BeginnerCloud & Security 7 min read

What Is Microsoft Azure? Cloud Platform Guide for Beginners

Understand Azure's core services, regions, and management tools in 7 minutes

Microsoft Azure is a comprehensive cloud computing platform offering over 200 products and services, from virtual machines and databases to AI and IoT solutions. As one of the "Big Three" cloud providers alongside AWS and Google Cloud, Azure powers everything from small business applications to enterprise-scale workloads. For IT professionals pursuing certifications like Azure Fundamentals (AZ-900) or Azure Administrator (AZ-104), understanding Azure's core architecture is essential. This guide breaks down Azure's key components, including regions and availability zones, resource groups, Azure Resource Manager (ARM), and common services like Azure Virtual Machines and Azure Blob Storage. You'll also learn how to navigate the Azure portal and use Azure CLI for management tasks.

1

Understanding Azure Regions and Availability Zones

Azure operates in multiple geographic regions worldwide, each containing one or more datacenters. Availability Zones are physically separate locations within a region that provide high availability. When deploying resources, you choose a region (e.g., eastus, westeurope) and optionally distribute across zones for fault tolerance. Use the Azure CLI to list available regions.

Azure CLI
az account list-locations --query "[].{Name:name, DisplayName:displayName}" --output table

Always deploy critical workloads across at least two availability zones to achieve 99.99% uptime SLA.

Not all Azure regions support Availability Zones. Check the region's capabilities before designing your architecture.

2

Creating a Resource Group and Virtual Network

Resource groups are logical containers for Azure resources. A virtual network (VNet) provides isolated networking in Azure. Create both using Azure CLI with proper naming conventions. The VNet requires an address space (CIDR) and at least one subnet.

Azure CLI
az group create --name MyResourceGroup --location eastus
az network vnet create \
  --name MyVNet \
  --resource-group MyResourceGroup \
  --location eastus \
  --address-prefix 10.0.0.0/16 \
  --subnet-name default \
  --subnet-prefix 10.0.1.0/24

Use a consistent naming convention like rg-{appname}-{env} for resource groups to simplify management.

3

Deploying an Azure Virtual Machine

Azure VMs provide scalable compute capacity. When creating a VM, you specify the image (OS), size (CPU/RAM), authentication method, and disk configuration. The following command deploys an Ubuntu Server 22.04 LTS VM with SSH key authentication.

Azure CLI
az vm create \
  --resource-group MyResourceGroup \
  --name MyUbuntuVM \
  --image Ubuntu2204 \
  --size Standard_B1s \
  --admin-username azureuser \
  --generate-ssh-keys \
  --public-ip-sku Standard

For cost savings, use B-series burstable VMs for development and testing workloads.

Always configure Network Security Group (NSG) rules to restrict inbound traffic. Default rules allow SSH (port 22) but should be locked down.

4

Configuring Azure Blob Storage

Azure Blob Storage is object storage for unstructured data. Create a storage account and a container, then upload a file. Storage accounts support three performance tiers: Standard (HDD), Premium (SSD), and Cool/Archive for infrequent access.

Azure CLI
az storage account create \
  --name mystorageaccount123 \
  --resource-group MyResourceGroup \
  --location eastus \
  --sku Standard_LRS \
  --kind StorageV2

az storage container create \
  --account-name mystorageaccount123 \
  --name mycontainer \
  --auth-mode login

echo "Hello Azure" > sample.txt
az storage blob upload \
  --account-name mystorageaccount123 \
  --container-name mycontainer \
  --name sample.txt \
  --file sample.txt \
  --auth-mode login

Use Azure Blob lifecycle management to automatically move blobs to Cool or Archive tiers based on age, reducing costs.

5

Managing Access with Azure RBAC

Azure Role-Based Access Control (RBAC) provides fine-grained access management. Assign roles to users, groups, or service principals at different scopes (subscription, resource group, resource). The following assigns the Contributor role to a user at the resource group scope.

Azure CLI
az role assignment create \
  --assignee "user@contoso.com" \
  --role "Contributor" \
  --resource-group MyResourceGroup

Follow the principle of least privilege: assign the minimum required role. Use custom roles when built-in roles are too permissive.

Avoid assigning Owner role broadly. Use Privileged Identity Management (PIM) for just-in-time elevated access.

6

Monitoring with Azure Monitor and Log Analytics

Azure Monitor collects metrics and logs from Azure resources. Create a Log Analytics workspace to query logs using Kusto Query Language (KQL). The following command creates a workspace and queries recent errors from Azure Activity Log.

Azure CLI / KQL
az monitor log-analytics workspace create \
  --resource-group MyResourceGroup \
  --workspace-name MyLogWorkspace \
  --location eastus

# Sample KQL query (run in Log Analytics)
AzureActivity
| where TimeGenerated > ago(1h)
| where Level == "Error"
| project TimeGenerated, OperationName, Status, Caller

Set up diagnostic settings to stream resource logs to Log Analytics for centralized monitoring and alerting.

Key tips

  • Use Azure Quickstart Templates (ARM templates) to deploy repeatable infrastructure. Microsoft provides hundreds of pre-built templates on GitHub.

  • Enable Azure Security Center's free tier to get a unified view of security recommendations across your subscriptions.

  • For cost management, set up budgets and alerts in Azure Cost Management + Billing to avoid unexpected charges.

  • Use Azure Policy to enforce compliance rules (e.g., restrict VM sizes, require tags) across your entire environment.

  • Leverage Azure Free Account ($200 credit for 30 days + 12 months of popular services) to practice without incurring costs.

  • When studying for AZ-900, focus on understanding cloud concepts (IaaS/PaaS/SaaS), core Azure services, and pricing models rather than deep technical implementation.

Frequently asked questions

What is the difference between Azure regions and availability zones?

An Azure region is a geographic area containing one or more datacenters (e.g., East US, West Europe). Availability Zones are physically separate locations within a region, each with independent power, cooling, and networking. Zones provide high availability by allowing you to distribute resources across multiple failure domains within the same region.

How does Azure pricing work for beginners?

Azure offers pay-as-you-go pricing with no upfront costs. You pay only for resources you use (compute hours, storage GB, data transfer). The Azure Pricing Calculator helps estimate costs. The Free Account includes 12 months of popular services (750 hours of B1s VM, 5 GB blob storage) plus $200 credit for the first 30 days.

What is Azure Resource Manager (ARM) and why is it important?

ARM is the deployment and management service for Azure. It provides a consistent management layer that enables you to create, update, and delete resources in your subscription. ARM handles resource grouping, role-based access control, tagging, and policy enforcement. All Azure resource operations go through ARM's REST API.

Should I learn Azure CLI or Azure PowerShell for administration?

Both are equally capable, but Azure CLI is cross-platform (Windows, macOS, Linux) and uses a simpler syntax. PowerShell is better if you're already invested in the PowerShell ecosystem or need advanced scripting. For certification exams (AZ-104), you should be comfortable with both, but CLI is more commonly used in modern DevOps workflows.

What are the main differences between Azure and AWS for beginners?

Both offer similar core services (VMs, storage, databases), but terminology differs: Azure VNet vs AWS VPC, Azure Blob Storage vs S3, Azure VM vs EC2. Azure integrates deeply with Microsoft products (Active Directory, SQL Server, Office 365). AWS has a larger global infrastructure and more services overall. Choose based on your organization's existing Microsoft ecosystem or specific service requirements.

Related glossary terms

Browse full glossary →

Practice with real exam questions

Apply what you just learned with exam-style practice questions.

Related guides