Hello friends, this article is an important note for those who are preparing for AZ 900 Certification. Recently, I cleared AZ 900 exam and to prepare for that I created some notes which I am sharing via this article.
What is AZ 900?
AZ 900 is one of the fundamental exams for a candidate working on Azure. The AZ-900 exam is the lone exam expected to get the Azure Fundamentals certificate and a discretionary exam in the wide range of various Azure Paths. This exam is intended for applicants hoping to exhibit fundamental level information on cloud administrations and how those administrations are given by Microsoft Azure.
AZ 900 Exam highlights
- Once you are prepared for the exam, go to the Microsoft website and schedule your exam.
- At the scheduled exam time, be prepared with your laptop or desktop (Personal Laptop or Desktop is preferable to avoid any communication breakage)
- Be ready with valid ID proof issued by the government.
- Make sure you have a good internet connection.
- The mic and webcam should work properly on your laptop or desktop.
- You need to score 70% to pass. Till now, there is no negative marking.
- The number of questions may vary. In my case, there were 33 questions and most of the questions had 2 or 3 parts and each part contains 1 point/ mark.
AZ 900 Notes
Below are the topics covered in AZ 900 exam.
Describe cloud concepts (20-25%) Describe core Azure services (15-20%) Describe core solutions and management tools on Azure (10-15%) Describe general security and network security features (10-15%) Describe identity, governance, privacy, and compliance features (20-25%) Describe Azure cost management and Service Level Agreements (10-15%) Click here for more details.
Visit this link - Microsoft Azure Fundamentals (AZ-900) Certification Sample Questions
Azure Regions and Availability Zones
In this section, we will look into Azure Regions, Zones and availability.
- Azure Provides 60+ regions around the globe.
- Regions are geographical locations.
- Deploy your services to multiple regions which will give High Availability, Low Latency, and Geographical reach.
- Azure provides multiple Availability zones in a single Azure region.
- Each Availability Zone is one or more data centres and they have their own network connectivity and power resources.
- The Availability Zone in a region is connected with a low latency link.
- Availability Zones help to achieve high availability with low latency in the same region.
- Not all Azure regions have Availability Zones.
- Some of the availability Zones available in Azure regions
- East US – 3, West Europe – 3, Southeast Asia – 3, West Central US – 0
Detailed article available here – Azure Regions and Availability Zones
Subscription, Resource Groups, Management Groups and Tags
- Resource Group is the group of resources like Virtual Machine, Database etc.
- One resource group is associated with one Azure subscription.
- Azure resource hierarchy – Management Groups –> Azure Subscription –> Resource Group –> Resources
- One resource can be associated with only one resource group.
- A resource group can contain resources from multiple Azure regions.
- Resource groups are offered by Azure at no cost, we only pay for resources and not for resource groups.
- Permission applied to a resource group is automatically applied to resources available in that resource group.
- To manage cost and billing for the different departments within your organization, create different subscriptions.
- You cannot merge two subscriptions into one, however, you can move a resource from one subscription to another.
- In case a subscription is expired, you cannot create a resource, but data can be accessed.
- Tags are used to identify applications, resources, and environments for tracking and reporting purposes.
- It helps us to categorize the resources in Azure. Tags are not automatically inherited from the resource group to available resources within it.
How do I clear AZ 900 Exam? Watch the Video with Questions and Answers
Virtual Machines, Availability Set and Scale Set
- We deploy software or any application in the cloud on a Virtual Machine.
- A Virtual Machine with a premium SSD or Ultra disk will give 99.9 % SLA
- Virtual Machine with standard SSD disk will give 99.5 % SLA
- A standard HDD disk VM will give 95 % SLA
- 2 virtual machines in the same availability set give you 99.95% availability
- An availability set is a logical grouping of Virtual Machines.
- Azure provides 2 types of Availability sets. Fault Domain and Updated Domain
- Fault Domain – A group of virtual machines which share common network connectivity and power supply.
- Updated Domain – This logical group get restarted at the same time. All the maintenance happens in this group at the same time.
- Distributing VMs across multiple fault domains will increase availability.
- Creating multiple instances in 2 or more Availability Zones in same Azure region gives you 99.99% of availability.
- Virtual Machine Scale Set (VM Scale Set) allows you to create and manage a group of Azure Virtual Machines.
- VM Scale Set allows auto and manual scaling.
- A single scale set can allow up to 1000 VM instances.
- Auto-scaling in VM Scale Set can be configured based on CPU threshold, memory utilization etc.
- VM Scale Set creates a private IP address by default.
- Public IP addresses are chargeable.
- There are 2 types of scaling – Vertical Scaling and Horizontal Scaling
- Vertical Scaling – Increase the available hardware capacity eg Increasing RAM size.
- Horizontal Scaling – This allows for an increase in the instance of the number of Virtual Machines.
- 2 VMs of the same size can cost differently because they vary with time and region.
Detailed article available here – Azure Virtual Machines
IaaS, PaaS, SaaS and Containers
Detailed article available here – Azure Compute Services (IaaS, PaaS)
- IaaS (Infrastructure As A Service)– A cloud model which allows us to manage infrastructure from a Cloud service provider. In this cloud model, we are responsible for managing Virtual Machine, Database, OS, Load Balancer etc. With software, we have to manage underlying hardware as well.
- PaaS (Platform As A Service) – We are responsible only for our application deployment and related configuration. No need to worry about the underlying hardware. Azure App Service, Azure Container, and Azure Cosmos DB are examples of the PaaS models. In PaaS model, we can configure hardware needs and can configure for auto-scaling needs.
- SaaS (Software as a service) – We are responsible for using applications and not for deployment and maintenance. Google Docs, Office 365, and Dropbox are examples of SaaS models.
- Azure Containers are used to virtualize the software. We don’t need to manage any Virtual Machines.
- We can deploy the microservice-based applications to Azure with the help of Azure Containers.
- Azure Containers create a docker image for each microservice based on requirement. For eg – you can create a docker image for Windows + .NET and another image for Linux + PHP
- Azure offers Azure Service Fabric and Kubernetes for container orchestration.
- Kubernetes is a popular open-source container orchestration tool.
- Azure Service Fabric is a container orchestration tool which runs on the Azure cloud only.
Public Cloud, Private Cloud and Hybrid Cloud
- The public cloud allows you to host and deploy applications in the cloud with no data centre available on-premise. No Capital expenditure (CapEx) required, Pay as you go, underlying hardware maintained by Azure, hardware resources shared among multiple tenants.
- Private Cloud – It allows you to host and deploy everything within your own data centre. It needs Capital Expenditure, staff, and maintenance. Private Cloud provides a high level of security and privacy.
- Hybrid Cloud – It is the combination of Public and Private. For Example, an Application server is in an on-premise data centre and the database is in the Azure cloud.
Detailed article available here – Azure Compute Services (IaaS, PaaS)
Serverless, Azure Functions and Logic Apps
- Serverless doesn’t mean “No Server”, it simply means no need to focus on server and related entities., it also means zero visibility of servers.
- In Serverless, no request = no cost.
- Azure function is an example of Serverless computing.
- The Azure function allows you to pay for the number of requests raised and memory utilization. It supports all the major programming languages such as C#, Python, Java, TypeScript etc.
- To create Azure Function in Azure, search for Function App in Azure search bar.
- While creating Azure Function in Azure portal, just select the runtime (.Net, Java etc.) and select for things like availability set and availability zones are not available because it is not managed by us.
- Azure Functions are auto-scalable.
- Logic App is a serverless orchestration service in Azure. It is a no-code (or low code) solution and mostly works with GUI.
- Logic App can be useful to trigger events on a specific action such as sending an email.
- Azure offers in-built templates to create Logic Apps.
Read this for more details – Serverless Computing in Microsoft Azure
Article available here – Azure Storage
- Azure offers File Storage (Azure Files), Block Storage (Azure Disk) and Object Storage (Blob Storage).
- File storage can be shared between multiple Virtual Machines.
- Azure offers following data redundancy – LRS, ZRS, GRS, GZRS
- LRS (Locally Redundant Storage) – Sync 3 copies in the same data centre, less expensive and with the least availability
- ZRS (Zone Redundant Storage) – Sync 3 copies in 3 Availability Zones in the primary region.
- GRS (Geo Redundant Storage) – It is LRS + Async copy to the secondary region.
- GZRS (Geo Zone Redundant Storage) – ZRS + Async copy of data to secondary region. It is the most expensive and provides high availability.
- Azure Disk with standard HDD is recommended for backup storage.
- Standard SSD is recommended for lightweight applications.
- Azure Disk with premium/ Ultra SSD is recommended for production uses.
- Blob storage allows to the storage of huge unstructured data.
Microsoft Azure offers fully managed relational, NoSQL and in-memory databases for various uses.
Details article, available here – Azure Database
|Azure SQL Database||Managed Intelligent SQL in Azure & always up-to-date SQL instance. Gives 99.99 % availability|
|Azure Database for PostgreSQL||Build scalable, secure and fully managed enterprise-ready apps on open-source PostgreSQL|
|Azure My SQL||Deliver high availability to open-source mobile and web apps with a managed community MySQL database service|
|Azure Maria DB||Deliver high availability to open-source mobile and web apps with a managed community Maria database service|
|Azure Cosmos DB||Build applications with guaranteed low latency and high availability anywhere, at any scale or migrate Cassandra, MongoDB and other NoSQL tasks to the cloud|
|Azure Cache for Redis||Power fast, scalable applications with an open-source-compatible in-memory datastore|
|Azure Synapse Analytics||Database for Analytics|
Microsoft Azure Cosmos DB provides low latency and can offer sub-5-MS response time.
- Azure Virtual Network is your own isolated network in the Azure cloud, it is like LAN on your on-premise.
- Each virtual network is associated with1 region.
- A subnet is used to isolate public resources from private resources within Azure Virtual Network.
- All subnets (Private or Public) in a single virtual network (VNet) can communicate with each other.
- Each VM in a Virtual Network is assigned a private IP address. However, we can assign a public IP address as well.
- Network peering is possible to connect resources in different Azure Virtual Networks (In different Azure regions as well).
- Network Security Group (NSG) is an internal Firewall inside Azure Virtual Network. It allows/blocks traffic based on IP address and Port. NSG can restrict traffic between resources, it can allow Database access only to Web Servers from the outside world.
- NSG is attached with subnet and network interface.
- Azure Application Gateway can do URL-based routing. It is a web traffic load balancer which enables us to manage traffic to our web application hosted in the Azure cloud.
- Traditional Load balancer operates at the transport layer (OSI Layer 4 – TCP, UDP) to route traffic.
- Azure Firewall is a managed, centralized network firewall-as-a-service, it is outside of Azure Virtual Network.
- Allowed in-traffic will automatically pass out-traffic in Azure Firewall.
- One Azure Firewall can control traffic to multiple Azure Virtual Networks across multiple Azure subscriptions.
- Web Application Firewall is tied with one web application to protect from OWAS (cross-side scripting, SQL injection etc)
- Azure Express Route is a private and dedicated connection between Azure cloud and an on-premise data centre. It gives high bandwidth with high security.
Article available here – Networking in Azure
- Azure Security Center is a threat management and protection feature for the Azure cloud. It provides the security score to improve security by adding more security features.
- Basic protection and security are free in the Azure cloud.
- Azure Defender is additional security that you can enable. It is a costly feature by Azure. It provides threat protection for PaaS services.
- Azure Sentinel is an intelligent security analytics service for the entire enterprise. It is a security information and event management (SIEM).
- Azure Sentinel detect threats and respond very fast with the help of AI.
- To store access secrets such as API Keys, passwords, and Certificates we can use Azure Key Vault.
- Official definition by Microsoft – Azure Key Vault is a safeguard cryptographic keys and other secrets used by cloud apps and services.
- Azure AD Identity Management helps us to manage identity and access available in Azure cloud.
- To synchronize on-premise Active Directory with Azure AD we can use Azure AD Connect.
- Azure AD MFA (Multi-factor Authentication) – Azure AD MFA uses any 2 of the given authentication options – With user id and password, From a trusted device, Fingerprint or face recognition.
- To enable Azure AD MFA, you need to use Azure AD Identity protection.
- If a user is logging in from an unknown device or location, then mandate the MFA to provide security, this is called conditional access.
- Conditional Access is one of the premium features in Azure AD that comes with P1 and P2 licenses.
- We can change default directory in Azure, but this will not change billing ownership.
- One subscription can be connected to one Azure AD directory. You can associate multiple subscriptions to one Azure AD directory.
- RABC stands for Role based access control.
- When an Azure subscription expires, the associated Azure AD tenant is not deleted, later you can associate this to a different subscription.
Article available here – Security and Identity Management
Azure Management Tools
- Azure Advisor is a tool for recommendation to improve reliability, security and performance to achieve great service at a reduced cost. It recommends optimizing VM by applying auto-scaling which can reduce the cost.
- Azure Monitor is another tool which collects and analyzes logs and metrics. It is used to track events at the resource level. Azure Monitor can monitor resources across multiple subscriptions helps to identify issues and send alerts. It can monitor the on-premise environments as well.
- Application Insight – Azure monitor service to monitor/ diagnose application-related issues,
- VM Insight – Monitor health of VM and scale set,
- Container Insight -To monitor containers available in your subscription.
- Log Analytics – Azure monitor service to send SMS, Email based on log and metrics.
- Azure Service Health is a personalized dashboard for receiving notifications, guidance, and technical support when Azure service issues, updates, or planned maintenance affect your Azure resources.
- Visit status.azure.com go know the Azure health region-wise.
- Azure Service Health also tells about an Azure service which will be decommissioned.
Article available here – Azure Advisor, Azure Monitor and Azure Service Health
Azure Service Level Agreement (SLA)
- SLA stands for Service Level Agreement. It is a formal agreement between the service provider and the customer.
- Azure gives a service credit in case it doesn’t meet the agreed SLA. If < 99.95 % then 10 % amount is credited, If < 99 % then 25 % amount is credited. You need to submit the Sla credit request to get service credit.
- Monthly uptime % = (Maximum Available Minutes – Down time)/(Maximum Available Minutes) * 100
- Azure Service Lifecycle follows 3 phases – Private Preview – It is an evaluation purpose release for a specific customer. You need to apply to using Private Preview. This release does not follow any SLA. Public Preview – It is available to all the Azure customers and it also has no defined SLA. Public Preview is not recommended for production or any critical business application. General Availability – This release is available to all customers and follows SLA as well.
Article available here – Azure Service Level Agreement (SLA)
Azure Compliance, Privacy and Governance
- Microsoft Azure policies assure that resources follow compliant with defined standards and SLA. Azure Policy allows you to manage compliance of resources across multiple Azure subscriptions.
- You can create a group of policies; it is called Initiative.
- Azure provides some predefined initiatives – UK Official, HIPAA, PCI-DSS etc.
- In the Compliance dashboard, you can view the overall compliance of a specific resource or policy.
- If you want to prevent a specific size of VM, then you can apply policy which will prevent this action.
- Azure Blueprints is the combination of one or more Policy, Role, ARM Template, and Resource Group.
- The resource Lock feature is used to prevent from accidental deletion or modification of resources.
- There are 2 types of resource locks.
- Read Only Lock – Users can read but they can’t modify or delete the resource.
- Delete Lock – Users can read, and modify but they can’t delete it.
- You can apply multiple locks on a resource.
- Resource Lock can be applied to subscription, resource groups or resources.
- Resources inherits Azure lock from subscription and resource group.
- Azure compliance makes sure that you follow industry and security standards.
- Service Trust Portal allows you to check standards and regulations.
- GDPR (General Data Protection Regulation) is introduced to provide security to personal data for the people in Europe.
- RBI and IRDAI (India) – The Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (IRDAI), and the Ministry of Electronics and Information Technology (MeitY) comprise three of the key financial industry regulators overseeing banks, insurance organizations, and market infrastructure institutions.
- Azure Government can be used by US government employees, entities and contractor.
- Azure China is not operated by Microsoft, 21ViaNet company operates Azure in China and they follow China Telecommunication Regulation.
Article available here – Compliance, Privacy and Governance
Azure Cost Management
- Capital Expenditure (CapEx) – The money spend to buy infrastructure and cost to maintain the infrastructure. Example – Paying of software on lease, Physical data centre.
- Operation Expenditure (OpEx) – Money spent to consume a service or product. Example – Azure Functions, Azure VM Provisioning
- Azure Function is the best example for Consumption based price model.
- Fixed Price Model – You are charged for the number of instances doesn’t matter whether the resource is being used or not. Example – Azure App Service, Azure VM
- TCO or Total Cost of Ownership is used to estimate the cost savings you calculate after migrating your workloads to Azure.
- The pricing Calculator is to estimate the cost of Azure services that you are planning to use.
- In-bound data from on-premises to Azure is free.
- Outbound traffic from Azure to on-premise is not free.
- Data traffic between Azure services in the same region or Availability zone is free.
Article available here – Azure Cost Management
Azure IoT, Big Data, AI and Machine Learning
- Azure IoT Hub is used to manage message hubs for IoT-enabled devices. Allows you to present reports programmatically.
- Azure IoT Central – It is an IoT hub with a dashboard. It represents reports with UI instead of programming.
- Azure Sphere – It provides comprehensive solutions for IoT devices with high security. It is useful in voting machines, ATMs, and Point of Sale Device where high security is needed.
- Big Data Solution – For end-to-end analytic solution of Big data to run complex queries we can use Azure Synapse Analytics; it is earlier known as Azure SQL Data Warehouse.
- Azure HDInsight-Hadoop based open source analytic service. Compatible with Apache Hadoop, Spark, Hive.
- Azure Databricks – It is an Apache Spark-based analytics service.
- Talk with humans through an AI system, uses Azure Bot service.
- Azure Cognitive service is a pre-built Machine Learning that is used for Language service, Vision service, and Text to speech service.
Article available here – Azure IoT, Big Data and Machine Learning
- Microsoft Azure DevOps helps in Continuous integration, Continuous Deployment and Continuous Integration.
- It is a private source control to manage source code with versions.
- Azure DevTest Lab – This allows you to Quickly create environments using reusable templates and artefacts. It allows you to create Windows and Linux environments quickly, with Azure DevTest Lab you can set an automated shutdown to minimize the cost.
- ARM (Azure Resource Manager) Template is a to implement Infrastructure as a code in Azure. An ARM template is a JSON-based file which defines the infrastructure and related configuration. For example – You can create a VM and SQL Database of your required configuration from the Azure portal if you have been asked to create the same environment you have to repeat the same steps instead of doing that you can create ARM Template and create an environment with same JSON file quickly.
For details about AZ 900 exam, sample questions (Dumps) and detailed article, visit this link - Microsoft Azure Fundamentals (AZ-900) Certification Sample Questions
In coming future, I am planning to provide a PDF version of this notes, comment below if PDF version will help you. Like our Facebook page to motivate.
Hope you like this blog on Microsoft Azure Fundamentals (AZ 900) exam topics.