Easily Pass the Microsoft AZ-900 Exam Today for Free

The AZ-900 Exam is required to become Microsoft Certified in Azure Fundamentals. The exam titled Exam AZ-900: Microsoft Azure Fundamentals is the first exam in a long line of different Microsoft Azure certifications. The exam is often the first exam you take when you are at the start of your journey with Microsoft Azure. 

This exam will prove that you have foundation-level knowledge of Microsoft Azure and is intended for candidates who are new to Microsoft Azure and are beginning their cloud journey. It may be that they have just started to work with Microsoft Azure or that they are hoping to move to an Azure-involved job. 

What we will cover in this article

By the end of the article, we hope that you have a good understanding of the requirements of the AZ-900 exam and are fully prepared to take the exam following the best study courses. Also to start us off on the right track you can find out here how to get Free Microsoft Exam Certifications directly from Microsoft.

AZ-900 Exam Requirements Breakdown

The exam requirements are clearly broken down by Microsoft in their skills outline here. To summarise the categories you must learn, here are the exam requirements are broken down.

Describe Cloud Concepts (20-25%)

  • Identify the benefits and considerations of using cloud services
    • Using cloud services is typically cheaper to use, it allows you to rent resources and only pay for what you need. In our case, renting directly from a Microsoft Azure data centre. Azure will then take care of all the physical upkeep of the equipment for you. Other benefits include the ability to operate a hybrid topology (both on-premise and the cloud, your infrastructure is always up to date with evolving technologies, and your infrastructure is always secure.
  • Describe the differences between categories of cloud services
    •  IaaS or Infrastructure as a service is where you control everything from the operating system to data and software and your providers manage everything physical such as hardware, storage, and networking. An example of this would be an Azure Virtual Machine.
    • PaaS or Platform as a service is where you only control the data and applications and the cloud provider managed everything included in including the operative system and additional components. An example of this would be Azure App Services or Azure CDN.
    • SaaS or Software as a service is where the cloud providers handle everything from the physical hardware, to the operating system and the applications that run on it. You only use the software that is provided by the provider. An example of this would be your Office 365 email account.
  • Describe the differences between types of cloud computing
    • Public Cloud, with public cloud you are able to rent on-demand services in which the infrastructure is managed by a third party such as Microsoft Azure or Amazon AWS.
    • Private Cloud, private cloud means that the infrastructure and services are only used by a single tenant and the services are not able to be rented by others.
    • Hybrid Cloud, the hybrid cloud model means to have mixed services between on-premise and the cloud (private or Hybrid). For example, you may have a file server on premise for your organisation and also use Microsoft 365 Exchange Online for email services. This is an example of a Hybrid Cloud.

Describe Core Azure Services (15-20%)

  • Describe the core Azure architectural components
    •  Azure regions are sets of data centers that are connected through a low-latency network. This ensures services within the Azure region offer good performance and security. Region pairs consist of 2 regions located geographically close, Azure will schedule platform update with the paired region to ensure availability should a problem occur.
    • Availability Zones are physically separate locations within an Azure region that are tolerant to faults as they consist of more than one data center. They are connected through low-latency network links to allow you to build redundancy in your infrastructure.
    • Resource groups are logical groups that contain related Azure resources. All resources within the groups can be managed as a group and will likely relate to a specific solution or group of similar resources. Resource groups also allow you to better manage Azure costs, administration and allow for role-based access.
    • Azure Subscriptions is a single billing unit for all the Azure resources assigned to it. There are free subscriptions, pay-as-you-go subscriptions (when you pay for only what you use), and other subscriptions where Microsoft offers services at a reduced rate or offer a certain amount of credits.
    • Azure Management Groups provide a level of control or management above subscriptions. They allow you to manage multiple subscriptions by grouping them into containers called management groups. You can then apply governing conditions to those management groups. For example, a policy can be applied to a management group that limits the region’s resources can be provisions in all contained subscriptions.
    • Azure Resource Manager provides you the ability to manage resources through templates rather than through scripts. It is a management layer that allows you to deploy, manage and monitor your resources in Azure. 
    • An Azure resource is a controllable item in Azure such as a virtual machine, virtual NIC, web app, database, resource group, or subscription.
  • Describe core resources available in Azure
    •  Virtual Machines are contained server operating systems (The same as your traditional on-premise virtual machine within Hyper-V) of your desire with a set of defined resources such as CPU, Memory, and bandwidth. They can be scaled up or scaled out to meet demand, on-demand.
    • Azure App Services allow you to build and host web apps in the programming language of your choice without having to manage any infrastructure. 
    • Azure Container Instanced (ACI) allows developers to create and deploy container instances reducing the management so containers can be deployed in seconds.
    • Azure Kubernetes services (AKS) is Azure’s serverless Kubernetes services offering continuous integration and continuous delivery (Ci/CD). 
    • Azure Virtual Desktop is Azure’s multi-session Windows Desktop (VDI) experience allowing you to access a hosted desktop from anywhere. This breaks traditional Windows licensing protocol by allowing users to use existing eligible Windows licenses.
    • Virtual Networks or an Azure VNET is your logical isolated network in Azure. Treat the concept the same as your on-premise network to manage IP addressing build your infrastructure on it. 
    • VPN Gateway connected your on-premise network to your Azure network through an encrypted site-to-site VPN link. It can be also used to connect between Azure Virtual Networks to encrypt traffic.
    • Virtual Network Peering allows you to connect to Azure virtual networks to allow traffic traverse between them over Microsoft infrastructure through a low-latency private connection. 
    • Express Route is a direct private link between your on-premises network and Azure that is a facility by an internet service provider (ISP).
    • Blob Storage is optimised for storing massive amounts of unstructured data that does not adhere to a particular data model. It is the best user for streaming video/audio files, serving images, writing to log files, storing backup data, or storing analytics data.
    • Azure Managed Disk are virtual disks (similar to your on-premise virtual disks created in Hyper-V) that are used with Virtual Machines. The types of disks available include Standard HDDs, Standard SSD, Premium SSD, and Ultra disks (with the performance scale in that order).
    • Azure File Storage allows you to create managed file shares that can be directly mapped to your Workstation or Servers and accessed over SMB 3.0.
    • Storage Tiers allow you to access your blob data most cost-effectively. You have a hot tier that is used to store data frequently access, a cool tier used for accessing data that is infrequently accessed, and an archive tier used for accessing data that is rarely accessed. 
    • Cosmos DB is a propriety NoSQL serverless database with a fast response time that is instantly scalable to any size with enterprise-grade security. 
    • Azure SQL Database is a managed relational database service that is serverless in design. It is usually referred to as DBaaS (Database as a service).
    • Azure Database for MySQL is a managed database service that allows you to run a managed MySQL database instance allowing you to offload administration tasks.
    • Azure Database for PostgreSQL is a managed database service that allows you to run a managed PostgreSQL database instance.
    • SQL Managed Databases are Azure Managed SQL Instances that act as a PaaS offering with fully-fledged database control. You can connect and manage your database using traditional SQL management tools.
    • Azure Marketplace is an online store offering applications and services built on or to integrate with Azure. You can purchase applications to easily create infrastructure in Azure.
Describe core solutions and management tools on Azure (10-15%)
  • Describe core solutions available in Azure
    • Internet of things (IoT) Hub enables secure and reliable communication between your IoT application and the devices it manages. It allows you to extend your IoT solution to the cloud as a managed solution.
    • IoT Central is an application platform that allows you to build your IoT solutions while reducing the burden of cost and management.
    • Azure Sphere is a high-level application platform that is comprised of a microcontroller unit and Linux-based OS for IoT devices and a cloud bases security service that provides continuous security services.
    • Azure Synapse Analytics is an analytics service that allows you to query data using serverless on-demand queries or using provisioned resources for more on-demand data warehousing needs. It brings together the need for Data Warehousing and Big Data analytics.
    • HD Insight allows you to process large amounts of data in a customisable environment using open-source frameworks such as Hadoop, Spark, Hive, and many more.
    • Azure Databricks is an analytics platform optimised for use with the Microsoft Azure cloud services platform. It offers 3 environments for developing data-intensive applications: Databricks SQL, Databricks Data Science and Engineer, and Databricks Machine Learning.
    • Azure Machine Learning allows you to implement Machine Learning operations into your organization by providing a platform for you to manage machine learning projects from each department within your organization. 
    • Azure Cognitive Services is a cloud-based service that allows you to build cognitive intelligence into your applications. It provides REST APIs and various client library SDKs to help you develop your applications.
    • Azure Bot Service allows you to develop conversational bot experiences for your applications. These can then be integrated with various systems for more advanced use cases. It provides a visual designed for your to author dialogue experiences to create dynamic conversations.
    • Azure Functions is a server solution to create and run pieces of code within your environment, minimising the amount of infrastructure required and reducing costs.
    • Azure Logic Apps allows you to create automated workflows that help integrate your applications and systems. An example of using logics apps would be to send email notifications when a specific event happens in your environment, application, or system.
    • Azure DevOps provides version control, reporting, automated software build, and project management for your development environment. It provides a similar experience to GitHub.
    • GitHub provides a full solution for your development project similar to Azure DevOps. GitHub Actions makes it easy to automate software workflows with CI/CD practices to automate code Building and testing.
    • Azure DevTest Labs enables developers to self-manage Platform as a Service (PaaS) offering without waiting for approval. Labs are created on a pre-configured basis of Azure Resource Manager (ARM) templates. It allows you to quickly test the latest versions of your applications.
  • Describe Azure management tools
    •  The Azure Portal is a web-based management console that allows you to manage everything in Azure. It is cross-platform and can be accessed from any browser.
    • Azure PowerShell is an extension of traditional PowerShell in the form of a module named Az which contains its unique cmdlets to manage your Azure environment.
    • Azure CLI is a command-line interface (similar to PowerShell) and contains a set of commands used to create and manage Azure resources. It can be installed in Windows, Linux, macOS, Docker, and Azure Cloud Shell.
    • Azure Cloud Shell is a browser-based shell (command line) environment that provides multiple different command-line tools such as Azure CLI, Azure PowerShell, Terraform, and many more.
    • The Azure Mobile App can be installed on IOS or Andriod and allows you to monitor your Azure resources. It is not recommended to use the mobile app to create/manage your resources.
    • Azure Advisor provides recommendations based on the configuration of your Azure services. Recommendations are given based on costs, performance, reliability, and security. 
    • Azure Resource Manager (ARM) Templates are JavaScript Object Notation (JSON) files that define the resources and configuration of your project or environment.
    • Azure Monitor allows you to monitor the performance of your services by collecting and analyzing telemetry data from your Azure and on-premise services.
    • Azure Service Health informs you of any alerts or outages on the Azure platform.
Describe general security and network security features (10-15%) 
  • Describe Azure security features
    • Azure Security Centre provides unified security management across your on-premises, Azure, and non-Azure cloud infrastructure. 
    • The Azure Key Vault service allows you to securely store keys, secrets, and passwords allowing them to be tightly controlled.
    • Azure Sentinel is Azure’s security information event management (SIEM) system and allows you to orchestrate automated responses to security incidents. 
    • Azure Dedicated Hosts is a service that provides you with dedicated physical servers on which you can host multiple virtual machines.
  • Describe Azure network security
    • The Concept of defense in depth us to employ a series of mechanisms to slow the advance of an attack on your network. It is a multi-layer security approach so if one layer is breached the subsequent layer protects to prevent further exposure.
    • Network Security Groups (NSGs) allow you to filter traffic to and from Azure resources in a virtual network. An NSG contains rules that allow or deny traffic based on the source/destination, port, and protocol.
    • Azure Firewall is Azure’s cloud-based network firewall security service. It comes in two flavors which are Standard and Premium. Standard offered L3-L7 filtering and threat intelligence and Premium includes additional features such as signature-based IDPS for rapid threat detection.
    • Azure DDoS Protection is offered at the basic level for free by default for all of your Azure resources. Azure DDoS Protection Standard is an additional offer of enhanced DDoS protection and mitigation features to defend against DDoS attacks.
Describe identity, governance, privacy, and compliance features (15-20%) 
  • Describe core Azure identity services
    •  Authentication vs Authorisation. Authentication is the process of verifying who you are and authorisation is deciding whether you have access to a particular resource.
    • Azure Active Directory
    • Conditional Access is a tool with Azure Active Directory which will make decisions and enforce certain policies (like enforcing MFA) based on rules you define.
    • Multi-Factor Authentication is the process of having a second layer of authenticating who you are when logging into your account. For example, your password is something you know and your mobile phone is something you have.
    • Single Sign-On allows the user to automatically sign in to Azure AD when they are on their corporate device connected to their corporate network.
  • Describe Azure governance features
    • Role-Based Access Control in Azure allows you to manage who has access to certain resources and what they can do with the resources. It is built on Azure Resource Manager and provided fine-grained access management to Azure resources.
    • Resource Locks allows you to prevent users from making changes (such as modifying or deleting) to resources in Azure.
    • Tags are name-pair values that you can assign to resources in Azure, allowing you to organise them, apply policies, and report in cost management.
    • Azure Policy allows you to create policies that control or enforce settings on resources. For example, you can use Azure Policy to prevent users from creating resources in other regions or creating resources without a tag assigned.
    • Azure Blueprints allows engineers to design a project and define its parameters. You can then repeat the deployment of the parameters over again. 
    • Cloud Adoption Framework for Azure is a collection of documentation that provides guidance and best practice for your cloud deployments.
  • Describe privacy and compliance resources
    • Core tenets of Security, Privacy, and Compliance
    • The purpose of the Microsoft Privacy Statement, Online Service Terms (OST), and Data Protection Amendment (DPA)
      •  The Microsoft Privacy Statement explains what personal data Microsoft processes, how it is processed, and for what purpose.
      • The Online Service Terms define the terms and conditions governing the use of the Microsoft Products and professional services acquired through the Microsoft licensing program.
      • The Data Protection Amendment 
    • The Azure Trust Center provides support and resources for the community on legal and compliance requirements.
    • Azure provides Compliance Documentation a wealth of compliance documentation that can be found at https://docs.microsoft.com/en-us/azure/compliance/.
    • Azure Sovereign Regions (Azure Government Cloud and Azure China Cloud) run on dedicated physical, instances in that country. 
Describe Azure cost management and Service Level Agreements (10-15%) 
  • Describe methods for planning and managing costs
    • Factors that can affect cost include your virtual machine sizes and operating systems (including the OS license), storage, networking and bandwidth, your Azure subscription type, resource usage, and location.
    • Factors that can reduce cost include choosing lower-cost regions, settings spending limits, using reserved instances, re-sizing underutilised resource instances, and much more.
    • Azure Pricing Calculator allows you to fill out all of the resources you are likely to use in your environment and accurately evaluate the cost.
    • Total Cost of Ownership Calculator allows you to compare the cost of running working in your on-premise datacenter vs Azure.
    • Azure Cost Management is a tool in Azure that allows you to analyze your costs, set budgets, and provide you recommendations. You can use cost management to report costs on groups of resources.
  • Describe Azure Service Level Agreements (SLAs) and service lifecycles
    • Azure Service Level Agreement (SLA)
    • Actions that can impact SLA
    • Service Life Cycle in Azure.
As you can see from the above, the AZ-900 exam is based on having a good, descriptive understanding of all core features within Microsoft Azure. As such you can pass the AZ-900 exam by simply reading and understanding all the core services without having any practical knowledge of Microsoft Azure.

The best way to study for the AZ-900 Exam

Our goal from reading this post is to pass the AZ-900 Exam, as such when learning you should always take the most suitable path for you. My recommendation to pass this exam is not to start creating Azure trials and spending money messing in the portal, as you may need to do that for the more in-depth exams. 

My recommendation is to read and remember, but sounds easier said than done right…? well you can make this process easier by enjoying it! Also by convincing your employer to study on paid time makes it more worthwhile too!

Let me show you where you should focus your time!

The Microsoft Learn Fundamentals Course. Ultimately the best place to study from is Microsoft themselves. They have a full in-depth training course that will take you from start to finish in completing the exam. 

AZ-900 Exam Learning paths

How much does the AZ-900 exam cost?

Well, you can take the exam for free! I have made a post on how to get Free Microsoft Exams that you can find in the menu at the top of this page. Make sure you check it out as you can utilise the information to take all of your Microsoft Exams for free!

Otherwise, the exam is advertised on the Microsoft page at $99 USD. They also offer you to take the exam for $15 if you are an active job seeker affected by the Covid-19 pandemic. You can sign up to take the exam at the following page: https://docs.microsoft.com/en-us/learn/certifications/exams/az-900.

Am I ready to take the exam?

The question can only really be answered by you. But I can show you how I knew I was ready to take the exam. I would open the exam’s skills outline and if I can describe or understand each line item in the skills outline I knew I was ready or at a-least very close to being ready to take the exam. 

The same technique I apply to any Microsoft exam that I am taking. Albeit some of the harder exams such as the Azure Architect Certification Exam needs a little more thought.


Thank you for taking the time to read this article. If you made it this far we would greatly appreciate it if you bookmarked our page or gave it a tweet!

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

Leave a Reply