AZ-900 Syllabus — Objectives by Domain (Fundamentals)

Use this syllabus as your source of truth for AZ-900. Work through each domain in order and drill targeted sets after every section.

What’s covered

• Describe Cloud Concepts (30%)
• Describe Azure Architecture and Services (40%)
• Describe Azure Management and Governance (30%)

Describe Cloud Concepts (30%)

Practice this topic →

Cloud Value Proposition & Economics

• Contrast CapEx vs OpEx and explain how consumption-based pricing reduces upfront cost.
• Identify primary cloud benefits: agility, global reach, scalability, reliability, and security posture.
• List common cost drivers (compute, storage, egress, licensing) and how they impact TCO.
• Describe chargeback/showback models and basic tagging for cost accountability.
• Explain reservations/savings plans at a high level and when they make sense.
• Differentiate TCO and ROI and recognize quick wins that accelerate payback.

Elasticity, Scalability & Performance Efficiency

• Define horizontal vs vertical scaling and give simple examples for each.
• Explain elasticity and auto-scale triggers (CPU, queue length, schedule).
• Relate right-sizing and burst capacity to cost optimization.
• Describe cache/CDN concepts for improving latency and throughput.
• Recognize rate limiting and backoff as resilience patterns.
• Select the appropriate scaling approach for a basic scenario.

Cloud Deployment Models

• Differentiate public, private, hybrid, and multicloud deployments.
• Identify hybrid motivations: data gravity, latency, compliance, legacy integration.
• Explain on-prem to cloud connectivity at a conceptual level.
• Describe data residency and sovereignty considerations in regulated industries.
• Recognize trade-offs of multicloud (resiliency vs complexity).
• Choose a deployment model for a given business constraint set.

Service Models: IaaS, PaaS, SaaS

• Define IaaS, PaaS, and SaaS with clear provider vs customer responsibilities.
• Place representative Azure services into IaaS/PaaS/SaaS categories.
• Explain how PaaS offloads patching and platform maintenance.
• Identify common SaaS examples (M365) and when SaaS is preferable.
• Discuss portability vs speed trade-offs across service models.
• Select a service model that balances control and operational overhead.

Reliability, HA/DR & SLAs

• Define fault domains, update domains, and their purpose.
• Explain availability zones and region pairs conceptually.
• Differentiate RTO and RPO and map them to business requirements.
• Interpret single-service and composite SLAs; compute a simple composite SLA.
• Describe active/active vs active/passive DR patterns and basic failover.
• Choose an HA/DR approach that aligns with SLA and budget constraints.

Shared Responsibility & Defense in Depth

• Describe shared responsibility boundaries for IaaS, PaaS, and SaaS.
• Outline defense-in-depth layers: physical, perimeter, network, compute, app, data, identity.
• Explain why identity (MFA, Conditional Access) is a primary control plane.
• Recognize common misconfigurations: open storage, overly broad RBAC, public endpoints.
• Relate logging/monitoring to threat detection and incident response.
• Match simple risks to the correct layer(s) of defense-in-depth.

Compliance, Governance & Sustainability (Awareness)

• Explain the idea of regulatory compliance and attestations at a high level.
• Describe data classification and retention as governance inputs.
• Summarize sustainability drivers (right-sizing, efficient services, regional choices).
• Recognize the role of policies/guardrails early in adoption.
• Identify documentation sources (service trust portals) at a basic level.
• Connect governance choices to risk reduction and audit readiness.

Cloud Adoption & Well-Architected (Overview)

• State the purpose of the Microsoft Cloud Adoption Framework (CAF).
• List the Well-Architected pillars and give one design trade-off per pillar.
• Explain landing zones as opinionated, ready-to-use starting points.
• Relate business drivers to a simple phased adoption plan.
• Identify risks of ad-hoc adoption (sprawl, inconsistent security, cost run-up).
• Map a basic workload to pillar-aligned improvement actions.

Migration Strategies & Drivers (Awareness)

• Differentiate rehost vs refactor vs rearchitect at a high level.
• Identify triggers for migration (end-of-support, datacenter exit, scalability).
• Explain discovery/assessment concepts for sizing and dependency mapping.
• Describe quick wins and pilot workloads to reduce migration risk.
• Relate migration waves to change management and training needs.
• Select a migration approach that fits constraints in a scenario.

Describe Azure Architecture and Services (40%)

Practice this topic →

Global Infrastructure & Resource Hierarchy

• Identify geographies, regions, and availability zones and why they matter.
• Explain management groups, subscriptions, resource groups, and resources.
• Describe Azure Resource Manager (ARM) as the control plane.
• Use tags and naming standards to support governance and cost reports (conceptual).
• Recognize resource locks and role of resource providers (awareness).
• Map a simple organization structure to a subscription/RG layout.

Compute: VMs, Images & Scale

• Describe VM size families and general workload fit.
• Differentiate availability sets vs availability zones for resilience.
• Explain VM Scale Sets and autoscale basics.
• Recognize OS/data/temp disks and image concepts (Shared Image Gallery).
• Outline basic licensing considerations for Windows/Linux VMs.
• Select a VM configuration for a given availability/cost requirement.

App Hosting: Web, APIs & Serverless

• Differentiate App Service, Azure Functions, and Logic Apps use cases.
• Explain App Service Plans vs Consumption plans (cost vs control).
• Recognize Static Web Apps and API Management (APIM) at a high level.
• Describe event-driven patterns with Event Grid and durable functions (awareness).
• Identify CI/CD hooks (DevOps, GitHub Actions) conceptually.
• Choose a hosting model based on app characteristics and ops effort.

Containers & Orchestration

• Explain Azure Container Instances (ACI) for simple container runs.
• Describe Azure Kubernetes Service (AKS) at a high level and common use cases.
• Recognize container registry needs and basic image lifecycle.
• Outline cluster scaling and upgrade considerations (conceptual).
• Relate microservices to container orchestration benefits.
• Select ACI vs AKS for a basic scenario.

Networking Fundamentals

• Define VNets, subnets, CIDR, and IP assignment concepts.
• Explain Network Security Groups and common inbound/outbound rules.
• Differentiate Load Balancer, Application Gateway (WAF), and Front Door.
• Describe Private Link/Private Endpoints for private PaaS access.
• Compare VPN Gateway vs ExpressRoute for hybrid connectivity needs.
• Match networking components to latency, security, and scale requirements.

Storage Services & Durability

• Differentiate Blob, File, Queue, and Table storage use cases.
• Explain redundancy options (LRS, ZRS, GRS, GZRS) and trade-offs.
• Describe access tiers (hot, cool, archive) and lifecycle rules.
• Recognize soft delete, versioning, and immutable (WORM) settings.
• Outline encryption at rest/in transit and SAS vs access keys basics.
• Choose storage type, redundancy, and tier for a scenario.

Databases & Data (Awareness)

• Differentiate Azure SQL Database vs SQL Managed Instance purposes.
• Recognize Cosmos DB global distribution and multi-model concepts.
• Describe Data Lake Storage Gen2 and Synapse at a high level.
• Identify basic use cases for Azure Database for MySQL/PostgreSQL.
• Explain backup/restore and business continuity basics for data services.
• Map a simple data requirement to an appropriate Azure data service.

Messaging & Integration (Awareness)

• Differentiate Event Hubs (telemetry), Service Bus (enterprise messaging), and Event Grid (pub/sub).
• Explain decoupling and asynchronous communication benefits.
• Recognize retry, dead-letter, and ordering patterns conceptually.
• Describe Logic Apps for workflow integration scenarios.
• Outline common integration scenarios (order processing, IoT ingest).
• Select a messaging service for a given throughput/reliability need.

Hybrid, Edge & Management Services (Awareness)

• Describe Azure Arc for hybrid management at a high level.
• Recognize Azure Stack HCI/Hub as on-prem edge options (awareness).
• Explain why hybrid identity and policy consistency matter.
• Identify update/patching approaches across hybrid footprints conceptually.
• Discuss latency and intermittency considerations for edge scenarios.
• Choose hybrid services that align with a compliance or latency driver.

AI, Analytics & Industry Services (Awareness)

• Recognize Azure AI Services/Cognitive Services at a high level (vision, speech, language).
• Describe basic analytics outcomes (dashboards, reports) without implementation detail.
• Explain responsible AI and data privacy at a conceptual level.
• Identify search (Azure AI Search) and recommendations scenarios (awareness).
• Understand that AZ-900 expects awareness, not hands-on ML.
• Choose when to consider AI services to add value to an app.

Describe Azure Management and Governance (30%)

Practice this topic →

Identity & Access (Microsoft Entra ID)

• Define tenants, users, groups, and enterprise apps at a high level.
• Differentiate authentication vs authorization; explain RBAC scopes (management group, subscription, RG, resource).
• Recognize Conditional Access policies and MFA benefits.
• Describe service principals and managed identities for applications.
• Apply least-privilege access patterns to straightforward scenarios.
• Identify basic SSO and federation concepts (awareness).

Security Fundamentals

• Explain Azure Key Vault uses for secrets, keys, and certificates.
• Recognize Microsoft Defender for Cloud recommendations (secure score).
• Describe encryption at rest/in transit and TLS termination (conceptual).
• Relate NSGs, Azure Firewall, and DDoS Protection to layered defense.
• Identify Microsoft Sentinel as SIEM/SOAR (awareness).
• Map simple threats to preventive/detective controls in Azure.

Governance & Compliance

• Use management groups and subscriptions to separate environments (conceptually).
• Explain Azure Policy, initiatives, and assignment scopes.
• Describe Blueprints/landing zones for standardized deployments (awareness).
• Apply tags, naming conventions, and resource locks for guardrails.
• Recognize data location and residency considerations for compliance.
• Identify sources for compliance documentation and reports.

Cost Management & Billing

• Estimate costs with the Pricing Calculator and TCO Calculator (conceptual).
• Create budgets and set alerts at subscription/resource-group scopes (awareness).
• Explain reservations and savings plans fundamentals and commitment trade-offs.
• Allocate costs using tags and simple cost analysis views.
• Interpret invoices and usage summaries at a high level.
• Match cost optimization techniques to a scenario (right-size, schedule, tiering).

Monitoring & Reliability

• Differentiate Azure Monitor, Activity Log, and Log Analytics roles.
• Recognize Application Insights for app telemetry (availability, traces).
• Create alert rules conceptually and route notifications (awareness).
• Explain Service Health and Resource Health notifications.
• Relate logging/metrics to SLO/SLA tracking and incident triage.
• Select monitoring tools that align with visibility objectives.

Automation & Infrastructure as Code

• Describe ARM templates and Bicep as declarative IaC approaches.
• Recognize Azure CLI vs Azure PowerShell use cases.
• Explain template parameterization, reuse, and source control (conceptual).
• Identify runbooks/Automation accounts and update management (awareness).
• Relate CI/CD pipelines to repeatable deployments at a high level.
• Choose an automation approach that reduces manual configuration drift.

Business Continuity: Backup & DR

• Describe Azure Backup (vaults, policies, retention, soft delete).
• Explain Azure Site Recovery for workload replication and failover (awareness).
• Relate region pairs/availability zones to continuity planning.
• Differentiate backup vs DR and when each is appropriate.
• Outline basic test/failback concepts and importance of runbooks.
• Select a simple BCDR plan that meets stated RTO/RPO.

Support, Lifecycle & Service Models

• Differentiate Preview vs GA and implications for support and SLAs.
• Recognize support plan tiers and when advanced support may be needed.
• Explain change management basics for cloud services (conceptual).
• Identify where to open support tickets and check service status.
• Describe incident severity and response expectations at a high level.
• Relate service lifecycle to adoption risk and governance decisions.

Secure-by-Default & Policy-Driven Operations

• Explain policy-driven deployments (deny/modify/audit effects) conceptually.
• Describe baseline security configurations and image hardening (awareness).
• Recognize the value of blue/green and canary for safer changes.
• Relate secrets rotation and key management to operational hygiene.
• Identify drift detection and remediation at a high level.
• Select guardrails to prevent common misconfigurations in a scenario.

Tip: After finishing a domain, take a 15–20 question drill focused on that domain, then revisit weak objectives before moving on.