AZ-900 Exam Review: Key Concepts Summary
Key Takeaways
- AZ-900 logistics: about 40-60 questions in 45 minutes, scored 0-1000, pass at 700, USD $99 voucher, no prerequisites, valid permanently (no renewal).
- Domain 1 Cloud Concepts (25-30%): IaaS/PaaS/SaaS, shared responsibility, CapEx vs OpEx, public/private/hybrid, scalability vs elasticity.
- Domain 2 Architecture & Services (35-40%): regions, availability zones, region pairs, the management group > subscription > resource group > resource hierarchy, and core compute/network/storage/identity services.
- Domain 3 Management & Governance (30-35%): Pricing/TCO calculators, Cost Management, Azure Policy vs RBAC, locks, tags, ARM/Bicep, Monitor, and SLA math.
- The exam rewards breadth: know WHAT each service does and WHEN to use it, eliminate wrong options, and never leave a question blank.
Last updated: June 2026
Exam logistics you should walk in knowing (verified 2026)
| Item | Fact |
|---|---|
| Exam code / name | AZ-900: Microsoft Azure Fundamentals |
| Questions | Roughly 40-60 items (form varies); mix of multiple-choice, multi-select, drag-and-drop, and dropdowns |
| Time | About 45 minutes of testing |
| Scoring | Scaled 0-1000; pass at 700 (not a raw 70%) |
| Cost | USD $99 voucher (varies by country/taxes) |
| Prerequisites | None |
| Validity | Fundamentals certifications do not expire — no annual renewal |
| Objectives updated | January 14, 2026 (expanded AI, Copilot, Responsible AI) |
Domain 1: Cloud Concepts (25-30%)
| Concept | Key fact |
|---|---|
| CapEx vs OpEx | CapEx = buy hardware up front; OpEx = pay-as-you-go for cloud services |
| IaaS | You manage OS + runtime + apps + data (Azure VMs) |
| PaaS | Provider manages OS; you manage app + data (App Service) |
| SaaS | You manage only data + settings (Microsoft 365) |
| Shared responsibility | The customer always owns data, accounts/identities, and devices, regardless of model |
| Public / Private / Hybrid | Multi-tenant / single-tenant dedicated / a mix of both |
| Scalability vs Elasticity | Scalability = ability to grow; elasticity = automatic scale up and down with demand |
| High availability | Redundancy that keeps a service running, backed by an SLA |
Trap: Scalability and elasticity are different — elasticity is the automatic one. And no matter how much the provider manages, the customer never offloads responsibility for data and identities.
Domain 2: Azure Architecture & Services (35-40%)
Global infrastructure & hierarchy
| Concept | Key fact |
|---|---|
| Region | A set of data centers in one geography (60+ worldwide) |
| Availability Zone | 3+ physically separate data centers in a region; survives a single DC failure |
| Region pair | Two regions 300+ miles apart; staggered updates for disaster recovery |
| Hierarchy | Management group > Subscription > Resource group > Resource |
| Resource group | Logical container; each resource lives in exactly one group |
| ARM | Azure Resource Manager — the single control plane for all management tools |
Compute & networking at a glance
| Service | When to use |
|---|---|
| Azure VMs (IaaS) | Full OS control, lift-and-shift |
| App Service (PaaS) | Web apps and APIs without managing servers |
| Azure Functions | Event-driven, serverless, pay-per-execution |
| AKS | Orchestrate complex multi-container microservices |
| VPN Gateway | Encrypted tunnel over the internet to on-prem |
| ExpressRoute | Private circuit, not over the internet, up to 100 Gbps |
| Load Balancer / App Gateway / Front Door | L4 / L7+WAF / global L7+CDN |
Storage & identity
| Service | Key fact |
|---|---|
| Blob / Files / Queue / Table | Unstructured / SMB shares / async messaging / NoSQL key-value |
| LRS, ZRS, GRS, GZRS | 3 copies in one DC, across zones, across regions, or zones+regions |
| Entra ID | Cloud identity: SSO, MFA, Conditional Access |
| RBAC vs Azure Policy | RBAC = who can do things; Policy = what resources are allowed |
Domain 3: Management & Governance (30-35%)
| Concept | Key fact |
|---|---|
| Pricing Calculator | Estimate cost before deploying |
| TCO Calculator | Compare on-premises vs Azure cost |
| Cost Management | Track actual spend, set budgets and alerts |
| Azure Advisor | Free recommendations across cost, security, reliability, performance, operations |
| Azure Policy | Enforce rules (e.g., allowed regions, required tags) |
| Resource locks | CanNotDelete or ReadOnly to prevent accidents |
| Tags | Key-value metadata; not inherited by child resources by default |
| ARM templates / Bicep | JSON IaC / simpler DSL that compiles to ARM JSON |
| Azure Monitor / Log Analytics / App Insights | Telemetry / KQL log queries / app performance monitoring |
| Service Health | Personalized Azure outage and maintenance notices |
SLA math you must be able to do
A 99.9% monthly SLA allows about 43 minutes of downtime per month. When you chain dependent services, you multiply their SLAs, so the composite SLA always drops: 99.9% × 99.9% = 99.81%. Adding more dependencies lowers it further — a frequent exam trap.
Final exam-day checklist
- Three service models (IaaS/PaaS/SaaS) and the shared responsibility split
- Public / private / hybrid deployment models
- Regions, Availability Zones, region pairs
- The four-level resource hierarchy
- VMs vs App Service vs Functions
- VPN Gateway vs ExpressRoute
- Storage redundancy (LRS/ZRS/GRS/GZRS) and tiers
- Entra ID, RBAC vs Azure Policy, Zero Trust principles
- Pricing vs TCO Calculator vs Cost Management
- Locks, tags, ARM/Bicep, Monitor, and SLA multiplication
Final Tip: AZ-900 tests breadth, not depth — you do not configure or code anything. Pass at 700/1000, manage your 45 minutes, eliminate clearly wrong options, trust your first read, and never leave a question blank.
Test Your Knowledge
What is the passing score for the AZ-900 exam?
A
B
C
D
Test Your Knowledge
Two services in an architecture each have a 99.9% SLA and one depends on the other. What is the composite SLA?
A
B
C
D
Test Your Knowledge
A company must protect data against a complete Azure region failure. Which storage redundancy option meets the requirement?
A
B
C
D
E
Test Your KnowledgeMulti-Select
Which THREE statements are principles of the Zero Trust model? (Select THREE)
Select all that apply
Verify explicitly
Trust all traffic on the internal network
Use least privilege access
Assume breach
Grant every authenticated user full access