Azure Fundamentals Part 1 Summary

This is a summary of Azure Fundamentals part 1: Describe core Azure concepts. This learning path is made up of the following modules:

This is actually a bit of a mess. The first module is repeated in every Azure Fundamentals learning path. The second module is actually a repetition of the first, and the third covers part of the first module in more detail.

My goal here is to gather the most important points to serve as a decent summary for anyone preparing to take the Azure Fundamentals exam.

Cloud Computing

Cloud computing is the delivery of computing services over the internet.

  • You typically pay for what you use
  • Someone else manages certain resources for you (e.g. underlying physical hardware)
  • Compute power and storage are the main cloud resources
  • You can add/remove resources as needed

Basically, you’re renting computing and storage resources from someone else’s datacentre. Thus you don’t need to concern yourself with things like building security or cooling. The pay-as-you-go model is handy because you can provision (and de-provision) resources quickly and as needed:

  • No upfront costs
  • No need to buy and manage idle resources
  • Pay for additional resources when needed
  • Stop paying for resources when they are no longer needed

On a financial level, cloud usage shifts IT expense from CapEx to OpEx:

  • Capital expenditure (CapEx): up-front expenditure on infrastructure, which incurs depreciation over time
  • Operating expenditure (OpEx): pay for what you use, just like electricity

Advantages of cloud computing include:

  • High availability
  • Scalability (vertical and horizontal)
  • Elasticity (autoscaling)
  • Agility
  • Geo-distribution
  • Disaster recovery

Cloud Service Models

Azure and similar cloud providers offer a large range of services. These services abstract underlying resources at different levels, and are generally categorised as follows:

  • Infrastructure as a Service (IaaS): Azure manages the hardware, but you manage the OS, networking, etc. This category offers most control/flexibility but you have to take care of more things yourself (e.g. Azure virtual machines).
  • Platform as a Service (PaaS): Azure manages the hosting environment (e.g. VMs, networking). You just deploy your application (e.g. Azure App Service).
  • Software as a Service (SaaS): Azure manages all aspects of the application environment, including the application itself. You just bring your data (e.g. Office 365).

Serverless computing sits in the PaaS category, and offers a way to execute code in an event-driven manner that scales automatically, without needing to manage infrastructure. Servers are hidden (e.g. Azure Functions).

Public, Private and Hybrid Cloud

  • Public cloud: Azure sells services over the internet to anyone. Technically the physical server resources are shared.
  • Private cloud: Resources are dedicated to one organisation. This can be on-premises or hosted by the cloud service provider (i.e. Azure).
  • Hybrid cloud: Uses both public and private cloud, sharing some resources between them.

How Azure Works

  • Azure uses virtualisation
    • A hypervisor sits between hardware and OS
    • This allows a single physical server to run several VMs, at massive scale
  • Azure has datacentres all over the world
    • Each datacentre has many racks filled with servers
    • Each server includes a hypervisor to run multiple VMs
    • Servers are connected by network switches
  • One server in each rack includes a fabric controller
    • Fabric controller receives instructions from an orchestrator
    • Orchestrator manages everything that happens in Azure, including responding to user requests
  • API requests (e.g. to deploy a VM, from the Azure Portal) will go to an orchestrator, which talks to a fabric controller, which provisions/deprovisions resources as needed.

The above is explained graphically in a video at the What is Azure? page.


The Azure Portal is a web interface to view and manage your Azure subscription and resources. It has instances in every datacentre (so it’s close to users) and runs with high availability – updates incur no downtime.

The Azure Marketplace contains third party solutions to be run on Azure.

Azure Services

There is a long list of services on Azure, split up into a number of categories – you can see them at the Tour of Azure services. The more important of these are covered in subsequent learning paths, so let’s just take a high-level look at the categories at this stage:

  • Compute: VMs, container services, serverless functions, etc
  • Networking: virtual networking, load balancing, VPN, and other networking and security services
  • Storage: unstructured storage including blob, file (file server), queue and table (schemaless NoSQL) storage. These are all durable and highly available, secure, scalable, managed, and accessible via HTTP or HTTPS.
  • Mobile: backend services for mobile apps such as offline data sync, push notifications, connectivity to on-premises resources (e.g. SQL Server), and corporate sign-in.
  • Databases: several managed data store offerings ranging from managed RDBMSes (Azure SQL, MySQL, PostgreSQL, MariaDB), Redis, as well as CosmosDB (globally distributed NoSQL).
  • Web: App Service (managed hosting for web apps), Notification Hubs (push notifications), SignalR service, API management and more.
  • Internet of Things (IoT): connect, monitor and manage IoT devices.
  • Big Data: Synapse Analytics (managed enterprise data warehouse), HDInsight (Managed Hadoop clusters), Databricks (Apache Spark-based analytics service)
  • Artificial Intelligence (AI): Machine Learning Service (develop your own ML models) and Studio (use prebuilt ML algorithms). Cognitive Services are related, and comprise Vision, Speech, Knowledge Mapping, Bing Search, and Natural Language Processing.
  • DevOps: Azure DevOps (git repos, pipelines, testing, project management) and DevTest Labs (set up environments for testing).

Azure Subscriptions

An Azure account has one or more subscriptions.

  • Resources are anything you use within Azure (e.g. VMs)
  • Resource groups are a logical group of (related) resources
  • Subscriptions are a group of user accounts and resources; limits/quotas apply
  • Management groups are groups of subscriptions which inherit access, policy and compliance rules

Subscriptions can be used to separate things like environments (e.g. Dev and Prod), departments and billing. They can also be used to deal with limits at a subscription level by adding additional subscriptions. Subscriptions provide isolation in the form of a billing boundary (e.g. bill by department) and an access control boundary (e.g. you can only access Dev and Test environments).

A billing profile can be used to manage invoicing across subscriptions. A billing account can have multiple billing profiles (each of which is an invoice), each of which can have multiple invoice sections, each of which can contain multiple Azure subscriptions.

On management groups:

  • Can be nested to form a hierarchy; rules are inherited by children (other management groups, subscriptions, resource groups and resources)
  • Can give users access to multiple subscriptions via Role-Based Access (RBAC)
  • Can have up to 10,000 management groups in a single directory
  • Can have up to 6 levels of depth (excluding root and leaves (subscriptions))
  • Each can have only one parent
  • Each can have many children

On resource groups:

  • All resources must be in a resource group
  • Resource groups can’t be nested
  • Each resource can only be in one resource group
  • Serve as logical grouping of resources
  • Deleting a resource group deletes all the resources in it
  • Act as scope for RBAC permissions

The Azure Resource Manager (ARM) is a management layer that can be thought of as providing CRUD around resources. ARM also allows resources to be managed by templates – this is covered in more detail in a later learning path.

  • Azure Portal, Azure Powershell & Azure CLI (via SDKs), and REST clients talk to the Azure API
  • Azure API talks to ARM
  • ARM verifies authentication & authorisation
  • ARM can then perform actions (e.g. provision) on Azure services


A region is basically a geographical area where Azure has its datacentres.

  • A region has one or more datacentres nearby, connected by a low-latency network
  • Most resources have to be deployed to a region (which you choose)
  • Some services are only available in certain regions
  • Some services are global and don’t need a region at all
  • Deploying resources across regions gives you scalability, redundancy, data residency (when data must legally reside within a country), and allows data to be close to users

Some regions are special and not available to the general public. This includes several isolated datacentres used by the US Government, and datacentres in China which are operated by a partner.

Availability zones (AZs) are physically separate datacentres in an Azure region.

  • One or more datacentres with independent power, cooling and networking
  • Isolation boundary: it would take a major disaster for more than one AZ to fail in the same region (see also Region pairs further below)
  • AZs in the same region are connected via high-speed fiber-optic networks
  • Not all regions support AZs

Azure services supporting availability zones:

  • Are mainly VMs, managed disks, load balancers and SQL databases
  • Zonal services: pin resource to specific zone (e.g. VMs)
  • Zone-redundant services: replicates across zones

Region pairs:

  • A region is paired (directly connected) with another region in the same geography, at least 300 miles away (where available)
  • The pair is far enough that disasters shouldn’t take out both regions
  • Updates are rolled out to one region in a pair at a time
  • In case of outages to both regions, one region in a pair is prioritised to restore service quickly to at least one region in the pair
  • Data continues to reside within the same geography, which can be important for legal/compliance reasons

One thought on “Azure Fundamentals Part 1 Summary”

Leave a Reply

Your email address will not be published. Required fields are marked *