The AZ-900 exam covers three domains in 2026: Describe Cloud Concepts at 25 to 30 percent, Describe Azure Architecture and Services at 35 to 40 percent, and Describe Azure Management and Governance at 30 to 35 percent. Microsoft updated the official exam objectives on January 14, 2026, adding expanded coverage of Azure AI Services, Microsoft Copilot, and Responsible AI principles throughout all three domains. Candidates using study materials published before January 2026 are preparing for an outdated version of the exam.
Before starting topic-wise preparation, candidates should also understand the required AZ-900 passing score because Microsoft uses scaled scoring rather than a simple percentage system. Many beginners also wonder how hard the AZ-900 exam is, especially when they are new to cloud concepts, Azure services, and governance basics.
This guide does not just list what the topics are. It tells you exactly how each topic is tested, which specific concepts within each topic the exam rewards, and which aspects candidates consistently get wrong.
AZ-900 Exam Format: The Foundation
Before going into topics, understand the exam structure that shapes how every topic is tested.
| Detail | Information |
| Exam code | AZ-900 |
| Full name | Microsoft Azure Fundamentals (also called Introduction to Cloud Infrastructure since January 2026) |
| Exam duration | 45 minutes |
| Number of questions | 40 to 60 — varies by exam form |
| Question types | Multiple choice, multiple response, drag and drop, hot area, case studies |
| Passing score | 700 out of 1000 |
| Cost | $99 USD |
| Last updated | January 14, 2026 |
| Hands-on required | No — conceptual only |
| Coding required | No |
The January 2026 rebrand: Microsoft renamed AZ-900 as “Introduction to Cloud Infrastructure” in its marketing materials in January 2026 while keeping the AZ-900 exam code unchanged. The certification earned is still Microsoft Certified: Azure Fundamentals. The domains, structure, and passing score are unchanged from the pre-2026 version — only specific topics within the AI section were expanded.
Domain 1: Describe Cloud Concepts (25 to 30 Percent)
This domain establishes the conceptual foundation that every other domain builds on. It covers what cloud computing is, how it works, and why organizations use it. Most candidates find this domain the most approachable — but Microsoft’s precise terminology is where points are lost.
What This Domain Covers
Cloud computing benefits:
| Concept | What the Exam Tests | Common Mistake |
| High availability | SLA guarantees and uptime percentages | Confusing with fault tolerance |
| Scalability | Increasing resources to handle growing demand | Confusing with elasticity |
| Elasticity | Automatically scaling up AND down based on demand | Saying elasticity is just scaling up |
| Reliability | Ability to recover from failures and continue functioning | Confusing with high availability |
| Predictability | Consistent performance and cost outcomes | Often skipped entirely |
| Security | Cloud security tools and shared security model | Not knowing who manages what |
| Governance | Policy and compliance enforcement at scale | Skipping to the services domain |
| Manageability | How you manage cloud resources | Often confused with governance |
The scalability vs elasticity distinction is one of the most tested AZ-900 topic pairs. Scalability means your system can handle more load by adding resources. Elasticity means your system automatically adjusts resources up AND down based on current demand. A system can be scalable without being elastic. A system can be elastic without being highly available. The exam presents scenarios and asks which benefit applies.
Cloud service models:
| Model | Who Manages What | Classic Example | Exam Scenario Pattern |
| IaaS | Customer manages OS, runtime, data, applications | Azure Virtual Machines | “Company wants maximum control over OS configuration” |
| PaaS | Provider manages OS and runtime, customer manages apps and data | Azure App Service | “Company wants to deploy code without managing infrastructure” |
| SaaS | Provider manages everything, customer uses the application | Microsoft 365 | “Company wants email without any IT management” |
The shared responsibility model is a guaranteed AZ-900 exam topic. The exam tests which party — Microsoft or the customer — is responsible for specific security components under IaaS, PaaS, and SaaS. The customer always owns their data. The split on identity, operating systems, and network controls depends on the service model. Memorize this table:
| Responsibility | IaaS | PaaS | SaaS |
| Data | Customer | Customer | Customer |
| Applications | Customer | Customer | Provider |
| Runtime | Customer | Provider | Provider |
| Operating system | Customer | Provider | Provider |
| Network controls | Shared | Provider | Provider |
| Physical infrastructure | Provider | Provider | Provider |
Cloud deployment models:
| Model | Definition | When the Exam Chooses It |
| Public cloud | Resources owned and operated by Microsoft, shared across customers | Company wants no capital expenditure, fastest deployment |
| Private cloud | Dedicated resources for one organization, on-premises or hosted | Company has strict regulatory or data sovereignty requirements |
| Hybrid cloud | Combination of public and private clouds connected together | Company needs to keep sensitive data on-premises while using cloud for burst capacity |
CapEx vs OpEx is a classic AZ-900 question type. CapEx (Capital Expenditure) means upfront investment in physical hardware you own. OpEx (Operational Expenditure) means ongoing payment for resources you use. Cloud computing shifts organizations from CapEx to OpEx. The exam asks which spending model applies to specific scenarios.
Study Time Allocation for Domain 1
| Background | Recommended Hours |
| No IT background | 6 to 10 hours |
| General IT background | 3 to 5 hours |
| Cloud experience | 1 to 2 hours for Microsoft-specific terminology review |
Domain 2: Describe Azure Architecture and Services (35 to 40 Percent)
This is the heaviest domain by exam weight and the hardest by volume. It covers the physical structure of Azure, and every major Azure service category. The challenge is not memorizing that these services exist — it is knowing specifically when to use each one versus its alternatives.
Azure Infrastructure Components
Physical infrastructure:
| Component | What It Is | Exam Tests |
| Datacenters | Physical buildings with servers | Exist globally — not tested in depth |
| Availability Zones | Physically separate datacenters within one region | Used for highest availability within a region — 99.99% SLA |
| Region Pairs | Two regions paired for disaster recovery | Used for cross-region redundancy — data remains in same geography |
| Sovereign Regions | Azure Government and Azure China | Meet specific government compliance requirements |
The Availability Zone vs Region Pair question appears on almost every AZ-900 exam. Availability Zones protect against datacenter failure within a single region. Region Pairs protect against entire region failure. The exam presents a scenario and asks which solution is appropriate based on the scope of protection needed.
Management infrastructure:
| Component | Definition | Exam Tests |
| Resources | Individual Azure items — a VM, a storage account, a database | Basic definition |
| Resource Groups | Logical containers for related resources | Scope of management and billing |
| Subscriptions | Billing and access boundary containing resource groups | Used to separate billing or apply different policies |
| Management Groups | Container for multiple subscriptions | Apply governance at scale across the organization |
| Azure Arc | Extend Azure management to non-Azure resources | Managing on-premises or multi-cloud resources through Azure |
Azure Compute Services
This is where most service selection questions come from. The exam presents a scenario and asks which compute service is the right choice.
| Service | What It Is | When the Exam Chooses It |
| Azure Virtual Machines | IaaS — full control over the operating system | Company needs specific OS configuration, running legacy apps, maximum control |
| Azure Virtual Machine Scale Sets | Automatically create and manage groups of identical VMs | Company needs automatic horizontal scaling of VMs |
| Azure App Service | PaaS — deploy web apps, APIs, and mobile backends without managing infrastructure | Company wants to deploy a web application without managing servers or OS |
| Azure Container Instances (ACI) | Run containers without managing underlying infrastructure | Simple, isolated container workloads without orchestration |
| Azure Kubernetes Service (AKS) | Managed Kubernetes for orchestrating containerized applications at scale | Company runs complex containerized microservices needing orchestration |
| Azure Functions | Serverless compute — runs code in response to events, pay per execution | Company needs to run small pieces of code triggered by events with no server management |
| Azure Virtual Desktop | Cloud-hosted Windows desktop environments | Remote workers needing full desktop access from anywhere |
The most commonly confused pair is Azure Container Instances vs Azure Kubernetes Service. ACI is for simple, single containers or small container groups without orchestration. AKS is for complex applications running multiple container types that need load balancing, auto-scaling, and container orchestration. The exam scenario almost always includes a key phrase — “complex microservices” for AKS or “simple isolated task” for ACI.
Azure Networking Services
| Service | What It Does | When the Exam Chooses It |
| Azure Virtual Network (VNet) | Private network within Azure for resources to communicate | Foundational — almost always part of any Azure networking scenario |
| VPN Gateway | Encrypted connection between Azure and on-premises over public internet | Company needs secure connection to Azure but cannot afford ExpressRoute |
| ExpressRoute | Private dedicated connection from on-premises to Azure bypassing the internet | Company needs guaranteed bandwidth, lower latency, higher security than VPN |
| Azure DNS | Host DNS zones in Azure | Company wants to manage DNS using Azure instead of a separate provider |
| Azure Content Delivery Network (CDN) | Cache content at edge locations globally for faster delivery | Company serves static content to global users and needs low latency |
| Azure DDoS Protection | Protects Azure resources from distributed denial of service attacks | Company wants protection against traffic floods targeting their services |
| Azure Firewall | Cloud-native managed network security service | Company needs centralized network security rule management |
The VPN Gateway vs ExpressRoute question is a classic AZ-900 scenario. The exam almost always includes one distinguishing detail. If the scenario mentions “private connection,” “dedicated bandwidth,” or “not over the internet,” the answer is ExpressRoute. If it mentions “cost-effective,” “acceptable latency,” or “connecting home offices,” the answer is VPN Gateway.
Azure Storage Services
| Service | What It Stores | When the Exam Chooses It |
| Azure Blob Storage | Unstructured data — images, videos, documents, backups | Company needs to store massive amounts of unstructured files |
| Azure File Storage (Azure Files) | File shares accessible via SMB and NFS protocols | Company needs shared drives accessible from multiple VMs or on-premises |
| Azure Queue Storage | Message queuing for asynchronous communication | Company needs to decouple application components with a message queue |
| Azure Table Storage | NoSQL key-value data for structured but non-relational data | Company needs simple structured data without complex queries |
| Azure Disk Storage | Block storage for Azure Virtual Machines | VM needs a persistent hard drive |
| Azure Data Lake Storage | Big data analytics storage | Company runs large-scale data analytics workloads |
The Blob Storage access tier question is frequently tested. Three access tiers exist:
| Tier | When to Use | Cost Pattern |
| Hot | Frequently accessed data | Higher storage cost, lower access cost |
| Cool | Infrequently accessed, stored at least 30 days | Lower storage cost, higher access cost |
| Archive | Rarely accessed, stored at least 180 days | Lowest storage cost, highest retrieval cost and time |
Exam scenario: “Company needs to store compliance logs that are never accessed but must be retained for 7 years at minimum cost.” Answer: Archive tier.
Azure Database Services
| Service | What It Is | When the Exam Chooses It |
| Azure SQL Database | Fully managed relational database (SQL Server engine) | Company is migrating from on-premises SQL Server |
| Azure Database for MySQL | Managed MySQL database | Company’s application is built on MySQL |
| Azure Database for PostgreSQL | Managed PostgreSQL database | Company’s application is built on PostgreSQL |
| Azure Cosmos DB | Globally distributed NoSQL database | Company needs a database with single-digit millisecond response times globally |
| Azure SQL Managed Instance | Full SQL Server compatibility in the cloud | Company needs features not in Azure SQL Database — closest to on-premises SQL Server |
| Azure Synapse Analytics | Analytics platform combining data warehousing and big data | Company needs to run analytics across massive datasets |
Azure Identity, Access, and Security Services
This section was significantly expanded in the January 2026 update. It now includes more AI-adjacent identity concepts.
| Service | What It Does | When the Exam Chooses It |
| Microsoft Entra ID (formerly Azure AD) | Cloud-based identity and access management | Any scenario involving user authentication in Azure or Microsoft 365 |
| Microsoft Entra Connect | Sync on-premises Active Directory with Entra ID | Company wants single sign-on across on-premises and cloud |
| Multi-Factor Authentication (MFA) | Requires additional verification beyond password | Any scenario requiring stronger authentication |
| Conditional Access | Policies that grant or block access based on conditions | Company wants to require MFA only for external users or specific locations |
| Microsoft Defender for Cloud | Security posture management and threat protection | Company wants to monitor security health across Azure workloads |
| Azure Key Vault | Store and manage secrets, keys, and certificates | Company needs to store API keys or connection strings securely |
| Microsoft Sentinel | Cloud-native SIEM and SOAR | Company needs security event monitoring and incident response |
Azure AI Services — the January 2026 expansion:
| Service | What It Does |
| Azure Cognitive Services | Pre-built AI capabilities — vision, speech, language, decision |
| Azure Machine Learning | Build, train, and deploy custom ML models |
| Azure OpenAI Service | Access to OpenAI’s GPT models through Azure |
| Microsoft Copilot | AI assistant integrated across Microsoft products |
| Responsible AI principles | Fairness, reliability, privacy, inclusiveness, transparency, accountability |
Responsible AI is now explicitly tested in AZ-900. Microsoft’s six Responsible AI principles appear in scenario questions. Know which principle applies to which scenario — a scenario about preventing bias maps to Fairness. A scenario about protecting user data maps to Privacy. A scenario about being clear that a system is AI maps to Transparency.
Study Time Allocation for Domain 2
| Background | Recommended Hours |
| No IT background | 12 to 18 hours |
| General IT background | 8 to 12 hours |
| Cloud experience | 4 to 6 hours |
Domain 3: Describe Azure Management and Governance (30 to 35 Percent)
This is the most underestimated domain. It is the second-largest portion of the exam and the area where even candidates with strong Azure knowledge lose points because they underinvest in preparation here.
Cost Management Tools
| Tool | What It Does | Exam Tests |
| Azure Cost Management | Analyze and optimize Azure spending | Identifying cost trends and setting spending alerts |
| Azure Pricing Calculator | Estimate costs before deploying resources | Comparing costs of different configurations before committing |
| Total Cost of Ownership (TCO) Calculator | Compare on-premises vs Azure costs | Justifying cloud migration to management by showing financial savings |
| Azure Advisor | AI-powered recommendations including cost optimization | Identifying unused resources and saving money |
| Azure reservations | Commit to 1 or 3 years upfront for discounted pricing | Company wants to reduce costs for predictable workloads |
| Spot VMs | Use unused Azure capacity at a discount | Company has interruptible workloads and wants lowest cost |
| Azure Savings Plans | Flexible discounts for consistent compute usage | Company has variable workloads but consistent spend commitment |
The Pricing Calculator vs TCO Calculator distinction is a guaranteed exam question. Pricing Calculator estimates the cost of specific Azure services you plan to use. TCO Calculator compares the total cost of running workloads on-premises versus Azure over time. Exam scenario: “Company wants to know how much they will save by moving to Azure.” Answer: TCO Calculator. “Company wants to estimate their monthly Azure bill for a specific VM configuration.” Answer: Pricing Calculator.
Azure Governance Features
| Feature | What It Does | Exam Distinction |
| Azure Policy | Enforce organizational standards and compliance rules across resources | Prevents non-compliant resources from being created |
| Azure RBAC | Control who can do what within Azure | Controls user and service permissions |
| Resource Locks | Prevent accidental deletion or modification of resources | Two types: CanNotDelete and ReadOnly |
| Azure Blueprints | Package Azure policies, RBAC, resource groups, and ARM templates for repeatable environments | Deploy compliant environments at scale |
| Microsoft Purview | Data governance — discover, classify, and manage data across your environment | Company needs visibility into data assets and compliance reporting |
| Service Trust Portal | Access compliance documentation including audit reports and certifications | Company wants to verify Microsoft’s compliance with specific regulations |
Azure Policy vs RBAC is the most tested governance topic. The exam distinguishes them precisely:
- Azure Policy: Controls what types of resources can be created or how they must be configured. Example: “All VMs must use managed disks.” Policy prevents non-compliant resources from existing.
- RBAC: Controls who can perform actions. Example: “User A can read but not delete resources.” RBAC determines access by identity.
Resource Lock types must be memorized:
- CanNotDelete: Users can read and modify the resource but cannot delete it
- ReadOnly: Users can read the resource but cannot modify or delete it
Azure Resource Management
| Tool | What It Does | Exam Tests |
| Azure Portal | Web-based UI for managing Azure resources | Visual management interface |
| Azure CLI | Command-line interface for Azure | Scripting and automation from command line |
| Azure PowerShell | PowerShell module for Azure management | Windows-based scripting and automation |
| Azure Resource Manager (ARM) | Deployment and management layer for all Azure resources | Infrastructure as code with ARM templates |
| Azure Bicep | Domain-specific language for ARM template deployment | Modern alternative to raw ARM templates |
| Azure Arc | Extend Azure management to resources outside Azure | Managing on-premises servers and Kubernetes through Azure tools |
| Azure Cloud Shell | Browser-based shell for Azure management | Access Azure CLI and PowerShell from anywhere |
Azure Monitoring and Support
| Service | What It Does | When the Exam Chooses It |
| Azure Monitor | Collect, analyze, and act on telemetry from Azure and on-premises | Company needs to monitor performance and availability |
| Azure Service Health | Personalized alerts for Azure service issues affecting your resources | Company wants to know when Azure outages affect their specific services |
| Azure Status | Global view of Azure service health | Company wants to know about widespread Azure issues |
| Log Analytics | Collect and query logs from multiple sources | Company needs centralized log management and querying |
| Application Insights | Application performance monitoring | Company wants to monitor their application’s performance and usage |
Azure Monitor vs Azure Service Health vs Azure Status is a three-way distinction the exam tests. Azure Monitor is for your own resources. Azure Service Health is personalized — it shows Azure issues affecting your specific subscriptions and regions. Azure Status is global — it shows all Azure incidents worldwide.
SLAs and Service Lifecycle
| Concept | What the Exam Tests |
| Service Level Agreements (SLAs) | Uptime guarantees Microsoft provides per service |
| SLA percentages and downtime | 99.9% = 8.7 hours downtime per year, 99.99% = 52.6 minutes per year |
| Composite SLA | When combining services, SLAs multiply — two 99.9% services together = 99.8% |
| Preview vs GA services | Preview services have no SLA guarantee |
| Free tier services | No SLA on free tiers |
The composite SLA calculation is frequently tested. Two services with 99.9% SLA each = 0.999 x 0.999 = 0.998001 = approximately 99.8%. Adding more services further reduces the composite SLA. The exam tests whether candidates know that combining services can lower overall SLA guarantees.
Study Time Allocation for Domain 3
| Background | Recommended Hours |
| No IT background | 8 to 12 hours |
| General IT background | 5 to 8 hours |
| Cloud experience | 3 to 5 hours |
Complete AZ-900 Topic Study Priority Matrix
| Domain | Exam Weight | Difficulty | Study Priority | Common Trap |
| Cloud Concepts | 25-30% | Low to moderate | High — get these right, they are foundational | Microsoft’s exact terminology differs from general industry usage |
| Azure Architecture and Services | 35-40% | Moderate | Highest — most questions come from here | Memorizing services exist without knowing when to use them vs alternatives |
| Azure Management and Governance | 30-35% | Moderate | High — most underestimated | Azure Policy vs RBAC confusion, skipping TCO vs Pricing Calculator distinction |
What Changed in the January 2026 AZ-900 Update
Microsoft updated the AZ-900 exam objectives on January 14, 2026. Here is specifically what changed:
| Changed Area | What Was Added or Modified |
| Azure AI services | Expanded coverage of Azure Cognitive Services, Azure Machine Learning, Azure OpenAI Service |
| Microsoft Copilot | New topic — how Copilot works across Microsoft products |
| Responsible AI | New explicit topic — Microsoft’s six Responsible AI principles |
| Identity and access | Expanded coverage of Microsoft Entra ID features including Conditional Access |
| Azure Arc | Expanded from a brief mention to a more detailed topic |
| Cloud security | Updated to reflect current Azure Defender and Sentinel capabilities |
Candidates using study materials published before January 2026 are missing these topics. The AI, Copilot, and Responsible AI additions are the most significant changes. If your practice materials do not include questions on Responsible AI principles or Azure OpenAI Service, they do not reflect the current exam.
CertEmpire’s AZ-900 exam preparation materials include 493 verified questions updated for the January 2026 exam objectives including all new AI and governance topics. Every question includes a complete explanation that teaches the reasoning behind the correct answer — not just the answer itself.
How Each Topic Is Actually Tested: Question Pattern Guide
Understanding the question patterns for each domain helps you prepare specifically for the exam format rather than just the content.
Pattern 1: Scenario-Based Service Selection
“A company needs to [accomplish specific goal] with [specific constraints]. Which Azure service should they use?”
How to answer: Identify the key constraint words. “Without managing servers” → PaaS service. “Maximum control over OS” → VM. “Lowest cost for infrequent access” → Cool or Archive tier. “Global users needing low latency” → CDN or Cosmos DB.
Pattern 2: Concept Distinction
“Which of the following best describes [elasticity / scalability / high availability]?”
How to answer: Use Microsoft’s exact definitions. Elasticity = automatic up and down scaling. Scalability = ability to handle increased load. High availability = percentage uptime guarantee.
Pattern 3: Responsibility Assignment
“In a PaaS model, who is responsible for managing [the operating system / the data / the physical hardware]?”
How to answer: Use the shared responsibility model table. Customer always owns data. OS responsibility depends on service model.
Pattern 4: Tool Selection
“A company wants to [estimate costs / compare on-premises vs cloud / enforce compliance / control user access]. Which Azure tool should they use?”
How to answer: Match the goal to the tool. Estimate → Pricing Calculator. Compare → TCO Calculator. Enforce rules on resources → Azure Policy. Control user permissions → RBAC.
Pattern 5: SLA Calculation
“A company’s solution uses [Service A] with 99.9% SLA and [Service B] with 99.95% SLA. What is the composite SLA?”
How to answer: Multiply the decimal values. 0.999 x 0.9995 = 0.9985005 = approximately 99.85%.
AZ-900 Exam Topics: What You Do NOT Need to Know
Knowing what is NOT on the AZ-900 is as valuable as knowing what is. Many candidates waste preparation time on content that does not appear on this exam.
| Topic | On AZ-900? | Notes |
| Azure CLI commands | No | Conceptual awareness only — no command memorization |
| ARM template syntax | No | Know it exists — not how to write it |
| PowerShell cmdlets | No | Conceptual awareness only |
| Subnetting and networking math | No | AZ-104 level content |
| KQL queries (Kusto Query Language) | No | AZ-900 level: know Log Analytics exists |
| Configuring Azure Policy | No | Know what it does — not how to configure it |
| Deep security implementation | No | Covered at AZ-500 level |
| Azure pricing specific dollar amounts | No | Know the models — not specific prices |
| How to deploy resources step by step | No | Conceptual awareness only |
Full Topic Checklist: Everything You Need to Know Before Exam Day
Use this as your final review checklist. Every item on this list has appeared in AZ-900 exam questions.
Domain 1 Checklist
- [ ] Define high availability, scalability, elasticity, reliability, predictability, security, governance, manageability
- [ ] Distinguish scalability from elasticity with examples
- [ ] Explain IaaS, PaaS, SaaS with examples and shared responsibility breakdown
- [ ] Identify public, private, hybrid cloud deployment models and when each is appropriate
- [ ] Define CapEx vs OpEx and why cloud computing shifts organizations from CapEx to OpEx
- [ ] Explain the shared responsibility model for each service type
- [ ] Define consumption-based pricing
Domain 2 Checklist
- [ ] Explain regions, availability zones, and region pairs — what each protects against
- [ ] Know the management hierarchy: resource, resource group, subscription, management group
- [ ] Select the correct compute service for each scenario: VM, VMSS, App Service, ACI, AKS, Functions, Virtual Desktop
- [ ] Select the correct networking service: VNet, VPN Gateway, ExpressRoute, DNS, CDN, DDoS Protection, Firewall
- [ ] Select the correct storage service and access tier for each scenario
- [ ] Select the correct database service for each scenario
- [ ] Explain Microsoft Entra ID, MFA, Conditional Access, RBAC at a conceptual level
- [ ] Identify Azure AI Services: Cognitive Services, Machine Learning, OpenAI Service, Copilot
- [ ] State Microsoft’s six Responsible AI principles and match each to a scenario
- [ ] Explain Microsoft Defender for Cloud, Azure Key Vault, Microsoft Sentinel
Domain 3 Checklist
- [ ] Distinguish Pricing Calculator from TCO Calculator with examples
- [ ] Explain Azure Cost Management, Azure Advisor, reservations, Spot VMs, Savings Plans
- [ ] Distinguish Azure Policy from RBAC — what each controls
- [ ] Know the two resource lock types: CanNotDelete and ReadOnly
- [ ] Explain Azure Blueprints, Microsoft Purview, Service Trust Portal
- [ ] Know management tools: Portal, CLI, PowerShell, ARM templates, Bicep, Arc, Cloud Shell
- [ ] Distinguish Azure Monitor, Azure Service Health, and Azure Status
- [ ] Calculate composite SLAs by multiplying decimal values
- [ ] Know that Preview services have no SLA
FAQSs
What topics are on the AZ-900 exam in 2026?
AZ-900 covers three domains in 2026. Cloud Concepts at 25 to 30 percent covers cloud benefits, service models (IaaS, PaaS, SaaS), deployment models, and the shared responsibility model. Azure Architecture and Services at 35 to 40 percent covers all core Azure infrastructure, compute, networking, storage, database, identity, and AI services. Azure Management and Governance at 30 to 35 percent covers cost tools, governance features, resource management tools, and monitoring services.
What changed in the AZ-900 January 2026 update?
Microsoft updated the AZ-900 on January 14, 2026. The most significant additions are expanded coverage of Azure AI Services, Microsoft Copilot, Responsible AI principles, and Microsoft Entra ID features including Conditional Access. The three-domain structure and passing score of 700 out of 1000 are unchanged. Candidates using pre-2026 materials are missing the AI and Copilot content.
Which AZ-900 domain has the most questions?
Azure Architecture and Services is the heaviest domain at 35 to 40 percent of the exam. On a 50-question exam this represents approximately 17 to 20 questions. Azure Management and Governance at 30 to 35 percent is second. Cloud Concepts at 25 to 30 percent is third.
What is the hardest topic in AZ-900?
Service selection questions in the Azure Architecture and Services domain are consistently the hardest. Choosing between similar services based on scenario requirements — ACI versus AKS, Azure SQL versus Cosmos DB, VPN Gateway versus ExpressRoute — requires understanding service differences, not just their names. The governance domain is the most underestimated and where many candidates unexpectedly lose points.
Do you need to know Azure CLI commands for AZ-900?
No. AZ-900 does not test specific command syntax. You need to know that CLI, PowerShell, ARM templates, and Bicep exist and what each is used for conceptually — not how to write or memorize specific commands.
Is AI covered in the AZ-900 exam?
Yes — and more than before since the January 2026 update. Azure Cognitive Services, Azure Machine Learning, Azure OpenAI Service, and Microsoft Copilot are all covered. Microsoft’s six Responsible AI principles — Fairness, Reliability, Privacy, Inclusiveness, Transparency, Accountability — are now explicitly tested.
How many questions are on the AZ-900 exam?
Microsoft does not disclose the exact number. The exam contains 40 to 60 questions. Some questions may be unscored pilot questions. The exam duration is 45 minutes.
What is the difference between Azure Policy and RBAC in AZ-900?
Azure Policy controls what types of resources can be deployed and how they must be configured — it enforces rules on resources. RBAC controls what actions specific users and services can perform — it enforces permissions on identities. The exam presents scenarios and asks which to use. “Prevent creating non-compliant VMs” uses Policy. “Prevent a specific user from deleting resources” uses RBAC.
Does AZ-900 cover Microsoft 365?
AZ-900 covers Microsoft Entra ID and Microsoft Copilot which are components of the Microsoft 365 ecosystem. It does not cover Exchange Online, SharePoint, or Teams administration. For Microsoft 365 fundamentals specifically, MS-900 is the relevant certification.
How long should I study for AZ-900?
Total study time depends on your background. Complete beginners need 40 to 60 hours across 4 to 6 weeks. General IT professionals need 20 to 35 hours across 2 to 3 weeks. Cloud professionals need 10 to 20 hours across 1 to 2 weeks. Allocate proportionally more time to Azure Architecture and Services — it is 35 to 40 percent of the exam.
