In the first place, I congratulate you for taking your first step towards Cloud Engineering. Microsoft Azure AZ900 is a great course to kickstart your Azure Cloud Education. I am pretty sure that you now have foundational knowledge to start your cloud learning.

II'll go through the most critical elements to remember as you begin your cloud certification journey with the Microsoft Azure AZ900 Fundamentals Exam. Before taking the exam, make sure you understand all of the topics listed below.

Without further ado, let's get started. 🏍💨

1. Understand cloud concepts (15-20%) ☁

Describe the benefits and considerations of using cloud services

---

• understand the consumption-based model - With OpEx, there is no upfront cost, you pay for a service or product as you use it.

Describe the differences between Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)

* describe Infrastructure-as-a-Service (IaaS) - IaaS quickly scales up and down with demand, letting you pay only for what you use. It helps you avoid the expense and complexity of buying and managing your own physical servers and other datacenter infrastructure. Each resource is offered as a separate service component, and you only need to rent a particular one for as long as you need it. A cloud computing service provider, such as Azure, manages the infrastructure, while you purchase, install, configure, and manage your own software—operating systems, middleware, and applications.

• describe Platform-as-a-Service (PaaS) - PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating. PaaS allows you to avoid the expense and complexity of buying and managing software licenses, the underlying application infrastructure and middleware, container orchestrators such as Kubernetes, or the development tools and other resources. You manage the applications and services you develop, and the cloud service provider typically manages everything else.
• describe Software-as-a-Service (SaaS) - Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organization, and your users connect to it over the Internet, usually with a web browser. All of the underlying infrastructure, middleware, app software, and app data are located in the service provider’s data center. The service provider manages the hardware and software, and with the appropriate service agreement, will ensure the availability and the security of the app and your data as well. SaaS allows your organization to get quickly up and running with an app at minimal upfront cost.
• compare and contrast the three different service type

---

---

---

Describe the differences between public, private and hybrid cloud models

• describe public cloud - The solution is managed by a provider. MOst solutions are based on a multi-tenant model with the solution run in a shared environment with customer data partitioned to provide data security. MSFT Azure is an example of a public cloud.
• describe private cloud - An organization builds and maintains its own solution, either in its datacenter or hosted as dedicated resources by a solution provider. Services and infrastructure are hosted on a private network dedicated to that organization only. Government agencies and financial institutions often use the private cloud model. A private cloud requires access to be limited to one tenant A private cloud's services and infrastructure are maintained on a private network. A company can implement its own private cloud, but it is more common to subscribe to a private cloud hosted and managed by a third-party provider. * describe hybrid cloud - This combines features of public and private clouds. This provides a way to save costs by sharing less-secure solutions needs in a public cloud and keeping high-risk, high-value resources internal to the network. A hybrid cloud provides support for a feature known as cloud bursting, where internal resources meet most needs but cloud-based resources can be added to help support peak use times.
• compare and contrast the three different cloud models

---

---

2. Understand core Azure services (30-35%)

Understand the core Azure architectural components

Describe some of the core products available in Azure

• describe the Azure Marketplace and its usage scenarios - The Marketplace allows customers to find, try, purchase, and provision applications and services from hundreds of leading service providers, all certified to run on Azure. Azure Marketplace is a service on Azure that helps connect end users with Microsoft partners, independent software vendors (ISVs), and start-ups that are offering their solutions and services, which are optimized to run on Azure.

Describe some of the solutions available on Azure

Internet of Things (IoT)

Big Data and Analytics

Artificial Intelligence (AI)

Serverless computing

DevOps solutions

• describe the benefits and outcomes of using Azure solutions

Understand Azure management tools

3. Understand security, privacy, compliance, and trust (25-30%)

Understand securing network connectivity in Azure

Describe core Azure Identity services

Describe security tools and features of Azure

Describe Azure governance methodologies

• describe policies and initiatives with Azure Policy - Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.
  • policies - Every policy definition has conditions under which it's enforced. And, it has a defined effect that takes place if the conditions are met. To implement these policy definitions (both built-in and custom definitions), you'll need to assign them. You can assign any of these policies through the Azure portal, PowerShell, or Azure CLI. A policy assignment is a policy definition that has been assigned to take place within a specific scope. This scope could range from a management group to a resource group.
  • initiatives - A collection of policy definitions that are tailored towards achieving a singular overarching goal. Initiative definitions simplify managing and assigning policy definitions. They simplify by grouping a set of policies as one single item. For example, you could create an initiative titled Enable Monitoring in Azure Security Center, with a goal to monitor all the available security recommendations in your Azure Security Center. Like a policy assignment, an initiative assignment is an initiative definition assigned to a specific scope. Initiative assignments reduce the need to make several initiative definitions for each scope. This scope could also range from a management group to a resource group. Each initiative is assignable to different scopes. One initiative can be assigned to both subscriptionA and subscriptionB.
• describe Role-Based Access Control (RBAC) - Azure RBAC is a newer authorization system that provides fine-grained access management to Azure resources. RBAC includes many built-in roles, can be assigned at different scopes, and allows you to create your own custom roles. The way you control access to resources using RBAC is to create role assignments. This is a key concept to understand – it’s how permissions are enforced. A role assignment consists of three elements: security principal, role definition, and scope.
• describe Locks - As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
• describe Azure Advisor security assistance - Azure Advisor provides you with a consistent, consolidated view of recommendations for all your Azure resources. It integrates with Azure Security Center to bring you security recommendations. You can get security recommendations from the Security tab on the Advisor dashboard. Security Center helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources. It periodically analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you through the process of configuring the controls you need.
• describe Azure Blueprints - Simplify largescale Azure deployments by packaging key environment artifacts, such as Azure Resource Manager templates, role-based access controls, and policies, in a single blueprint definition. Easily apply the blueprint to new subscriptions and environments, and fine-tune control and management through versioning.

Understand monitoring and reporting options in Azure

• describe Azure Monitor - Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on. Just a few examples of what you can do with Azure Monitor include:
  • Detect and diagnose issues across applications and dependencies with Application Insights.
  • Correlate infrastructure issues with Azure Monitor for VMs and Azure Monitor for Containers.
  • Drill into your monitoring data with Log Analytics for troubleshooting and deep diagnostics.
  • Support operations at scale with smart alerts and automated actions.
  • Create visualizations with Azure dashboards and workbooks.
• describe Azure Service Health - Service Health provides you with a customizable dashboard which tracks the health of your Azure services in the regions where you use them. In this dashboard, you can track active events like ongoing service issues, upcoming planned maintenance, or relevant health advisories. When events become inactive, they get placed in your health history for up to 90 days. Finally, you can use the Service Health dashboard to create and manage service health alerts which proactively notify you when service issues are affecting you. Service Health tracks three types of health events that may impact your resources:
  • Service issues - Problems in the Azure services that affect you right now.
  • Planned maintenance - Upcoming maintenance that can affect the availability of your services in the future.
  • Health advisories - Changes in Azure services that require your attention. Examples include when Azure features are deprecated or if you exceed a usage quota.
• understand the use cases and benefits of Azure Monitor and Azure Service Health - Service Health integrates with Azure Monitor to alert you via emails, text messages, and webhook notifications when your business-critical resources are impacted. Set up an activity log alert for the appropriate service health event. Route that alert to the appropriate people in your organization using Action Groups.

Understand privacy, compliance and data protection standards in Azure

4. Understand Azure pricing and support (20-25%)

Understand Azure subscriptions

• describe an Azure subscription - An Azure subscription is a logical container used to provision resources in Microsoft Azure. It holds the details of all your resources like virtual machines, databases, etc.

• understand the uses and options with Azure subscriptions such access control and offer types - Azure offers free and paid subscription options to suit different needs and requirements. The most commonly used subscriptions are:

  • Free: An Azure free subscription includes a $200 credit to spend on any service for the first 30 days, free access to the most popular Azure products for 12 months, and access to more than 25 products that are always free.
  • Pay-As-You-Go: A Pay-As-You-Go (PAYG) subscription charges you monthly for the services you used in that billing period. This subscription type is appropriate for a wide range of users, from individuals to small businesses, and many large organizations as well.
  • Enterprise Agreement: An Enterprise Agreement (EA) provides flexibility to buy cloud services and software licenses under one agreement, with discounts for new licenses and Software Assurance. It's targeted at enterprise-scale organizations.

  • Student: An Azure for Students subscription includes $100 in Azure credits to be used within the first 12 months plus select free services without requiring a credit card at sign-up. You must verify your student status through your organizational email address.

  • Every Azure Subscription Includes

    • Free access to billing and subscription support
    • Azure products and services documentation
    • Online self-help documentation
    • Community support forums

  • Purchasing Options for Azure Products and Services

    • Enterprise: Enterprise customers sign an Enterprise Agreement (EA) with Azure that commits them to spend a negotiated amount on Azure services, which they typically pay annually. Enterprise customers also have access to customized Azure pricing.
    • Web direct: Direct Web customers pay general public prices for Azure resources, and their monthly billing and payments occur through the Azure website.
    • Cloud Solution Provider: Cloud Solution Provider (CSP) typically are Microsoft partner companies that a customer hires to build solutions on top of Azure. Payment and billing for Azure usage occur through the customer's CSP.

• understand subscription management using Management groups

Understand planning and management of costs

• understand options for purchasing Azure products and services
• understand options around Azure Free account - An Azure free subscription includes a $200 credit to spend on any service for the first 30 days, free access to the most popular Azure products for 12 months, and access to more than 25 products that are always free.
• understand the factors affecting costs:
  • Resource Type: Costs are resource-specific, so the usage that a meter tracks and the number of meters associated with a resource depend on the resource type.
  • Service: Azure usage rates and billing periods can differ between Enterprise, Web Direct, and Cloud Solution Provider (CSP) customers. Some subscription types also include usage allowances, which affect costs.
  • Location: Azure has datacenters all over the world. Usage costs vary between locations that offer particular Azure products, services, and resources based on popularity, demand, and local infrastructure costs.
  • Ingress and egress traffic -
    • Following Availability Zone data transfer is charged:
      • Data transfer, ingress and egress, from a VNet resource deployed in an Availability Zone to another resource in different Availability Zone in the same VNET
    • Following Availability Zone data transfer is NOT charged:
      • Data transfer between VNet resources located in same Availability Zone
      • Data transfer between a VNet resource and a Public IP address in the same Azure Region
      • Data transfer between VNet resources located in peered VNets across Availability Zones. This data transfer will be charges as per VNet peering rates.
• understand Zones for billing purposes - A zone is a geographical grouping of Azure regions used to determine billing based on data trasnsfers. Billing applies to both incoming and outgoing data and varies by zone. Microsoft has defined four zones for this purpose, simply referrd to as Zone 1, Zone 2, Zone 3, and DE Zone 1. Data transfers between zones and regions in a zone are billed. Data transfers between zones in the same region are not charged. Zones do not impact any other billing factors.
  • A sub-region is the lowest level geo-location that you may select to deploy your applications and associated data. For data transfers (except CDN), the following regions correspond to Zone 1, Zone 2, Zone 3, and DE Zone 1.

• understand the Pricing calculator - The Azure pricing calculator is a free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.
• understand the Total Cost of Ownership (TCO) Calculator - If you are starting to migrate to the cloud, a useful tool you can use to predict your cost savings is the Total Cost of Ownership (TCO) calculator. TCO helps you estimate cost savings realized by mirating to Azure.
• understand best practices for minimizing Azure costs:
  • performing cost analysis -
  • creating spending limits and quotas - Spending limit in Azure exists to prevent spending over your credit amount. All new customers who sign up for the trial or offers that includes credits over multiple months have the spending limit turned on by default. The spending limit is $0. It can’t be changed. The spending limit isn’t available for subscription types such as Pay-As-You-Go subscriptions and commitment plans.
  • using tags to identify cost owners - You can use tags to group your billing data. For example, if you're running multiple VMs for different organizations, use the tags to group usage by cost center. You can also use tags to categorize costs by runtime environment, such as the billing usage for VMs running in the production environment. When exporting billing data or accessing it through billing APIs, tags are included in that data and can be used to further slice your data from a cost perspective.
  • using Azure reservations - Reserved instances are purchased in one-year or three-year terms, with payment required for the full term up front. After it's purchased, Microsoft matches up the reservation to running instances and decrements the hours from your reservation. Reservations can be purchased through the Azure portal. And because reserved instances are a compute discount, they are available for both Windows and Linux VMs.
  • using Azure Advisor recommendations - Does not allow you to determine whether or not your services meet industry standards but rather provides recommendations on high availability, cost, security, and performance. It analyzes theservices that you deploy and tries to find ways to improve the usage of those services.
• describe Azure Cost Management - Azure Cost Management is another free, built-in Azure tool that can be used to gain greater insights into where your cloud money is going. You can see historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set. You can set budgets, schedule reports, and analyze your cost areas.

Understand the support options available with Azure

• understand how to open a support ticket - Submit a support request from the Azure Portal. Simply select "Support" from the menu bar or open the "Help + support" hub.
• understand available support channels outside of support plan channels - Available Support Channels outside of Support Plan Channels
  • Azure Knowledge Center
  • Microsoft Developer Network (MSDN) Forums
  • Stack Overflow
  • Server Fault
  • Azure Feedback Forums
  • Twitter
• describe the Knowledge Center - The Azure Knowledge Center is a searchable database that contains answers to common support questions, from a community of Azure experts, developers, customers, and users. You can browse through all responses within the Azure Knowledge Center. Find specific solutions by entering keyword search terms into the text-entry field and further refine your search results by selecting products or tags from the lists provided by two dropdown lists.

Describe Azure Service Level Agreements (SLAs)

• describe a Service Level Agreement (SLA) - Formal documents called Service-Level Agreements (SLAs) capture the specific terms that define the performance standards that apply to Azure. SLAs describe Microsoft's commitment to providing Azure customers with specific performance standards. There are SLAs for individual Azure products and services. SLAs also specify what happens if a service or product fails to perform to a governing SLA's specification. Note: Azure does not provide SLAs for most services under the Free or Shared tiers.
• understand Composite SLAs - When combining SLAs across different service offerings, the resultant SLA is a called a Composite SLA. The resulting composite SLA can provide higher or lower uptime values, depending on your application architecture.
• understand how to determine an appropriate SLA for an application - There are three key characteristics of SLAs for Azure products and services:
  • Performance Targets
  • Uptime and Connectivity Guarantees
  • Service credits (percentage of the applicable monthly service fees credited to you if a service fails to meet uptime guarantee)

Understand service lifecycle in Azure

• understand how to monitor feature updates and product changes - The Azure portal "What's New" link on the ? help menu provides a list of recent updates you can periodically check to see what's changed in Azure. Alternatively, you can use the Azure Updates page (azure.microsoft.com/updates).

Drink a cup of water. Refresh yourself. Take the examination with confidence of cracking it right through !

All the best. Meet you in the next article.

வாழ்க தமிழ் ! வளர்க தமிழினம் ! 🟥🟨