AZ-900 : Microsoft Azure Fundamentals

Describe Cloud Concepts (25–30%)

Describe cloud computing

• Define cloud computing
• Describe the shared responsibility model
• Define cloud models, including public, private, and hybrid
• Identify appropriate use cases for each cloud model
• Describe the consumption-based model
• Compare cloud pricing models

Describe the benefits of using cloud services

• Describe the benefits of high availability and scalability in the cloud
• Describe the benefits of reliability and predictability in the cloud
• Describe the benefits of security and governance in the cloud
• Describe the benefits of manageability in the cloud

Describe cloud service types

• Describe infrastructure as a service (IaaS)
• Describe platform as a service (PaaS)
• Describe software as a service (SaaS)
• Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS)

Describe Azure architecture and services (35–40%)

Describe the core architectural components of Azure

• Describe Azure regions, region pairs, and sovereign regions
• Describe availability zones
• Describe Azure datacenters
• Describe Azure resources and resource groups
• Describe subscriptions
• Describe management groups
• Describe the hierarchy of resource groups, subscriptions, and management groups

Describe Azure compute and networking services

• Compare compute types, including container instances, virtual machines (VMs), and functions
• Describe VM options, including Azure Virtual Machines, Azure Virtual Machine Scale Sets,

Availability sets, and Azure Virtual Desktop

• Describe resources required for virtual machines
• Describe application hosting options, including the Web Apps feature of Azure App Service,

Containers, and virtual machines

• Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual

subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute

• Define public and private endpoints

Describe Azure storage services

• Compare Azure storage services
• Describe storage tiers
• Describe redundancy options
• Describe storage account options and storage types
• Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync
• Describe migration options, including Azure Migrate and Azure Data Box

Describe Azure Identity, Access, and Security

• Describe directory services in Azure, including Microsoft Azure Active Directory (Azure AD), part

of Microsoft Entra and Azure Active Directory Domain Services (Azure AD DS)

• Describe authentication methods in Azure, including single sign-on (SSO), multifactor

Authentication, and Password less

• Describe external identities and guest access in Azure
• Describe Conditional Access in Microsoft Azure Active Directory (Azure AD), part of Microsoft
• Describe Azure role-based access control (RBAC)
• Describe the concept of Zero Trust
• Describe the purpose of the defense in depth model
• Describe the purpose of Microsoft Defender for Cloud

Describe Azure management and governance (30–35%)

Describe cost management in Azure

• Describe factors that can affect costs in Azure
• Compare the Pricing calculator and the Total Cost of Ownership (TCO) calculator
• Describe the Azure Cost Management and Billing tool
• Describe the purpose of tags

Describe features and tools in Azure for governance and compliance

• Describe the purpose of Azure Blueprints
• Describe the purpose of Azure Policy
• Describe the purpose of resource locks
• Describe the purpose of the Service Trust Portal

Describe features and tools for managing and deploying Azure resources

• Describe the Azure portal
• Describe Azure Cloud Shell, including Azure CLI and Azure PowerShell
• Describe the purpose of Azure Arc
• Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)

=========================================================

AZ-104 : Microsoft Azure Administrator

Manage Azure identities and governance (15–20%)

Manage Azure AD objects

• Create users and groups
• Manage licenses in Azure AD
• Create administrative units
• Manage user and group properties
• Manage device settings and device identity
• Perform bulk updates
• Manage guest accounts
• Configure self-service password reset

Manage access control

• Create custom role-based access control (RBAC) and Azure AD roles
• Provide access to Azure resources by assigning roles at different scopes
• Interpret access assignments

Manage Azure subscriptions and governance

• Configure and manage Azure Policy
• Configure resource locks
• Apply and manage tags on resources
• Manage resource groups
• Manage subscriptions
• Manage costs by using alerts, budgets, and recommendations
• Configure management groups

Implement and manage storage (15–20%)

Configure access to storage

• Configure network access to storage accounts
• Create and configure storage accounts
• Generate shared access signature tokens
• Configure stored access policies
• Manage access keys
• Configure Azure AD authentication for a storage account
• Configure storage encryption

Manage data in Azure storage accounts

• Create import and export jobs
• Manage data by using Azure Storage Explorer and AzCopy
• Implement Azure Storage redundancy
• Configure object replication

Configure Azure Files and Azure Blob Storage

• Create an Azure file share
• Configure Azure Blob Storage
• Configure storage tiers
• Configure blob lifecycle management

Deploy and manage Azure compute resources (20–25%)

Automate deployment of resources by using templates

• Modify an ARM template
• Deploy a template
• Save a deployment as an ARM template
• Deploy virtual machine (VM) extensions

Create and configure VMs

• Create a VM
• Manage images by using the Azure Compute Gallery
• Configure Azure Disk Encryption
• Move VMs from one resource group to another
• Manage VM sizes
• Add data disks
• Configure VM network settings
• Configure VM availability options
• Deploy and configure VM scale sets

Create and configure containers

• Configure sizing and scaling for Azure Container Instances
• Configure container groups for Azure Container Instances
• Create and configure Azure Container Apps
• Configure storage for Azure Kubernetes Service (AKS)
• Configure scaling for AKS
• Configure network connections for AKS
• Upgrade an AKS cluster

Create and configure an Azure App Service

• Create an App Service plan
• Configure scaling settings in an App Service plan
• Create an App Service
• Secure an App Service
• Configure custom domain names
• Configure backup for an App Service
• Configure networking settings
• Configure deployment settings

Configure and manage virtual networking (20–25%)

Configure virtual networks

• Create and configure virtual networks and subnets
• Create and configure virtual network peering
• Configure private and public IP addresses
• Configure user-defined network routes
• Configure Azure DNS

Configure secure access to virtual networks

• Create and configure network security groups (NSGs) and application security groups (ASGs)
• Evaluate effective security rules
• Implement Azure Bastion
• Configure service endpoints on subnets
• Configure private endpoints

Configure load balancing

• Configure Azure Application Gateway
• Configure an internal or public load balancer
• Troubleshoot load balancing

Monitor virtual networking

• Monitor on-premises connectivity
• Configure and use Azure Monitor for networks
• Use Azure Network Watcher
• Troubleshoot external networking
• Troubleshoot virtual network connectivity

Monitor and maintain Azure resources (10–15%)

Monitor resources by using Azure Monitor

• Configure and interpret metrics
• Configure Azure Monitor Logs
• Query and analyze logs
• Set up alerts and actions
• Configure monitoring of VMs, storage accounts, and networks by using VM insights

Implement backup and recovery

• Create an Azure Recovery Services vault
• Create an Azure Backup vault
• Create and configure backup policy
• Perform backup and restore operations by using Azure Backup
• Configure Azure Site Recovery for Azure resources
• Perform failover to a secondary region by using Azure Site Recovery
• Configure and review backup reports