Microsoft Azure Fundamentals Study Guide

Explanation

Cloud computing is the delivery of computing services—including servers, storage, databases, networking, software, analytics, and artificial intelligence—over the Internet ("the cloud") to offer faster innovation, flexible resources, and economies of scale.

Examples

Microsoft 365 (SaaS), Azure App Service (PaaS), Azure Virtual Machines (IaaS), Netflix streaming, Dropbox file storage, Gmail email service.

Key Mechanisms

- Core function: Cloud computing is the delivery of computing services—including servers, storage, databases, networking, software, analytics, and artificial intelligence—over the Internet ("the cloud") to offer faster innovation, flexible resources, and economies of scale. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Microsoft 365 (SaaS), Azure App Service (PaaS), Azure Virtual Machines (IaaS), Netflix streaming, Dropbox file storage, Gmail email service. - Decision clue: A startup company needs to deploy a web application quickly without investing in physical hardware.

Review Path

Review path:

1. Open Azure portal 2. Search for Cloud Computing 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The ability of a system to remain operational and accessible for a high percentage of time, typically 99.9% or higher. High availability is achieved through redundancy, failover mechanisms, and eliminating single points of failure.

Examples

Azure guarantees 99.95% uptime SLA for virtual machines with multiple instances, Azure Load Balancer distributing traffic across zones, database replicas in different regions

Key Mechanisms

- Core function: The ability of a system to remain operational and accessible for a high percentage of time, typically 99.9% or higher. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Azure guarantees 99.95% uptime SLA for virtual machines with multiple instances, Azure Load Balancer distributing traffic across zones, database replicas in different regions - Decision clue: A banking application requires 99.99% uptime to ensure customers can access their accounts 24/7.

Review Path

Review path:

1. Open Azure portal 2. Search for High Availability 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The ability to handle increased workload by adding resources to the system. Scalability can be vertical (scaling up - adding more power to existing machines) or horizontal (scaling out - adding more machines).

Examples

Auto-scaling web apps during traffic spikes, adding more VMs during peak hours, Azure VM Scale Sets automatically adjusting capacity based on demand

Key Mechanisms

- Core function: The ability to handle increased workload by adding resources to the system. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Auto-scaling web apps during traffic spikes, adding more VMs during peak hours, Azure VM Scale Sets automatically adjusting capacity based on demand - Decision clue: A video streaming service expects 10x traffic during a major sports event.

Review Path

Review path:

1. Open Azure portal 2. Search for Scalability 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The ability to automatically provision and release resources based on demand. Elasticity combines both scaling out during high demand and scaling in during low demand, providing cost optimization.

Examples

Azure VM Scale Sets that automatically add/remove VMs based on CPU usage, Azure Functions that scale to zero when not used, auto-scaling web apps during traffic variations

Key Mechanisms

- Core function: The ability to automatically provision and release resources based on demand. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Azure VM Scale Sets that automatically add/remove VMs based on CPU usage, Azure Functions that scale to zero when not used, auto-scaling web apps during traffic variations - Decision clue: An online retail store experiences traffic spikes during flash sales and quiet periods overnight.

Review Path

Review path:

1. Open Azure portal 2. Search for Elasticity 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The ability of a system to continue operating properly in the event of failure of some components. Fault tolerance is achieved through redundancy, backup systems, and graceful degradation mechanisms.

Examples

Azure Availability Zones protecting against data center failures, redundant storage accounts with multiple copies, backup databases that take over when primary fails, load balancers detecting unhealthy instances

Key Mechanisms

- Core function: The ability of a system to continue operating properly in the event of failure of some components. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Azure Availability Zones protecting against data center failures, redundant storage accounts with multiple copies, backup databases that take over when primary fails, load balancers detecting unhealthy instances - Decision clue: A hospital patient monitoring system cannot afford any downtime.

Review Path

Review path:

1. Open Azure portal 2. Search for Fault Tolerance 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The process of restoring systems and data after a catastrophic failure or natural disaster. DR focuses on getting systems back online after a major outage, while business continuity ensures minimal disruption during the recovery process.

Examples

Azure Site Recovery replicating VMs to secondary regions, geo-redundant backups stored in multiple locations, cross-region database replication, automated failover procedures

Key Mechanisms

- Core function: The process of restoring systems and data after a catastrophic failure or natural disaster. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Azure Site Recovery replicating VMs to secondary regions, geo-redundant backups stored in multiple locations, cross-region database replication, automated failover procedures - Decision clue: A financial services company needs to meet regulatory requirements for 4-hour recovery time.

Review Path

Review path:

1. Open Azure portal 2. Search for Disaster Recovery 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Cloud services offered over the public internet and available to anyone who wants to purchase them. The cloud provider owns and maintains the hardware, software, and supporting infrastructure.

Examples

Microsoft Azure, Amazon AWS, Google Cloud Platform, Microsoft 365, Gmail, Salesforce, Netflix streaming services.

Key Mechanisms

- Core function: Cloud services offered over the public internet and available to anyone who wants to purchase them. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Azure, Amazon AWS, Google Cloud Platform, Microsoft 365, Gmail, Salesforce, Netflix streaming services. - Decision clue: A startup launching a new mobile app needs scalable infrastructure without upfront costs.

Review Path

Review path:

1. Open Azure portal 2. Search for Public Cloud 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Cloud computing resources used exclusively by one business or organization. The private cloud can be physically located on-premises or hosted by a third-party provider, but the infrastructure is dedicated to a single organization.

Examples

On-premises data centers with virtualization, Azure Stack deployed in company facilities, VMware vSphere environments, private hosted clouds.

Key Mechanisms

- Core function: Cloud computing resources used exclusively by one business or organization. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: On-premises data centers with virtualization, Azure Stack deployed in company facilities, VMware vSphere environments, private hosted clouds. - Decision clue: A healthcare organization needs to comply with strict HIPAA regulations for patient data.

Review Path

Review path:

1. Open Azure portal 2. Search for Private Cloud 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A computing environment that combines public and private clouds, allowing data and applications to be shared between them. This approach provides greater deployment flexibility and more optimization options for existing infrastructure.

Examples

Azure Arc connecting on-premises to Azure, AWS Outposts, data synchronization between private data center and public cloud, burst to cloud during peak demand.

Key Mechanisms

- Core function: A computing environment that combines public and private clouds, allowing data and applications to be shared between them. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Azure Arc connecting on-premises to Azure, AWS Outposts, data synchronization between private data center and public cloud, burst to cloud during peak demand. - Decision clue: A manufacturing company keeps sensitive production data in their private on-premises cloud for security, but uses public cloud services for employee collaboration tools and development environments.

Review Path

Review path:

1. Open Azure portal 2. Search for Hybrid Cloud 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Cloud computing service that provides virtualized computing resources over the internet. You rent IT infrastructure—servers, virtual machines, storage, networks, and operating systems—from a cloud provider on a pay-as-you-go basis.

Examples

Azure Virtual Machines, Azure Storage accounts, Azure Virtual Networks, Amazon EC2, Google Compute Engine, raw computing power and storage.

Key Mechanisms

- Core function: Cloud computing service that provides virtualized computing resources over the internet. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Azure Virtual Machines, Azure Storage accounts, Azure Virtual Networks, Amazon EC2, Google Compute Engine, raw computing power and storage. - Decision clue: A software development company needs to quickly set up development and testing environments for a new project.

Review Path

Review path:

1. Open Azure portal 2. Search for Infrastructure as a Service (IaaS) 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Cloud computing service that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the underlying infrastructure, operating systems, and runtime environments.

Examples

Azure App Service for web apps, Azure SQL Database, Azure Functions, Google App Engine, Heroku, development frameworks and tools.

Key Mechanisms

- Core function: Cloud computing service that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the underlying infrastructure, operating systems, and runtime environments. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Azure App Service for web apps, Azure SQL Database, Azure Functions, Google App Engine, Heroku, development frameworks and tools. - Decision clue: A startup wants to launch a web application quickly without managing servers or databases.

Review Path

Review path:

1. Open Azure portal 2. Search for Platform as a Service (PaaS) 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Cloud computing service where software applications are delivered over the internet on a subscription basis. Users access fully functional applications through a web browser without needing to install, maintain, or update the software.

Examples

Microsoft 365 (Word, Excel, Teams), Salesforce CRM, Google Workspace, Dropbox, Zoom, Netflix, Spotify, Adobe Creative Cloud.

Key Mechanisms

- Core function: Cloud computing service where software applications are delivered over the internet on a subscription basis. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Microsoft 365 (Word, Excel, Teams), Salesforce CRM, Google Workspace, Dropbox, Zoom, Netflix, Spotify, Adobe Creative Cloud. - Decision clue: A small business needs email, document editing, and video conferencing capabilities.

Review Path

Review path:

1. Open Azure portal 2. Search for Software as a Service (SaaS) 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A security and compliance framework that defines the responsibilities of cloud service providers and customers. Azure is responsible for securing the underlying cloud infrastructure, while customers are responsible for securing their data, applications, and access controls.

Examples

Microsoft secures physical datacenters, you secure user access; Microsoft patches host OS, you patch guest OS; Microsoft encrypts storage, you manage encryption keys.

Key Mechanisms

- Core function: A security and compliance framework that defines the responsibilities of cloud service providers and customers. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Microsoft secures physical datacenters, you secure user access; Microsoft patches host OS, you patch guest OS; Microsoft encrypts storage, you manage encryption keys. - Decision clue: A financial company moves to Azure and needs to understand security responsibilities.

Review Path

Review path:

1. Open Azure portal 2. Search for Shared Responsibility Model 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

OpEx (Operational Expenditure) are ongoing operational costs for running a business, while CapEx (Capital Expenditure) are upfront investments in long-term assets. Cloud computing shifts IT spending from CapEx (buying servers) to OpEx (paying for cloud services monthly).

Examples

OpEx - Azure monthly subscription, electricity bills, staff salaries; CapEx - purchasing servers, data center construction, software licenses with perpetual terms.

Key Mechanisms

- Core function: OpEx (Operational Expenditure) are ongoing operational costs for running a business, while CapEx (Capital Expenditure) are upfront investments in long-term assets. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: OpEx - Azure monthly subscription, electricity bills, staff salaries; CapEx - purchasing servers, data center construction, software licenses with perpetual terms. - Decision clue: A startup avoids $100K upfront server purchase (CapEx) and instead pays $2K/month for Azure services (OpEx).

Review Path

Review path:

1. Open Azure portal 2. Search for OpEx vs CapEx 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud pricing model where you pay only for the resources you consume, with no upfront costs or long-term commitments. Billing is typically done per hour, per transaction, or per GB depending on the service.

Examples

Azure VMs charged per hour they run, storage charged per GB used, bandwidth charged per GB transferred, Azure Functions charged per execution.

Key Mechanisms

- Core function: A cloud pricing model where you pay only for the resources you consume, with no upfront costs or long-term commitments. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Azure VMs charged per hour they run, storage charged per GB used, bandwidth charged per GB transferred, Azure Functions charged per execution. - Decision clue: A seasonal e-commerce business scales up VMs during holiday shopping seasons and scales down during quiet periods.

Review Path

Review path:

1. Open Azure portal 2. Search for Pay-as-You-Go Pricing 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The ability to rapidly develop, test, and launch software applications in a cloud environment. Cloud agility enables organizations to quickly respond to changing business requirements and market demands through fast provisioning of resources.

Examples

Spinning up new environments in minutes, rapidly scaling applications, quickly testing new features, fast deployment of updates, immediate access to latest technologies.

Key Mechanisms

- Core function: The ability to rapidly develop, test, and launch software applications in a cloud environment. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Spinning up new environments in minutes, rapidly scaling applications, quickly testing new features, fast deployment of updates, immediate access to latest technologies. - Decision clue: A fintech startup needs to launch a new mobile payment feature within 2 weeks to compete with rivals.

Review Path

Review path:

1. Open Azure portal 2. Search for Cloud Agility 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Geographical areas containing one or more datacenters that are nearby and networked together with a low-latency network. Each region is designed to offer services within specific geographic boundaries to ensure data residency, compliance, and resilience requirements.

Examples

East US, West Europe, Southeast Asia, Australia East, Brazil South - each region contains multiple datacenters for redundancy.

Key Mechanisms

- Core function: Geographical areas containing one or more datacenters that are nearby and networked together with a low-latency network. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: East US, West Europe, Southeast Asia, Australia East, Brazil South - each region contains multiple datacenters for redundancy. - Decision clue: A European company must comply with GDPR data residency requirements.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Regions 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Physically separate locations within an Azure region, each with independent power, cooling, and networking. They are connected by high-performance networks with low latency, providing redundancy and fault tolerance within a region.

Examples

In East US region there are 3 availability zones (AZ1, AZ2, AZ3), virtual machines can be deployed across zones, zone-redundant storage replicates data across zones.

Key Mechanisms

- Core function: Physically separate locations within an Azure region, each with independent power, cooling, and networking. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: In East US region there are 3 availability zones (AZ1, AZ2, AZ3), virtual machines can be deployed across zones, zone-redundant storage replicates data across zones. - Decision clue: An e-commerce company wants 99.99% uptime for their online store.

Review Path

Review path:

1. Open Azure portal 2. Search for Availability Zones 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Logical containers for resources deployed on Azure, used to organize and manage related resources that share the same lifecycle, permissions, and policies. All resources in a resource group should share the same lifecycle - deploy, update, and delete together.

Examples

Web app resource group with VMs, databases, load balancers; Development environment with all dev resources; Production resource group with prod-only resources.

Key Mechanisms

- Core function: Logical containers for resources deployed on Azure, used to organize and manage related resources that share the same lifecycle, permissions, and policies. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Web app resource group with VMs, databases, load balancers; Development environment with all dev resources; Production resource group with prod-only resources. - Decision clue: A company has separate development, staging, and production environments for their web application.

Review Path

Review path:

1. Open Azure portal 2. Search for Resource Groups 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The deployment and management service for Azure that provides a consistent management layer for creating, updating, and deleting resources in your Azure account. ARM enables infrastructure as code through templates and provides unified management through various interfaces.

Examples

ARM templates for infrastructure as code, deploying entire environments consistently, managing resource lifecycles, role-based access control, resource tagging and policies.

Key Mechanisms

- Core function: The deployment and management service for Azure that provides a consistent management layer for creating, updating, and deleting resources in your Azure account. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: ARM templates for infrastructure as code, deploying entire environments consistently, managing resource lifecycles, role-based access control, resource tagging and policies. - Decision clue: A DevOps team needs to deploy identical web application environments across development, staging, and production.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Resource Manager (ARM) 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

On-demand, scalable computing resources that provide the flexibility of virtualization without having to buy and maintain physical hardware. VMs give you complete control over the operating system and applications.

Examples

Windows Server VMs for legacy applications, Linux VMs for web servers, GPU VMs for machine learning, development and testing environments.

Key Mechanisms

- Core function: On-demand, scalable computing resources that provide the flexibility of virtualization without having to buy and maintain physical hardware. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Windows Server VMs for legacy applications, Linux VMs for web servers, GPU VMs for machine learning, development and testing environments. - Decision clue: A company needs to migrate their legacy Windows-based ERP system to the cloud.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Virtual Machines 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A fully managed platform for building, deploying, and scaling web apps and APIs without managing the underlying infrastructure. Azure handles the operating system, patching, load balancing, and auto-scaling automatically.

Examples

Web applications (ASP.NET, Node.js, Python), mobile app backends, RESTful APIs, static websites, progressive web apps.

Key Mechanisms

- Core function: A fully managed platform for building, deploying, and scaling web apps and APIs without managing the underlying infrastructure. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Web applications (ASP.NET, Node.js, Python), mobile app backends, RESTful APIs, static websites, progressive web apps. - Decision clue: A startup builds a social media web app using React frontend and Node.js backend.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure App Service 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The fastest and simplest way to run containers in Azure without managing virtual machines or adopting a higher-level service. Perfect for isolated containers, simple applications, task automation, and development scenarios.

Examples

Running Docker containers, batch processing jobs, microservices, CI/CD build agents, quick prototyping, burst capacity for AKS.

Key Mechanisms

- Core function: The fastest and simplest way to run containers in Azure without managing virtual machines or adopting a higher-level service. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Running Docker containers, batch processing jobs, microservices, CI/CD build agents, quick prototyping, burst capacity for AKS. - Decision clue: A data science team needs to run batch processing jobs that analyze customer data nightly.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Container Instances 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A managed Kubernetes container orchestration service that simplifies deploying, managing, and scaling containerized applications using Kubernetes without the complexity of managing the Kubernetes infrastructure.

Examples

Orchestrating microservices architectures, auto-scaling containerized applications, CI/CD pipelines, running multiple containers that work together.

Key Mechanisms

- Core function: A managed Kubernetes container orchestration service that simplifies deploying, managing, and scaling containerized applications using Kubernetes without the complexity of managing the Kubernetes infrastructure. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Orchestrating microservices architectures, auto-scaling containerized applications, CI/CD pipelines, running multiple containers that work together. - Decision clue: A large e-commerce company has dozens of microservices (user service, payment service, inventory service, etc.) running in containers.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Kubernetes Service (AKS) 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A serverless computing service that lets you run code on-demand without managing infrastructure. You write functions that respond to events and Azure automatically handles scaling, server management, and resource allocation.

Examples

HTTP API endpoints, timer-based processing, responding to file uploads, database change triggers, IoT device data processing, image resizing.

Key Mechanisms

- Core function: A serverless computing service that lets you run code on-demand without managing infrastructure. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: HTTP API endpoints, timer-based processing, responding to file uploads, database change triggers, IoT device data processing, image resizing. - Decision clue: A photo sharing app needs to automatically create thumbnails when users upload images.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Functions 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A service for storing large amounts of unstructured data, such as text or binary data. Blobs (Binary Large Objects) can be accessed from anywhere via HTTP/HTTPS and are ideal for serving content directly to users or applications.

Examples

Website images and videos, document storage, application data backups, data archives, media files for streaming, static website hosting.

Key Mechanisms

- Core function: A service for storing large amounts of unstructured data, such as text or binary data. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Website images and videos, document storage, application data backups, data archives, media files for streaming, static website hosting. - Decision clue: A media company stores millions of photos and videos in blob storage.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Blob Storage 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

High-performance, durable block storage designed for Azure Virtual Machines and applications that need persistent, low-latency disk access. Managed disks handle replication, availability, and scaling automatically.

Examples

OS disks for VMs, data disks for databases, temporary disks for caching, ultra disks for IO-intensive workloads, disk snapshots for backup.

Key Mechanisms

- Core function: High-performance, durable block storage designed for Azure Virtual Machines and applications that need persistent, low-latency disk access. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: OS disks for VMs, data disks for databases, temporary disks for caching, ultra disks for IO-intensive workloads, disk snapshots for backup. - Decision clue: A financial trading company runs high-frequency trading algorithms on Azure VMs.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Disk Storage 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Fully managed file shares in the cloud accessible via industry-standard SMB (Server Message Block) and NFS protocols. Multiple VMs and applications can mount the same file share simultaneously for shared access to files.

Examples

Shared application configuration files, content management systems, development tools and scripts, lift-and-shift scenarios, shared logs across multiple servers.

Key Mechanisms

- Core function: Fully managed file shares in the cloud accessible via industry-standard SMB (Server Message Block) and NFS protocols. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Shared application configuration files, content management systems, development tools and scripts, lift-and-shift scenarios, shared logs across multiple servers. - Decision clue: A software development company has multiple development servers that need access to shared project files, templates, and build artifacts.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure File Storage 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Different access tiers for blob storage optimized for different data access patterns and costs. The tiers balance between storage cost and access cost - frequent access costs more to store but less to access.

Examples

Hot tier for active website content, Cool tier for monthly reports, Archive tier for compliance data, Premium for high-performance applications.

Key Mechanisms

- Core function: Different access tiers for blob storage optimized for different data access patterns and costs. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Hot tier for active website content, Cool tier for monthly reports, Archive tier for compliance data, Premium for high-performance applications. - Decision clue: A healthcare organization stores patient records with different access patterns: current patient files in Hot tier for immediate access, previous year records in Cool tier for occasional access, and 10+ year old records in Archive tier for legal compliance, saving 80% on storage costs.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Storage Tiers 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A fully managed Platform as a Service (PaaS) database engine that handles most database management functions such as upgrading, patching, backups, and monitoring without user involvement. Based on Microsoft SQL Server engine with built-in intelligence and security.

Examples

Web application databases, data warehousing, business intelligence workloads, mission-critical applications, multi-tenant SaaS applications.

Key Mechanisms

- Core function: A fully managed Platform as a Service (PaaS) database engine that handles most database management functions such as upgrading, patching, backups, and monitoring without user involvement. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Web application databases, data warehousing, business intelligence workloads, mission-critical applications, multi-tenant SaaS applications. - Decision clue: A financial services company migrates their customer database to Azure SQL Database, gaining automatic backups, 99.99% availability SLA, built-in security features, and intelligent performance optimization without managing database servers or maintenance windows.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure SQL Database 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A fully managed database service based on the community PostgreSQL database engine. Azure handles infrastructure management, allowing developers to focus on application development while ensuring high availability, security, and performance.

Examples

Web applications, geospatial applications, financial applications, content management systems, applications requiring JSON data types and advanced indexing.

Key Mechanisms

- Core function: A fully managed database service based on the community PostgreSQL database engine. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Web applications, geospatial applications, financial applications, content management systems, applications requiring JSON data types and advanced indexing. - Decision clue: A GIS mapping company uses Azure Database for PostgreSQL for its geospatial applications, leveraging PostgreSQL's advanced geographic features while Azure provides automatic scaling, security, and 99.99% uptime for their location-based services.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Database for PostgreSQL 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A fully managed database service based on the MySQL Community Edition. Provides built-in high availability, security, and performance optimization while maintaining compatibility with existing MySQL applications and tools.

Examples

Web applications (WordPress, Drupal), e-commerce platforms, content management systems, LAMP stack applications, mobile app backends.

Key Mechanisms

- Core function: A fully managed database service based on the MySQL Community Edition. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Web applications (WordPress, Drupal), e-commerce platforms, content management systems, LAMP stack applications, mobile app backends. - Decision clue: An e-commerce startup running WordPress chooses Azure Database for MySQL to power their online store, getting MySQL compatibility for their existing plugins while Azure provides automatic scaling during traffic spikes and built-in security features.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Database for MySQL 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A globally distributed, multi-model database service designed for mission-critical applications. Provides guaranteed single-digit millisecond latencies, 99.999% availability, and supports multiple data models including SQL, MongoDB, Cassandra, Gremlin, and Table APIs.

Examples

IoT data ingestion, real-time personalization, gaming leaderboards, chat applications, product catalogs, session stores, globally distributed applications.

Key Mechanisms

- Core function: A globally distributed, multi-model database service designed for mission-critical applications. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: IoT data ingestion, real-time personalization, gaming leaderboards, chat applications, product catalogs, session stores, globally distributed applications. - Decision clue: A global gaming company uses Cosmos DB to store player profiles and game state across multiple regions.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Cosmos DB 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A managed service that provides reliable and secure bidirectional communications between IoT devices and the cloud. IoT Hub enables monitoring, managing, and controlling billions of IoT devices at scale.

Examples

Smart city sensors, industrial equipment monitoring, connected vehicles, smart home devices, environmental monitoring, asset tracking.

Key Mechanisms

- Core function: A managed service that provides reliable and secure bidirectional communications between IoT devices and the cloud. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Smart city sensors, industrial equipment monitoring, connected vehicles, smart home devices, environmental monitoring, asset tracking. - Decision clue: A manufacturing company connects 10,000 production machines to IoT Hub to monitor temperature, vibration, and performance in real-time.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure IoT Hub 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An enterprise analytics service that brings together big data and data warehousing. It gives you the freedom to query data on your terms, using serverless or dedicated compute resources at scale.

Examples

Data warehousing, big data analytics, business intelligence, real-time analytics, data lake exploration, machine learning integration.

Key Mechanisms

- Core function: An enterprise analytics service that brings together big data and data warehousing. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Data warehousing, big data analytics, business intelligence, real-time analytics, data lake exploration, machine learning integration. - Decision clue: A retail chain analyzes petabytes of customer transaction data, inventory levels, and market trends using Synapse Analytics.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Synapse Analytics 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud service for accelerating and managing the machine learning project lifecycle. It provides tools for data scientists and developers to build, train, and deploy machine learning models faster and with confidence.

Examples

Predictive analytics, image recognition, natural language processing, fraud detection, recommendation systems, demand forecasting.

Key Mechanisms

- Core function: A cloud service for accelerating and managing the machine learning project lifecycle. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Predictive analytics, image recognition, natural language processing, fraud detection, recommendation systems, demand forecasting. - Decision clue: A bank uses Azure ML to detect fraudulent credit card transactions in real-time.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Machine Learning 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A comprehensive suite of development collaboration tools including version control, build automation, testing, project management, and deployment services. It supports both cloud-hosted and on-premises deployments.

Examples

Git repositories, CI/CD pipelines, Agile project management, automated testing, code review workflows, artifact management, deployment to multiple environments.

Key Mechanisms

- Core function: A comprehensive suite of development collaboration tools including version control, build automation, testing, project management, and deployment services. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Git repositories, CI/CD pipelines, Agile project management, automated testing, code review workflows, artifact management, deployment to multiple environments. - Decision clue: A software development team uses Azure DevOps to manage their entire development lifecycle: storing code in Git repos, tracking work items in Boards, building and testing code automatically with Pipelines, and deploying to Azure through release pipelines.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure DevOps 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud platform where you can create and run automated workflows with little to no code. Logic Apps helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services.

Examples

Email notifications when files are uploaded, data synchronization between systems, approval workflows, social media monitoring, scheduled batch processing.

Key Mechanisms

- Core function: A cloud platform where you can create and run automated workflows with little to no code. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Email notifications when files are uploaded, data synchronization between systems, approval workflows, social media monitoring, scheduled batch processing. - Decision clue: An HR department automates their onboarding process: when a new employee record is created in their HR system, Logic Apps automatically creates accounts in Office 365, sends welcome emails, assigns security groups, and creates a task list for IT setup.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Logic Apps 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription using a graphical user interface with dashboards, monitoring, and configuration capabilities.

Examples

Creating virtual machines through GUI, monitoring resource performance with charts, configuring security settings, managing billing and subscriptions, creating custom dashboards.

Key Mechanisms

- Core function: A web-based, unified console that provides an alternative to command-line tools. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Creating virtual machines through GUI, monitoring resource performance with charts, configuring security settings, managing billing and subscriptions, creating custom dashboards. - Decision clue: A system administrator uses Azure Portal to monitor their company's cloud resources through custom dashboards, quickly responds to alerts, provisions new resources for development teams, and manages user access permissions all from a single web interface.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Portal 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A set of cmdlets for managing Azure resources directly from PowerShell. Azure PowerShell is designed for developers and administrators who want to automate Azure management tasks using scripts and command-line tools.

Examples

Creating VMs with scripts, automating deployments, bulk resource management, scheduled maintenance tasks, backup automation, infrastructure as code.

Key Mechanisms

- Core function: A set of cmdlets for managing Azure resources directly from PowerShell. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Creating VMs with scripts, automating deployments, bulk resource management, scheduled maintenance tasks, backup automation, infrastructure as code. - Decision clue: A DevOps engineer writes PowerShell scripts to automatically provision identical development environments for 20 developers, including VMs, databases, and networking configurations, reducing setup time from hours to minutes.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure PowerShell 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cross-platform command-line tool that provides a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure.

Examples

Creating resource groups, deploying applications, managing storage accounts, configuring virtual networks, automating CI/CD pipelines, cross-platform scripting.

Key Mechanisms

- Core function: A cross-platform command-line tool that provides a set of commands used to create and manage Azure resources. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Creating resource groups, deploying applications, managing storage accounts, configuring virtual networks, automating CI/CD pipelines, cross-platform scripting. - Decision clue: A developer uses Azure CLI on their Mac to deploy a web application to Azure App Service, create a SQL database, and configure networking - all from terminal commands that work identically on Windows, Mac, and Linux.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure CLI 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

JSON files that define the infrastructure and configuration for your project using declarative syntax. ARM templates enable you to deploy, manage, and monitor resources as a group rather than handling them individually.

Examples

Infrastructure as Code, repeatable deployments, multi-environment consistency, complex resource dependencies, automated provisioning, configuration management.

Key Mechanisms

- Core function: JSON files that define the infrastructure and configuration for your project using declarative syntax. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Infrastructure as Code, repeatable deployments, multi-environment consistency, complex resource dependencies, automated provisioning, configuration management. - Decision clue: A company creates ARM templates for their three-tier web application (web servers, application servers, database) and deploys identical environments for development, testing, and production, ensuring consistency and reducing deployment errors.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Resource Manager (ARM) Templates 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's cloud-based identity and access management service that helps employees sign in and access resources.

Examples

Single sign-on to Microsoft 365, managing user identities across cloud applications, multi-factor authentication, conditional access policies.

Key Mechanisms

- Core function: Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's cloud-based identity and access management service that helps employees sign in and access resources. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Single sign-on to Microsoft 365, managing user identities across cloud applications, multi-factor authentication, conditional access policies. - Decision clue: A company with 500 employees needs to manage access to various cloud applications like Microsoft 365, Salesforce, and custom web apps.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Microsoft Entra ID 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Multi-factor authentication requires users to provide two or more verification factors to gain access to a resource, application, or online account.

Examples

Password + SMS code, biometric + app notification, smart card + PIN, Microsoft Authenticator app approval.

Key Mechanisms

- Core function: Multi-factor authentication requires users to provide two or more verification factors to gain access to a resource, application, or online account. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Password + SMS code, biometric + app notification, smart card + PIN, Microsoft Authenticator app approval. - Decision clue: A financial services company requires all employees accessing sensitive customer data to use MFA.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Multi-Factor Authentication (MFA) 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Zero Trust is a security model that assumes no user, device, or network can be trusted by default, requiring verification from everyone trying to access resources.

Examples

Verifying every login attempt, checking device compliance before access, monitoring all network traffic, least privilege access principles.

Key Mechanisms

- Core function: Zero Trust is a security model that assumes no user, device, or network can be trusted by default, requiring verification from everyone trying to access resources. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Verifying every login attempt, checking device compliance before access, monitoring all network traffic, least privilege access principles. - Decision clue: A healthcare organization implements Zero Trust by requiring all doctors and staff to authenticate every time they access patient records, regardless of their location.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Security Model 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud service for securely storing and accessing secrets, keys, and certificates. Key Vault provides centralized storage for application secrets with strict access control and audit logging.

Examples

API keys, database connection strings, SSL certificates, encryption keys, authentication tokens, passwords, service principal credentials.

Key Mechanisms

- Core function: A cloud service for securely storing and accessing secrets, keys, and certificates. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: API keys, database connection strings, SSL certificates, encryption keys, authentication tokens, passwords, service principal credentials. - Decision clue: A financial application stores database passwords, API keys, and SSL certificates in Key Vault instead of hardcoding them.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Key Vault 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A security layer that acts as a virtual firewall for controlling network traffic to and from Azure resources. NSGs contain security rules that allow or deny inbound and outbound network traffic based on source/destination, port, and protocol.

Examples

Allowing HTTP/HTTPS traffic to web servers, blocking direct RDP access from internet, permitting database connections only from app servers, creating DMZ segments.

Key Mechanisms

- Core function: A security layer that acts as a virtual firewall for controlling network traffic to and from Azure resources. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Allowing HTTP/HTTPS traffic to web servers, blocking direct RDP access from internet, permitting database connections only from app servers, creating DMZ segments. - Decision clue: A three-tier application uses NSGs to allow internet traffic only to the web tier on ports 80/443, permit web tier to communicate with app tier on port 8080, and allow app tier to access database tier on port 1433, blocking all other traffic.

Review Path

Review path:

1. Open Azure portal 2. Search for Network Security Groups (NSGs) 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A managed, cloud-based network security service that protects your Azure Virtual Network resources. Azure Firewall is a fully stateful firewall-as-a-service with built-in high availability and unrestricted cloud scalability.

Examples

Outbound filtering for VMs, application-level filtering, threat intelligence, DNS proxy, forced tunneling, integration with Azure Monitor.

Key Mechanisms

- Core function: A managed, cloud-based network security service that protects your Azure Virtual Network resources. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Outbound filtering for VMs, application-level filtering, threat intelligence, DNS proxy, forced tunneling, integration with Azure Monitor. - Decision clue: A company deploys Azure Firewall as a central security checkpoint for all outbound traffic from their virtual networks, blocking access to malicious websites, controlling which applications can communicate externally, and logging all network activity for compliance.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Firewall 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A service that provides enhanced DDoS mitigation features to defend against distributed denial-of-service attacks. It combines traffic monitoring, machine learning, and adaptive tuning to protect Azure applications.

Examples

Volumetric attacks mitigation, protocol attacks blocking, resource layer attacks prevention, always-on monitoring, attack analytics and reporting.

Key Mechanisms

- Core function: A service that provides enhanced DDoS mitigation features to defend against distributed denial-of-service attacks. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Volumetric attacks mitigation, protocol attacks blocking, resource layer attacks prevention, always-on monitoring, attack analytics and reporting. - Decision clue: An e-commerce website experiences a massive DDoS attack during Black Friday sales.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure DDoS Protection 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Virtual Desktop is a desktop and app virtualization service that runs in the cloud, providing users with a full Windows desktop experience from anywhere.

Examples

Remote work access to Windows 10/11 desktops, accessing legacy applications from modern devices, providing contractors with secure desktop environments.

Key Mechanisms

- Core function: Azure Virtual Desktop is a desktop and app virtualization service that runs in the cloud, providing users with a full Windows desktop experience from anywhere. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Remote work access to Windows 10/11 desktops, accessing legacy applications from modern devices, providing contractors with secure desktop environments. - Decision clue: A consulting firm needs to provide secure access to specialized software for remote contractors.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Virtual Desktop 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure VPN Gateway is a service that uses an encrypted tunnel to send network traffic between an Azure virtual network and on-premises locations over the public Internet.

Examples

Connecting branch offices to Azure, secure remote access for employees, hybrid cloud connectivity, site-to-site VPN connections.

Key Mechanisms

- Core function: Azure VPN Gateway is a service that uses an encrypted tunnel to send network traffic between an Azure virtual network and on-premises locations over the public Internet. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Connecting branch offices to Azure, secure remote access for employees, hybrid cloud connectivity, site-to-site VPN connections. - Decision clue: A manufacturing company has their main office connected to Azure via ExpressRoute but needs to connect 5 smaller branch offices.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure VPN Gateway 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

ExpressRoute creates private connections between Azure datacenters and infrastructure on premises or in a colocation environment, offering higher security, reliability, and speeds with lower latencies.

Examples

Dedicated 1Gbps or 10Gbps connections, hybrid cloud architectures, mission-critical workloads requiring consistent performance.

Key Mechanisms

- Core function: ExpressRoute creates private connections between Azure datacenters and infrastructure on premises or in a colocation environment, offering higher security, reliability, and speeds with lower latencies. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Dedicated 1Gbps or 10Gbps connections, hybrid cloud architectures, mission-critical workloads requiring consistent performance. - Decision clue: A financial trading firm requires ultra-low latency and high bandwidth for real-time trading applications.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure ExpressRoute 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Advisor is a personalized cloud consultant that analyzes your resource configuration and usage telemetry to recommend solutions that can improve performance, security, reliability, and reduce costs.

Examples

Cost optimization recommendations, security vulnerability alerts, performance improvement suggestions, high availability configuration advice.

Key Mechanisms

- Core function: Azure Advisor is a personalized cloud consultant that analyzes your resource configuration and usage telemetry to recommend solutions that can improve performance, security, reliability, and reduce costs. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Cost optimization recommendations, security vulnerability alerts, performance improvement suggestions, high availability configuration advice. - Decision clue: A startup has been running Azure resources for 6 months and wants to optimize costs.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Advisor 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Monitor collects, analyzes, and acts on telemetry data from your cloud and on-premises environments to help you understand how your applications are performing.

Examples

Application performance monitoring, infrastructure metrics, log analytics, alerting on system issues, custom dashboards.

Key Mechanisms

- Core function: Azure Monitor collects, analyzes, and acts on telemetry data from your cloud and on-premises environments to help you understand how your applications are performing. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Application performance monitoring, infrastructure metrics, log analytics, alerting on system issues, custom dashboards. - Decision clue: An e-commerce company monitors their web application performance during Black Friday sales.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Monitor 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Service Health provides personalized alerts and guidance when Azure service issues affect you, helping you monitor service health and understand the impact on your resources.

Examples

Notifications about Azure service outages, planned maintenance alerts, health advisories for security issues, service retirement announcements.

Key Mechanisms

- Core function: Azure Service Health provides personalized alerts and guidance when Azure service issues affect you, helping you monitor service health and understand the impact on your resources. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Notifications about Azure service outages, planned maintenance alerts, health advisories for security issues, service retirement announcements. - Decision clue: A SaaS company depends on Azure App Service for their customer-facing application.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Service Health 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A comprehensive suite of tools to help monitor, allocate, and optimize cloud costs across your Azure environment. It provides detailed cost analysis, budget management, and actionable recommendations to reduce spending while maintaining performance.

Examples

Cost analysis dashboards, spending budgets with alerts, resource optimization recommendations, cost allocation by department, usage trending and forecasting.

Key Mechanisms

- Core function: A comprehensive suite of tools to help monitor, allocate, and optimize cloud costs across your Azure environment. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Cost analysis dashboards, spending budgets with alerts, resource optimization recommendations, cost allocation by department, usage trending and forecasting. - Decision clue: A growing startup notices their Azure bill increasing rapidly.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Cost Management 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A comprehensive online tool that helps estimate costs for Azure services before deployment. You can configure various Azure services, specify requirements, and get detailed pricing estimates including different payment options and regional variations.

Examples

Estimating VM costs by size and region, calculating storage pricing for different tiers, bandwidth and networking charges, SQL Database pricing, App Service plans.

Key Mechanisms

- Core function: A comprehensive online tool that helps estimate costs for Azure services before deployment. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Estimating VM costs by size and region, calculating storage pricing for different tiers, bandwidth and networking charges, SQL Database pricing, App Service plans. - Decision clue: An enterprise is planning to migrate 50 applications to Azure.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Pricing Calculator 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The complete cost of owning and operating a system over its entire lifecycle, including initial purchase, ongoing operational costs, maintenance, upgrades, and end-of-life disposal. TCO analysis helps compare on-premises vs cloud solutions fairly.

Examples

Hardware costs, software licensing, power and cooling, IT staff salaries, facility costs, security measures, backup systems, disaster recovery infrastructure.

Key Mechanisms

- Core function: The complete cost of owning and operating a system over its entire lifecycle, including initial purchase, ongoing operational costs, maintenance, upgrades, and end-of-life disposal. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Hardware costs, software licensing, power and cooling, IT staff salaries, facility costs, security measures, backup systems, disaster recovery infrastructure. - Decision clue: A manufacturing company evaluates migrating their email system to Microsoft 365.

Review Path

Review path:

1. Open Azure portal 2. Search for Total Cost of Ownership (TCO) 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A service that allows you to create, assign, and manage policies to enforce organizational standards and assess compliance at scale. Azure Policy evaluates resources and highlights those that don't comply with policies you've created.

Examples

Requiring storage encryption, restricting VM sizes to control costs, enforcing resource naming conventions, mandating backup policies, preventing creation of resources in certain regions.

Key Mechanisms

- Core function: A service that allows you to create, assign, and manage policies to enforce organizational standards and assess compliance at scale. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Requiring storage encryption, restricting VM sizes to control costs, enforcing resource naming conventions, mandating backup policies, preventing creation of resources in certain regions. - Decision clue: A financial company must ensure all storage accounts are encrypted and VMs only use approved sizes for cost control.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Policy 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A system that provides fine-grained access management of Azure resources based on user roles and responsibilities. RBAC enables you to grant the minimum level of access that users need to perform their jobs, following the principle of least privilege.

Examples

Owner (full access), Contributor (manage but not assign permissions), Reader (view only), Virtual Machine Contributor (manage VMs only), custom roles for specific needs.

Key Mechanisms

- Core function: A system that provides fine-grained access management of Azure resources based on user roles and responsibilities. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Owner (full access), Contributor (manage but not assign permissions), Reader (view only), Virtual Machine Contributor (manage VMs only), custom roles for specific needs. - Decision clue: A large organization has developers, testers, and managers accessing different Azure resources.

Review Path

Review path:

1. Open Azure portal 2. Search for Role-Based Access Control (RBAC) 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A feature that prevents accidental deletion or modification of critical Azure resources by placing locks at the subscription, resource group, or resource level. Locks provide an extra layer of protection against human error.

Examples

Delete locks on production databases, ReadOnly locks on shared storage accounts, preventing accidental deletion of virtual networks, protecting critical VMs from modifications.

Key Mechanisms

- Core function: A feature that prevents accidental deletion or modification of critical Azure resources by placing locks at the subscription, resource group, or resource level. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Delete locks on production databases, ReadOnly locks on shared storage accounts, preventing accidental deletion of virtual networks, protecting critical VMs from modifications. - Decision clue: A company's production database was accidentally deleted by a new team member with Contributor access.

Review Path

Review path:

1. Open Azure portal 2. Search for Resource Locks 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A service that enables cloud architects to define a repeatable set of Azure resources that implement and adhere to organizational standards, patterns, and requirements. Blueprints package ARM templates, policies, RBAC assignments, and resource groups together.

Examples

ISO 27001 compliance templates, GDPR compliance blueprints, PCI-DSS frameworks, government security baselines, corporate governance standards.

Key Mechanisms

- Core function: A service that enables cloud architects to define a repeatable set of Azure resources that implement and adhere to organizational standards, patterns, and requirements. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: ISO 27001 compliance templates, GDPR compliance blueprints, PCI-DSS frameworks, government security baselines, corporate governance standards. - Decision clue: A multinational corporation needs to ensure all new Azure subscriptions comply with security standards and regulatory requirements.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Blueprints 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft's comprehensive privacy statement that describes how Microsoft collects, uses, and shares customer data across all Microsoft products and services, including Azure. It outlines data processing practices, user rights, and privacy controls.

Examples

Data collection transparency, user consent mechanisms, data retention policies, third-party sharing limitations, user access and deletion rights.

Key Mechanisms

- Core function: Microsoft's comprehensive privacy statement that describes how Microsoft collects, uses, and shares customer data across all Microsoft products and services, including Azure. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Data collection transparency, user consent mechanisms, data retention policies, third-party sharing limitations, user access and deletion rights. - Decision clue: A healthcare organization reviews the Microsoft Privacy Statement to understand how their patient data will be handled in Azure, ensuring it meets HIPAA requirements and provides the necessary privacy protections for sensitive medical information.

Review Path

Review path:

1. Open Azure portal 2. Search for Microsoft Privacy Statement 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A comprehensive resource that provides information about Microsoft's approach to security, privacy, compliance, and transparency across all cloud services. It serves as a central hub for trust-related information and compliance resources.

Examples

Compliance certifications (ISO 27001, SOC 2), security white papers, privacy documentation, audit reports, regulatory compliance guides.

Key Mechanisms

- Core function: A comprehensive resource that provides information about Microsoft's approach to security, privacy, compliance, and transparency across all cloud services. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Compliance certifications (ISO 27001, SOC 2), security white papers, privacy documentation, audit reports, regulatory compliance guides. - Decision clue: A financial services company uses the Trust Center to download SOC 2 audit reports, review ISO 27001 certifications, and access compliance documentation needed to demonstrate to regulators that their Azure deployment meets industry security standards.

Review Path

Review path:

1. Open Azure portal 2. Search for Microsoft Trust Center 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Comprehensive documentation that provides detailed information about Azure's compliance with various industry standards, regulations, and certifications. It includes compliance offerings, shared responsibility guidance, and implementation resources.

Examples

GDPR compliance guides, HIPAA implementation guidance, PCI DSS requirements mapping, SOX compliance frameworks, regional compliance documentation.

Key Mechanisms

- Core function: Comprehensive documentation that provides detailed information about Azure's compliance with various industry standards, regulations, and certifications. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: GDPR compliance guides, HIPAA implementation guidance, PCI DSS requirements mapping, SOX compliance frameworks, regional compliance documentation. - Decision clue: A multinational retailer uses Azure Compliance Documentation to understand PCI DSS requirements for processing credit card data, implements recommended controls, and provides auditors with Microsoft's compliance attestations to demonstrate secure payment processing.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Compliance Documentation 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A formal commitment between Microsoft and customers that defines the expected level of service availability and performance. SLAs specify uptime guarantees, performance targets, and service credits for when commitments are not met.

Examples

99.95% uptime for Virtual Machines, 99.9% for Azure App Service, 99.99% for Azure SQL Database, response time commitments, service credit calculations.

Key Mechanisms

- Core function: A formal commitment between Microsoft and customers that defines the expected level of service availability and performance. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: 99.95% uptime for Virtual Machines, 99.9% for Azure App Service, 99.99% for Azure SQL Database, response time commitments, service credit calculations. - Decision clue: An e-commerce company selects Azure services based on SLA requirements: they choose Premium VMs with 99.95% uptime SLA for critical workloads and receive service credits when availability falls below the guaranteed level during a recent outage.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Service Level Agreement (SLA) 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Various factors that can affect Service Level Agreement guarantees including service tier selection, multi-region deployment, availability zones usage, and architecture design choices. Understanding these factors helps optimize both availability and costs.

Examples

Single vs multi-instance deployments, availability zone distribution, service tier selection, regional vs global deployment, backup and redundancy strategies.

Key Mechanisms

- Core function: Various factors that can affect Service Level Agreement guarantees including service tier selection, multi-region deployment, availability zones usage, and architecture design choices. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Single vs multi-instance deployments, availability zone distribution, service tier selection, regional vs global deployment, backup and redundancy strategies. - Decision clue: A SaaS company improves their application SLA from 99.9% to 99.99% by deploying across multiple availability zones, using Premium storage tier, implementing load balancers, and adding automated failover, resulting in higher customer satisfaction.

Review Path

Review path:

1. Open Azure portal 2. Search for SLA Factors 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure services progress through different release stages: Private Preview (limited customers), Public Preview (open beta), and General Availability (GA - fully supported). Each stage has different SLA commitments, support levels, and pricing models.

Examples

New AI services in Preview, beta features in public preview, GA services with full SLA support, preview feature limitations, production readiness indicators.

Key Mechanisms

- Core function: Azure services progress through different release stages: Private Preview (limited customers), Public Preview (open beta), and General Availability (GA - fully supported). - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: New AI services in Preview, beta features in public preview, GA services with full SLA support, preview feature limitations, production readiness indicators. - Decision clue: A development team wants to use a new Azure AI service.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Preview and General Availability 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Cloud deployment models define where and how cloud resources are deployed. The three primary models are Public, Private, and Hybrid clouds, each offering different levels of control, flexibility, and cost considerations based on business requirements.

Examples

Microsoft Azure (Public), On-premises data centers (Private), Azure Arc enabling hybrid scenarios, AWS GovCloud for regulated industries, VMware Cloud on Azure for hybrid workloads.

Key Mechanisms

- Core function: Cloud deployment models define where and how cloud resources are deployed. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Azure (Public), On-premises data centers (Private), Azure Arc enabling hybrid scenarios, AWS GovCloud for regulated industries, VMware Cloud on Azure for hybrid workloads. - Decision clue: A financial institution uses a hybrid cloud model - keeping sensitive customer data in their private on-premises servers for regulatory compliance while leveraging public cloud services like Azure AI for fraud detection and analytics.

Review Path

Review path:

1. Open Azure portal 2. Search for Cloud Models 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The shared responsibility model defines the security and operational responsibilities split between the cloud provider (Microsoft) and the customer. The responsibility division changes based on the service type (IaaS, PaaS, SaaS), with the provider always responsible for the physical infrastructure and the customer always responsible for their data and identities.

Examples

Microsoft secures Azure data centers, you secure your passwords; Microsoft patches the hypervisor, you patch your VM OS; Microsoft protects network infrastructure, you configure network security groups.

Key Mechanisms

- Core function: The shared responsibility model defines the security and operational responsibilities split between the cloud provider (Microsoft) and the customer. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Microsoft secures Azure data centers, you secure your passwords; Microsoft patches the hypervisor, you patch your VM OS; Microsoft protects network infrastructure, you configure network security groups. - Decision clue: A company migrating to Azure needs to understand that while Microsoft handles physical security of data centers and keeps Azure services updated, the company must still manage user access, encrypt sensitive data, and configure security policies for their resources.

Review Path

Review path:

1. Open Azure portal 2. Search for Shared Responsibility Model 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The consumption-based pricing model means you pay only for the resources you actually use, when you use them. This operational expenditure (OpEx) approach eliminates upfront capital costs and allows for cost optimization through auto-scaling and resource management.

Examples

Azure Functions charging per execution, Virtual Machines billed per minute of usage, Storage accounts charging per GB stored and accessed, bandwidth charges based on actual data transfer.

Key Mechanisms

- Core function: The consumption-based pricing model means you pay only for the resources you actually use, when you use them. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Azure Functions charging per execution, Virtual Machines billed per minute of usage, Storage accounts charging per GB stored and accessed, bandwidth charges based on actual data transfer. - Decision clue: An e-commerce website experiences traffic spikes during Black Friday.

Review Path

Review path:

1. Open Azure portal 2. Search for Consumption-based Model 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Cloud services provide numerous advantages including cost savings, scalability, reliability, security, and global reach. Organizations benefit from reduced infrastructure management overhead, faster time to market, and the ability to focus on their core business rather than IT infrastructure.

Examples

Netflix scales globally without building data centers, startups launch without hardware investments, enterprises reduce IT staff overhead, automatic backups prevent data loss, global CDN improves user experience.

Key Mechanisms

- Core function: Cloud services provide numerous advantages including cost savings, scalability, reliability, security, and global reach. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Netflix scales globally without building data centers, startups launch without hardware investments, enterprises reduce IT staff overhead, automatic backups prevent data loss, global CDN improves user experience. - Decision clue: A healthcare startup needs to launch a telemedicine app quickly.

Review Path

Review path:

1. Open Azure portal 2. Search for Benefits of Cloud Services 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The three main cloud service models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Each provides different levels of abstraction and management, from full control with IaaS to complete abstraction with SaaS.

Examples

IaaS - Azure Virtual Machines; PaaS - Azure App Service, Azure SQL Database; SaaS - Microsoft 365, Dynamics 365, Salesforce, Gmail.

Key Mechanisms

- Core function: The three main cloud service models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: IaaS - Azure Virtual Machines; PaaS - Azure App Service, Azure SQL Database; SaaS - Microsoft 365, Dynamics 365, Salesforce, Gmail. - Decision clue: A company uses SaaS for email (Office 365), PaaS for their web application (App Service), and IaaS for their legacy system that needs custom OS configuration (Virtual Machine) - choosing the right abstraction level for each workload.

Review Path

Review path:

1. Open Azure portal 2. Search for Cloud Service Types 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Azure is responsible for the physical infrastructure, host operating system, hypervisor, network controls, and service availability. This includes data center security, hardware maintenance, network infrastructure, and ensuring the underlying platform is secure and available.

Examples

Physical security guards, server hardware maintenance, network firewalls, hypervisor updates, data center cooling, power redundancy, DDoS protection at infrastructure level.

Key Mechanisms

- Core function: Microsoft Azure is responsible for the physical infrastructure, host operating system, hypervisor, network controls, and service availability. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Physical security guards, server hardware maintenance, network firewalls, hypervisor updates, data center cooling, power redundancy, DDoS protection at infrastructure level. - Decision clue: When a hardware failure occurs in an Azure data center, Microsoft automatically moves your VM to healthy hardware without any action needed from you.

Review Path

Review path:

1. Open Azure portal 2. Search for Cloud Provider Responsibilities 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Customers are always responsible for their data, identities, access management, and client-side security regardless of the service type. Additional responsibilities vary by service model - more responsibilities in IaaS (OS, network), fewer in SaaS (just data and users).

Examples

User passwords and multi-factor authentication, data encryption at rest and in transit, network security group configurations, application-level security, backup strategies, compliance requirements.

Key Mechanisms

- Core function: Customers are always responsible for their data, identities, access management, and client-side security regardless of the service type. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: User passwords and multi-factor authentication, data encryption at rest and in transit, network security group configurations, application-level security, backup strategies, compliance requirements. - Decision clue: A company using Azure must ensure their employee passwords are strong, enable MFA for admin accounts, classify and encrypt sensitive data, configure firewall rules, and train users on security best practices - Microsoft provides the tools, but the customer must use them correctly.

Review Path

Review path:

1. Open Azure portal 2. Search for Customer Responsibilities 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure services are not available in every region simultaneously. New services typically launch in major regions first, then gradually expand to other regions. Regional availability affects service selection, compliance requirements, and disaster recovery planning.

Examples

Azure OpenAI initially launched in select regions like East US and West Europe; some preview services only available in specific regions; government cloud regions have different service availability.

Key Mechanisms

- Core function: Azure services are not available in every region simultaneously. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Azure OpenAI initially launched in select regions like East US and West Europe; some preview services only available in specific regions; government cloud regions have different service availability. - Decision clue: A European company needs to use Azure Cognitive Services but finds the specific AI model they need is only available in US regions.

Review Path

Review path:

1. Open Azure portal 2. Search for Regional Availability 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure regions are paired with another region within the same geography for disaster recovery and business continuity. Region pairs are at least 300 miles apart, receive platform updates sequentially (not simultaneously), and enable cross-region replication for certain services.

Examples

East US paired with West US, North Europe paired with West Europe, East Asia paired with Southeast Asia, Brazil South paired with South Central US.

Key Mechanisms

- Core function: Azure regions are paired with another region within the same geography for disaster recovery and business continuity. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: East US paired with West US, North Europe paired with West Europe, East Asia paired with Southeast Asia, Brazil South paired with South Central US. - Decision clue: A financial services company deploys their primary application in East US with automatic backup replication to West US (paired region).

Review Path

Review path:

1. Open Azure portal 2. Search for Region Pairs 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An Azure subscription is a logical container for your resources and serves as a billing boundary. Each subscription is associated with an Azure AD tenant and can contain multiple resource groups. Subscriptions provide isolation for billing, access management, and policy enforcement.

Examples

Development subscription for testing, Production subscription for live applications, separate subscriptions per department, subscription per project for cost tracking.

Key Mechanisms

- Core function: An Azure subscription is a logical container for your resources and serves as a billing boundary. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Development subscription for testing, Production subscription for live applications, separate subscriptions per department, subscription per project for cost tracking. - Decision clue: A company creates separate subscriptions for Development, Testing, and Production environments.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Subscriptions 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Management groups provide a level of scope above subscriptions to efficiently manage access, policies, and compliance across multiple Azure subscriptions. They enable enterprise-scale governance by applying policies and access controls at an organizational level.

Examples

Corporate management group containing all subscriptions, Department groups (HR, Finance, IT), Environment groups (Production, Development), Geographic groups (US, Europe, Asia).

Key Mechanisms

- Core function: Management groups provide a level of scope above subscriptions to efficiently manage access, policies, and compliance across multiple Azure subscriptions. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Corporate management group containing all subscriptions, Department groups (HR, Finance, IT), Environment groups (Production, Development), Geographic groups (US, Europe, Asia). - Decision clue: A multinational corporation uses management groups to enforce company-wide security policies across 50+ subscriptions.

Review Path

Review path:

1. Open Azure portal 2. Search for Management Groups 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Virtual Networks provide isolated and secure communication for Azure resources. VNets enable resources to communicate with each other, the internet, and on-premises networks. They support network segmentation, security controls, and hybrid connectivity.

Examples

Web applications in frontend subnet, databases in backend subnet, VPN gateway for site-to-site connectivity, network security groups for traffic filtering, peering between VNets.

Key Mechanisms

- Core function: Azure Virtual Networks provide isolated and secure communication for Azure resources. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Web applications in frontend subnet, databases in backend subnet, VPN gateway for site-to-site connectivity, network security groups for traffic filtering, peering between VNets. - Decision clue: A company creates a VNet with separate subnets for web servers (public) and database servers (private).

Review Path

Review path:

1. Open Azure portal 2. Search for Virtual Networks (VNet) 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Load Balancer distributes incoming network traffic across multiple healthy instances of services, ensuring no single server becomes overwhelmed. It operates at Layer 4 (transport layer) and provides high availability and scalability for applications.

Examples

Distributing web traffic across multiple VMs, load balancing database connections, internal load balancing for microservices, health probe monitoring for automatic failover.

Key Mechanisms

- Core function: Azure Load Balancer distributes incoming network traffic across multiple healthy instances of services, ensuring no single server becomes overwhelmed. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Distributing web traffic across multiple VMs, load balancing database connections, internal load balancing for microservices, health probe monitoring for automatic failover. - Decision clue: An e-commerce website uses Azure Load Balancer to distribute customer traffic across 5 web servers.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Load Balancer 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure DNS provides name resolution using Microsoft Azure infrastructure. It allows you to host your DNS domains in Azure and manage DNS records using the same credentials, APIs, tools, and billing as your other Azure services, with global availability and high performance.

Examples

Hosting company.com domain in Azure DNS, creating A records for web applications, CNAME records for CDN endpoints, MX records for email routing, managing subdomain delegation.

Key Mechanisms

- Core function: Azure DNS provides name resolution using Microsoft Azure infrastructure. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Hosting company.com domain in Azure DNS, creating A records for web applications, CNAME records for CDN endpoints, MX records for email routing, managing subdomain delegation. - Decision clue: A company migrates their website to Azure and uses Azure DNS to manage their domain records.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure DNS 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure CDN delivers high-bandwidth content to users by caching content at strategically placed physical nodes across the world. This reduces latency, improves user experience, and reduces load on origin servers by serving content from the nearest edge location.

Examples

Caching website images and videos at edge locations, delivering software downloads globally, streaming media content, accelerating API responses, caching static website content.

Key Mechanisms

- Core function: Azure CDN delivers high-bandwidth content to users by caching content at strategically placed physical nodes across the world. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Caching website images and videos at edge locations, delivering software downloads globally, streaming media content, accelerating API responses, caching static website content. - Decision clue: A media company uses Azure CDN to deliver video content globally.

Review Path

Review path:

1. Open Azure portal 2. Search for Content Delivery Network (CDN) 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Archive Storage is the lowest-cost storage tier designed for data that is rarely accessed and stored for at least 180 days. It provides the same durability as other Azure storage tiers but with longer access times and lower storage costs, ideal for long-term backup and compliance.

Examples

Legal document retention, regulatory compliance backups, historical data archiving, disaster recovery copies, old application logs, medical records retention.

Key Mechanisms

- Core function: Azure Archive Storage is the lowest-cost storage tier designed for data that is rarely accessed and stored for at least 180 days. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Legal document retention, regulatory compliance backups, historical data archiving, disaster recovery copies, old application logs, medical records retention. - Decision clue: A financial institution needs to retain transaction records for 7 years for regulatory compliance.

Review Path

Review path:

1. Open Azure portal 2. Search for Archive Storage 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure IoT Central is a fully managed IoT application platform that reduces the burden and cost of developing, managing, and maintaining enterprise-grade IoT solutions. It provides pre-built templates, device management, and analytics without requiring cloud solution expertise.

Examples

Smart building monitoring, retail analytics with sensors, agricultural monitoring systems, predictive maintenance for manufacturing, remote patient monitoring, environmental monitoring.

Key Mechanisms

- Core function: Azure IoT Central is a fully managed IoT application platform that reduces the burden and cost of developing, managing, and maintaining enterprise-grade IoT solutions. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Smart building monitoring, retail analytics with sensors, agricultural monitoring systems, predictive maintenance for manufacturing, remote patient monitoring, environmental monitoring. - Decision clue: A manufacturing company wants to monitor equipment temperature and vibration to predict failures.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Azure IoT Central 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure HDInsight is a cloud distribution of Hadoop components that makes it easy to process large amounts of data. It supports open-source frameworks like Spark, Hive, LLAP, Kafka, Storm, and R, providing big data analytics capabilities without infrastructure management.

Examples

Processing web logs with Spark, real-time stream processing with Kafka, data warehouse queries with Hive, machine learning with Spark MLlib, ETL operations on large datasets.

Key Mechanisms

- Core function: Azure HDInsight is a cloud distribution of Hadoop components that makes it easy to process large amounts of data. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Processing web logs with Spark, real-time stream processing with Kafka, data warehouse queries with Hive, machine learning with Spark MLlib, ETL operations on large datasets. - Decision clue: A retail company analyzes customer behavior by processing terabytes of transaction logs, clickstream data, and social media mentions using HDInsight Spark clusters to identify purchasing patterns and optimize marketing campaigns.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure HDInsight 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Databricks is an Apache Spark-based analytics platform optimized for Microsoft Azure. It provides collaborative workspace for data scientists, engineers, and analysts to work together on big data analytics and machine learning projects with enterprise security and scalability.

Examples

Machine learning model training, ETL data pipelines, real-time analytics, collaborative data science notebooks, streaming analytics, advanced analytics on data lakes.

Key Mechanisms

- Core function: Azure Databricks is an Apache Spark-based analytics platform optimized for Microsoft Azure. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Machine learning model training, ETL data pipelines, real-time analytics, collaborative data science notebooks, streaming analytics, advanced analytics on data lakes. - Decision clue: A healthcare organization uses Azure Databricks to analyze patient data, train predictive models for disease outcomes, and collaborate between data scientists and clinicians using shared notebooks while maintaining HIPAA compliance.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Databricks 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Serverless computing allows developers to build and run applications without managing servers. Azure handles infrastructure provisioning, scaling, and management automatically. You pay only for actual compute time used, with automatic scaling from zero to handle demand spikes.

Examples

Azure Functions for event processing, Logic Apps for workflow automation, serverless web APIs, image processing triggers, scheduled tasks, IoT data processing, webhook handlers.

Key Mechanisms

- Core function: Serverless computing allows developers to build and run applications without managing servers. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Azure Functions for event processing, Logic Apps for workflow automation, serverless web APIs, image processing triggers, scheduled tasks, IoT data processing, webhook handlers. - Decision clue: A photo sharing app uses serverless functions to automatically resize images when uploaded to storage, send notification emails when photos are shared, and generate thumbnails - scaling automatically from zero users to millions without server management.

Review Path

Review path:

1. Open Azure portal 2. Search for Serverless Computing 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Event Grid is a highly scalable, fully managed event routing service that enables event-driven architectures. It simplifies building applications with event-based architectures by providing reliable event delivery at massive scale with built-in filtering and routing capabilities.

Examples

Triggering functions when files are uploaded to storage, sending notifications when VMs are created, automating workflows when database changes occur, integrating with third-party services via webhooks.

Key Mechanisms

- Core function: Azure Event Grid is a highly scalable, fully managed event routing service that enables event-driven architectures. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Triggering functions when files are uploaded to storage, sending notifications when VMs are created, automating workflows when database changes occur, integrating with third-party services via webhooks. - Decision clue: An e-commerce platform uses Event Grid to coordinate order processing - when an order is placed, it automatically triggers inventory updates, payment processing, shipping notifications, and customer emails through different microservices.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Event Grid 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

GitHub Actions integrates seamlessly with Azure to provide CI/CD pipelines for Azure deployments. It enables automated building, testing, and deployment of applications to Azure services directly from GitHub repositories with built-in Azure integration and authentication.

Examples

Auto-deploy web apps to Azure App Service on code push, deploy ARM templates to create infrastructure, run automated tests before deployment, deploy container images to Azure Container Registry.

Key Mechanisms

- Core function: GitHub Actions integrates seamlessly with Azure to provide CI/CD pipelines for Azure deployments. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Auto-deploy web apps to Azure App Service on code push, deploy ARM templates to create infrastructure, run automated tests before deployment, deploy container images to Azure Container Registry. - Decision clue: A development team sets up GitHub Actions to automatically deploy their web application to Azure App Service whenever they merge code to the main branch, including automated testing, security scanning, and blue-green deployment strategies.

Review Path

Review path:

1. Open Azure portal 2. Search for GitHub Actions with Azure 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides both Bash and PowerShell experiences with pre-installed tools, persistent storage, and automatic authentication to Azure services.

Examples

Running Azure CLI commands from any browser, managing resources without local tool installation, executing ARM templates, running PowerShell scripts, accessing files from persistent storage.

Key Mechanisms

- Core function: Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Running Azure CLI commands from any browser, managing resources without local tool installation, executing ARM templates, running PowerShell scripts, accessing files from persistent storage. - Decision clue: A system administrator traveling without their laptop needs to quickly restart a virtual machine and check deployment status.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Cloud Shell 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The Azure mobile app enables you to manage Azure resources on-the-go from your smartphone or tablet. It provides access to key Azure services, monitoring capabilities, and the ability to perform administrative tasks from anywhere, with push notifications for important alerts.

Examples

Restarting VMs during outages, checking service health status, responding to monitoring alerts, viewing billing information, managing resource groups, accessing Cloud Shell from mobile.

Key Mechanisms

- Core function: The Azure mobile app enables you to manage Azure resources on-the-go from your smartphone or tablet. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Restarting VMs during outages, checking service health status, responding to monitoring alerts, viewing billing information, managing resource groups, accessing Cloud Shell from mobile. - Decision clue: An IT manager receives a critical alert about high CPU usage on production servers while attending a conference.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Mobile App 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Information Protection (AIP) is a cloud-based solution that helps organizations classify, label, and protect documents and emails. It provides persistent protection that travels with data, ensuring sensitive information remains secure regardless of where it's stored or shared.

Examples

Automatically labeling financial documents as "Confidential", preventing screenshots of sensitive emails, encrypting documents based on content, tracking document access and usage, applying watermarks to protected content.

Key Mechanisms

- Core function: Azure Information Protection (AIP) is a cloud-based solution that helps organizations classify, label, and protect documents and emails. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: Automatically labeling financial documents as "Confidential", preventing screenshots of sensitive emails, encrypting documents based on content, tracking document access and usage, applying watermarks to protected content. - Decision clue: A law firm uses Azure Information Protection to automatically classify legal documents, apply encryption based on client confidentiality levels, and track when sensitive documents are accessed or shared with external parties.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Information Protection 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Bastion is a fully managed PaaS service that provides secure RDP and SSH connectivity to virtual machines directly from the Azure portal without exposing VMs to public internet. It eliminates the need for public IP addresses on VMs while providing secure remote access.

Examples

Connecting to Windows VMs via RDP through browser, SSH access to Linux VMs without public IPs, secure administrative access to jump boxes, maintenance access to private network resources.

Key Mechanisms

- Core function: Azure Bastion is a fully managed PaaS service that provides secure RDP and SSH connectivity to virtual machines directly from the Azure portal without exposing VMs to public internet. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: Connecting to Windows VMs via RDP through browser, SSH access to Linux VMs without public IPs, secure administrative access to jump boxes, maintenance access to private network resources. - Decision clue: A company needs to provide secure access to production servers for system administrators.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Bastion 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure tags are name-value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups. Tags help organize resources for management, billing, security, and operational purposes.

Examples

Environment tags (Production, Development, Testing), Department tags (Finance, HR, IT), Project tags (ProjectA, Migration2024), Cost center tags, Owner tags (john.smith@company.com).

Key Mechanisms

- Core function: Azure tags are name-value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: Environment tags (Production, Development, Testing), Department tags (Finance, HR, IT), Project tags (ProjectA, Migration2024), Cost center tags, Owner tags (john.smith@company.com). - Decision clue: A company uses tags to track costs by department and project.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Tags 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Multiple factors influence Azure costs including resource type, usage patterns, location, instance size, storage type, data transfer, and reserved capacity. Understanding these factors helps optimize spending and predict costs accurately for budgeting and planning.

Examples

Larger VM sizes cost more, storage in premium regions costs more, outbound data transfer charges, peak-hour pricing for some services, reserved instances providing discounts, dev/test pricing for non-production workloads.

Key Mechanisms

- Core function: Multiple factors influence Azure costs including resource type, usage patterns, location, instance size, storage type, data transfer, and reserved capacity. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: Larger VM sizes cost more, storage in premium regions costs more, outbound data transfer charges, peak-hour pricing for some services, reserved instances providing discounts, dev/test pricing for non-production workloads. - Decision clue: A company analyzes their Azure bill and discovers high data transfer costs from hosting media files in expensive regions.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Cost Factors 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure sovereign regions are physically and logically isolated instances of Azure designed to meet specific compliance, regulatory, and sovereignty requirements for government and regulated industries. These regions operate independently with restricted access and enhanced security controls.

Examples

Azure Government (US federal, state, local), Azure China (operated by 21Vianet), Azure Germany (data residency), Azure Stack (on-premises sovereign cloud), specialized defense regions.

Key Mechanisms

- Core function: Azure sovereign regions are physically and logically isolated instances of Azure designed to meet specific compliance, regulatory, and sovereignty requirements for government and regulated industries. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: Azure Government (US federal, state, local), Azure China (operated by 21Vianet), Azure Germany (data residency), Azure Stack (on-premises sovereign cloud), specialized defense regions. - Decision clue: A US federal agency needs to store classified data in compliance with FedRAMP High requirements.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Sovereign Regions 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure Information Protection (AIP) is a cloud-based solution that helps organizations classify, label, and protect documents and emails. It provides persistent protection that travels with data, ensuring sensitive information remains secure regardless of where it's stored or shared.

Examples

Automatically labeling financial documents as "Confidential", preventing screenshots of sensitive emails, encrypting documents based on content, tracking document access and usage, applying watermarks to protected content.

Key Mechanisms

- Core function: Azure Information Protection (AIP) is a cloud-based solution that helps organizations classify, label, and protect documents and emails. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: Automatically labeling financial documents as "Confidential", preventing screenshots of sensitive emails, encrypting documents based on content, tracking document access and usage, applying watermarks to protected content. - Decision clue: A law firm uses Azure Information Protection to automatically classify legal documents, apply encryption based on client confidentiality levels, and track when sensitive documents are accessed or shared with external parties.

Review Path

Review path:

1. Open Azure portal 2. Search for Information Protection 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Defender for Identity (formerly Azure ATP) is a cloud-based security solution that helps protect enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats. It monitors and analyzes user activities and information across your network.

Examples

Detecting suspicious login attempts, identifying compromised credentials, monitoring privileged account usage, alerting on lateral movement attempts, detecting reconnaissance activities.

Key Mechanisms

- Core function: Microsoft Defender for Identity (formerly Azure ATP) is a cloud-based security solution that helps protect enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: Detecting suspicious login attempts, identifying compromised credentials, monitoring privileged account usage, alerting on lateral movement attempts, detecting reconnaissance activities. - Decision clue: A financial institution uses Defender for Identity to monitor all Active Directory sign-ins, detect when an admin account is used from an unusual location, and automatically alert security teams of potential account compromise.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Microsoft Defender for Identity 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Defender for Cloud (formerly Azure Security Center and Azure Defender) is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across hybrid workloads in the cloud and on-premises.

Examples

Scanning VMs for vulnerabilities, detecting malware, monitoring network traffic for threats, providing security recommendations, assessing compliance with security standards, protecting containers and databases.

Key Mechanisms

- Core function: Microsoft Defender for Cloud (formerly Azure Security Center and Azure Defender) is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across hybrid workloads in the cloud and on-premises. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: Scanning VMs for vulnerabilities, detecting malware, monitoring network traffic for threats, providing security recommendations, assessing compliance with security standards, protecting containers and databases. - Decision clue: An enterprise uses Defender for Cloud to continuously assess security across Azure resources, receive prioritized security recommendations, detect and respond to threats in real-time, and maintain compliance with industry regulations.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender for Cloud 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Business continuity is the ability to keep critical services operating during disruptions. In Azure fundamentals, this is tied to resiliency features such as redundancy, backup, failover, and disaster recovery planning.

Examples

include deploying applications across availability zones, replicating data to secondary regions, and using backup plus recovery plans for critical workloads.

Key Mechanisms

- Core function: Business continuity is the ability to keep critical services operating during disruptions. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Examples include deploying applications across availability zones, replicating data to secondary regions, and using backup plus recovery plans for critical workloads.

Review Path

Review path:

1. Open Azure portal 2. Search for Business Continuity 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

SLAs describe Microsoft’s uptime commitments for Azure services. They help you evaluate expected availability and design for the right level of resiliency.

Examples

A workload that requires higher uptime may use multiple VM instances or zone-redundant services to improve the overall availability target.

Key Mechanisms

- Core function: SLAs describe Microsoft’s uptime commitments for Azure services. - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: A workload that requires higher uptime may use multiple VM instances or zone-redundant services to improve the overall availability target.

Review Path

Review path:

1. Open Azure portal 2. Search for Service Level Agreements (SLAs) 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure services move through stages such as preview and general availability (GA). Exam questions typically focus on GA capabilities, but you should understand what preview means for support and production use.

Examples

Preview features may change more often and can have different support expectations than GA services.

Key Mechanisms

- Core function: Azure services move through stages such as preview and general availability (GA). - Category fit: This concept belongs to cloud concepts and should be identified by purpose, not just by name recognition. - Real signal: Preview features may change more often and can have different support expectations than GA services.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Service Lifecycle 3. Identify what business or security problem it solves within cloud concepts 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure organizes resources in a hierarchy that commonly includes management groups, subscriptions, resource groups, and resources. This hierarchy helps with governance, policy, access, and billing organization.

Examples

A company might use management groups for enterprise-wide policy, separate subscriptions for environments, and resource groups for application components.

Key Mechanisms

- Core function: Azure organizes resources in a hierarchy that commonly includes management groups, subscriptions, resource groups, and resources. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: A company might use management groups for enterprise-wide policy, separate subscriptions for environments, and resource groups for application components.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Resource Hierarchy 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Tags are name-value pairs added to Azure resources to support organization, cost tracking, automation, and governance. They are commonly used to identify owner, environment, cost center, or workload.

Examples

A VM might be tagged with Environment=Prod and CostCenter=Finance for reporting and policy purposes.

Key Mechanisms

- Core function: Tags are name-value pairs added to Azure resources to support organization, cost tracking, automation, and governance. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: A VM might be tagged with Environment=Prod and CostCenter=Finance for reporting and policy purposes.

Review Path

Review path:

1. Open Azure portal 2. Search for Resource Tags 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure governance tools help organizations standardize deployments, enforce compliance, and control cost. Common tools include Azure Policy, resource locks, tags, and management groups.

Examples

An organization can use Azure Policy to require tagging or restrict resource locations to approved regions.

Key Mechanisms

- Core function: Azure governance tools help organizations standardize deployments, enforce compliance, and control cost. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: An organization can use Azure Policy to require tagging or restrict resource locations to approved regions.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Governance Tools 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure resources can be managed through multiple interfaces, including the Azure portal, Azure CLI, Azure PowerShell, ARM/Bicep templates, and APIs.

Examples

An administrator may use the portal for quick changes and Bicep or ARM templates for repeatable deployment.

Key Mechanisms

- Core function: Azure resources can be managed through multiple interfaces, including the Azure portal, Azure CLI, Azure PowerShell, ARM/Bicep templates, and APIs. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: An administrator may use the portal for quick changes and Bicep or ARM templates for repeatable deployment.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Management Interfaces 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure provides monitoring and management tools to observe resource health, performance, and activity. These include Azure Monitor, alerts, Log Analytics, and service health views.

Examples

A team might use Azure Monitor alerts to detect CPU spikes and Service Health to track platform issues.

Key Mechanisms

- Core function: Azure provides monitoring and management tools to observe resource health, performance, and activity. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: A team might use Azure Monitor alerts to detect CPU spikes and Service Health to track platform issues.

Review Path

Review path:

1. Open Azure portal 2. Search for Monitoring and Management Tools 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure compute services provide processing capability for applications and workloads. Common examples include virtual machines, containers, App Service, Azure Functions, and Azure Virtual Desktop.

Examples

A business might run a custom web app in App Service, background jobs in Functions, and legacy workloads in virtual machines.

Key Mechanisms

- Core function: Azure compute services provide processing capability for applications and workloads. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: A business might run a custom web app in App Service, background jobs in Functions, and legacy workloads in virtual machines.

Review Path

Review path:

1. Open Azure portal 2. Search for Compute Services 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure storage services provide durable and scalable options for structured and unstructured data. Common storage choices include blob, file, queue, and table storage.

Examples

Blob storage is commonly used for backups and media files, while Azure Files can support shared file access.

Key Mechanisms

- Core function: Azure storage services provide durable and scalable options for structured and unstructured data. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: Blob storage is commonly used for backups and media files, while Azure Files can support shared file access.

Review Path

Review path:

1. Open Azure portal 2. Search for Storage Services 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure networking services connect workloads, users, and services securely. Key fundamentals include virtual networks, subnets, DNS, VPN Gateway, Load Balancer, and Application Gateway.

Examples

A company can isolate web and database tiers using subnets inside a virtual network and publish apps through Application Gateway.

Key Mechanisms

- Core function: Azure networking services connect workloads, users, and services securely. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: A company can isolate web and database tiers using subnets inside a virtual network and publish apps through Application Gateway.

Review Path

Review path:

1. Open Azure portal 2. Search for Networking Services 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure supports managed relational database services for structured data workloads. These include offerings such as Azure SQL Database and Azure Database for PostgreSQL or MySQL.

Examples

An application might use Azure SQL Database for transactional data and built-in high availability.

Key Mechanisms

- Core function: Azure supports managed relational database services for structured data workloads. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: An application might use Azure SQL Database for transactional data and built-in high availability.

Review Path

Review path:

1. Open Azure portal 2. Search for Relational Databases 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure security and defense capabilities help protect identities, workloads, networks, and data. This includes tools such as Microsoft Defender for Cloud, NSGs, Key Vault, and security monitoring.

Examples

A workload can use Key Vault for secret storage and Defender for Cloud for posture recommendations.

Key Mechanisms

- Core function: Azure security and defense capabilities help protect identities, workloads, networks, and data. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: A workload can use Key Vault for secret storage and Defender for Cloud for posture recommendations.

Review Path

Review path:

1. Open Azure portal 2. Search for Security and Defense in Azure 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Identity and access management in Azure focuses on authentication, authorization, and secure administration. Microsoft Entra ID, Conditional Access, RBAC, and MFA are central concepts.

Examples

An admin can use RBAC to grant least-privilege access and Conditional Access to enforce MFA for sensitive sign-ins.

Key Mechanisms

- Core function: Identity and access management in Azure focuses on authentication, authorization, and secure administration. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: An admin can use RBAC to grant least-privilege access and Conditional Access to enforce MFA for sensitive sign-ins.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Identity and Access Management 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure provides compliance documentation, privacy commitments, and trust resources to help organizations evaluate Microsoft cloud services. These resources support audit, risk, and legal review.

Examples

Customers often review Microsoft’s compliance documentation and regional data handling commitments during vendor assessment.

Key Mechanisms

- Core function: Azure provides compliance documentation, privacy commitments, and trust resources to help organizations evaluate Microsoft cloud services. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: Customers often review Microsoft’s compliance documentation and regional data handling commitments during vendor assessment.

Review Path

Review path:

1. Open Azure portal 2. Search for Privacy and Compliance Resources 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Deployment consistency means using repeatable methods to create Azure resources the same way every time. Infrastructure as code and templates help reduce drift and manual error.

Examples

Bicep or ARM templates can deploy the same environment across dev, test, and production with consistent settings.

Key Mechanisms

- Core function: Deployment consistency means using repeatable methods to create Azure resources the same way every time. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: Bicep or ARM templates can deploy the same environment across dev, test, and production with consistent settings.

Review Path

Review path:

1. Open Azure portal 2. Search for Deployment Consistency 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Conditional Access evaluates signals such as user, device, location, and risk to decide whether access should be allowed, blocked, or require additional controls like MFA.

Examples

A sign-in from an unmanaged device might be blocked or forced to use MFA before access is granted.

Key Mechanisms

- Core function: Conditional Access evaluates signals such as user, device, location, and risk to decide whether access should be allowed, blocked, or require additional controls like MFA. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: A sign-in from an unmanaged device might be blocked or forced to use MFA before access is granted.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Conditional Access 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure CDN caches content at edge locations to improve performance, reduce latency, and deliver static or media assets closer to users.

Examples

A global website can use Azure CDN to serve images, scripts, and videos faster to users in different regions.

Key Mechanisms

- Core function: Azure CDN caches content at edge locations to improve performance, reduce latency, and deliver static or media assets closer to users. - Category fit: This concept belongs to core azure services and should be identified by purpose, not just by name recognition. - Real signal: A global website can use Azure CDN to serve images, scripts, and videos faster to users in different regions.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure CDN 3. Identify what business or security problem it solves within core azure services 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Defense in depth is a layered approach to security. Instead of relying on one control, Azure uses multiple layers across identity, network, compute, applications, and data.

Examples

A workload might use MFA, NSGs, encryption, monitoring, and least-privilege access together rather than depending on a single protection layer.

Key Mechanisms

- Core function: Defense in depth is a layered approach to security. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: A workload might use MFA, NSGs, encryption, monitoring, and least-privilege access together rather than depending on a single protection layer.

Review Path

Review path:

1. Open Azure portal 2. Search for Defense in Depth 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Infrastructure as code uses templates or declarative files to deploy resources consistently. In Azure fundamentals, this is commonly associated with ARM templates and Bicep.

Examples

A team can deploy the same virtual network, storage account, and policies repeatedly using Bicep instead of creating them manually in the portal.

Key Mechanisms

- Core function: Infrastructure as code uses templates or declarative files to deploy resources consistently. - Category fit: This concept belongs to management and governance and should be identified by purpose, not just by name recognition. - Real signal: A team can deploy the same virtual network, storage account, and policies repeatedly using Bicep instead of creating them manually in the portal.

Review Path

Review path:

1. Open Azure portal 2. Search for Infrastructure as Code 3. Identify what business or security problem it solves within management and governance 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Single sign-on lets users authenticate once and then access multiple applications without signing in again each time. It improves user experience and reduces password friction.

Examples

A user signs in with Microsoft Entra ID and then opens several SaaS apps without repeated credential prompts.

Key Mechanisms

- Core function: Single sign-on lets users authenticate once and then access multiple applications without signing in again each time. - Category fit: This concept belongs to security and identity and should be identified by purpose, not just by name recognition. - Real signal: A user signs in with Microsoft Entra ID and then opens several SaaS apps without repeated credential prompts.

Review Path

Review path:

1. Open Azure portal 2. Search for Single Sign-On (SSO) 3. Identify what business or security problem it solves within security and identity 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at AZ-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.