The Azure Architecture and Services domain is the heart of the AZ-900 exam, covering the core building blocks of Microsoft Azure. In plain English, this domain is about understanding the fundamental components that make up Azure's cloud infrastructure—things like virtual machines, storage accounts, databases, networking, and identity services. You'll learn how these pieces fit together to create scalable, secure, and cost-effective solutions. For example, you'll explore how Azure Virtual Machines let you run Windows or Linux in the cloud, how Azure Blob Storage stores massive amounts of unstructured data like photos or videos, and how Azure SQL Database provides a managed relational database service. This domain also introduces key architectural concepts like regions (geographic locations of data centers), availability zones (isolated data centers within a region for high availability), and resource groups (logical containers for managing related resources). Understanding these basics is crucial because they form the foundation for everything else in Azure.
Why is this important for real-world IT, security, and cloud work? Because Azure is one of the leading cloud platforms, and professionals across all IT roles need to know how to design and manage cloud solutions. For instance, a system administrator might need to decide between using Azure VMs or Azure App Service to host a web application, weighing factors like scalability, maintenance, and cost. A security analyst must understand Azure's shared responsibility model—where Microsoft secures the physical infrastructure (data centers, network) and you secure your data, identities, and access. Without grasping these architectural components, you can't make informed decisions about cloud adoption, cost optimization, or security. Real-world scenarios include setting up a disaster recovery plan using Azure Site Recovery, or configuring Azure Active Directory for single sign-on across multiple apps. This domain gives you the vocabulary and mental model to talk about these solutions with colleagues and clients.
On the AZ-900 exam, this domain tests your knowledge of Azure's core services and how they work together. Specifically, you'll need to identify the right service for a given business requirement. For example, a question might ask: "Which Azure service should you use to host a web app that automatically scales based on demand?" (Answer: Azure App Service). Or "Which storage option is best for storing virtual machine disks?" (Answer: Azure Managed Disks). You'll also be tested on high-level architectural concepts like the difference between IaaS, PaaS, and SaaS, and when to use each. The exam doesn't require deep technical skills—you won't be asked to write code or configure a network—but you must understand the purpose and typical use cases of each service. Expect questions about Azure regions, availability zones, resource groups, and management tools like Azure Portal, Azure CLI, and Azure PowerShell. The weight of this domain (35-40%) means you'll see many questions here, so it's critical to master it.
To approach studying this domain effectively, start by creating a mental map of Azure's service categories: compute, networking, storage, databases, identity, and management. Use Microsoft's official documentation and free learning paths on Microsoft Learn, which include interactive modules and sandboxes. For each service, ask yourself: What problem does it solve? When would I use it? What are its key features? Then, reinforce your learning with practice exams that mimic the real test format. Focus on scenarios that require choosing between similar services, like Azure SQL Database vs. SQL Server on a VM, or Azure Blob vs. Azure Files. Finally, use mnemonic devices to remember tricky concepts—for example, remember that availability zones protect against data center failures, while region pairs protect against regional disasters. By building this foundational knowledge, you'll not only pass the exam but also be prepared for real-world Azure work.
AZ-900 Describe Azure architecture and services — Key Topics
Azure Architecture and Services covers the core components of Azure—compute, networking, storage, databases, identity, and management—and how they work together to build cloud solutions, tested through scenario-based questions on service selection and architectural concepts.
Identify the appropriate Azure compute service (e.g., VMs, App Service, Functions) for a given workload scenario
Differentiate between Azure storage options (Blob, Disk, File, Queue, Table) based on use case
Understand Azure networking concepts (VNet, load balancer, VPN Gateway, CDN) and their purposes
Describe Azure database services (SQL Database, Cosmos DB, Azure Database for MySQL/PostgreSQL) and when to use each
Explain Azure identity services (Azure AD, RBAC, MFA) and their role in security
Recognize Azure management tools (Portal, CLI, PowerShell, Cloud Shell) and their typical uses
Common exam traps
Where candidates lose marks on Describe Azure architecture and services
⚠Confusing Azure Blob Storage (unstructured data) with Azure Files (managed file shares) or Azure Disk (VM disks)
⚠Thinking that availability zones and region pairs are the same thing—zones protect within a region, pairs protect across regions
⚠Assuming all virtual machines are IaaS, but Azure VMs are IaaS while App Service is PaaS—know the difference for scenario questions
⚠Mixing up Azure SQL Database (PaaS) with SQL Server on Azure VM (IaaS) in terms of management responsibility
⚠Forgetting that Azure AD is for identity and access management, not just Active Directory in the cloud—it's a separate service
AZ-900 Describe Azure architecture and services — Practice Questions
A company is planning to migrate its on-premises applications to Azure. They have a mix of monolithic and microservices-based applications. Which Azure compute service should they choose for a microservices architecture that requires independent scaling and deployment of components?
A solutions architect is designing a storage solution for a large media company. The company needs to store video files that are accessed infrequently but must be retained for several years for compliance. Which two Azure storage options meet these requirements? (Select two.)
A developer is building a serverless application that requires integration with an on-premises SQL Server database for real-time data processing. The on-premises network is connected to Azure via a site-to-site VPN. Which Azure service would allow the function to securely access the on-premises database without exposing it to the public internet?
A company is designing a multi-tier application on Azure. The web tier needs to scale out based on CPU usage, while the database tier requires high-performance storage for transactional data. Which combination of Azure services should they choose?
A company is deploying a mission-critical application that must remain available even if a physical Azure datacenter within a region fails. The application will run on multiple virtual machines. Which Azure feature should they use to protect against this specific failure scenario?
A company deploys a web application on Azure App Service. During a marketing campaign, they expect traffic to double. The app uses a Standard tier App Service plan. They want to ensure that the additional load is handled without performance degradation while keeping costs minimal. Which action should they take?
A company wants to deploy a custom Linux-based application in Azure. They need full control over the operating system, including installing custom software and configuration. Which Azure compute service should they choose?
A company uses Azure and wants to organize all their virtual machines, databases, and storage accounts into logical containers for management and billing purposes. Which Azure component should they use to group these resources?
Which Azure region feature provides fault tolerance by isolating failures within a single region? It consists of physically separate datacenters with independent power, cooling, and networking.
A healthcare organization stores patient records in Azure Blob Storage. They require that data remains available even if an entire Azure datacenter fails, and they also need to ensure data is replicated within the same region for low latency. Which storage redundancy option should they choose?
A development team wants to deploy a microservices-based application using containers. They want to orchestrate the containers with automatic scaling and rolling updates, but they want to avoid managing the underlying infrastructure such as virtual machines. Which Azure compute service meets these requirements?
A company wants to migrate an on-premises SQL Server database to Azure. They require full administrative control over the database engine, including the ability to configure SQL Server Agent jobs and use cross-database queries. They also want to avoid patching the operating system. Which Azure service should they choose?
A company is designing a disaster recovery solution for a multi-tier application hosted in Azure. They need to ensure that if an entire Azure region becomes unavailable, the application can fail over to another region. The application uses Azure SQL Database. Which Azure feature should they use to replicate the database across regions?
A company has a virtual machine running a legacy application that needs high-performance, low-latency storage for transactional data. They need to attach a storage solution that provides the highest IOPS and throughput. Which Azure managed disk type should they choose?
A company needs to store large amounts of unstructured data, such as images and videos, for a web application. They need to access data from anywhere via HTTP/HTTPS. Which Azure storage service should they use?
A company deploys virtual machines in Azure. They want to ensure that the VMs are distributed across multiple fault domains and update domains within an Azure datacenter to protect against hardware failures and maintenance. Which Azure construct should they use?
A company deploys a multi-tier application using Azure virtual machines. The web tier VMs must be evenly distributed across two distinct data centers within an Azure region to avoid a single point of failure from an infrastructure outage. Which Azure construct should they use to meet this requirement?
A company wants to migrate an on-premises application to Azure. The application requires consistently high disk throughput for database files. They plan to use Azure virtual machines with managed disks. Which disk type should they choose to get the highest possible IOPS and throughput at a premium cost?
A company plans to run a large-scale batch processing job on Azure that runs for 10 hours every night. The job is fault-tolerant and can be interrupted. They want to minimize cost as much as possible. Which Azure virtual machine pricing option should they use?
A company wants to run a containerized microservices application on Azure. The application requires automatic scaling, service discovery, and rolling updates without manual intervention. They prefer not to manage the underlying virtual machines. Which Azure compute service should they choose?
A company wants to store large amounts of unstructured data (e.g., images, videos, documents) that will be accessed from multiple applications over HTTP/HTTPS. The data needs to be highly durable and available. Which Azure storage service should they use?
A company needs to run a custom-built Windows application that requires full administrative access to the operating system, including the ability to install custom software and configure firewall rules. They also need to ensure the application is highly available by running multiple instances. Which Azure compute service should they use?
A company plans to deploy a critical application across multiple physical locations within a single Azure region to ensure that if one datacenter fails, the application remains available. Which Azure feature should they use to distribute virtual machines across these locations?
A company needs to store large amounts of unstructured data, such as images and videos, which will be accessed by multiple applications over the internet. The data must be highly durable and available. Which Azure storage service should they use?
A company wants to run a containerized microservices application on Azure. They need automatic scaling based on demand, service discovery, and rolling updates without manual intervention. They want to avoid managing the underlying virtual machines. Which Azure compute service should they choose?
A company wants to deploy a virtual machine in Azure and needs to ensure that the VM is placed in a location that provides the lowest network latency to its users in Europe. Which Azure construct should they consider to meet this requirement?
A company deploys a critical application on Azure virtual machines. They want to ensure that the VMs are distributed across physically separate datacenters within a single Azure region to protect against a single datacenter failure. Which Azure feature should they use?
A company wants to run a containerized application in Azure without managing any virtual machines. They need automatic scaling, load balancing, and service discovery. Which Azure compute service should they choose?
A company needs to store massive amounts of unstructured data, such as videos and images, that will be accessed over the internet. The data must be highly durable and available. Which Azure service should they use?
More Describe Azure architecture and services questions available in the full practice test.