As a candidate for this exam, you’re a technology professional who wants to demonstrate foundational knowledge of cloud concepts in general and Microsoft Azure in particular. This exam is a common starting point in a journey towards a career in Azure.

You can describe Azure architectural components and Azure services, such as:

• Compute
• Networking
• Storage

You can also describe features and tools to secure, govern, and administer Azure.

You should have skills and experience working with an area of IT, such as:

• Infrastructure management
• Database management
• Software development

1. Describe cloud concepts (25–30%)
2. Describe Azure architecture and services (35–40%)
3. Describe Azure management and governance (30–35%)

• Define cloud computing: On-demand delivery of IT resources over the internet with pay-as-you-go pricing.

• Describe the shared responsibility model: Cloud providers secure infrastructure; users secure data, OS, and apps based on service type.

• Define cloud models, including public, private, and hybrid: Public: shared infra; Private: exclusive infra; Hybrid: mix of both for flexibility.

• Identify appropriate use cases for each cloud model:
  • Public: scalable apps;
  • Private: sensitive data;
  • Hybrid: compliance or diverse workloads.

• Describe the consumption-based model: Pay only for what you use; no upfront costs or overprovisioning.

• Compare cloud pricing models: Pay-as-you-go: flexible; Reserved Instances: cheaper for fixed terms; Spot Instances: low-cost unused capacity.

• Describe serverless: Cloud runs code automatically, scaling as needed; no server management.

• Describe the benefits of high availability and scalability in the cloud: Ensures uptime, handles demand spikes seamlessly, and reduces downtime.

• Describe the benefits of reliability and predictability in the cloud: Redundant systems ensure consistency; predictable costs with usage-based pricing.

• Describe the benefits of security and governance in the cloud: Built-in compliance tools, advanced threat protection, and access controls.

• Describe the benefits of manageability in the cloud: Centralized management with automated updates, monitoring, and resource optimization.

• Describe infrastructure as a service (IaaS): Provides virtualized computing resources like VMs, storage, and networks; user manages OS and apps.

• Describe platform as a service (PaaS): Provides a managed platform for app development, with tools, runtime, and hosting; no server management.

• Describe software as a service (SaaS): Fully managed software delivered over the internet; users access apps without managing infrastructure.

• Identify appropriate use cases for each cloud service type (IaaS, PaaS, and SaaS):
  • IaaS: Hosting VMs, backup storage.
  • PaaS: App development, testing.
  • SaaS: Email, collaboration tools like Office 365.

Here’s how Contoso Electronics could leverage each cloud service type to migrate their old Testing/QA Server 2012 R2 to Azure, with examples:

IaaS: Contoso could create a virtual machine (VM) in Azure running Windows Server. They manage the OS, apps, and updates.

• Example: Azure Virtual Machines
• Analogy: OpenStack or Proxmox. These provide virtualized infrastructure where you manage VMs, storage, and networking.

PaaS: If the testing/QA workload involves a specific app, Contoso could migrate the app to an Azure App Service or Azure DevTest Labs, removing the need to manage the underlying OS.

• Example: Azure App Service
• Analogy: Red Hat OpenShift or Heroku (Linux-based environments). These platforms let you deploy and manage applications with containerization or built-in frameworks.

SaaS: For simpler QA/testing needs, Contoso could use SaaS-based testing tools (e.g., Azure DevOps Test Plans) without managing infrastructure or platforms.

• Example: Azure DevOps
• Analogy: Nextcloud or GitLab hosted (when using a managed service). These are end-user applications delivered as fully managed services, just like Office 365 or Google Workspace.

Each analogy aligns with control levels:

• IaaS = Full control (like your own virtualized datacenter).
• PaaS = App-first focus (abstracts infrastructure).
• SaaS = Just consume the service.

• Describe Azure regions, region pairs, and sovereign regions:
  • Regions: Geographical areas with datacenters.
  • Region pairs: Linked regions for disaster recovery.
  • Sovereign regions: Comply with local laws (e.g., China, Germany).

• Describe availability zones: Physically separate datacenters within a region, offering high availability and fault tolerance.

• Describe Azure datacenters: Secure facilities housing servers and infrastructure, powering Azure services globally.

• Describe Azure resources and resource groups:
  • Resources: Azure services like VMs or storage.
  • Resource groups: Logical containers to manage related resources.

• Describe subscriptions: Units of billing, resource organization, and access management in Azure.

• Describe management groups: Containers to organize multiple subscriptions, applying governance and policies at scale.

• Describe the hierarchy of resource groups, subscriptions, and management groups:
  • Management groups
    • Subscriptions
      • Resource groups
        • Resources; defines control and organization levels.

• Compare compute types, including containers, virtual machines, and functions:
  • VMs: Full control, customizable OS.
  • Containers: Lightweight, portable app environments.
  • Functions: Event-driven, serverless compute.

• Describe virtual machine options, including Azure virtual machines, Azure Virtual Machine Scale Sets, availability sets, and Azure Virtual Desktop:
  • Azure VMs: Customizable virtual servers.
  • Scale Sets: Autoscaling for multiple VMs.
  • Availability Sets: Group VMs for high availability.
  • Azure Virtual Desktop: Cloud-hosted desktops.

• Describe the resources required for virtual machines: VMs need CPU, memory, storage, OS image, and networking components (e.g., NICs, IPs).

• Describe application hosting options, including web apps, containers, and virtual machines:
  • Web Apps: PaaS for hosting websites.
  • Containers: Portable, efficient app hosting.
  • VMs: Full-stack app hosting with more control.

• Describe virtual networking, including the purpose of Azure virtual networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute:
  • Virtual Networks: Private Azure network.
  • Subnets: Subdivisions of networks.
  • Peering: Connects virtual networks.
  • Azure DNS: Domain name services.
  • VPN Gateway: Secure on-premises to cloud connections.
  • ExpressRoute: Dedicated high-speed connectivity to Azure.

• Define public and private endpoints:
  • Public endpoints: Expose services to the internet.
  • Private endpoints: Securely access Azure services via private IPs.

• Compare Azure Storage services:
  • Blob: Unstructured data.
  • File: Shared network file storage.
  • Queue: Message queuing for apps.
  • Table: NoSQL key-value storage.

• Describe storage tiers:
  • Hot: Frequent access.
  • Cool: Infrequent access, lower cost.
  • Archive: Rare access, cheapest, slower retrieval.

• Describe redundancy options:
  • LRS (Locally Redundant Storage):
    • Use case: Best for data that doesn't need to be replicated outside the region (e.g., backups for compliance in a single location).
    • Example: Storing daily backups of a local office application server.

• ZRS (Zone-Redundant Storage):
  • Use case: Critical data requiring high availability within a single Azure region, protected against datacenter failures.
  • Example: Hosting a website's static assets, ensuring uptime in case one datacenter fails.

• GRS (Geo-Redundant Storage):
  • Use case: Ensures disaster recovery for critical workloads, replicating data to a secondary region.
  • Example: Storing financial transaction logs for a global e-commerce site.

• RA-GRS (Read-Access Geo-Redundant Storage):
  • Use case: Same as GRS but allows read access to the secondary region, improving performance for global reads.
  • Example: A news website serving cached articles to readers worldwide during a primary region outage.

• Describe storage account options and storage types:
• Storage accounts: General-purpose (v1/v2) or Blob-specific.
• Types: Standard (HDD), Premium (SSD).

• Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync:
  • AzCopy: CLI for bulk file transfers.
  • Storage Explorer: GUI for managing Azure Storage.
  • File Sync: Sync on-premises files with Azure.

• Describe migration options, including Azure Migrate and Azure Data Box:
  • Azure Migrate: Assess and migrate workloads to Azure.
  • Data Box: Physical appliance for large data transfers.

• Describe directory services in Azure, including Microsoft Entra ID and Microsoft Entra Domain Services:
  • Microsoft Entra ID: Azure's identity management platform for SSO, MFA, and user authentication.
  • Entra Domain Services: Managed Active Directory-compatible domain services in Azure.

• Describe authentication methods in Azure, including single sign-on (SSO), multi-factor authentication (MFA), and passwordless:
  • SSO: One login for multiple apps.
  • MFA: Verifies identity using multiple factors (e.g., password + SMS).
  • Passwordless: Authenticates via biometrics or device-based methods.

• Describe external identities in Azure, including business-to-business (B2B) and business-to-customer (B2C):
  • B2B: Securely collaborate with external partners using Entra ID.
  • B2C: Manage customer identities with self-service sign-up and authentication.

• Describe Microsoft Entra Conditional Access:
  • Policies to enforce access control based on conditions like location, device, or risk.

• Describe Azure role-based access control (RBAC): Manage access by assigning roles to users, groups, or apps at a granular level (e.g., Reader, Contributor).

• Describe the concept of Zero Trust: Trust nothing, verify everything: enforce strict identity, device, and access verification.

• Describe the purpose of the defense-in-depth model: Multi-layered security approach, protecting resources at all levels (e.g., network, identity, application).

• Describe the purpose of Microsoft Defender for Cloud: Monitors and secures cloud resources, detects threats, and enforces security best practices.

• Describe factors that can affect costs in Azure: Factors include resource type, region, storage/compute tiers, bandwidth, reserved instances, and usage patterns.

• Compare the pricing calculator and the Total Cost of Ownership (TCO) Calculator:
  • Pricing Calculator: Estimates costs for specific Azure resources.
  • TCO Calculator: Compares on-premises vs. Azure costs to determine long-term savings.

• Describe cost management capabilities in Azure: Tools to track, analyse, and optimize spending, including budgets, alerts, and recommendations.

• Describe the purpose of tags: Tags categorize resources for cost tracking, organization, and governance (e.g., by department or project).

Tags in Azure are key-value pairs that users create to organize and manage their resources. They're flexible and customizable, making them useful for filtering, reporting, and governance. Here are some examples of commonly used tags:

Role-Based Tags

• Key: Role, Value: QA Database
• Key: Environment, Value: Production
• Key: Function, Value: Web Server

Cost and Budget Management Tags

• Key: CostCenter, Value: 12345
• Key: Project, Value: Migration2024
• Key: BillingOwner, Value: JohnDoe

Resource Ownership and Accountability Tags

• Key: Owner, Value: AliceSmith
• Key: Team, Value: DevOps
• Key: Department, Value: IT

Location and IP Address Tags

• Key: Location, Value: East US
• Key: IP Address, Value: 12.34.56.78

Purpose and Lifecycle Tags

• Key: Purpose, Value: Backup
• Key: Lifecycle, Value: Decommission Q3
• Key: Status, Value: Active

Security and Compliance Tags

• Key: Compliance, Value: GDPR
• Key: Confidentiality, Value: High

Tags are useful for querying resources quickly via the Azure portal, CLI, or API, enabling you to group resources logically, even if they're scattered across subscriptions or regions.

• Describe the purpose of Microsoft Purview in Azure: A data governance solution to manage, discover, and classify data for compliance and insights.

• Describe the purpose of Azure Policy: Enforces rules and compliance standards across resources, ensuring consistent configurations.

• Describe the purpose of resource locks: Prevent accidental modifications or deletions with ReadOnly or Delete locks on resources.

• Describe the Azure portal: Web-based UI to manage, monitor, and configure Azure resources visually.

• Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure PowerShell:
  • Azure CLI: Command-line tool for managing Azure across platforms.
  • Azure PowerShell: Scripting tool for automating Azure management tasks.
  • Cloud Shell: A browser-based shell with CLI and PowerShell tools pre-installed.

• Describe the purpose of Azure Arc: Manage and govern on-premises, multi-cloud, and edge resources with Azure tools.

• Describe infrastructure as code (IaC): Automates provisioning and managing infrastructure via code, ensuring repeatability.

• Describe Azure Resource Manager (ARM) and ARM templates:
  • ARM: Manages and deploys Azure resources via declarative templates.
  • ARM templates: JSON files defining resource configurations for repeatable deployments.

• Describe the purpose of Azure Advisor: A recommendation engine that suggests ways to optimize costs, security, performance, and reliability of Azure resources.

• Describe Azure Service Health: A personalized dashboard that shows service issues, planned maintenance, and health advisories affecting your Azure resources.

• Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and Application Insights:
  • Azure Monitor: Collects and analyzes metrics/logs to monitor Azure resources and applications.
  • Log Analytics: Queries and analyzes log data from multiple sources for troubleshooting.
  • Azure Monitor Alerts: Creates notifications or automated actions based on performance or log conditions.
  • Application Insights: Monitors application performance, availability, and usage with telemetry and diagnostics.

A: Handling Subscription Limits in Azure

• Contact Azure Support for resource limit increases (e.g., vCPU).
• Avoid creating multiple subscriptions to resolve limit issues.

B: Azure Subscription Types

• Azure for Students: Free credits and 12 months of free services.
• Pay-As-You-Go: Pay only for used resources; no upfront costs.
• Free Trial: Limited-time free access to Azure resources; one per account.

C: Management Group Limitations

• Single parent per management group or subscription.
• Max six levels in hierarchy.
• Limited total number of management groups.

D: Using Management Groups in Azure

• Apply policies and governance across subscriptions.
• Restrictions in a management group affect resource creation in subscriptions.

E: Understanding Containers

• Containers are self-contained packages with everything an app needs to run.
• Deployable across various environments.
• Must match the host OS (Linux/Windows).

F: Azure Container Options

• Azure Container Instances (ACI): Easy setup with minimal configuration.
• Azure Kubernetes Service (AKS): Advanced container orchestration.
• DNS label or image changes require re-creating the instance.

G: Azure Functions and Microservices

• Azure Functions: Run based on microservices architecture; pay per execution time.
• App Service Plan: Logical container for running VMs.

H: Load Balancing in Azure

• Azure Scale Sets: Layer 4 traffic with load balancers; Layer 7 traffic with Application Gateway.
• Azure App Services: Staging environments, SSL, custom domains, and CLI tools.

I: Memory-Optimized Virtual Machines (VMs)

• High memory-to-CPU ratio.
• Best for in-memory analytics, relational databases, and memory-intensive workloads.

J: Azure App Service Tiers

• Standard Tier: 99.95% uptime, 50 GB storage, unlimited apps.
• Six tiers tailored to specific workloads and performance needs.

K: Azure Container Registry (ACR)

• Stores and manages container images for ACI and AKS.
• Ensures secure image access using Azure identity and security features.

L: Monitoring and Insights Tools

• Azure Monitor: Performance and operational insights.
• Azure Advisor: Recommendations to optimize Azure resources.
• Azure Sentinel: Cloud-native security and incident management.

M: Scaling and Storage in AKS

• Cluster Autoscaler: Adjusts nodes based on demand.
• Persistent storage with support for static and dynamic volumes.

N: Azure Virtual Desktop Load Balancing

• Breadth Mode: Users distributed sequentially across VMs for performance.
• Depth Mode: Assign users to one VM at a time to reduce costs.
• Automatic provisioning of VMs during high demand.

O: Global Scalability and Disaster Recovery

• Global Scalability: Enables worldwide service delivery by dynamically increasing resources like computing power, bandwidth, and storage based on demand.
• Disaster Recovery: Redundant sites can become operational within hours of disruptions like power outages or natural disasters. Regular data replication across multiple data centers ensures availability even if one location fails.

P: Azure Hybrid Cloud and Connectivity Options

• Hybrid Cloud Connectivity:
• Azure Hybrid Cloud: Links on-premises networks with Azure Cloud.
• Virtual Network and Express Routes: Facilitate secure hybrid connections.
• Application Integration Tools:
• Service Bus: Transfers messages between applications.
• Custom Connectors and External Databases: Enable seamless integration.

Q: Azure Stack and Private Cloud Deployment

• Azure Stack:
• A comprehensive solution for hybrid cloud deployment, combining software and validated hardware.
• Allows running Azure services on-premises, simplifying the transition to cloud environments.
• Private Cloud:
• Can be hosted on-premises or in a third-party data center.
• Infrastructure is dedicated to a single organization, offering high levels of privacy and security.

R: Core Cloud Features

• Reliability: Logical placement of resources ensures consistent application performance during peak traffic.
• High Availability: Maintains a 99.999% uptime through redundancy and proactive management.
• Manageability: Alerts and application insights aid in monitoring and optimizing resource performance.

S: Scaling in Cloud Environments

• Horizontal Scaling (Scaling Out): Adds more VMs with identical configurations to share increased workloads.
• Vertical Scaling (Scaling Up): Migrates applications to more robust VMs with enhanced features like SSDs or increased memory.
• Elasticity: Automatic scaling based on metrics like CPU and memory usage adapts dynamically to workload changes.

T: Cloud Models and Security Levels

• Private Cloud: Fully dedicated infrastructure, offering the highest security.
• Public Cloud: Shared multi-tenant environment with robust but less exclusive security.
• Hybrid Cloud: Combines elements of both, balancing flexibility and control.
• Government Cloud: Exclusive environments like Azure USA and Azure China, tailored for governmental use with maximum security.

U: Cloud Service Models

• IaaS: Requires installing and configuring software like PHP and database connections.
• PaaS: Simplifies deployment by managing the infrastructure for you.
• SaaS: Fully managed software ready for immediate use, ideal for reducing IT overhead.
• XaaS: Extends to any service, providing customizable bare-bone solutions for specific needs.

V: Agility in Cloud Development

• Cloud Agility: Facilitates rapid development, testing, and deployment of applications.
• Benefits: Accelerates response to market changes and customer demands, enhancing organizational competitiveness.

W: Azure Availability Strategies

• Availability Zones: Provide redundancy within an Azure region by distributing resources across multiple data centers.
• Availability Sets: Place VMs in different server racks within the same data center for fault tolerance.
• Zone-Redundant Services: Use features like Zone-Redundant Storage (ZRS) for enhanced reliability.

X: Data Replication and Regional Pairs

• Regional Pairs: Two regions within the same geography are updated sequentially to ensure uninterrupted availability.
• Multi-Region Replication: Safeguards data by duplicating it across regions, offering resilience against localized disasters.

Y: Cost Management with Resource Groups

• Resource Groups: Organize resources with shared lifecycles for easier management.
• Cost Allocation: Assign expenses to departments by structuring resource groups (e.g., Sales, IT Support).

Z: Azure Subscription Limits

• Defined Quotas: Establish maximum allowances for resources like storage accounts (250 per region), VMs (25,000 per region), and resource groups (980 globally).
• Purpose: Facilitates efficient management and prevents resource overutilization.