Welcome to the Azure Fundamentals certification course! This course provides foundational level knowledge on cloud concepts; core Azure services; security, privacy, compliance, and trust; and Azure pricing and support.

Audience

The audience for this course is just beginning to learn about cloud computing and how Microsoft Azure provides that service.

Certification exam preparation

AZ-900 includes four study areas, as shown below. The percentages indicate the relative weight of each area on the exam. The higher the percentage, the more questions you are likely to see in that area.

  • Describe cloud concepts (15-20%)
  • Describe core Azure services (30-35%)
  • Describe security, privacy, compliance, and trust (25-30%)
  • Describe Azure pricing Service Level Agreements, and Lifecycles (20-25%)

You can access the free on-demand training for AZ-900 below:

Pre-requisites:

There are no prerequisites for this course, however students with some IT knowledge or experience will find the concepts easier to understand.

Module 1 Cloud Concepts

Why cloud services?

Cloud Computing is the delivery of computing services—servers, storage, databases, networking, software, analytics, intelligence and more—over the internet (the cloud), enabling faster innovation, flexible resources, and economies of scale. You typically pay only for cloud services you use, helping lower your operating costs, run your infrastructure more efficiently, and scale as your business needs change.

Types of cloud models

A public cloud is owned by the cloud services provider (also known as a hosting provider). It provides resources and services to multiple organizations and users, who connect to the cloud service via a secure network connection, typically over the internet.

A private cloud is owned and operated by the organization that uses the resources from that cloud. They create a cloud environment in their own datacenter and provide self-service access to compute resources to users within their organization.

A hybrid cloud combines both public and private clouds, allowing you to run your applications in the most appropriate location.

Types of cloud services

The importance of understanding the shared responsibility model is essential for customers who are moving to the cloud. Cloud providers offer considerable advantages for security and compliance efforts, but these advantages do not absolve the customer from protecting their users, applications, and service offerings.

The shared responsibility model ensures cloud workloads are run securely and in a well-managed way. Depending on the service you are using, the cloud provider is responsible for some aspects of the workload management, and the customer or end user is responsible for other aspects of the workload management, and in some cases, both share a responsibility.

Exam AZ-900 Module 01: Review Q&A

In this module you’ve learned about cloud computing, what it is and what its key characteristics are. You learned about the different types of cloud models that are available and the considerations of using those different models. You also learned about the different cloud services available, the benefits of using the different types, and the management responsibilities under each service type.

Module 2 Core Azure services

Core Azure architectural components

Microsoft Azure is made up of datacenters located around the globe. These datacenters are organized and made available to end users by region. A region is a geographical area on the planet containing at least one, but potentially multiple datacenters that are in close proximity and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.

Azure divides the world into geographies that are defined by geopolitical boundaries or country borders. An Azure geography is a discrete market typically containing two or more regions that preserves data residency and compliance boundaries.

Core Azure services and products

Virtual machines (VMs) are software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources. VMs host an operating system, and you’re able to install and run software just like a physical computer. When using a remote desktop client, you can use and control the virtual machine as if you were sitting in front it.

Azure Compute Services

Azure compute is an on-demand computing service for running cloud-based applications. It provides computing resources such as disks, processors, memory, networking and operating systems. The resources are available on-demand and can typically be made available in minutes or even seconds.
You pay only for the resources you use and only for as long as you’re using them. There are many compute services two of the most common are: virtual machines and containers.

LAB: Create An Azure Virtual Machine

Azure virtual machines let you create and use virtual machines in the cloud. It provides IaaS and can be used in a variety of different ways. When you need total control over an operating system and environment, Azure VMs are an ideal choice. Just like a physical computer, you’re able to customize all the software running on the VM. This ability is helpful when you are running custom software or custom hosting configurations.

Using containers in your solutions

Containers are often used to create solutions using a microservice architecture. This architecture is where you break solutions into smaller, independent pieces. For example, you may split a website into a container hosting your front end, another hosting your back end, and a third for storage. This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.

LAB: Deploy Azure Container Instances

In this walkthrough we create, configure, and deploy a Docker container to Azure Container Instances (ACI) in the Azure Portal. The container is a Welcome to ACI web application that displays a static HTML page.

Azure Networking

Azure Networking allows you to connect cloud and on-premises infrastructure and services to provide your customers and users the best possible experience. Once the resources move to Azure, they require the same networking functionality as an on-premises deployment. In specific scenarios, they may require some level of network isolation. Azure networking components offer a range of functionality and services that can help organizations design and build cloud infrastructure services that meet their requirements.

LAB: Create a virtual Network

Azure Virtual Network enables many types of Azure resources such as Azure VMs to securely communicate with each other, the internet, and on-premises networks. A virtual network is scoped to a single region; however, multiple virtual networks from different regions can be connected using virtual network peering. With Azure Virtual Network you can provide isolation, segmentation, communication with on-premises and cloud resources, routing and filtering of network traffic.

Azure Storage

Azure Storage is a service that you can use to store files, messages, tables, and other types of information. You can use Azure Storage on its own (for example as a file share), but developers also often use it as a store for working data. Such stores can be used by websites, mobile apps, desktop applications, and many other types of custom solutions. Azure Storage is also used by IaaS virtual machines, and PaaS cloud services.

LAB: Create An Azure Blob storage

Azure Blob storage is Microsoft’s object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data, such as text or binary data. Blob storage is ideal for:

  • Serving images or documents directly to a browser.
  • Storing files for distributed access.
  • Streaming video and audio.
  • Storing data for backup and restore, disaster recovery, and archiving.
  • Storing data for analysis by an on-premises or Azure-hosted service.

Azure Database Services

Azure database services are fully managed PaaS database services that free up valuable time you’d otherwise spend managing your database. Enterprise-grade performance with built-in high availability means you can scale quickly and reach global distribution without worrying about costly downtime. Developers can take advantage of industry-leading innovations such as built-in security with automatic monitoring and threat detection, automatic tuning for improved performance, and turnkey global distribution.

LAB: Create An Azure SQL database

Azure SQL Database is a relational database as a service (DaaS) based on the latest stable version of Microsoft SQL Server database engine. SQL Database is a high-performance, reliable, fully managed and secure database that you can use to build data-driven applications and websites in the programming language of your choice without needing to manage infrastructure.

Azure Marketplace

Azure Marketplace is a service on Azure that helps connect end users with Microsoft partners, independent software vendors (ISVs), and start-ups that are offering their solutions and services, which are optimized to run on Azure. Azure Marketplace allows customers—mostly IT professionals and cloud developers—to find, try, purchase, and provision applications and services from hundreds of leading service providers, all certified to run on Azure.

Azure Internet of Things (IoT) Solutions

People can access more information than ever before. It began with personal digital assistants (PDAs), then morphed into smartphones. Now there are smart watches, smart thermostats, even smart refrigerators. Personal computers used to be the norm. Now the internet allows any item that’s online capable to access valuable information. The Internet of Things (IoT)28 is the ability for devices to garner and then relay information for data analysis.

There are many services that can assist and drive end-to-end solutions for IoT on Azure. Two of the core Azure IoT service types are Azure IoT Central, and Azure IoT Hub.

LAB: Implement the Azure IoT Hub

Azure IoT Hub is a managed service hosted in the cloud that acts as a central message hub for bi directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution backend. You can connect virtually any device to your IoT Hub.

Azure Artificial Intelligence

Artificial Intelligence, in the context of cloud computing, is based around a broad range of services, the core of which is Machine Learning. Machine Learning is a data science technique that allows computers to use existing data to forecast future behaviors, outcomes, and trends. Using machine learning, computers learn without being explicitly programmed.

Forecasts or predictions from machine learning can make apps and devices smarter. For example, when you shop online, machine learning helps recommend other products you might like based on what you’ve purchased. Or when your credit card is swiped, machine learning compares the transaction to a database of transactions and helps detect fraud. And when your robot cleaner vacuums a room, machine learning helps it decide whether the job is done.

LAB: Implement Azure Functions

Azure Functions are ideal when you’re only concerned with the code running your service and not the underlying platform or infrastructure. Azure Functions are commonly used when you need to perform work in response to an event—often via a REST request, timer, or message from another Azure service— and when that work can be completed quickly, within seconds or less.

Azure Functions scale automatically, and charges accrue only when a function is triggered, so they’re a solid choice when demand is variable. For example, you may be receiving messages from an IoT solution that monitors a fleet of delivery vehicles. You’ll likely have more data arriving during business hours. Azure Functions can scale out to accommodate these busier times.

Azure App Service

With Azure App Service52 you can quickly and easily build web and mobile apps for any platform or device. Azure App Service enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo.

LAB: Create An Azure Web App

In this walkthrough, we will create a new web app that runs a Docker container. The container displays a Welcome message.

Azure Management Tools

You can configure and manage Azure using a broad range of tools and platforms. There are tools available for the command line, language-specific Software Development Kits (SDKs), developer tools, tools for migration, and many others.

LAB: Create a VM with an ARM Template

In this walkthrough, we will deploy a virtual machine with a QuickStart template and examine monitoring capabilities.

LAB: Create a VM with PowerShell

In this walkthrough, we will install PowerShell locally, create a resource group and virtual machine, access and use the Cloud Shell, and review Azure Advisor recommendations.

LAB: Create a VM with the Azure CLI

In this walkthrough, we will install the Azure CLI locally, create a resource group and virtual machine, use the Cloud Shell, and review Azure Advisor recommendations.

Module 2 Review Questions

In this module you’ve learned about core Microsoft Azure architectural components, core Azure services and solutions, and various management tools that are available to manage and configure Azure.

Module 3 Security, Privacy, Compliance and Trust

Defense in depth is a strategy that employs a series of mechanisms to slow the advance of an attack aimed at acquiring unauthorized access to data. The objective of defense in depth is to protect and prevent information from being stolen by individuals not authorized to access it. The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA.

Shared Security

As computing environments move from customer-controlled datacenters to the cloud, the responsibility of security also shifts. Security of the operational environment is now a concern shared by both cloud providers and customers. By shifting these responsibilities to a cloud service like Azure, organizations can reduce focus on activities that aren’t core business competencies. Depending on the specific technology choices, some security protections will be built into the particular service, while addressing others will remain the customer’s responsibility. To ensure that the proper security controls are provided, a careful evaluation of the services and technology choices becomes necessary.

LAB: Secure Azure Network Traffic

Network Security Groups allow you to filter network traffic to and from Azure resources in an Azure virtual network. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.

Core Azure identity services

Two fundamental concepts that need to be understood when talking about identity and access are authentication and authorization. They underpin everything else that happens and occur sequentially in any identity and access process.

Azure Active Directory is a Microsoft cloud-based identity and access management service. Azure AD helps employees of an organization sign in and access resources.

Security tools and features

Azure Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.

Azure Security Center

Many organizations learn how to respond to security incidents only after suffering an attack. To reduce costs and damage, it’s important to have an incident response plan in place before an attack occurs. You can use Azure Security Center in different stages of an incident response.

LAB: Azure Security Center Usage Scenarios

To access the full suite of Azure Security Center services you will need to upgrade to a Standard tier subscription. You can access the 30-day free trial from within the Azure Security Center dashboard in the Azure Portal.

Azure Key Vault

Azure Key Vault is a centralized cloud service for storing your applications’ secrets. Key Vault helps you control your applications’ secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities.

LAB: Implement Azure Key Vault

In this walkthrough, we will create an Azure Key vault and then create a password secret within that key vault, providing a securely stored, centrally managed password for use with applications.

Azure Policy

Azure Policy is a service in Azure that you use to create, assign, and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service-level agreements (SLAs). Azure Policy comes with a number of built-in policy and initiative definitions that you can use, under categories such as Storage, Networking, Compute, Security Center, and Monitoring.

LAB: Create an Azure Policy

Azure Policy does this by using policies and initiatives. It runs evaluations of your resources and scans for those not compliant with the policies you have created. For example, you can have a policy to allow only a certain stock keeping unit (SKU) size of virtual machines (VMs) in your environment. Once you implement this policy, it will evaluate resources when you create new ones or update existing ones. It will also evaluate your existing resources.

Role-based Access Control (RBAC)

Role-based access control provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs. RBAC is provided at no additional cost to all Azure subscribers.

LAB: Manage Access With RBAC

RBAC uses an allow model. This means that when you are assigned a role, RBAC allows you to perform certain actions, such as read, write, or delete. Therefore, if one role assignment grants you read permissions to a resource group, and a different role assignment grants you write permissions to the same resource group, you will have write permissions on that resource group.

Resource Locks

Resource Locks18 help you prevent accidental deletion or modification of your Azure resources. You can manage these locks from within the Azure portal. To view, add, or delete locks, go to the SETTINGS section of any resource’s settings blade.

LAB: Manage Azure Resource Locks

When a resource lock is applied, you must first remove the lock in order to perform that activity. By putting an additional step in place before allowing the action to be taken on the resource, it helps protect resources from inadvertent actions, and helps protect your administrators from doing something they may not have intended to do. Resource locks apply regardless of RBAC permissions. Even if you are an owner of the resource, you must still remove the lock before you’ll actually be able to perform the blocked activity.

Azure Blueprints

Azure Blueprints enable cloud architects to define a repeatable set of Azure resources that implement and adhere to an organization’s standards, patterns, and requirements. Azure Blueprint enables development teams to rapidly build and deploy new environments with the knowledge that they’re building within organizational compliance with a set of built-in components that speed up development and delivery.

Azure Tags

You apply tags to your Azure resources giving metadata to logically organize them into a taxonomy.
Each tag consists of a name and a value pair. For example, you can apply the name Environment and the value Production to all the resources in production, or tag by company departments. For example, the name of Department with a value of IT.

LAB: Implement Azure Resource Tagging

In this walkthrough, we will create a policy assignment that requires tagging, created a storage account and test the tagging, view resources with a specified tag, and remove the tagging policy.

Azure Monitor

Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

Microsoft Privacy statement

The Microsoft privacy statement explains what personal data Microsoft processes, how Microsoft
processes it, and for what purposes. This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Trust Center

The Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. The Trust Center is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community.

LAB: Explore the Service Trust Portal (STP)

The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored reports that provide details on how Microsoft builds and operates its cloud services.

Module 3 Review Questions

In this module you’ve learned about securing network connectivity in Azure, core identity services, security tools and features, Azure governance methodologies, monitoring and reporting in Azure, and privacy, compliance, and data protection standards in Azure.

Module 4 Azure Pricing, Service Level Agreements, and Lifecycle

Azure Subscriptions

Using Azure requires an Azure subscription which provides you with authenticated and authorized access to Azure products and services and allows you to provision resources. An Azure subscription is a logical unit of Azure services that links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that an Azure AD trusts.

Planning and managing costs

There are three main customer types on which the available purchasing options for Azure products and services is contingent, including:Enterprise, Web direct, Cloud Solution Provider.

LAB: How to use Azure Pricing Calculator?

The Pricing Calculator is a tool that helps you estimate the cost of Azure products. It displays Azure products in categories, and you choose the Azure products you need and configure them according to your specific requirements. Azure then provides a detailed estimate of the costs associated with your selections and configurations.

LAB: How to use Azure TCO Calculator?

The TCO calculator generates a detailed report based on the details you enter and the adjustments you make. The report allows you to compare the costs of your on-premises infrastructure with the costs using Azure products and services to host your infrastructure in the cloud.

LAB: How to use Azure Cost Management?

Cost Management is an Azure product that provides a set of tools for monitoring, allocating, and optimizing your Azure costs.

Azure Service Level Agreements (SLAs)

Microsoft maintains its commitment to providing customers with high-quality products and services by adhering to comprehensive operational policies, standards, and practices. Formal documents known as Service-Level Agreements (SLAs) capture the specific terms that define the performance standards that apply to Azure.

Service Lifecycle in Azure

Microsoft offers previews of Azure services, features, and functionality for evaluation purposes. With Azure Previews, you can test pre-release features, products, services, software, and even regions. Previews allow users early access to functionality. Additionally, users providing feedback on the preview features helps Microsoft improve the Azure service.

LAB: Access Azure Preview Features

Azure feature previews are available with their own terms and conditions. The terms and conditions are specific to each Azure preview. All preview-specific terms and conditions supplement your existing Azure service agreement.

Module 4 Review Questions

In this module, you learned about Azure Pricing and Support. We defined Azure subscriptions and detailed the various Azure subscription options and uses; explored purchasing Azure Products and Services; and examined factors that affect Azure costs and how you can minimize them. Additionally, we detailed Azure support plans and channels, and outlined Azure SLAs and how you can improve their application. Finally, we followed the service lifecycle in Azure from the preview phase through general availability to update.

You can Download the Study Guide below:

I wish you all the very best for your exam and continued career success! 👍

You can subscribe to the A Guide To Cloud YouTube channel below:

Cheers!

Susanth Sutheesh

Leave a Reply