Part 2 : Passed AZ-900. With a Score over 900. Section 1, 2 and 3

Aditya Naidu
14 min readMar 8, 2021

In my previous blog I discussed the various sources from where I got my references to prepare to enter Azure Fundamentals. Link is available below

And My YouTube Video with complete walk-through is here

That was what to study from. This article is to describe the premise of What is most important for the exam and azure fundamentals. Too much content to cover docs.msdn and learning paths but not all are for let’s just say handy in terms of situational analysis.

I attended March 2nd — 4th 2021 Microsoft Ignite. They did confirm that the test is not just reading and learning but also experience. This is true for all certs, not just AZ-900.

This blog is also a refresher for me to what I prepared with a month ago. And knowledge shared for you. I believe in sharing and learning. This is how I learnt and I encourage the practice as well.

The content of this exam was updated on November 9, 2020.

  • Describe cloud concepts (20–25%)
  • Describe core Azure services (15–20%)
  • Describe core solutions and management tools on Azure (10–15%)

Sections covered in my YouTube video are below

  • Describe general security and network security features (10–15%)
  • Describe identity, governance, privacy, and compliance features (20–25%)
  • Describe Azure cost management and Service Level Agreements (10–15%)

It’s explained in the video why the above three were chosen over the former 3. I highly recommend VILT for all Microsoft certs. MS-Learn and VILT are the foundation to build upon.

Having said that; let me proceed with the content to study.

Describe cloud concepts (20–25%)

Tip : This section has the most verbose questions from my experience in practice tests. Watch out for dis-tractors, questions with specific justification can only have the right answer. So subset or even 1st guess is always right.

Could Models

IaaS — (Infrastructure as a Service) — Data center, firewalls, Servers and Storage

PaaS — (Platform as a Service) — OS, DevTools, DBMS,Business Analytics,etc

SaaS — (Software as a Service) — Hosted Apps (outlook, onedrive, skype, etc)

Advantages of Cloud Computing

  1. High Availability — No downtime
  2. HA = (Uptime/(Uptime + Downtime)) * 100
  3. Depends on SLA for each service
  4. Increase HA by running workloads on multiple Availability Zones
  5. Load Balancer — Evenly distributed traffic to multiple servers in one or more data centers. Routes the traffic to only available data centers with servers.

Scalability -

  1. Vertical — Increase computing capacity by adding RAM or CPU to one Virtual machine.
  2. Horizontal — increase computing capacity by adding instances of resources i.e virtual machines to your configuration.

Elasticity -

  1. Auto-scaling so applications always have the resources they need.
  2. Automatically increase or decrease capacity based on traffic, memory and computing power.

Agility -

  1. Deploy and configure quickly
  1. to indicate done via APIs and demand
  2. Geo-distribution
  3. Data centers around the globe

Disaster Recovery

  1. Backup services, data replication and geo distribution.
  2. Power outages, network failures, natural disaster, etc

Fault Tolerance

  1. This is to do with Uptime in case of faults in any model, how resilient is the system.

Consumption based Model

  1. End users only pay for the resources they use, based on real time constraints on billing

CapEx vs OpEx

  1. Capital Expenditure

The upfront spending cost on physical infrastructure; and then deducting that upfront expense overtime.

  1. Own Infrastructure
  2. Big Initial Investment
  3. Lot of maintenance

Operation Expenditure

  1. There is no upfront cost as you Pay-As-You-Go for a service or product as you use it.
  2. Rent Infrastructure
  3. No initial investment
  4. Operational team maintenance

Serverless Computing

  1. Eliminating the need to manage infrastructure.
  2. Tip: remember PSM. Provisions, Scales and Manages the infrastructure required to run the code.
  3. Invisible to the developer

Types of Cloud Computing

Public Cloud -Servers and storage are owned and operated by a third party cloud service provider and delivered over the internet

Private cloud -

  1. Used exclusively by users from one business or organization. Either on-premises data centers or 3rd party providers.

Hybrid cloud -

  1. Combines public & private cloud by allowing data and application to be shared between them.

Exam Tip : Read up as much as you can. This is such a section where questions come from any and all corners.

Describe core Azure services (15–20%)

Compute services

  1. Azure Compute is an on-demand computing service for running cloud-based applications.
  2. Examples are Azure VMs, Azure Container Instances, App Service and Azure Functions.

Azure Virtual Machines (AVMs)

Tip: VP-MSN- short for Virtual Processor, Memory Storage and Networking resources.

Virtual Machine Scale sets designed to support Autoscale. (Vertical and/or Horizontal). Machines are identical and Load Balanced vMs.

Azure Batch — High Performance Computing batch jobs.

Containers and Kubernetes

Multiple instances of a containerized application on a single host machine.

Azure Functions

  1. Triggers used to perform response to an event (via REST request), timer or message.
  2. Choose the amount of memory & duration.

Azure App Service

  1. Build, deploy & Scale enterprise-grade apps.
  2. It is a PaaS
  3. It offers automatic scaling and high availability.
  4. Types

Web Apps, Api Apps, Web Jobs, Mobile Apps


  1. Azure VPN Gateway

Type of interconnected network

  1. Site-to-site connection (vNET to data center)
  2. Point-to-Site connection (device to vNET)
  3. Network-to-Network connection (vNET to vNET)

VPN Type

  1. Policy based VPNs

Statically the IP address of packets should be encrypted through each tunnel.


Support only IKEv1

Static routing (source and destination declared in policy)

Specific resources

Route based VPNs

  1. IPSec tunnels are modelled as network interface or virtual tunnel interface. To be used when
  2. Connection between vNETs
  3. Point to site connections
  4. Multiple connections
  5. Co-existence with Azure Express Route gateway.
  6. Features

Support IKEv2

Any-to-any (wild card) traffic selectors

Dynamic routing protocols change in IPSec tunnels

IKE — Internet Key Exchange — version 1 or 2

Agreement of encryption between 2 endpoints

IPSec — Internet Protocol Security

Encrypts & decrypts data packets in VPN tunnel.

  1. Sizes
  1. For On-premise
  2. VPN device
  3. Public facing (internal-routable) IPv4 address
  1. Azure Express Route

50Mbps to 10Gbps

Point-to-Point, Ethernet, any-to-any (IPVPN), etc

2 layer of Open System Interconnection (OSI model)

Layer 2 — DataLink Layer — node to node communication

Layer 3 — Network Layer — node to multi-node network

  1. Microsoft Cloud Services
  2. MS Dynamics 365
  3. Azure Compute services such as VMs
  4. Azure Cloud services such as Azure CosmosDB and Azure Storage.
  5. Connectivity Models

Azure Virtual Network (vNET)

Resources communicate with each other.


Isolation and Segmentation

Divide private IP address space into subnets

Name resolution (internal or external DNS)

Internet Communications

Enable incoming connections from the internet by defining a public IP address or public load balancer.

Communication between Azure resources

Virtual Networks not only VMs but PowerApps, AKS, VMSS, etc

Service endpoints to SQL databases, storage accounts.

Communication with on-premises resources

Link on-prem with Azure Subscription

Point-to-Site virtual private networks

Client computer initiates an encrypted VPN connection to Azure to connect to the Azure Virtual Network.

Site-to-Site VPN

On-prem VPN or gateway to Azure VPN gateway in vNET.

Azure Express Route

Dedicated private connectivity to Azure that doesn’t travel over the internet.

Route network traffic

Connection/traffic between vNET, On-premises and/or internet

Route tables — define rules

Border Gateway Protocol (BGP) -> Azure VPN gateway or Express Route for the protocol.

Filter network traffic

Network Security Groups

inbound/Outbound rules to block/allow based on IP, Port and Protocol.

Network virtual appliances

Appliance for function firewall or Wide Area Network Optimization.

Virtual Network Peering

Peering — enables resources in each virtual network to communicate with each other.

UDR — User Defined Routing — control over routing tables of (Subnets & vNETs)


Architectural Components and Service Guarantees

Region — A region is a geographical area on the planet containing at least on, but also multiple data centers that are nearby and networked together with a low-latency network;

Azure Global Services that do not require region

Microsoft Azure Active Directory

Microsoft Azure Traffic Manager

Azure DNS

Special Regions — Network isolated instances of Azure

  1. US DoD Central, US Government Virginia, US Government Iowa, etc
  2. China East, China North, etc — Partnership with Microsoft 21vianet.
  3. T-Systems German data trustee German Central & German Northeast.

Overall Azure has 60+ regions in 140 Countries


  1. Americas
  2. Europe
  3. Asia Pacific
  4. Middle east
  5. Africa

Supported regions

  1. Central US
  2. East US2
  3. West US2
  4. West Europe
  5. France Central
  6. North Europe
  7. Southeast asia

Availability Zone

  1. AZ are physically separate data centers within an Azure region.
  1. AZ is primarily for VMs, managed disks, load balancers and SQL databases.

AZ Zonal services

Pin resources to a particular region.

Zonal redundant services

Replicates across zones.

Azure region must have at least 3 AZs

What is region-pair

  1. Each Azure region is always paired with another region within same geography at least 300 miles away

Natural disaster

Civil unrest

Power outages

Physical network outages

Services would fail over to other regions in region-pair.

Resource Group

  1. Fundamental element of Azure platform
  2. Logical container for resources deployed on Azure.
  3. All resources must be in a resource group and resource can only be a member of a single resource group.

Logical Grouping

  1. Based on usage, type or location.

Life Cycle — If you delete a resource group all the resources contained within are also deleted.

Authorization — Resource groups are also a scope for applying role-based access control (RBAC) permissions.

Azure Resource Manager

  1. It is a management layer.
  2. Create, update, delete, organize, manage, control and tag resources in AZ Subscription.
  3. Accessing using Azure Portal, Azure Powershell, Azure CLI, REST Clients.


  1. Management Groups — These groups help you manage access, policy and compliance for multiple subscriptions. All subscriptions in the management group automatically inherit the conditions applied to the management group.

You organize subscriptions into containers called management groups.

All subscriptions within a single management group must trust the same Azure AD tenant.


Unit of Azure Service

Links to AZ account via Azure Active Directory or directory that Azure AD trusts.


  1. Billing boundary
  2. Access control boundary

Resource groups

Resources — Azure resource is a manageable item that’s available through Azure Virtual Machines (VMs), storage accounts, web apps, databases and virtual networks are all examples of resources.

Azure Storage

  1. Storage account — 500 TB. 2PB for US & Europe
  2. IaaS or/and PaaS
  3. SLA is upto 11 nines to 16 nines
  4. Storage Account -> Container -> Blob


Disk storage — Attached virtual hard disk

SSD — Solid State Drives

HDD — Hard Disk Drives

  1. Standard — less critical
  2. Premium — Mission Critical
  3. Ultra — Data intensive

Blob storage — Object Serverless Storage

  1. Binary or text data in massive amounts
  2. Audio, Video, Images of 8TB
  3. Unstructured

Azure Files (Shared Volumes)

  1. Accessed via Server Message Block (SMB) and Network File System protocols.
  2. Shared Access Signature (SAS) token and SAS URI

Blob Access Tiers

  1. Hot -access tier — frequent access
  2. Cool — access tier — At Least 30 days
  3. Archive access tier — At Least 180 days

Describe core solutions and management tools on Azure (10–15%)

Core Services


Azure CosmosDB is a globally distributed, multi-model database service.

Supports schema-less data “Always On”

Lowest level Azure Cosmos DB stores data in atom-record-sequence (ARS) format.

DB can be SQL, MongoDB, Cassandra, Tables and Gremlin — Data is abstracted and projected as an aPI.

SLA is 99.999% and less than 10ms.

Azure SQL

  1. Relational database based on MS SQL server database engine.
  2. PaaS (DBaaS — Structured)
  3. It enables both relational and non-relational structure such as graphs, JSON, spatial and XML.
  4. Migrations can be done via Azure Database Migration Service via Microsoft Data Migration Assistant.

Azure SQL Managed Instance

  1. Scalable cloud data service that provides the broadcast.
  2. It is PaaS
  3. SLA is 99.99% uptime.
  4. SQL DB does not have Cyrillic characters support but SQL Managed Instance does.
  5. Migration Process flow Discover -> Assess-> Migrate->CutOvers->Optimize

Azure database for MySQL

  1. LAMP — Linux Apache MySQL PHP
  2. Relational database service based on MySQL Community Edition database engine version 5.6, 5.7 & 8.0.
  3. SLA 99.99%
  4. Point in time restore to recover a server to an earlier state as far back as 35 days.

Azure Database for PostgreSQL

  1. Relational Database service based on community version of the open-source PostgreSQL database engine.
  2. High Availability
  3. Simple & Flexible Pricing
  4. Scale up or down as needed within seconds.
  5. Adjustable automatic backups and point-in-time restore for upto 35 days.
  6. Enterprise grade security of data at-rest (encryption on disk) and in-motion SSL encryption b/w client & server.

3 pricing tiers


General Purpose

Memory Optimized

Single Server and Hyperscale (Citus)

Azure Synapse Analytics (formerly Azure SQL Data Warehouse)

  1. Data warehousing + Big data analytics
  2. You query data on your terms by using either serverless or provisioned resources at scale.
  1. Big data analytics
  2. Massively Parallel Processing (MPP) of SQL Server data.
  3. Pipelines, Studio, Spark, Synapse SQL, Azure data lake Storage Gen 2

Azure HDInsights

  1. Extraction Transformation and Loading (ETL), data warehousing, machine learning and IoT.
  2. Apache Hadoop, Apache Kafka, Apache Storm and Machine Learning services.

Azure Databricks

  1. Open source
  2. Apache Spark based analytics
  3. Unlock insights from all your data and build artificial solutions
  4. Supports Python, Scala, R, Java and SQL. Also Tensor flow, PyTorch and scikit-learn.

IoT Hub, IoT Central & Sphere

  1. IoT enables devices to gather and then relay information
  2. Smart devices are equipped with sensors that collect data.

IoT Hub

IoT Hub is a message hub for communication between IoT applications and devices Bi directional communication.

Command and Control

Cloud-to-device — manual or automated remote control.

Examples. Cloud 2 device, device 2 cloud Telemetry, files uploaded from devices, request reply methods.

IoT Central

SaaS on top of IoT Hub

UI starter templates which in turn use device template (you can connect to device without server side coding)

Azure Sphere — Hardware and OS of the device to secure message sending.

  1. 3 parts

Azure Sphere micro-controller unit for processing OS and signals from sensors.

Customized Linux OS that handles communication with the security service and can run on vendor’s software.

Azure Sphere Security Service (AS3) certificate based authentication to check devices are not tampered with.

Azure Machine Learning, Cognitive Services and Bot service

  1. Deep Learning — modeled on a neutral network of the human mind, enabling it to discover learning and grow through experience.
  2. Machine Learning — data science technique using existing data to train a model, test it and then apply to model to forecast future outcomes.

Azure ML

Create a process to obtain data.

Train & Evaluate predictive models.

Create pipelines

Deploy the best performing algorithm as an api to an endpoint.

Azure Cognitive Services

  1. Pre-trained models easily included by few lines of code to API.
  2. 4 categories

Language service

Speech service

Vision service

Decision service

Azure Bot Service

  1. Bot Service is for a use case Virtual agents to communicate.
  2. Via text, speech and or interactive cards.

Azure DevOps, Github and GitHub Actions

DevOps Suite

Azure Repos

Azure Boards (Kanban)

Azure Pipelines CI/CD

Azure Artifacts

Azure Test plans

  1. GitHub — Git is a decentralized source code management tool and Github is a hosted version of Git that serves as a remote.
  2. Toolchain — output of 1 tool is input to the next in the tool chain.

Azure DevTest Labs

  1. Anything you can deploy in Azure via a ARM template and pre-provisioned through Dev/Test Labs.

Management Tools

Azure Advisor — provides recommendations on

Reliability (High availability)




Operational Excellence

It is a free product.

Azure Monitor

  1. Logs & Metrics — Application, OS, Resource, Subscription Tenant, Custom services and Real Time alerts.

Azure Service Health

  1. Health of Azure services, regions and resources
  3. Only major issues all small & big issues, & provides Root Cause Analysis
  4. Service issues, Planned Maintenance, Health advisories.


Azure Portal — web based, unified console — build, manage and monitor

New features in Azure can be seen in Preview, Beta and Other pre-releases.

Preview features at

Stable and production ready features in

Azure Powershell — built on top of .NET Common Language Runtime (CLR)

A set of cmdlets processed or inputted via powershell.

Azure Cloud shell is browser based accessible shell Batch or Powershell.

Azure CLI — can be installed on Windows, Mac & Linux.

Create, update, delete and view resources.

ARM Templates — JSON format templates are verified before any code is executed to ensure resources will be created correctly and connected correctly. Then orchestrates the operation in parallel.

Azure Functions (nano service & event-based)

  1. Service you may host a single method or function by using programming in the cloud that runs in response to an event.
  2. Atomic in nature
  3. C#, Python, Javascript, Typescript, Java and powershell.
  4. AF scale automatically and changes occur only when triggered.

Stateless — restarted every time it responds to an incoming event.

Stateful — function is connected to Azure Storage account.

Durable functions — orchestration of tasks by using extensions.

Azure Logic Apps (PaaS)

  1. Low-code / no-code
  2. Enterprise Application Integration (EAI) with Azure logic apps you can choose connectors from galleries such as Salesforce, SAP, OracleDB and File Share.
  3. 200+ connectors
  4. Difference between Azure Functions and Azure Logic Apps
  5. AF pricing is based on the number of executions and running time of each execution.
  6. ALA pricing is based on the number of executions and the type of connectors that it utilizes.

Final Tip for the exam : Most verbose theory can be remembered via diagrams. Nothing beats whiteboarding. I used Pencil sketches and handwritten block diagrams to simplify workings. Paper and pen provide the freedom no tool ever will. IMHO

Having said that Architecture/Concept then features and most keywords to describe those features. And that’s it.

I like to include DDD or Flowcharts along with simple models using the said work. Mix and match everything is and can be used with one another And Why Not!!

The purpose of Practice is to perform when the need arises.

Conclusion lets just say BEST OF LUCK. See you on the other side after you cross this bridge.

Let me know in the comments if anything.

Until next time!!



Aditya Naidu

Have been working as a Techie for the past 15 years and excellence in domains such as IoT 4.0, BFSI, Telecom, e-com and more recently AI.