AZ-900 : Microsoft Azure Fundamentals
Describe Cloud Concepts (25–30%)
Describe cloud computing
- Define cloud computing
- Describe the shared responsibility model
- Define cloud models, including public, private, and hybrid
- Identify appropriate use cases for each cloud model
- Describe the consumption-based model
- Compare cloud pricing models
Describe the benefits of using cloud services
- Describe the benefits of high availability and scalability in the cloud
- Describe the benefits of reliability and predictability in the cloud
- Describe the benefits of security and governance in the cloud
- Describe the benefits of manageability in the cloud
Describe cloud service types
- Describe infrastructure as a service (IaaS)
- Describe platform as a service (PaaS)
- Describe software as a service (SaaS)
- Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS)
Describe Azure architecture and services (35–40%)
Describe the core architectural components of Azure
- Describe Azure regions, region pairs, and sovereign regions
- Describe availability zones
- Describe Azure datacenters
- Describe Azure resources and resource groups
- Describe subscriptions
- Describe management groups
- Describe the hierarchy of resource groups, subscriptions, and management groups
Describe Azure compute and networking services
- Compare compute types, including container instances, virtual machines (VMs), and functions
- Describe VM options, including Azure Virtual Machines, Azure Virtual Machine Scale Sets,
Availability sets, and Azure Virtual Desktop
- Describe resources required for virtual machines
- Describe application hosting options, including the Web Apps feature of Azure App Service,
Containers, and virtual machines
- Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual
subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute
- Define public and private endpoints
Describe Azure storage services
- Compare Azure storage services
- Describe storage tiers
- Describe redundancy options
- Describe storage account options and storage types
- Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync
- Describe migration options, including Azure Migrate and Azure Data Box
Describe Azure Identity, Access, and Security
- Describe directory services in Azure, including Microsoft Azure Active Directory (Azure AD), part
of Microsoft Entra and Azure Active Directory Domain Services (Azure AD DS)
- Describe authentication methods in Azure, including single sign-on (SSO), multifactor
Authentication, and Password less
- Describe external identities and guest access in Azure
- Describe Conditional Access in Microsoft Azure Active Directory (Azure AD), part of Microsoft
- Describe Azure role-based access control (RBAC)
- Describe the concept of Zero Trust
- Describe the purpose of the defense in depth model
- Describe the purpose of Microsoft Defender for Cloud
Describe Azure management and governance (30–35%)
Describe cost management in Azure
- Describe factors that can affect costs in Azure
- Compare the Pricing calculator and the Total Cost of Ownership (TCO) calculator
- Describe the Azure Cost Management and Billing tool
- Describe the purpose of tags
Describe features and tools in Azure for governance and compliance
- Describe the purpose of Azure Blueprints
- Describe the purpose of Azure Policy
- Describe the purpose of resource locks
- Describe the purpose of the Service Trust Portal
Describe features and tools for managing and deploying Azure resources
- Describe the Azure portal
- Describe Azure Cloud Shell, including Azure CLI and Azure PowerShell
- Describe the purpose of Azure Arc
- Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)
=========================================================
AZ-104 : Microsoft Azure Administrator
Manage Azure identities and governance (15–20%)
Manage Azure AD objects
- Create users and groups
- Manage licenses in Azure AD
- Create administrative units
- Manage user and group properties
- Manage device settings and device identity
- Perform bulk updates
- Manage guest accounts
- Configure self-service password reset
Manage access control
- Create custom role-based access control (RBAC) and Azure AD roles
- Provide access to Azure resources by assigning roles at different scopes
- Interpret access assignments
Manage Azure subscriptions and governance
- Configure and manage Azure Policy
- Configure resource locks
- Apply and manage tags on resources
- Manage resource groups
- Manage subscriptions
- Manage costs by using alerts, budgets, and recommendations
- Configure management groups
Implement and manage storage (15–20%)
Configure access to storage
- Configure network access to storage accounts
- Create and configure storage accounts
- Generate shared access signature tokens
- Configure stored access policies
- Manage access keys
- Configure Azure AD authentication for a storage account
- Configure storage encryption
Manage data in Azure storage accounts
- Create import and export jobs
- Manage data by using Azure Storage Explorer and AzCopy
- Implement Azure Storage redundancy
- Configure object replication
Configure Azure Files and Azure Blob Storage
- Create an Azure file share
- Configure Azure Blob Storage
- Configure storage tiers
- Configure blob lifecycle management
Deploy and manage Azure compute resources (20–25%)
Automate deployment of resources by using templates
- Modify an ARM template
- Deploy a template
- Save a deployment as an ARM template
- Deploy virtual machine (VM) extensions
Create and configure VMs
- Create a VM
- Manage images by using the Azure Compute Gallery
- Configure Azure Disk Encryption
- Move VMs from one resource group to another
- Manage VM sizes
- Add data disks
- Configure VM network settings
- Configure VM availability options
- Deploy and configure VM scale sets
Create and configure containers
- Configure sizing and scaling for Azure Container Instances
- Configure container groups for Azure Container Instances
- Create and configure Azure Container Apps
- Configure storage for Azure Kubernetes Service (AKS)
- Configure scaling for AKS
- Configure network connections for AKS
- Upgrade an AKS cluster
Create and configure an Azure App Service
- Create an App Service plan
- Configure scaling settings in an App Service plan
- Create an App Service
- Secure an App Service
- Configure custom domain names
- Configure backup for an App Service
- Configure networking settings
- Configure deployment settings
Configure and manage virtual networking (20–25%)
Configure virtual networks
- Create and configure virtual networks and subnets
- Create and configure virtual network peering
- Configure private and public IP addresses
- Configure user-defined network routes
- Configure Azure DNS
Configure secure access to virtual networks
- Create and configure network security groups (NSGs) and application security groups (ASGs)
- Evaluate effective security rules
- Implement Azure Bastion
- Configure service endpoints on subnets
- Configure private endpoints
Configure load balancing
- Configure Azure Application Gateway
- Configure an internal or public load balancer
- Troubleshoot load balancing
Monitor virtual networking
- Monitor on-premises connectivity
- Configure and use Azure Monitor for networks
- Use Azure Network Watcher
- Troubleshoot external networking
- Troubleshoot virtual network connectivity
Monitor and maintain Azure resources (10–15%)
Monitor resources by using Azure Monitor
- Configure and interpret metrics
- Configure Azure Monitor Logs
- Query and analyze logs
- Set up alerts and actions
- Configure monitoring of VMs, storage accounts, and networks by using VM insights
Implement backup and recovery
- Create an Azure Recovery Services vault
- Create an Azure Backup vault
- Create and configure backup policy
- Perform backup and restore operations by using Azure Backup
- Configure Azure Site Recovery for Azure resources
- Perform failover to a secondary region by using Azure Site Recovery
- Configure and review backup reports