Cloud Concepts
25-30%of exam
Architecture + Services
35-40%of exam
Management + Governance
30-35%of exam
Quick Facts
- Exam
- AZ-900
- Credential
- Azure Fundamentals
- Time
- 45 min
- Pass
- 700/1000
- Level
- Foundational
- Skill
- Match service
- Blueprint
- Jan 14 2026
Scale vs Elasticity
Scalability
- Add capacity
- Up/out
- Planned growth
Elasticity
- Autoscale
- Demand spikes
- Dynamic capacity
Can grow vs auto-grow
Cloud Benefits
- HA
- UptimeSLA
- Scalability
- Add capacity
- Elasticity
- Autoscale demand
- Reliability
- Recover failures
- Predictability
- Forecast cost/perf
- Governance
- Rules at scale
- Manageability
- Tools + automation
Cloud Models
- Public
- Shared provider cloud
- Private
- Dedicated organization cloud
- Hybrid
- Public + private
- Multicloud
- Multiple providers
- CapEx
- Upfront spend
- OpEx
- Pay as used
Service Models
- IaaS
- You manage OS
- PaaS
- You deploy app
- SaaS
- You configure users
- Serverless
- Code + triggers
- VM
- Classic IaaS
- App Service
- Classic PaaS
Storage Redundancy
LRS=Local | ZRS=Zone | GRS=Geo
LRS: datacenterZRS: zonesGRS: paired regionGZRS: zone+geo
Entra ID vs RBAC
Entra ID
- Authenticate
- Users/groups
- SSO/MFA
RBAC
- Authorize
- Azure resources
- Role assignments
Sign in vs do
Service Picker
- Need OS control→VM(IaaS)
- Managed web/API→App Service(PaaS)
- Event trigger→Functions(Serverless)
- Quick container→ACI(No orchestration)
- Many containers→AKS(Kubernetes)
- Cloud desktops→AVD(VDI)
- Unstructured files→Blob(Object store)
- Private network→VNet(Isolation)
Azure Hierarchy
- MG
- Subscription governance
- Subscription
- Billing + access
- Resource group
- Lifecycle bundle
- Resource
- Service instance
- Region
- Geography location
- Zone
- Datacenter isolation
Access Tiers
Hot -> Cool -> Cold -> Archive
Hot: frequentCool: monthlyCold: rareArchive: offline
VPN vs ExpressRoute
VPN
- Encrypted internet
- Site-to-site
- Lower cost
ExpressRoute
- Private circuit
- Provider link
- Predictable latency
Internet vs private
Compute
- VM
- OS control
- VMSS
- Identical VM scale
- Availability set
- Rack/update spread
- Availability zone
- Datacenter spread
- AVD
- Cloud desktops
- Functions
- Event code
- ACI
- Quick container
- AKS
- Kubernetes orchestration
Networking
- VNet
- Private network
- Subnet
- VNet segment
- Peering
- VNet to VNet
- DNS
- Name resolution
- VPN Gateway
- Encrypted internet
- ExpressRoute
- Private circuit
- Public endpoint
- Internet reachable
- Private endpoint
- Private Link IP
Storage
- Blob
- Objects/files/media
- Files
- SMB/NFS shares
- Queues
- Simple messages
- Tables
- Key-value NoSQL
- Managed disks
- VM block storage
- AzCopy
- CLI transfer
- Storage Explorer
- Desktop GUI
- Data Box
- Offline transfer
Identity + Security
- Entra ID
- Cloud identity
- SSO
- One login
- MFA
- Extra factor
- Passwordless
- No password
- Conditional Access
- Risk-based rules
- RBAC
- Resource authorization
- Zero Trust
- Verify explicitly
- Defender
- Security posture
Governance Stack
MG -> Sub -> RG -> Resource
MG: hierarchySub: billingRG: lifecycleResource: instance
Policy vs Lock
Policy
- Allow/deny
- Audit rules
- Required tags
Lock
- No delete
- No modify
- Override mistakes
Standard vs protection
Cost Picker
- Estimate Azure→Pricing Calc
- Compare on-prem→TCO Calc
- Track spend→Cost Mgmt
- Group charges→Tags
- Alert spend→Budgets
- Optimize resources→Advisor
Cost + Governance
- Pricing Calc
- Future Azure cost
- TCO Calc
- On-prem comparison
- Cost Mgmt
- Actual spend
- Budgets
- Spend alerts
- Tags
- Cost metadata
- Policy
- Enforce rules
- Locks
- Prevent changes
- Purview
- Data governance
Service Health vs Monitor
Service Health
- Azure incidents
- Region issues
- Maintenance
Azure Monitor
- Your metrics
- Logs/alerts
- Telemetry
Provider vs workload
Monitoring Picker
- Azure outage→Service Health
- Resource metrics→Azure Monitor
- Query logs→Log Analytics
- App telemetry→App Insights
- Recommendations→Advisor
Operate
- Portal
- Browser UI
- Cloud Shell
- Browser shell
- CLI
- az commands
- PowerShell
- Az cmdlets
- ARM
- Control plane
- ARM template
- JSON IaC
- Azure Arc
- Hybrid manage
- Advisor
- Best practices
Pricing vs TCO
Pricing
- Azure estimate
- Service choices
- Future spend
TCO
- Migration case
- On-prem baseline
- Savings view
Azure cost vs migration
Common Traps
Identity vs permission
Entra signs in ≠ RBAC grants actions
Rules vs locks
Policy enforces ≠ Locks prevent changes
Estimate vs track
Calculators estimate ≠ Cost Mgmt tracks
Outage vs telemetry
Health is Azure ≠ Monitor is yours
Tier vs redundancy
Tier is access ≠ Redundancy is copies
Private vs encrypted
ExpressRoute private ≠ VPN encrypted internet
Last Minute
- 1.Weights: 25-30 / 35-40 / 30-35
- 2.IaaS = OS control
- 3.PaaS = deploy app
- 4.SaaS = configure users
- 5.Entra = login; RBAC = permissions
- 6.Policy = rules; Locks = protection
- 7.Pricing = estimate; Cost Mgmt = actuals
- 8.Monitor = workloads; Health = Azure
- 9.VPN = internet; ExpressRoute = private
- 10.Tiers = access; redundancy = copies
Buy on Amazon
Take courses on Udemy
Learning path on PluralsightSame family resources
Explore More Microsoft Azure Certifications
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
More From This Family
Videos and articles for deeper review.
VideoAZ-900 Exam Guide 2026: Pass Azure Fundamentals Free (Complete Study Plan)This examVideoAI-900 Exam Guide 2026: FREE Azure AI Fundamentals Study PlanVideoAZ-104 Study Plan 2026: Pass Azure Administrator ExamVideoFREE MD-102 Exam Guide 2026: Pass Microsoft Endpoint Administrator (Intune, Autopilot, Windows 11)ArticleAZ-900 Exam Guide 2026: Pass Azure Fundamentals Free (Complete Study Plan)28 min readArticleAI-900 Exam Guide 2026: FREE Azure AI Fundamentals Study Plan26 min readArticleAZ-104 Study Plan 2026: Pass Azure Administrator Exam17 min readArticleAzure DP-900 Exam Guide 2026: FREE Data Fundamentals Study Plan25 min read