Hello friends, this article is an important note for those who are preparing for AZ 900 Certification. Recently, I cleared AZ 900 exam and to prepare that I created some notes which I am sharing via this article.
What is AZ 900?
AZ 900 is one of the fundamental exams for a candidate working on Azure. The AZ-900 exam is the lone exam expected to get the Azure Fundamentals certificate and a discretionary exam in the wide range of various Azure Paths. This exam is intended for applicants hoping to exhibit fundamental level information on cloud administrations and how those administrations are given by Microsoft Azure.
AZ 900 Exam highlights
- Once you are prepared for exam, go to Microsoft website and schedule your exam.
- At the scheduled exam time, be prepare with your laptop or desktop (Personal Laptop or Desktop is preferable to avoid any communication breakage)
- Be ready with a valid ID proof issued by government.
- Make sure you have good internet connection.
- The mic and webcam should work properly in your laptop or desktop.
- You need to score 70% to pass. Till now, there is no negative marking.
- Number of questions may vary. In my case there were 33 questions and most of the questions have 2 or 3 parts and each parts contains 1 point/ mark.
AZ 900 Notes
Below are the topics covered in AZ 900 exam.
Describe cloud concepts (20-25%) Describe core Azure services (15-20%) Describe core solutions and management tools on Azure (10-15%) Describe general security and network security features (10-15%) Describe identity, governance, privacy, and compliance features (20-25%) Describe Azure cost management and Service Level Agreements (10-15%) Click here for more details.
Visit this link - Microsoft Azure Fundamentals (AZ-900) Certification Sample Questions
Azure Regions and Availability Zones
In this section, we will look into Azure Regions, Zones and availability.
- Azure Provides 60+ regions around the globe.
- Regions are geographical location.
- Deploy your services to multiple regions which will give High Availability, Low Latency, Geographical reach.
- Azure provides multiple Availability zones in a single Azure region.
- Each Availability Zone is one or more data centers and they have their own network connectivity and power resources.
- Availability Zone in a region are connected with low latency link.
- Availability Zones help to achieve high availability with low latency in same region.
- Not all Azure regions have Availability Zones.
- Some of the availability Zones available in Azure regions
- East US – 3, West Europe – 3, Southeast Asia – 3, West Central US – 0
Detailed article available here – Azure Regions and Availability Zones
Subscription, Resource Groups, Management Groups and Tags
- Resource Group is the group of resources like Virtual Machine, Database etc.
- One resource group is associated with one Azure subscription.
- Azure resource hierarchy – Management Groups –> Azure Subscription –> Resource Group –> Resources
- One resource can be associated with only one resource group.
- A resource group can contain resources from multiple Azure regions.
- Resource group are offered by Azure at no cost, we only pay for resources and not for resource groups.
- Permission applied to a resource group is automatically applied to resources available in that resource group.
- To manage cost and billing for different department within your organization, create different subscriptions.
- You cannot merge two subscription into one, however you can move a resource from one subscription to other.
- In case a subscription is expired, you cannot create a resource, but data can be accessed.
- Tags are used to identify application, resources, environment for tracking and reporting purpose.
- It helps us to categorize the resources in Azure. Tags are not automatically inherited from resource group to available resources within it.
How I cleared AZ 900 Exam? Watch the Video with Questions and Answers
Virtual Machines, Availability Set and Scale Set
- We deploy software or any application in the cloud on a Virtual Machine.
- A Virtual Machine with premium SSD or Ultra disk will give 99.9 % SLA
- Virtual Machine with standard SSD disk will give 99.5 % SLA
- With standard HDD disk VM will give 95 % SLA
- 2 virtual machines in same availability set gives you 99.95% availability
- Availability set is a logical grouping of Virtual Machines.
- Azure provides 2 types of Availability Set. Fault Domain and Updated Domain
- Fault Domain – A group of virtual machines which share common network connectivity and power supply.
- Updated Domain – This logical group get restarted at same time. All the maintenance happens in this group at the same time.
- Distributing VMs across multiple fault domain will increase availability.
- Creating multiple instances in 2 or more Availability Zones in same Azure region gives you 99.99% of availability.
- Virtual Machine Scale Set (VM Scale Set) allows you to create and manage a group of Azure Virtual Machine.
- VM Scale Set allows auto and manual scaling.
- A single scale set can allow up to 1000 VM instances.
- Auto scaling in VM Scale Set can be configured based on CPU threshold, memory utilization etc.
- VM Scale Set creates a private IP address by default.
- Public IP addresses are chargeable.
- There are 2 types of scaling – Vertical Scaling and Horizontal Scaling
- Vertical Scaling – Increase the available hardware capacity for eg Increasing RAM size.
- Horizontal Scaling – Allows to increase the instance of number of Virtual Machines.
- 2 VMs of same size can cost differently because it vary with time and regions.
Detailed article available here – Azure Virtual Machines
IaaS, PaaS, SaaS and Containers
Detailed article available here – Azure Compute Services (IaaS, PaaS)
- IaaS (Infrastructure As A Service)– A cloud model which allows us to manage infrastructure from Cloud service provider. In this cloud model, we are responsible for managing Virtual Machine, Database, OS, Load Balancer etc. With software we have to manage underlying hardware as well.
- PaaS (Platform As A Service) – We are responsible only for our application deployment and related configuration. No need to worry about underlying hardware. Azure App Service, Azure Container, Azure Cosmos DB are example of PaaS model. In PaaS model, we can configure hardware needs and can configure for auto scaling need.
- SaaS (Software as a service) – We are responsible for using application and not for deployment and maintenance. Google Docs, Office 365, Dropbox are example of SaaS model.
- Azure Containers used to virtualize the software. We don’t need to manage any Virtual Machines.
- We can deploy microservice based application to Azure with the help of Azure Containers.
- Azure Containers create docker image for each microservice based on requirement. For eg – you can create a docker image for Windows + .NET and another image for Linux + PHP
- Azure offers Azure Service Fabric and Kubernetes for container orchestration.
- Kubernetes is a popular open source for container orchestration tool.
- Azure Service Fabric is a container orchestration tool which runs on Azure cloud only.
Public Cloud, Private Cloud and Hybrid Cloud
- Public cloud allows you to host and deploy applications in cloud with no data center available in on-premise. No Capital expenditure (CapEx) required, Pay as you go, underlying hardware maintained by Azure, hardware resource shared among multiple tenants.
- Private Cloud – It allows you to host and deploy everything within your own data center. It needs Capital Expenditure, staff, maintenance. Private Cloud provides high level of security and privacy.
- Hybrid Cloud – It is combination of Public and Private. For Example, Application server is in on-premise data center and database is in Azure cloud.
Detailed article available here – Azure Compute Services (IaaS, PaaS)
Serverless, Azure Functions and Logic Apps
- Serverless doesn’t mean to “No Server”, it simply means no need to focus on server and related entities., it also means zero visibility of servers.
- In Serverless, no request = no cost.
- Azure function is an example of Serverless computing.
- Azure function allows you to pay for number of requests raised and memory utilization. It supports all the major programming languages such as C#, Python, Java, TypeScript etc.
- To create Azure Function in Azure, search for Function App in Azure search bar.
- While creating Azure Function in Azure portal, just select the runtime (.Net, Java etc.) and selection for things like availability set and availability zones are not available because it is not managed by us.
- Azure Functions are auto scalable.
- Logic App is a serverless orchestration service in Azure. It is a no code (or low code) solution and mostly works with GUI.
- Logic App can be useful to trigger events on a specific action such as sending an email.
- Azure offers in-built templates to create Logic Apps.
Read this for more details – Serverless Computing in Microsoft Azure
Article available here – Azure Storage
- Azure offers File Storage (Azure Files), Block Storage (Azure Disk) and Object Storage (Blob Storage).
- File storage can be shared between multiple Virtual Machines.
- Azure offers following data redundancy – LRS, ZRS, GRS, GZRS
- LRS (Locally Redundant Storage) – Sync 3 copies in same data center, less expensive and with least availability
- ZRS (Zone Redundant Storage) – Sync 3 copies in 3 Availability Zones in primary region.
- GRS (Geo Redundant Storage) – It is LRS + Async copy to secondary region.
- GZRS (Geo Zone Redundant Storage) – ZRS + Async copy of data to secondary region. It is most expensive and provide high availability.
- Azure Disk with standard HDD is recommended for backup storage.
- Standard SSD is recommended for light weight applications.
- Azure Disk with premium/ Ultra SSD is recommended for production uses.
- Blob storage allows to store huge unstructured data.
Microsoft Azure offers fully managed relational, NoSQL and in-memory databases for various uses.
Details article, available here – Azure Database
|Azure SQL Database||Managed Intelligent SQL in Azure & always up-to-date SQL instance. Gives 99.99 % availability|
|Azure Database for PostgreSQL||Build scalable, secure and fully managed enterprise-ready apps on open-source PostgreSQL|
|Azure My SQL||Deliver high availability to open-source mobile and web apps with a managed community MySQL database service|
|Azure Maria DB||Deliver high availability to open-source mobile and web apps with a managed community Maria database service|
|Azure Cosmos DB||Build applications with guaranteed low latency and high availability anywhere, at any scale or migrate Cassandra, MongoDB and other NoSQL tasks to the cloud|
|Azure Cache for Redis||Power fast, scalable applications with an open-source-compatible in-memory datastore|
|Azure Synapse Analytics||Database for Analytics|
Microsoft Azure Cosmos DB provides low latency and can offer sub-5-MS response time.
- Azure Virtual network is your own isolated network in Azure cloud, it is like LAN on your on-premise.
- Each virtual network is associated with1 region.
- Subnet is used to isolate public resources from private resources within Azure Virtual Network.
- All subnet (Private or Public) in a single virtual network (VNet) can communicate with each other.
- Each VM in a Virtual Network is assigned a private IP address. However we can assign a public IP address as well.
- Network peering is possible to connect resources in different Azure Virtual Networks (In different Azure region as well).
- Network Security Group (NSG) is an internal Firewall inside Azure Virtual Network. It allow/ block traffic based on IP address and Port. NSG can restrict traffic between resources, it can allow Database access only to a Web Servers from outside world.
- NSG is attached with subnet and network interface.
- Azure Application Gateway can do URL-based routing. It is a web traffic load balancer which enables us to manage traffic to our web application hosted in Azure cloud.
- Traditional Load balancer operates at transport layer (OSI Layer 4 – TCP, UDP) to route traffic.
- Azure Firewall is a managed, centralized network firewall-as-a-service, it is in outside of Azure Virtual Network.
- Allowed in-traffic will automatically pass out-traffic in Azure Firewall.
- One Azure Firewall can control traffic to multiple Azure Virtual Networks across multiple Azure subscription.
- Web Application Firewall is tied with one web application to protect from OWAS (cross side scripting, SQL injection etc)
- Azure Express Route is a private and dedicated connection between Azure cloud and on-premise data center. It gives high bandwidth with high security.
Article available here – Networking in Azure
- Azure Security Center is a threat management and protection feature for Azure cloud. It provides the security score to improve security by adding more security features.
- Basic protection and security is free in Azure cloud.
- Azure Defender is an additional security that you can enable. It is a costly feature by Azure. It provides threat protection for PaaS services.
- Azure Sentinel is an intelligent security analytics service for entire enterprise. It is a security information and event management (SIEM).
- Azure Sentinel detect threats and respond very fast with the help of AI.
- To store access secrets such as API Keys, Password, Certificates we can use Azure Key Vault.
- Official definition by Microsoft – Azure Key Vault is a safeguard cryptographic keys and others secrets used by cloud apps and services.
- Azure AD Identity Management helps us to manage identity and access available in Azure cloud.
- To synchronize on-premise Active Directory with Azure AD we can use Azure AD Connect.
- Azure AD MFA (Multi factor Authentication) – Azure AD MFA uses any 2 of given authentication options – With user id and password, From a trusted device, Fingerprint or face recognition.
- To enable Azure AD MFA, you need to use Azure AD Identity protection.
- If a user is logging in from an unknow device or location, then mandate the MFA to provide security, this is called conditional access.
- Conditional Access is one of the premium feature in Azure AD that comes with P1 and P2 licenses.
- We can change default directory in Azure, but this will not change billing ownership.
- One subscription can be connected to one Azure AD directory. You can associate multiple subscription to one Azure AD directory.
- RABC stands for Role based access control.
- When an Azure subscription expires, the associated Azure AD tenant is not deleted, later you can associate this to a different subscription.
Article available here – Security and Identity Management
Azure Management Tools
- Azure Advisor is a tool for recommendation to improve reliability, security and performance to achieve great service at reduced cost. It recommends to optimize VM by applying auto scaling which can reduce the cost.
- Azure Monitor is another tool which collect and analyze logs and metrics. It is used to track events at resource level. Azure Monitor can monitor resources across multiple subscription that helps to identify issues and send alerts. It can monitor on-premise environment as well.
- Application Insight – Azure monitor service to monitor/ diagnose application related issues,
- VM Insight – Monitor health of VM and scale set,
- Container Insight -To monitor container available in your subscription.
- Log Analytics – Azure monitor service to send SMS, Email based on log and metrics.
- Azure Service Health is a personalized dashboard for receiving notifications, guidance, and technical support when Azure service issues, updates, or planned maintenance affect your Azure resources.
- Visit status.azure.com go know the Azure health region wise.
- Azure Service Health also tells about an Azure service which will be decommissioned.
Article available here – Azure Advisor, Azure Monitor and Azure Service Health
Azure Service Level Agreement (SLA)
- SLA stands for Service Level Agreement. It is an formal agreement between service provider and customer.
- Azure gives a service credit in case it doesn’t meet the agreed SLA. If < 99.95 % then 10 % amount is credited, If < 99 % then 25 % amount is credited. You need to submit the Sla credit request to get service credit.
- Monthly uptime % = (Maximum Available Minutes – Down time)/(Maximum Available Minutes) * 100
- Azure Service Lifecycle follows 3 phases – Private Preview – It is an evaluation purpose release for a specific customer. You need to apply for using Private Preview. This release do not follow any SLA. Public Preview – It is available to all the Azure customers and it also has no defined SLA. Public Preview is not recommended for production or any critical business application. General Availability – This release is available to all customers and follow SLA as well.
Article available here – Azure Service Level Agreement (SLA)
Azure Compliance, Privacy and Governance
- Microsoft Azure policies assure that resources follow compliant with defined standards and SLA. Azure Policy allows you to manage compliance of resources across multiple Azure subscription.
- You can create a group of policy; it is called Initiative.
- Azure provides some predefined initiatives – UK Official, HIPAA, PCIDSS etc.
- In Compliance dashboard you can view overall compliance of a specific resource or policy.
- If you want to prevent a specific size of VM, then you can apply policy which will prevent this action.
- Azure Blueprints is the combination of one or more Policy, Role, ARM Template, Resource Group.
- Resource Lock feature is used to prevent from accidental deletion or modification of resources.
- There are 2 types of resource lock.
- Read Only Lock – Users can read but they can’t modify or delete the resource.
- Delete Lock – Users can read, modify but they can’t delete it.
- You can apply multiple lock on a resource.
- Resource Lock can be applied to subscription, resource group or resources.
- Resources inherits Azure lock from subscription and resource group.
- Azure compliance make sure that you follow industry and security standards.
- Service Trust Portal allows you to check standard and regulation.
- GDPR (General Data Protection Regulation) is introduced to provide security to personal data for the people in Europe.
- RBI and IRDAI (India) – The Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (IRDAI), and the Ministry of Electronics and Information Technology (MeitY) comprise three of the key financial industry regulators overseeing banks, insurance organizations, and market infrastructure institutions.
- Azure Government can be used by US government employees, entities and contractor.
- Azure China is not operated by Microsoft, 21ViaNet company operates Azure in China and they follow China Telecommunication Regulation.
Article available here – Compliance, Privacy and Governance
Azure Cost Management
- Capital Expenditure (CapEx) – The money spend to buy infrastructure and cost to maintain the infrastructure. Example – Paying of a software on lease, Physical data center.
- Operation Expenditure (OpEx) – Money spent to consume a service or product. Example – Azure Functions, Azure VM Provisioning
- Azure Function is the best example for Consumption based price model.
- Fixed Price Model – You are charged for number of instances doesn’t matter whether the resource is being used or not. Example – Azure App Service, Azure VM
- TCO or Total Cost of Ownership is used to estimate the cost savings you calculate after migrating your workloads to Azure.
- Pricing Calculator is to estimate the cost of Azure services that you are planning to use.
- In-bound data from on-premise to Azure is free.
- Out-bound traffic from Azure to on-premise is not free.
- Data traffic between Azure service in the same region or Availability zone is free.
Article available here – Azure Cost Management
Azure IoT, Big Data, AI and Machine Learning
- Azure IoT Hub is used to manage message hub for IoT enabled devices. Allows you to present reports programmatically.
- Azure IoT Central – It is IoT hub with dashboard. It represents reports with UI instead of programming.
- Azure Sphere – It provides comprehensive solutions for IoT devices with high security. It is useful in voting machine, ATM, Point of Sale Device where high security needed.
- Big Data Solution – For end-to-end analytic solution of Big data to run complex queries we can use Azure Synapse Analytics; it is earlier known as Azure SQL Data Warehouse.
- Azure HDInsight-Hadoop based open source analytic service. Compatible with Apache Hadoop, Spark, Hive.
- Azure Databricks – It is an Apache Spark based analytics service.
- Talk with human through an AI system, uses Azure Bot service.
- Azure Cognitive service is a pre-built Machine Learning that is used for Language service, Vision service, Text to speech service.
Article available here – Azure IoT, Big Data and Machine Learning
- Microsoft Azure DevOps helps in Continuous integration, Continuous Deployment and Continuous Integration.
- It is a private source control to manage source code with versions.
- Azure DevTest Lab – Allows you to Quickly create environments using reusable templates and artifacts. It allows you to create Windows and Linux environment quickly, with Azure DevTest Lab you can set automated shutdown to minimize the cost.
- ARM (Azure Resource Manager) Template is a to implement Infrastructure as a code in Azure. ARM template is a JSON based file which defines the infrastructure and related configuration. For example – You can create a VM and SQL Database of your required configuration from Azure portal, if you have been asked to create the same environment you have to repeat the same steps instead of doing that you can create ARM Template and create environment with same JSON file quickly.
For details about AZ 900 exam, sample questions (Dumps) and detailed article, visit this link - Microsoft Azure Fundamentals (AZ-900) Certification Sample Questions
In coming future, I am planning to provide a PDF version of this notes, comment below if PDF version will help you. Like our Facebook page to motivate.
Hope you like this blog on Microsoft Azure Fundamentals (AZ 900) exam topics.