The AZ-900 exam is the only one you need to pass to get the Azure Fundamentals certification. It is designed for people just starting in the Azure ecosystem. This exam is for people who want to show that they know the basics of cloud services and how Microsoft Azure provides those services. The exam is for people with non-technical backgrounds who sell or buy cloud-based solutions and services or have some other connection to them. It is also for people with a technical background who need to prove they know the basics of cloud services.

1. Describe cloud concepts (25–30%)

  • 1.1 Describe cloud computing
    • 1.1.1 Define cloud computing
      • Cloud Computing
        • The delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale.
    • 1.1.2 Describe the shared responsibility model
      • Shared Responsibility Model
        • The workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter
    • 1.1.3 Define cloud models, including public, private, and hybrid
      • Public Cloud
        • Services are offered over the public internet and available to anyone who wants to purchase them.
        • Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider and provide over the internet
      • Private Cloud
        • Consists of computing resources used exclusively by users from one business or organization.
        • A private cloud can be physically located at your organization’s on-site (on-premises) data center, or it can be hosted by a third-party service provider.
        • A company has complete control of the resources and security of its private cloud.
      • Hybrid Cloud
        • A hybrid cloud is a computing environment that combines a public cloud and a private one by allowing data and applications to be shared.
        • A hybrid cloud solution enables a company to control whether its applications run on-premises or in the cloud
    • 1.1.4 Identify appropriate use cases for each cloud model
      • Public Cloud
        • No capital expenditures to scale up.
        • Applications can be quickly provisioned and de-provisioned.
        • Organizations pay only for what they use.
      • Private Cloud
        • Hardware must be purchased for start-up and maintenance.
        • Organizations have complete control over resources and security.
        • Organizations are responsible for hardware maintenance and updates.
      • Hybrid Cloud
        • Provides the most flexibility.
        • Organizations determine where to run their applications.
        • Organizations control security, compliance, or legal requirements.
    • 1.1.5 Describe the consumption-based model
      • Consumption-Based Model
        • End users only pay for the resources that they use. Whatever they use is what they pay for.
        • Benefits:
          • No upfront costs
          • No need to purchase and manage the costly infrastructure that users might not use to its fullest.
          • The ability to pay for additional resources when they are needed.
          • The ability to stop paying for resources that are no longer needed.
    • 1.1.6 Compare cloud pricing models
      • Pay As You Go
        • You can pay for services on Azure according to actual usage, billed per second, with no long-term commitment or upfront payments.
        • This provides complete flexibility to increase or decrease resources as needed.
        • This pricing model is mainly suitable for users who prefer flexibility, prefer to convert capital expenses to operating expenses, and applications with volatile or short-term workloads.
      • Reserved Instances
        • Azure provides Reserved Virtual Machine Instances (RVMI)—virtual machines that are pre-purchased for one or three years in a specific region.
        • Committing to reserved instances in advance grants a discount of up to 72% compared to pay-as-you-go prices.
        • This pricing model is suitable for applications with stable ongoing usage, organizations that have a fixed budget, or large scale applications where a certain number of virtual machines are always in use
      • Spot Instances
        • Azure lets you buy unused computing power at a discount of up to 90% compared to pay-as-you-go prices.
        • However, spot instances can be interrupted on short notice, so they are considered to be suitable only for workloads that can tolerate disruptions.
        • Spot instances are mainly suitable for distributed, fault-tolerant applications, stateless applications, and workloads that are not urgent or are heavily parallelized.
  • 1.2 Describe the benefits of using cloud services
    • 1.2.1 Describe the benefits of high availability and scalability in the cloud
      • High Availability
        • Cloud providers offer a service-level agreement (SLA) that guarantees your cloud-based apps can provide a continuous user experience with no apparent downtime.
      • Scalability
        • Apps in the cloud can scale vertically and horizontally
          • Scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine.
          • Scaling horizontally increases compute capacity by adding instances of resources, such as adding VMs to the configuration.
    • 1.2.2 Describe the benefits of reliability and predictability in the cloud
      • Reliability
      • Predictability
        • Cloud computing is typically provided on a monthly pay-as-you-go financing model.
        • Cloud services can be built, maintained, and grown based on the actual usage or need of the application or workload which they are supporting.
        • Hence, the cost of IT operations can now be aligned with the business growth instead of requiring large capital expenses up front in anticipation of new businesses, customers, or applications.
    • 1.2.3 Describe the benefits of security and governance in the cloud
      • Security
      • Governance
    • 1.2.4 Describe the benefits of manageability in the cloud
      • Manageability
  • 1.3 Describe cloud service types
    • 1.3.1 Describe Infrastructure as a Service (IaaS)
      • Infrastructure as a Service (IaaS)
        • This cloud service model is the closest to managing physical servers; a cloud provider will keep the hardware up-to-date, but operating system maintenance and network configuration are up to you as the tenant.
    • 1.3.2 Describe Platform as a Service (PaaS)
      • Platform as a Service (PaaS)
        • This cloud service model is a managed hosting environment.
        • The cloud provider manages the virtual machines and networking resources, and the cloud tenant deploys their applications into the managing host environment.
        • Provides the ability to scale the platform automatically.
        • Provides professional development services to continuously add features to custom applications.
    • 1.3.3 Describe Software as a Service (SaaS)
      • Software as a Service (SaaS)
        • The cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. The cloud tenant only needs to provide their data to the application managed by the cloud provider.
    • 1.3.4 Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS)

2. Describe Azure architecture and services (35–40%)

  • 2.1 Describe the core architectural components of Azure
    • 2.1.1 Describe Azure regional, regional pairs, and sovereign regions
      • Azure Regions
        • A region is a geographical area on the planet that contains at least one but potentially multiple data centers that are nearby and networked together with a low-latency network.
        • Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.
        • Global regions provide better scalability and redundancy; they also preserve data residency for your services
        • Data traffic between Azure services within the same Azure region is always free.
      • Regional Pairs
        • Each Azure region is always paired with another region within the same geography (such as the US, Europe, or Asia) at least 300 miles away.
        • This approach allows for the replication of resources (such as VM storage) across geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect both regions at once.
        • If a region in a pair was affected by a natural disaster, for instance, services would automatically failover to the other region in its region pair.
      • Sovereign Regions
        • Azure Government Cloud Services
          • These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners.
          • These datacenters are operated by screened U.S. personnel and include additional compliance certifications.
          • Azure Government uses physically isolated datacenters and networks located in the US only.
        • Azure China Cloud Services
          • Available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn’t directly maintain the datacenters.
    • 2.1.2 Describe Availability Zones
      • Availability Zones
        • Availability zones are physically separated data centers within an Azure region
        • Each availability zone is made up of one or more data centers equipped with independent power, cooling, and networking.
        • If one zone goes down, the other continues working.
        • You can use availability zones to run mission-critical applications and build high-availability into your application architecture by co-locating your compute, storage, networking, and data resources within a zone and replicating them in other zones.
          • Keep in mind that there could be a cost to duplicating your services and transferring data between zones.
        • Availability zones are primarily for VMs, managed disks, load balancers, and SQL databases.
    • 2.1.3 Describe Azure datacenters
      • Azure Datacenters
        • A unique physical building that contains thousands of physical servers with its own power, cooling, and networking infrastructure.
    • 2.1.4 Describe Azure resources and resource groups
      • Resources
        • A manageable item that’s available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are examples of resources.
      • Resource Groups
        • Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
    • 2.1.5 Describe subscriptions
      • Subscriptions
        • A subscription provides you with authenticated and authorized access to Azure products and services.
        • A subscription groups together user accounts and the resources that have been created by those user accounts. There are limits or quotas for each subscription on the number of resources you can create and use.
        • Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.
    • 2.1.6 Describe management groups
      • Management Groups
        • These groups help you manage access, policy, and compliance for multiple subscriptions.
        • All subscriptions in a management group automatically inherit the conditions applied to the management group.
    • 2.1.7 Describe the hierarchy of resource groups, subscriptions, and management groups
  • 2.2 Describe Azure compute and networking services
    • 2.2.1 Compare compute types, including container instances, virtual machines (VMs), and functions
      • Container Instances
        • Containers are lightweight, virtualized application environments.
        • They’re designed to be quickly created, scaled out, and stopped dynamically.
        • You can run multiple instances of a containerized application on a single host machine.
      • Virtual Machines (VMs)
        • Virtual machines are software emulations of physical computers.
        • VMs host an operating system, and you can install and run software just like a physical computer.
      • Functions
        • Cloud service available on-demand that provides all the continually updated infrastructure and resources needed to run your applications.
        • Type of implementation of serverless compute.
        • Azure takes care of managing the server infrastructure and the allocation and deallocation of resources based on demand.
        • Scaling and performance are handled automatically.
        • You’re billed only for the exact resources you use.
    • 2.2.2 Describe VM options, including Azure Virtual Machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop
      • Azure Virtual Machines
        • With Azure Virtual Machines, you can create and use VMs in the cloud.
        • VMs provide infrastructure as a service (IaaS) in the form of a virtualized server
      • Azure Virtual Machine Scale Sets
        • Virtual machine scale sets let you create and manage a group of identical, load-balanced VMs.
        • Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes to provide highly available applications.
        • The number of VM instances can automatically increase or decrease in response to demand or a defined schedule.
        • With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads.
      • Availability Sets
        • An availability set is a logical grouping of VMs that allows Azure to understand how your application is built to provide for redundancy and availability.
        • An Availability Set distributes highly available workloads across multiple Fault Domains, thereby eliminating any single point of failure.
        • Unless the entire data center is down, your workload will keep running.
        • In essence, your workload is split between two or more racks, leveraging the redundant power supplies, network switches, etc, of each.
      • Azure Virtual Desktop
        • Azure Virtual Desktop is a desktop and application virtualization service that runs on the cloud.
        • It enables your users to use a cloud-hosted version of Windows from any location.
    • 2.2.3 Describe resources required for virtual machines
      • They include a virtual processor, memory, storage, and networking resources.
      • If an Azure virtual machine has a status of Stopped (deallocated), you will continue to pay for storage
    • 2.2.4 Describe application hosting options, including the Web Apps feature of Azure App Service, containers, and virtual machines
      • Azure App Service
        • App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure.
        • This platform as a service (PaaS) environment allows you to focus on the website and API logic while Azure handles the infrastructure to run and scale your web applications.
      • Containers
        • Containers are a virtualization environment.
        • Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host.
        • Unlike virtual machines, you don’t manage the operating system for a container.
    • 2.2.5 Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute
      • Azure virtual networking
        • Azure virtual networks enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers.
        • You can think of an Azure network as an extension of your on-premises network with resources that links to other Azure resources.
        • You are still charged for public IP addresses.
        • Capabilities:
          • Isolation and segmentation
          • Internet communications
          • Communicate between Azure resources
          • Communicate with on-premises resources
          • Route network traffic
          • Filter network traffic
          • Connect virtual networks
      • Azure virtual subnets
        • A subnet is a range of IP addresses in the virtual network.
        • You can divide a virtual network into multiple subnets for organization and security.
        • Each NIC in a VM is connected to one subnet in one virtual network.
        • NICs connected to subnets (same or different) within a virtual network can communicate with each other without any extra configuration.
      • Peering
        • You can link virtual networks together by using virtual network peering.
        • Peering enables resources in each virtual network to communicate with each other.
        • These virtual networks can be in separate regions, which allows you to create a global interconnected network through Azure.
      • Azure DNS
        • Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.
        • By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.
      • Azure VPN Gateway
        • Azure VPN Gateway instances are deployed in a dedicated subnet of the virtual network and enable the following connectivity:
          • Connect on-premises datacenters to virtual networks through a site-to-site connection.
          • Connect individual devices to virtual networks through a point-to-site connection.
          • Connect virtual networks to other virtual networks through a network-to-network connection.
        • A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer.
        • Only copying data from Azure to an on-premise network over the VPN generates additional Azure data transfer costs.
      • Azure ExpressRoute
        • ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider.
        • ExpressRoute connections don’t go over the public Internet; this allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.
        • When using an Azure ExpressRoute connection, inbound data traffic from an on-premises network to Azure is always free.
    • 2.2.6 Define public and private endpoints
      • Public Endpoints
        • A public endpoint for a managed instance enables data access to your managed instance from outside the virtual network.
      • Private Endpoints
        • Private endpoints provide a privately accessible IP address for the Azure service, but do not necessarily restrict public network access to it.
  • 2.3 Describe Azure storage services
    • 2.3.1 Compare Azure storage services
      • Disk Storage
        • Disk Storage provides disks for Azure virtual machines.
        • Applications and other services can access and use these disks as needed, similar to how they would in on-premises scenarios.
        • Disk Storage allows data to be persistently stored and accessed from an attached virtual hard disk.
      • Azure Blob Storage
        • Azure Blob Storage is an object storage solution for the cloud.
        • Azure Blob Storage is unstructured, meaning that there are no restrictions on the kinds of data it can hold.
        • Azure takes care of the physical storage needs.
      • Azure Files
        • Offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System protocols (Like a sharedrive).
    • 2.3.2 Describe storage tiers
      • Hot Tier
        • An online tier optimized for storing data that is accessed or modified frequently. The Hot tier has the highest storage costs, but the lowest access costs.
      • Cool Tier
        • An online tier optimized for storing data that is infrequently accessed or modified. Data in the Cool tier should be stored for a minimum of 30 days. The Cool tier has lower storage costs and higher access costs compared to the Hot tier.
      • Archive Tier
        • An offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements, on the order of hours. Data in the Archive tier should be stored for a minimum of 180 days.
    • 2.3.3 Describe redundancy options
      • Locally redundant storage (LRS)
        • Copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but is not recommended for applications requiring high availability or durability.
      • Zone-redundant storage (ZRS)
        • Copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.
      • Geo-redundant storage (GRS)
        • Copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region. Within the secondary region, your data is copied synchronously three times using LRS.
      • Geo-zone-redundant storage (GZRS)
        • Copies your data synchronously across three Azure availability zones in the primary region using ZRS. It then copies your data asynchronously to a single physical location in the secondary region. Within the secondary region, your data is copied synchronously three times using LRS.
    • 2.3.4 Describe storage account options and storage types
    • 2.3.5 Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync
      • AzCopy
        • AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
      • Azure Storage Explorer
        • Free tool to conveniently manage your Azure cloud storage resources from your desktop
      • Azure File Sync
        • Centralizes your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server.
        • Azure File Sync transforms Windows Server into a quick cache of your Azure file share.
    • 2.3.6 Describe migration options, including Azure Migrate and Azure Data Box
      • Azure Migrate
        • Azure Migrate provides a centralized hub to assess and migrate on-premises servers, infrastructure, applications, and data to Azure.
      • Azure Data Box
        • The Microsoft Azure Data Box cloud solution lets you send terabytes of data into and out of Azure in a quick, inexpensive, and reliable way.
        • The secure data transfer is accelerated by shipping you a proprietary Data Box storage device.
        • Each storage device has a maximum usable storage capacity of 80 TB and is transported to your datacenter through a regional carrier.
  • 2.4 Describe Azure identity, access, and security
    • 2.4.1 Describe directory services in Azure, including Azure Active Directory (Azure AD) and Azure Active Directory Domain Services (Azure AD DS)
      • Azure Active Directory (Azure AD)
        • A cloud-based identity and access management service. T
        • his service helps employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
        • Azure Active Directory also helps users access internal resources like apps on the corporate intranet network, along with any cloud apps developed for the organization.
      • Azure Active Directory Domain Services (Azure AD DS)
        • Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication.
        • You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.
    • 2.4.2 Describe authentication methods in Azure, including single sign-on (SSO), multifactor authentication, and passwordless
      • Single Sign-On (SSO)
        • An authentication method that allows users to sign in using one set of credentials to multiple independent software systems.
        • With SSO, users can access all needed applications without being required to authenticate using different credentials.
      • Multifactor Authentication
        • Multi-factor authentication is a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cellphone or a fingerprint scan.
      • Passwordless
    • 2.4.3 Describe external identities and guest access in Azure
      • External Identities
        • Azure AD External Identities refers to all the ways you can securely interact with users outside of your organization.
        • If you want to collaborate with partners, distributors, suppliers, or vendors, you can share your resources and define how your internal users can access external organizations.
        • With External Identities, external users can “bring their own identities.”
      • Guest Access
        • You can invite anyone to collaborate with your organization by adding them to your directory as a guest user.
        • Then you can either send an invitation email that contains a redemption link or send a direct link to an app you want to share.
        • Guest users can sign in with their own work, school, or social identities.
    • 2.4.4 Describe Azure AD Conditional Access
      • Azure AD Conditional Access
        • Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.
        • Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it.
    • 2.4.5 Describe Azure role-based access control (RBAC)
      • Azure Role-Based Access Control (RBAC)
        • Helps manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
    • 2.4.6 Describe the concept of Zero Trust
      • Zero Trust
        • The Zero Trust approach to cybersecurity entails denying all access to resources on the network until the request passes a verification.
        • Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.”
        • Every access request is fully authenticated, authorized, and encrypted before granting access.
    • 2.4.7 Describe the purpose of the defense in depth model
      • Defense in Depth Model
        • A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.
        • Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure.
        • This approach removes reliance on any single layer of protection.
    • 2.4.8 Describe the purpose of Microsoft Defender for Cloud
      • Microsoft Defender for Cloud
        • Defender for Cloud is a tool for security posture management and threat protection.
        • It strengthens the security posture of your cloud resources, and with its integrated Microsoft Defender plans, Defender for Cloud protects workloads running in Azure, hybrid, and other cloud platforms.
        • Defender for Cloud provides the tools needed to harden your resources, track your security posture, protect against cyberattacks, and streamline security management.
        • Microsoft Defender for Cloud helps streamline the process for meeting regulatory compliance requirements, using the regulatory compliance dashboard.

3. Describe Azure management and governance (30–35%)

  • 3.1 Describe cost management in Azure
    • 3.1.1 Describe factors that can affect costs in Azure
      • The factors that affect your costs are resource type, usage meters, resource usage, Azure subscription types, and Azure Marketplace.
    • 3.1.2 Compare the Pricing calculator and the Total Cost of Ownership (TCO) calculator
      • Pricing Calculator
        • A free tool used for calculating the estimated hourly or monthly costs for using Azure.
      • Total Cost of Ownership (TCO) Calculator
        • Free tool used for estimating the cost savings you can realize by migrating your workloads to Azure
    • 3.1.3 Describe the Azure Cost Management and Billing tool
      • Azure Cost Management
        • Cost Management shows the organizational cost and usage patterns with advanced analytics.
        • Reports in Cost Management show the usage-based costs consumed by Azure services and third-party Marketplace offerings.
        • Azure customers with an Azure Enterprise Agreement (EA), Microsoft Customer Agreement (MCA), or Microsoft Partner Agreement (MPA) can use Azure Cost Management.
      • Azure Billing Tool
        • Azure Billing features are used to review your invoiced costs and manage access to billing information.
        • You can use Budget alerts in Azure to send email alerts when the cost of the current billing period for an Azure subscription exceeds a specific limit.
    • 3.1.4 Describe the purpose of tags
      • Tags
        • For logically organizing Azure resources, resource groups, and subscriptions by values that make sense for the organization.
        • You can use Azure Policy to apply tags to resources
        • You can add multiple tags to the same Azure resource
        • Tags are NOT inherited from resource groups.
  • 3.2 Describe features and tools in Azure for governance and compliance
    • 3.2.1 Describe the purpose of Azure Blueprints
      • Azure Blueprints
        • Enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.
        • Makes it possible for development teams to rapidly build and stand up new environments with the trust they’re building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery.
    • 3.2.2 Describe the purpose of Azure Policy
      • Azure Policy
        • Azure Policy helps to enforce organizational standards and to assess compliance at scale.
        • Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity.
        • It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.
        • Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management.
    • 3.2.3 Describe the purpose of resource locks
      • Resource Locks
        • You can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.
        • The lock overrides any permissions the user might have.
        • An Azure resource can have multiple Delete locks
        • An Azure resource inherits locks from its resource group
        • CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
        • ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
    • 3.2.4 Describe the purpose of the Service Trust Portal
      • Service Trust Portal
        • Provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices.
        • Contains details about Microsoft’s implementation of controls and processes that protect our cloud services and the customer data therein.
  • 3.3 Describe features and tools for managing and deploying Azure resources
    • 3.3.1 Describe the Azure portal
      • Azure Portal
        • A web-based, unified console that provides an alternative to command-line tools.
        • With the Azure portal, you can manage your Azure subscription using a graphical user interface.
    • 3.3.2 Describe Azure Cloud Shell, including Azure CLI and Azure PowerShell
      • Azure Cloud Shell
        • Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources.
        • Azure CLI
          • Cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources.
          • It allows the execution of commands through a terminal using interactive command-line prompts or a script.
        • Azure PowerShell
          • Set of cmdlets for managing Azure resources directly from PowerShell.
    • 3.3.3 Describe the purpose of Azure Arc
      • Azure Arc
        • Azure Arc is a set of technologies that brings Azure security and cloud-native services to hybrid and multi-cloud environments.
        • Manage your entire environment together by projecting your existing non-Azure and/or on-premises resources into Azure Resource Manager.
    • 3.3.4 Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)
      • Azure Resource Manager
        • Azure Resource Manager is the deployment and management service for Azure.
        • It provides a management layer that enables you to create, update, and delete resources in your Azure account.
        • You use management features like access control, locks, and tags to secure and organize your resources after deployment.
      • Azure Resource Manager Templates (ARM Templates)
        • A Resource Manager template is a JSON file that defines what you want to deploy to Azure (Infrastructure and Configuration)
        • The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it.
        • In the template, you specify the resources to deploy and the properties for those resources.
  • 3.4 Describe monitoring tools in Azure
    • 3.4.1 Describe the purpose of Azure Advisor
      • Azure Advisor
        • It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, Reliability (formerly called High availability), and security of your Azure resources.
        • Can be used to estimate the costs of an Azure solution.
    • 3.4.2 Describe Azure Service Health
      • Azure Service Health
        • Service Health provides you with a customizable dashboard that tracks the health of your Azure services in the regions where you use them.
        • You can track active events like ongoing service issues, upcoming planned maintenance, or relevant health advisories.
        • You can use the Service Health dashboard to create and manage service health alerts that proactively notify you when service issues are affecting you.
    • 3.4.3 Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights
      • Azure Monitor
        • Log Analytics
          • A tool in the Azure portal used to edit and run log queries with data in Azure Monitor Logs.
          • Simple queries can return a set of records and then use for features of Log Analytics to sort, filter, and analyze them.
          • Advanced query perform statistical analysis and visualize the results in a chart to identify a particular trend.
        • Azure Monitor Alerts
          • Alerts proactively notify you when issues are found with your infrastructure or application using your monitoring data in Azure Monitor.
          • They allow you to identify and address issues before the users of your system notice them.
        • Application Insights
          • Monitors the availability, performance, and usage of web applications whether they’re hosted in the cloud or on-premises.
          • It leverages the powerful data analysis platform in Azure Monitor to provide you with deep insights into your application’s operations.
          • It enables you to diagnose errors without waiting for a user to report them.