Azure AZ-900 Cheat Sheet 2026
Everything you need on one page before exam day: domain weights, the cloud concepts and vocabulary examiners love, core Azure services by category, governance tools, must-know facts, and the traps that catch first-timers.
01 Domain weights
AZ-900 has three domains. Azure architecture and services is the largest single area, but the three are close enough that you should not skip any of them.
02 Cloud concepts
The foundational vocabulary. Expect plenty of "match the definition" and "which model fits this scenario" questions here.
IaaS vs PaaS vs SaaS
Shared management
IaaS = you manage OS & up (most control); PaaS = you manage apps & data only; SaaS = vendor manages everything, you just use it.
Public / Private / Hybrid
Deployment models
Public = shared Azure infrastructure; Private = dedicated to one org; Hybrid = combines on-premises with cloud.
CapEx vs OpEx
Spending model
CapEx = up-front capital purchase of hardware; OpEx = ongoing operational spend. Cloud shifts CapEx to pay-as-you-go OpEx.
Cloud benefits
Why cloud
High availability, scalability, elasticity, reliability, security, governance, and manageability — know each term apart.
Consumption-based model
Billing
Pay only for what you use, no upfront cost, no over-provisioning, stop paying when you stop using it.
Scalability vs elasticity
Easy to confuse
Scalability = ability to add capacity (vertical = bigger, horizontal = more); elasticity = scaling automatically to match demand.
03 Core Azure services
Know what each service is for and where it stops — the exam asks you to pick the right one for a scenario rather than to configure anything. Focus on the four pillars below: compute, networking, storage and database. You do not need every option in each category, just the headline services and the one-line reason each exists.
Compute
VMs · VM Scale Sets · App Service · Functions · Containers/AKS
VMs for full IaaS control, App Service for managed web apps (PaaS), Functions for serverless event-driven code, AKS for Kubernetes.
Networking
VNet · VPN Gateway · ExpressRoute · DNS · Load Balancer
VNet for private isolation, VPN Gateway for encrypted internet links, ExpressRoute for private dedicated connections, Load Balancer to distribute traffic.
Storage
Blob · Disk · File · Queue + access tiers
Blob for objects, Disk for VM block storage, File for SMB shares, Queue for messaging. Tiers: Hot, Cool, Cold, Archive.
Database
SQL Database · Cosmos DB
Azure SQL Database = managed relational PaaS; Cosmos DB = globally distributed, multi-model NoSQL with low-latency reads.
04 Azure architecture
The physical and organisational building blocks. Examiners love to test the difference between a region pair and an availability zone, and between the management scopes.
| Term | What it is |
|---|---|
| Region | A geographic set of datacenters deployed within a latency-defined perimeter. |
| Region Pair | Two regions in the same geography (300+ km apart) for disaster recovery and sequenced updates. |
| Availability Zone | Physically separate datacenters within one region, with independent power, cooling and networking, for high availability. |
| Datacenter | The physical facility housing the servers and infrastructure. |
| Resource Group | A logical container that holds related resources sharing the same lifecycle. |
| Subscription | A billing and access boundary that groups resource groups. |
| Management Group | A container above subscriptions to apply policy and access across many subscriptions at once. |
| Azure Resource Manager (ARM) | The deployment and management layer — every request to create, update or delete resources goes through it. |
05 Management & governance tools
These tools control what can be done, who can do it, and how much it costs. This is one of the heaviest scored areas.
Azure Policy
What is allowed
Enforces rules and standards on resources — e.g. allowed regions or required tags. Audits or denies non-compliant resources.
RBAC
Who can act
Role-based access control grants the right people the right level of access to the right scope.
Resource Locks
CanNotDelete / ReadOnly
Prevent accidental deletion or modification of critical resources, even by owners.
Tags
Metadata
Key-value labels to organise resources for billing, ownership and environment grouping.
Azure Blueprints
Repeatable environments
Package policies, role assignments and ARM templates to deploy compliant environments in one step.
Microsoft Purview
Data governance
Unified data governance — discover, classify and map data across your estate.
Cost Management + Budgets
Track & alert
Monitor actual spend, set budgets, and trigger alerts before you blow past them.
TCO Calculator
Estimate savings
Compares the cost of running on-premises versus in Azure to justify migration.
Pricing Calculator
Estimate cost
Configures and prices a planned Azure deployment before you build it.
06 Monitoring, SLAs & trust
| Tool / concept | What it does |
|---|---|
| Azure Monitor | Collects and analyses metrics and logs across resources; backs alerts and dashboards. |
| Service Health | Personalised view of Azure outages, planned maintenance and health advisories affecting your resources. |
| Azure Advisor | Personalised recommendations across cost, security, reliability, performance and operational excellence. |
| SLA | Service Level Agreement — Microsoft's guaranteed uptime. A free tier service typically has no financially backed SLA. |
| Composite SLA | The combined SLA of multiple services in an application; chaining services in series lowers the overall figure. |
| Service Lifecycle | Private preview → public preview → general availability (GA). Preview features may lack full SLAs and support. |
| Trust Center / Service Trust Portal | Microsoft's hub for security, privacy and compliance documentation, audit reports and certifications. |
07 Must-know facts
A grab-bag of high-frequency details. Cost, support and SLA questions appear in almost every AZ-900 sitting, so lock these in.
- Factors affecting cost: resource type, region, ingress/egress bandwidth, and the billing zone all change the price.
- Ways to reduce cost: reservations (reserved instances), Azure Hybrid Benefit (reuse existing Windows/SQL licences), spot VMs, right-sizing, and Cost Management.
- Free vs paid support: Basic support is free for all; Developer, Standard and Professional Direct are paid plans with faster response times and more access.
- SLA increases with redundancy: single VM < availability set < availability zones — more redundancy means a higher guaranteed uptime.
- Free account: includes limited free services for 12 months, an initial credit, and 25+ always-free services.
- Pay-as-you-go vs reserved: reservations of 1 or 3 years cut cost significantly for predictable, steady workloads.
08 Common traps
These four distinctions are where most first-timers lose marks. Slow down and identify which side of each pair the question is actually testing.
09 FAQ
Is AZ-900 worth it?
Yes, especially if you are new to the cloud or moving into a role that touches Azure. AZ-900 validates foundational cloud literacy, looks good on a CV for non-technical and early-career roles, and is the natural on-ramp to associate certs like AZ-104 and AZ-204. It is conceptual, so the effort-to-credential ratio is excellent.
How long to study for AZ-900?
Most candidates need about 15 to 25 hours, or roughly two to three weeks of casual study. If you already work with cloud platforms you can be ready in a few days; complete beginners should budget a little more. Use Microsoft Learn modules plus practice questions to gauge readiness.
Does AZ-900 expire?
No. AZ-900, like other Microsoft Fundamentals certifications, does not expire. Role-based associate and expert certifications (such as AZ-104) require annual renewal, but the fundamentals tier is valid indefinitely once you pass.
Is AZ-900 hard for beginners?
No. AZ-900 is one of the most beginner-friendly IT certifications. It tests vocabulary and concepts rather than hands-on skills, requires no coding or console work, and has a 700/1000 pass bar. With consistent study most beginners pass on the first attempt.
