After completing the AZ‑900 certification, I realized that Microsoft Azure is far more than a cloud platform—it’s a well‑designed ecosystem built to support modern applications at scale. In this article, I’ll introduce Azure using the same structured framework I studied for AZ‑900, but with a stronger focus on practical, real‑world understanding from a developer’s perspective.
I. Understanding Cloud Concepts Before Using the Cloud
Before deploying anything, it is essential to understand what cloud computing actually provides.
Microsoft Azure is a cloud computing platform developed by Microsoft that offers on-demand computing resources over the internet. Instead of managing physical servers, developers provision infrastructure and services dynamically.
Service Models
Azure services are generally categorized into three cloud models:
- IaaS (Infrastructure as a Service)
Infrastructure as a service gives you maximum control over your cloud environment because you manage almost everything except the physical hardware. The provider handles the datacenter equipment, internet connectivity, and on‑site security, while you take charge of installing and maintaining operating systems, configuring networks, setting up storage and databases, and managing applications. In practice, it’s like renting servers and networking gear in someone else’s datacenter, with full freedom to decide how those resources are used.
Example: Running a Linux server on Azure Virtual Machines.
- PaaS (Platform as a Service)
Platform as a service can be described as a cloud model that sits between IaaS and SaaS, giving you a managed environment for building and running applications without dealing with the underlying system layers. The provider takes care of the physical servers, security, networking, and also the software stack that supports development—such as operating systems, middleware, runtime environments, and analytics tools. Because these layers are handled for you, you don’t need to manage licenses, updates, or patches for the OS or databases.
Example: Deploying a web application on Azure App Service.
- SaaS (Software as a Service)
Software as a service refers to using a fully built, ready‑to‑use application that runs in the cloud. Instead of installing or managing the software yourself, you simply access it—common examples include email services, accounting tools, messaging platforms, and collaboration apps. Because everything is already developed and maintained by the provider, you’re essentially subscribing to a complete product.
Even though SaaS offers the least customization, it’s also the simplest and fastest model to adopt. It requires minimal technical skill because all updates, maintenance, and infrastructure responsibilities are handled for you.
Example: Microsoft 365.
II. Networking and Storage
Azure Networking
Azure’s networking services provide the core connectivity that allows your cloud resources to communicate securely and efficiently. At the foundation are services like Virtual Networks (VNets), Private Link, Azure DNS, Bastion, Route Server, NAT Gateway, and Traffic Manager, which together create a customizable and secure network environment for your applications. These tools let you isolate workloads, manage routing, control inbound and outbound traffic, and connect on‑premises networks to Azure.
Beyond basic connectivity, Azure also offers load balancing and content delivery capabilities—such as Load Balancer, Application Gateway, and Azure Front Door—to distribute traffic, improve performance, and ensure high availability. These services help optimize how applications respond to user requests, whether they’re internal workloads or global web applications.
Security is built into the networking layer through features like network security groups, firewalls, and private endpoints, allowing you to tightly control which resources can communicate and how that communication happens.
Azure Storage
Azure Storage is Microsoft’s cloud‑based platform for storing and managing data at massive scale. It’s designed to be highly available, durable, secure, and globally accessible, making it suitable for everything from simple file storage to large‑scale analytics workloads. Azure Storage supports multiple data types and offers tools that developers and IT teams can use from anywhere via HTTP/HTTPS and REST APIs.
Core Characteristics:
- Massive scalability — Designed to grow with your data needs, from gigabytes to petabytes.
- High durability and availability — Multiple copies of your data are stored to protect against failures.
- Strong security — Encryption, network isolation, and identity-based access controls are built in.
- Global accessibility — Data can be accessed from anywhere over secure HTTP/HTTPS endpoints.
- Developer-friendly — Supports REST APIs and client libraries for .NET, Java, Python, JavaScript, C++, and Go.
Azure maintains extra copies of your data to ensure availability and durability, even when failures occur. These failures can include hardware issues, power or network outages, or natural disasters. Choosing a redundancy option is a balance between cost, performance, and resilience.
Redundancy within the primary region
These options keep your data inside a single Azure region.
- Locally Redundant Storage (LRS) — Your data is copied three times within a single datacenter. It’s the most cost‑effective option but doesn’t protect against a full datacenter outage.
- Zone‑Redundant Storage (ZRS) — Your data is stored across three separate availability zones within the same region. This protects against datacenter‑level failures while staying within one region.
Redundancy across regions
These options replicate your data to a geographically distant secondary region.
- Geo‑Redundant Storage (GRS) — Your data is stored three times in the primary region (like LRS) and then copied to a secondary region for disaster recovery.
- Read‑Access Geo‑Redundant Storage (RA‑GRS) — Same as GRS, but you can read from the secondary region. This improves availability during regional outages.
III. Security and Identity
Azure security and identity in the cloud revolve around protecting access to resources through strong authentication, authorization, and continuous threat-aware controls. At the center of this model is Microsoft Entra ID, which provides identity management, single sign‑on, multifactor authentication, and role‑based access control to ensure that only the right people and applications can reach the right resources.
Security Concepts in Azure
Azure security concepts center on protecting identities, data, applications, and infrastructure through a multilayered, defense‑in‑depth approach. This model combines built‑in platform protections, shared responsibility between Microsoft and customers, and advanced security services that detect and respond to threats. Azure emphasizes securing every layer—from physical datacenters to identities, networks, and workloads—because cloud environments face constantly evolving cyber risks.
Defense in depth
Azure applies multiple layers of protection across physical, network, identity, application, and data layers. If one layer is compromised, others continue to protect the environment. This includes secure datacenters, network segmentation, identity controls, encryption, and monitoring.
The Zero Trust model
Zero Trust treats every network—internal or external—as untrusted, so no user or device is assumed safe by default. It follows the idea of “never trust, always verify,” meaning every access request must be authenticated, authorized, and continuously validated before anything is granted.
Data protection
One way to mitigate against common cybersecurity threats is to encrypt sensitive or valuable data. Encryption is the process of making data unreadable and unusable to unauthorized viewers. To use or read encrypted data, it must be decrypted, which requires the use of a secret key.
Shared responsibility model
Microsoft secures the physical infrastructure, hosts, and foundational services, while customers secure their identities, data, applications, and configurations. Understanding this division is essential for building a secure cloud environment.
Core Identity Concepts in Azure
Identity management
Identity management ensures that every user, device, or application accessing Azure resources is properly authenticated and authorized. Microsoft Entra ID acts as the cloud identity provider, extending on‑premises Active Directory to the cloud and enabling unified access across thousands of SaaS and on‑premises applications.
Single sign‑on (SSO)
SSO allows users to sign in once and access multiple applications without repeatedly entering credentials. This reduces password fatigue and improves security by minimizing exposed credentials. Entra ID supports SSO for a wide range of cloud and on‑premises apps.
Multifactor authentication (MFA)
MFA adds a second verification step—such as an authenticator app, biometric sign‑in, or security key—to strengthen protection against unauthorized access. It provides a critical extra layer of defense while keeping the sign‑in experience smooth.
Role‑based access control (RBAC)
RBAC assigns permissions based on roles rather than individual accounts, ensuring users only have the access they need. This supports the principle of least privilege and helps reduce accidental or malicious misuse of resources.
Additional security capabilities
Azure identity and security services also support modern frameworks such as Zero Trust and conditional access, which evaluate user identity, device health, location, and risk signals before granting access. These approaches help organizations defend against evolving threats.
IV. Pricing Model and Operational Flexibility
Azure Pricing Model
Pay‑as‑you‑go
You are billed based on actual consumption with no upfront commitment. This is ideal for workloads that change frequently because you can scale resources up or down instantly.
Reserved capacity
You commit to using a service (such as virtual machines or databases) for one or three years in exchange for a lower price. This is best for predictable, always‑on workloads.
Spot pricing
You use unused Azure capacity at a steep discount, with the understanding that Azure can reclaim the resources at any time. This works well for batch jobs, testing, or workloads that can tolerate interruptions.
What affects cost
- Service type (compute, storage, networking)
- Region where the service runs
- Performance tier
- Data transfer
- Duration of usage
These factors allow organizations to tailor spending to their technical and financial goals.
Operational Flexibility in Azure
Elastic scalability
Azure resources can automatically scale based on demand. This prevents overprovisioning and reduces wasted cost.
Global deployment
Azure’s worldwide datacenter network lets you run applications close to users, improving performance and offering redundancy options.
Multiple service tiers
Most Azure services offer different performance levels, allowing you to choose between cost‑optimized or high‑performance configurations.
Cost management tools
Azure provides budgeting, monitoring, and optimization tools to help track spending and identify savings opportunities.
V. What AZ-900 Changed in My Perspective
Studying for AZ-900 was not just about passing an exam. It helped me structure cloud knowledge into:
- Concepts
- Services
- Security
- Cost management
More importantly, it shifted my mindset from “managing servers” to “designing scalable systems.”
VI. Conclusion
Microsoft Azure is not just a collection of cloud services. It is a comprehensive ecosystem designed to support modern software architectures — from startups to global enterprises.
For developers transitioning from traditional infrastructure or embedded systems to cloud-native environments, Azure provides a structured path forward.
Earning AZ-900 was only the beginning. The real value comes from applying these concepts in real-world architectures.
References:
https://learn.microsoft.com/en-us/training/modules/describe-cloud-service-types/2-describe-infrastructure-service
https://learn.microsoft.com/en-us/training/modules/describe-cloud-service-types/3-describe-platform-service
https://learn.microsoft.com/en-us/training/modules/describe-cloud-service-types/4-describe-software-service
https://learn.microsoft.com/en-us/training/modules/describe-azure-compute-networking-services/8-virtual-network
https://learn.microsoft.com/en-us/training/modules/describe-security-concepts-methodologies/3-describe-defense-depth
https://learn.microsoft.com/en-us/training/modules/describe-security-concepts-methodologies/4-describe-zero-trust-model
https://learn.microsoft.com/en-us/training/modules/describe-security-concepts-methodologies/5-describe-encryption-hashing
https://learn.microsoft.com/en-us/training/modules/describe-security-concepts-methodologies/2-describe-shared-responsibility-model
https://learn.microsoft.com/en-us/training/modules/describe-identity-principles-concepts/3-define-identity-primary-security-perimeter
https://azure.microsoft.com/en-us/pricing/https://www.swiftorial.com/tutorials/cloud_computing/azurecloud/introduction_to_azurecloud/azure_pricing_models/
