Curriculum Overview: Describe Azure Architecture and Services

This curriculum covers the second functional domain of the AZ-900: Microsoft Azure Fundamentals exam. It transitions from general cloud concepts into the specific structural and technical implementation of the Microsoft Azure platform, focusing on how resources are organized, deployed, and secured.

Prerequisites

Before starting this unit, learners should have a firm grasp of the concepts covered in Unit 1: Cloud Concepts, including:

• Cloud Service Models: Understanding the difference between IaaS, PaaS, and SaaS.
• Cloud Deployment Models: Knowledge of Public, Private, and Hybrid clouds.
• Shared Responsibility Model: Knowing which security tasks are handled by the provider versus the customer.
• Consumption-Based Model: Understanding that costs are based on actual usage rather than upfront investment.

[!IMPORTANT] Success in Unit 2 requires moving from "What is the cloud?" to "How does Azure specifically build the cloud?"

---

Module Breakdown

This unit is divided into four primary skill areas that progress from physical infrastructure to logical organization and specific service categories.

---

Module Objectives

2.1 Core Architectural Components

• Physical Infrastructure: Describe datacenters, Azure Regions, and Region Pairs (geographically distant regions used for disaster recovery).
• Resiliency: Define Availability Zones and how they protect against datacenter outages.
• Logical Organization: Master the hierarchy of Azure management.

2.2 Compute and Networking Services

• Compute Options: Compare Virtual Machines (IaaS), App Services (PaaS), Azure Functions (Serverless), and Containers (Azure Kubernetes Service).
• Networking: Explain Virtual Networks (VNet), Subnets, and how to connect environments via VPN Gateways or ExpressRoute.

2.3 Storage Services

• Data Types: Differentiate between Blob (unstructured), Disk (persistent VM storage), and Files (SMB shares).
• Redundancy: Describe LRS, ZRS, GRS, and GZRS redundancy options.
• Migration: Utilize tools like AzCopy, Azure Storage Explorer, and the Azure Data Box for physical data transfer.

2.4 Identity, Access, and Security

• Identity: Explain Microsoft Entra ID (formerly Azure AD) and Conditional Access.
• Security Models: Implement the Defense-in-Depth strategy.

---

Success Metrics

To demonstrate mastery of Unit 2, a learner must be able to:

1. Map a Scenario to a Service: (e.g., "Which service is best for running a website without managing a server?" $\rightarrow$ Azure App Service).
2. Explain the Hierarchy: Clearly define why a company might use multiple Subscriptions under one Management Group.
3. Identify Connectivity Solutions: Choose between a VPN (internet-based) and ExpressRoute (private dedicated connection) based on business needs.
4. Define Security Layers: Explain how RBAC (Role-Based Access Control) limits what a user can do within a specific resource group.

---

Real-World Application

Understanding Azure architecture is the foundation for several career paths:

• Cloud Architects: Use knowledge of Regions and Availability Zones to design highly available applications that can survive a city-wide power outage.
• Security Engineers: Apply the Zero Trust model and Conditional Access to ensure company data is only accessed by verified users on compliant devices.
• IT Administrators: Organize resources into Resource Groups to simplify billing and apply consistent settings across a project.

[!TIP] In a real-world project, always start by creating a Resource Group. It acts as a logical container that makes it easy to delete an entire project's resources once testing is finished, preventing unnecessary costs.