Microsoft Certified · Beginner · Azure
Microsoft Azure Fundamentals — AZ-900
AZ-900 validates foundational knowledge of cloud concepts, Azure architecture and services, and Azure management and governance. I use it as a baseline, not as a substitute for administrator-level implementation evidence.
Microsoft Certified
Azure Fundamentals AZ-900 · Verified on Microsoft Learn01 · Credential purpose
What AZ-900 is
Microsoft positions Azure Fundamentals as a common starting point for technology professionals who need to demonstrate foundational knowledge of cloud computing in general and Microsoft Azure in particular.
Who it is for
People working in software development, infrastructure, databases, support, operations, or adjacent technical roles who need a reliable Azure foundation.
What it validates
The ability to describe cloud models, core Azure architecture and services, identity and security concepts, cost management, governance, deployment tools, and monitoring concepts.
02 · Knowledge scope
What you must know
Microsoft's published study-guide blueprint effective July 20, 2026 groups the exam into three weighted domains. Objectives can change, so the official study guide remains authoritative.
Describe cloud concepts
Cloud computing
- Cloud computing and the shared responsibility model.
- Public, private, and hybrid cloud models.
- Consumption-based pricing and serverless concepts.
Cloud benefits
- High availability, scalability, reliability, and predictability.
- Security, governance, and manageability benefits.
Service types
- IaaS, PaaS, and SaaS.
- Appropriate use cases and responsibility boundaries for each model.
Describe Azure architecture and services
Architecture
- Regions, region pairs, sovereign regions, datacenters, and availability zones.
- Resources, resource groups, subscriptions, and management groups.
Compute and networking
- Virtual machines, scale sets, containers, functions, web apps, and hosting choices.
- Virtual networks, subnets, peering, DNS, VPN Gateway, ExpressRoute, and endpoints.
Storage
- Storage services, access tiers, redundancy, account options, and data movement tools.
- Azure Migrate and Azure Data Box migration concepts.
Identity and security
- Microsoft Entra ID, SSO, MFA, passwordless, external identities, and Conditional Access.
- Azure RBAC, Zero Trust, defense in depth, and Microsoft Defender for Cloud.
Describe Azure management and governance
Costs
- Cost factors, the pricing calculator, cost management capabilities, and tags.
Governance and compliance
- Microsoft Purview, Azure Policy, and resource locks.
Management and deployment
- Azure portal, Cloud Shell, Azure CLI, Azure PowerShell, and Azure Arc.
- Infrastructure as code, Azure Resource Manager, and ARM templates.
Monitoring
- Azure Advisor, Azure Service Health, Azure Monitor, Log Analytics, alerts, and Application Insights.
03 · Applied connection
Why AZ-900 connects to TraceHawk
TraceHawk does not exercise every AZ-900 objective. It provides inspectable evidence for a focused subset: container hosting, deployment shape, security boundaries, monitoring, resource constraints, and operational delivery on Azure.
TraceHawk is packaged as a container and deployed to Azure Container Apps, connecting the conceptual choice between virtual machines, containers, functions, and managed application hosting to a real deployment decision.
The protected analyst workspace uses an authenticated boundary and role controls. The public demo is deployed separately with stateless behavior, disabled external AI, private API denial, and bounded anonymous analysis.
The service exposes liveness and readiness checks, structured operational logs, metrics, bounded resource budgets, rollback documentation, and exact-commit deployment verification.
Azure supplies managed platform capabilities, but application authorization, data handling, upload limits, secrets, detection behavior, evidence integrity, and public/private separation remain my implementation responsibility.
The project uses explicit public-demo contracts, CI security gates, restricted capabilities, documented limitations, and reproducible verification. It does not claim use of every Azure governance product.
The live demo and public GitHub source allow reviewers to inspect the user experience, deployment boundary, tests, security controls, AI disclosure, and known limitations.
04 · Proof boundaries
What AZ-900 does not prove
Not administrator depth
AZ-900 does not by itself prove that I can operate complex subscriptions, networks, identity lifecycles, storage estates, or enterprise governance at AZ-104 depth.
Not every Azure service
The credential covers broad concepts. It does not mean I have implemented every compute, data, security, governance, or monitoring service.
Not production scale
TraceHawk is a single-replica portfolio system. It does not prove multi-region resilience, enterprise disaster recovery, tenant isolation, or large-scale cost governance.
Not manual-code authorship
The project used extensive generative AI assistance. My evidence is architecture understanding, review, testing, debugging, security decisions, acceptance, and transparent disclosure.
05 · Next learning layers
How the foundation develops
Deepens the Microsoft security, compliance, and identity product map.
Moves from describing Azure to administering identities, compute, storage, networking, governance, and monitoring.
Builds GitHub Actions implementation and troubleshooting depth.
Combines development and operations into CI/CD, security, compliance, and DevSecOps delivery.
06 · Official sources
Verify the credential and review the current objectives
Last reviewed: July 13, 2026. Microsoft has published an objective update effective July 20, 2026. Microsoft Learn remains authoritative if the exam scope changes again. Microsoft Learn links include my Student Ambassadors Contributor ID; non-Microsoft links do not.