Domain 1: Describe Cloud Concepts (25-30%)
Domain 1 of the AZ-900 Microsoft Azure Fundamentals exam covers foundational cloud computing concepts that every Azure professional must understand. This domain represents 25-30% of the exam -- roughly 10-18 questions out of approximately 40-60 total. A score of 700 or greater on a 1000-point scale is required to pass. The exam objectives were last updated January 14, 2026. (AZ-900 Study Guide)
The domain breaks into three exam objective groups:
- Describe cloud computing
- Describe the benefits of using cloud services
- Describe cloud service types
1.1 Describe Cloud Computing
What Is Cloud Computing
Cloud computing is the delivery of computing services over the internet. Computing services include common IT infrastructure such as virtual machines, storage, databases, and networking. Cloud services also expand traditional IT offerings to include Internet of Things (IoT), machine learning (ML), and artificial intelligence (AI). Because cloud computing uses the internet to deliver these services, it is not constrained by physical infrastructure the way a traditional datacenter is -- you can rapidly expand your IT footprint without building new datacenters. (Microsoft Learn: What is cloud computing)
The NIST Special Publication 800-145 provides the formal industry-standard definition: "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
NIST Five Essential Characteristics
The NIST definition identifies five essential characteristics that define what makes something "cloud computing." While Microsoft's exam material does not explicitly test the NIST framework by name, these characteristics underpin every cloud concept on the AZ-900:
| Characteristic | Definition | Azure Example |
|---|---|---|
| On-demand self-service | Consumers provision resources automatically without requiring human interaction with the service provider | Creating a VM through the Azure Portal or CLI at any time |
| Broad network access | Capabilities are available over the network and accessed through standard mechanisms | Azure services accessible via HTTPS from any device, anywhere |
| Resource pooling | Provider resources are pooled to serve multiple consumers using a multi-tenant model, with resources dynamically assigned | Azure regions share physical hardware among many customers transparently |
| Rapid elasticity | Capabilities can be elastically provisioned and released to scale rapidly outward and inward with demand | Azure VM Scale Sets auto-scaling out during peak traffic, scaling in when demand drops |
| Measured service | Resource usage is monitored, controlled, reported, and billed transparently for both provider and consumer | Azure Cost Management tracking per-second VM usage and providing spending alerts |
The Shared Responsibility Model
In a traditional on-premises datacenter, the organization is responsible for everything: physical space, security, servers, networking, operating systems, applications, and data. With cloud computing, these responsibilities are split between the cloud provider and the customer. The split depends on the service type (IaaS, PaaS, or SaaS). (Microsoft Learn: Shared Responsibility Model)
The cloud provider is always responsible for:
- The physical datacenter
- The physical network
- The physical hosts
The customer is always responsible for:
- The information and data stored in the cloud
- Devices allowed to connect to the cloud (phones, computers, etc.)
- Accounts and identities of people, services, and devices within the organization
Responsibility varies by service model for:
- Operating systems
- Network controls
- Applications
- Identity and directory infrastructure
The following table shows how responsibility shifts across service types:
| Responsibility | On-Premises | IaaS | PaaS | SaaS |
|---|---|---|---|---|
| Information and data | Customer | Customer | Customer | Customer |
| Devices (clients) | Customer | Customer | Customer | Customer |
| Accounts and identities | Customer | Customer | Customer | Customer |
| Identity and directory infrastructure | Customer | Customer | Shared | Provider |
| Applications | Customer | Customer | Shared | Provider |
| Network controls | Customer | Customer | Shared | Provider |
| Operating system | Customer | Customer | Provider | Provider |
| Physical hosts | Customer | Provider | Provider | Provider |
| Physical network | Customer | Provider | Provider | Provider |
| Physical datacenter | Customer | Provider | Provider | Provider |
The critical pattern: as you move from IaaS to PaaS to SaaS, responsibility shifts increasingly to the provider. IaaS places the largest share of responsibility on the customer, SaaS places the most on the provider, and PaaS sits in the middle.
Exam trap: The exam frequently tests the boundary between customer and provider responsibilities. The customer is always responsible for their data, their endpoint devices, and their accounts/identities -- regardless of service model. This never shifts to the provider.
Exam trap: A question might describe a SQL database scenario. If you deploy a VM and install SQL Server yourself (IaaS), you are responsible for patching and updates. If you use Azure SQL Database (PaaS), Microsoft handles the database engine patching. In both cases, you are responsible for the data stored in the database.
Cloud Models: Public, Private, Hybrid, and Multi-Cloud
Cloud models define the deployment type of cloud resources. The three main models are public, private, and hybrid. (Microsoft Learn: Define Cloud Models)
Public cloud: Built, controlled, and maintained by a third-party cloud provider. Anyone who wants to purchase cloud services can access and use resources. General public availability is the key difference from private clouds.
Private cloud: A cloud environment used by a single entity. It provides much greater control for the company and its IT department, but comes with greater cost and fewer benefits of public cloud. It may be hosted on-premises or in a dedicated offsite datacenter, potentially by a third party.
Hybrid cloud: A computing environment that uses both public and private clouds in an interconnected environment. It can allow a private cloud to surge for increased temporary demand by deploying public cloud resources. It can provide an extra layer of security by letting users choose which services to keep in public cloud and which to deploy to private cloud infrastructure.
| Public Cloud | Private Cloud | Hybrid Cloud |
|---|---|---|
| No capital expenditures to scale up | Organizations have complete control over resources and security | Provides the most flexibility |
| Applications can be quickly provisioned and deprovisioned | Data is not collocated with other organizations' data | Organizations determine where to run their applications |
| Organizations pay only for what they use | Hardware must be purchased for startup and maintenance | Organizations control security, compliance, or legal requirements |
| Organizations don't have complete control over resources and security | Organizations are responsible for hardware maintenance and updates |
Multi-cloud: A fourth and increasingly common scenario. In a multi-cloud setup, you use multiple public cloud providers -- perhaps different features from different providers, or you are migrating between providers. You manage resources and security across multiple environments.
Key Azure tools for hybrid and multi-cloud:
- Azure Arc: A set of technologies that helps manage cloud environments whether public (Azure-only), private, hybrid, or multi-cloud running on multiple providers simultaneously. (Microsoft Learn: Define Cloud Models)
- Azure VMware Solution: Lets you run existing VMware workloads in Azure with seamless integration and scalability when migrating from a private VMware environment to public or hybrid cloud.
Exam trap:"Hybrid cloud" does not mean "multi-cloud." Hybrid cloud specifically means combining public and private clouds. Multi-cloud means using multiple public cloud providers (e.g., Azure + AWS). The exam tests this distinction.
Use Cases for Each Cloud Model
| Cloud Model | Best For |
|---|---|
| Public | Workloads with variable demand; quick dev/test environments; applications with no regulatory restrictions on data location; organizations wanting zero CapEx |
| Private | Highly regulated industries (government, healthcare, finance); organizations requiring full control over data residency; existing on-premises investment they need to continue using |
| Hybrid | Surging from private to public during demand spikes; keeping sensitive data in private cloud while using public cloud for other workloads; gradual migration from on-premises to cloud |
| Multi-cloud | Avoiding vendor lock-in; using best-of-breed features from each provider; regulatory requirements in different geographic regions served by different providers |
The Consumption-Based Model (CapEx vs. OpEx)
When comparing IT infrastructure models, there are two types of expenses. (Microsoft Learn: Consumption-Based Model)
| Expense Type | Definition | Examples |
|---|---|---|
| Capital Expenditure (CapEx) | One-time, up-front expenditure to purchase or secure tangible resources | Building a datacenter, buying servers, repaving a parking lot |
| Operational Expenditure (OpEx) | Spending money on services or products over time | Renting a convention center, signing up for cloud services, leasing a vehicle |
Cloud computing is OpEx. You do not pay for physical infrastructure, electricity, security, or datacenter maintenance. Instead, you pay for the IT resources you use. If you use no IT resources in a given month, you pay nothing.
Benefits of the consumption-based model:
- No upfront costs
- No need to purchase and manage costly infrastructure that may be underutilized
- Ability to pay for more resources when needed
- Ability to stop paying for resources no longer needed
With a traditional datacenter, you must estimate future resource needs. Overestimate and you waste money on unused capacity. Underestimate and your applications suffer from decreased performance, and fixing an under-provisioned datacenter takes significant time (ordering, receiving, installing hardware, adding power, cooling, and networking). In a cloud model, you add or remove resources on demand and pay only for what you use.
**Exam trap:**Cloud computing is OpEx, not CapEx. A traditional datacenter is CapEx (you buy hardware up front). If a question asks about reducing capital expenditure, the answer involves moving to the cloud. If a question asks about a one-time large purchase, that is CapEx -- not cloud.
Cloud Pricing Models
Cloud computing uses a pay-as-you-go pricing model: you pay only for the cloud services you use, which helps you plan operating costs, run infrastructure more efficiently, and scale as business needs change. You can treat cloud resources like you would your own datacenter -- but when you are done, you give them back and stop paying. (Microsoft Learn: Consumption-Based Model)
Azure offers three primary pricing approaches:
| Pricing Model | How It Works | Savings vs. Pay-As-You-Go | Best For |
|---|---|---|---|
| Pay-as-you-go | Pay for resources by the second or hour with no long-term commitment | Baseline (no discount) | Unpredictable workloads, dev/test, short-term projects |
| Reserved Instances | Commit to a 1-year or 3-year term for specific VM types and regions | Up to 72% | Steady-state workloads with predictable, constant usage |
| Spot Pricing | Use unused Azure capacity at deeply discounted rates; VMs can be evicted with 30 seconds notice when Azure needs the capacity back | Up to 90% | Fault-tolerant, interruptible workloads (batch processing, rendering, CI/CD builds) |
Source: Azure Reservations, Azure Pricing Models
**Exam trap:**Reserved Instances do not change the runtime behavior of your resources -- they are a billing discount only. Your VM runs identically whether on pay-as-you-go or reserved pricing. The difference is purely cost. Also note: reserved instances require commitment to a specific VM type and region.
**Exam trap:**Spot VMs can be evicted at any time. Never use spot pricing for workloads that cannot tolerate interruption (production databases, critical web applications).
Serverless Computing
Serverless computing enables developers to build applications faster by eliminating the need to manage infrastructure. The cloud provider automatically provisions, scales, and manages the infrastructure required to run the code. Despite the name, servers still exist -- "serverless" means that server management and capacity planning are invisible to the developer. (Azure: What is Serverless Computing)
Key characteristics of serverless:
- Event-driven execution: Code runs in response to triggers (HTTP requests, queue messages, timer events, database changes)
- Automatic scaling: The platform scales from zero to handle any volume of requests, then back to zero when idle
- Pay-per-execution: Billing is based on the number of executions and execution time, not on provisioned capacity -- often with sub-second granularity
- No infrastructure management: Developers focus entirely on business logic, not servers, patching, or capacity planning
Azure serverless services relevant to the AZ-900:
| Service | Purpose |
|---|---|
| Azure Functions | Event-driven, serverless compute -- run small pieces of code (functions) in response to events without managing infrastructure |
| Azure Logic Apps | Serverless workflow orchestration -- automate and schedule tasks, business processes, and workflows by connecting apps and services with pre-built connectors |
| Azure Event Grid | Event routing service -- routes events from Azure and third-party sources to event handlers and serverless functions |
**Exam trap:**Serverless does not mean "no servers." Servers exist and run your code -- you just do not see or manage them. If a question asks whether serverless eliminates servers entirely, the answer is no. It eliminates server management from the developer's responsibility.
Azure Functions, Logic Apps, and Event Grid are covered in detail in Domain 2: Compute and Networking Services.
1.2 Describe the Benefits of Using Cloud Services
High Availability and Scalability
High availability focuses on ensuring maximum resource availability regardless of disruptions or events. When architecting a solution in Azure, you must account for service availability guarantees. Azure provides uptime guarantees through service-level agreements (SLAs). (Microsoft Learn: High Availability and Scalability)
Azure SLA uptime tiers and their corresponding maximum allowable downtime:
| SLA Percentage | Downtime per Week | Downtime per Month | Downtime per Year |
|---|---|---|---|
| 99% | 1.68 hours | 7.20 hours | 3.65 days |
| 99.9% | 10.10 minutes | 43.20 minutes | 8.76 hours |
| 99.95% | 5.04 minutes | 21.60 minutes | 4.38 hours |
| 99.99% | 1.01 minutes | 4.32 minutes | 52.56 minutes |
| 99.999% | 6.05 seconds | 25.90 seconds | 5.26 minutes |
Source: SLA Uptime Calculator, Azure Well-Architected Framework: Reliability Metrics
Azure SLA examples: VMs in an Availability Set get a 99.95% SLA. VMs deployed across two or more Availability Zones get a 99.99% SLA. A single VM with Premium SSD gets a 99.9% SLA.
**Exam trap:**Each additional "nine" in the SLA represents a 10x reduction in allowable downtime. The difference between 99.9% and 99.99% is significant: ~43 minutes/month vs. ~4.3 minutes/month. The exam expects you to understand that higher SLAs mean more complex (and expensive) architectures.
Scalability is the ability to adjust resources to meet demand. Because the cloud is consumption-based, you only pay for what you use -- scaling does not mean overpaying. (Microsoft Learn: High Availability and Scalability)
| Scaling Type | Direction | What Changes | Example |
|---|---|---|---|
| Vertical scaling (scale up/down) | Increase or decrease the capabilities of a single resource | CPU, RAM, or storage on one VM | Moving from a 2-core VM to an 8-core VM |
| Horizontal scaling (scale out/in) | Add or remove the number of resources | Count of VMs or containers | Going from 2 VMs to 10 VMs during peak traffic |
**Exam trap:**Vertical scaling = making a resource bigger or smaller (scale up/down). Horizontal scaling = adding or removing resources (scale out/in). "Scaling up" is vertical. "Scaling out" is horizontal. The exam tests this distinction frequently. Also note: horizontal scaling can be done automatically (autoscaling) or manually.
Reliability and Predictability
Reliability is the ability of a system to recover from failures and continue to function. It is one of the pillars of the Microsoft Azure Well-Architected Framework. (Microsoft Learn: Reliability and Predictability)
The cloud's decentralized design naturally supports reliable and resilient infrastructure. With resources deployed in regions around the world, even if one region suffers a catastrophic event, other regions remain operational. You can design applications to automatically take advantage of this global redundancy. In some cases, the cloud environment itself will automatically shift to a different region, with no action needed on your part.
Predictability in the cloud can be focused on two areas:
| Predictability Type | Focus | Supported By |
|---|---|---|
| Performance predictability | Predicting the resources needed to deliver a positive customer experience | Autoscaling, load balancing, high availability |
| Cost predictability | Forecasting and controlling cloud spend | Real-time resource tracking, data analytics, TCO Calculator, Pricing Calculator |
Both performance and cost predictability are heavily influenced by the Microsoft Azure Well-Architected Framework.
**Exam trap:**The exam may ask about TCO Calculator vs. Pricing Calculator. The Total Cost of Ownership (TCO) Calculator compares the cost of running workloads on-premises vs. in Azure -- it is used for migration justification. The Pricing Calculator estimates the cost of specific Azure services you plan to use. These are different tools with different purposes.
Security and Governance
Cloud features support governance and compliance in several ways. (Microsoft Learn: Security and Governance)
Governance benefits:
- Set templates ensure all deployed resources meet corporate standards and government regulatory requirements
- Templates can be updated across all deployed resources when standards change
- Cloud-based auditing flags resources out of compliance and provides mitigation strategies
- Depending on the operating model, software patches and updates may be applied automatically
Security benefits by service model:
- IaaS: Maximum control over security -- you manage the OS and installed software, including patches and maintenance
- PaaS: Patches and maintenance handled automatically by the provider
- SaaS: Provider handles nearly all security, patching, and maintenance
Cloud providers are well suited to handle distributed denial-of-service (DDoS) attacks, making your network more robust and secure than most on-premises solutions.
**Exam trap:**More control does not always mean more secure. IaaS gives you the most control over security, but also the most responsibility. If you fail to patch your IaaS VMs, they become vulnerable. PaaS/SaaS providers handle patching automatically, which can result in a better security posture for organizations without dedicated security teams.
Manageability in the Cloud
There are two distinct types of manageability in cloud computing, and the exam tests both. (Microsoft Learn: Manageability)
Management OF the cloud (what capabilities the cloud gives you):
- Automatically scale resource deployment based on need
- Deploy resources based on preconfigured templates, removing the need for manual configuration
- Monitor the health of resources and automatically replace failing resources
- Receive automatic alerts based on configured metrics for real-time performance awareness
Management IN the cloud (what tools you use to interact with the cloud):
- Through a web portal (Azure Portal)
- Using a command-line interface (Azure CLI)
- Using APIs (Azure REST API)
- Using PowerShell (Azure PowerShell)
Exam trap:"Management OF the cloud" = what the cloud enables (autoscaling, monitoring, templates, alerts -- the capabilities). "Management IN the cloud" = how you interact with it (portal, CLI, APIs, PowerShell -- the tools). The exam tests this exact distinction. If a question asks about automatically replacing a failing resource, that is management OF the cloud. If a question asks about using the Azure Portal to create a resource, that is management IN the cloud.
1.3 Describe Cloud Service Types
Infrastructure as a Service (IaaS)
IaaS is the most flexible category of cloud services, providing the maximum amount of control over cloud resources. The cloud provider is responsible for maintaining the hardware, network connectivity to the internet, and physical security. The customer is responsible for everything else: OS installation, configuration, and maintenance; network configuration; database and storage configuration. With IaaS, you are essentially renting the hardware in a cloud datacenter, but what you do with that hardware is up to you. (Microsoft Learn: Describe IaaS)
IaaS places the largest share of responsibility with the customer. The cloud provider is responsible for maintaining the physical infrastructure and its access to the internet. The customer is responsible for installation and configuration, patching and updates, and security.
IaaS scenarios:
- Lift-and-shift migration: Setting up cloud resources similar to your on-premises datacenter, then moving existing workloads to run on the IaaS infrastructure with minimal changes
- Testing and development: Rapidly replicating established development and test configurations; starting up or shutting down environments quickly while maintaining complete control
Azure IaaS examples: Azure Virtual Machines, Azure Virtual Network, Azure Disk Storage, Azure Load Balancer
Platform as a Service (PaaS)
PaaS is a middle ground between renting datacenter space (IaaS) and paying for a complete deployed solution (SaaS). The cloud provider maintains the physical infrastructure, physical security, internet connection, operating systems, middleware, development tools, and business intelligence services. You do not worry about licensing or patching for operating systems and databases. PaaS is well suited to provide a complete development environment without the headache of maintaining development infrastructure. (Microsoft Learn: Describe PaaS)
PaaS splits the responsibility between you and the cloud provider. The cloud provider handles the physical infrastructure and its access to the internet, just like IaaS, but also maintains the operating systems, databases, and development tools. Depending on configuration, you or the provider may be responsible for networking settings and connectivity, network and application security, and directory infrastructure.
PaaS scenarios:
- Development framework: Developers build upon a platform with built-in cloud features (scalability, high availability, multi-tenant capability), reducing the amount of coding required -- similar to creating an Excel macro on a platform that handles the underlying complexity
- Analytics or business intelligence: Tools provided as a service for analyzing data, finding insights and patterns, and predicting outcomes for better business decisions
Azure PaaS examples: Azure App Service, Azure SQL Database, Azure Cosmos DB, Azure Functions, Azure Kubernetes Service (managed)
Software as a Service (SaaS)
SaaS is the most complete cloud service model from a product perspective. You are renting or using a fully developed application. Email, financial software, messaging applications, and connectivity software are all common SaaS implementations. While SaaS is the least flexible model, it is the easiest to get up and running and requires the least technical knowledge to fully employ. (Microsoft Learn: Describe SaaS)
SaaS places the most responsibility with the cloud provider and the least with the user. The customer is responsible for the data put into the system, the devices allowed to connect, and the users who have access. Nearly everything else falls to the cloud provider, including physical security of datacenters, power, network connectivity, and application development and patching.
SaaS scenarios:
- Email and messaging
- Business productivity applications
- Finance and expense tracking
Azure/Microsoft SaaS examples: Microsoft 365 (Word, Excel, PowerPoint), Microsoft Teams, Outlook, OneDrive, Dynamics 365
Service Type Comparison
| Aspect | IaaS | PaaS | SaaS |
|---|---|---|---|
| Flexibility | Most flexible | Moderate | Least flexible |
| User control | Most control | Moderate control | Least control |
| Provider responsibility | Least | Moderate | Most |
| User responsibility | Most | Moderate | Least |
| Setup complexity | Most complex | Moderate | Simplest |
| Customer manages OS | Yes | No | No |
| Customer manages applications | Yes | Partial (shared) | No |
| Customer manages data | Yes | Yes | Yes |
| Primary use case | Lift-and-shift, dev/test | App development, analytics | Email, productivity, CRM |
**Exam trap:**The exam frequently presents a scenario and asks which service type fits best. The decision rule: if the scenario requires full control over the OS and applications, the answer is IaaS. If the scenario describes developers building applications without worrying about the underlying OS, the answer is PaaS. If the scenario describes using a ready-made application like email or office productivity, the answer is SaaS.
**Exam trap:**Data is always the customer's responsibility regardless of the service model. No cloud service type makes the provider responsible for your data. This is tested repeatedly.
Identifying Appropriate Use Cases
| Scenario | Service Type | Why |
|---|---|---|
| Migrating an existing on-premises application to the cloud with minimal changes | IaaS | Lift-and-shift requires VM-level control |
| Building a new web application without managing servers or OS | PaaS | Developer focuses on code; platform handles infrastructure |
| Using Microsoft 365 for company email | SaaS | Fully managed application; no development needed |
| Running a custom database server with specific OS configuration | IaaS | Requires OS-level control for custom configuration |
| Analyzing business data using cloud-provided BI tools | PaaS | Analytics platform with built-in tools |
| Deploying a finance tracking application for the whole company | SaaS | Ready-made application; no custom development |
| Creating a development environment that can be quickly spun up and torn down | IaaS | Need full control over the dev environment configuration |
| Building microservices with automatic scaling and zero server management | PaaS | Serverless functions and container apps handle infrastructure |
Quick Reference: Key Terms
| Term | Definition |
|---|---|
| Cloud computing | Delivery of computing services over the internet |
| Shared responsibility model | Division of security and management duties between cloud provider and customer |
| Public cloud | Cloud services available to the general public from a third-party provider |
| Private cloud | Cloud services used exclusively by a single organization |
| Hybrid cloud | Combination of public and private clouds working together |
| Multi-cloud | Using services from multiple public cloud providers |
| CapEx | Capital expenditure: upfront cost for physical infrastructure |
| OpEx | Operational expenditure: ongoing cost for services consumed over time |
| IaaS | Infrastructure as a Service: rent hardware; you manage everything above it |
| PaaS | Platform as a Service: provider manages OS and middleware; you manage apps and data |
| SaaS | Software as a Service: provider manages nearly everything; you manage data and access |
| Serverless | Cloud execution model where the provider manages all infrastructure; you deploy code only |
| Vertical scaling | Increasing or decreasing the capabilities (CPU/RAM) of a single resource (scale up/down) |
| Horizontal scaling | Adding or removing the number of resources (scale out/in) |
| SLA | Service Level Agreement: contractual uptime commitment from the cloud provider |
| High availability | Ensuring maximum uptime regardless of disruptions |
| Reliability | Ability of a system to recover from failures and continue to function |
| Predictability | Ability to forecast performance and cost of cloud resources |
| Azure Arc | Technology for managing hybrid and multi-cloud environments from Azure |
| Azure VMware Solution | Service to run VMware workloads natively in Azure |
| TCO Calculator | Tool comparing on-premises costs vs. Azure costs for migration justification |
| Pricing Calculator | Tool estimating the cost of specific Azure services |
References
- AZ-900 Study Guide: Skills Measured (Updated January 14, 2026)
- Microsoft Learn: Describe Cloud Concepts (Learning Path)
- Microsoft Learn: Describe Cloud Computing (Module)
- Microsoft Learn: Describe Benefits of Cloud Services (Module)
- Microsoft Learn: Describe Cloud Service Types (Module)
- NIST SP 800-145: The NIST Definition of Cloud Computing
- Azure Well-Architected Framework: Reliability Metrics
- Azure Reservations: Save Compute Costs
- Azure: What is Serverless Computing
- Microsoft Cloud Adoption Framework for Azure
- AZ-900 Free Practice Assessment
- SLA Uptime Calculator