As a candidate for this exam, you’re a technology professional who wants to demonstrate foundational knowledge of cloud concepts in general and Microsoft Azure in particular. This exam is a common starting point in a journey towards a career in Azure.

You can describe Azure architectural components and Azure services, such as:

• Compute
• Networking
• Storage

You can also describe features and tools to secure, govern, and administer Azure.

You should have skills and experience working with an area of IT, such as:

• Infrastructure management
• Database management
• Software development

1. Describe cloud concepts (25–30%)
2. Describe Azure architecture and services (35–40%)
3. Describe Azure management and governance (30–35%)

• Define cloud computing: On-demand delivery of IT resources over the internet with pay-as-you-go pricing.

• Describe the shared responsibility model: Cloud providers secure infrastructure; users secure data, OS, and apps based on service type.

• Define cloud models, including public, private, and hybrid: Public: shared infra; Private: exclusive infra; Hybrid: mix of both for flexibility.

• Identify appropriate use cases for each cloud model:
  • Public: scalable apps;
  • Private: sensitive data;
  • Hybrid: compliance or diverse workloads.

• Describe the consumption-based model: Pay only for what you use; no upfront costs or overprovisioning.

• Compare cloud pricing models: Pay-as-you-go: flexible; Reserved Instances: cheaper for fixed terms; Spot Instances: low-cost unused capacity.

• Describe serverless: Cloud runs code automatically, scaling as needed; no server management.

• Describe the benefits of high availability and scalability in the cloud: Ensures uptime, handles demand spikes seamlessly, and reduces downtime.

• Describe the benefits of reliability and predictability in the cloud: Redundant systems ensure consistency; predictable costs with usage-based pricing.

• Describe the benefits of security and governance in the cloud: Built-in compliance tools, advanced threat protection, and access controls.

• Describe the benefits of manageability in the cloud: Centralized management with automated updates, monitoring, and resource optimization.

• Describe infrastructure as a service (IaaS): Provides virtualized computing resources like VMs, storage, and networks; user manages OS and apps.

• Describe platform as a service (PaaS): Provides a managed platform for app development, with tools, runtime, and hosting; no server management.

• Describe software as a service (SaaS): Fully managed software delivered over the internet; users access apps without managing infrastructure.

• Identify appropriate use cases for each cloud service type (IaaS, PaaS, and SaaS):
  • IaaS: Hosting VMs, backup storage.
  • PaaS: App development, testing.
  • SaaS: Email, collaboration tools like Office 365.

Here’s how Contoso Electronics could leverage each cloud service type to migrate their old Testing/QA Server 2012 R2 to Azure, with examples:

IaaS: Contoso could create a virtual machine (VM) in Azure running Windows Server. They manage the OS, apps, and updates.

• Example: Azure Virtual Machines
• Analogy: OpenStack or Proxmox. These provide virtualized infrastructure where you manage VMs, storage, and networking.

PaaS: If the testing/QA workload involves a specific app, Contoso could migrate the app to an Azure App Service or Azure DevTest Labs, removing the need to manage the underlying OS.

• Example: Azure App Service
• Analogy: Red Hat OpenShift or Heroku (Linux-based environments). These platforms let you deploy and manage applications with containerization or built-in frameworks.

SaaS: For simpler QA/testing needs, Contoso could use SaaS-based testing tools (e.g., Azure DevOps Test Plans) without managing infrastructure or platforms.

• Example: Azure DevOps
• Analogy: Nextcloud or GitLab hosted (when using a managed service). These are end-user applications delivered as fully managed services, just like Office 365 or Google Workspace.

Each analogy aligns with control levels:

• IaaS = Full control (like your own virtualized datacenter).
• PaaS = App-first focus (abstracts infrastructure).
• SaaS = Just consume the service.

• Describe Azure regions, region pairs, and sovereign regions:
  • Regions: Geographical areas with datacenters.
  • Region pairs: Linked regions for disaster recovery.
  • Sovereign regions: Comply with local laws (e.g., China, Germany).

• Describe availability zones: Physically separate datacenters within a region, offering high availability and fault tolerance.

• Describe Azure datacenters: Secure facilities housing servers and infrastructure, powering Azure services globally.

• Describe Azure resources and resource groups:
  • Resources: Azure services like VMs or storage.
  • Resource groups: Logical containers to manage related resources.

• Describe subscriptions: Units of billing, resource organization, and access management in Azure.

• Describe management groups: Containers to organize multiple subscriptions, applying governance and policies at scale.

• Describe the hierarchy of resource groups, subscriptions, and management groups:
  • Management groups
    • Subscriptions
      • Resource groups
        • Resources; defines control and organization levels.

• Compare compute types, including containers, virtual machines, and functions:
  • VMs: Full control, customizable OS.
  • Containers: Lightweight, portable app environments.
  • Functions: Event-driven, serverless compute.

• Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop:
  • Azure VMs: Customizable virtual servers.
  • Scale Sets: Autoscaling for multiple VMs.
  • Availability Sets: Group VMs for high availability.
  • Azure Virtual Desktop: Cloud-hosted desktops.

• Describe the resources required for virtual machines: VMs need CPU, memory, storage, OS image, and networking components (e.g., NICs, IPs).

• Describe application hosting options, including web apps, containers, and virtual machines:
  • Web Apps: PaaS for hosting websites.
  • Containers: Portable, efficient app hosting.
  • VMs: Full-stack app hosting with more control.

• Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute:
  • Virtual Networks: Private Azure network.
  • Subnets: Subdivisions of networks.
  • Peering: Connects virtual networks.
  • Azure DNS: Domain name services.
  • VPN Gateway: Secure on-premises to cloud connections.
  • ExpressRoute: Dedicated high-speed connectivity to Azure.

• Define public and private endpoints:
  • Public endpoints: Expose services to the internet.
  • Private endpoints: Securely access Azure services via private IPs.

• Compare Azure Storage services:
  • Blob: Unstructured data.
  • File: Shared network file storage.
  • Queue: Message queuing for apps.
  • Table: NoSQL key-value storage.

• Describe storage tiers:
  • Hot: Frequent access.
  • Cool: Infrequent access, lower cost.
  • Archive: Rare access, cheapest, slower retrieval.

• Describe redundancy options:
  • LRS (Locally Redundant Storage):
    • Use case: Best for data that doesn't need to be replicated outside the region (e.g., backups for compliance in a single location).
    • Example: Storing daily backups of a local office application server.

• ZRS (Zone-Redundant Storage):
  • Use case: Critical data requiring high availability within a single Azure region, protected against datacenter failures.
  • Example: Hosting a website's static assets, ensuring uptime in case one datacenter fails.

• GRS (Geo-Redundant Storage):
  • Use case: Ensures disaster recovery for critical workloads, replicating data to a secondary region.
  • Example: Storing financial transaction logs for a global e-commerce site.

• RA-GRS (Read-Access Geo-Redundant Storage):
  • Use case: Same as GRS but allows read access to the secondary region, improving performance for global reads.
  • Example: A news website serving cached articles to readers worldwide during a primary region outage.

• Describe storage account options and storage types:
• Storage accounts: General-purpose (v1/v2) or Blob-specific.
• Types: Standard (HDD), Premium (SSD).

• Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync:
  • AzCopy: CLI for bulk file transfers.
  • Storage Explorer: GUI for managing Azure Storage.
  • File Sync: Sync on-premises files with Azure.

• Describe migration options, including Azure Migrate and Azure Data Box:
  • Azure Migrate: Assess and migrate workloads to Azure.
  • Data Box: Physical appliance for large data transfers.

• Describe directory services in Azure, including Microsoft Entra ID and Microsoft Entra Domain Services:
  • Microsoft Entra ID: Azure's identity management platform for SSO, MFA, and user authentication.
  • Entra Domain Services: Managed Active Directory-compatible domain services in Azure.

• Describe authentication methods in Azure, including single sign-on (SSO), multi-factor authentication (MFA), and passwordless:
  • SSO: One login for multiple apps.
  • MFA: Verifies identity using multiple factors (e.g., password + SMS).
  • Passwordless: Authenticates via biometrics or device-based methods.

• Describe external identities in Azure, including business-to-business (B2B) and business-to-customer (B2C):
  • B2B: Securely collaborate with external partners using Entra ID.
  • B2C: Manage customer identities with self-service sign-up and authentication.

• Describe Microsoft Entra Conditional Access:
  • Policies to enforce access control based on conditions like location, device, or risk.

• Describe Azure role-based access control (RBAC): Manage access by assigning roles to users, groups, or apps at a granular level (e.g., Reader, Contributor).

• Describe the concept of Zero Trust: Trust nothing, verify everything: enforce strict identity, device, and access verification.

• Describe the purpose of the defense-in-depth model: Multi-layered security approach, protecting resources at all levels (e.g., network, identity, application).

• Describe the purpose of Microsoft Defender for Cloud: Monitors and secures cloud resources, detects threats, and enforces security best practices.

• Describe factors that can affect costs in Azure
• Compare the pricing calculator and the Total Cost of Ownership (TCO) Calculator
• Describe cost management capabilities in Azure
• Describe the purpose of tags

• Describe the purpose of Microsoft Purview in Azure
• Describe the purpose of Azure Policy
• Describe the purpose of resource locks

• Describe the Azure portal
• Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell
• Describe the purpose of Azure Arc
• Describe infrastructure as code (IaC)
• Describe Azure Resource Manager (ARM) and ARM templates

• Describe the purpose of Azure Advisor
• Describe Azure Service Health
• Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights