AZ-900: Azure Fundamentals Exam Preparation

Having recently just passed AZ-900: Azure Fundamentals, I thought it would be a good idea to share my approach, collection of reference material, and collated study notes.

If you are preparing for this exam, the Azure Fundamentals Learning Path on Microsoft Learn is a fantastic resource that aligns very closely to the skills measured. Note: If you completed the Azure Fundamentals Learning Path a while ago, it may be worth revisiting as the underlying modules and units continue to change to remain relevant and current.

My Approach

  1. Review the skills measured (within exam details).

  2. Highlight key phrases.

  3. Draw lineage between the key phrases and Microsoft Learn modules.

  4. Complete the Azure Fundamentals Learning Path.

  5. Collate study notes.

Resources

ResourceTitle
Exam DetailsAZ-900: Microsoft Azure Fundamentals
CertificationMicrosoft Certified Azure Fundamentals
Learning PathMS Learn: Azure Fundamentals

Microsoft Learn Modules Aligned to AZ-900

Key Phrases

1. Understand Cloud Concepts (15-20%)
Describe the benefits and considerations of using cloud services
  • Understand terms such as High Availability, Scalability, Elasticity, Agility, Fault Tolerance, and Disaster Recovery
  • Understand the principles of economies of scale
  • Understand the differences between Capital Expenditure (CapEx) and Operational Expenditure (OpEx)
  • Understand the consumption-based model
Describe the differences between Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)
  • Describe Infrastructure-as-a-Service (IaaS)
  • Describe Platform-as-a-Service (PaaS)
  • Describe Software-as-a-Service (SaaS)
  • Compare and contrast the three different service types
Describe the differences between Public, Private and Hybrid cloud models
  • Describe Public cloud
  • Describe Private cloud
  • Describe Hybrid cloud
  • Compare and contrast the three different cloud models
2. Understand Core Azure Services (30-35%)
Understand the core Azure architectural components
  • Describe Regions
  • Describe Availability Zones
  • Describe Resource Groups
  • Describe Azure Resource Manager
  • Describe the benefits and usage of core Azure architectural components
Describe some of the core products available in Azure
  • Describe products available for Compute such as Virtual Machines, Virtual Machine Scale Sets, App Service and Functions
  • Describe products available for Networking such as Virtual Network, Load Balancer, VPN Gateway, Application Gateway and Content Delivery Network
  • Describe products available for Storage such as Blob Storage, Disk Storage, File Storage, and Archive Storage
  • Describe products available for Databases such as CosmosDB, Azure SQL Database, Azure Database Migration service, and Azure SQL Data Warehouse
  • Describe the Azure Marketplace and its usage scenarios
Describe some of the solutions available on Azure
  • Describe Internet of Things (IoT) and products that are available for IoT on Azure such as IoT Fundamentals, IoT Hub and IoT Central
  • Describe Big Data and Analytics and products that are available for Big Data and Analytics such as SQL Data Warehouse, HDInsight and Data Lake Analytics
  • Describe Artificial Intelligence (AI) and products that are available for AI such as Azure Machine Learning Service and Studio
  • Describe Serverless computing and Azure products that are available for serverless computing such as Azure Functions, Logic Apps and App grid
  • Describe the benefits and outcomes of using Azure solutions
Understand Azure management tools
  • Understand Azure tools such as Azure CLI, PowerShell, and the Azure Portal
  • Understand Azure Advisor
3. Understand Security, Privacy, Compliance, and Trust (25-30%)
Understand securing network connectivity in Azure
  • Describe Azure Firewall
  • Describe Azure DDoS Protection
  • Describe Network Security Group (NSG)
  • Choose an appropriate Azure security solution
Describe core Azure Identity services
  • Understand the difference between authentication and authorization
  • Describe Azure Active Directory
  • Describe Azure Multi-Factor Authentication
Describe security tools and features of Azure
  • Describe Azure Security
  • Understand Azure Security center usage scenarios
  • Describe Key Vault
  • Describe Azure Information Protection (AIP)
  • Describe Azure Advanced Threat Protection (ATP)
Describe Azure governance methodologies
  • Describe Azure Policies
  • Describe Initiatives
  • Describe Role-Based Access Control (RBAC)
  • Describe Locks
  • Describe Azure Advisor security assistance
Understand monitoring and reporting options in Azure
  • Describe Azure Monitor
  • Describe Azure Service Health
  • Understand the use cases and benefits of Azure Monitor and Azure Service Health
Understand privacy, compliance and data protection standards in Azure
  • Understand industry compliance terms such as GDPR, ISO and NIST
  • Understand the Microsoft Privacy Statement
  • Describe the Trust center
  • Describe the Service Trust Portal
  • Describe Compliance Manager
  • Determine if Azure is compliant for a business need
  • Understand Azure Government services
  • Understand Azure Germany services
4. Understand Azure Pricing and Support (25-30%)
Understand Azure subscriptions
  • Describe an Azure Subscription
  • Understand the uses and options with Azure subscriptions
Understand planning and management of costs
  • Understand options for purchasing Azure products and services
  • Understand options around Azure Free account
  • Understand the factors affecting costs such as resource types, services, locations, ingress and egress traffic
  • Understand Zones for billing purposes
  • Understand the Pricing calculator
  • Understand the Total Cost of Ownership (TCO) calculator
  • Understand best practices for minimizing Azure costs such as performing cost analysis, creating spending limits and quotas, and using tags to identify cost owners; use Azure reservations; use Azure Advisor recommendations
  • Describe Azure Cost Management
Understand the support options available with Azure
  • Understand support plans that are available such as Dev, Standard, Professional Direct and Premier
  • Understand how to open a support ticket
  • Understand available support channels outside of support plan channels
  • Describe the Knowledge Center
Describe Azure Service Level Agreements (SLAs)
  • Describe a Service Level Agreement (SLA)
  • Determine SLA for a particular Azure product or service
Understand service lifecycle in Azure
  • Understand Public and Private Preview features
  • Understand how to access Preview features
  • Understand the term General Availability (GA)
  • Monitor feature updates

Study Notes

1. Understand Cloud Concepts (15-20%)
High Availability (HA)
The ability of the application to continue running in a healthy state, without significant downtime. By "healthy state," we mean the application is responsive, and users can connect to the application and interact with it.

Scalability
Increase or decrease the resources and services used based on the demand or workload at any given time. Vertical Scaling (aka "scaling up) - add more resources to existing servers. Horizontal Scaling (aka "scaling out) - add more servers.

Vertical Scaling (aka "scaling up")
The process of adding resources to increase the power of an existing server (e.g. adding a faster CPU, additional CPUs, more memory).

Horizontal Scaling (aka "scaling out")
The process of adding more servers that function together as one unit (e.g. adding more servers).

Elasticity
Automatically add or remove resources based on demand.

Cloud Agility
Cloud agility is the ability to rapidly change an IT infrastructure in order to adapt to the evolving needs of the business (e.g. if your service peaks one month, you can scale to demand and pay a larger bill for the month. If the following month the demand drops, you can reduce the used resources and be charged less).

Fault Tolerance
Redundancy is often built into cloud services architecture so if one component fails, a backup component takes its place. This is referred to as fault tolerance and it ensures that your customers aren't impacted when an unexpected accident occurs.

Disaster Recovery
The ability to recover from rare but major incidents: non-transient, wide-scale failures, such as service disruption that affects an entire region. Disaster recovery includes data backup and archiving, and may include manual intervention, such as restoring a database from backup.

Economies of Scale
Economies of scale is the ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale (e.g. the ability to acquire hardware at a lower cost than if a single user or smaller business were purchasing it, cloud providers can also make deals with local governments and utilities to get tax savings, lower pricing on power, cooling, and high-speed network connectivity between sites).

Capital Expenditure (CapEx)
CapEx is the spending of money on physical infrastructure up front, and then deducting that expense from your tax bill over time. CapEx is an upfront cost, which has a value that reduces over time.

Operational Expenditure (OpEx)
OpEx is spending money on services or products now and being billed for them now. You can deduct this expense from your tax bill in the same year. There is no upfront cost, you pay for a service or product as you use it.

Infrastructure-as-a-Service (IaaS) (shared responsibility model)
Infrastructure as a Service is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs your application (IT infrastructure servers and virtual machines (VMs), storage, networks, and operating systems). Instead of buying hardware, with IaaS, you rent it. It's an instant computing infrastructure, provisioned and managed over the internet.

Platform-as-a-Service (PaaS)
PaaS provides an environment for building, testing, and deploying software applications. The goal of PaaS is to help you create an application quickly without managing the underlying infrastructure. For example, when deploying a web application using PaaS, you don't have to install an operating system, web server, or even system updates. PaaS is a complete development and deployment environment in the cloud.

Software-as-a-Service (SaaS)
SaaS is software that is centrally hosted and managed for the end customer. It is usually based on an architecture where one version of the application is used for all customers, and licensed through a monthly or annual subscription. Office 365, Skype, and Dynamics CRM Online are perfect examples of SaaS software.

Compare & Contrast (Responsibilities)
 UserCloud Provider
IaaSPurchase, installation, configuration, and management of their own software operating systems, middleware, and applications.Responsible for ensuring that the underlying cloud infrastructure (such as virtual machines, storage, and networking) is available for the user.
PaaSResponsible for the development of their own applications.Responsible for operating system management, and network and service configuration.
SaaSUsers just use the application software; they are not responsible for any maintenance or management of that software.The cloud provider is responsible for the provision, management, and maintenance of the application software.
Public Cloud (most common)
This is the most common deployment model. In this case, you have no local hardware to manage or keep up-to-date – everything runs on your cloud provider’s hardware.

Private Cloud (2nd most common)
In a private cloud, you create a cloud environment in your own datacenter and provide self-service access to compute resources to users in your organization.

Hybrid Cloud (stepping stone to cloud, segmenting work, cloud bursting)
A hybrid cloud combines public and private clouds, allowing you to run your applications in the most appropriate location.

Compare & Contrast (Advantages & Disadvantages)
 AdvantagesDisadvantages
Public+ High Scalability/Agility
+ PAYG (No CapEx, OpEx model)
+ Not responsible for hardware maintenance
+ Minimal technical knowledge required
- May not be able to meet specific security requirements
- May not be able to meet specific compliance requirements
- You don't own the hardware and may not be able to manage them as you wish
Private+ You have complete control
+ Can meet strict security and compliance requirements
- Upfront CapEx costs
- Owning equipment limits agility to scale
- Requires high technical knowledge
Hybrid+ Advantages of both Public and Private- Can be more expensive than selecting one deployment model
- Can be more complicated to set up and manage
Benefits of Cloud Computing
  • Cost Effective: Pay-as-you-go, consumption-based pricing model. Rather than paying for hardware up-front, you rent hardware and pay for the resources that you use.
  • Scalable: Increase or decrease the resources and services used based on the demand or workload at any given time.
  • Elastic: Automatically add or remove resources based on demand.
  • Current: Computer hardware and software is automatically maintained by the cloud provider.
  • Reliable: Cloud providers offer data backup, disaster recovery, and data replication services. Redundancy is often built into cloud services architecture so if one component fails, a backup component takes its place.
  • Global: Cloud providers have fully-redundant datacenters located in various regions all over the globe (performance, redundancy, compliance).
  • Secure: Cloud providers offer a broad set of policies, technologies, controls, and expert technical skills that can provide better security than most organizations can otherwise achieve.
2. Understand Core Azure Services (30-35%)
Geography (Americas, Europe, Asia Pacific, Middle East and Africa)
An Azure geography is a discrete market typically containing two or more regions that preserve data residency and compliance boundaries.

Region (e.g. North Europe, West Europe, Germany North, Germany West Central)
A region is a geographical area on the planet containing at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network.

Availability Zone (e.g. Zone 1, Zone 2, Zone 3 - within a particular region)
Availability Zones are physically separate datacenters within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

Availability Sets
Availability Sets comprise of update and fault domains. Update Domain: When a maintenance event occurs, the update is sequenced through update domains. Fault Domain: Fault domains provide for the physical separation of a workload across different hardware in the datacenter.

Hierarchy: Geography > Region > Availability Zone > Availability Set > Fault Domain/Update Domain

Region Pair
Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as virtual machine storage) across a geography that helps reduce the likelihood of interruptions due to events such as natural disasters, civil unrest, power outages, or physical network outages affecting both regions at once.

Resource Group
Resource groups are a fundamental element of the Azure platform. A resource group is a logical container for resources deployed on Azure.

Azure Resource Manager
Azure Resource Manager is the interface for managing and organizing cloud resources. Think of Resource Manager as a way to deploy cloud resources.

Compute
Virtual MachinesWindows or Linux virtual machines (VMs) hosted in Azure
Virtual Machine Scale SetsScaling for Windows or Linux VMs hosted in Azure
App ServicePaaS offerings to build, deploy, and scale enterprise-grade web, mobile, and API apps.
Azure FunctionsAn event-driven, serverless compute service
Networking
Virtual NetworkConnects VMs to incoming Virtual Private Network (VPN) connections
Load BalancerBalances inbound and outbound connections to applications or service endpoints
VPN GatewayAccesses Azure Virtual Networks through high-performance VPN gateways
Application GatewayOptimizes app server farm delivery while increasing application security
Content Delivery NetworkDelivers high-bandwidth content to customers globally
Storage
Blob StorageStorage service for very large objects, such as video files or bitmaps
Disk StorageProvides disks for virtual machines, applications, and other services.
File StorageAzure Files offers fully-managed file shares in the cloud.
Archive StorageStorage facility for data that is rarely accessed.
Databases
CosmosDBGlobally distributed database that supports NoSQL options
Azure SQL DatabaseFully managed relational database with auto-scale, integral intelligence, and robust security
Azure Database Migration ServiceMigrates your databases to the cloud with no application code changes
Azure SQL Data WarehouseFully managed data warehouse with integral security at every level of scale at no extra cost
Azure Marketplace
The Marketplace allows customers to find, try, purchase, and provision applications and services from hundreds of leading service providers, all certified to run on Azure. Azure Marketplace is a service on Azure that helps connect end users with Microsoft partners, independent software vendors (ISVs), and start-ups that are offering their solutions and services, which are optimized to run on Azure.

Internet of Things (IoT)
IoT HubMessaging hub that provides secure communications and monitoring between millions of IoT devices
IoT CentralFully-managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage your IoT assets at scale
IoT EdgePush your data analysis onto your IoT devices instead of in the cloud allowing them to react more quickly to state changes.
Big Data and Analytics
SQL Data WarehouseRun analytics at a massive scale using a cloud-based Enterprise Data Warehouse (EDW) that leverages massive parallel processing (MPP) to run complex queries quickly across petabytes of data
HDInsightProcess massive amounts of data with managed clusters of Hadoop clusters in the cloud
Data Lake AnalyticsOn-demand ("pay as you go") scalable analytics service that allows you to write queries to transform your data and extract valuable insights.
Artificial Intelligence
Azure Machine Learning ServiceCloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud
Azure Machine Learning StudioCollaborative, drag-and-drop visual workspace where you can build, test, and deploy machine learning solutions using pre-built machine learning algorithms and data-handling modules
Serverless Computing
Azure FunctionsAn event-driven, serverless compute service
Logic AppsHelp you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.
Event GridAllows you to easily build applications with event-based architectures. It's a fully-managed, intelligent event routing service that uses a publish-subscribe model for uniform event consumption.
Azure CLI
Azure CLI is a cross-platform command-line program that connects to Azure and executes administrative commands on Azure resources. Cross-platform means that it can be run on Windows, Linux, or macOS.

PowerShell
Azure PowerShell is a module that you add to Windows PowerShell or PowerShell Core that enables you to connect to your Azure subscription and manage resources.

Azure Portal
The Azure portal is a website that you can access with a web browser, by going to the URL https://portal.azure.com. From here, you can interact manually with all the Azure services. The portal is a web-based administration site that lets you interact with all of your subscriptions and resources you have created.

Azure Advisor
Azure Advisor is a free service built into Azure that provides recommendations on high availability, security, performance, and cost. Advisor analyzes your deployed services and looks for ways to improve your environment across those four areas.
3. Understand Security, Privacy, Compliance, and Trust (25-30%)
Azure Firewall
Azure Firewall is a managed, cloud-based, network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall provides inbound protection for non-HTTP/S protocols. Examples of non-HTTP/S protocols include: Remote Desktop Protocol (RDP), Secure Shell (SSH), and File Transfer Protocol (FTP). It also.provides outbound, network-level protection for all ports and protocols, and application-level protection for outbound HTTP/S.

Azure DDoS Protection
DDoS Protection leverages the scale and elasticity of Microsoft’s global network to bring DDoS mitigation capacity to every Azure region. The Azure DDoS Protection service protects your Azure applications by scrubbing traffic at the Azure network edge before it can impact your service's availability. Within a few minutes of attack detection, you are notified using Azure Monitor metrics.

Network Security Group (NSG)
NSGs operate at layers 3 & 4, and provide a list of allowed and denied communication to and from network interfaces and subnets. NSGs are fully customizable, and give you the ability to fully lock down network communication to and from your virtual machines. By using NSGs, you can isolate applications between environments, tiers, and services.

Authentication (Who are you?)
Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials, and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are.

Authorization (What are you allowed to do?)
Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it.

Azure Active Directory (Authentication, SSO, Application Management, B2B Identity Services, Device Management)
Azure AD is a cloud-based identity service. It has built in support for synchronizing with your existing on-premises Active Directory or can be used stand-alone. This means that all your applications, whether on-premises, in the cloud (including Office 365), or even mobile can share the same credentials. Administrators and developers can control access to internal and external data and applications using centralized rules and policies configured in Azure AD.
  • Authentication
  • Single Sign-On (SSO)
  • Application Management
  • Business to Business (B2B) Identity Services
  • Device Management
Azure Multi-Factor Authentication
Multi-factor authentication (MFA) provides additional security for your identities by requiring two or more elements for full authentication.
These elements fall into three categories:
  • Something you know (e.g. password)
  • Something you possess (e.g. mobile app)
  • Something you are (e.g. fingerprint or face scan)
Azure Security Center
Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises. Available in two tiers, Free (limited to assessments and recommendations only); Standard (full suite of security-related services including continious monitoring, threat detection and just-in-time access control)

Azure Security Center - Usage Scenarios
  • Incident Response (Detect, Assess, Diagnose)
  • Implement Recommendations
Key Vault
Azure Key Vault is a secret store: a centralized cloud service for storing application secrets. Key Vault helps you control your applications' secrets by keeping them in a single central location and providing secure access, permissions control, and access logging.

Microsoft Azure Information Protection (MSIP)
A cloud-based solution that helps organizations classify and optionally protect documents and emails by applying labels. Analyse data flows, detect risky behaviour, track access to documents, prevent data leakage or misuse of confidential informatioon.

Azure Advanced Threat Protection (Azure ATP)
A cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP is capable of detecting known malicious attacks and techniques, security issues, and risks against your network.

Azure Policies
Azure Policy is a service you can use to create, assign, and manage policies. These policies apply and enforce rules that your resources need to follow. These policies can enforce these rules when resources are created, and can be evaluated against existing resources to give visibility into compliance.

Initiatives
Initiatives work alongside policies in Azure Policy. An initiative definition is a set or group of policy definitions to help track your compliance state for a larger goal.

Role-Based Access Control
RBAC provides fine-grained access management for Azure resources, enabling you to grant users the specific rights they need to perform their jobs. RBAC is considered a core service and is included with all subscription levels at no cost.

Resource Locks
Resource locks are a setting that can be applied to any resource to block modification or deletion. Resource locks can set to either Delete or Read-only. Delete will allow all operations against the resource but block the ability to delete it. Read-only will only allow read activities to be performed against it, blocking any modification or deletion of the resource. Resource locks can be applied to subscriptions, resource groups, and to individual resources, and are inherited when applied at higher levels.

Azure Monitor
Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

Azure Service Health
Azure Service Health is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved. Azure Service Health can also help you prepare for planned maintenance and changes that could affect the availability of your resources.

General Data Protection Regulation (GDPR)
As of May 25, 2018, a European privacy law — GDPR — is in effect. GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.

ISO/IEC 27018
Microsoft is the first cloud provider to have adopted the ISO/IEC 27018 code of practice, covering the processing of personal information by cloud service providers.

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
NIST CSF is a voluntary Framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks. Microsoft cloud services have undergone independent, third-party Federal Risk and Authorization Management Program (FedRAMP) Moderate and High Baseline audits, and are certified according to the FedRAMP standards. Additionally, through a validated assessment performed by the Health Information Trust Alliance (HITRUST), a leading security and privacy standards development and accreditation organization, Office 365 is certified to the objectives specified in the NIST CSF.

Microsoft Privacy Statement
The Microsoft privacy statement explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Trust Center
Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. The Trust Center is an important part of the Microsoft Trusted Cloud Initiative, and provides support and resources for the legal and compliance community.

Service Trust Portal
The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services.

Compliance Manager
Compliance Manager is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.

Azure Government Services
Azure Government is a cloud environment specifically built to meet compliance and security requirements for US government. Physically separated instance of Microsoft Azure, specifically for U.S. Government, meets complex compliance standards, designed to exceed U.S. Government requirements.
4. Understand Azure Pricing and Support (25-30%)
Azure Account
An Azure account is tied to a specific identity and holds information like: Name, email, and contact preferences; Billing information such as a credit card. An Azure account is what you use to sign in to the Azure website and administer or deploy services. Every Azure account is associated with one or more subscriptions.

Azure Free Account
  • Subset of Azure services free for 12 months (750 VM hours, 5GB Storage, 250GB SQL DB, etc)
  • $200 USD free credit (170 euro) to explore any Azure service for 30 days
  • 25+ services always free
ServiceMetricWhat
App Service10Web, mobile, or API apps
Functions1MRequires per month
Event Grid100,000Operations per month
Azure Kubernetes ServiceFreeDeploy and manage containers
Face API30,000Transactions per month
DevTest LabsFree 
Active Directory500,000Objects
AD B2C50,000Monthly stored users
Service FabricFree 
Azure DevOps5Users
Azure ML Studio100Modules per experiment
Azure Security CenterFreePolicy assessment and recoommendations
Data Factory5Activities
Search10,000Documents
Notification Hubs1MPush notificatioons
BatchFree 
Automation500 minsJob runtime
Data CatalogUnlimitedUsers
Translator Text API2MCharacters
Virtual Network50Virtual networks
Inter-VNET data transferInbound only 
Bandwidth5GBOutbound
ML ServiceFreeWorkspaces
Azure Subscription
An Azure subscription is a logical container used to provision resources in Microsoft Azure. It holds the details of all your resources like virtual machines, databases, etc.

Azure Subscription - Use and Options
Azure offers free and paid subscription options to suit different needs and requirements. The most commonly used subscriptions are:
  • Free: An Azure free subscription includes a $200 credit to spend on any service for the first 30 days, free access to the most popular Azure products for 12 months, and access to more than 25 products that are always free.
  • Pay-As-You-Go: A Pay-As-You-Go (PAYG) subscription charges you monthly for the services you used in that billing period. This subscription type is appropriate for a wide range of users, from individuals to small businesses, and many large organizations as well.
  • Enterprise Agreement: An Enterprise Agreement (EA) provides flexibility to buy cloud services and software licenses under one agreement, with discounts for new licenses and Software Assurance. It's targeted at enterprise-scale organizations.
  • Student: An Azure for Students subscription includes $100 in Azure credits to be used within the first 12 months plus select free services without requiring a credit card at sign-up. You must verify your student status through your organizational email address.
Every Azure Subscription Includes
  • Free access to billing and subscription support
  • Azure products and services documentation
  • Online self-help documentation
  • Community support forums
Purchasing Options for Azure Products and Services
  • Enterprise: Enterprise customers sign an Enterprise Agreement (EA) with Azure that commits them to spend a negotiated amount on Azure services, which they typically pay annually. Enterprise customers also have access to customized Azure pricing.
  • Web direct: Direct Web customers pay general public prices for Azure resources, and their monthly billing and payments occur through the Azure website.
  • Cloud Solution Provider: Cloud Solution Provider (CSP) typically are Microsoft partner companies that a customer hires to build solutions on top of Azure. Payment and billing for Azure usage occur through the customer's CSP.
Factors Affecting Costs
  • Resource Type: Costs are resource-specific, so the usage that a meter tracks and the number of meters associated with a resource depend on the resource type.
  • Service: Azure usage rates and billing periods can differ between Enterprise, Web Direct, and Cloud Solution Provider (CSP) customers. Some subscription types also include usage allowances, which affect costs.
  • Location: Azure has datacenters all over the world. Usage costs vary between locations that offer particular Azure products, services, and resources based on popularity, demand, and local infrastructure costs.
Zones
A Zone is a geographical grouping of Azure Regions for billing purposes. The following zones exist and include the listed countries (regions) listed.
  • Zone 1 (United States, Europe, Canada, UK, France)
  • Zone 2 (Asia Pacific, Japan, Australia, India, Korea)
  • Zone 3 (Brazil)
  • DE Zone 1 (Germany)
Pricing Calculator
The Azure pricing calculator is a free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.

Total Cost of Ownership (TCO) Calculator
If you are starting to migrate to the cloud, a useful tool you can use to predict your cost savings is the Total Cost of Ownership (TCO) calculator. TCO helps you estimate cost savings realized by mirating to Azure.

Best Practices for Minimizing Azure Costs
  • Spending Limits: Spending limit in Azure exists to prevent spending over your credit amount. All new customers who sign up for the trial or offers that includes credits over multiple months have the spending limit turned on by default. The spending limit is $0. It can’t be changed. The spending limit isn’t available for subscription types such as Pay-As-You-Go subscriptions and commitment plans.
  • Quotas: Microsoft Azure Limits
  • Tags: You can use tags to group your billing data. For example, if you're running multiple VMs for different organizations, use the tags to group usage by cost center. You can also use tags to categorize costs by runtime environment, such as the billing usage for VMs running in the production environment. When exporting billing data or accessing it through billing APIs, tags are included in that data and can be used to further slice your data from a cost perspective.
  • Reserved Instances: Reserved instances are purchased in one-year or three-year terms, with payment required for the full term up front. After it's purchased, Microsoft matches up the reservation to running instances and decrements the hours from your reservation. Reservations can be purchased through the Azure portal. And because reserved instances are a compute discount, they are available for both Windows and Linux VMs.
Azure Cost Management
Azure Cost Management is another free, built-in Azure tool that can be used to gain greater insights into where your cloud money is going. You can see historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set. You can set budgets, schedule reports, and analyze your cost areas.

Support Plans
 ScopeTech SupportResponse TimesArchitectureOperationsTrainingProactive GuidanceLaunch Support
DeveloperNon-ProductBusiness Hours (email)Sev C; < 8 bus hoursGeneral Guidance    
StandardProduction24x7 (email & phone)Sev A; < 1 hour    
Professional DirectBusiness CriticalBased on best practice by ProDirect delivery managerOnboarding services, service reviews, Azure Advisor consultationsAzure Engineering-led web seminarsProDirect Delivery Manager 
PremierSubstantial DependenceCustomer specific architectrual support (e.g. design reviews, perf tuning, config)Technical account manager-led service reviews and reportingAzure Engineering-led web seminars, on-demand trainingProDirect Delivery Manager Designated Technical Account ManagerAzure Event Management (available for additional fee)
Available Support Channels outside of Support Plan Channels
  • Azure Knowledge Center
  • Microsoft Developer Network (MSDN) Forums
  • Stack Overflow
  • Server Fault
  • Azure Feedback Forums
  • Twitter
How to Open a Support Ticket
Azure Portal > Help + Support > New Support Request

Knowledge Center
The Azure Knowledge Center is a searchable database that contains answers to common support questions, from a community of Azure experts, developers, customers, and users. You can browse through all responses within the Azure Knowledge Center. Find specific solutions by entering keyword search terms into the text-entry field and further refine your search results by selecting products or tags from the lists provided by two dropdown lists.

Service Level Agreement (SLA)
Formal documents called Service-Level Agreements (SLAs) capture the specific terms that define the performance standards that apply to Azure.
  • SLAs describe Microsoft's commitment to providing Azure customers with specific performance standards.
  • There are SLAs for individual Azure products and services.
  • SLAs also specify what happens if a service or product fails to perform to a governing SLA's specification.
Note: Azure does not provide SLAs for most services under the Free or Shared tiers.

Determine SLA for a particular Azure product or service
There are three key characteristics of SLAs for Azure products and services:
  1. Performance Targets
  2. Uptime and Connectivity Guarantees
  3. Service credits (percentage of the applicable monthly service fees credited to you if a service fails to meet uptime guarantee)
Private Preview
This means that an Azure feature is available to * specific* Azure customers for evaluation purposes. This is typically by invite only and issued directly by the product team responsible for the feature or service.

Public Preview
This means that an Azure feature is available to all Azure customers for evaluation purposes. These previews can be turned on through the preview features page as detailed below.

How to Access Preview Features
You can activate specific preview features through the preview features page (https://azure.microsoft.com/en-gb/services/preview/). This page lists the preview features that are available for evaluation. To preview a feature, select the Try it button for the relevant feature. Another preview area you can try is the next version of the Azure portal. Use the URL https://preview.portal.azure.com

General Availability (GA)
Once a feature has been evaluated and tested successfully, it might be released to customers as part of Azure's default product set. This release is referred to as General Availability (GA).

Monitor Feature Updates
The Azure portal "What's New" link on the ? help menu provides a list of recent updates you can periodically check to see what's changed in Azure. Alternatively, you can use the Azure Updates page (https://azure.microsoft.com/updates/).