πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AZ-900 Domain 3
Domain 3 β€” Module 6 of 8 75%
24 of 26 overall

AZ-900 Study Guide

Domain 1: Describe Cloud Concepts

  • What is Cloud Computing? Free
  • Cloud Models: Public, Private, and Hybrid Free
  • Cloud Pricing: Consumption, Serverless, and Pay-as-You-Go Free
  • High Availability and Scalability Free
  • Reliability, Security, and Manageability Free
  • IaaS, PaaS, and SaaS Explained Free
  • Choosing the Right Cloud Service Free

Domain 2: Describe Azure Architecture and Services

  • Azure Regions, Zones, and Datacenters
  • Resources, Resource Groups, and Subscriptions
  • Azure Virtual Machines
  • Azure Compute: Containers, Functions, and App Service
  • Azure Networking: VNets, Subnets, and Peering
  • Connecting to Azure: VPNs, ExpressRoute, and DNS
  • Azure Storage Services
  • Data Migration: Moving to Azure
  • Microsoft Entra ID: Your Identity Hub
  • Authentication and External Identities
  • Azure Security: RBAC, Zero Trust, and Defender

Domain 3: Describe Azure Management and Governance

  • What Affects Your Azure Bill
  • Pricing Calculators: TCO and Azure Pricing
  • Cost Management and Tags
  • Azure Governance: Purview, Policy, and Locks
  • The Azure Portal and Cloud Shell
  • Infrastructure as Code: ARM, Bicep, and Arc
  • Azure Advisor and Service Health
  • Azure Monitor: Logs, Alerts, and Insights

AZ-900 Study Guide

Domain 1: Describe Cloud Concepts

  • What is Cloud Computing? Free
  • Cloud Models: Public, Private, and Hybrid Free
  • Cloud Pricing: Consumption, Serverless, and Pay-as-You-Go Free
  • High Availability and Scalability Free
  • Reliability, Security, and Manageability Free
  • IaaS, PaaS, and SaaS Explained Free
  • Choosing the Right Cloud Service Free

Domain 2: Describe Azure Architecture and Services

  • Azure Regions, Zones, and Datacenters
  • Resources, Resource Groups, and Subscriptions
  • Azure Virtual Machines
  • Azure Compute: Containers, Functions, and App Service
  • Azure Networking: VNets, Subnets, and Peering
  • Connecting to Azure: VPNs, ExpressRoute, and DNS
  • Azure Storage Services
  • Data Migration: Moving to Azure
  • Microsoft Entra ID: Your Identity Hub
  • Authentication and External Identities
  • Azure Security: RBAC, Zero Trust, and Defender

Domain 3: Describe Azure Management and Governance

  • What Affects Your Azure Bill
  • Pricing Calculators: TCO and Azure Pricing
  • Cost Management and Tags
  • Azure Governance: Purview, Policy, and Locks
  • The Azure Portal and Cloud Shell
  • Infrastructure as Code: ARM, Bicep, and Arc
  • Azure Advisor and Service Health
  • Azure Monitor: Logs, Alerts, and Insights
Domain 3: Describe Azure Management and Governance Premium ⏱ ~11 min read

Infrastructure as Code: ARM, Bicep, and Arc

Define your entire Azure environment in code β€” repeatable, version-controlled, and automated. Plus Azure Arc for managing resources beyond Azure.

Infrastructure as Code β€” why it matters

β˜• Simple explanation

Imagine building IKEA furniture.

You could build it from memory β€” but every time, you’d forget a step and the bookshelf would wobble. Or you could follow the instruction manual β€” identical bookshelf every time.

Infrastructure as Code (IaC) is the instruction manual for your cloud. Instead of clicking through the Azure portal to create resources, you write a file that describes exactly what you want. Then you β€œdeploy” the file, and Azure builds it perfectly β€” every time.

ARM templates and Bicep are Azure’s IaC languages.

Azure Arc extends Azure management to resources running elsewhere β€” on-premises servers, other clouds, or edge locations. One control plane to rule them all.

Infrastructure as Code (IaC) is the practice of managing infrastructure through machine-readable definition files rather than manual configuration. IaC provides consistency (identical deployments every time), version control (track changes in Git), and automation (deploy with a single command).

Azure Resource Manager (ARM) is the deployment and management service for Azure. Every action in Azure β€” whether through the portal, CLI, PowerShell, or API β€” goes through ARM. ARM templates are JSON files that define the resources to deploy.

Bicep is a domain-specific language (DSL) that compiles to ARM templates. It provides a cleaner, more readable syntax while maintaining full ARM template capabilities.

Azure Arc extends Azure governance and management to non-Azure resources β€” on-premises servers, Kubernetes clusters, and resources in other clouds (AWS, GCP).

Azure Resource Manager (ARM)

ARM is the management layer that handles all requests to Azure:

Azure Portal ──→ ARM ──→ Azure Resources
Azure CLI    ──→ ARM ──→ Azure Resources
PowerShell   ──→ ARM ──→ Azure Resources
REST API     ──→ ARM ──→ Azure Resources
ARM Template ──→ ARM ──→ Azure Resources

No matter how you interact with Azure, ARM processes the request. This ensures:

  • Consistent behaviour across all tools
  • Access control (RBAC is enforced at the ARM layer)
  • Tagging and resource organisation
  • Dependency management between resources

ARM templates and Bicep

ARM templates (JSON)

ARM templates are JSON files that define your infrastructure:

BenefitDescription
DeclarativeYou describe WHAT you want, not HOW to create it
RepeatableDeploy the same template in dev, test, and production
IdempotentDeploy the same template twice = no duplicate resources
Version controlledStore in Git, track changes, review before deploying
OrchestratedARM handles dependencies (create the VNet before the VM)

Bicep β€” cleaner IaC

Bicep is a simpler language that compiles to ARM template JSON. Think of Bicep as the human-friendly version of ARM templates:

AspectARM Template (JSON)Bicep
SyntaxVerbose JSONClean, concise
Learning curveSteeperEasier
File extension.json.bicep
CapabilitiesFull Azure supportSame (compiles to JSON)

Exam scope: AZ-900 tests whether you understand the PURPOSE and benefits of IaC, ARM, and Bicep β€” not the syntax details. Know that Bicep is simpler than JSON ARM templates but produces the same results.

ℹ️ Declarative vs imperative

IaC can be declarative or imperative:

  • Declarative (ARM templates, Bicep, Terraform): β€œI want 2 VMs, a VNet, and a database.” The tool figures out how to create them.
  • Imperative (CLI scripts, PowerShell): β€œStep 1: Create VNet. Step 2: Create VM-1. Step 3: Create VM-2. Step 4: Create database.”

ARM templates and Bicep are declarative β€” you define the desired state, and Azure makes it happen.

Azure Arc β€” manage beyond Azure

Azure Arc extends Azure management to resources outside Azure:

What It ManagesWhere It RunsExample
Arc-enabled serversOn-premises, AWS, GCPApply Azure Policy to an on-prem Windows server
Arc-enabled KubernetesAny Kubernetes clusterManage an on-prem K8s cluster from Azure portal
Arc-enabled data servicesOn-premises, edgeRun Azure SQL Managed Instance on your own hardware

Why Arc matters:

  • Single control plane β€” manage Azure and non-Azure resources from the Azure portal
  • Consistent governance β€” apply Azure Policy to servers running anywhere
  • Unified monitoring β€” use Azure Monitor for on-prem and cloud resources

Summit Construction uses Azure Arc to manage the Windows servers still running in their office. From the Azure portal, they can view health, apply policies, and monitor performance β€” even though those servers aren’t in Azure.

πŸ’‘ Exam tip: Azure Arc scenarios

If a question mentions managing resources in multiple clouds or on-premises through Azure, the answer is Azure Arc. Key phrases:

  • β€œManage on-premises servers from Azure”
  • β€œApply Azure Policy to non-Azure resources”
  • β€œSingle management plane across hybrid environments”

🎬 Video walkthrough

🎬 Video coming soon

Infrastructure as Code β€” AZ-900

Infrastructure as Code β€” AZ-900

~9 min

Flashcards

Question

What is Infrastructure as Code (IaC)?

Click or press Enter to reveal answer

Answer

Managing infrastructure through machine-readable files instead of manual configuration. Benefits: consistency, repeatability, version control, and automation. ARM templates and Bicep are Azure's IaC tools.

Click to flip back
Question

What is Azure Resource Manager (ARM)?

Click or press Enter to reveal answer

Answer

The management layer that processes ALL Azure requests β€” whether from the portal, CLI, PowerShell, API, or templates. ARM enforces RBAC, manages dependencies, and ensures consistent behaviour.

Click to flip back
Question

How does Bicep relate to ARM templates?

Click or press Enter to reveal answer

Answer

Bicep is a simpler, cleaner language that COMPILES to ARM template JSON. Same capabilities, easier syntax. Bicep files (.bicep) are converted to ARM templates (.json) before deployment.

Click to flip back
Question

What is Azure Arc?

Click or press Enter to reveal answer

Answer

Extends Azure management and governance to non-Azure resources β€” on-premises servers, Kubernetes clusters, and multi-cloud resources. Provides a single control plane in the Azure portal.

Click to flip back

Knowledge Check

Knowledge Check

Summit Construction wants to deploy identical environments for each new project β€” same VMs, networking, and database every time. What approach ensures consistency?
Knowledge Check

Harbour Health has servers in Azure AND in their on-premises datacenter. They want to manage both from a single Azure portal experience. Which service enables this?

Next up: Azure Advisor and Service Health β€” your cloud consultant and health dashboard.

← Previous

The Azure Portal and Cloud Shell

Next β†’

Azure Advisor and Service Health

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.