Azure Fundamentals (AZ-900)

Azure Fundamentals (AZ-900) is Microsoft’s entry-level certification for understanding cloud concepts and the core building blocks of Microsoft Azure. It is designed for people who want a solid foundation before moving into role-based certifications, but it is equally valuable for non-technical stakeholders who need to speak confidently about cloud services, security, compliance, and cost.

At its heart, AZ-900 validates that you can explain what cloud computing is, how Azure is organized and managed, which services are commonly used, and how pricing and governance work in real environments.

What “cloud fundamentals” really means

Cloud fundamentals are less about memorizing product names and more about understanding the model shift from owning infrastructure to consuming services.

Cloud computing concepts you must know

Shared responsibility model
In the cloud, responsibilities are split between the cloud provider and the customer. Microsoft is responsible for the security of the cloud (datacenters, physical hardware, core platform), while you remain responsible for security in the cloud (identity, access, data classification, configuration). The split changes depending on whether you use IaaS, PaaS, or SaaS.

Consumption-based pricing
Instead of buying hardware upfront, you pay for what you use. This brings flexibility, but it also requires cost management discipline, because idle resources can still generate charges.

Elasticity and scalability

• Vertical scaling increases resources of a single machine (more CPU/RAM).
• Horizontal scaling adds more instances.

Cloud platforms make both easier, with autoscaling options that respond to demand.

High availability and resiliency
Azure is built to keep services running through redundancy and recovery options. Availability is often described with uptime percentages. For example, a “three nines” service ($99.9\%$) can still experience about 43 minutes of downtime per month, because: $$\text{Downtime per month}=(1-0.999)\times 30\times 24\times 60\approx 43.2\text{ minutes}$$ Understanding what an SLA promises and what architecture you need to meet business expectations is a core cloud skill.

Cloud deployment models

• Public cloud: Services delivered over the internet from a provider like Microsoft.
• Private cloud: Cloud-like environment dedicated to one organization, often on-premises.
• Hybrid cloud: A combination of public and private, often used for gradual migration, compliance needs, or latency-sensitive workloads.

Service models: IaaS, PaaS, SaaS

• IaaS (Infrastructure as a Service): You manage operating systems, runtime, and applications; Azure provides compute, storage, networking. Example: virtual machines.
• PaaS (Platform as a Service): You deploy code; the platform handles OS patching, runtime, and scaling. Example: managed app hosting and databases.
• SaaS (Software as a Service): You use a complete application managed by the provider. Example: Microsoft 365.

AZ-900 expects you to compare these options and choose appropriately based on control, operational effort, and speed.

Core Azure architecture: how Azure is organized

To use Azure effectively, you need to understand its structure and boundaries.

Regions, region pairs, and availability zones

• Azure regions are geographic areas containing one or more datacenters.
• Region pairs are paired regions within the same geography to support disaster recovery planning and platform resiliency.
• Availability zones are physically separate locations within a region, designed to reduce the impact of datacenter-level failures.

A practical takeaway: if a workload requires higher resiliency, you design for redundancy across zones or even across regions, rather than assuming a single deployment is enough.

Resources, resource groups, subscriptions, and management groups

Azure uses a hierarchical organization model:

• Resources: individual items such as a VM, database, or storage account.
• Resource groups: logical containers for resources that share a lifecycle.
• Subscriptions: billing and access boundaries.
• Management groups: higher-level grouping for applying governance across multiple subscriptions.

This hierarchy matters for access control, policy enforcement, and cost allocation. For example, you might separate development and production into different subscriptions for cleaner billing and stronger boundaries.

Core Azure services you should recognize

AZ-900 covers the major service categories and common examples, focusing on what they do and when you would use them.

Compute

Azure compute services run applications and workloads:

• Virtual machines for full OS control and lift-and-shift scenarios.
• App hosting options for running web apps and APIs with less infrastructure management.
• Containers for packaging apps consistently and improving portability.

The key idea is matching compute choice to operational responsibility and scaling needs.

Networking

Networking connects and protects workloads:

• Virtual networks provide private IP spaces for Azure resources.
• VPN and private connectivity options support secure links between on-premises and Azure.
• Load balancing distributes traffic across instances to improve performance and availability.

For fundamentals, focus on the goals: segmentation, secure connectivity, and reliable traffic distribution.

Storage

Azure storage supports different data types:

• Object storage for unstructured data like images and backups.
• Disk storage for virtual machine operating systems and data disks.
• File storage for shared file scenarios.

Understand how durability, access patterns, and cost influence storage choices.

Databases and analytics

Azure offers managed database services for relational and non-relational needs. The fundamentals focus on why managed databases matter: built-in patching, backups, scaling features, and reduced operational burden compared with running databases on VMs.

Identity and access

Identity is central to Azure:

• Microsoft Entra ID (formerly Azure AD) provides identity services for users, groups, and applications.
• Authentication and authorization concepts, especially role-based access control (RBAC), are foundational.

If you understand how identity governs access across Azure resources, you are already thinking like a cloud operator.

Security, governance, and compliance in Azure

Security and compliance are not single services; they are practices supported by tools and controls.

Core security concepts

• Defense in depth: layered security across identity, network, compute, application, and data.
• Least privilege: give users and systems only the access they need, ideally through RBAC roles and scoped assignments.
• Zero Trust mindset: verify explicitly and assume breach, especially for identity and access patterns.

Governance and management tools

Azure includes management capabilities to maintain standards at scale:

• Azure Policy helps enforce rules, such as restricting resource locations or requiring tags.
• Resource locks prevent accidental deletion or modification.
• Monitoring and logging tools support operational visibility, troubleshooting, and incident response.

These controls become crucial as environments grow from a handful of resources to hundreds or thousands.

Compliance and trust

AZ-900 expects you to understand that Microsoft provides extensive compliance documentation and capabilities, but compliance is still a shared responsibility. Your organization must configure services correctly, classify data appropriately, and implement controls that match regulatory needs.

Pricing, cost management, and support basics

Cloud success depends on understanding how charges accrue and how to manage them.

How Azure pricing works

Azure costs commonly come from:

• Compute time (VM size, runtime, reserved capacity options)
• Storage consumed and data access patterns
• Outbound data transfer
• Service tiers and performance levels

A simple practical rule: the most expensive resource is often the one that runs continuously at a higher tier than needed.

Cost management discipline

Effective cost control usually includes:

• tagging resources for ownership and cost allocation
• removing unused resources
• rightsizing compute
• using budgets and alerts to catch spend spikes early

Support and service health

Organizations rely on Azure’s support options and service health information to understand incidents, planned maintenance, and regional issues. Fundamentally, you should know that cloud operations include both proactive monitoring and reactive response planning.

How to approach AZ-900 preparation

AZ-900 rewards clarity over deep engineering detail. Your goal is to explain concepts accurately and map them to Azure services and management practices.

• Learn the cloud vocabulary: IaaS vs PaaS vs SaaS, CapEx vs OpEx, availability and resiliency.
• Understand the Azure hierarchy and why it matters for governance and billing.
• Be able to describe core service categories and typical use cases.
• Know the basics of security, compliance, and pricing, including the shared responsibility model.

Why Azure Fundamentals matters beyond the exam

Even if you never manage production infrastructure, AZ-900 provides a practical framework for evaluating cloud decisions. It helps you ask better questions: Which responsibilities are we taking on? How do we control access? What happens if a region fails? How will we track and optimize cost?

Those are the real fundamentals, and they remain relevant whether you are an aspiring cloud engineer, a project manager, a developer, or a business leader responsible for technology outcomes.