The Microsoft Azure Foundation Exam AZ-900 or the equivalent from AWS are usually the first cloud certificates that someone new to the cloud starts with. Both cover basic cloud concepts and ensure that you gain a profound understanding of the respective services. As the passing grade of 80% for the AZ-900 is quite high, it is advisable to thoroughly study for the exam. This is the first of three posts that will provide you with all key information about the Azure services that you need to pass the Azure Foundation Exam AZ-900.
The following structure is taken from the latest exam syllabus for the Azure Foundation 2021 and indicates the weight of each chapter in the exam. For each chapter, I have written down a very brief summary of key concepts and information that are typically asked for during the exam. The summary is a great resource to check and finalize your studies for the exam. However, if you are new to the topic, you should first start by going through the official Microsoft Azure training materials.
This is part 3 of the three-parts series regarding the Microsoft Azure Foundation exam AZ-900 and it will cover the last two topics from the content below:
1. Describe Cloud Concepts (20-25%)
2. Describe Core Azure Services (15-20%)
3. Describe core solutions and management tools on Azure (10-15%)
4. Describe general security and network security features (10-15%)
5. Describe identity, governance, privacy, and compliance features (20- 25%)
5.1 Describe core Azure identity services
5.2 Describe Azure governance features
5.3 Describe privacy and compliance resources
6. Describe Azure cost management and Service Level Agreements (10- 15%)
6.1 Describe methods for planning and managing costs
6.2 Describe Azure Service Level Agreements (SLAs) and service lifecycles
5. Describe identity, governance, privacy, and compliance features (20- 25%)
5.1 Describe core Azure identity services
Azure AD is a completely managed service. Features include the provision of authentication and authorization services for services hosted in Azure and MS O365. One user in the AD can have multiple licenses assigned.
If you do not have an extraordinarily high amount of user accounts in your Azure AD, removing some of them, removing user groups, or removing network interfaces will not save resources.
5.2 Describe Azure governance features
-
The Azure Advisor is a tool that provides guidance and recommendations to improve an Azure environment, such as increasing efficiencies, decrease costs of your operations etc. It cannot help with security or architectural design questions
-
Security concerns are addressed by the Azure Security Center Score. It provides recommendations to improve one´s security
-
Azure policies help to provide restrictions. For instance, limiting the maximum processing or storage that a new virtual machine can have or only being able to create resources in a certain region. If a new policy is created, non-compliant old resources are flagged, but continue to function
-
Azure Role-Based Access Control helps to limit rights to particular roles, such as the deployment of new virtual machines
-
Azure Locks helps to prevent that an administrator accidentally deletes a resource. There are CanNotDelete and ReadOnly locks. Both would first have to be removed before the action can be done. However, an administrator can do this, so locks just help to think twice about an action
-
A tag can help to bill particular departments for resources. A resource can have up to 50 tags. If a resource group is tagged, the resources within the group do not necessarily have the same tag.
5.3 Describe privacy and compliance resources
Information about Microsoft compliance are available in the Microsoft Trust Center.
6. Describe Azure cost management and Service Level Agreements (10- 15%)
6.1 Describe methods for planning and managing costs
-
Azure Cost Management shows current costs being incurred
-
The Pricing Calculator including the Total Cost of Ownership Calculator, is used to get cost estimations for using Azure resources
-
Azure services provide flexibility between capital expenditures (e.g. Azure reservations) and operational expenditures (e.g. pay-as-you-go). Usually, cloud services are paid monthly
-
Data traffic into an Azure Data Center is free most of the times. Outbound traffic is not.
6.2 Describe Azure Service Level Agreements (SLAs) and service lifecycles
A Service Level Agreement (SLA) guarantees uptime of a service. Paid Azure services have generally an uptime of at least 99.9%. If the SLA of a service is breached, Microsoft will reimburse the downtime cost by providing service credits to the customer.
The Azure services lifecycle is the following:
-
Deployment in private preview
-
Release to “public preview” – available to all Azure customers, but without SLAs
-
Final release to general availability