Category: Microsoft Certifications

Azure solutions architect expert

Exploring Certifications: Microsoft Azure Solutions Architect Expert

February 9, 2024 / / 0 Comments

Widely accepted as the pinnacle of Azure Certifications, many choose to aim for the Azure solutions architect certification after completing several fundamentals and associate level certifications in the Azure space. It is an expert level certification and covers the architecture design of cloud computing in Azure. Whilst one of the required exams is relates to administration, the principal of an architect is in the planning of the infrastructure and choosing best services for a given workload, factoring in customer and regulatory requirements.

Let’s look at this certification in more detail.

Who is this certification for?

Being an expert level certification, it would assume some knowledge and experience in IT already, and more specifically in the Azure cloud environment. You could be gaining knowledge through learning, through practice or a combination of the two. Someone who is in an Azure administrator or helpdesk role may consider this certification to move up into becoming a cloud architect. A cloud architect, specifically an Azure cloud architect will help organisations transitioning to the cloud or improve existing cloud assets by rearchitecting into cloud native solutions, potentially adding ability to scale and/or design redundancy into their applications.

Considering a career in cloud architecture

Internally at Microsoft, there are Azure customer success managers (CSMs), who can move into a Azure cloud solution architect (CSA) role, and obtaining this certification is highly advantageous for the CSA position, or potentially join the company as a CSA if Microsoft are recruiting externally. Azure has many partners and end user customers, many of them who will be recruiting for cloud architects.

Exam requirements

Previously, this certification was achieved by passing two exams one regarding the technology and one regarding the design – AZ-303 and AZ-304 were the last iterations of this format. Now, we find there are still two exams to pass but one is a certification in itself and it is likely already in many Azure professional’s portfolio, the AZ-104, Microsoft Azure Administrator. The other exam is the AZ-305, Microsoft Azure Architect Design. You can take the exams in either order but the Microsoft Certified: Azure Solutions Architect Expert certification is not awarded until both exams have been passed.

The certification is valid for 1 year and you can revalidate your certification to extend year on year by passing an assessment. You can take the assessment 180 days before expiry right up to the expiry date. You don’t have to renew the Azure administrator certification to keep the Azure architect certification, but it would be nice to think you would renew all the certifications as they become eligible to do so.

In a previous blog post, we have gone through the AZ-104 exam and related certification, so in this post we will cover the AZ-305.

Topics covered

If we follow along Microsoft’s own learning path material, starting with a perquisite set of modules they provide, which includes core architectural components of Azure, describing compute, networking and storage services. There is a module on identity, access and security and another on the Microsoft cloud adoption framework for Azure. The prerequisites modules conclude with an introduction to the Microsoft Azure well-architected framework. Depending on your experience and how recently you have covered these areas will determine if you want to work through these or not. Now, let’s continue with the actual modules that are part of the AZ-305 and should cover the skills measured.

Role-based access control is a central feature of identity and governance

The first learning path is titled design identity, governance, and monitor solutions. Most of this should be familiar to those who have already completed the Azure administrator certification. The first module in this learning path is design governance, which deals with the management group > subscription > resource group hierarchy as well as tags, policies, role-based access control (RBAC) and landing zones. This is followed by design authentication and authorization solutions, which is very Entra ID heavy, including business-to-business (b2b), business-to-consumer (b2c), conditional access, identity protection, access reviews, service principals and managed identities. There is also a section on Azure key vault. The last module in this learning path is design a solution to log and monitor Azure resources, which covers Azure monitor, log analytics workspace and Azure Data Explorer.

Next learning path in the series is the design business continuity solutions, which covers describe high availability (HA) and disaster recovery (DR) strategies module, which includes HA and DR for PaaS and IaaS resources, Recovery Time Objective (RTO), Recovery Point Objective (RPO) considerations, and what to plan for in hybrid (cloud and on prem) scenarios. The other module in this learning path is design a solution for backup and disaster recovery which focuses on Azure backup, specifically for Azure blob, Azure files, Azure virtual machine, Azure SQL backup and recovery. Lastly for this module, designing for Azure site recovery is included.

The third AZ-305 learning path is design data storage solutions which begins with a module on designing a data storage solution for non-relational data. This will be all things storage accounts and specifically blob storage and Azure files. Also covered are Azure managed disks, data redundancy and storage security. The next module is not surprisingly design a data storage solution for relational data, covering Azure SQL database, Azure SQL managed instance, SQL Server on Azure virtual machines and Azure SQL edge. Items you are asked to consider include database scalability, availability and security for data in rest, in transit and in use. To conclude the module, we have table storage and the Cosmos DB Table API. The third and final storage solutions module is design data integration where the candidate will be asked to consider solutions that involve Azure data factory, Azure data lake, Azure databricks, Azure synapse analytics and Azure stream analytics. An important part of this data integration section is designing strategies for hot, warm, and cold data paths.

Azure Migrate is a suite of tools to aid cloud onboarding

The largest section in the skills measured, some 30-35% of the exam score is designing infrastructure solutions and so we will go through what is required in this subject area now. The first module is design an Azure compute solution and covers a large number of Azure compute services including virtual machines, Azure batch, Azure app service, Azure container instances (ACI), Azure Kubernetes service (AKS), Azure functions and Azure logic apps. Choosing the right compute service is a key part of cloud architecture so it is important to have these down pat. Next is design an application architecture, which mostly covers Azure event and messaging solutions, namely Azure queue storage, Azure service bus, Azure event hubs, and Azure event grid. There is a section on designing an automated app deployment solution using ARM templates or BICEP. Also covered in the apps section is Azure Cache for Redis, Azure API management and Azure app configuration. The number of components mentioned in the design network solutions learning path is considerable. It begins with general networking considerations, thinking about IP addressing, selecting a region, and choosing a topology; hub-and-spoke is the most popular so expect this to be featured in the exam. Azure virtual network NAT and route tables (system and user defined routes (UDR) are included also. The section in the module on on-premises connectivity to Azure virtual networks expects a knowledge of when to use Azure VPN Gateway or Azure ExpressRoute (with optional VPN failover) and when Azure virtual WAN maybe appropriate. Staying with networking, a section is dedicated to application delivery services, which mainly deals with load balancing solutions, namely Azure Front Door, Azure Traffic Manager, Azure Load Balancer and Azure Application Gateway. You are expected to know when to use a given solution depending on regional or global requirement, working on OSI layer 4 or 7 and if the workload is internal or public facing. Also you should know when to use the Azure Content Delivery Network (CDN). Then to wrap up networking there’s the section on designing application protection services which again contains a lot of services including Azure DDoS Protection, Azure Private Link, Azure Web Application Firewall, Azure Firewall, virtual network security groups (NSGs), Service endpoints, Azure Bastion and JIT network access. Design migrations is the final module of the infrastructure learning path. It begins with understanding the Azure migration framework as part of the wider Cloud Adoption Framework. This module then develops into leveraging tools that assist with the migration journey, including Service Map, Azure Total Cost of Ownership (TCO) Calculator, Azure Migrate, Data Migration Assistant (DMA), Database Migration Service, Azure Cosmos DB Data Migration tool and Azure Resource Mover. The migration section concludes with the various methods to get data in and out of Azure. Azure Storage Migration Service, Azure File Sync, Azure Import/Export service, AzCopy, Azure Storage Explorer and Azure Data Box are are services that are used to migrate your data. That is a lot but remember, this is design, so you won’t be going into these services in any great detail, only knowing when to use a solution for a given scenario.

The penultimate learning path for the AZ-305 exam is build great solutions with the Microsoft Azure Well-Architected Framework. This is an established process to follow to give a project in the cloud a great chance of success. The Microsoft Azure Well-Architected Framework consists of five pillars:

  • Cost optimization
  • Operational excellence
  • Performance efficiency
  • Reliability
  • Security

Each of these pillars will be understood by the candidate to ensure the opportunity to architect a solution has these important factors taken into account. To help with learning, each pillar has it’s own module within the learning path.

Considering SQL DB as a service instead of SQL on VMs

The final learning path is accelerate cloud adoption with the Microsoft Cloud Adoption Framework for Azure. The concept here is to understand the goals, evaluate the project from an IT, financial and operational perspective and bring along stakeholders to champion the cloud adoption through it’s various stages. There is a whole module on using Azure landing zones to support your requirements for cloud operations as well as other modules on migration best practice, building in resilience and designing with security in mind. As part of the adoption journey, there needs to be consideration regarding minimum viable product and measuring project effectiveness and what success looks like.

Exam hints and tips

The first advice whether seasoned in Azure or not would be to complete the fundamentals and administrator certs before attempting this exam. There is a fair bit of crossover and keeping the broad topics fresh is a good way to build up to the more complex concepts. Also, if possible, try not to leave too much of a gap between taking them. Keeping the momentum going is a good way of not forgetting things already learned.

In many Azure certifications, it is often recommended to have hands on practice with the different types of resources as well as learning the theory. The design infrastructure solutions exam however is just that, design. The implementation comes in the administrator exam so this one is much more high level and plays to describing best practice solutions, not the nuts and bolts of creating a resource and so forth. In a way, this exam has a lot in common with the Azure fundamentals exam – although of course it is markedly more difficult.

Following some hints and tips from others can help

Life is busy and this is a big exam and a big deal for your career and professional recognition. As such, if you can, reserve more time for study just before exam date, so you can have a bulk of recently stored knowledge to walk into the exam with. Make provisions with home and/or work to have more time to give yourself a last push, but keep it balanced. After several hours a day, it will become counter-productive to try to endure even more learning. Also don’t cram on the day of the test. By then the adrenaline will be blocking the ability to properly concentrate. My advice is also, don’t book the exam for the evening unless you are generally asleep in the daytime. These exams are long and take stamina. Early to mid-afternoon works well for me.

It’s always worth booking the exam before you are fully ready, to try and set a learning pace. If it gets close to the date and you feel are still miles off, you can reschedule (or even cancel for a refund), so long as it is more than 24 hours before the exam start time. A lot of these exams is down to confidence, if you aren’t sure if you’ll pass or not, give it a go anyway. If you don’t pass as least you will have some understanding on how far off the pass mark you are and what troubled you the most, so you can pass on the next attempt. I have often practiced with a real exam in this way, sometimes I pass to my surprise, sometimes not, and that is ok also.

There is more exam advice, much of which applies to this certification as well on the Azure administrator and Azure fundamentals posts.

Recommended resources

This section is going to seem like a stuck record if you have read the AZ-900 and AZ-104 posts, but it has to be said, regardless of what 3rd party resources you decide to assist with your learning, you should consume the official Microsoft AZ-305 exam learning paths. It is curated to cover all aspects of the skills measured, so if its not on this content, its unlikely to be on the exam. There are some exercises in the prerequisite modules but the rest of the learning path is information only (being a design, not administrator exam, that makes sense, right?)

John Savill must be mentioned again. As discussed in previous posts, John’s YouTube content equals or surpasses much of the commercially available courses out there. Not only John gives up his free time to produce this huge body of work, he refuses to monetise his YouTube channel, so you don’t even see ads! For this exam John provides an entire playlist of videos relevant to the exam including his hugely popular AZ-305 study cram.

John Savill’s AZ-305 is essential viewing before taking the exam

Beyond those two free resources, there is plenty of other free material online as well as many popular websites such as Pluralsight, Udemy, LinkedIn Learning and Cloud Academy offering a dedicated AZ-305 course. I haven’t reviewed any of these so cannot comment on their quality, so check out what is on offer with any paid subscriptions you already have or ask others who have recently certified what courses they used.

Next steps

Once you have achieved the Microsoft Certified: Azure solutions architect expert certification, you really do have so many options on what to choose next, we could almost list every Azure certification here. What you do next in terms of certification will depend a lot on your strengths, your interests and perhaps some influencing factors such as encouragement by your current employer to follow a certain path that is compatible with a skill shortage they have identified. Or perhaps you have been reading articles in the IT industry press about an overall shortage of skilled people in a certain IT category and you think a good career move would be to be qualified in that area of expertise.

Now you have one expert level certification, there are a couple of others in the Azure space – DevOps engineer expert & Cybersecurity architect expert, both of which require a couple of exams to get the qualification, but in some cases, you may already have one of these when working towards other goals. For example, the AZ-104 is one of the two exams required for the Azure solutions architect expert exam, but it also can be used along with the AZ-400 to obtain the DevOps engineer expert certification.

There are plenty of associate level certifications in all sorts of areas of Azure cloud such as data engineering, networking, security, AI, Developer and so on. There are also speciality certifications in subjects such as Cosmos DB, Azure virtual desktop and Azure for SAP workloads.

Azure Administrator Associate

Exploring Certifications: Microsoft Azure Administrator Associate

December 22, 2023 / / 1 Comment

For many Azure learners, the next logical certification to train for after completing Azure Fundamentals is Azure Administrator Associate. Whereas Fundamentals will provide an overview of cloud concepts and a broad insight into Azure services at a very high level, the Administrator certification is more in the nuts and bolts of popular Azure services covering compute, storage, networking, security, governance and backup.

Let’s look at this certification in more detail.

Who is this certification for?

As the name may suggest, the Azure Administrator certification is for those who want to demonstrate practical skills in using Azure. Moving away from the conceptual view that Azure Fundamentals provides.

A candidate may have been using Azure for some time and wants to validate their skills. Alternatively, if someone is an IT professional working with on premises technology or has existing skills with another cloud provider, then gaining skills on Azure provides them and their organisation with options to move workloads into the cloud or devising a multi cloud strategy.

A cloud administrator is a hands-on role so practice using the services

Passing the AZ-104 exam is also one of two exams you need to pass to gain your Microsoft Certified: Azure Solutions Architect Expert and Microsoft Certified: DevOps Engineer Expert badges, once you have also passed the AZ-305 and AZ-400 respectively. Whilst the latter can also be obtained by passing the AZ-204 (Azure Developer) instead, the fact you can unlock two expert level certifications with this one associate level cert, it makes strong choice to give yourself the most future opportunities, depending on your interests.

Exam requirements

To obtain the Microsoft Certified: Azure Administrator Associate certification, you have to pass a single exam, AZ-104: Microsoft Azure Administrator. There are no prerequisite exam or certification but if you haven’t already, why not attempt the AZ-900, Azure Fundamentals exam first? Whilst at a higher level, the fundamental learning path has some crossover and would enhance your understanding.

Microsoft associate level certifications expire after one year, so they will require a yearly renewal assessment which can be completed as soon as six months before expiry. The renewal assessment is free and there is usually some modules Microsoft presents for you to study before taking the assessment. It is recommended to go through the modules as the idea of the certification renewal is to be up to date with your knowledge, and Microsoft shapes the content to cover new features and concepts. Be sure to take the assessment in plenty of time, so if you fail, you can take it again before it expires – you can take it as many times as you need.

Microsoft role-based (associate, speciality and expert, not fundamentals) exams are now open book, meaning you will have access to the Microsoft Lean website for the exam. There isn’t extra time given for using it, which forces the candidate to use it sparingly, but it may help on a question such as help recalling some CLI or PowerShell syntax for a given task.

Topics covered

As well as some perquisite subjects including Azure Resource Manager, ARM Templates, CLI and PowerShell, the five header learning path topics for the Azure Administrator Learning Path are Manage identities and governance in Azure, Implement and manage storage in Azure, Deploy and manage Azure compute resources, Configure and manage virtual networks for Azure administrators and Monitor and back up Azure resources. Let’s look at each section in more detail.

The first topic is Manage identities and governance in Azure which has a big emphasis on Microsoft Entra ID (formally Azure Active Directory). Entra ID is Microsoft’s Directory and Identity Management service in the Azure cloud, part of the wider Entra Identity and Access Management (IAM) solution. Moving into the practical parts of this section, the candidate is expected to know about user and group management, including administrative units there is also a need to understand guest accounts via Entra B2B. The learning path then moves onto Azure subscriptions and covers cost management and resource tagging. To implement guardrails, Azure policy is used to set what is allowed to help with cost and compliance considerations and can be set at management group, subscription or resource group level and are hierarchical. There is a big emphasis on role-based access control (RBAC) which generally is the best practice method of assigning permissions to resources. Lastly for this section there is self-service password reset which allows users to initiate their own password reset to cut down on administrator burden.

Next up is Implement and manage storage in Azure, in which the candidate will need to know about storage accounts and how they are used and secured. The first module in this learning path is configuring storage accounts, having a knowledge of blobs, queues, files and tables and their use cases. An important part in this section is storage replication strategies – it is highly likely to feature in the exam as will public and private network access considerations. Blob storage is a major part in all public cloud offerings so it’s no surprise there’s a whole module in the learning path and another high probability of being in the exam. Being able to understand and implement the different blob access tiers, including using lifecycle management rules is important. This is followed by deploying and managing Azure Files for NFS/SMB file sharing and using Azure File Sync for using as a file cache via prem or cloud-based Windows servers. The major security focus for storage is on Shared Access Signatures (SAS). To conclude the storage path, there’s a section tools and services, namely Azure Storage Explorer, Azure Import/Export service and AZcopy.

Azure Shared Access Signatures
Creating a Shared Access Signature token in the Azure portal

A big subject area is the next topic, Deploy and manage Azure compute resources which currently makes up 20-25% of the exam. Beginning with creating and managing a Virtual Machine in the portal and CLI, with an emphasis on ensuring the candidate knows about correctly sizing and choosing the correct storage performance for your requirements. There are sections on availability. This includes availability sets (update domains and fault domains), availability zones, scaling up and out (vertical and horizontal scaling) with a focus on VM scale sets and autoscaling. Moving away from VMs, the learning path includes Azure App Service. On the Microsoft Learn content, it talks about the concept of the App Service Plan – which is the best for your application workload. What is interesting is they list the features and capacity of each of the plans. This may be a tough one to memorise so if there is a question on this, it would be a perfect use of the open book feature of the exam if you got a question for example on what plan gives you the ability to run up to 30 instances and you cannot recall. Other areas in the App Service section are scaling, DevOps best practice including the use of deployment slots, security, custom domains, backing up and restoring, and monitoring your App Service using application insights. The last area covered is Azure Container Instances (ACI) to run Docker images in Azure.

The cornerstone of any cloud project is networking. Whether surfacing an internal application or hosting a publicly accessible website, networking configuration will need to be considered and deployed. Configure and manage virtual networks for Azure administrators is the learning path that covers all things networking. There are many services that fall under the networking umbrella, so there’s a lot to cover in this section. To begin, the virtual network (VNet). The VNet is the focal point for planning many Azure projects. The candidate will need to know about IP addressing and subnetting when building their VNets. Expanding on VNets themselves, virtual network peering is a service to connect virtual networks regionally or globally, even across different Azure tenants. Another area of focus is Network Security Groups (NSGs) which provides IP and port allow and deny rules (OSI layer 3 and 4) at subnet or NIC level. There is a fair amount of DNS items to know about such as DNS zones including private DNS zones to manage and resolve domain names in your virtual network and hosting your domain on Azure DNS. Routing and endpoints are on the skills path, with user defined routes (UDF) and service and private endpoints being essential items to know about as it is highly unlikely one or more of those won’t have at least one question on. To conclude this section, there are two of the Azure load balancing solutions; Azure Load Balancer which works at OSI layer 4 and Azure Application Gateway which is an OSI layer 7 load balancer, making it able to do smart stuff like URL path or multi-site routing and offering the optional Azure Web Application Firewall (WAF) to defend against multiple threats.

Azure Backup Centre
Azure Backup Centre overview – a dashboard to check on backup health

Monitor and back up Azure resources is the final learning path for this certification. To kick off, Azure backup provides robust, scalable and secure backup solutions for VMs (including SQL and SAP HANA in virtual machines), Azure files, Azure blob storage, Azure managed disks and Azure Database for PostgreSQL server. Azure backup can also backup on premises machines and virtual machines using the Microsoft Azure Recovery Services (MARS) agent. Next, we move to monitoring, and the central hub for monitoring in Azure is Azure Monitor. The candidate is expected to know about logs and metrics that are generated from various Azure services, with a focus on using this data to create alerts when certain thresholds are exceeded. The Log Analytics workspace is generally where the logs and data are stored for Azure monitor. For querying the data, Azure Log Analytics supports the Kusto Query Language (KQL) which is SQL-like and provides fast powerful queries for examining events and exceptions. There are many KQL queries built in to get you started or you can write your own.

Exam hints and tips

This is an associate level exam so it is going to require more detailed knowledge of the subject matter then say a fundamentals exam, which is a broad overview, or expert, which is usually conceptual in nature (think design and planning). As such it going to test your in-depth knowledge on many Azure components. So practice using, or at least watching a demonstration video of the services covered being deployed and administered will give a significant advantage over a mere overview of the product.

Expanding on the previous point, there are often questions regarding putting a set of steps in the correct order, so knowing the sequence in how something is deployed will aid answering this type of question correctly.

Another popular exam format is the case study. A case study section of the exam typically describes the existing and planned status of a fictious organisation’s Azure and wider IT landscape. It will then ask around 4-5 questions that you will look through the information given to determine the correct course of action. Beware, these can burn up time if you aren’t careful. The best way to approach these is skim the info quickly then look at the first question. There is far more detail in the case study then there are questions so looking at the questions soon, you can refer to the most appropriate section to get the answer.

Microsoft exams tend not to ask about detailed facts and figures, such as how much a service costs but there may be questions such as knowing what is the most cost efficient SKU that will unlock a certain feature or level of performance. Sometimes this is hard to train for as it invariably means memorising fine grained details. For this, remember that an associate level exam is open book, allowing you access to the Microsoft Learn website. It could make all the difference to exam success if used correctly – just remember the clock is still ticking down whilst you are looking up and reading content. Expert and specialist exams also are open book – not fundamentals.

At the time of writing, the MS Learn website search isn’t always good at bringing up the best result to the top of the list, so a practice at search terms or learning to swiftly navigate the website via links could be helpful before taking an exam. You cannot go out to an external search engine to help narrow down a page you require – no other websites including other Microsoft website resources are accessible from the exam.

There are more exam hints and tips on the Azure Fundamentals Certification post which also apply to this exam.

Recommended resources

It is a good idea to include Microsoft’s own content for the AZ-104 exam as part of your learning toolkit. Being Microsoft’s official content, they have been careful to cover all areas of the exam skills measured. For some, the official content and some hands-on experience is likely enough to pass the exam, however having a couple of different learning materials broadens coverage and gives the learning process a fresh dynamic.

John Savill’s Azure training on YouTube is essential viewing

Becoming a regular mention on the blog, John Savill has an AZ-104 course on YouTube. He knows Azure inside and out and has excellent presentation skills. The study cram itself is incredible and now there is a v2 with updated information. John works for Microsoft and his John Savill’s Technical Training YouTube channel has many useful videos, often organised into playlists for various certifications. This free content is as good if not better than many paid for courses.

Beyond that, there are tons of comprehensive AZ-104 courses on YouTube. It really is incredible what people offer for free and the quality of some of the content. It is worth trying one or two and seeing if you favour a particular presentation style and if it is helping your understanding. When I took the AZ-104 back in 2021, I used a course by Mike Pfeiffer and Tim Warner, which was on Mike’s training website, cloudskills.io but that has since been bought by the training company, INE so I have spent some time looking at what is on offer commercially with a view to knowing something about the provider or presenter. There is a comprehensive course on LinkedIn Learning presented by T Ray Humphrey in conjunction with Microsoft Press. I haven’t done the course, but being a LinkedIn premium subscriber, I have access to LinkedIn Learning and have found the content high quality when studying for other exams. Chase Dovey presents an AZ-104 course on Pluralsight, which again I haven’t done but I have done other courses with Pluralsight and have consumed learning content with Chase in the past.

Next steps

The Azure Administrator Associate certification is arguably the most useful Azure certification there is. It is heavy on process and the nuts and bolts of using Azure. Therefore, if someone wants to be proficient in creating and maintaining Azure services, this is certainly unbeatable in that respect.

After passing the AZ-104 exam, the candidate could pass just one more exam (AZ-305) to unlock the Microsoft Certified: Azure Solutions Architect Expert certification. Additionally, passing the AZ-400 exam in addition to passing the AZ-104, the candidate will be awarded the Microsoft Certified: DevOps Engineer Expert certification*. These two certifications should therefore be a consideration as a next step.

Beyond that, there are role-based certifications in areas such as Data, Networking, AI and Security which may appeal to those who would like to specialise.

*You can also pass the AZ-204: Developing Solutions for Microsoft Azure exam alongside the AZ-400 to obtain the DevOps Engineer Expert certification instead of the AZ-104.

Azure Fundamentals Badge

Exploring Certifications: Microsoft Azure Fundamentals

September 21, 2023 / / 2 Comments

Microsoft describes this certification on the certification page as follows: This certification validates your foundational knowledge of cloud concepts in general and Azure in particular. As a candidate for this certification, you can describe Azure architectural components and Azure services, such as compute, networking, and storage, as well as features and tools to secure, govern, and administer Azure.

An excellent introduction. Let’s look at this certification in more detail.

Who is this certification for?

When thinking about the list of who should have this certification, it would be easier to list who it isn’t for. It really is for practically anyone. Let’s list some examples:

The most obvious is someone starting in the cloud; either as a speciality or as part of a wider IT learning strategy. Whilst this is a Microsoft specific certification with a focus on Azure, a large part of it covers a lot of cloud concepts in general such as Capex vs Opex, IaaS, PaaS, SaaS, shared responsibility and so on.

Another ideal candidate for the Azure Fundamentals certification would be someone who is migrating from another cloud provider or is looking to become a muti-cloud professional. Whilst this individual will know, and be able to skip the general cloud terms sections, the Azure Fundamentals learning path covers a broad spectrum of Azure products and services and will be the quickest route to getting an overview before deciding what areas to dig deeper next.

An individual who works with Azure for their job but only at a high level would find the Azure Fundamentals learning path useful from a context and overall understanding of the technology point of view. Consider a project manager or an executive who are leading teams in delivering solutions for the company. Whilst they may not be deploying services in the cloud themselves, for discussions around choosing an approach to a task or getting project updates from their team, its good to be across the terminology and capabilities used in the cloud. Whether its containers vs IaaS or virtual disks vs blob storage, knowing the differences will help the organisation become more agile.

Training for your certification
Planning your path to exam success

Exam requirements

To obtain the Microsoft Azure Fundamentals certification, you must pass a single exam, AZ-900: Microsoft Azure Fundamentals. There are no prerequisite certification requirements, so this is a great standalone certification to start your Azure journey. Microsoft Fundamentals certifications have no expiry, so they won’t require a yearly renewal unlike associate, specialist and expert level certifications which do.

Topics covered

The learning path (exam objectives) are often changed and updated, but at the time of writing, Microsoft has wrapped the “stuff to know” into 3 main areas.

Describe cloud concepts, as the name suggests, is general cloud terminology, not specific to any particular cloud vendor. It walks through the benefits of cloud over on premises solutions (TL:DR – most organisation’s own facilities will not be able to achieve anything like the security, reliability, manageability and scalability that a public cloud can).

After studying this section, the student will be able to understand the foundation of cloud computing including the shared responsibility model, consumption-based resources, how the cloud can bring reliability, elasticity and security to workloads. The describe cloud concepts section concludes with understanding the pros and cons of the cloud service types, which are Infrastructure-as-a-service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-service (SaaS). There are others such as FaaS, DaaS, CaaS etc. but only the broad ones are covered in this learning path.

The next section is describe Azure architecture and services. For me, this is the most enjoyable part of the learning experience because we are now looking at actual products and solutions to host your workloads on the Azure cloud. Beginning with the core architectural components, you will learn about user accounts, management infrastructure and how a resource is created.

Then we look at the compute and networking services which are at the heart of just about any Azure subscription. From Virtual Machines (VMs) which are often used for lift-and-shift migrations from on prem to cloud, through to more cloud native solutions such as containers and function apps. Virtual networks, DNS and connectivity options are covered to begin understanding how software defined networking is woven into the cloud architecture. Azure storage is covered, looking at a core component, the storage account, and more details about storage such as various options for varying levels of redundancy and cost, depending on the requirements. Storage is wrapped up with data movement and migration services.

The architecture and services section is concluded by ensuring you have an understanding of identity, access, and security. The most important subject here in relation to understanding the cloud vs the traditional on premises model is the zero-trust model; with devices and users potentially working from many locations around the globe, security is no longer considered at the edge of the office’s firewall but is built around identity. This part covers Azure specific services related to security, including Azure Active Directory (now called Entra ID), external identity management, conditional access and role-based access control (RBAC) which sets the permissions for users, groups, apps or service principals.

Azure cost management
Azure cost analysis

Describe Azure management and governance is the third and final section of the AZ-900 syllabus and it covers a lot of ground. A large section is dedicated to knowing how to get on top of costs. In an Opex / consumption model, it is particularly important to be on top of costs. As well as learning about factors that affect cost such as resource type and geography, there are some tools specifically to look at costs. Pricing Calculator and Total cost of ownership (TCO) calculator are discussed here. When looking at governance and compliance features, the focus is on Azure Policy and resource locks for creating guardrails on your Azure tenant. For a focus on data, Microsoft Purview is for finding and classifying data from multiple storage areas such as M365, Azure storage or another cloud provider. The material continues to the Service Trust Portal which is a resource covering many standards of compliance in relation to Azure such as ISO, GDPR and PCI. For the deployment topic, the learning path relates to ways to interact with Azure, namely the Azure Portal, PowerShell and CLI. Azure Arc is for managing on premises and other cloud provider resources within Azure, and ARM Templates and Bicep are Infrastructure as Code (IoC) solutions which offers repeatable, predictable results when deploying resources and reducing the chance of human error when deploying resources manually. And for the last module in the Azure management and governance learning, we focus on monitoring tools, namely Azure Advisor, Azure Monitor and Azure Service Health.

Azure ARM Template
Some example ARM Template code

So you see there is a very broad spectrum of topics, but don’t be discouraged. Questions in the exam will relate to high level matters such as what service is used for going through your data and classifying any personally identifiable information or what would you use to ensure resources are only deployed in the US East region? You will not be asked how you go about writing an ARM template for example.

Exam hints and tips

First tip is don’t be fooled by the word Fundamentals. Whilst it should be a relatively straightforward exam to pass compared with associate, speciality or expert level certifications, if you haven’t studied all the subjects covered in the learning path, you may not pass. The exam is fairly broad, so you need to keep a fair amount in your head.

Microsoft have now made all role-based exams “open book”, meaning you can access Microsoft Learn content during the exam, but not for fundamental level exams. So you can’t look anything up and will need to rely on your obtained knowledge only for the exam.

A great tip from Tim Warner for Microsoft exams in general is always complete all the questions. Even if its a guess, you may get it right – you will definitely get it wrong if you don’t answer. There are no negative points for a wrong answer and some multi part questions such as “pick 3”, will give you some points for a partially correct answer.

Exams can be taken at a test centre or at a place of your choosing via a webcam enabled computer. If you have never taken an exam before, do try the Microsoft exam sandbox, which gives you an interactive experience of what to expect and the format the questions could be served. You have enough to think about in terms of using your obtained knowledge to achieve exam success, so you want to be as comfortable about the exam nuts and bolts as possible.

Read the question carefully. Another general tip is don’t lose points by making silly mistakes. Obvious things would be mixing up “which solution would not” and reading “which solution would” for example.

Recommended resources

The first resource I will always recommend is following Microsoft’s own content on for the AZ-900 exam. Known as a collection, it takes a number of learning paths, with modules in each path that specifically follow the exam syllabus. The content is very good and there’s great reassurance in consuming everything provided for you by Microsoft themselves.

John Savill's Technical Training
John Savill’s AZ-900 course including 3.5h cram!

Next up is John Savill’s AZ-900 Azure Fundamentals Certification Course. John works for Microsoft and his John Savill’s Technical Training YouTube content is legendary. He does whiteboarding of the subjects along with practical demonstrations. The course is organised as a playlist and currently contains an amazing 65 videos (9 hours’ worth). I have paid for a lot of courses in my time, and John’s content is as good as, sometimes better than the courses provided by training providers. What’s more, John does it as a passion to help others, he doesn’t monetise the videos, despite them being as good as they are. If you are short on time, I think if you have already read through Microsoft’s content, John’s AZ-900 study cram on its own would likely get you over the line. However, if you have the time, I recommend watching all videos in the playlist. So much of the material will give you a solid base for continuing your learning journey after you pass the AZ-900 exam.

Adam Marczak - Azure for Everyone
Adam Marczak’s AZ-900 course

I took and passed my AZ-900 exam in December 2020. It was the first Microsoft certification I did and at the time John Savill’s AZ-900 videos did not exist. One of the best resources I used at the time was Adam Marczak’s Microsoft Azure Fundamentals (AZ-900) Full Course on YouTube as part of his Azure for Everyone channel. Adam is a Microsoft MVP and is a great communicator. The graphics he uses in his videos are brilliant and he got me over the line watching his videos. Some are several years old now but the regular video comments, thanking him for getting them through the exam shows his content is still relevant. Whilst Azure does develop at a fast pace, the concepts of cloud computing and the popular Azure services on a high level are still the same.

Next steps

Once you have passed your AZ-900 exam and have your Microsoft Certified: Azure Fundamentals badge, what’s next?

It all depends on the individual and what their goals are. If you only required an overview of cloud and Azure specifically, you could walk away proud you can demonstrate your knowledge at this level. If you want to progress further, then your choices will depend largely on your job role, job you are working towards or just where your interest lies.

However, if there is to be a next step that ticks many boxes, the Most popular choice must be Microsoft Certified: Azure Administrator Associate.

Two reasons for this. Firstly, after learning the concepts in Fundamentals, no doubt you will want to try Azure and maybe start to leverage it in your organisation. Working through Azure Administrator certification path should give you enough skills to deploy, secure and monitor a good number of the popular services in Azure.

Second, it opens a path to two expert level certifications; Microsoft Certified: Azure Solutions Architect Expert and Microsoft Certified: DevOps Engineer Expert*. Both certifications require a second exam to get the expert badge (AZ-305 and AZ-400 respectively), but the ability to potentially obtain two expert certifications via the AZ-104: Microsoft Azure Administrator exam has to be a great move for your personal development.

* You can also pass the AZ-204: Developing Solutions for Microsoft Azure exam alongside the AZ-400 to obtain the DevOps Engineer Expert certification instead of the AZ-104.

Copyright © 2024 azureskills.tech

Theme by Anders NorenUp ↑