Definitions and pro-tips for the AZ-900 certification.
Availability Zones are physically separate locations within an Azure region, each with independent power, networking, and cooling. Deploying applications across multiple zones enhances fault tolerance and ensures high availability, minimizing downtime during localized failures.
Azure Active Directory is Microsoft’s cloud-based identity and access management (IAM) service. It provides authentication, authorization, and user management for Azure resources and cloud applications, supporting single sign-on (SSO) and multi-factor authentication (MFA) for enhanced security.
Azure Active Directory (Entra ID) is Microsoft’s cloud-based identity and access management service. It provides authentication, authorization, and user management for accessing Azure resources, Microsoft 365 applications, and other cloud services, enabling single sign-on and multi-factor authentication.
A fully managed domain service that provides domain join capabilities for VMs in Azure.
Azure Advisor analyzes your Azure configuration and resource usage to provide personalized recommendations. These recommendations span cost optimization, security hardening, high availability improvements, performance enhancements, and operational excellence best practices, helping you align with Azure’s well-architected framework.
Azure App Service is a fully managed platform as a service (PaaS) offering for building and deploying web applications, REST APIs, and mobile backends. It simplifies application development by abstracting away server management, patching, and scaling, allowing developers to focus solely on code.
Azure Application Gateway is a Layer 7 load balancer delivering web application performance, reliability, and security. It distributes incoming web traffic across multiple backend servers, offering features like SSL offloading, URL-based routing, and integrated Web Application Firewall (WAF) capabilities for enhanced protection.
Azure Arc enables you to manage, govern, and secure resources across on-premises, multicloud, and edge environments from a single control plane in Azure. It extends Azure services and policies to resources outside of Azure, providing consistent management and compliance across hybrid and distributed infrastructures.
Azure Automation is a cloud-based service for automating repetitive tasks across Azure and hybrid environments. It utilizes runbooks – scripts written in PowerShell, Python, or graphical workflows – to automate processes like patching, configuration, and incident response, improving efficiency and reliability.
Azure Backup is a cost-effective, secure, and scalable data protection service in the Azure cloud. It safeguards your data with centralized backup management, offering policy-based retention, long-term archiving, and rapid recovery of files, folders, and entire virtual machines.
Azure Blob Storage is Microsoft’s massively scalable object storage service for unstructured data. It’s designed for storing various data types, including text, binary data, and media files. Blob Storage offers different access tiers (Hot, Cool, Archive) to optimize cost based on data access frequency.
Azure Blueprints enable declarative and repeatable deployment of compliant Azure environments. They package Resource Manager templates, role-based access control (RBAC) assignments, and policies to consistently provision and configure resources, ensuring adherence to organizational standards and regulatory requirements.
Azure CLI is a command-line tool for managing Azure resources. It enables administrators and developers to automate tasks, create scripts, and manage Azure environments using command-line commands, offering a programmatic interface to Azure services.
Azure Compute encompasses services providing on-demand processing power and virtualized computing resources. This includes Infrastructure as a Service (IaaS) with Virtual Machines, Platform as a Service (PaaS) with Azure App Service, and Function as a Service (FaaS) with Azure Functions, enabling diverse application deployment models.
The fastest and simplest way to run containers in Azure, without managing any virtual machines.
Azure Cosmos DB is a globally distributed, multi-model database service. It supports document, graph, key-value, and column-family data models. It guarantees single-digit millisecond latency at the 99th percentile, with automatic and elastic scalability to handle demanding application workloads.
Azure Cost Management provides tools for monitoring, allocating, and optimizing cloud spending. It enables detailed cost analysis, budgeting, and forecasting, helping organizations understand and control their Azure expenditures. Features include cost alerts and recommendations for reducing waste.
Azure Data Factory is a fully managed, serverless data integration service. It orchestrates and automates data movement and transformation processes for hybrid and cloud data warehouses. ADF enables building ETL and ELT pipelines to ingest, prepare, and load data from diverse sources into Azure data stores.
Azure Data Lake Storage Gen2 is a highly scalable and cost-effective data lake solution built on Azure Blob Storage. It delivers HDFS-compatible access, enabling big data analytics workloads with optimized performance and security. It supports both object and file storage paradigms.
Azure Database offers a comprehensive suite of managed database services. Options include Azure SQL Database for relational data, Cosmos DB for globally distributed NoSQL databases, Azure Database for MySQL/PostgreSQL/MariaDB, and Azure Synapse Analytics for data warehousing and big data analytics.
Azure DDoS Protection mitigates Distributed Denial of Service (DDoS) attacks targeting Azure resources. The Basic tier is automatically enabled, providing always-on traffic monitoring. The Standard tier offers enhanced mitigation capabilities, adaptive tuning, and detailed attack analytics for critical applications.
Azure DevOps is a suite of cloud-based services providing tools for version control, continuous integration, continuous delivery, project management, and artifact management. It facilitates collaboration throughout the entire software development lifecycle, enabling teams to plan, build, test, and deploy applications efficiently.
A highly scalable data streaming platform capable of ingesting millions of events per second.
Azure ExpressRoute establishes dedicated, private network connections between on-premises infrastructure and Azure datacenters. This bypasses the public internet, providing enhanced security, reliability, and consistent network performance for hybrid cloud deployments and data transfer.
Azure Files provides fully managed file shares accessible via SMB, NFS, and REST APIs. It enables file storage in the cloud without application changes, supporting both traditional and modern applications. Data is durable and highly available, simplifying file sharing and migration scenarios.
Azure Firewall is a managed, cloud-based network security service that protects Azure Virtual Networks. It provides stateful firewall capabilities, threat intelligence, and URL filtering to control network traffic and prevent unauthorized access to resources, enhancing overall network security posture.
A global, scalable entry-point that uses the Microsoft global edge network to create fast, secure and widely scalable web applications.
Azure Functions provides serverless compute capabilities, enabling developers to execute code on-demand without managing infrastructure. Functions are triggered by events, such as HTTP requests, timer schedules, or messages from other Azure services, and scale automatically based on demand.
Azure Governance encompasses the policies, processes, and tools used to manage and control Azure environments. It ensures adherence to organizational standards, regulatory compliance, and cost optimization through resource organization, access control, and policy enforcement across subscriptions and resource groups.
Azure Key Vault provides a centralized and secure store for managing secrets, keys, and certificates. It safeguards sensitive information used by applications and services, offering hardware security module (HSM)-backed encryption and access control to protect against unauthorized access and misuse.
Azure Kubernetes Service (AKS) is a fully managed container orchestration service. It simplifies deploying, managing, and scaling containerized applications using Kubernetes. AKS automates Kubernetes cluster creation, upgrades, and scaling, reducing operational overhead and enhancing application availability.
Azure Load Balancer distributes incoming network traffic across multiple virtual machine instances, enhancing application availability and scalability. Operating at Layer 4, it supports TCP, UDP, and HTTP/HTTPS protocols. It provides health probes to ensure traffic is directed only to healthy instances.
Azure Logic Apps is a cloud-based integration platform that automates workflows and integrates applications, data, and services. Using a visual designer, Logic Apps connect to various connectors and perform actions based on pre-built templates or custom logic, streamlining business processes.
Azure Marketplace is an online store offering a wide range of independently verified software, services, and virtual machines from Microsoft and its partners. These offerings are designed for easy deployment and integration with Azure subscriptions, accelerating solution development and implementation.
Azure Monitor collects and analyzes telemetry from Azure resources and applications. It provides a comprehensive view of performance, availability, and potential issues through logs, metrics, and alerts. This data enables proactive identification and resolution of problems, ensuring optimal system operation and user experience.
Azure Networking delivers services to connect Azure resources with each other and to on-premises infrastructure. Core components include Virtual Networks (VNet) for isolated networks, Network Security Groups (NSG) for traffic filtering, and Load Balancers for distributing traffic across multiple resources, ensuring high availability and security.
Azure Policy enforces organizational standards and assesses compliance at scale. It defines rules and effects for Azure resources, enabling automated enforcement of policies related to cost, security, and regulatory compliance. Policies can audit, deny, modify, or deploy resources.
The Azure Portal is a web-based, centralized management interface for Azure. It provides a graphical user interface (GUI) to create, manage, and monitor Azure resources, offering access to all Azure services and features through a browser.
The Azure Pricing Calculator is a web-based tool that estimates the cost of Azure services based on configured resources and usage patterns. It allows users to model different scenarios, compare pricing options, and optimize spending by providing detailed cost breakdowns for various Azure products.
An Azure Resource represents a manageable item available through Azure, forming the fundamental building blocks of cloud solutions. Examples include virtual machines, storage accounts, databases, and virtual networks. Each resource is uniquely identified and can be deployed, configured, and managed independently.
Azure Resource Manager (ARM) is the deployment and management service for Azure. It introduces a declarative approach using templates to define and provision infrastructure as code. ARM enables consistent, repeatable deployments and simplifies resource management through a unified interface and role-based access control.
Azure Security Center, now Microsoft Defender for Cloud, provides centralized security management and threat protection across Azure, on-premises, and other cloud environments. It offers continuous assessment, adaptive application controls, and threat detection to strengthen an organization’s overall security posture.
The Azure Security Development Lifecycle (SDL) is a comprehensive framework integrating security practices throughout the entire software development process. It aims to identify and mitigate vulnerabilities early, reducing risks and improving the overall security posture of applications deployed in Azure. It’s a proactive, preventative approach.
A fully managed enterprise message broker with a variety of messaging patterns.
Azure SQL Database is a fully managed Platform-as-a-Service (PaaS) relational database built on the SQL Server engine. It offers automated patching, backups, and high availability, reducing administrative overhead. Intelligent features optimize performance and enhance security for mission-critical applications.
Azure Storage provides scalable and durable cloud storage for various data types. It offers Blob storage for unstructured data, File storage for shared file systems, Queue storage for message queuing, and Table storage for NoSQL key-value pairs, each optimized for specific use cases and access patterns.
An Azure Subscription is a logical construct that provides access to Azure services and resources. It defines an Azure account’s billing boundary and serves as a scope for access control. Multiple subscriptions can be linked to a single Azure Active Directory tenant for centralized identity management.
Azure Support provides varying levels of assistance, from basic developer support to premier support, each offering different response times, proactive guidance, and architectural support. Plans are tiered based on business criticality and required service level agreements (SLAs).
Azure Synapse Analytics is a limitless analytics service that unifies data warehousing and big data analytics. It provides a single platform for data integration, enterprise data warehousing, and exploration using SQL, Spark, and data lake capabilities, enabling both batch and real-time analytics.
Azure Virtual Machines provide on-demand, scalable computing infrastructure as a service (IaaS). Users have complete control over the operating system, including installation, maintenance, and configuration. VMs offer flexibility to deploy various workloads and customize the computing environment to specific requirements.
Azure Virtual Machine Scale Sets enable you to create and manage a group of identical, load-balanced virtual machines. They automatically scale the number of VM instances based on demand or a predefined schedule, ensuring high availability and responsiveness for applications.
An Azure Virtual Network (VNet) is a logically isolated section of the Azure cloud dedicated to your subscription. It allows you to define a private IP address space, subnets, route tables, and network security groups to control network traffic and connectivity for Azure resources.
Azure VPN Gateway creates secure, encrypted connections between on-premises networks and Azure virtual networks over the public internet. It supports site-to-site and point-to-site VPN connections, enabling hybrid cloud scenarios and secure remote access to Azure resources.
Capital Expenditure represents investments in physical assets with long-term value, such as purchasing servers, data centers, or software licenses. These are significant, up-front costs that are depreciated over the asset’s useful life and are reflected on a company’s balance sheet as assets.
Containers package an application with all its dependencies—code, runtime, system tools, system libraries, and settings—into a standardized unit for consistent execution across different environments. This ensures portability and simplifies application deployment and scaling.
Disaster Recovery is a comprehensive strategy and set of processes designed to restore IT infrastructure and data following a disruptive event. It focuses on minimizing business impact and ensuring business continuity by rapidly recovering critical systems and data to a pre-defined state.
Elasticity is the ability of a system to dynamically provision and de-provision resources automatically in response to fluctuating demand. This ensures optimal resource utilization and cost efficiency by scaling up during peak times and scaling down during lulls, without manual intervention.
Microsoft’s global infrastructure comprises a network of interconnected datacenters worldwide. This extensive network delivers Azure services with high availability, scalability, and reduced latency by enabling proximity-based resource deployment and data residency options for customers globally.
High Availability refers to a system’s ability to remain operational and accessible for a sustained period. It’s achieved through redundancy, failover mechanisms, and minimizing single points of failure, ensuring minimal downtime and continuous service delivery to users.
Hybrid cloud integrates on-premises infrastructure, private clouds, and public cloud services, enabling data and application portability. This model allows organizations to leverage the scalability of the public cloud while maintaining control over sensitive data and legacy systems within a private environment.
IaaS provides on-demand access to fundamental computing resources—virtual machines, storage, networks, and operating systems—over the internet. Users manage the operating system, middleware, and applications, while the cloud provider manages the underlying infrastructure, offering flexibility and control.
Infrastructure as a Service (IaaS) delivers fundamental computing infrastructure—virtual machines, storage, networks, and operating systems—over the internet on a pay-as-you-go basis. It provides maximum flexibility and control, allowing users to manage the OS, middleware, and applications.
Infrastructure as Code (IaC) defines and manages infrastructure through machine-readable definition files, enabling automation, version control, and repeatable deployments. This approach improves consistency, reduces errors, and accelerates infrastructure provisioning.
Management Groups provide a hierarchical structure for organizing multiple Azure Subscriptions. They enable centralized policy and access management across an organization, simplifying governance and compliance. This allows for consistent application of policies at scale, reducing administrative overhead.
Operational Expenditure encompasses the ongoing costs of running a business, including expenses like cloud service subscriptions, utilities, and salaries. OpEx is typically recognized as a current expense on the income statement and offers predictable, short-term budgeting compared to the long-term commitment of CapEx.
Platform as a Service (PaaS) delivers a complete development and deployment environment in the cloud. It provides the resources needed to build, test, deploy, and manage applications without managing underlying infrastructure like servers or networks. PaaS focuses developer attention on application code.
PowerShell is a cross-platform task automation solution comprised of a command-line shell, scripting language, and configuration management framework. Microsoft developed it for system administration and automation, and it is a primary method for interacting with and managing Azure resources through cmdlets.
A Private Cloud provides dedicated computing resources exclusively for a single organization. It can be hosted on-premises or by a third-party provider, offering enhanced control, security, and customization. This model is suitable for organizations with strict regulatory requirements or specific performance needs.
The Public Cloud delivers computing resources – servers, storage, databases, networking, software – over the internet and is owned and operated by a third-party cloud provider. These resources are shared among multiple tenants, offering scalability, cost-effectiveness, and reduced management overhead for users.
Redundancy involves replicating critical system components to eliminate single points of failure and maintain service availability. This includes duplicating hardware, software, or network connections to ensure continued operation during outages or failures.
Azure Region Pairs are geographically separated regions within the same geography, linked for disaster recovery purposes. Azure updates regions in a pair sequentially, ensuring that one region always remains operational during planned or unplanned events, minimizing data loss and service interruption.
Azure Regions represent geographically distinct areas containing multiple datacenters networked together. Selecting a region impacts latency, data residency, and service availability. Azure continually expands its global footprint to provide proximity to customers and meet regulatory requirements.
Resource Groups are logical containers for organizing Azure resources. They provide a way to manage the lifecycle of related resources as a single unit. Resources within a group share common metadata, such as location and tags, simplifying billing and access control administration.
Role-Based Access Control (RBAC) in Azure enables granular access management by assigning roles with specific permissions to users, groups, or service principals. This allows administrators to control what actions users can perform on Azure resources, adhering to the principle of least privilege.
Scalability defines a system’s capacity to accommodate increasing workloads. It represents the ability to efficiently handle growth in demand by adding resources. This can be achieved through increasing the size of existing resources or adding more resources to the system, maintaining performance.
Serverless computing enables developers to build and run applications without managing servers. The cloud provider automatically scales resources and charges only for the compute time consumed, eliminating infrastructure management overhead and reducing operational costs.
Software as a Service (SaaS) provides ready-to-use software applications delivered over the internet, typically on a subscription basis. Users access the software through web browsers or dedicated apps, eliminating the need for local installation, maintenance, or infrastructure management.
Virtual Machines provide on-demand, scalable computing resources in Azure. These software-defined systems emulate physical computers, allowing users to deploy and manage operating systems, applications, and data without managing underlying hardware infrastructure. VMs offer complete control over the computing environment.
We're adding new exams every week. Let us know what you're studying for, and we'll bump it up our priority list! (Typical turnaround: 2-3 days)
Your feedback has been submitted successfully. We appreciate your help in making Cert Sensei better!