0.1. Motivation

It was the first certification I obtained that ignited my interest in pursuing a career in information technology.
As a result, the best thing I have devoted myself to, and that indeed has its factor in who I've become..

The exam covers a wide range of cloud-related topics with a direct interest in Microsoft Azure services. No matter whether you are experienced or a fresher, the AZ-900 is a great deal.


Table Of Contents


1. Core Fundamental Concepts

1.0.1. Cloud Computing

The practice of using a network of remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer. These remote servers are owned by big technology companies called: the cloud provider (Microsoft Azure, Amazon Web Services, Google Cloud Platform..)

1.0.2. Microsoft Azure

Azure is a continually expanding set of cloud services that help your organization meet your current and future business challenges providing more than 100 services that enable you to do everything from running your existing applications on virtual machines, to exploring new software paradigms, such as intelligent bots and mixed reality.

1.0.3. Cloud Computing Advantages

There are several advantages that a cloud environment has over a physical environment that a company can use following its migration to Azure.

High availability: Depending on the service-level agreement (SLA) that you choose, your cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.

Scalability: Apps in the cloud can scale vertically, and horizontally respectively: Increase compute capacity by adding RAM or CPUs to a virtual machine, Increase compute capacity by adding instances of resources, such as adding VMs to the configuration.

Elasticity: You can configure cloud-based apps to take advantage of autoscaling, so your apps always have the resources they need.

Agility: Deploy and configure cloud-based resources quickly as your app requirements change.

Geo-distribution: You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region.

Disaster recovery: By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your apps with the confidence that comes from knowing that your data is safe in the event of disaster.

1.0.4. CAPEX VS OPEX

There are two different types of expenses that you should consider:

Capital Expenditures (CAPEX) are major purchases a company makes to acquire, upgrade, and maintain physical assets that are designed to be used over the long term.
Operating Expenditures (OPEX) are the day-to-day expenses a company incurs to keep its business operational.

1.0.5. Cloud computing is a consumption-based model

This pay-as-you-go model means usage is metered and you pay only for what you consume. The fundamental economics of cloud computing are based around the premise that customers will pay for how long a server is used, or how much bandwidth data is being consumed.

1.1. Cloud Models

Public Cloud is cloud computing that’s delivered via the internet and shared across organizations. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider, Azure in our case.

Private Cloud is cloud computing that is dedicated solely to your organization. A private cloud can be physically located at your organization's on-site (on-premises) datacenter, or it can be hosted by a third-party service provider.

Hybrid Cloud is any environment that uses both public and private clouds by allowing data and applications to be shared between them.

1.1.1. Cloud Model Comparison

models


1.2. Cloud Service Models

Cloud computing is offered in three different service models which each satisfy a unique set of business requirements.

responsibility


1) Infrastructure as a Service (IaaS) is also known as Hardware as a service. It is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs your application. Instead of buying hardware, with IaaS, you rent it.

2) Platform as a Service (PaaS) is created for the programmer to develop, test, run, and manage the applications.This service provides the same benefits and considerations as IaaS, but there are some additional benefits to be aware of.

3) Software as a service is also known as "on-demand software". It is a software in which the applications are hosted by a cloud service provider. Users can access these applications with the help of internet connection and web browser.

servicemodels

1.2.2. Serverless Computing

Like PaaS, Serverless is a cloud-native development model that allows developers to build and run applications without having to manage servers. There are still servers in serverless, but they are abstracted away from app development. You will know about serverless below while discussing Azure Core Solution.

1.3. Azure Architectural Components

Mgroups

Resources: Resources are instances of services that you create, like virtual machines, storage, or SQL databases.
Resource groups: Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
Subscriptions: A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.
Management groups: These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

1.3.0.1. Azure Region

A region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.

1.3.0.2. Availability Zone

Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.

1.3.0.3. Azure Region Pairs

Availability zones are created by using one or more datacenters. There's a minimum of three zones within a single region. It's possible that a large disaster could cause an outage big enough to affect even two datacenters. That's why Azure also creates region pairs.

1.3.0.4. Azure Availability Zones

You want to ensure your services and data are redundant so you can protect your information in case of failure. When you host your infrastructure, setting up your own redundancy requires that you create duplicate hardware environments. Azure can help make your app highly available through availability zones.

1.3.1. Interact with Microsoft Azure

Azure Portal: Simply a graphical user interface to work with Microsof Azure.
Azure Resource Manager: Another way to interact in a declarative way: Microsoft Infrastructure as a code tool, used only for Azure resources.


2. Core Azure Services

2.1. Compute

hope u like it :)

2.1.1. Virtual Machines

An Azure virtual machine is an on-demand, scalable computer resource that is available in Azure. Virtual machines are generally used to host applications when the customer requires more control over the computing environment than what is offered by other compute resources.

2.1.2. Virtual Machine Scale Sets

they are built from virtual machines. With scale sets, the management and automation layers are provided to run and scale your applications. You could instead manually create and manage individual VMs, or integrate existing tools to build a similar level of automation

2.1.3. Azure Container Instances (ACI)

Azure Container Instances is a managed service that allows you to run containers directly on the Microsoft Azure public cloud, without requiring the use of virtual machines (VMs).

2.1.4. Azure Kubernetes Service (AKS)

AKS allows you to quickly deploy a production ready Kubernetes cluster in Azure. It offers serverless Kubernetes, an integrated continuous integration and continuous delivery (CI/CD) experience, and enterprise-grade security and governance.

2.1.5. Azure App Service

Azure App Service lets you create apps faster with a one-of-a kind cloud service to quickly and easily create enterprise-ready web and mobile apps for any platform or device and deploy them on a scalable and reliable cloud infrastructure.

2.1.6. Azure Functions

Azure Functions is an event driven, compute-on-demand experience that extends the existing Azure application platform with capabilities to implement code triggered by events occurring in Azure or third party service as well as on-premises systems.

2.1.7. Bonus, Azure Virtual Desktop

Azure Virtual Desktop is a desktop and application virtualization service that runs on the cloud. It enables your users to use a cloud-hosted version of Windows from any location. Azure Virtual Desktop works across devices like Windows, Mac, iOS, Android, and Linux. It works with apps that you can use to access remote desktops and apps. You can also use most modern browsers to access Azure Virtual Desktop-hosted experiences

2.2. Networking



2.2.1. What is a Virtual Network ?

A virtual network is a network where all devices, servers, virtual machines, and data centers that are connected are done so through software and wireless technology.

2.2.2. Azure virtual networkss

Enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers. You can think of an Azure network as an extension of your on-premises network with resources that links other Azure resources.

2.2.3. Azure VPN Gatewayy

Azure VPN Gateway is a cloud based network gateway that enables in connecting on-premises networks with Azure using site-to-site VPNs. Azure VPN Gateway provides secure connectivity by using industry standard protocols, IPsec and IKE to secure the connection.

2.2.4. Azure Express Routee

It allows a private connection between the local network and the Microsoft cloud. Using express route organizations/users can connect to several Microsoft cloud services (cloud products e.g. Microsoft dynamics 365, Microsoft Azure and Office 365)

Note: We'll go deeper into the networking part meanwhile the AZ-104 examination.

2.3. Storage

2.3.1. What is an Azure Storage Account ??

An Azure storage account contains all of your Azure Storage data objects, including blobs, file shares, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that's accessible from anywhere in the world over HTTP or HTTPS.



2.3.2. Azure Disk Storage

Provides disks for Azure virtual machines. Applications and other services can access and use these disks as needed, similar to how they would in on-premises scenarios. Disk Storage allows data to be persistently stored and accessed from an attached virtual hard disk.

2.3.3. Azure Blob Storage

Azure Blob storage is Microsoft's object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn't adhere to a particular data model or definition, such as text or binary data.

Blob access tiers:

  • Hot access tier: Optimized for storing data that is accessed frequently (for example, images for your website).
  • Cool access tier: Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers).
  • Archive access tier: Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).

2.3.4. Azure Files Storage

Azure Files is an Azure File Storage service you can use to create a file share in the cloud. It is based on the Server Message Block (SMB) protocol and enables you to access files remotely or on-premises via API through encrypted communications.

2.3.5. Azure Queue Storage

A service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue message can be up to 64 KB in size. A queue may contain millions of messages, up to the total capacity limit of a storage account.

2.3.6. Azure Table Storage

A service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schemaless design.

2.4. Database



2.4.1. Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL database service for modern app development. Get guaranteed single-digit millisecond response times and 99.999-percent availability, backed by SLAs, automatic and instant scalability, and open-source APIs for MongoDB and Cassandra.

2.4.2. Azure SQL Database

Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement.

2.4.3. Azure Database for MySQL

Azure Database for MySQL is a relational database service in the cloud, and it's based on the MySQL Community Edition database engine, versions 5.6, 5.7, and 8.0. With it, you have a 99.99 percent availability service level agreement from Azure, powered by a global network of Microsoft-managed datacenters.

2.4.4. Azure Database for PostgreSQL

Azure Database for PostgreSQL is a relational database service in the cloud. The server software is based on the community version of the open-source PostgreSQL database engine. Your familiarity with tools and expertise with PostgreSQL is applicable when you're using Azure Database for PostgreSQL.

2.4.5. Azure SQL Managed Instance

Azure SQL Managed Instance is the intelligent, scalable cloud database service that combines the broadest SQL Server database engine compatibility with all the benefits of a fully managed and evergreen platform as a service. Depending on your scenario, Azure SQL Managed Instance might offer more options for your database needs.

2.5. Big Data and Analytics



2.5.1. Azure Synapse Analytics

Azure Synapse Analytics (formerly Azure SQL Data Warehouse) is a limitless analytics service that brings together enterprise data warehousing and big data analytics. You can query data on your terms by using either serverless or provisioned resources at scale.

2.5.2. Azure HDInsight

Azure HDInsight is a fully managed, open-source analytics service for enterprises. It's a cloud service that makes it easier, faster, and more cost-effective to process massive amounts of data.

2.5.3. Azure Databricks

Azure Databricks helps you unlock insights from all your data and build artificial intelligence solutions.

2.5.4. Azure Data Lake Analytics

Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights.


3. Core Solutions

3.1. Internet Of Things (IOT)

Azure Internet of Things (also known as Azure IoT) is a collection of cloud services managed by Microsoft that monitor, connect and control billions of IoT assets. Basically, this is a solution that operates in the cloud and is made up of 1 or more IoT devices and 1 or more back-end services that communicate with one another. Organizations across all industries use Azure IoT to help them improve their business and achieve their IoT goals.



3.1.1. Azure IOT Hub

Azure IoT Hub is a managed service hosted in the cloud that acts as a central message hub for communication between an IoT application and its attached devices. You can connect millions of devices and their backend solutions reliably and securely. Almost any device can be connected to an IoT hub.

3.1.2. Azure IOT Central

Azure IoT Central is an IoT application platform (aPaaS) that simplifies the creation of IoT solutions. Azure IoT Central provides a ready-to-use UX and API surface built to connect, manage, and operate fleets of devices at scale.

3.1.3. Azure Sphere

Azure Sphere are services and products from Microsoft that allows vendors of Internet of things (IoT) devices to increase security by combining a specific system on a chip, Azure Sphere OS and an Azure-based cloud environment for continuous monitoring.

3.2. Artificial Intelligence (AI)

A portfolio of AI services designed for developers and data scientists. Take advantage of the decades of breakthrough research, responsible AI practices, and flexibility that Azure AI offers to build and deploy your own AI solutions.


3.2.1. Azure Machine Learning

Azure Machine Learning is a cloud service for accelerating and managing the machine learning project lifecycle. Machine learning professionals, data scientists, and engineers can use it in their day-to-day workflows: Train and deploy models, and manage MLOps.

3.2.2. Azure Cognitive Service

Azure Cognitive Services are cloud-based artificial intelligence (AI) services that help you build cognitive intelligence into your applications. They are available as REST APIs, client library SDKs, and user interfaces. You can add cognitive features to your applications without having AI or data science skills.

3.2.3. Azure Bot Service

Azure Bot Service is a managed bot development service that helps you seamlessly connect to your users via popular channels. Pay only for messages delivered using Premium channels, which allow your bot to communicate with users within your own application or on your website.

3.3. Azure Serverless

In understanding the definition of serverless computing, it’s important to note that servers are still running the code. The serverless name comes from the fact that the tasks associated with infrastructure provisioning and management are invisible to the developer. This approach enables developers to increase their focus on the business logic and deliver more value to the core of the business. Serverless computing helps teams increase their productivity and bring products to market faster, and it allows organizations to better optimize resources and stay focused on innovation.



3.3.1. Azure Functions

Azure Functions is a cloud service available on-demand that provides all the continually updated infrastructure and resources needed to run your applications. You focus on the pieces of code that matter most to you, and Functions handles the rest. Functions provides serverless compute for Azure.

3.3.2. Azure Logic Apps

Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios.

3.4. Tools for Better Solutions



3.4.1. Azure DevOps Services

Azure DevOps provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications. Azure DevOps supports a collaborative culture and set of processes that bring together developers, project managers, and contributors to develop software.

3.4.2. Github

GitHub is an online software development platform used for storing, tracking, and collaborating on software projects. It enables developers to upload their own code files and to collaborate with fellow developers on open-source projects from anywhere.

3.4.3. Azure DevTest Labs

Azure DevTest Labs is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs.
Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms.

3.5. Tools for Configurations and Management

3.5.1. The Azure Portal

It is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription by using a graphical user interface.

3.5.2. Azure PowerShell

Azure PowerShell is a set of cmdlets for managing Azure resources directly from PowerShell. Azure PowerShell is designed to make it easy to learn and get started with, but provides powerful features for automation.

3.5.3. Azure CLI

What is Azure CLI used for?
The Azure Command-Line Interface (CLI) is a cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources. It allows the execution of commands through a terminal using interactive command-line prompts or a script.

3.5.4. Azure Mobile App

Azure Mobile Apps gives enterprise developers and system integrators a mobile-application development platform that's highly scalable and globally available. Using resources in the Azure cloud, it provides your mobile app with: Authentication. Data query.

3.5.5. Azure Resource Manager Templates (ARM Templates)

To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates (ARM templates). The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project, i like Terraform.

3.6. Monitoring




Definition: To watch and check a situation carefully for a period of time in order to discover something about it

In Information Technology: The process to gather metrics about the operations of an IT environment's hardware and software to ensure everything functions as expected to support applications and services.

3.6.1. Azure Advisor

Azure Advisor analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.

3.6.2. Azure Monitor

Azure Monitor collects monitoring telemetry from a variety of on-premises and Azure sources. Management tools, such as those in Azure Security Center and Azure Automation, also push log data to Azure Monitor. The service aggregates and stores this telemetry in a log data store that's optimized for cost and performance.

3.6.3. Azure Service Health

Azure Service Health is a suite of experiences that provide personalized guidance and support when issues in Azure services are or may affect you in the future. Azure Service Health is composed of Azure status, the service health service, and Resource Health.


4. Security

A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization's systems or the entire organization. A security event refers to an occurrence during which company data or its network may have been exposed.

4.0.1. Azure Security Center



Azure Security Center by Microsoft is a solution that provides unified security management across hybrid cloud workloads. It offers threat protection for data centers within both cloud workloads and on-premises. The platform also works with hybrid clouds that are not part of the Azure ecosystem.

4.0.2. Azure Sentinell



Azure Sentinel is a SIEM (Security Information and Event Management) and Security Orchestration and Automated Response (SOAR) system in Microsoft's public cloud platform. It can provide a single solution for alert detection, threat visibility, proactive hunting, and threat response

4.0.3. Azure Key Vaultt




Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed hardware security module(HSM) pools.

4.0.4. Azure Dedicated Host

Azure Dedicated Host is an Azure service that provides physical servers - able to host one or more Azure virtual machines - dedicated to your organization and your workloads. The server capacity is not shared with other customers.

5. Network Security

5.0.1. what is Defense in depth ?

Defense in Depth (DiD) is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.



Microsoft Azure provides services and solutions to help in each layer.

5.0.2. Azure Firewall




Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability.

5.0.3. Application Gateway

An application gateway or application level gateway (ALG) is a firewall proxy which provides network security. It filters incoming node traffic to certain specifications which mean that only transmitted network application data is filtered.




Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.

5.0.4. Azure DDoS Protection



DDoS Protection enables you to protect your Azure resources from denial of service (DoS) attacks with always-on monitoring and automatic network attack mitigation. There is no upfront commitment, and your total cost scales with your cloud deployment.

5.0.5. Network Security Groups



You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

With a good combination of these services, you can ensure the security quality of your application


6. Identity

6.0.1. Authentication = IDENTIFY

One of the main features of an identity platform is to verify, or authenticate, credentials when a user signs in to a device, application, or service. In Azure Active Directory (Azure AD), authentication involves more than just the verification of a username and password.

6.0.2. Authorization = ACCESS

Authorization is the act of granting an authenticated party permission to do something.

6.0.3. Azure Active Directory

Azure Active Directory (Azure AD) is a cloud-based identity and access management service. This service helps your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.

6.0.4. Multi Factor Authentication

Multi-factor authentication is a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cellphone or a fingerprint scan.

6.0.5. Conditional Access



Conditional access enables organizations to configure and fine-tune access policies with contextual factors such as user, device, location, and real-time risk information to control what a specific user can access, and how and when they have access.

7. Governance

What Is Governing? Having authority to conduct the policy, actions, and affairs of a state, organization, or people.

what is Governance? The action or manner of governing a state, organization..

What Is Azure Governance? Azure Governance can be described simply as mechanisms and processes to maintain control over your applications and resources in Azure, some of services below.



7.0.1. Azure Role-Based Access Control

Azure role-based access control (Azure RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. Using Azure RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs.

7.0.2. Resource Locks

As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.

7.0.3. Tags

Azure tags are name-value pairs that are used to organize resources in Azure Portal. You can apply tags for individual resources or tag the resource group that they are part of.

What is a Policy? a course or principle of action adopted or proposed by an organization or individual.

7.0.4. Azure Policy

Azure Policy is a service in Azure which allows you create polices which enforce and control the properties of a resource. When these policies are used they enforce different rules and effects over your resources, so those resources stay compliant with your IT governance standards.

7.0.5. Azure Blueprints

An Azure Blueprint is a package for creating specific sets of standards and requirements that govern the implementation of Azure services, security, and design. Such packages are reusable so that consistency and compliance among resources can be maintained.

7.0.6. Cloud Adoption Framework

The Cloud Adoption Framework (CAF Framework) is a collection of documentation, implementation guidance, best practices, and tools that are proven guidance from Microsoft designed to accelerate your cloud adoption journey.

8. Privacy

8.0.1. Microsoft Privacy Statement

The Microsoft Privacy Statement explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes.

8.0.2. What is in the Online Services Terms?

What's in the Online Services Terms? The Online Services Terms (OST) is a legal agreement between Microsoft and the customer. The OST details the obligations by both parties with respect to the processing and security of customer data and personal data.

8.0.3. What is the Data Protection Addendum?

The Data Protection Addendum (DPA) further defines the data processing and security terms for online services. These terms include:

  • Compliance with laws.
  • Disclosure of processed data.
  • Data Security, which includes security practices and policies, data encryption, data access, customer responsibilities, and compliance with auditing.
  • Data transfer, retention, and deletion.

9. Compliance and Data Protection

Compliance: In general, compliance means conforming (following) to a rule, such as a specification, policy, standard or law.

9.0.1. Compliance Offerings

Azure compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.

9.0.2. Trust Center

The Trust Center is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community. The Trust Center provides: In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products

9.0.3. Azure Compliance Documentation

The Azure compliance documentation provides you with detailed documentation about legal and regulatory standards and compliance on Azure.

10. Government

Definition: The group of people with the authority to govern a country or state; a particular ministry in office.

10.0.1. Azure Government

Azure Government is a separate instance of the Microsoft Azure service. It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers. Azure Government offers physical isolation from non-US government deployments and provides screened US personnel.

10.0.2. Government Vs Governance:

The government consists of elected representatives who governs or rules the state. Governance is the way which is followed by the elected representatives for proper functioning.

10.0.3. What is Azure China 21Vianet?

Microsoft Azure operated by 21Vianet (Azure China) is a physically separated instance of cloud services located in China.


11. Cost Management



11.0.1. Total Cost of Ownership Calculator

The TCO Calculator lets you create a customized business case to justify migration to Azure. You have the option to modify any assumptions so the model accurately reflects your business. The result is a detailed report that shows how much money you can save by moving to Azure.

11.0.2. Types Of Azure Subscriptions

Free trial: A free trial subscription provides you with 12 months of popular free services, a credit to explore any Azure service for 30 days, and more than 25 services that are always free. Your Azure services are disabled when the trial ends or when your credit expires for paid products, unless you upgrade to a paid subscription.
Pay-as-you-go: A pay-as-you-go subscription enables you to pay for what you use by attaching a credit or debit card to your account. Organizations can apply for volume discounts and prepaid invoicing.
Member offers: Your existing membership to certain Microsoft products and services might provide you with credits for your Azure account and reduced rates on Azure services. For example, member offers are available to Visual Studio subscribers, Microsoft Partner Network members, Microsoft for Startups members, and Microsoft Imagine members.

11.1. Factors

11.1.1. Resource Type

The cost depend on the type of resource or how you customize it. Say you want a storage account you specify a type (such as block blob storage or table storage), a performance tier (standard or premium), and an access tier (hot, cool, or archive). These selections present different costs.

11.1.2. Usage Meters

An Internet usage meter is a type of Internet monitoring software that tells network administrators and individual Internet subscribers how much bandwidth they are using, Azure. Most Internet service plans are subject to certain bandwidth caps, or limits.

11.1.3. Resource Usage

In Azure, you're always charged based on what you use.

11.1.4. Azure subscription types

As mentioned above, each type have a different billing. Some Azure subscription types also include usage allowances, which affect costs.

11.1.5. Azure Marketplace

You can also purchase Azure-based solutions and services from third-party vendors through Azure Marketplace.

11.2. Minimize Total Cost

11.2.1. Azure Advisor

Azure Advisor identifies unused or underutilized resources and recommends unused resources that you can remove. This information helps you configure your resources to match your actual workload.

11.2.2. Use spending limits to restrict your spending

If you have a free trial or a credit-based Azure subscription, you can use spending limits to prevent accidental overrun.

11.2.3. Azure Reservations

Azure Reservations help you save money by committing to one-year or three-year plans for multiple products.

11.2.4. Low-Cost Locations And Regions

The cost of Azure products, services, and resources can vary across locations and regions. If possible, you should use them in those locations and regions where they cost less.

11.2.5. Use Azure Cost Management + Billing to control spending

Azure Cost Management + Billing is a free service that helps you understand your Azure bill, manage your account and subscriptions, monitor and control Azure spending, and optimize resource use.

11.2.6. Apply Tags

Tags help you manage costs associated with the different groups of Azure products and resources. You can apply tags to groups of Azure resources to organize billing data.

12. Service Level Agreements

What is that? A service-level agreement (SLA) sets the expectations between the service provider and the customer and describes the products or services to be delivered, the single point of contact for end-user problems, and the metrics by which the effectiveness of the process is monitored and approved.




Performance targets above 99.99 percent are very difficult to achieve. An SLA of 99.99 percent means 1 minute of downtime per week. It's difficult for humans to respond to failures quickly enough to meet SLA performance targets above 99.99 percent. Instead, your application must be able to self-diagnose and self-heal during an outage.

Why are SLAs important? Understanding the SLA for each Azure service you use helps you understand what guarantees you can expect. When you build applications on Azure, the availability of the services that you use affect your application's performance. Understanding the SLAs involved can help you establish the SLA you set with your customers.

Note: to find the SLA of a combinaison of services, you make the sum.
99.9% × 99.9% × 99.99% × 99.99% = 0.999 × 0.999 × 0.9999 × 0.9999 = 0.9978 = 99.78%

12.0.1. What Is The Service Lifecycle?

The service lifecycle defines how every Azure service is released for public use.
Every Azure service starts in the development phase. In this phase, the Azure team collects and defines its requirements, and begins to build the service.

12.0.2. Types of Previews

There are two types of previews, private and public. The private preview is only available to certain Azure customers for evaluation purposes. The public preview is available to all Azure customers.


To recap

This is a lengthy one, Good Job!
I tried to bring most of the cert topics to the table.
I believe this knowledge will get you somewhere better, keep it up.

“The trouble with the world is not that people know too little; it's that they know so many things that just aren't” — Mark Twain.