AZ-900 Core Solutions and Management Tools on Azure: A Beginner-Friendly Guide

Yes — here’s a fully transformed version in a more natural, varied, conversational style, while keeping the meaning intact: --- For AZ-900, you’re not really expected to dive into deep technical implementation. That’s not the game here. Instead, the test is mostly about spotting the right service, understanding where it fits in Azure’s structure, and knowing which management tool belongs in which situation. Sounds simple? It is—and that’s exactly why the exam likes to phrase things in scenario form, so you have to recognize the clue rather than memorize a paragraph. And really, that’s the whole trick. Azure is less about “build this from scratch” and more about “which piece goes here?” Service selection matters. The hierarchy matters. The context matters too (annoyingly, yes). If you can keep those straight, honestly, you’re already in pretty good shape. I usually think of Azure as a set of building blocks—compute, networking, storage, identity, governance, and monitoring. And if that picture doesn’t click for you, that’s fine—think of it more like a toolbox, a set of drawers, or even a map. Same thing, really. Different mental angle. Start with the hierarchy, because everything else hangs off it. Management groups sit at the top when you need to organize multiple subscriptions and apply governance at scale. Subscriptions come next—they’re where billing lives, where quotas are tracked, and where workloads are often separated for practical reasons. Then you’ve got resource groups, which are basically logical containers for resources. In most environments, people organize them by lifecycle or management boundary, although that’s more of a best practice than a hard rule. And finally, the resources themselves: VMs, storage accounts, virtual networks, the actual services you work with. A couple of exam favorites show up here. Resource groups can’t contain other resource groups. No nesting. None. And RBAC plus Azure Policy can inherit downward through the hierarchy, which is one of those little details the exam loves to hide in plain sight. Delete a resource group? Everything inside it goes too. Clean in a lab... horrifying in production. Which is why production environments often use resource locks like CanNotDelete or ReadOnly. Because accidents happen. Usually at the worst possible time. Then there’s the geography side of Azure. A region is one or more datacenters in a specific area, connected by a low-latency network. Availability zones are physically separate datacenter locations within that region—the “not the same building” answer, basically. Region pairs help with platform resiliency and planned maintenance sequencing, which is Azure’s way of not letting everything fail or update all at once. On the service side, VMs are what you use when you want maximum control or when the software simply doesn’t fit a PaaS model. Old apps, picky apps, custom requirements—VMs handle that. App Service is the classic choice when the question says something like “host a web app quickly.” Functions, on the other hand, are all about event-driven execution. In other words, something happens and the code kicks off. It’s not sitting there all day waiting like a continuously hosted app. AKS comes up when the clue says managed Kubernetes. That’s the key phrase. If the scenario is tiny or temporary, though, AKS may be too much. A bit like bringing a crane to move one chair. ACI is for simple container runs. AVD is for secure remote access to desktops and apps. And if you’re trying to keep the whole picture straight: VMs give you the most control, App Service reduces hosting effort, Functions runs on triggers, ACI handles containers with minimal fuss, AKS manages orchestrated containers, and AVD is for desktops. Networking? Start with the VNet. Azure Virtual Network is the foundation of private networking in Azure—everything else builds on that private space. NSGs are the basic traffic filters, simple but important, like bouncers at the door. And if the question talks about private, dedicated, predictable connectivity to Microsoft cloud services, think ExpressRoute. Not VPN. Not public internet. ExpressRoute. Storage has its own favorite wording too. If the scenario emphasizes zone resilience, look at ZRS or GZRS. The wording matters. The exam often gives you just enough of a hint, so you have to notice it. For data services, the distinction is pretty straightforward: SQL Database is for relational data, while Cosmos DB fits globally distributed NoSQL scenarios. Clean distinction. Easy to say, easy to forget if you don’t keep the use case in mind. Then come the management tools. Portal is visual. Cloud Shell gives you browser-based command-line access. CLI is compact and cross-platform. PowerShell fits object-based scripting and tends to feel more natural in Windows admin workflows. Different tools, different habits, same cloud. Declarative means you describe the end state—you’re basically saying, ‘Here’s what I want.’ Imperative means you spell out the exact steps—do this, then that, then the next thing. Simple distinction, but exam questions love to blur it just enough to make you pause. Security and governance show up everywhere. RBAC controls who can do what, and at what scope. Least privilege means giving only the access required—nothing extra. Azure Policy enforces standards; it doesn’t politely suggest them. Tags are useful labels, sure, but they are not security boundaries. Important difference. Very important. Azure Arc extends Azure management to resources outside Azure too—things like on-premises servers, Kubernetes clusters, and even some data services. And if you come across Azure Blueprints in older study material, just treat it as legacy content. Interesting history, but not the main focus now. Monitoring is definitely another big topic. Azure Monitor collects and analyzes metrics and logs, supports alerts and dashboards, and often leans on a Log Analytics workspace for query-based analysis. It’s basically the central eyes-and-ears setup. A common example? Right-sizing underused VMs. Machines that sit there doing almost nothing while still costing money. Very on-brand for cloud optimization. If the goal is optimization rather than diagnosis, Advisor is the tool to check. It’s there to point out improvements, not to help you investigate a problem after the fact. So yes—learn the trigger words. That’s the shortcut. Not exactly a cheat code, but honestly, it’s pretty close. Once you start recognizing the phrases Azure uses for each service, AZ-900 questions get a whole lot easier. And if you can explain each concept in one sentence, then match it to a business need without wandering off into a mini lecture, you’re in strong shape for this objective. Really, that’s the whole exam strategy—know the terms, know the use cases, and don’t overcomplicate what Azure is trying to tell you. --- If you’d like, I can also make this: 1. **more casual and human**, 2. **more polished and professional**, or 3. **even more aggressively varied in sentence structure**.