Azure Fundamentals

Preparation for the

certification AZ 900
Presented By:

AlaEddine Dammak

Final Year IT Engineering Student

Supervisor @MTC.ENIS
Former President @MTC.ENIS
History of Cloud computing
From Mainframe to Cloud Computing
Learning path outline
Learning path 01―outline
You will learn the following concepts:

1 Cloud computing
• What is cloud computing
• Shared responsibility
• Cloud models
• Capital vs operational costing

2 Cloud benefits
• Benefits of the cloud

3 Cloud service types

• IaaS, PaaS, and SaaS
Cloud computing
Cloud computing―objective domain

• Define cloud computing.

• Define cloud models, including public, private, and hybrid.
• Identify appropriate use cases for each cloud model.
• Describe the consumption-based model.
• Compare cloud pricing models.
What is cloud computing?
Cloud computing is the delivery of computing services over the internet, enabling faster
innovation, flexible resources, and economies of scale.

Compute Networking Storage

 CLOUD COMPUTING
Cloud Providers On-Premises

• Someone else owns the • The organization owns the

servers: The service servers: Businesses manage
provider is responsible for their own hardware and
the hardware. infrastructure.

• Someone else handles • The organization pays for

payment or leasing of the the hardware and
infrastructure: Costs are maintenance directly:
often based on usage Upfront costs and ongoing
rather than ownership. expenses are fully the
responsibility of the
• These responsibilities are business.
generally transferred to the
service provider: • These responsibilities
remain with the
Organizations can focus on
organization: Full control
their core business rather
over IT resources and data
than IT management.
management.
12
Private cloud

• Organizations create a
cloud environment in
their datacenter.
• Organizations are
responsible for operating
the services they provide.
• Does not provide access
to users outside of the
organization.
Public cloud

• Owned by cloud services

or hosting provider.
• Provides resources and
services to multiple
organizations and users.
• Accessed via secure
network connection
(typically over the internet).
Hybrid cloud

Combines public and private clouds to allow applications to run in the most appropriate
location.
Cloud model comparison

Public cloud Private cloud Hybrid cloud

• No capital expenditures to • Hardware must be purchased • Provides the most flexibility.

scale up. for start-up and maintenance.
• Organizations determine where
• Applications can be quickly • Organizations have complete to run their applications.
provisioned and deprovisioned. control over resources and
• Organizations control security,
security.
• Organizations pay only for compliance, or legal
what they use. • Organizations are responsible requirements.
for hardware maintenance and
updates.
Compare CapEx vs. OpEx

Capital expenditure (CapEx) Operational expenditure (OpEx)

• The upfront spending of money on physical • Spend on products and services as needed,
infrastructure. pay-as-you-go.
• Costs from CapEx have a value that reduces • Get billed immediately.
over time.
Consumption-based model

Cloud service providers operate on a consumption-based model, which means that end
users only pay for the resources that they use.
• Better cost prediction.

• Prices for individual resources and services are provided.

• Billing is based on actual usage.

Cloud benefits
Cloud benefits―objective domain

• Describe the benefits of high availability and scalability in the cloud.

• Describe the benefits of reliability and predictability in the cloud.
• Describe the benefits of security and governance in the cloud.
• Describe the benefits of manageability in the cloud.
Cloud benefits

High availability Elasticity

Scalability Reliability

Predictability Security

Governance Manageability
Cloud service types
Cloud services―objective domain

• Describe infrastructure as a service (IaaS).

• Describe platform as a service (PaaS).
• Describe software as a service (SaaS).
• Describe the shared responsibility model.
Infrastructure as a service (IaaS)

Build pay-as-you-go IT infrastructure by renting servers, virtual machines, storage, networks, and
operating systems from a cloud provider.
Platform as a service (PaaS)

Provides an environment for building, testing, and deploying software applications; without
focusing on managing underlying infrastructure.
Software as a service (SaaS)

Users connect to and use cloud-based apps over the internet: for example, Microsoft Office 365,
email, and calendars.
Shared responsibility model
Cloud service comparison

IaaS PaaS SaaS

• The most flexible cloud service. • Focus on application • Pay-as-you-go pricing model.
development.
• You configure and manage the • Users pay for the software they
hardware for your application. • Platform management is use on a subscription model.
handled by the cloud provider.
TEST YOUR KNOWLEDGE !
AZ-900
Learning path 02:
Azure architecture
and services
Learning path outline
Learning path 02―outline
You will learn the following concepts:
1 Azure architectural components
• Regions and availability zones
• Subscriptions and resource groups

2 Compute and networking

• Compute types
• Application hosting
• Virtual networking

3 Storage
• Storage services
• Redundancy options
• File management and migration

4 Identity, access, and security

• Directory services
• Authentication methods
• Security models
Azure accounts

• Azure account

• Azure free account

• Azure free student

account
• Microsoft Learn sandbox
Azure architectural
components
Regions

Azure offers more

global regions than
any other cloud
provider with 60-plus
regions representing
over 140 countries

• Regions are made up of one or more datacenters in close proximity.

• They provide flexibility and scale to reduce customer latency.
• Regions preserve data residency with a comprehensive compliance offering.
Availability zones

• Provide protection against

downtime due to Azure Region
datacenter failure. Availability Zone 1 Availability Zone 2
• Physically separate
datacenters within the
same region.
• Each datacenter is
equipped with
independent power,
cooling, and networking.
• Connected through private
fiber-optic networks. Availability Zone 3
Region pairs

• At least 300 miles of separation Region Region

between region pairs. North Central US​ South Central US​
East US​ West US​
• Automatic replication for
West US 2​ West Central US​
some services.
US East 2​ Central US​
• Prioritized region recovery in the Canada Central​ Canada East​
event of outage. North Europe​ West Europe​
UK West​ UK South​
• Updates are rolled out
sequentially to minimize Germany Central​ Germany Northeast​
downtime. South East Asia​ East Asia​
East China​ North China​
• Web link: Japan East​ Japan West​
https://aka.ms/PairedRegions Australia Southeast​ Australia East​
India South​ India Central​
Brazil South (Primary)​ South Central US
Azure sovereign regions (US government services)

Meets the security and

compliance needs of US
federal agencies, state and
local governments, and
their solution providers.

Azure government:
• Separate instance of Azure.
• Physically isolated from
non-US government
deployments.
• Accessible only to screened,
authorized personnel.
Azure sovereign regions (Azure China)
Microsoft is China’s first foreign public cloud service provider, in compliance with
government regulations.

Azure China features:

Physically separated instance of Azure cloud services operated by 21Vianet.
All data stays within China to ensure compliance.
Azure resources
Azure resources are components like storage, virtual machines, and networks that are
available to build cloud solutions.

Virtual machines Storage accounts Virtual networks

App services SQL databases Functions

Resource groups

A resource group is a Resource groups

container you use to (web plus DB, VM, storage) in one
manage and aggregate group
resources in a single unit.
• Resources can exist in only
one resource group.
OR
• Resources can exist in
different regions.
• Resources can be moved to
different resource groups.
Web and Virtual
• Applications can utilize DB machine Storage
resource resource resource
multiple resource groups. group group group
Azure subscriptions

An Azure subscription
provides you with
authenticated and
authorized access to
Azure accounts.
• Billing boundary:
Generate separate billing
reports and invoices for
each subscription.
• Access control boundary:
Manage and control access
to the resources that users
can provision with specific
subscriptions.
Management groups

• Management groups can

include multiple Azure
subscriptions.
• Subscriptions inherit
conditions applied to the
management group.
• 10,000 management
groups can be supported
in a single directory.
• A management group
tree can support up to six
levels of depth.
Compute and networking
Compute and networking―objective domain

Describe the benefits and usage:

• Compare compute types, including container instances, virtual machines, and functions.

• Describe virtual machine options, including virtual machines (VMs), virtual machine scale sets, virtual
machine availability sets, and Azure Virtual Desktop.
• Describe the resources required for virtual machines.

• Describe application hosting options, including Azure Web Apps, containers, and virtual machines.

• Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets,
peering, Azure DNS, VPN Gateway, and ExpressRoute.
• Define public and private endpoints.
Azure compute services
Azure compute is an on-demand service that provides computing resources such as
disks, processors, memory, networking, and operating systems.

Virtual App Container Azure Kubernetes Azure Virtual

Machines Services Instances Services (AKS) Desktop
Azure virtual machines

Azure virtual machines

(VMs) are software
emulations of physical
computers.
• Includes virtual processor,
memory, storage, and
networking.
• IaaS offering that provides
total control and
customization.
VM scale sets

Scale sets provide a load-

balanced opportunity to
automatically scale
resources.
• Scale out when resource
needs increase.
• Scale in when resource
needs are lower.
VM availability sets
Azure Virtual Desktop

Azure Virtual Desktop is

a desktop and app
virtualization that runs in
the cloud.
• Create a full desktop
virtualization environment
without having to run
additional gateway servers.
• Reduce risk of resource
being left behind.
• True multisession
deployments.
Azure container services
Azure containers provide a lightweight, virtualized environment that does not require
operating system management, and can respond to changes on demand.

Azure Container Instances: A PaaS offering that runs a container or pod of containers
in Azure.

Azure Container Apps: A PaaS offering, like container instances, that can load balance
and scale.

Azure Kubernetes Service: An orchestration service for containers with distributed

architectures and large volumes of containers.
Azure Functions

Azure Functions: A PaaS offering that supports serverless compute operations.

Event-based code runs when called without requiring server infrastructure during
inactive periods.
Comparing Azure compute options

Virtual machines Virtual Desktop Containers

• Cloud-based server that • Provides a cloud-based • Lightweight, miniature
supports either Windows or personal computer Windows environment well suited for
Linux environments. desktop experience. running microservices.
• Useful for lift-and-shift • Dedicated applications to • Designed for scalability and
migrations to the cloud. connect and use, or accessible resiliency through orchestration.
from any modern browser.
• Complete operating system • Applications and services are
package, including the host • Multiclient login allows packaged in a container that
operating system. multiple users to log into the sits on top of the host operating
same machine at the system. Multiple containers can
same time. sit on one host OS.
Azure App Services

Azure App Services is a

fully managed platform to
build, deploy, and scale web
apps and APIs quickly.

• Works with .NET, .NET Core,

Node.js, Java, Python, or php.
• PaaS offering with
enterprise-grade
performance, security, and
compliance requirements.
Azure networking services

Azure Virtual Network (VNet) enables Azure resources to communicate with

each other, the internet, and on-premises networks.
• Public endpoints, accessible from anywhere on the internet.

• Private endpoints, accessible only from within your network.

• Virtual subnets segment your network to suit your needs.

• Network peering connects your private networks directly together.

Azure networking services: VPN Gateway

VPN Gateway is used to send encrypted traffic between an Azure virtual network and an
on-premises location over the public internet.
Azure networking services: ExpressRoute

ExpressRoute extends on-premises networks into Azure over a private connection that is
facilitated by a connectivity provider.
Azure DNS

• Reliability and performance by leveraging a global network of DNS name servers using Anycast
networking.
• Azure DNS security is based on Azure resource manager, enabling role-based access control
and monitoring and logging.
• Ease of use for managing your Azure and external resources with a single DNS service.

• Customizable virtual networks allow you to use private, fully customized domain names in your
private virtual networks.
Storage
Storage―objective domain

Describe the benefits and usage

• Compare Azure storage services.
• Describe storage tiers.
• Describe redundancy options.
• Describe storage account options and storage types.
• Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync.
• Describe migration options, including Azure Migrate and Azure Data Box.
Storage accounts

• Must have a globally

unique name.
• Provide over-the-
internet access
worldwide.
• Determine storage
services and
redundancy options.
Storage redundancy

Redundancy configuration Deployment Durability

Locally redundant storage (LRS) Single datacenter in the primary region 11 nines

Zone-redundant storage (ZRS) Three availability zones in the primary region 12 nines

Single datacenter in the primary and

Geo-redundant storage (GRS) 16 nines
secondary region

Three availability zones in the primary region and a

Geo-zone-redundant-storage (GZRS) 16 nines
single datacenter in the secondary region
Azure storage services
Azure Blob: Optimized for storing massive amounts of unstructured data, such as text or
binary data.

Azure Disk: Provides disks for virtual machines, applications, and other services to access
and use.

Azure Queue: Message storage service that provides storage and retrieval for large
amounts of messages, each up to 64 KB.

Azure Files: Sets up a highly available network file share that can be accessed by using the
Server Message Block protocol.

Azure Tables: Provides a key/attribute option for structured nonrelational data storage
with a schema-less design.
Storage service public endpoints

Storage service Public endpoint

Blob Storage https://<storage-account-name>.blob.core.windows.net

Data Lake Storage Gen2 https://<storage-account-name>.dfs.core.windows.net

Azure Files https://<storage-account-name>.file.core.windows.net

Queue Storage https://<storage-account-name>.queue.core.windows.net

Table Storage https://<storage-account-name>.table.core.windows.net

Azure storage access tiers

Hot Cool Cold Archive

Optimized for storing Optimized for storing Optimized for storing Optimized for storing
data that is accessed data that is infrequently data that is infrequently data that is rarely
frequently. accessed and stored for accessed and stored for accessed and stored for
at least 30 days. at least 90 days. at least 180 days with
flexible latency
requirements.
Azure Migrate

• Unified migration
platform.
• Range of integrated and
standalone tools.
• Assessment and
migration.
Azure Data Box

• Store up to 80 terabytes
of data.
• Move your disaster recovery
backups to Azure.
• Protect your data in a
rugged case during transit.
• Migrate data out of Azure
for compliance or
regulatory needs.
• Migrate data to Azure from
remote locations with
limited or no connectivity.
File management options

AzCopy Azure Storage Explorer Azure File Sync

• Command-line utility. • Graphical user interface (similar • Synchronizes Azure and on-
• Copy blobs or files to or from to Windows Explorer). premises files in a bidirectional
your storage account. • Compatible with Windows, manner.
• One-direction synchronization. MacOS, and Linux. • Cloud tiering keeps frequently
• Uses AzCopy to handle file accessed files local, while
operations. freeing up space.
• Rapid reprovisioning of failed
local server (install and resync).
Identity, access, and security
Identity, access, and security―objective domain

Describe the benefits and usage

• Describe directory services in Azure, including Microsoft Entra ID and Microsoft Entra Domain Services.

• Describe authentication methods in Azure, including single sign-on (SSO), multifactor authentication
(MFA), and passwordless.
• Describe external identities and guest access in Azure.

• Describe Entra Conditional Access.

• Describe role-based access control (RBAC).

• Describe the concept of Zero Trust.

• Describe the purpose of the defense in depth model.

• Describe the purpose of Microsoft Defender for Cloud.

Microsoft Entra ID

Microsoft Entra ID is
Microsoft Azure’s cloud-
based identity and access
management service.
• Authentication (employees
sign in to access resources).
• Single sign-on (SSO).
• Application management.
• Business to
Business (B2B).
• Device management.
Microsoft Entra Domain Services

• Gain the benefit of cloud-based domain services without managing domain controllers.
• Run legacy applications (that can’t use modern auth standards) in the cloud.
• Automatically sync from Microsoft Entra ID.
Compare authentication and authorization

Authentication Authorization
• Identifies the person or service seeking access to • Determines an authenticated person’s or
a resource. service’s level of access.
• Requests legitimate access credentials. • Defines which data they can access, and what
they can do with it.
• Basis for creating secure identity and access
control principles.
Multifactor authentication

Provides additional security for your identities by requiring two or more elements for full
authentication.
• Something you know → Something you possess → Something you are
Microsoft Entra External ID B2B
Azure AD External Identities B2C
Conditional Access

Conditional Access is used

to bring signals together, to
make decisions, and enforce
organizational policies.

• User or group membership

• IP location
• Device
• Application
• Risk detection
Role-based access control

• Fine-grained access
management.
• Segregate duties within
the team and grant only Microsoft Entra ID
the amount of access to
users that they need to
perform their jobs.
• Enables access to the Azure
subscription
Azure portal and User Apps User groups
controlling access to Resource group
resources.
Resource group
Zero Trust
Defense in depth

• A layered approach to
securing computer Physical security
systems.
Identity and access
• Provides multiple levels
Perimeter
of protection.
• Attacks against one layer Network
are isolated from
subsequent layers. Compute

Application

Data
Microsoft Defender for Cloud

Microsoft Defender for

Cloud is a monitoring
service that provides threat
protection across both
Azure and on-premises
datacenters.
• Provides security
recommendations.
• Detect and block malware.
• Analyze and identify
potential attacks.
• Just-in-time access control
for ports.
AZ-900
Learning path 03:
Management and
governance
Learning path outline
Learning path 03―outline
You will learn the following concepts:
1 Cost management
• Cost and pricing calculators
• Cost management and tags

2 Governance and compliance

• Blueprints, policies, and resource locks
• Service Trust portal

3 Resource deployment tools

• Portal, PowerShell, CLI, and others
• Azure Arc and Azure Resource Manager

4 Monitoring tools
• Azure Advisor, Azure Service Health, and
Azure Monitor

© Copyright Microsoft Corporation. All rights reserved.

Cost management
Cost management―objective domain

• Describe factors that can affect costs in Azure.

• Compare the pricing calculator and Total Cost of Ownership (TCO) calculator.
• Describe the Azure Cost Management Tool.
• Describe the purpose of tags.
Factors affecting costs (part 1)
These are some of the factors affecting costs:

1) Resource type 2) Consumption 3) Maintenance

Costs are resource-specific, so the With a pay-as-you-go model, Monitoring your Azure footprint
usage that a meter tracks and the consumption is one of the biggest and maintaining your environment
number of meters associated with drivers of costs. can help you identify and mitigate
a resource, depend on the costs that aren’t necessary, such as
resource type. shutting down underused virtual
machines.
Factors affecting costs (part 2)
These are some of the factors affecting costs:

4) Geography 5) Network traffic 6) Subscription

The same resource type can cost While some inbound data The type and configuration of
different amounts depending on transfers are free, the cost for your subscription can also impact
the geographic area, which has an outbound data or data between your cost. For example, the free
impact on Azure costs. Azure resources is impacted by trial lets you explore some Azure
billing zones. resources for free.
Explore Azure Marketplace

Azure Marketplace allows

customers to find, try,
purchase, and provision
applications and services from
hundreds of leading service
providers, which are
all certified to run on Azure.
• Open-source container
platforms.
• Virtual machine and database
images.
• Application build and
deployment software.
• Developer tools.
• And much more, with 10,000-
plus listings!
Pricing calculator

The pricing calculator is a tool

that helps you estimate the
cost of Azure products. The
options that you can configure
in the pricing calculator vary
between products, but basic
configuration options include:
• Region
• Tier
• Billing options
• Support options
• Programs and offers
• Azure dev/test pricing
Total Cost of Ownership (TCO) calculator

• A tool to estimate cost

savings you can realize
by migrating to Azure.
• A report compares the
costs of on-premises
infrastructures
with the costs of using
Azure products and
services in the cloud.
Azure Cost Management

• Reporting: Billing reports

• Data enrichment

• Budgets: Set spend

budget
• Alerting: When cost
exceed limits
• Recommendation: Cost
recommendations
Tags

• Provides metadata for

your Azure resources.
• Logically organizes
resources into a
taxonomy.
• Consists of a name-
value pair. OR
• Very useful for rolling
up billing information.
owner: joe
cost-center:
department: marketing
environment: production marketing
Governance and compliance
Governance and compliance―objective domain

• Describe the purpose of Azure Policy.

• Describe the purpose of resource locks.
• Describe the purpose of the Service Trust portal.
• Describe the purpose of Microsoft Purview.
Azure Policy

Azure Policy helps to enforce

organizational standards and to
assess compliance at scale.
Provides governance and
resource consistency with
regulatory compliance, security,
cost, and management.
• Evaluates and identifies Azure
resources that do not comply
with your policies.
• Provides built-in policy and
initiative definitions, under
categories such as Storage,
Networking, Compute, Security
Center, and Monitoring.
Resource locks

• Protect your Azure resources from accidental deletion or modification.

• Manage locks at subscription, resource group, or individual resource levels within the
Azure portal.

Lock Types Read Update Delete

Delete Yes Yes No

ReadOnly Yes No No
Service Trust portal
Microsoft Purview

Microsoft Purview is a
family of data governance,
risk, and compliance
solutions that helps you get
a single, unified view into
your data. Microsoft
Purview brings insights
about your on-premises,
multicloud, and software as
a service data together.
• Automated data discovery
• Sensitive data classification
• End-to-end data lineage
Management and
deployment tools
Management and deployment tools―objective domain

• Describe Azure portal.

• Describe Azure Cloud Shell, including Azure CLI and Azure PowerShell.
• Describe the purpose of Azure Arc.
• Describe Azure Resource Manager (ARM) and Azure ARM templates.
Tools for interacting with Azure

Azure portal Azure PowerShell

Command-Line
Azure Cloud Shell Interface (CLI)
Azure Arc
Azure Resource Manager

The Azure Resource

Manager (ARM) provides a
management layer that
enables you to create,
update, and delete
resources in your Azure
subscription.
Infrastructure as code

• Ensure consistency in
deployment across your
cloud ecosystem.
• Manage configuration
at scale.
• Rapidly provision
additional environments
based on a standard
configuration and build.
Azure Resource Manager (ARM) templates

Azure Resource Manager

(ARM) templates are JavaScript
Object Notation (JSON) files
that can be used to create and
deploy Azure infrastructure
without having to write
programing commands.
• Declarative syntax
• Repeatable results
• Orchestration
• Modular files
• Built-in validation
• Exportable code
Bicep
Azure monitoring tools
Azure management tools―objective domain

Describe the functionality and usage

• Describe the purpose of Azure Advisor.

• Describe Azure Service Health.

• Describe Azure Monitor, including Azure Log Analytics, Azure Monitor Alerts, and
Application Insights.
Azure Advisor

Azure Advisor analyzes

deployed Azure resources
and makes recommendations
based on best practices to
optimize Azure deployments.
• Reliability
• Security
• Performance
• Cost
• Operational excellence
Azure Service Health

Azure Service Health is a collection of services

that keep you informed of general Azure
status, service status that may impact you, and
specific resource status that is affecting you.

Azure Status: Global view of the health of all

Azure services across all Azure regions.
Service Health: Focused view on only the
services and regions that you’re using. If a
service is experiencing a problem in a region
you’re not using, it won’t show up here.
Resource Health: Tailored view of your actual
Azure resources. It provides information about
the health of your individual cloud resources.
Azure Monitor

Azure Monitor maximizes

the availability and
performance of applications
and services by collecting,
analyzing, and acting on
telemetry from cloud and
on-premises environments.
• Application Insights
• Log Analytics
• Smart alerts
• Automation actions
• Customized dashboards
TEST YOUR KNOWLEDGE !
Thank you for your attention !