Curriculum Overview: Azure Management and Governance

This unit focuses on the foundational skills required to manage, govern, and monitor resources within Microsoft Azure. It is a critical component of the AZ-900: Microsoft Azure Fundamentals certification, emphasizing cost control, policy enforcement, and operational visibility.

Prerequisites

Before starting this unit, learners should have a solid grasp of the following concepts from previous units:

• Cloud Fundamentals: Understanding the shared responsibility model and basic cloud service types (IaaS, PaaS, SaaS).
• Core Architectural Components: Knowledge of Azure regions, subscriptions, and resource groups.
• Basic Identity Concepts: Familiarity with Microsoft Entra ID (formerly Azure AD) and Role-Based Access Control (RBAC).

---

Module Breakdown

The following table outlines the progression of topics within this unit, ordered by conceptual complexity.

---

Learning Objectives per Module

Module 3.1: Cost Management in Azure

• Identify factors affecting costs (resource type, services, location, ingress/egress).
• Utilize the Pricing Calculator and Total Cost of Ownership (TCO) Calculator for estimation.
• Implement Tags for cost tracking and resource organization.

Module 3.2: Governance and Compliance

• Apply Azure Policy to enforce organizational standards.
• Protect critical resources using Resource Locks (CanNotDelete/ReadOnly).
• Describe the role of Microsoft Purview in data governance.

Module 3.3: Managing and Deploying Resources

• Compare the Azure Portal, Azure CLI, and Azure PowerShell.
• Explain the benefits of Infrastructure as Code (IaC) and ARM Templates.
• Describe how Azure Arc extends Azure management to on-premises or multi-cloud environments.

Module 3.4: Monitoring Tools

• Analyze resource performance and logs via Azure Monitor (Log Analytics/Application Insights).
• Monitor platform-wide issues through Azure Service Health.
• Apply best practice recommendations from Azure Advisor.

---

Visual Anchors

Governance Implementation Flow

The Cost Influence Sphere

---

Success Metrics

To demonstrate mastery of Unit 3, learners must be able to:

• Estimate Spend: Create a cost estimate for a 3-tier application using the Pricing Calculator.
• Prevent Accidents: Explain the difference between an RBAC role and a Resource Lock in preventing accidental deletion.
• Standardize Resources: Write a basic Azure Policy definition to restrict resource deployment to a specific region.
• Diagnose Issues: Distinguish between a resource-specific issue (Azure Monitor) and a global platform outage (Azure Service Health).
• Automate: Identify why ARM templates are superior to manual portal deployment for repeatable environments.

---

Real-World Application

Governance and management are the "guardrails" of the cloud. In a professional setting, these tools solve critical business problems:

1. Financial Accountability: Companies use Tags to attribute cloud spend to specific departments (e.g., Marketing vs. Engineering), preventing budget overruns.
2. Regulatory Compliance: Healthcare and Finance firms use Azure Policy to ensure data never leaves a specific geographic region, meeting legal data sovereignty requirements.
3. Operational Resilience: DevOps teams use Azure Monitor and Service Health to set up automated alerts, ensuring that if a web server fails, the team is notified before the customers notice an outage.
4. Hybrid Strategy: Enterprises with legacy on-premises servers use Azure Arc to manage their local hardware using the same interface they use for cloud-native resources.

[!IMPORTANT] Management and Governance are not one-time setups; they are continuous processes that evolve as the cloud footprint grows.