Azure Management and Governance covers the tools, policies, and practices used to organize, monitor, secure, and control Azure resources. The AZ-900 exam tests awareness of the key services in this area.
- Azure Policy: A service that lets you create, assign, and manage rules (policies) to enforce standards across your Azure resources. For example, you can restrict which regions resources can be deployed to, or require specific tags.
- Azure Blueprints: Allows you to define a repeatable set of Azure resources, policies, and role assignments that can be deployed together. Useful for setting up environments that must meet specific governance requirements. (Note: Azure Blueprints is being deprecated in favor of Azure Deployment Environments and Template Specs.)
- Resource Locks: Prevent accidental deletion or modification of resources. Two types exist: ReadOnly (no changes allowed) and Delete (resource cannot be deleted).
- Microsoft Purview: A unified data governance service that helps manage and govern on-premises, multi-cloud, and SaaS data. It provides data discovery, classification, and lineage capabilities.
- Azure Monitor: Collects and analyzes metrics and logs from Azure resources. It supports alerts, dashboards, and integration with other tools for performance and availability monitoring.
- Azure Service Health: Provides personalized alerts and guidance when Azure service issues, planned maintenance, or health advisories affect your resources.
- Azure Advisor: A free tool that analyzes your configurations and usage, then provides recommendations across five categories: Reliability, Security, Performance, Operational Excellence, and Cost.
- Cost Management and Billing: Azure Cost Management helps you monitor, allocate, and optimize cloud spending. It includes budgets, cost alerts, and spending reports. The Pricing Calculator estimates costs before deployment, while the Total Cost of Ownership (TCO) Calculator compares on-premises costs to Azure costs.
- Tags: Name-value pairs applied to Azure resources for organization, cost tracking, and automation. Tags are not inherited by default from resource groups to individual resources.
- Management Groups: Containers that help organize subscriptions into a hierarchy for applying policies and access controls at scale. Sit above subscriptions in the Azure organizational structure.
The hierarchy from top to bottom is: Management Groups → Subscriptions → Resource Groups → Resources. Governance controls applied at a higher level flow down to lower levels.