This chapter covers Azure VM Availability Sets and Availability Zones — two fundamental constructs for achieving high availability in Azure. On the AZ-104 exam, approximately 10-15% of questions touch on compute high availability, and understanding the precise differences between these two features is critical. You will be tested on their architecture, fault and update domain counts, placement behavior, and when to use each. By the end of this chapter, you will know exactly how to design a resilient VM deployment and avoid common exam traps.
Jump to a section
Availability Sets are like an apartment building with multiple units on different floors and wings. The building has a shared foundation (the same datacenter), but each unit is in a different fault domain (separate wing) and update domain (separate floor). If a fire breaks out in one wing, only that wing is affected. If the building needs maintenance, floors are renovated one at a time, so tenants on other floors stay put. In contrast, Availability Zones are like three separate houses on different streets in the same neighborhood. Each house has its own foundation, power line, and water pipe. A fire in one house doesn't touch the others. A power outage on one street leaves the other two houses fully operational. In the cloud, an Availability Set spreads VMs across multiple racks (fault domains) and schedules updates across multiple groups (update domains) within a single datacenter. An Availability Zone places each VM in a physically separate datacenter with independent power, cooling, and networking. The trade-off is latency: walking between apartments is instant, but driving between houses takes a few milliseconds. For the exam, remember that Availability Sets protect against rack-level failures and planned maintenance within one region, while Availability Zones protect against entire datacenter outages.
What Are Availability Sets and Why Do They Exist?
An Availability Set is a logical grouping of VMs that Azure distributes across multiple fault domains and update domains within a single Azure datacenter (a region's availability zone or a regional datacenter). The purpose is to ensure that during planned maintenance (e.g., OS updates) or unplanned hardware failures (e.g., disk failure, rack power loss), not all VMs in the set are impacted simultaneously. This raises the SLA for VM uptime: VMs in an Availability Set are eligible for a 99.95% monthly uptime SLA, compared to 99.9% for single-instance VMs. Availability Zones take this further by placing VMs in physically separate datacenters within a region, each with independent power, cooling, and networking, achieving a 99.99% SLA for zonal deployments.
How Availability Sets Work Internally
When you create a VM and assign it to an Availability Set, Azure automatically places the VM into one of the fault domains and one of the update domains defined in the set. The set itself has two key properties: - Fault Domain (FD): A logical group of hardware that shares a common power source and network switch. In Azure, each Availability Set has a default of 2 fault domains, but you can configure up to 3 (the maximum). FDs are numbered 0, 1, (and optionally 2). Azure ensures that VMs in the same Availability Set are placed into different FDs to avoid a single point of failure. - Update Domain (UD): A logical group of hardware that undergoes planned maintenance (e.g., patching) at the same time. Azure has a default of 5 update domains per Availability Set, but you can configure up to 20. VMs in different UDs are rebooted sequentially during maintenance, with a 30-minute pause between each UD reboot (this is not user-configurable).
The total number of VMs you can place in an Availability Set is limited by the product of FDs and UDs. For example, with 2 FDs and 5 UDs, you can have up to 10 VMs (2 x 5) without any two VMs sharing the same FD and UD combination. However, you can have more VMs than UDs; Azure will still distribute them across UDs as evenly as possible, but some UDs may contain multiple VMs. The critical rule is that VMs in the same FD and UD combination share the same physical rack and power/cooling.
How Availability Zones Work
Availability Zones are physically separate locations within an Azure region. Each zone has its own independent power source, cooling system, and network. A region may have 2 or 3 zones (e.g., East US 2 has 3 zones). When you deploy a VM into a specific zone (Zone 1, 2, or 3), Azure places the VM in that zone's datacenter. There is no automatic distribution across zones; you must manually deploy multiple VMs into different zones to achieve zone redundancy. You can also use a Zone-Redundant Storage (ZRS) account to replicate data across zones. The network latency between zones is typically less than 2 milliseconds round-trip, but this is higher than within a single datacenter.
Key Differences at a Glance
Scope: Availability Set operates within a single datacenter (one zone or regional datacenter). Availability Zone spans multiple datacenters within a region.
Fault Tolerance: Availability Set protects against rack-level failures. Availability Zone protects against full datacenter outages.
SLA: 99.95% for Availability Set (multi-VM), 99.99% for Availability Zone (multi-VM across zones).
Network Latency: Lower within an Availability Set (<1ms), higher between zones (<2ms).
Cost: No additional charge for Availability Set. Data transfer between zones incurs standard egress charges.
Limitations: Availability Set cannot be changed after creation (you cannot add a VM to a set after creation unless you recreate it). Availability Zone is specified at VM creation and cannot be changed later.
Configuration and Verification
To create an Availability Set via Azure CLI:
az vm availability-set create \
--name myAVSet \
--resource-group myRG \
--location eastus \
--platform-fault-domain-count 2 \
--platform-update-domain-count 5To create a VM in an Availability Set:
az vm create \
--name myVM \
--resource-group myRG \
--availability-set myAVSet \
--image UbuntuLTS \
--admin-username azureuserTo create a VM in a specific Availability Zone:
az vm create \
--name myVMZone1 \
--resource-group myRG \
--zone 1 \
--image UbuntuLTS \
--admin-username azureuserTo verify placement, use:
az vm show --name myVM --resource-group myRG --query "instanceView"Look for platformFaultDomain and platformUpdateDomain fields for Availability Sets, or zones field for zonal VMs.
Interaction with Other Services
Load Balancer: An Azure Load Balancer can be configured to distribute traffic across VMs in an Availability Set or across zones. For zonal deployments, use a Standard Load Balancer with zone-redundant frontend IP.
Managed Disks: VMs in an Availability Set should use managed disks to avoid disk-level single points of failure. Unmanaged disks (stored in storage accounts) can cause all VMs to rely on the same storage account, defeating the purpose of the Availability Set.
Virtual Machine Scale Sets (VMSS): VMSS can be configured with Availability Zones (spreading instances across zones) or with an Availability Set (spreading across fault/update domains within one zone). The exam often tests the difference between zonal VMSS and regional VMSS.
Defaults and Limits
Fault domain count: Default 2, max 3.
Update domain count: Default 5, max 20.
Maximum VMs in an Availability Set: 100 (but practical limit is FD x UD for true redundancy).
Availability Zones per region: Typically 3 (some regions have 2).
VMs in the same Availability Set must be in the same region and same resource group.
A VM can only be in one Availability Set at a time.
Availability Sets cannot be nested.
Exam Trap: Proximity Placement Groups
A Proximity Placement Group (PPG) is a separate construct that reduces network latency between VMs by co-locating them in the same datacenter. This is often confused with Availability Sets. PPGs do NOT provide fault tolerance; they only minimize latency. You can combine PPGs with Availability Sets or Zones, but the exam may ask which to use for low latency vs. high availability.
Summary of Mechanism
Azure's fabric controller is responsible for placing VMs into fault and update domains. When a VM is created in an Availability Set, the fabric controller checks the existing VMs in the set and places the new VM into the FD and UD with the fewest VMs. This ensures even distribution. During planned maintenance, Azure reboots VMs one update domain at a time, waiting 30 minutes between domains. Unplanned failures affect only one fault domain. In Availability Zones, the fabric controller places the VM in the specified zone's datacenter; no automatic distribution across zones occurs.
Create Availability Set
Define the Availability Set with a name, region, resource group, and optionally specify fault domain count (2 or 3) and update domain count (1-20). Defaults are 2 FDs and 5 UDs. This logical container does not cost anything and does not deploy any hardware. It simply registers a policy that Azure's fabric controller will use to place VMs. In the Azure portal, you can create the set from the 'Availability sets' blade or during VM creation.
Create VMs in the Set
When creating a VM, assign it to the Availability Set. The fabric controller selects an available fault domain and update domain for the VM based on current occupancy. It tries to balance VMs across all FDs and UDs. For example, with 2 FDs and 5 UDs, the first VM goes to FD0, UD0; the second to FD1, UD1; the third to FD0, UD2; and so on. After all 10 unique combinations are used, the 11th VM will share an FD/UD pair with an existing VM, reducing redundancy.
Verify Placement
Use Azure CLI or portal to check the fault domain and update domain of each VM. The `instanceView` property shows `platformFaultDomain` and `platformUpdateDomain`. Verify that VMs are spread across different FDs. If multiple VMs share the same FD, a hardware failure in that rack could impact all of them. The exam often presents a scenario where VMs are all in the same FD due to misconfiguration (e.g., creating VMs one by one without specifying the set).
Deploy Across Zones
For Availability Zones, create VMs in different zones (e.g., VM1 in Zone 1, VM2 in Zone 2, VM3 in Zone 3). You cannot assign a VM to a zone after creation. The fabric controller places the VM in the specified zone's datacenter. To achieve redundancy, you must deploy at least two VMs in different zones. A single VM in a zone does not provide high availability. The exam often tests that you need at least two VMs across two zones for the 99.99% SLA.
Configure Load Balancer
To distribute traffic across VMs in an Availability Set, create a Standard Load Balancer and add the VMs to its backend pool. For zonal VMs, you can use a zone-redundant frontend IP (which survives zone failure) or zonal frontend IP (pinned to a specific zone). The backend pool can include VMs from multiple zones. The exam may ask which load balancer SKU supports cross-zone load balancing (Standard only).
Scenario 1: E-commerce Platform with High Availability Requirements
A large e-commerce company runs a critical web application on Azure. They need to maintain 99.99% uptime. They deploy two VMs running the web server across two Availability Zones (Zone 1 and Zone 2) in the East US region. They also deploy two VMs for the database layer in the same zones, using SQL Server Always On Availability Groups. The load balancer is a Standard Load Balancer with a zone-redundant frontend IP. This setup ensures that if one entire datacenter goes down (e.g., power failure), the other zone continues serving traffic. The team monitors latency between zones (typically <2ms) and ensures that the application can handle the slight latency increase. They also configure Azure Site Recovery to replicate VMs to a secondary region for disaster recovery. In production, they have auto-scaling configured via Virtual Machine Scale Sets with zones, but they started with static VMs to control costs. Common mistake: initially they deployed all VMs in the same Availability Set within one zone, thinking that was sufficient. After a zone-wide outage, they learned the hard way and migrated to a multi-zone architecture.
Scenario 2: Internal Enterprise Application with Low Latency Needs
A financial services firm runs a latency-sensitive trading application. They cannot tolerate the extra milliseconds of cross-zone latency. They choose Availability Sets instead of Zones. They deploy 4 VMs in an Availability Set with 2 fault domains and 5 update domains. All VMs are in the same datacenter, so latency is minimal. They use managed disks and a Standard Load Balancer to distribute traffic. The application is not mission-critical enough to need zone redundancy, but they want protection against rack-level failures. During planned maintenance, Azure reboots VMs one update domain at a time, so the application remains available with reduced capacity. They test this by triggering a simulated maintenance event and monitoring application performance. The main challenge is ensuring that the application can handle the loss of one fault domain (e.g., 2 VMs out of 4) without crashing. They configure health probes on the load balancer to remove unhealthy VMs. A common misconfiguration: they initially used unmanaged disks, which caused all VMs to depend on a single storage account, creating a single point of failure. Switching to managed disks resolved this.
Scenario 3: Hybrid Deployment with Proximity Placement Groups
A media company runs a video rendering farm that requires high throughput between VMs. They use Proximity Placement Groups to co-locate VMs in the same datacenter, combined with an Availability Set to ensure fault tolerance. They deploy 10 VMs in a single PPG, with an Availability Set configured with 3 fault domains and 10 update domains. This ensures low latency (since all VMs are physically close) and protection against rack failures. However, they cannot achieve zone-level redundancy because PPGs are confined to one datacenter. They accept this trade-off because the application is not critical enough to require multi-datacenter resilience. The team uses Azure CLI to create the PPG and associate it with the Availability Set. They monitor latency metrics and ensure that the PPG does not become too large (max 100 VMs per PPG). A pitfall: if they need to expand to another region, they must create a new PPG in that region.
What the AZ-104 Exam Tests
The exam objectives (Domain 3: Compute, Objective 3.1) explicitly require you to "implement and configure virtual machine high availability" including Availability Sets and Availability Zones. You must know:
The default fault domain count (2) and maximum (3).
The default update domain count (5) and maximum (20).
The SLA percentages: 99.9% (single VM), 99.95% (multi-VM in Availability Set), 99.99% (multi-VM across Availability Zones).
That a VM can only be assigned to an Availability Set at creation time. You cannot add an existing VM to a set.
That Availability Zones require VMs to be created in different zones manually; there is no automatic distribution.
That Standard Load Balancer is required for cross-zone load balancing.
Common Wrong Answers and Why Candidates Choose Them
"You can change the Availability Set of a VM after creation." Many candidates think you can simply edit the properties. In reality, you must delete and recreate the VM. The exam loves to test this with a scenario where a VM is already running.
"Availability Zones provide higher network bandwidth." No, they provide higher availability, not bandwidth. Candidates confuse availability with performance.
"An Availability Set can span multiple regions." Availability Sets are scoped to a single region and datacenter. Some think they are like region pairs.
"You need at least 3 VMs for Availability Set." You can have 2 VMs in a set with 2 FDs. The minimum is 1 VM (but you get no SLA benefit).
"Proximity Placement Groups provide fault tolerance." They do not; they only reduce latency. Candidates mix up the purpose.
Specific Numbers and Terms
Fault domain: 2 (default), 3 (max).
Update domain: 5 (default), 20 (max).
SLA: 99.9%, 99.95%, 99.99%.
Zones: 2 or 3 per region.
The term "platform fault domain" appears in CLI output.
The exam uses "planned maintenance" and "unplanned hardware failure" to differentiate UD and FD.
Edge Cases and Exceptions
If you create an Availability Set with 1 fault domain, all VMs are in the same FD, providing no fault tolerance. The exam may present this as a trick.
If you have more VMs than update domains, multiple VMs will share a UD, but they will still be spread across FDs.
Availability Sets cannot be used with VMs that have unmanaged disks unless the storage accounts are also distributed.
You cannot mix Availability Sets and Availability Zones on the same VM. A VM is either in a set or in a zone, not both.
How to Eliminate Wrong Answers
If the question asks about "planned maintenance," think update domains.
If it asks about "hardware failure," think fault domains.
If it asks about "datacenter outage," think Availability Zones.
If it asks about "lowest latency," think Proximity Placement Group or same Availability Set (not Zones).
Always check the SLA: 99.95% requires at least 2 VMs in an Availability Set; 99.99% requires at least 2 VMs in different zones.
Availability Sets protect against rack-level failures and planned maintenance within a single datacenter.
Availability Zones protect against entire datacenter outages by placing VMs in physically separate locations.
Default fault domain count is 2, update domain count is 5. You can configure up to 3 FDs and 20 UDs.
A VM must be assigned to an Availability Set at creation time; it cannot be changed later.
To achieve 99.99% SLA, deploy at least two VMs in different Availability Zones.
Standard Load Balancer is required for load balancing across Availability Zones.
Managed disks are required for VMs in an Availability Set to avoid storage-level single points of failure.
Proximity Placement Groups reduce latency but do not provide fault tolerance.
Availability Sets and Availability Zones are mutually exclusive for a single VM; a VM cannot be in both.
The exam tests specific numbers: 2 FDs, 5 UDs, 99.95%, 99.99%, and the fact that you cannot change the set after VM creation.
These come up on the exam all the time. Here's how to tell them apart.
Availability Set
Operates within a single datacenter.
Provides fault domains (rack-level) and update domains (maintenance).
Default 2 fault domains, max 3; default 5 update domains, max 20.
SLA: 99.95% for multi-VM deployments.
No additional data transfer costs; all VMs within same datacenter.
Availability Zone
Spans multiple physically separate datacenters within a region.
Provides whole-datacenter fault isolation; no update domains (each zone is independent).
Typically 3 zones per region (some have 2).
SLA: 99.99% for multi-VM deployments across zones.
Data transfer between zones incurs standard egress charges.
Mistake
Availability Sets automatically distribute VMs across different Azure regions.
Correct
Availability Sets are scoped to a single region and a single datacenter within that region. They do not span regions. For cross-region redundancy, you need Azure Site Recovery or paired regions.
Mistake
You can add a VM to an Availability Set after it has been created.
Correct
A VM must be assigned to an Availability Set at creation time. After creation, the VM cannot be added to an Availability Set without deleting and recreating it. This is a common exam trap.
Mistake
Availability Zones provide lower latency than Availability Sets.
Correct
Availability Zones are physically separate datacenters with network latency typically <2ms, while Availability Sets are within the same datacenter with <1ms latency. So Availability Sets have lower latency.
Mistake
An Availability Set with 3 fault domains and 5 update domains can host up to 15 VMs with full redundancy.
Correct
The maximum number of VMs with unique FD/UD combinations is FD count * UD count = 3 * 5 = 15. Beyond that, VMs will share FD/UD pairs, reducing redundancy. However, Azure still distributes them as evenly as possible.
Mistake
Proximity Placement Groups provide high availability similar to Availability Sets.
Correct
Proximity Placement Groups only co-locate VMs to reduce latency. They do not provide fault tolerance against hardware failures. You must combine them with Availability Sets or Zones for high availability.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
No, you cannot change the Availability Set of an existing VM. The VM must be deleted and recreated with the new Availability Set. This is because the fabric controller allocates fault and update domains at creation time. If you need to move a VM to a different set, you must export the configuration, delete the VM, create a new one with the desired set, and then restore data from backups or snapshots.
Fault domains represent a group of hardware that shares a common power source and network switch. If a fault domain fails (e.g., rack power loss), all VMs in that FD are affected. Update domains represent groups of VMs that are rebooted together during planned maintenance. Azure reboots one update domain at a time, waiting 30 minutes between each, so that VMs in other UDs remain available.
You can put up to 100 VMs in an Availability Set, but for true redundancy, the number should not exceed the product of fault domains and update domains (e.g., 2 FDs x 5 UDs = 10 VMs with unique placements). Beyond that, VMs will share FD/UD pairs, meaning a single hardware failure could affect multiple VMs.
There is no additional charge for using Availability Zones themselves. However, data transfer between zones incurs standard egress charges. Also, you must pay for the VMs in each zone. There is no cost for the logical grouping of Availability Sets.
Yes, but it is not recommended. If you use unmanaged disks, you must ensure that each VM's disks are in different storage accounts to avoid a single storage account failure taking down all VMs. Managed disks are strongly recommended because they automatically distribute disks across fault domains.
A single VM with premium SSD or ultra disk gets a 99.9% SLA. Two or more VMs in an Availability Set get 99.95%. Two or more VMs across Availability Zones get 99.99%. The SLA applies only if you have at least two instances in the same set or across zones.
No, a VM can only be assigned to one or the other. You cannot put a VM in an Availability Set and also specify an Availability Zone. However, you can have some VMs in an Availability Set and others in Zones within the same application.
You've just covered VM Availability Sets and Zones — now see how well it sticks with free AZ-104 practice questions. Full explanations included, no account needed.
Done with this chapter?