An analysis of the top-ranking competitors (including Microsoft Learn, GeeksforGeeks, Thomas Maurer, and major training platforms) indicates that the highest-ranking pages succeed by delivering an absolute all-in-one resource. They don’t just list the exam modules; they also provide an end-to-end learning path, deep dives into theoretical cloud architecture, clear definitions of core Azure services, and actionable study strategies.

To position your site to rank at the absolute top of the Search Engine Results Page (SERP), this guide is built with maximum structural depth, strict search engine optimization (SEO) alignment, semantic keyword density, and an easy-to-read layout. It explicitly serves both search intents: informational (comprehensive technical training) and commercial (exam breakdown, preparation pathways, and certification value).

AZ-900 Microsoft Azure Fundamentals Complete Guide

The shift toward cloud environments is the defining infrastructure trend of modern enterprise technology. Among public cloud providers, Microsoft Azure continues to experience massive enterprise adoption across global sectors.

For IT professionals, system administrators, software developers, and non-technical business stakeholders seeking to validate their cloud expertise, the AZ-900 Microsoft Azure Fundamentals certification serves as the definitive entry point. This comprehensive guide covers every concept measured on the modern blueprint for the Azure Fundamentals Certification, providing conceptual architecture, product breakdowns, and strategic exam insights to help you pass your test on the first attempt.

1. Demystifying the AZ-900 Exam Structure & Objectives

Before deploying services in the cloud ecosystem, it is vital to understand the structural boundaries and administrative mechanics outlined in the official Microsoft Azure AZ-900 exam. The exam is intentionally designed to evaluate conceptual clarity rather than deep scripting, automation, or engineering implementation.

Core Exam Parameters

The exam operates under strict parameters established by Microsoft Worldwide Learning:

Total Duration: 60 minutes for the active testing session (additional time is allocated for non-disclosure agreements and system setup).
Question Volume: Typically ranges between 40 and 60 questions.
Question Typologies: Multiple-choice (single or multiple correct answers), drag-and-drop structural matchings, drop-down option selections, and multi-part case scenario evaluations where a single premise dictates consecutive true/false responses.
Scoring Threshold: Evaluated on a scale from 1 to 1,000 points. Candidates must achieve a minimum scaled score of 700 to earn the credential. There is no penalty or negative marking for incorrect selections.
Exam Delivery: Administered globally via Pearson VUE in either an offline testing centre infrastructure or an online proctored environment utilizing real-time biometric and video monitoring.

Objective Domain Breakdown

The modern AZ-900 exam guide reflects an updated operational blueprint. The test domain weights are distributed across three primary conceptual clusters:

[AZ-900 Exam Weight Distribution]
├── Describe Cloud Concepts (25-30%)
├── Describe Azure Architecture and Services (35-40%)
└── Describe Azure Management and Governance (30-35%)

This structural weighting emphasizes that while structural components and specific services form the core of the exam, administrative governance, billing mechanics, and conceptual cloud physics each carry equal weight in achieving a passing mark.

2. Domain 1: Foundational Cloud Concepts (25–30%)

To understand Microsoft Azure, you must first master the architectural shift from legacy on-premises data centres to distributed cloud infrastructure. This domain tests your understanding of the foundational economics and structural patterns of cloud environments.

What is Cloud Computing?

Cloud computing is the on-demand delivery of computing services over the internet, with consumption-based pricing. Instead of buying, owning, and maintaining physical data centres and hardware, organizations rent access to compute power, storage arrays, networking fabrics, and database engines from a cloud provider such as Microsoft.

The Financial Pivot: CapEx vs. OpEx

Transitioning to the cloud alters an organization’s financial reporting and accounting structures.

Capital Expenditure (CapEx): This involves upfront spending on physical, tangible infrastructure. Buying physical rack servers, procuring network switches, securing data center real estate, and deploying uninterruptible power supplies (UPS) are classic CapEx examples. These assets must be depreciated over their useful lifespans on corporate balance sheets, binding significant cash flow up front.
Operational Expenditure (OpEx): This refers to spending money on products and services continuously as business operations demand. Cloud computing fits completely within OpEx. Organizations are billed instantly for the exact amount of computational resources consumed within a billing cycle. This eliminates massive upfront infrastructure costs and allows capital to be directed toward agile operational objectives.

The Consumption-Based Model

Under an operational expenditure framework, cloud providers operate on a consumption-based model. This means end users pay only for the resources they actively provision and use. If an enterprise spins down a collection of Virtual Machines over a weekend, Billing stops for those compute units. Key metrics driving consumption costs include:

Compute runtime hours mapped to specific CPU/RAM configurations.
Monthly data volume stored per gigabyte/terabyte.
Network egress traffic (data leaving Azure data centers).

Core Benefits of Cloud Architectures

When building an Azure fundamentals course study plan, you must clearly distinguish between the structural characteristics of cloud systems:

High Availability (HA): Ensures that cloud-hosted applications and data remain continuously accessible without noticeable downtime, even during localized hardware failures, power grid disruptions, or network path drops. This is achieved through component redundancy.
Scalability: The structural capacity of a system to handle increased workloads by expanding its resource footprint. Scalability operates in two dimensions:
Vertical Scaling (Scale-Up): Increasing the power of an existing resource, such as upgrading a virtual machine from 4 CPU cores to 16 CPU cores.
Horizontal Scaling (Scale-Out): Adding more instances of a resource to an existing pool, such as adding five additional identical web servers behind a load balancer to distribute traffic.
Elasticity: The ability of a cloud platform to automatically scale resources up or down in real-time response to dynamic demand spikes or drops. For example, during an e-commerce flash sale, an elastic system automatically spins up instances to handle the traffic and deletes them when traffic subsides, optimizing operational costs.
Agility: The velocity at which IT development teams can allocate, provision, test, and launch new software environments. Instead of waiting weeks or months for physical hardware procurement and racking, developers can deploy full application stacks in minutes via cloud control planes.
Reliability & Disaster Recovery (DR): The system’s capability to recover gracefully from catastrophic failures or natural disasters. By leveraging distributed cloud data centres, data can be replicated across multiple, safe geographic regions. If a complete region experiences an outage, operations can failover to a healthy secondary region.

Cloud Service Categories (IaaS vs. PaaS vs. SaaS)

Understanding how responsibilities shift requires an analytical breakdown of the three primary cloud service categories:

1. Infrastructure as a Service (IaaS)

IaaS provides bare-metal computing resources over the internet. Microsoft manages the underlying physical hardware, virtualization layers, and global data centers. The customer rents access to virtual servers, raw network switches, and block storage volumes.

Customer Duties: The customer must manually install, patch, and maintain the operating system; configure network firewalls; deploy middleware; and manage all software runtimes.
Analogy: Renting an empty plot of land. You must build, design, and maintain the structural walls and plumbing yourself.

2. Platform as a Service (PaaS)

PaaS elevates the abstraction layer. Microsoft manages the physical infrastructure, as well as the operating system, database engines, web server runtimes, and automated patching frameworks. The customer is provided a managed environment where they can upload and execute application code without worrying about server maintenance.

Customer Duties: Focused entirely on application logic, code deployment configurations, and data state profiles.
Analogy: Renting a fully serviced office space. The building management handles the security, heating, and cleaning; you simply bring your staff and do your work.

3. Software as a Service (SaaS)

SaaS delivers a complete, fully operational software application over the web, managed entirely by the vendor. The user interacts with the application via a web browser or a thin client.

Customer Duties: End-user account settings, password hygiene, and data entry configurations.
Analogy: Dining out at a restaurant. You don’t manage the kitchen, the ingredients, or the cook; you simply order and consume the meal.

Serverless Computing

An advanced evolution of PaaS is Serverless Computing. In this paradigm, developers build applications without thinking about servers or explicit resource provisioning. The cloud platform abstracts the infrastructure completely. Code executes purely in response to specific system events (such as an incoming HTTP web request or a file upload to storage). Serverless scales automatically from zero instances to thousands in seconds, and Billing occurs solely for the exact millisecond duration of code execution.

Cloud Deployment Models: Public, Private, and Hybrid

Enterprises deploy their infrastructure across three distinct cloud typologies:

Public Cloud: All underlying physical compute infrastructure is owned, operated, and maintained by a third-party hyperscale cloud vendor (Microsoft). Resources are securely isolated and multi-tenanted across global hardware pools, with access delivered over secure internet connections.
Private Cloud: Computing infrastructure is dedicated exclusively to a single business organization. This hardware can reside in the company’s on-premises data centre or be hosted by a third-party provider on a dedicated, isolated hardware footprint. It offers complete structural control but requires significant upfront CapEx.
Hybrid Cloud: A combined deployment model that bridges public cloud environments and private on-premises clouds. Secure networking connections (such as VPNs or dedicated fiber lines) allow data and application states to interoperate smoothly between the two environments. This allows an enterprise to store sensitive regulatory data in an on-premises private cloud while bursting web applications to a public cloud to handle seasonal traffic spikes.

3. Domain 2: Core Azure Architecture & Services (35–40%)

This domain covers Microsoft Azure’s global physical footprint and the core digital services used to build cloud environments.

Azure Global Physical Infrastructure

Azure does not exist merely as an abstract concept; an enormous global physical infrastructure network anchors it. To build reliable systems, you need to understand how Azure groups its physical data centers.

Data Centers

The fundamental atomic building block of Azure’s infrastructure. These are massive, secure physical buildings distributed worldwide that contain rows of standardized server racks, cooling infrastructure, power distribution facilities, and high-speed network switches.

Regions

An Azure Region is a geographic area on the planet containing at least one, and often multiple, physical data centres clustered together. They are interconnected through a dedicated, ultra-low-latency regional fiber network. When provisioning any resource in Azure, you must explicitly select a target Region (e.g., East US, West Europe, or Central India). This choice directly influences user access latency, data residency compliance, and resource billing rates.

Region Pairs

Every Azure Region is permanently paired with another geographical region within the same continent, situated at least 300 miles away. This design choice ensures that if a massive regional disaster occurs (such as an earthquake, flood, or widespread power grid collapse), Microsoft can coordinate recovery operations out of the healthy paired region. System updates are also rolled out sequentially across region pairs to eliminate the risk of simultaneous multi-region down-time.

Availability Zones

Availability Zones are unique physical data center locations within an individual Azure Region. Each zone is an isolated physical entity equipped with independent power supplies, specialized cooling configurations, and dedicated network lines. A single region contains a minimum of three separate Availability Zones.

By deploying application workloads redundantly across multiple Availability Zones inside a region, enterprises create a highly resilient infrastructure stack that can withstand the complete loss of an entire data center building.

The Azure Resource Management Hierarchy

Azure enforces a strict four-level hierarchical structural framework for organizing and managing cloud resources safely and predictably.

1. Management Groups

The highest container level designed to govern governance, compliance policies, and identity access across multiple Azure subscriptions. Conditions applied at a Management Group level are automatically inherited downward by all nested subscriptions.

2. Subscriptions

An Azure Subscription is an administrative and logical billing container that links user accounts to an Azure environment. Every resource deployed must live inside a specific subscription. It sets operational limits (quotas) and acts as an explicit billing boundary for tracking cloud spending.

3. Resource Groups

A logical container that groups related Azure resources together for unified lifecycle management. A resource group holds items like Virtual Machines, Virtual Networks, and Storage Accounts that share a common project lifecycle. If a project is discontinued, an administrator can delete the single containing Resource Group, which cleanly tears down all nested components in one action.

4. Resources

The individual service instances created within the Azure platform. Examples include a single Database instance, a single Virtual Machine network card, or an isolated Public IP Address block.

Azure Resource Manager (ARM)

ARM is the underlying deployment and management control plane for all of Azure. When an administrator interacts with Azure via the graphical Azure Portal, the command-line interface, or an automation script, ARM processes the request, authenticates the identity, and orchestrates the physical infrastructure provisioning.

ARM allows engineers to declare infrastructure state files using declarative JSON or Bicep templates, a practice known as Infrastructure as Code (IaC).

Core Azure Compute Services

Compute services form the processing engine of cloud applications. Azure provides a variety of hosting models tailored to different application workloads.

Azure Virtual Machines (VMs): Azure’s primary IaaS compute product. Virtual Machines provide customized, on-demand compute resources that allow users to run Windows or Linux operating systems in the cloud without purchasing physical hardware. They require manual configuration, operating system maintenance, and patching.
Azure VM Scale Sets: A compute management product that allows administrators to deploy, configure, and manage a cluster of identical, load-balanced Virtual Machines. Scale sets support automated horizontal scaling. If web traffic demand surges, VM Scale Sets automatically spin up additional VM nodes; when demand drops, they cleanly terminate excess instances to save costs.
Azure App Services: A fully managed PaaS platform tailored for hosting web applications, RESTful APIs, and mobile app backends. Developers can deploy code written in .NET, Java, Node.js, Python, or PHP without worrying about the underlying server infrastructure, operating system updates, or network security patching.
Azure Container Instances (ACI): A serverless container service that allows for rapid execution of isolated Docker containers on demand. ACI eliminates the need to provision virtual machines or configure advanced container orchestration systems. It is optimized for simple containerized workloads, background processing tasks, and rapid build pipelines.
Azure Kubernetes Service (AKS): A robust, enterprise-grade, fully managed container orchestration product based on open-source Kubernetes. AKS simplifies deploying, scaling, and managing complex, multi-container microservice architectures by abstracting the master management plane.
Azure Virtual Desktop: A comprehensive desktop and application virtualization hosting service running securely in the cloud. It enables enterprises to deliver a secure remote-work experience, allowing employees to access Windows 10 or Windows 11 environments from any internet-connected consumer device.

Core Azure Networking Services

Networking services tie cloud environments together, securing communication paths between compute resources and the public internet.

Azure Virtual Networks (VNet): The fundamental building block for private networks inside Azure. A VNet enables Azure resources (like VMs) to communicate securely with each other, the internet, and on-premises corporate infrastructure. VNets can be segmented into isolated subnets and support customized private IP address allocations.
Virtual Network Peering: A high-speed connection mechanism used to link two separate Azure Virtual Networks seamlessly. Once peered, the networks route traffic between themselves as a single unified private network, leveraging Microsoft’s private backbone fibre rather than exposing traffic to the public internet.
Azure VPN Gateway: A specialized virtual network gateway used to send encrypted network traffic between an Azure VNet and an on-premises corporate office location over the public internet. This is a common pattern for establishing hybrid cloud connectivity.
Azure ExpressRoute: A premium connectivity service that creates direct, private physical connections between an enterprise’s on-premises data center and the Microsoft Azure cloud. ExpressRoute connections do not travel over the public internet. This ensures higher security, greater reliability, faster speeds, and ultra-low, predictable latencies.
Azure DNS: A hosting service for DNS domains that provides name resolution using Microsoft Azure’s massive global infrastructure footprint.

Core Azure Storage Services

Azure provides highly durable, scalable, and secure storage options tailored for diverse data types and access patterns.

Azure Blob Storage: An object storage solution optimized for storing massive amounts of unstructured data. Unstructured data is data that does not adhere to a rigid relational database schema, such as video files, image assets, large log files, backups, and data lakes for analytical engines.
Azure Files: A fully managed cloud share service that allows developers to set up network file shares accessible via standard Server Message Block (SMB) or Network File System (NFS) protocols. It allows multiple virtual machines to mount and read/write to a shared file directory simultaneously.
Azure Disk Storage: Block-level storage volumes designed to serve as the local persistent storage drives for Azure Virtual Machines. They are available as solid-state drives (SSDs) or traditional hard disk drives (HDDs), offering performance tiers tailored to application needs.

Storage Tier Optimization

To maximize cost efficiency, Azure Blob Storage offers three distinct data access tiers:

Storage Tier	Target Data Profile	Storage Cost	Access Cost	Minimum Storage Duration
Hot Tier	Frequently accessed, active data sets	Highest	Lowest	Immediate
Cool Tier	Infrequently accessed data (stored for ≥30 days)	Lower	Higher	30 Days
Archive Tier	Rarely accessed, historical long-term data	Lowest	Highest	180 Days

Note: The Archive tier keeps data offline. Retrieving archived data requires a multi-hour “rehydration” process before it can be read.

Core Azure Database Services

Azure provides fully managed relational and non-relational database services that eliminate the overhead of database administration.

Azure SQL Database: A fully managed, evergreen relational database engine built on Microsoft’s SQL Server technology. It handles database scaling, automated daily backups, high availability patching, and database engine updates without causing application downtime.
Azure Cosmos DB: A globally distributed, multi-model NoSQL database service. Cosmos DB supports single-digit millisecond response times at massive scale, features automated elastic scaling, and natively supports open-source APIs for MongoDB, Cassandra, and Gremlin. It is ideal for modern, high-velocity web applications that require global reach.
Azure Database for MySQL / PostgreSQL: Fully managed, community-aligned open-source relational database options running securely within the Azure PaaS ecosystem.

4. Domain 3: Azure Management, Governance, & Security (30–35%)

Deploying cloud infrastructure requires deep administrative control. This final domain focuses on identity verification, security boundaries, cost control, and corporate governance.

Identity, Access, and Directory Services

Identity acts as the primary security perimeter in modern cloud architectures. Managing authentication and authorization is foundational to safeguarding cloud assets.

Microsoft Entra ID (Formerly Azure Active Directory)

The core cloud-based identity and access management service powering Microsoft Azure. It handles user management, group memberships, corporate domain services, and application access. It is important to distinguish its primary functions:

Authentication (AuthN): The technical process of verifying the identity of a user, service principal, or device attempting to log into an environment. It asks the question: “Are you who you say you are?” Examples include validating password strings or verifying a biometric fingerprint.
Authorization (AuthZ): The security process of determining what specific permissions and data resources an authenticated user is allowed to access. It asks the question: “What are you allowed to do?”

Multi-Factor Authentication (MFA)

A security mechanism that requires users to provide two or more distinct verification factors to gain access to Azure resources. This significantly reduces the risk of credential compromise by combining:

Something you know (e.g., a complex password pin).
Something you have (e.g., a hardware token or a physical smartphone generating a mobile notification).
Something you are (e.g., facial recognition profiles or biometric fingerprints).

Conditional Access

An advanced identity engine within Microsoft Entra ID that uses real-time signals to enforce security policies. It evaluates conditions such as the user’s geographical location, the health state of their device, or the specific application being requested. Based on these signals, it can automatically allow access, block access, or force a user to complete an MFA challenge before gaining access.

Role-Based Access Control (RBAC)

The security mechanism used to manage permissions across Azure resources. RBAC adheres strictly to the Principle of Least Privilege, ensuring that users are granted only the minimum access required to complete their jobs. Permissions are assigned by mapping security principals to specific scopes (e.g., Management Group, Subscription, Resource Group, or Resource).

Azure includes standard built-in roles:

Owner: Full access to all resources, including the ability to delegate access permissions to other identities.
Contributor: Can create and manage all types of Azure resources, but cannot delegate access permissions to others.
Reader: Can view existing Azure resources but cannot make modifications or add new components.

Core Azure Security Architecture

To defend workloads against modern cyber threats, Azure employs a multi-layered security model.

Network Security Groups (NSGs)

A network security tool used to filter network traffic travelling to and from Azure resources inside a Virtual Network. An NSG contains a list of customizable security rules that allow or deny traffic based on source/destination IP addresses, communication ports, and network protocols.

Azure Firewall

A managed, cloud-based network security service that protects your Azure Virtual Network resources. Unlike NSGs, Azure Firewall is a fully stateful, highly available firewall service featuring built-in threat intelligence that can filter traffic across multiple subscriptions and virtual networks globally.

Azure DDoS Protection

Protects Azure applications against Distributed Denial-of-Service (DDoS) attacks. It actively monitors application traffic patterns, filtering out malicious volumetric traffic surges before they can exhaust application resources, while ensuring legitimate customer traffic flows without disruption.

Microsoft Defender for Cloud

A comprehensive Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWPP) platform. It continually analyses the security state of your Azure resources, calculates a unified Secure Score that reflects your overall security posture, and provides actionable recommendations to remediate vulnerabilities.

Azure Governance and Compliance Frameworks

As cloud environments grow, maintaining organizational standards and regulatory compliance requires automated governance tools.

Azure Policy: A service used to create, assign, and manage rules that enforce corporate standards across Azure resources. For example, an organization can implement an Azure Policy that blocks developers from creating Virtual Machines outside a specific region or prevents the creation of public-facing database instances.
Resource Locks: Lock mechanisms used by administrators to prevent accidental deletion or modification of critical Azure resources. Resource locks inherit downward through the resource hierarchy and are available in two distinct types:
CanNotDelete: Authorized users can read and modify a resource but cannot delete it.
ReadOnly: Authorized users can read a resource but cannot delete it or modify its configuration.
Service Trust Portal: A public-facing web repository provided by Microsoft that hosts detailed independent compliance audit reports, SOC reports, ISO certifications, and detailed privacy documentation demonstrating how Azure satisfies global regulatory compliance standards.

Strategic Azure Cost Management

Controlling cloud spend is a continuous operational requirement. Azure provides several tools to help estimate, track, and optimize costs.

Total Cost of Ownership (TCO) Calculator

An estimation tool used before migrating physical workloads to Azure. It allows financial analysts to compare the total costs of maintaining an on-premises data centre against the projected costs of running those same workloads on the Azure platform over a multi-year horizon.

Azure Pricing Calculator

An interactive tool used to estimate the real-time configuration costs of specific Azure resources. It allows users to select specific service models, resource sizes, and regions to generate a granular monthly cost estimate before provisioning resources.

Azure Cost Management + Billing

A comprehensive service suite that allows enterprises to track, analyze, and optimize their active cloud spend. It enables administrators to create customized spending alerts, set strict organizational budget caps, and analyze historical spending trends to prevent unexpected billing overages.

Factors Influencing Cloud Costs

Resource Type: The specific hardware profile, storage type, and performance tier selected.
Resource Location: Different regions feature distinct pricing structures based on local real estate, taxes, and power grid costs.
Network Traffic: Data entering an Azure data centre (ingress) is free; data exiting an Azure data centre (egress) incurs a per-gigabyte bandwidth charge.

5. Proven Preparation Strategy: Passing the Exam on Your First Attempt

Achieving success on the Microsoft Azure AZ-900 exam requires a structured study strategy that balances conceptual learning with hands-on practice.

Step-by-Step Study Track

Complete the Official Learning Paths by leveraging the free learning modules on Microsoft Learn. These modules mirror the official exam objectives and provide the conceptual foundation for the test.
Get Hands-on Practice with a Free Account: Create a free Azure account. Building resources yourself helps bridge the gap between theoretical knowledge and practical understanding. Practice navigating the Azure Portal, creating a Virtual Machine, configuring a Resource Group, and setting up an Azure Storage account.
Review Official Exam Guides: Continually check the official Microsoft exam page to review the latest objective changes and ensure your study materials are aligned with the current test blueprint.
Leverage Practice Assessments: Use official practice assessments to familiarise yourself with the question format and pacing. Read the explanations for both correct and incorrect answers carefully to reinforce your understanding.

For a complete, guided video breakdown that walks through every concept covered in this written guide—complete with step-by-step console demonstrations—watch this comprehensive AZ-900 Azure Fundamentals Full Course. This 2.5-hour video tutorial pairs perfectly with our written breakdown to help solidify your understanding.

Frequently Asked Questions (FAQs)

Does the AZ-900 exam require coding or scripting knowledge?

No. The AZ-900 exam evaluates your foundational understanding of cloud concepts and the Azure ecosystem. You will not be asked to write code, configure advanced deployment scripts, or memorize command-line syntax.

What is the difference between MS-900 and AZ-900?

While both are foundational certifications, AZ-900 focuses on core Azure cloud infrastructure, compute services, networking, and governance frameworks. MS-900 is dedicated to Microsoft 365 cloud productivity apps, team collaboration solutions, security, and device management.

How long does the AZ-900 certification remain valid?

Unlike advanced associate or expert-level Microsoft certifications that require annual renewal, the Microsoft Certified: Azure Fundamentals credential does not expire. Once earned, the certification remains valid indefinitely.

What is the passing score for the AZ-900 exam?

You must achieve a minimum scaled score of 700 out of 1,000. The scaling process ensures that exam difficulty remains consistent regardless of the specific question set you receive.

Conclusion.

The AZ-900 Microsoft Azure Fundamentals certification is one of the best starting points for anyone entering the cloud computing industry. Whether you are an IT professional, student, business analyst, developer, or complete beginner, this certification helps you understand the core concepts of Microsoft Azure, cloud architecture, security, governance, networking, storage, and pricing models.

Mohammed Shareef is the creator of Free Tech Web, a growing online resource dedicated to technology education and digital learning. He specializes in writing informative articles about cloud platforms, programming, web technologies, startups, and software solutions. His goal is to make technical subjects easier for beginners, students, and professionals by using clear explanations, practical examples, and research-based content.

For more information you can visit to https://azure.microsoft.com/