Azure AZ-900 Certification

I have completed Microsoft’s AZ-900 training that is available directly on their website here:

https://docs.microsoft.com/en-us/learn/paths/explore-microsoft-azure-cloud-concepts/

Their site has done a great job step-by-step going through this entire content and providing all the knowledge you need to complete the AZ-900 exam and I always read through the following Azure Fundamentals exam reference guide:

To prepare for the exam after going through this material I went ahead and downloaded the Microsoft objective guide found here: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3VwUY

I created the below details based on each objective found and found it helpful to understand and prep me for the exam.

Describe Cloud Concepts (15-20%)

Describe the benefits and considerations of using cloud services

• Describe the Terms:
• High Availability – Includes redundancy, monitoring and failover. This ensures that a system will have redundant components including a secondary server that is monitored and will failover in the event of an issue. https://docs.microsoft.com/en-gb/azure/architecture/framework/resiliency/overview
• Scalability – The ability to increase or decrease resources and services based on demand and workload. Scaling up is the process of adding resources to an existing server (RAM and CPU). Scaling out is the pocess of adding more servers that function together. https://docs.microsoft.com/en-us/azure/architecture/best-practices/auto-scaling
• Elasticity – Ability to automatically compensate based on demand and add additional resources or subtract resoruces when demand drops. https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/
• Agility – Azure is rapidly developing to easily drive business growth https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-outcomes/agility-outcomes
• Fault Tolerance – See High Availability
• Disaster Recovery – See High Availability
• Describe the principles of economies of scale:
• Economies of Scale is the ability to do things more efficiently when it is running at a larger scale. By increasing your production, you can offer a cheaper cost of service. Azure is designed to offer this to you. https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/3b-economies-of-scale
• Describe the difference between Capital Expenditure (CapEx) and Operational Expenditure (OpEx):
• Capital Expenditure (CapEx) – The spending of money on physical equipment up front. As you purchase this, the value will depreciate over time and will eventually need to be replaced.
• Operational Expenditure (OpEx) – A service you are paying for and being billed as needed. There are no upfront costs and Azure is considered an operational expenditure.
• Describe the consumption-based model:
• Consumption-based pricing model has the customer pay for the resources that they use. If you use more resources or have a heavier workload for a period of time, you pay more. Optionally, you can select a reserved instance on Azure and save costs by deciding on a fixed amount of resources you will need for the year. It is recommended when you create a new resource to run pay as you go. When you have a better understanding on your resource requirements, you can switch to a reserved instance.
• Describe the differences between Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/5-types-of-cloud-services)
• IaaS: Infrastructure as a service, you do not purchase the hardware but instead rent it from somewhere else. It gives you complete control of your hardware that runs your virtualized environment and it is provisioned nearly instantly. IaaS is a shared responsibility between you and Azure.
• PaaS: Platform-as-a-Service removes your responsibility for building, testing, and deploying software. You do not have to touch the hardware, virtual machines, or the Operating Systems. These are managed by Azure. It is normally used by developers to develop applications using built in components to the cloud platform. The features mentioned include high-availability and scalability.
• SaaS: Software-as-a-Service is hosted and managed by cloud providers. This is normally licensed monthly or annually and an example is Office 365.
• Describe the Shared Responsibility model:
• In this model you are responsible for making sure that the service is configured correctly, while Azure is responsible that the service functions properly.
• Describe the differences between public, private, and hybrid cloud models
• Public Cloud – All your infrastructure is in the lcoud and you have no on-premise infrastructure which you need to manage or maintain. Azure is a public cloud provider. You pay for what you use so this is an OpEx expense as there is no up-front cost.
• Private Cloud – You own your own data center and are able to provide what is a private cloud to your own end users. You maintain the infrastructure. Normally legacy apps might require this to be used when they cannot be migrated to a public cloud. There is upfront CapEx costs to purchase and maintain this.
• Hybrid Cloud – This is both environments where you may have legacy applications or specific apps on your private cloud data center and utilize the public cloud for other applications or DR scenarios. This is considered a CapEx expense to run but also has OpEx costs related.
• Define Cloud Computing
• Cloud computing is the renting of resources, including storage and CPU cycles, on another company’s computer. You pay for what you use and companies like this are considered a cloud provider. Examples: Microsoft Azure, Amazon Web Services, Google Cloud Platform.

Describe core Azure Services (10-15%)

Describe the core Azure architectural components

• Describe the benefit and usage of Regions:
• An Azure region consists of multiple data centers that are geographically located. Each data center is connected by a low latency connection within the region. https://azure.microsoft.com/en-gb/global-infrastructure/regions/
• Describe the benefit and usage of Availability Zones
• An availability zone is a different physical location from a region. These zones contain one or more data centers and are independent of each other. This allows customers to run systems in high availability with disaster recovery scenarios in mind. https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
• Describe the benefit and usage of resource groups
• A resource group is containers that hold related resources in Azure that are grouped together. A virtual machine will have multiple components as part of a resource group – VM, NIC, Disks. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups
• Describe the benefits and usage of Subscriptions
• When you sign up for Azure, a subscription is created by default. This is a logical container that is used to provision resources within Azure. The subscription holds all details of your resources including VMs, databases, and more. When you create a new resource like a VM, you must specify the subscription it belongs to. As you use a VM, the usage of the VM is aggregated and then billed monthly. https://docs.microsoft.com/en-gb/azure/cost-management-billing/cost-management-billing-overview
• Describe the benefit and usage of Management Groups
• Azure management groupos give you a level of scope above subscriptions. You organize subscriptions into containers called “management groups” and apply your governance conditions to that group. All subscriptions within it will inherit the conditions applied to the management group. These groups give you enterprise-grade management at a large scale regardless of the number of subscriptions you have. All subscriptions within a single management group must trust the same Azure Active Directory tenant. https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
• Describe the benefit and usage of Azure Resource Manager
• Azure Resource Manager allows you to deploy and manage your resources, you allow for consistency across your tenant by way of declarative templates, access controls, locks and tags to keep your environment organized and secure. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups

Describe core workload products available in Azure (10-15%)

• Describe the benefits and usage of Virtual Machines, Azure App Services, Azure Container Instances (ACI, Azure Kubernetes Services (AKS) and Windows Virtual Desktop
• Virtual Machines: On-demand, scalable virtual machines in Azure which you can configure and maintain. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/overview
• Azure App Services: Quickly build, deploy, and scale web apps created with popular frameworks like .NET, Node.js, Java, PHP, Ruby, and Python – in containers or running on any operating system. These meet rigorous enterprise-grade performance, security, and compliance requirements by using the fully managed platform for your operational and monitoring tasks. https://azure.microsoft.com/en-gb/services/app-service/
• Azure container instances (ACI): ACI allows you to run docker containers in a serverless azure environment. ACI can be run without orchestration and is a fast and simple way to run a container without having to manage many VMs. https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview)
• Azure Kubernetes Service (AKS): AKS is a managed Kubernetes environment, making it quick and easy to deploy and manage containerized applications without orchestration expertise. https://azuredevopslabs.com/labs/vstsextend/kubernetes/
• Windows Virtual Desktop: A comprehensive desktop and app virtualization service running in the cloud. It’s the only virtual desktop infrastructure (VDI) that delivers simplified management, multi-session Windows 10, optimizations for Office 365 Pro Plus and support for Remote Desktop Services (RDS) environments. Deploy and scale your Windows Desktops and Apps on Azure in minutes and get built-in security and compliance features. https://docs.microsoft.com/en-gb/azure/virtual-desktop/overview)
• Describe the benefit and usage of Virtual Networks and Express Route
• Virtual Network: Azure vNET is your network in the cloud. This vNET Contains your cloud resources and allows for the communication between them. vNETs should be treated the same way as your own data center. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq
• Express Route: ExpressRoute lets you extend your on-premise networks into the Microsoft Cloud over a private connection that is facilitated by a connectivity provider. With ExpressRoute , you can establish a connection to Microsoft Cloud Services, such as Azure and Office 365. https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
• Describe the benefits and usage of Container (blob) storage, disk storage, file storage, and storage tiers.
• Container (Blob) Storage: Blob storage is unstructured, which means there are no restrictions on what kind of data it can hold. They are not limited to common file formats and let you hold large amounts of data. This can also be used to hold data for backup and disaster recovery. https://docs.microsoft.com/en-gb/azure/storage/blobs/storage-blobs-overview
• Disk Storage: This storage type provides a disk that can be attached to a virtual machine, applications, and other services in order to access and use as they need. This is similar to adding a disk to an on premise physical or virtual server. These are normally used where you have an application that require read and write operations to persistent disks. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview
• File Storage: Azure files are fully managed file shares and are accessible via the SMB protocol. These can be mounted by an on-cloud or on-premise workstation/server and are similar to mounting a traditional SMB share. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction
• Storage Tiers: Azure offers three storage tiers for blob storage: Hot Access, Cool Access, and Archive Tiers. These tiers target data at different stages and offer some cost-effective solutions for different use cases. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?tabs=azure-portal
• Describe the benefits and usage of Cosmos DB, Azure SQL Databases, Azure Database for MySQL and Azure Database for PostgreSQL
• Cosmos DB: Microsoft’s globally distributed, multi-model database service. It provides you with elastic scaleability all around the globe with 99.999% high availability. https://docs.microsoft.com/en-us/azure/cosmos-db/introduction
• Azure SQL Database: General purpose relational database that is fully managed with built in high availability, backups, and other common maintenance operations. Azure SQL Database is PaaS. https://docs.microsoft.com/en-gb/azure/sql-database/sql-database-technical-overview
• Azure Database for PostgreSQL: Open source relational database service that is based on the open-source Postgres database engine. https://docs.microsoft.com/en-us/azure/postgresql/
• Azure Database for MySQL: Azure Database for MySQL is a relational database service powered by the MySQL community edition. It’s a fully managed database as a service offering that is able to handle mission critical workloads with predictable performance and dynamic scaleability. https://docs.microsoft.com/en-us/azure/mysql/

Describe the benefits and usage of Azure Marketplace (10-15%)

Describe Core Solutions and Management Tools on Azure

• Describe the benefits and usage of IoT Hub, IoT Central, and Azure Sphere
• The Azure Internet of Things (IoT) is a collection of Microsoft-managed cloud services that collect, monitor, and control billions of IoT assets. In simpler terms, an IoT solution is made up of one or more IoT devices that communicate with one or more back-end services hosted in the cloud.
• IoT Hub: This is an Azure managed service which acts as a central message hub for bi-directional communication between your IOT applications and the devices it manages.https://docs.microsoft.com/en-gb/azure/iot-hub/about-iot-hub
• IoT Central: An application platform that reduces the burden and cost of developing, managing and maintaining enterprise grade IoT solutions. https://docs.microsoft.com/en-gb/azure/iot-central/core/overview-iot-central
• Azure Sphere: Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices. It comprises a secured, connected, crossover microcontroller unit (MCU), a custom high-level Linux-based operating system (OS), and a cloud-based security service that provides continuous, renewable security. https://docs.microsoft.com/en-gb/azure-sphere/product-overview/what-is-azure-sphere
• Describe the Benefits and Usage of Azure Synapse Analytics, HDInsight, and Azure Databricks
• Azure Synapse Analytics: Azure Synapse is a limitless analytics service that brings together enterprise data warehousing and Big Data analytics. It gives you the freedom to query data on your terms, using either serverless on-demand or provisioned resources—at scale. Azure Synapse brings these two worlds together with a unified experience to ingest, prepare, manage, and serve data for immediate BI and machine learning needs. https://docs.microsoft.com/en-us/azure/sql-data-warehouse/sql-data-warehouse-overview-what-is
• HD Insight: Azure HDInsight is a cloud distribution of Hadoop components. Azure HDInsight makes it easy, fast, and cost-effective to process massive amounts of data. You can use the most popular open-source frameworks such as Hadoop, Spark, Hive, LLAP, Kafka, Storm, R, and more. With these frameworks, you can enable a broad range of scenarios such as extract, transform, and load (ETL), data warehousing, machine learning, and IoT. https://docs.microsoft.com/en-us/azure/hdinsight/hdinsight-overview
• Azure Databricks: Azure Databricks is an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform. Designed with the founders of Apache Spark, Databricks is integrated with Azure to provide one-click setup, streamlined workflows, and an interactive workspace that enables collaboration between data scientists, data engineers, and business analysts. https://docs.microsoft.com/en-gb/azure/azure-databricks/what-is-azure-databricks
• Describe the benefits and usage of Azure Machine Learning, Cognitive Services, and Azure Bot Service
• Azure machine learning: An environment you can use to train, deploy, automate, manage and track machine learning models. https://docs.microsoft.com/en-gb/azure/machine-learning/overview-what-is-azure-ml
• Cognitive Services: Are services which can allow you to build intelligent applications without the need for data science or AI skills. It allows development to add cognitive features to their applications. https://docs.microsoft.com/en-gb/azure/cognitive-services/welcome
• Azure Bot Service: Azure Bot Service and Bot Framework provide tools to build, test, deploy, and manage intelligent bots, all in one place. Through the use of modular and extensible framework provided by the SDK, tools, templates, and AI services developers can create bots that use speech, understand natural language, handle questions and answers, and more. https://docs.microsoft.com/en-us/azure/bot-service/bot-service-overview-introduction?view=azure-bot-service-4.0
• Describe the benefits and usage of serverless computing solutions that include Azure Functions, Logic Apps, and Event Grid
• Azure Functions: Azure functions allow you to run small pieces of code called functions without worrying about the infrastructure. These functions are triggered by a specific event. https://docs.microsoft.com/en-gb/azure/azure-functions/functions-overview
• Logic Apps: Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview
• Event Grid: Azure Event Grid allows you to easily build applications with event-based architectures. First, select the Azure resource you would like to subscribe to, and then give the event handler or WebHook endpoint to send the event to. https://docs.microsoft.com/en-us/azure/event-grid/overview
• Describe solutions for software development including Azure DevOps and Azure DevTest Labs
• Azure DevOps: Azure DevOps provides developer services to support teams to plan work, collaborate on code development, and build and deploy applications. Developers can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. Azure DevOps Server was formerly named Visual Studio Team Foundation Server (TFS).https://docs.microsoft.com/en-us/azure/devops/user-guide/what-is-azure-devops?view=azure-devops
• Azure DevTest Labs: DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates. These have all the necessary tools and software that you can use to create environments. You can create environments in a few minutes, as opposed to hours or days. https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-overview

Describe Azure Management Tools

• Describe the functionality and usage of the Azure Portal, Azure PowerShell, Azure CLI, Cloud Shell, and Azure Mobile App
• Azure Portal: Azure portal allows you to manage your Azure tenant through a GUI on your web browser. It is compatible on any modern desktop/tablet device. https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-overview
• Azure Powershell: Designed to allow you to manage your resources directly through powershell command line. It runs on Windows, however if you are on a Mac or Linux, you will need to install PowerShell Core first. https://docs.microsoft.com/en-us/powershell/azure/?view=azps-3.5.0
• Azure CLI: The Azure command-line interface (CLI) is Microsoft’s cross-platform command-line experience for managing Azure resources. It can run on Windows, MacOS, Linux, in Docker and Azure Cloud Shell. https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli?view=azure-cli-latest
• Azure Cloud Shell: Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. Cloud shell supports the latest versions of: Edge, IE, Chrome, Firefox and Safari. https://docs.microsoft.com/en-us/azure/cloud-shell/overview
• Azure mobile app: Read the following announcement to see what the mobile app can do. Please do no use it to manage your Azure tenant. https://azure.microsoft.com/en-gb/blog/azure-mobile-app-now-generally-available/
• Describe the functionality and usage of Azure Advisor
• Azure advisor will continuously monitor your cloud environment to ensure it is secure, costs effective and well managed. By following the Azure best practices the Advisor will give you personalized recommendations to ensure the following feature are optimized: high availability, security, performance, cost, operational excellence. (https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
• Describe the functionality and usage of Azure Monitor
• Azure Monitor collect and aggregates data from multiple sources where is can be visualize, analysed and used of alerting. You can get deep insights across your Azure resources and even include custom resources that utilize Azure for data storage. https://docs.microsoft.com/en-us/azure/azure-monitor/overview
• Describe the functionality and usage of Azure Service Health
• Azure service health combines the Azure status, Azure Service health service and resource health. It aims to give you personalized information and support when issue with the Azure service may affect you. https://docs.microsoft.com/en-us/azure/service-health/

Describe General Security and Network Security Features (10-15%)

Describe Azure security features

• Describe basic features of Azure Security Center, including policy compliance, security alerts, secure score, and resource hygiene.
• Policy compliance: Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies.https://docs.microsoft.com/en-us/azure/governance/policy/overview
• Security alerts: A list of prioritized security alerts is shown in Security Center along with the information you need to quickly investigate the problem and recommendations for how to remediate an attack. https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts
• Secure Score: Review Secure Score: https://docs.microsoft.com/en-us/azure/security-center/security-center-secure-score and Enhanced Secure Score: https://docs.microsoft.com/en-us/azure/security-center/secure-score-security-controls
• Resource Hygiene: resource security hygiene advises on the most prevalent security recommendations for your resources. https://azure.microsoft.com/en-gb/blog/introducing-the-redesigned-security-center-overview-dashboard
• Describe the functionality and usage of Key Vault
• Azure key vault help you securely store and control access to tokens, passwords and certificates. It can also be used as a key management solution. Once you have created your vault you can enable logging to monitor its activity.(https://docs.microsoft.com/en-gb/azure/key-vault/key-vault-overview
• Describe the functionality and usage of Azure Sentinel
• Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. https://docs.microsoft.com/en-gb/azure/sentinel/overview
• Describe Azure Network Security
• Describe the concept of defense-in-deph
• Defense-in-depth is a security risk management approach that defines multiple layers of security controls in an IT environment so that if a security attack is not caught by one layer, it will be caught by the next.
• Describe the functionality and usage of Network Security Groups (NSG)
• Network security groups are used to control the flow of traffic to and from your Azure resources withing your virtual network. NSG’s can be assigned on a NIC or Subnet level with the ARM template, where with ASM (Classic), NSG’s can also be applied to NIC, however this is legacy. https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
• Describe the functionality and usage of Azure Firewall
• Azure Firewall is a fully stateful firewall with built in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. It is fully integrated with Azure monitor for logging and analytics. https://docs.microsoft.com/en-us/azure/firewall/overview
• Describe the functionality and usage of Azure DDoS protection
• Azure DDoS protection provides protection against DDoS attacks and it comes in 2 tiers, basic and standard. Basic is automatically enabled on the Azure platform and Standard you must purchase but has additional features. It protects against, volume attacks, protocol attacks and resource layer attacks. https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

Describe Identity, Governance, Privacy, and Compliance Features (20-25%)

Describe core Azure Identity Services

• Explain the difference between authentication and authorization
• Authentication is the process of proving you are who you say you are. Authentication in Azure is often shortened to AuthN.
• Authorization is the act of granting an authentication party permission to do something. It specifies what data you’re allowed to access and what you can do with that data. Authorization is often shortened in Azure to AuthZ. https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios
• Describe the functionality and usage of Azure Active Directory
• Azure AD is Microsoft’s cloud identity and access management service, like Windows Server Active Directory, but is solely cloud based. If you use Office 365, you should have some understanding of this already. https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
• Describe the functionality and usage of Conditional Access and Multi-Factor Authentication (MFA)
• Conditional access is a way for you to enforce policies across your organisation. At there simplest they are if/then statement, if this, then do that. Conditional access policies allow you to enforce the right access controls when needed to keep your organisation secure. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
• Multi-Factor authentication provides an additional layer of security at the authentication level. But combining multiple steps of verification, a significant challenge is left for an attacker. This is usually comprised of your password and a device you own or bio-metrics.https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
• Describe the functionality and usage of Role-based Access Control (RBAC)
• RBAC helps you manage who has access to what Azure resource. It provides a granular access management of Azure resources, for example, you could allow one single user to manage a virtual machine within a subscription. https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
• Describe Azure Governance Features
• Describe the functionality and usage of Azure Policy
• Azure policy allows you to create and manage policies within your Azure tenant. The polices can enforce rules, provide remediation and allow you to stay compliant with standards. https://docs.microsoft.com/en-us/azure/governance/policy/overview
• Describe the functionality and usage of resource locks
• Resource locks allow you to prevent other users in your organisation from accidentally modifying or deleting resources. Locks can be set as ‘CanNotDelete’ (which still allows for read and modify) or ‘ReadOnly’ (which users can read the resource but cannot delete or modify. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
• Describe the functionality and usage of tags
• Tags are used in Azure to logically organised your resources. A tag consists of a name and a value pair. Once your have tagged your resources you are able to logically view all the resources in your subscription with a specific tag, which is helpful when organizing for billing or management. You can utilize Azure policy to ensure all resources are tagged. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources
• Describe the functionality and usage of Azure Blueprints
• Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments which will meet your organisations compliance. https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
• Describe privacy and compliance resources
• Describe the purpose of the Microsoft Privacy Statement and the Cloud Adoption Framework for Azure
• The Microsoft Privacy Statement describes the privacy policy and practices that govern your use of Azure and Microsoft’s other enterprise online services, such as Office 365 and Intune. The Online Services Agreement or Preview Supplemental Terms may specify a different privacy statement for some services. https://privacy.microsoft.com/en-gb/privacystatement
• The Cloud Adoption Framework is the One Microsoft approach to cloud adoption in Azure, consolidating and sharing best practices from Microsoft employees, partners, and customers. The framework gives customers a set of tools, guidance, and narratives that help shape technology, business, and people strategies for driving desired business outcomes during their adoption effort. This guidance aligns to the following phases of the cloud adoption lifecycle, ensuring easy access to the right guidance at the right time. https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/
• Describe the purpose of the Trust Center
• The trust center is to provide customers and partners with easier access to regulatory compliance information. https://www.microsoft.com/en-gb/trust-center/?rtc=1
• Describe the purpose of the Service Trust Portal
• The Service Trust Portal contains details about Microsoft’s implementation of controls and processes that protect our cloud services and the customer data therein. To access some of the resources on the Service Trust Portal, you must log in as an authenticated user with your Microsoft cloud services account (either an Azure Active Directory organization account or a Microsoft Account) and review and accept the Microsoft Non-Disclosure Agreement for Compliance Materials. https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide
• Describe the purpose of Azure Sovereign Regions (Azure Government and Azure China Cloud Services)
• Azure Government is a cloud platform built upon the foundational principles of security, privacy and control, compliance, and transparency. Public Sector entities receive a physically isolated instance of Azure. https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-welcome
• Microsoft Azure operated by 21Vianet (Azure China) is a physically separated instance of cloud services located in China. It’s independently operated and transacted by Shanghai Blue Cloud Technology Co., Ltd. (“BlueCloud”), a wholly owned subsidiary of Beijing 21Vianet Broadband Data Center Co., Ltd. (“21Vianet”). https://docs.microsoft.com/en-us/azure/china/overview-operations
• Describe Azure Pricing and Support
• Describe methods for planning and management of costs
• Identify the factors affecting costs (resource types, services, locations, ingress and egress traffic, reserved instances, hybrid use benefit)
• Resource types: Costs are resource-specific, so the usage that a meter tracks and the number of meters associated with a resource depend on the resource type. https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/1b-factors-affecting-cost
• Services: Azure usage rates and billing periods can differ between Enterprise, Web Direct, and Cloud Solution Provider (CSP) customers. Some subscription types also include usage allowances, which affect costs.  https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/1b-factors-affecting-cost
• Locations: Azure has datacenters all over the world. Usage costs vary between locations that offer Azure products, services, and resources based on popularity, demand, and local infrastructure costs. https://docs.microsoft.com/en-us/learn/modules/predict-costs-and-optimize-spending/1b-factors-affecting-cost
• Ingress and Egress traffic: Data moving in and out of Azure data centres which is not covered by the Express Route or CDN pricing https://azure.microsoft.com/en-gb/pricing/details/bandwidth/
• Reserved instances: You can significantly reduce costs by up to 72% by purchasing 1-year or 3-year terms for Windows and Linux machines in Azure. https://azure.microsoft.com/en-gb/pricing/reserved-vm-instances/
• Hybrid use benefit: The ability to save on licensing costs by bringing your Windows Server or SQL Server on-premises licenses with Software Assurance to Azure. https://azure.microsoft.com/en-gb/pricing/reserved-vm-instances/
• Describe the functionality and usage of the pricing calculator and the Total Cost of Ownership (TCO) calculator
• The Azure pricing calculator allows you to configure and estimate the costs of your Azure products. You can use pre-built example scenarios, or build you own estimate, save it and export it to a CSV. https://azure.microsoft.com/en-gb/pricing/calculator/
• The Azure Total Cost of Ownership (TCO) calculator allows you to estimate the cost savings by migrating your existing workloads to Azure. https://azure.microsoft.com/en-us/pricing/tco/calculator/
• Describe the functionality and usage of Azure Cost Management
• You use Azure Cost Management and Billing features to conduct billing administrative tasks and manage billing access to costs. You also its features to monitor and control Azure spending and to optimize Azure resource use.https://docs.microsoft.com/en-us/azure/cost-management-billing/cost-management-billing-overview#feedback
• Describe Azure Service Level Agreements (SLAs) and service lifecycles
• Describe the purpose of an Azure Service Level Agreement (SLA)
• Azure SLAs detail the uptime guarantees Microsoft provide you. They will also detail the downtime credit policies. The Service Level Agreement (SLA) describes Microsoft’s commitments for uptime and connectivity. https://azure.microsoft.com/en-us/support/legal/sla/
• Interpret the terms of an SLA
• Review the following SLA example to understand it: https://docs.microsoft.com/en-gb/learn/modules/explore-azure-infrastructure/7-composite-sla
• Describe the service lifecycle in Azure (Public Preview and General Availability)
• Azure may include preview, beta, or other pre-release features, services, software, or regions offered by Microsoft to obtain customer feedback (“Previews”). Previews are made available to you on the condition that you agree to these terms of use, which supplement your agreement governing use of Azure. https://azure.microsoft.com/en-gb/support/legal/preview-supplemental-terms/
• Azure General Availability is the release of products to the general public. You can learn about important upcoming Azure updates and the Azure roadmap here: https://azure.microsoft.com/en-gb/updates/