book

Azure Fundamentals (AZ-900) Study Guide

Name: Azure Fundamentals (AZ-900) Study Guide
Author: Jack Lee
ISBN: 9781098167820

by Jack Lee

February 2026

Beginner

360 pages

8h 26m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Includes

Quizzes

Foreword
Preface
Why Should You Take the AZ-900 Exam?Who Should Take the AZ-900 Exam?What Should I Know About the AZ-900 Exam?Topics Covered on the AZ-900 ExamExam Structure and DurationDoes the AZ-900 Serve as a Stepping Stone to Advanced Certifications?What Other Foundational Certifications Are Available?What’s Covered in This Book?Conventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
I. Cloud Concepts
1. Introduction to Cloud Computing
What Is Cloud Computing?Understanding Compute PowerStorage Capabilities ExplainedAdvantages of Cloud Computing Over Traditional On-Premises InfrastructureUnderstanding Cloud Service ModelsOverview of Common Azure ServicesHow Cloud Pricing WorksSummaryChapter 1 Quiz
2. Benefits of Using Cloud Services
High AvailabilityRedundant InfrastructureAutomated Failover and RecoveryService Level AgreementsBusiness Continuity and Disaster RecoveryKey Takeaways for High AvailabilityScalabilityElastic InfrastructureVertical and Horizontal ScalingPay-per-Use Pricing ModelGlobal Reach and AccessibilityKey Takeaways for ScalabilityReliabilityDesigning for ReliabilityKey Takeaways for ReliabilityPredictabilityPerformance PredictabilityCost PredictabilityKey Takeaways for PredictabilitySecurityData EncryptionIdentity and Access ManagementThreat Detection and PreventionCompliance and GovernanceKey Takeaways for SecurityGovernanceCentralized Policy EnforcementRole-Based Access ControlCost Management and OptimizationAudit Logging and Compliance ReportingKey Takeaways for GovernanceManageabilityManagement of the CloudManagement in the CloudKey Takeaways for ManageabilitySummaryChapter 2 Quiz
3. Cloud Service Types
Demystifying Cloud Service Types Using Everyday ExamplesIaaS: Owning a CarPaaS: Renting a CarSaaS: Using a Rideshare ServiceInfrastructure as a ServiceKey Benefits of IaaSThe Benefits of IaaS Services: A Real-Life ExamplePlatform as a ServiceKey Benefits of PaaSThe Benefits of PaaS Services: Real-Life ExamplesSoftware as a ServiceKey Benefits of SaaSThe Benefits of SaaS: Real-Life ExamplesChoosing the Right Azure Service Type for the JobWhen to Use IaaSWhen to Use PaaSWhen to Use SaaSSummaryChapter 3 Quiz
4. The Shared Responsibility Model
Shared Responsibility: From On Premises to the CloudResponsibilities Are Closely Tied to Cloud Service TypesShared Responsibility for IaaSShared Responsibility for PaaSShared Responsibility for SaaSComparison of Responsibility Areas Across Cloud Service TypesExamples of Varying Responsibilities by Cloud Service TypeMore Real-World Examples of Responsibility ShiftsExample 1: Operating System PatchingExample 2: Identity Management and SecurityExample 3: Data Security and ComplianceBringing It All TogetherSummaryChapter 4 Quiz
5. Cloud Models
What Are Cloud Models?Public CloudPrivate CloudHybrid CloudMulti-CloudComparison of Cloud ModelsKey Microsoft Azure OfferingsAzure VMware SolutionAzure ArcAzure LocalSummaryChapter 5 Quiz
II. Azure Architecture and Services
6. Introduction to Microsoft Azure
A Brief History of Microsoft Azure (Optional Reading)2008: The Announcement of Windows Azure2010: General Availability of Windows Azure2014: Rebranding to Microsoft Azure2015–2018: Expansion and Innovation2019–2021: Microsoft Entra, Azure Synapse Analytics, and Azure Arc2022–Present: AI Leadership and SustainabilityBenefits of Microsoft AzureCost Savings and EfficiencyScalability, Elasticity, and FlexibilityAgility and InnovationReliability and PerformanceSecurity and ComplianceEcosystem, Integration, and InteroperabilityGlobal Presence and Hybrid CapabilitiesAI, Machine Learning, and IoTGetting Started with AzureWhat Is an Azure Account?What Is an Azure Subscription?What Is the Relationship Between an Azure Account and a Subscription?Azure Subscription TypesHow to Create a Free Azure Account: A Step-by-Step GuideCreating a Free Account if You’re Not a StudentCreating a Free Azure for Students AccountExplore the Azure PortalHow to View Your Subscription DetailsHow to View the Azure Product CatalogSummaryChapter 6 Quiz

7. Core Architectural Components of Azure
The Physical Infrastructure of Microsoft AzureWhat Are Azure Regions?Service AvailabilityData Residency and Regulatory ComplianceProximity and LatencyWhat Are Azure Availability Zones?Key Features of Availability ZonesHow to Use Availability ZonesKey Considerations About Availability ZonesWhat Are Azure Region Pairs?Advantages of Region PairsHow Region Pairs WorkKey Considerations About Region PairsTypical Use Cases for Region PairsWhat Are Azure Sovereign Regions?Types of Azure Sovereign RegionsWhy Use Sovereign Regions?Key Considerations About Sovereign RegionsUse Cases for Sovereign RegionsSummaryChapter 7 Quiz
8. The Azure Management Infrastructure
What Is the Azure Management Infrastructure?The Core Layer: Azure ResourcesThe Second Layer: Azure Resource GroupsStructural Layers: Azure SubscriptionsThe Outer Layer: Azure Management GroupsBenefits of a Well-Designed Azure Management InfrastructureBest Practices for Planning Your Azure Management InfrastructureReal-World Example: Hierarchical Integration of Management Groups, Subscriptions, and Resource GroupsBreaking Down the Azure Management StructureHow the Structure WorksSummaryChapter 8 Quiz
9. Azure Compute Services
Infrastructure as a ServiceAzure Virtual MachinesResources Required for Azure VMsVirtual Machine DeploymentAzure Virtual Machine Scale SetsAzure availability setsAzure Virtual DesktopPlatform as a ServiceAzure App ServicePaaS: Serverless ComputingContainers and Azure Kubernetes ServicesAzure Container InstancesPaaS: Managed Container Services and Azure Container AppsChoosing the Right Compute ServiceBonus Material: Azure Application and Integration Services (Optional)Azure API ManagementAzure Logic AppsAzure Event GridAzure Service BusSummaryChapter 9 Quiz
10. Azure Networking Services
The OSI ModelAzure NetworkingWhy Is Azure Networking Important?Key Services in Azure NetworkingCore Infrastructure: Azure VNet and SubnetsWhat Is a VNet?What Is a Subnet?Key Features of Azure VNetBest Practices for Using Azure VNetUse Cases for Azure VNetHow to Create an Azure VNetVirtual Network PeeringKey Features of Virtual Network PeeringBest Practices for Using Virtual Network PeeringUse Cases for Virtual Network PeeringSecuring Azure NetworkingNetwork Security GroupsKey Features of NSGsBest Practices for Using NSGsUse Cases for NSGAzure FirewallKey Features of Azure FirewallBest Practices for Using Azure FirewallUse Cases for Azure FirewallAzure BastionKey Features of Azure BastionBest Practices for Using Azure BastionUse Cases for Azure BastionPublic Endpoints Versus Private EndpointsWhen to Use Public Endpoints Versus Private EndpointsComparison of Public and Private EndpointsControlling Traffic: Load BalancingAzure Load BalancerKey Features of Azure Load BalancerTypes of Azure Load BalancersBest Practices for Using Azure Load BalancerUse Cases for Azure Load BalancerAzure Application GatewayKey Features of Azure Application GatewayBest Practices for Using Azure Application GatewayUse Cases for Azure Application GatewayAzure Traffic ManagerKey Features of Azure Traffic ManagerBest Practices for Using Azure Traffic ManagerUse Cases for Azure Traffic ManagerAzure Front DoorKey Features of Azure Front DoorBest Practices for Using Azure Front DoorUse Cases for Azure Front DoorComparison of the Load-Balancing ServicesHybrid ConnectivityAzure VPN GatewayAzure ExpressRouteAzure Domain Name SystemKey Features of Azure DNSBest Practices for Using Azure DNSUse Cases for Azure DNSAzure Content Delivery NetworkKey Features of Azure CDNBest Practices for Using Azure CDNUse Cases for Azure CDNAzure Network WatcherKey Features of Azure Network WatcherBest Practices for Using Azure Network WatcherUse Cases for Azure Network WatcherSummaryChapter 10 Quiz
11. Azure Storage Services
Introduction to Azure Storage AccountBenefits of Azure Storage Versus On-Premises StorageCost-EfficiencyScalability and ElasticityHigh Availability and Disaster Recovery CapacitySecurity and CompliancePerformance and AccessibilityBackup and Retention PoliciesComparison of Azure Storage Versus On-Premises StorageSupported Data TypesAzure Storage ServicesAzure Storage Services and Data TypesGlobally Unique Namespace for Azure Storage AccountStorage Service EndpointsAzure Managed Disks: A Separate Storage ServiceComparing Azure Storage ServicesChoosing the Right Storage Account Types and OptionsTypes of Azure Storage AccountsChoosing the Right Storage Account TypeAzure Redundancy OptionsTypes of Redundancy OptionsChoosing a Redundancy OptionOptions for Transferring Files to Azure StorageDifferent Tools for File TransferComparison of File Transfer OptionsMigration Options to Azure StorageTypes of Migration SolutionsComparison of Azure Migration OptionsSummaryChapter 11 Quiz
12. Azure Identity, Access, and Security
Understanding the Zero Trust Security ModelWhy Do We Need Zero Trust?The Core Principles of Zero TrustComparing Traditional Security and the Zero Trust ModelReal-World ScenarioDefense-in-Depth ModelMicrosoft Entra IDWhat Does Microsoft Entra ID Offer? Why Use Microsoft Entra ID?Microsoft Entra Connect Sync: Connecting On-Premises Active Directory to AzureMicrosoft Entra Domain ServicesComparing Microsoft Entra ID and Microsoft Entra Domain ServicesAuthentication in AzureSingle Sign-OnMultifactor AuthenticationPasswordless AuthenticationComparison of Authentication Methods at a GlanceMicrosoft Entra External IDKey Benefits of Microsoft Entra External IDA Real-World ScenarioMicrosoft Entra Conditional AccessHow It WorksA Real-World ExampleCommon Use Cases for Conditional AccessWhy Conditional Access MattersAzure Role-Based Access ControlWhy Use RBAC?How Does RBAC Work?Real-World RBAC ScenariosHow Is RBAC Applied?Key Points to RememberAzure Key VaultWhat Does Azure Key Vault Do?Why Use Azure Key Vault?How Applications Access SecretsReal-World ScenarioMicrosoft Defender for CloudWhy Use Microsoft Defender for Cloud?Key Components of Microsoft Defender for CloudHow Microsoft Defender for Cloud Protects Different EnvironmentsSummaryChapter 12 Quiz
III. Azure Management and Governance
13. Cost Management in Azure
Cost Management in AzureFrom CapEx to OpEx: A Shift in Cost ModelsFactors That Influence Azure CostsTools to Help Estimate and Manage Azure CostsAzure Migrate: Assessment & Business CaseAzure Pricing CalculatorAzure AdvisorCost Management + BillingBringing It All TogetherOrganizing Resources with Azure TagsWhat Are Tags?Managing Tags in AzureTop 10 Tips for Saving Money with AzureSummaryChapter 13 Quiz
14. Azure Governance and Compliance
Microsoft Purview: Unified Data GovernanceThe Microsoft Purview PortalWhat Microsoft Purview EnablesKey Functional Areas of Microsoft PurviewDeep Integration with Microsoft 365 ComplianceCommon Use Cases of Microsoft PurviewA Real-World Example: HealthcareIntegration with the Microsoft Data EcosystemAzure Policy: Enforce Organizational StandardsWhat Is Azure Policy?Why Azure Policy MattersCommon Use Cases of Azure PolicyKey Components of Azure PolicyBuilt-In PoliciesCustom PoliciesMonitoring and RemediationPolicy Effects: What Happens When a Rule Is Triggered?Resource Locks: Protecting Critical ResourcesWhat Are Resource Locks?Two Types of Resource LocksWhere to Use Resource LocksReal-Life Example: Protecting a Production VMHow to Apply a Resource LockComparing Resource Locks and Azure PolicyBest Practices and LimitationsService Trust Portal: Compliance TransparencyWhat Is the Service Trust Portal?Key Features of the Service Trust PortalReal-World Example: Preparing for a GDPR AuditHow Do These Azure Governance Tools Work Together?SummaryChapter 14 Quiz
15. Managing and Deploying Azure Resources
Azure PortalKey Features of the Azure PortalWhat Are the Best Uses of the Azure Portal?Key Benefits of Azure PortalCommon Tasks in the Azure PortalWhen to Use the Azure Portal (and When Not To)Azure Cloud ShellWhy Use Cloud Shell?Key Features of Cloud ShellAzure CLIWhy Use Azure CLI?Example: Creating a Resource Group Using Azure CLIWhere You Can Run Azure CLIAzure CLI Versus Azure PortalAzure PowerShellExample: Creating a Resource Group Using Azure PowerShellWhy Use Azure PowerShell?Where Can You Use Azure PowerShell?Azure CLI Versus Azure PowerShellWhich Tool Should You Use?Infrastructure as CodeWhy IaC Matters IaC Approaches: Declarative Versus ImperativeAzure Resource ManagerBicepTerraformIaC Tool ComparisonManaging Hybrid and Multi-Cloud Environments Using Azure ArcBest Practices for Managing and Deploying Azure ResourcesSummaryChapter 15 Quiz
16. Azure Monitoring Tools
What Is Azure Advisor?What Is Azure Service Health?What Is Azure Monitor?Azure Log AnalyticsAzure Monitor AlertsApplication InsightsSummaryChapter 16 Quiz
Wrap-Up
Path 1: Cloud ConceptsPath 2: Azure Architecture and ServicesPath 3: Management and GovernanceBringing It All TogetherFinal Checklist: Your AZ-900 ReadinessExam Blueprint AlignmentGood Luck!
A. Practice Exam
B. Answer Keys
Chapter 1 Answer KeyChapter 2 Answer KeyChapter 3 Answer KeyChapter 4 Answer KeyChapter 5 Answer KeyChapter 6 Answer KeyChapter 7 Answer KeyChapter 8 Answer KeyChapter 9 Answer KeyChapter 10 Answer KeyChapter 11 Answer KeyChapter 12 Answer KeyChapter 13 Answer KeyChapter 14 Answer KeyChapter 15 Answer KeyChapter 16 Answer KeyPractice Exam Answer Key
Index
About the Author

Content preview from Azure Fundamentals (AZ-900) Study Guide

Chapter 12. Azure Identity, Access, and Security

In the previous chapter, we explored how Azure securely stores and manages data in Azure Storage. Now, we turn our focus to another essential pillar of cloud computing: identity, access, and security.

At its core, “identity, access, and security” refers to the systems and practices that ensure only authorized users or services can access the right resources at the right time, and nothing more. This is vital for maintaining trust, protecting sensitive data, preventing unauthorized access, and complying with industry regulations. In cloud computing, where resources are accessible from anywhere, these protections become even more critical.

Azure embeds identity, access, and security into the core of its platform, providing a built-in framework for managing users, controlling access to resources, and protecting against cyberthreats. At the heart of this framework is Microsoft Entra ID (formerly Azure Active Directory), which acts as the central identity provider. It enables organizations to authenticate users and devices, enforce multifactor authentication (MFA), set Conditional Access policies, and manage external identities.

Access management in Azure is powered by role-based access control (RBAC), enabling fine-grained permissions based on job roles or responsibilities. Meanwhile, Azure’s security services, such as Microsoft Defender for Cloud, help continuously monitor your environment, detect threats, and strengthen your security ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Exam AZ-900: Microsoft Azure Fundamentals, 3rd Edition

Publisher Resources

ISBN: 9781098167813Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Azure Fundamentals (AZ-900) Study Guide

by Jack Lee

Chapter 12. Azure Identity, Access, and Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.