The AZ-900 Microsoft Azure Fundamentals certification has grown from a niche entry-level credential into one of the most widely recognized cloud certifications across the global technology industry. Organizations of every size now run workloads on Azure, and the demand for professionals who can speak confidently about cloud concepts, Azure services, and cloud economics has expanded well beyond traditional IT roles. Finance teams evaluating cloud spend, project managers overseeing cloud migrations, and business analysts working alongside engineering teams all benefit from the foundational knowledge this certification validates.
What distinguishes the AZ-900 from other entry-level certifications is its deliberate breadth. Rather than focusing narrowly on one Azure service category or technical discipline, it covers cloud concepts, core Azure services, management tools, compliance frameworks, and pricing models in a way that gives holders a complete enough picture to participate meaningfully in cloud strategy discussions. This breadth is precisely why the certification has appeal beyond technical professionals, and it explains why many organizations now include it in onboarding programs for employees who will work with cloud systems in any capacity, even if their primary responsibilities are not technical in nature.
Cloud Concepts That Anchor the Entire Exam
The AZ-900 exam begins with foundational cloud computing concepts that underpin everything else covered later in the content. The shared responsibility model is one of the most important of these concepts, defining which security and operational responsibilities belong to Microsoft and which belong to the customer depending on the type of service being consumed. In infrastructure-as-a-service scenarios, customers retain responsibility for operating system patching, network configuration, and application security. In platform-as-a-service scenarios, Microsoft takes on more of the infrastructure responsibility, and in software-as-a-service scenarios, the customer’s responsibilities shrink further to primarily data and access management.
The three cloud deployment models, public cloud, private cloud, and hybrid cloud, are also fundamental concepts that the exam tests in scenario-based questions. Public cloud refers to services delivered over the internet by a provider like Microsoft where infrastructure is shared across many customers. Private cloud involves dedicated infrastructure operated exclusively for a single organization, either on-premises or hosted by a third party. Hybrid cloud combines both models, allowing data and applications to flow between on-premises infrastructure and public cloud services based on business and technical requirements. Candidates should be able to identify the most appropriate deployment model for a described business scenario rather than simply reciting the definitions.
Core Azure Services Every Candidate Must Know
Azure Compute services form the largest and most tested service category in the AZ-900 exam. Azure Virtual Machines provide infrastructure-as-a-service compute where customers manage the operating system, applications, and data while Microsoft manages the physical hardware. Azure App Service provides a platform-as-a-service environment for hosting web applications, REST APIs, and mobile backends without managing the underlying server infrastructure. Azure Container Instances and Azure Kubernetes Service address containerized workloads at different levels of management complexity. Azure Functions delivers serverless compute where code runs in response to events without any server management responsibility falling on the customer.
Azure networking services connect compute resources to each other and to the outside world. Azure Virtual Network provides isolated private network environments within Azure where resources communicate securely. Azure VPN Gateway connects Azure virtual networks to on-premises networks through encrypted tunnels over the public internet. Azure ExpressRoute provides a dedicated private connection between on-premises infrastructure and Azure that does not traverse the public internet, offering more consistent performance and higher security assurance than VPN. Azure DNS hosts DNS domains and provides name resolution using Azure infrastructure. Candidates should understand the purpose of each networking service and recognize scenarios where one is more appropriate than another.
Azure Storage Services and Their Appropriate Use Cases
Storage is a foundational service category that the AZ-900 exam covers from both a service awareness and a use case matching perspective. Azure Blob Storage handles unstructured object data including images, videos, documents, and backups, and it supports three access tiers that align storage costs with data access frequency. The hot tier suits frequently accessed data, the cool tier addresses data accessed infrequently, and the archive tier provides the lowest cost option for data that is rarely if ever accessed and can tolerate retrieval delays measured in hours.
Azure Files provides managed file shares accessible through standard file sharing protocols that allow lift-and-shift migrations of applications that depend on network file system access. Azure Queue Storage delivers a messaging service for decoupling application components, allowing producers and consumers to operate at different rates without losing messages. Azure Table Storage offers a NoSQL key-value store for structured data that does not require complex relational queries. Exam candidates frequently encounter scenario questions asking them to select the most appropriate storage service for a described workload, making it important to understand the distinguishing characteristics of each service rather than simply knowing their names.
Identity, Access, and Security Fundamentals in Azure
Microsoft Entra ID, formerly known as Azure Active Directory, is the identity and access management service that underpins authentication and authorization across Azure and Microsoft 365. The AZ-900 exam covers Entra ID from a conceptual perspective, testing whether candidates understand the difference between authentication, which verifies who a user is, and authorization, which determines what that user is permitted to do. Multi-factor authentication adds a second verification step beyond a password, dramatically reducing the risk of account compromise from stolen credentials.
Conditional Access policies allow organizations to define rules that evaluate signals such as user location, device compliance status, and application sensitivity to determine whether to grant access, require additional verification, or block access entirely. Role-based access control governs what authenticated users can do within Azure by assigning permissions through roles rather than directly to individual users, which simplifies management as organizations grow. Microsoft Defender for Cloud provides security posture management and threat protection across Azure workloads. The AZ-900 exam does not test deep configuration knowledge of these services but expects candidates to understand their purpose and how they contribute to a defense-in-depth security approach.
Azure Management Tools and Deployment Mechanisms
Azure provides multiple tools for managing resources and deploying infrastructure, each suited to different workflows and skill sets. The Azure portal is the web-based graphical interface that provides a visual way to create, configure, and monitor Azure resources. It is intuitive for users new to Azure and useful for one-off tasks or visual exploration of service configurations, but it is not well-suited for repeatable deployments or automated workflows because portal actions are manual and cannot be scripted directly.
Azure PowerShell and the Azure CLI are command-line tools that allow administrators to manage Azure resources through scripted commands. Both tools communicate with Azure Resource Manager APIs and support automation through scripts that can be version-controlled and executed consistently across environments. Azure Resource Manager templates, written in JSON, and Bicep, a domain-specific language that compiles to ARM templates, allow infrastructure to be defined as code and deployed repeatably. Azure Cloud Shell provides a browser-based command-line environment with these tools pre-installed and pre-authenticated, removing the need to install software locally. The AZ-900 exam expects candidates to recognize when each tool is appropriate for a described scenario rather than know the specific syntax of individual commands.
Cost Management and the Azure Pricing Model
Understanding Azure pricing is one of the areas where AZ-900 candidates most frequently have gaps, because cloud pricing involves multiple dimensions that interact in non-obvious ways. The primary cost drivers in Azure are compute consumption, storage capacity, network data transfer, and the specific service tier selected for each resource. Compute costs vary significantly depending on whether resources are reserved in advance, purchased at on-demand rates, or consumed through spot pricing that offers large discounts in exchange for the possibility of interruption when Azure needs the capacity back.
Azure Cost Management provides tools for monitoring spending, setting budgets with alert thresholds, and analyzing cost trends across subscriptions and resource groups. The Azure Pricing Calculator allows prospective customers and existing users to estimate costs for planned deployments by selecting services, configuring their expected usage, and reviewing the resulting monthly estimate. The Total Cost of Ownership Calculator helps organizations compare the cost of running workloads on-premises against the equivalent Azure cost, factoring in hardware, power, cooling, labor, and facility expenses that are often underestimated in on-premises cost analyses. Candidates should be able to identify which tool is appropriate for a described cost management or estimation scenario.
Service Level Agreements and the Concept of Composite SLAs
Microsoft publishes service level agreements for each Azure service that specify the uptime guarantee Microsoft commits to and the remediation available to customers when that guarantee is not met. The AZ-900 exam tests whether candidates understand what SLAs mean in practical terms and how they combine when multiple services are used together in a single application. A single service with a 99.9 percent uptime SLA allows approximately 8.7 hours of downtime per year, while a 99.99 percent SLA reduces that to approximately 52 minutes per year.
When an application depends on multiple Azure services, the effective uptime guarantee of the application is the product of the individual service SLAs rather than the minimum among them. An application that requires both a virtual machine with a 99.9 percent SLA and a SQL database with a 99.99 percent SLA has a composite SLA of approximately 99.89 percent, which is lower than either individual SLA. This calculation demonstrates why highly available application architectures use redundant deployments across availability zones or regions, because redundancy improves the effective availability beyond what a single instance of any service can provide. Candidates who understand this concept can answer composite SLA calculation questions correctly rather than guessing based on an incomplete mental model.
Compliance, Privacy, and Data Governance on Azure
Microsoft operates Azure under a comprehensive compliance framework that addresses the requirements of regulatory bodies and industry standards across dozens of countries and sectors. The AZ-900 exam covers the major compliance frameworks that Azure supports, including ISO 27001, SOC 1 and SOC 2, PCI DSS, HIPAA, and various government-specific certifications. Candidates do not need to know the detailed technical requirements of each framework but should understand that Microsoft maintains certifications and audit reports demonstrating compliance, which customers can inherit as part of their own compliance posture when they use Azure services.
Microsoft Purview provides data governance capabilities that help organizations catalog, classify, and manage their data assets across Azure and other environments. The Trust Center is Microsoft’s public resource for information about privacy, security, and compliance practices across Microsoft products including Azure. Service Trust Portal provides access to audit reports, compliance guides, and assessment tools that customers and auditors can use to evaluate Azure’s compliance posture. The AZ-900 exam expects candidates to know what each of these resources provides and when an organization would consult them, which makes understanding their distinct purposes more important than memorizing specific details about their contents.
Availability Zones and Region Pairs for Resilience
Azure organizes its global infrastructure into regions, each consisting of one or more physically separate datacenters connected by low-latency network links. Availability zones are distinct physical locations within a region, each with independent power, cooling, and networking, that allow applications and data to be distributed across multiple failure domains within a single region. Deploying resources across availability zones protects against datacenter-level failures and is the recommended approach for production workloads that require high availability within a single region.
Region pairs are two Azure regions within the same geography that Microsoft designates as backup locations for each other. When Microsoft performs platform maintenance that could affect service availability, it sequences updates across paired regions to reduce the risk that both regions experience disruption simultaneously. Some Azure services replicate data automatically to the paired region, providing geographic redundancy without additional customer configuration. The AZ-900 exam tests whether candidates understand the difference between availability zones, which provide redundancy within a region, and region pairs, which provide redundancy across regions, and can identify the appropriate resilience approach for a described scenario based on the recovery requirements stated in the question.
Azure Governance Tools for Organizational Control
Governance in Azure involves the policies, processes, and tools that ensure resources are deployed and operated in accordance with organizational standards and regulatory requirements. Azure Policy is the primary governance tool, allowing administrators to define rules that evaluate resource configurations and either audit non-compliant resources, prevent non-compliant deployments from occurring, or automatically remediate configurations that drift from the defined standard. Management groups organize subscriptions into a hierarchy that allows policies and access controls to be applied at multiple levels and inherited downward through the hierarchy.
Azure Blueprints, now transitioning toward Azure Deployment Environments and other successor capabilities, provided a way to package governance artifacts including policies, role assignments, and resource templates into a single deployable unit that could be applied consistently across new environments. Resource locks prevent accidental modification or deletion of critical resources by requiring the lock to be explicitly removed before protected operations can proceed. The AZ-900 exam covers these governance tools from a conceptual and use-case perspective, testing whether candidates can match the right governance mechanism to a described organizational requirement rather than requiring knowledge of specific configuration syntax.
Cloud Benefits That Drive Enterprise Adoption
The business case for cloud adoption rests on a set of core benefits that the AZ-900 exam expects candidates to articulate clearly. High availability refers to the ability of cloud platforms to keep services running continuously through redundant infrastructure and automatic failover mechanisms. Scalability allows applications to handle varying demand levels by adding or removing resources in response to workload changes, either vertically by increasing the capacity of individual resources or horizontally by adding more instances. Elasticity extends scalability by enabling automatic adjustment of resources in real time without human intervention, which is particularly valuable for workloads with unpredictable demand patterns.
Agility in cloud environments refers to the speed at which new resources can be provisioned and new capabilities can be deployed compared to traditional on-premises infrastructure procurement cycles that can take weeks or months. Geographic distribution allows organizations to deploy applications close to their users around the world by selecting from Azure regions on six continents. Disaster recovery capabilities in Azure allow organizations to implement resilient architectures that can recover from failures far more quickly and at lower cost than equivalent on-premises disaster recovery solutions require. Understanding these benefits in concrete terms rather than as abstract marketing concepts allows candidates to answer scenario questions about why an organization would choose cloud services with confidence and precision.
ConclusionÂ
Effective preparation for the AZ-900 exam combines conceptual study with hands-on exploration of the Azure platform itself. Microsoft Learn provides a free, structured learning path aligned to the current exam objectives that covers every topic area through a combination of reading, interactive exercises, and knowledge checks. Working through this learning path from beginning to end gives candidates a comprehensive baseline and identifies areas where additional depth is needed. The modules are short enough to complete in focused study sessions without requiring large blocks of uninterrupted time, which makes consistent daily progress practical even for busy professionals.
Hands-on exploration using an Azure free account solidifies conceptual knowledge by allowing candidates to see and interact with the services described in study materials. Creating a virtual machine, configuring a storage account, reviewing the cost management dashboard, and browsing the Azure Policy built-in definitions all build familiarity that makes exam questions feel more concrete and approachable. Practice exams from reputable providers help calibrate readiness and expose specific topic areas where understanding remains shallow. Reviewing the rationale behind incorrect answer choices is as valuable as confirming correct ones because it surfaces misconceptions before they cause problems on the actual exam. Candidates who combine structured learning, hands-on practice, and deliberate review of weak areas consistently report feeling well-prepared when they sit for the exam, and that preparation translates directly into the confidence needed to work through scenario-based questions methodically and accurately.