What specific topics are tested in AZ-900 Describe Azure Architecture and Services (35–40%)?

Identify the appropriate Azure compute service (e.g., VMs, App Service, Functions) for a given workload scenario

What else is tested in the Describe Azure Architecture and Services (35–40%) domain?

Differentiate between Azure storage options (Blob, Disk, File, Queue, Table) based on use case

What else is tested in the Describe Azure Architecture and Services (35–40%) domain?

Understand Azure networking concepts (VNet, load balancer, VPN Gateway, CDN) and their purposes

What else is tested in the Describe Azure Architecture and Services (35–40%) domain?

Describe Azure database services (SQL Database, Cosmos DB, Azure Database for MySQL/PostgreSQL) and when to use each

What are common mistakes on AZ-900 Describe Azure Architecture and Services (35–40%) questions?

Confusing Azure Blob Storage (unstructured data) with Azure Files (managed file shares) or Azure Disk (VM disks)

What trap questions appear in the Describe Azure Architecture and Services (35–40%) domain?

Thinking that availability zones and region pairs are the same thing—zones protect within a region, pairs protect across regions

Courseiva

Knowledge + Practice

AZ-900Exam Domain

Describe Azure Architecture and Services (35–40%)AZ-900 Study Guide

65 chapters

~1625 min total

Free — no signup required

Quick Answer

Azure Architecture and Services covers the core components of Azure—compute, networking, storage, databases, identity, and management—and how they work together to build cloud solutions, tested through scenario-based questions on service selection and architectural concepts.

The Azure Architecture and Services domain is the heart of the AZ-900 exam, covering the core building blocks of Microsoft Azure. In plain English, this domain is about understanding the fundamental components that make up Azure's cloud infrastructure—things like virtual machines, storage accounts, databases, networking, and identity services. You'll learn how these pieces fit together to create scalable, secure, and cost-effective solutions. For example, you'll explore how Azure Virtual Machines let you run Windows or Linux in the cloud, how Azure Blob Storage stores massive amounts of unstructured data like photos or videos, and how Azure SQL Database provides a managed relational database service. This domain also introduces key architectural concepts like regions (geographic locations of data centers), availability zones (isolated data centers within a region for high availability), and resource groups (logical containers for managing related resources). Understanding these basics is crucial because they form the foundation for everything else in Azure.

Why is this important for real-world IT, security, and cloud work? Because Azure is one of the leading cloud platforms, and professionals across all IT roles need to know how to design and manage cloud solutions. For instance, a system administrator might need to decide between using Azure VMs or Azure App Service to host a web application, weighing factors like scalability, maintenance, and cost. A security analyst must understand Azure's shared responsibility model—where Microsoft secures the physical infrastructure (data centers, network) and you secure your data, identities, and access. Without grasping these architectural components, you can't make informed decisions about cloud adoption, cost optimization, or security. Real-world scenarios include setting up a disaster recovery plan using Azure Site Recovery, or configuring Azure Active Directory for single sign-on across multiple apps. This domain gives you the vocabulary and mental model to talk about these solutions with colleagues and clients.

On the AZ-900 exam, this domain tests your knowledge of Azure's core services and how they work together. Specifically, you'll need to identify the right service for a given business requirement. For example, a question might ask: "Which Azure service should you use to host a web app that automatically scales based on demand?" (Answer: Azure App Service). Or "Which storage option is best for storing virtual machine disks?" (Answer: Azure Managed Disks). You'll also be tested on high-level architectural concepts like the difference between IaaS, PaaS, and SaaS, and when to use each. The exam doesn't require deep technical skills—you won't be asked to write code or configure a network—but you must understand the purpose and typical use cases of each service. Expect questions about Azure regions, availability zones, resource groups, and management tools like Azure Portal, Azure CLI, and Azure PowerShell. The weight of this domain (35-40%) means you'll see many questions here, so it's critical to master it.

To approach studying this domain effectively, start by creating a mental map of Azure's service categories: compute, networking, storage, databases, identity, and management. Use Microsoft's official documentation and free learning paths on Microsoft Learn, which include interactive modules and sandboxes. For each service, ask yourself: What problem does it solve? When would I use it? What are its key features? Then, reinforce your learning with practice exams that mimic the real test format. Focus on scenarios that require choosing between similar services, like Azure SQL Database vs. SQL Server on a VM, or Azure Blob vs. Azure Files. Finally, use mnemonic devices to remember tricky concepts—for example, remember that availability zones protect against data center failures, while region pairs protect against regional disasters. By building this foundational knowledge, you'll not only pass the exam but also be prepared for real-world Azure work.

What the exam tests

Identify the appropriate Azure compute service (e.g., VMs, App Service, Functions) for a given workload scenario
Differentiate between Azure storage options (Blob, Disk, File, Queue, Table) based on use case
Understand Azure networking concepts (VNet, load balancer, VPN Gateway, CDN) and their purposes
Describe Azure database services (SQL Database, Cosmos DB, Azure Database for MySQL/PostgreSQL) and when to use each
Explain Azure identity services (Azure AD, RBAC, MFA) and their role in security
Recognize Azure management tools (Portal, CLI, PowerShell, Cloud Shell) and their typical uses

Common exam traps

Confusing Azure Blob Storage (unstructured data) with Azure Files (managed file shares) or Azure Disk (VM disks)
Thinking that availability zones and region pairs are the same thing—zones protect within a region, pairs protect across regions
Assuming all virtual machines are IaaS, but Azure VMs are IaaS while App Service is PaaS—know the difference for scenario questions
Mixing up Azure SQL Database (PaaS) with SQL Server on Azure VM (IaaS) in terms of management responsibility
Forgetting that Azure AD is for identity and access management, not just Active Directory in the cloud—it's a separate service

Describe Azure Architecture and Services (35–40%) Chapters

Azure Regions and Geographies

Objective 2.1 · Azure Architecture Services

Describe Azure Architecture and Services (35–40%) Chapters

Other AZ-900 Domains

Test your Describe Azure Architecture and Services (35–40%) knowledge