As a candidate for this exam, you’re a technology professional who wants to demonstrate foundational knowledge of cloud concepts in general and Microsoft Azure in particular. This exam is a common starting point in a journey towards a career in Azure.

You can describe Azure architectural components and Azure services, such as:

• Compute
• Networking
• Storage

You can also describe features and tools to secure, govern, and administer Azure.

You should have skills and experience working with an area of IT, such as:

• Infrastructure management
• Database management
• Software development

1. Describe cloud concepts (25–30%)
2. Describe Azure architecture and services (35–40%)
3. Describe Azure management and governance (30–35%)

• Define cloud computing: On-demand delivery of IT resources over the internet with pay-as-you-go pricing.

• Describe the shared responsibility model: Cloud providers secure infrastructure; users secure data, OS, and apps based on service type.

• Define cloud models, including public, private, and hybrid: Public: shared infra; Private: exclusive infra; Hybrid: mix of both for flexibility.

• Identify appropriate use cases for each cloud model:
  • Public: scalable apps;
  • Private: sensitive data;
  • Hybrid: compliance or diverse workloads.

• Describe the consumption-based model: Pay only for what you use; no upfront costs or overprovisioning.

• Compare cloud pricing models: Pay-as-you-go: flexible; Reserved Instances: cheaper for fixed terms; Spot Instances: low-cost unused capacity.

• Describe serverless: Cloud runs code automatically, scaling as needed; no server management.

• Describe the benefits of high availability and scalability in the cloud: Ensures uptime, handles demand spikes seamlessly, and reduces downtime.

• Describe the benefits of reliability and predictability in the cloud: Redundant systems ensure consistency; predictable costs with usage-based pricing.

• Describe the benefits of security and governance in the cloud: Built-in compliance tools, advanced threat protection, and access controls.

• Describe the benefits of manageability in the cloud: Centralized management with automated updates, monitoring, and resource optimization.

• Describe infrastructure as a service (IaaS): Provides virtualized computing resources like VMs, storage, and networks; user manages OS and apps.

• Describe platform as a service (PaaS): Provides a managed platform for app development, with tools, runtime, and hosting; no server management.

• Describe software as a service (SaaS): Fully managed software delivered over the internet; users access apps without managing infrastructure.

• Identify appropriate use cases for each cloud service type (IaaS, PaaS, and SaaS):
  • IaaS: Hosting VMs, backup storage.
  • PaaS: App development, testing.
  • SaaS: Email, collaboration tools like Office 365.

Here’s how Contoso Electronics could leverage each cloud service type to migrate their old Testing/QA Server 2012 R2 to Azure, with examples:

IaaS: Contoso could create a virtual machine (VM) in Azure running Windows Server. They manage the OS, apps, and updates.

• Example: Azure Virtual Machines
• Analogy: OpenStack or Proxmox. These provide virtualized infrastructure where you manage VMs, storage, and networking.

PaaS: If the testing/QA workload involves a specific app, Contoso could migrate the app to an Azure App Service or Azure DevTest Labs, removing the need to manage the underlying OS.

• Example: Azure App Service
• Analogy: Red Hat OpenShift or Heroku (Linux-based environments). These platforms let you deploy and manage applications with containerization or built-in frameworks.

SaaS: For simpler QA/testing needs, Contoso could use SaaS-based testing tools (e.g., Azure DevOps Test Plans) without managing infrastructure or platforms.

• Example: Azure DevOps
• Analogy: Nextcloud or GitLab hosted (when using a managed service). These are end-user applications delivered as fully managed services, just like Office 365 or Google Workspace.

Each analogy aligns with control levels:

• IaaS = Full control (like your own virtualized datacenter).
• PaaS = App-first focus (abstracts infrastructure).
• SaaS = Just consume the service.

• Describe Azure regions, region pairs, and sovereign regions:
  • Regions: Geographical areas with datacenters.
  • Region pairs: Linked regions for disaster recovery.
  • Sovereign regions: Comply with local laws (e.g., China, Germany).

• Describe availability zones: Physically separate datacenters within a region, offering high availability and fault tolerance.

• Describe Azure datacenters: Secure facilities housing servers and infrastructure, powering Azure services globally.

• Describe Azure resources and resource groups:
  • Resources: Azure services like VMs or storage.
  • Resource groups: Logical containers to manage related resources.

• Describe subscriptions: Units of billing, resource organization, and access management in Azure.

• Describe management groups: Containers to organize multiple subscriptions, applying governance and policies at scale.

• Describe the hierarchy of resource groups, subscriptions, and management groups:
  • Management groups
    • Subscriptions
      • Resource groups
        • Resources; defines control and organization levels.

• Compare compute types, including containers, virtual machines, and functions:
  • VMs: Full control, customizable OS.
  • Containers: Lightweight, portable app environments.
  • Functions: Event-driven, serverless compute.

• Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop:
  • Azure VMs: Customizable virtual servers.
  • Scale Sets: Autoscaling for multiple VMs.
  • Availability Sets: Group VMs for high availability.
  • Azure Virtual Desktop: Cloud-hosted desktops.

• Describe the resources required for virtual machines: VMs need CPU, memory, storage, OS image, and networking components (e.g., NICs, IPs).

• Describe application hosting options, including web apps, containers, and virtual machines:
  • Web Apps: PaaS for hosting websites.
  • Containers: Portable, efficient app hosting.
  • VMs: Full-stack app hosting with more control.

• Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute:
  • Virtual Networks: Private Azure network.
  • Subnets: Subdivisions of networks.
  • Peering: Connects virtual networks.
  • Azure DNS: Domain name services.
  • VPN Gateway: Secure on-premises to cloud connections.
  • ExpressRoute: Dedicated high-speed connectivity to Azure.

• Define public and private endpoints:
  • Public endpoints: Expose services to the internet.
  • Private endpoints: Securely access Azure services via private IPs.

• Compare Azure Storage services:
  • Blob: Unstructured data.
  • File: Shared network file storage.
  • Queue: Message queuing for apps.
  • Table: NoSQL key-value storage.

• Describe storage tiers:
  • Hot: Frequent access.
  • Cool: Infrequent access, lower cost.
  • Archive: Rare access, cheapest, slower retrieval.

• Describe redundancy options:
  • LRS (Locally Redundant Storage):
    • Use case: Best for data that doesn't need to be replicated outside the region (e.g., backups for compliance in a single location).
    • Example: Storing daily backups of a local office application server.

• ZRS (Zone-Redundant Storage):
  • Use case: Critical data requiring high availability within a single Azure region, protected against datacenter failures.
  • Example: Hosting a website's static assets, ensuring uptime in case one datacenter fails.

• GRS (Geo-Redundant Storage):
  • Use case: Ensures disaster recovery for critical workloads, replicating data to a secondary region.
  • Example: Storing financial transaction logs for a global e-commerce site.

• RA-GRS (Read-Access Geo-Redundant Storage):
  • Use case: Same as GRS but allows read access to the secondary region, improving performance for global reads.
  • Example: A news website serving cached articles to readers worldwide during a primary region outage.

• Describe storage account options and storage types:
• Storage accounts: General-purpose (v1/v2) or Blob-specific.
• Types: Standard (HDD), Premium (SSD).

• Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync:
  • AzCopy: CLI for bulk file transfers.
  • Storage Explorer: GUI for managing Azure Storage.
  • File Sync: Sync on-premises files with Azure.

• Describe migration options, including Azure Migrate and Azure Data Box:
  • Azure Migrate: Assess and migrate workloads to Azure.
  • Data Box: Physical appliance for large data transfers.

• Describe directory services in Azure, including Microsoft Entra ID and Microsoft Entra Domain Services:
  • Microsoft Entra ID: Azure's identity management platform for SSO, MFA, and user authentication.
  • Entra Domain Services: Managed Active Directory-compatible domain services in Azure.

• Describe authentication methods in Azure, including single sign-on (SSO), multi-factor authentication (MFA), and passwordless:
  • SSO: One login for multiple apps.
  • MFA: Verifies identity using multiple factors (e.g., password + SMS).
  • Passwordless: Authenticates via biometrics or device-based methods.

• Describe external identities in Azure, including business-to-business (B2B) and business-to-customer (B2C):
  • B2B: Securely collaborate with external partners using Entra ID.
  • B2C: Manage customer identities with self-service sign-up and authentication.

• Describe Microsoft Entra Conditional Access:
  • Policies to enforce access control based on conditions like location, device, or risk.

• Describe Azure role-based access control (RBAC): Manage access by assigning roles to users, groups, or apps at a granular level (e.g., Reader, Contributor).

• Describe the concept of Zero Trust: Trust nothing, verify everything: enforce strict identity, device, and access verification.

• Describe the purpose of the defense-in-depth model: Multi-layered security approach, protecting resources at all levels (e.g., network, identity, application).

• Describe the purpose of Microsoft Defender for Cloud: Monitors and secures cloud resources, detects threats, and enforces security best practices.

• Describe factors that can affect costs in Azure: Factors include resource type, region, storage/compute tiers, bandwidth, reserved instances, and usage patterns.

• Compare the pricing calculator and the Total Cost of Ownership (TCO) Calculator:
  • Pricing Calculator: Estimates costs for specific Azure resources.
  • TCO Calculator: Compares on-premises vs. Azure costs to determine long-term savings.

• Describe cost management capabilities in Azure: Tools to track, analyse, and optimize spending, including budgets, alerts, and recommendations.

• Describe the purpose of tags: Tags categorize resources for cost tracking, organization, and governance (e.g., by department or project).

Tags in Azure are key-value pairs that users create to organize and manage their resources. They're flexible and customizable, making them useful for filtering, reporting, and governance. Here are some examples of commonly used tags:

Role-Based Tags

• Key: Role, Value: QA Database
• Key: Environment, Value: Production
• Key: Function, Value: Web Server

Cost and Budget Management Tags

• Key: CostCenter, Value: 12345
• Key: Project, Value: Migration2024
• Key: BillingOwner, Value: JohnDoe

Resource Ownership and Accountability Tags

• Key: Owner, Value: AliceSmith
• Key: Team, Value: DevOps
• Key: Department, Value: IT

Location and IP Address Tags

• Key: Location, Value: East US
• Key: IP Address, Value: 12.34.56.78

Purpose and Lifecycle Tags

• Key: Purpose, Value: Backup
• Key: Lifecycle, Value: Decommission Q3
• Key: Status, Value: Active

Security and Compliance Tags

• Key: Compliance, Value: GDPR
• Key: Confidentiality, Value: High

Tags are useful for querying resources quickly via the Azure portal, CLI, or API, enabling you to group resources logically, even if they're scattered across subscriptions or regions.

• Describe the purpose of Microsoft Purview in Azure: A data governance solution to manage, discover, and classify data for compliance and insights.

• Describe the purpose of Azure Policy: Enforces rules and compliance standards across resources, ensuring consistent configurations.

• Describe the purpose of resource locks: Prevent accidental modifications or deletions with ReadOnly or Delete locks on resources.

• Describe the Azure portal: Web-based UI to manage, monitor, and configure Azure resources visually.

• Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell:
  • Azure CLI: Command-line tool for managing Azure across platforms.
  • Azure PowerShell: Scripting tool for automating Azure management tasks.
  • Cloud Shell: A browser-based shell with CLI and PowerShell tools pre-installed.

• Describe the purpose of Azure Arc: Manage and govern on-premises, multi-cloud, and edge resources with Azure tools.

• Describe infrastructure as code (IaC): Automates provisioning and managing infrastructure via code, ensuring repeatability.

• Describe Azure Resource Manager (ARM) and ARM templates:
  • ARM: Manages and deploys Azure resources via declarative templates.
  • ARM templates: JSON files defining resource configurations for repeatable deployments.

• Describe the purpose of Azure Advisor
• Describe Azure Service Health
• Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights