised information and support
when issue with the Azure service may affect you.
(https://docs.microsoft.com/en-us/azure/service-health/)
Describe General Security and Network Security Features
Describe Azure security features
Describe basic features of Azure Security Center, including policy
compliance, security alerts, secure score, and resource hygiene)
 Policy compliance: Azure Policy is a service in Azure that you use to
create, assign, and manage policies. These policies enforce different rules
and effects over your resources, so those resources stay compliant with
your corporate standards and service level agreements. Azure Policy meets
this need by evaluating your resources for non-compliance with assigned
policies. (https://docs.microsoft.com/en-
us/azure/governance/policy/overview)
 Security alerts: A list of prioritized security alerts is shown in Security
Center along with the information you need to quickly investigate the
problem and recommendations for how to remediate an attack.
(https://docs.microsoft.com/en-us/azure/security-center/security-center-
managing-and-responding-alerts)
 Secure Score: Review Secure Score: https://docs.microsoft.com/en-
us/azure/security-center/security-center-secure-score and Enhanced
Secure Score: (https://docs.microsoft.com/en-us/azure/security-
center/secure-score-security-controls)
 Resource Hygiene: resource security hygiene advises on the most
prevalent security recommendations for your resources.
(https://azure.microsoft.com/en-gb/blog/introducing-the-redesigned-
security-center-overview-dashboard/)
Describe the functionality and usage of Key Vault
Azure key vault help you securely store and control access to tokens,
passwords and certificates. It can also be used as a key management
solution. Once you have created your vault you can enable logging to monitor
its activity. (https://docs.microsoft.com/en-gb/azure/key-vault/key-vault-
overview)
Describe the functionality and usage of Azure Sentinel
Microsoft Azure Sentinel is a scalable, cloud-native, security information
event management (SIEM) and security orchestration automated
response (SOAR) solution. Azure Sentinel delivers intelligent security
analytics and threat intelligence across the enterprise, providing a single
solution for alert detection, threat visibility, proactive hunting, and threat
response. (https://docs.microsoft.com/en-gb/azure/sentinel/overview)
Describe Azure network security
Describe the concept of defence in depth
https://azure.microsoft.com/en-gb/resources/videos/defense-in-depth-security-
in-azure/
Describe the functionality and usage of Network Security Groups (NSG)
Network security groups are used to control the flow of traffic to and from your
Azure resources withing your virtual network. NSG’s can be assigned on a
NIC or Subnet level with the ARM template, where with ASM (Classic), NSG’s
can also be applied to NIC, however this is legacy.
(https://docs.microsoft.com/en-us/azure/virtual-network/security-overview)
Describe the functionality and usage of Azure Firewall
Azure Firewall is a fully stateful firewall with built in high availability and
unrestricted cloud scalability. You can centrally create, enforce, and log
application and network connectivity policies across subscriptions and virtual
networks. It is fully integrated with Azure monitor for logging and analytics.
(https://docs.microsoft.com/en-us/azure/firewall/overview)
Describe the functionality and usage of Azure DDoS protection
Azure DDoS protection provides protection against DDoS attacks and it
comes in 2 tiers, basic and standard. Basic is automatically enabled on the
Azure platform and Standard you must purchase but has additional features. It
protects against, volume attacks, protocol attacks and resource layer attacks.
(https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-
overview)
Describe Identity, Governance, Privacy and Compliance Features (20-
25%)
Describe core Azure identity services
Explain the difference between authentication and authorization
Authentication is the process of proving you are who you say you are.
Authentication is sometimes shortened to AuthN.
Authorization is the act of granting an authenticated party permission to do
something. It specifies what data you’re allowed to access and what you can
do with that data. Authorization is sometimes shortened to AuthZ.
(https://docs.microsoft.com/en-us/azure/active-
directory/develop/authentication-scenarios)
Describe the functionality and usage of Azure Active Directory
Azure AD is Microsoft’s cloud identity and access management service, like
Windows Server Active Directory, but is solely cloud based. If you use Office
365, you should have some understanding of this already.
(https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-
directory-whatis)
Describe the functionality and usage of Conditional Access and Multi-
Factor Authentication (MFA)
Conditional access is a way for you to enforce policies across your
organisation. At there simplest they are if/then statement, if this, then do that.
Conditional access polies allow you to enforce the right access controls when
needed to keep your organisation secure. (https://docs.microsoft.com/en-
us/azure/active-directory/conditional-access/overview).
Multi-Factor authentication provides an additional layer of security at the
authentication level. But combining multiple steps of verification, a significant
challenge is left for an attacker. This is usually comprised of your password
and a device you own or biometrics.
(https://docs.microsoft.com/en-us/azure/active-
directory/authentication/concept-mfa-howitworks)
Describe the functionality and usage of Role-Based Access Control
(RBAC)
RBAC help you manage who has access to what Azure resources. It provides
fine-grained access management of Azure resources, for example, you could
allow a single user to management virtual machine within a subscription.
(https://docs.microsoft.com/en-us/azure/role-based-access-control/overview)
Describe Azure governance features
Describe the functionality and usage of Azure Policy
Azure policy allows you to create and manage policies within your Azure
tenant. The polices can enforce rules, provide remediation and allow you to
stay compliant with standards. (https://docs.microsoft.com/en-
us/azure/governance/policy/overview)
Describe the functionality and usage of resource locks
Resource locks allow you to prevent other users in your organisation from
accidentally modifying or deleting resources. Locks can be set as
‘CanNotDelete’ (which still allows for read and modify) or ‘ReadOnly’ (which
users can read the resource but cannot delete or modify.
(https://docs.microsoft.com/en-us/azure/azure-resource-
manager/management/lock-resources)
Describe the functionality and usage of tags
Tags are used in Azure to logically organise your resources. A tag consists of
a name and a value pair. Once your have tagged your resources you are able
to logically view all the resources in your subscription with a specific tag,
which is helpful when organising for billing or management. You can utilise
Azure policy to ensure all resources are tagged.
(https://docs.microsoft.com/en-us/azure/azure-resource-
manager/management/tag-resources)
Describe the functionality and usage of Azure Blueprints
Azure Blueprints enables cloud architects and central information technology
groups to define a repeatable set of Azure resources. Azure Blueprints makes
it possible for development teams to rapidly build and stand up new
environments which will meet your organisations compliance.
(https://docs.microsoft.com/en-us/azure/governance/blueprints/overview)
Describe privacy and compliance resources
Describe the purpose of the Microsoft Privacy Statement and the Cloud
Adoption Framework for Azure
The Microsoft Privacy Statement describes the privacy policy and practices
that govern your use of Azure and Microsoft’s other enterprise online services,
such as Office 365 and Intune. The Online Services Agreement or Preview
Supplemental Terms may specify a different privacy statement for some
services.
(https://privacy.microsoft.com/en-gb/privacystatement)
The Cloud Adoption Framework is the One Microsoft approach to cloud
adoption in Azure, consolidating and sharing best practices from Microsoft
employees, partners, and customers. The framework gives customers a set of
tools, guidance, and narratives that help shape technology, business, and
people strategies for driving desired business outcomes during their adoption
effort. This guidance aligns to the following phases of the cloud adoption
lifecycle, ensuring easy access to the right guidance at the right time.
(https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/)
Describe the purpose of the Trust Center
The trust center is to provide customers and partners with easier access to
regulatory compliance information. (https://www.microsoft.com/en-gb/trust-
center/?rtc=1)
Describe the purpose of the Service Trust Portal
The Service Trust Portal contains details about Microsoft’s implementation of
controls and processes that protect our cloud services and the customer data
therein. To access some of the resources on the Service Trust Portal, you
must log in as an authenticated user with your Microsoft cloud services
account (either an Azure Active Directory organization account or a Microsoft
Account) and review and accept the Microsoft Non-Disclosure Agreement for
 Compliance Materials. (https://docs.microsoft.com/en-us/microsoft-
365/compliance/get-started-with-service-trust-portal?view=o365-worldwide)
Describe the purpose of Azure Sovereign Regions (Azure Government
cloud services and Azure China cloud services)
Azure Government is a cloud platform built upon the foundational principles of
security, privacy and control, compliance, and transparency. Public Sector
entities receive a physically isolated instance of Azure.
(https://docs.microsoft.com/en-us/azure/azure-government/documentation-
government-welcome)
Microsoft Azure operated by 21Vianet (Azure China) is a physically separated
instance of cloud services located in China. It’s independently operated and
transacted by Shanghai Blue Cloud Technology Co., Ltd. (“BlueCloud”), a
wholly owned subsidiary of Beijing 21Vianet Broadband Data Center Co., Ltd.
(“21Vianet”). (https://docs.microsoft.com/en-us/azure/china/overview-
operations)
Describe Azure Pricing and Support
Describe methods for planning and management of costs
Identify the factors affecting costs (resource types, services, locations,
ingress and egress traffic, reserved instances, hybrid use benefit)
 Resource types: Costs are resource-specific, so the usage that a meter
tracks and the number of meters associated with a resource depend on the
resource type. (https://docs.microsoft.com/en-us/learn/modules/predict-
costs-and-optimize-spending/1b-factors-affecting-cost)
 Services: Azure usage rates and billing periods can differ between
Enterprise, Web Direct, and Cloud Solution Provider (CSP) customers.
Some subscription types also include usage allowances, which affect costs.
(https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-
optimize-spending/1b-factors-affecting-cost)
 Locations: Azure has datacenters all over the world. Usage costs vary
between locations that offer Azure products, services, and resources based
on popularity, demand, and local infrastructure costs.
(https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-
optimize-spending/1b-factors-affecting-cost)
 Ingress and Egress traffic: Data moving in and out of Azure data
centres which is not covered by the Express Route or CDN pricing
(https://azure.microsoft.com/en-gb/pricing/details/bandwidth/)
 Reserved instances: You can significantly reduce costs by up to 72% by
purchasing 1-year or 3-year terms for Windows and Linux machines in
Azure. (https://azure.microsoft.com/en-gb/pricing/reserved-vm-instances/)
 Hybrid use benefit: The ability to save on licensing costs by bringing
your Windows Server or SQL Server on-premises licenses with Software
Assurance to Azure. (https://azure.microsoft.com/en-gb/pricing/reserved-
vm-instances/)
Describe the functionality and usage of the Pricing calculator and the
Total Cost of Ownership (TCO) calculator
The Azure pricing calculator allows you to configure and estimate the costs of
your Azure products. You can use prebuilt example scenarios, or build you
own estimate, save it and export it to a CSV. (https://azure.microsoft.com/en-
gb/pricing/calculator/)
The Azure Total Cost of Ownership (TCO) calculator allows you to estimate
the cost savings by migrating your existing workloads to Azure.
(https://azure.microsoft.com/en-us/pricing/tco/calculator/)
Describe the functionality and usage of Azure Cost Management
You use Azure Cost Management and Billing features to conduct billing
administrative tasks and manage billing access to costs. You also its features
to monitor and control Azure spending and to optimize Azure resource use.
(https://docs.microsoft.com/en-us/azure/cost-management-billing/cost-
management-billing-overview#feedback)
Describe Azure Service Level Agreements (SLAs) and service lifecycles
Describe the purpose of an Azure Service Level Agreement (SLA)
Azure SLAs detail the uptime guarantees Microsoft provide you. They will also
detail the downtime credit policies. The Service Level Agreement (SLA)
describes Microsoft’s commitments for uptime and connectivity.
(https://azure.microsoft.com/en-us/support/legal/sla/)
Interpret the terms of an SLA
Review the following on how to compose SLA’s across services.
(https://docs.microsoft.com/en-gb/learn/modules/explore-azure-
infrastructure/7-composite-sla)
Describe the service lifecycle in Azure (Public Preview and General
Availability)
Azure may include preview, beta, or other pre-release features, services,
software, or regions offered by Microsoft to obtain customer feedback
(“Previews”). Previews are made available to you on the condition that you
agree to these terms of use, which supplement your agreement governing use
of Azure. (https://azure.microsoft.com/en-gb/support/legal/preview-
supplemental-terms/)
Azure General Availability is the release of products to the general public. You
can learn about important upcoming Azure updates and the Azure roadmap
here: https://azure.microsoft.com/en-gb/updates/.