← Back to certifications

Microsoft Certified · Beginner · Azure

Microsoft Azure Fundamentals — AZ-900

AZ-900 validates foundational knowledge of cloud concepts, Azure architecture and services, and Azure management and governance. I use it as a baseline, not as a substitute for administrator-level implementation evidence.

AZ

Microsoft Certified

Azure Fundamentals AZ-900 · Verified on Microsoft Learn

01 · Credential purpose

What AZ-900 is

Microsoft positions Azure Fundamentals as a common starting point for technology professionals who need to demonstrate foundational knowledge of cloud computing in general and Microsoft Azure in particular.

LevelBeginner
ProductMicrosoft Azure
Role contextAdministrator
Core domains3

Who it is for

People working in software development, infrastructure, databases, support, operations, or adjacent technical roles who need a reliable Azure foundation.

What it validates

The ability to describe cloud models, core Azure architecture and services, identity and security concepts, cost management, governance, deployment tools, and monitoring concepts.

02 · Knowledge scope

What you must know

Microsoft's published study-guide blueprint effective July 20, 2026 groups the exam into three weighted domains. Objectives can change, so the official study guide remains authoritative.

25–30%

Describe cloud concepts

Foundation

Cloud computing

  • Cloud computing and the shared responsibility model.
  • Public, private, and hybrid cloud models.
  • Consumption-based pricing and serverless concepts.

Cloud benefits

  • High availability, scalability, reliability, and predictability.
  • Security, governance, and manageability benefits.

Service types

  • IaaS, PaaS, and SaaS.
  • Appropriate use cases and responsibility boundaries for each model.
35–40%

Describe Azure architecture and services

Largest domain

Architecture

  • Regions, region pairs, sovereign regions, datacenters, and availability zones.
  • Resources, resource groups, subscriptions, and management groups.

Compute and networking

  • Virtual machines, scale sets, containers, functions, web apps, and hosting choices.
  • Virtual networks, subnets, peering, DNS, VPN Gateway, ExpressRoute, and endpoints.

Storage

  • Storage services, access tiers, redundancy, account options, and data movement tools.
  • Azure Migrate and Azure Data Box migration concepts.

Identity and security

  • Microsoft Entra ID, SSO, MFA, passwordless, external identities, and Conditional Access.
  • Azure RBAC, Zero Trust, defense in depth, and Microsoft Defender for Cloud.
30–35%

Describe Azure management and governance

Operations

Costs

  • Cost factors, the pricing calculator, cost management capabilities, and tags.

Governance and compliance

  • Microsoft Purview, Azure Policy, and resource locks.

Management and deployment

  • Azure portal, Cloud Shell, Azure CLI, Azure PowerShell, and Azure Arc.
  • Infrastructure as code, Azure Resource Manager, and ARM templates.

Monitoring

  • Azure Advisor, Azure Service Health, Azure Monitor, Log Analytics, alerts, and Application Insights.

03 · Applied connection

Why AZ-900 connects to TraceHawk

TraceHawk does not exercise every AZ-900 objective. It provides inspectable evidence for a focused subset: container hosting, deployment shape, security boundaries, monitoring, resource constraints, and operational delivery on Azure.

AZ-900 conceptCompute and application hosting

TraceHawk is packaged as a container and deployed to Azure Container Apps, connecting the conceptual choice between virtual machines, containers, functions, and managed application hosting to a real deployment decision.

AZ-900 conceptIdentity, access, and Zero Trust

The protected analyst workspace uses an authenticated boundary and role controls. The public demo is deployed separately with stateless behavior, disabled external AI, private API denial, and bounded anonymous analysis.

AZ-900 conceptReliability and manageability

The service exposes liveness and readiness checks, structured operational logs, metrics, bounded resource budgets, rollback documentation, and exact-commit deployment verification.

AZ-900 conceptShared responsibility

Azure supplies managed platform capabilities, but application authorization, data handling, upload limits, secrets, detection behavior, evidence integrity, and public/private separation remain my implementation responsibility.

AZ-900 conceptGovernance mindset

The project uses explicit public-demo contracts, CI security gates, restricted capabilities, documented limitations, and reproducible verification. It does not claim use of every Azure governance product.

Project evidencePublic verification

The live demo and public GitHub source allow reviewers to inspect the user experience, deployment boundary, tests, security controls, AI disclosure, and known limitations.

04 · Proof boundaries

What AZ-900 does not prove

Not administrator depth

AZ-900 does not by itself prove that I can operate complex subscriptions, networks, identity lifecycles, storage estates, or enterprise governance at AZ-104 depth.

Not every Azure service

The credential covers broad concepts. It does not mean I have implemented every compute, data, security, governance, or monitoring service.

Not production scale

TraceHawk is a single-replica portfolio system. It does not prove multi-region resilience, enterprise disaster recovery, tenant isolation, or large-scale cost governance.

Not manual-code authorship

The project used extensive generative AI assistance. My evidence is architecture understanding, review, testing, debugging, security decisions, acceptance, and transparent disclosure.

05 · Next learning layers

How the foundation develops

SC-900

Deepens the Microsoft security, compliance, and identity product map.

AZ-104

Moves from describing Azure to administering identities, compute, storage, networking, governance, and monitoring.

GH-200

Builds GitHub Actions implementation and troubleshooting depth.

AZ-400

Combines development and operations into CI/CD, security, compliance, and DevSecOps delivery.

06 · Official sources

Verify the credential and review the current objectives

Last reviewed: July 13, 2026. Microsoft has published an objective update effective July 20, 2026. Microsoft Learn remains authoritative if the exam scope changes again. Microsoft Learn links include my Student Ambassadors Contributor ID; non-Microsoft links do not.