AZ-900 Objective 2.4: Describe Azure Identity, Access, and Security

31 min readMicrosoft Azure Fundamentals

AZ-900 Exam Focus: This objective covers Azure's comprehensive identity, access, and security services that form the foundation of secure cloud operations. You need to understand Microsoft Entra ID, authentication methods, external identities, conditional access, role-based access control, Zero Trust principles, defense-in-depth, and Microsoft Defender for Cloud. This knowledge is essential for implementing secure Azure solutions and understanding modern security architectures.

Understanding Azure Identity, Access, and Security

Azure's identity, access, and security services provide a comprehensive framework for protecting cloud resources, managing user identities, and implementing security controls that adapt to modern threats and compliance requirements. These services work together to create a secure foundation for cloud operations, enabling organizations to implement robust security postures while maintaining user productivity and operational efficiency. Understanding these services is crucial for designing secure Azure architectures and implementing effective security governance.

The Azure security model is built on the principles of Zero Trust and defense-in-depth, providing multiple layers of security controls that work together to protect against various types of threats. These services integrate seamlessly with other Azure services and provide centralized management capabilities that simplify security administration while ensuring consistent security policies across the entire cloud environment. The comprehensive nature of Azure's security services enables organizations to implement enterprise-grade security controls that meet regulatory requirements and industry best practices.

Directory Services in Azure

Microsoft Entra ID (Azure Active Directory)

Microsoft Entra ID is a comprehensive identity and access management service that provides secure authentication and authorization for users, applications, and devices across cloud and on-premises environments. Entra ID serves as the foundation for identity management in Azure, enabling organizations to manage user identities, control access to resources, and implement security policies that protect against unauthorized access. The service provides single sign-on capabilities, multi-factor authentication, and integration with thousands of cloud applications and services.

Entra ID offers several key capabilities including user and group management, application registration and management, device registration and management, and comprehensive security monitoring and reporting. The service supports various authentication methods including password-based authentication, multi-factor authentication, and passwordless authentication options such as Windows Hello, FIDO2 security keys, and Microsoft Authenticator app. Entra ID also provides advanced security features including risk-based conditional access, identity protection, and privileged identity management for administrative accounts.

Microsoft Entra Domain Services

Microsoft Entra Domain Services provides managed domain services that enable organizations to use traditional Active Directory features in the cloud without the need to manage domain controllers. Domain Services creates a managed domain that is compatible with Windows Server Active Directory, enabling applications and services that require domain-joined machines to work seamlessly in Azure. This service eliminates the need to deploy and manage domain controllers while providing the directory services functionality that many applications require.

Domain Services provides several benefits including automatic patching and updates, high availability through redundant domain controllers, and seamless integration with on-premises Active Directory environments. The service supports common Active Directory features including domain join, group policy, LDAP, and Kerberos authentication, making it compatible with existing applications and infrastructure. Domain Services is particularly valuable for organizations migrating legacy applications to the cloud that require traditional Active Directory functionality.

Directory Services Integration

Key Features of Azure Directory Services:

  • Unified identity management: Entra ID provides a single identity platform that manages users, groups, and applications across cloud and on-premises environments. This unified approach simplifies identity management and provides consistent security policies across all systems and applications.
  • Hybrid identity support: Both Entra ID and Domain Services support hybrid scenarios where organizations maintain both cloud and on-premises identity systems. This hybrid approach enables gradual migration to cloud-based identity management while maintaining compatibility with existing systems.
  • Application integration: Directory services provide comprehensive application integration capabilities including single sign-on, user provisioning, and API access management. These capabilities enable organizations to securely integrate cloud and on-premises applications with centralized identity management.
  • Security and compliance: Directory services provide built-in security features including encryption, audit logging, and compliance reporting that help organizations meet regulatory requirements and security best practices. These features ensure that identity data is protected and access is properly monitored and controlled.
  • Scalability and performance: Both services are designed to scale automatically to meet organizational needs and provide high availability and performance for identity operations. This scalability ensures that identity services can support growing organizations and increasing numbers of users and applications.

Authentication Methods in Azure

Single Sign-On (SSO)

Single Sign-On (SSO) enables users to access multiple applications and services with a single set of credentials, eliminating the need to remember and manage multiple passwords. SSO improves user experience by reducing password fatigue and simplifies security management by centralizing authentication in a single identity provider. Azure Entra ID provides comprehensive SSO capabilities that work with thousands of cloud applications and can be extended to on-premises applications through various integration methods.

SSO in Azure supports multiple protocols including SAML, OpenID Connect, and OAuth 2.0, enabling integration with a wide variety of applications and services. The service provides automatic user provisioning and deprovisioning capabilities that ensure user access is properly managed throughout the user lifecycle. SSO also supports just-in-time provisioning, enabling users to access applications immediately while maintaining security controls and approval workflows.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) adds an additional layer of security by requiring users to provide two or more verification factors when accessing resources, significantly reducing the risk of unauthorized access even if passwords are compromised. Azure MFA supports various authentication methods including phone calls, text messages, mobile app notifications, and hardware tokens, providing flexibility to meet different user preferences and security requirements. MFA can be enforced for all users or selectively applied based on risk assessments and conditional access policies.

Azure MFA provides several advantages including protection against password-based attacks, compliance with regulatory requirements, and seamless integration with existing applications and workflows. The service supports adaptive authentication that can adjust security requirements based on user behavior, device trust, and risk assessments. MFA also provides detailed reporting and monitoring capabilities that help organizations track authentication events and identify potential security issues.

Passwordless Authentication

Passwordless authentication eliminates the need for traditional passwords by using alternative authentication methods such as biometrics, security keys, or mobile device authentication. This approach improves security by removing the primary attack vector of password-based attacks while enhancing user experience by eliminating password management overhead. Azure supports various passwordless authentication methods including Windows Hello for Business, FIDO2 security keys, and Microsoft Authenticator app-based authentication.

Passwordless authentication in Azure provides several benefits including improved security posture, reduced help desk costs related to password resets, and enhanced user experience. The service supports gradual migration from password-based to passwordless authentication, enabling organizations to implement passwordless authentication at their own pace. Passwordless authentication also integrates with conditional access policies, enabling organizations to require passwordless authentication for high-risk scenarios while maintaining flexibility for other use cases.

Authentication Method Comparison

Azure Authentication Methods:

MethodSecurity LevelUser ExperienceUse Case
PasswordBasicFamiliarLegacy applications
MFAHighModerateSensitive resources
PasswordlessVery HighExcellentModern applications
SSOVariableExcellentMultiple applications

External Identities in Azure

Business-to-Business (B2B)

Azure Entra B2B enables organizations to securely collaborate with external users such as partners, suppliers, and contractors by allowing them to use their own organizational credentials to access shared resources. B2B eliminates the need to create separate accounts for external users while maintaining security controls and audit capabilities. This approach simplifies collaboration while ensuring that external users can only access the resources they need and that their access can be properly monitored and controlled.

B2B provides several advantages including reduced administrative overhead, improved security through centralized access management, and seamless user experience for external collaborators. The service supports various authentication methods for external users and provides comprehensive audit logging and access controls. B2B also supports guest user management features including invitation workflows, access reviews, and automatic access expiration policies that help organizations maintain proper access governance.

Business-to-Customer (B2C)

Azure Entra B2C provides a comprehensive identity and access management service for customer-facing applications, enabling organizations to manage customer identities and provide secure access to applications and services. B2C supports various customer authentication scenarios including social identity providers, local accounts, and custom authentication flows. The service provides a white-label experience that allows organizations to customize the authentication experience to match their brand and user experience requirements.

B2C offers several benefits including scalable customer identity management, support for millions of customer identities, and comprehensive customization capabilities. The service provides built-in security features including fraud protection, risk assessment, and compliance capabilities that help organizations protect customer data and meet regulatory requirements. B2C also supports various integration scenarios including mobile applications, web applications, and API access, making it suitable for diverse customer-facing scenarios.

External Identity Management

⚠️ Best Practices for External Identities:

  • Access governance: Implement comprehensive access governance policies for external users including regular access reviews, automatic access expiration, and approval workflows. This governance ensures that external access remains appropriate and is properly monitored.
  • Security policies: Apply appropriate security policies to external users including conditional access policies, multi-factor authentication requirements, and device compliance policies. These policies help ensure that external access meets organizational security standards.
  • Audit and monitoring: Implement comprehensive audit logging and monitoring for external user access to detect suspicious activities and ensure compliance with security policies. This monitoring helps identify potential security issues and provides evidence for compliance audits.
  • Data protection: Implement appropriate data protection measures for external users including data loss prevention policies, encryption requirements, and access controls. These measures help protect sensitive data when accessed by external users.
  • User experience: Balance security requirements with user experience to ensure that external users can effectively collaborate while maintaining appropriate security controls. This balance helps maintain productive relationships while protecting organizational resources.

Microsoft Entra Conditional Access

Understanding Conditional Access

Microsoft Entra Conditional Access is a security feature that enables organizations to implement automated access control decisions based on user, device, location, and application context. Conditional Access policies evaluate multiple signals to determine whether users should be granted access to resources, providing dynamic security controls that adapt to changing risk conditions. This approach enables organizations to implement security policies that balance security requirements with user productivity by applying appropriate controls based on the specific context of each access request.

Conditional Access provides several key capabilities including risk-based access control, device compliance checking, location-based access restrictions, and application-specific security policies. The service integrates with various Microsoft and third-party security solutions to provide comprehensive risk assessment and response capabilities. Conditional Access policies can be configured to require additional authentication factors, restrict access from certain locations or devices, or block access entirely based on risk assessments and compliance status.

Conditional Access Policy Components

Key Components of Conditional Access Policies:

  • Assignments: Define who the policy applies to (users, groups, roles) and what resources are covered (applications, actions, authentication context). Assignments provide the foundation for policy scope and ensure that policies are applied to the appropriate users and resources.
  • Access controls: Specify what actions should be taken when policy conditions are met, including granting access, requiring additional authentication, or blocking access. Access controls provide the enforcement mechanism for security policies and enable organizations to implement appropriate responses to different risk scenarios.
  • Conditions: Define the circumstances under which the policy should be applied, including user risk, device compliance, location, and application context. Conditions enable organizations to implement context-aware security policies that adapt to different risk scenarios and user contexts.
  • Session controls: Configure session-level controls including app-enforced restrictions, persistent browser sessions, and sign-in frequency requirements. Session controls provide additional security measures that apply after initial authentication and help maintain security throughout the user session.
  • Policy evaluation: Determine how policies are evaluated and enforced, including policy precedence, conflict resolution, and reporting capabilities. Policy evaluation ensures that security policies work together effectively and provide consistent security enforcement across the organization.

Azure Role-Based Access Control (RBAC)

Understanding RBAC

Azure Role-Based Access Control (RBAC) provides fine-grained access management for Azure resources by enabling organizations to assign permissions to users, groups, and applications based on their roles and responsibilities. RBAC follows the principle of least privilege, ensuring that users have only the minimum permissions necessary to perform their job functions. This approach simplifies access management while improving security by reducing the risk of unauthorized access and privilege escalation.

RBAC provides several key benefits including centralized access management, consistent permission assignment, and comprehensive audit capabilities. The service supports both built-in roles that cover common scenarios and custom roles that can be tailored to specific organizational requirements. RBAC integrates with Azure Resource Manager to provide consistent access control across all Azure resources and services, enabling organizations to implement unified security policies across their entire cloud environment.

RBAC Components

Key Components of Azure RBAC:

  • Security principal: The entity that needs access to Azure resources, including users, groups, service principals, and managed identities. Security principals represent the "who" in access control and can be assigned roles to grant permissions to Azure resources.
  • Role definition: A collection of permissions that define what actions can be performed on Azure resources. Role definitions specify the "what" in access control and can include read, write, delete, and other specific permissions for different resource types.
  • Scope: The set of resources that the access assignment applies to, including management groups, subscriptions, resource groups, or individual resources. Scope defines the "where" in access control and determines which resources are affected by the role assignment.
  • Role assignment: The process of attaching a role definition to a security principal at a specific scope, creating the actual access control policy. Role assignments represent the "how" in access control and determine what permissions a security principal has for specific resources.
  • Built-in roles: Predefined roles that cover common scenarios including Owner, Contributor, Reader, and User Access Administrator. Built-in roles provide a starting point for access control and can be customized or extended as needed for specific organizational requirements.

RBAC Best Practices

⚠️ RBAC Implementation Best Practices:

  • Use groups for role assignments: Assign roles to groups rather than individual users to simplify management and ensure consistent access control. This approach makes it easier to manage access as users join and leave the organization.
  • Follow the principle of least privilege: Grant users only the minimum permissions necessary to perform their job functions. This approach reduces the risk of unauthorized access and limits the potential impact of security breaches.
  • Use custom roles when needed: Create custom roles when built-in roles don't meet specific requirements, but avoid creating too many custom roles as this can complicate management. Custom roles should be well-documented and regularly reviewed.
  • Regular access reviews: Conduct regular reviews of role assignments to ensure that access remains appropriate and that users have the correct permissions for their current roles. This process helps maintain security and compliance.
  • Monitor and audit access: Implement comprehensive monitoring and audit logging for role assignments and access to detect suspicious activities and ensure compliance with security policies. This monitoring helps identify potential security issues and provides evidence for compliance audits.

The Concept of Zero Trust

Understanding Zero Trust

Zero Trust is a security model that assumes no implicit trust for any user, device, or network connection, regardless of whether they are inside or outside the organization's network perimeter. This approach requires continuous verification of identity, device compliance, and access context before granting access to resources. Zero Trust principles help organizations protect against modern threats by implementing security controls that adapt to changing risk conditions and user contexts.

Zero Trust is built on several key principles including verify explicitly, use least privilege access, and assume breach. These principles guide the implementation of security controls that continuously validate access requests and minimize the potential impact of security breaches. Zero Trust requires organizations to implement comprehensive security monitoring, identity verification, and access controls that work together to provide robust protection against various types of threats.

Zero Trust Implementation

Key Components of Zero Trust Architecture:

  • Identity verification: Implement strong identity verification including multi-factor authentication, device compliance checking, and risk-based authentication. Identity verification ensures that only authorized users can access resources and that their identity is continuously validated.
  • Device compliance: Ensure that devices meet security requirements including encryption, patch levels, and security software installation. Device compliance checking helps ensure that only secure devices can access organizational resources.
  • Network segmentation: Implement network segmentation and micro-segmentation to limit the scope of potential security breaches. Network segmentation helps contain threats and prevents lateral movement within the network.
  • Continuous monitoring: Implement comprehensive monitoring and analytics to detect suspicious activities and respond to security threats in real-time. Continuous monitoring provides visibility into security events and enables rapid response to threats.
  • Data protection: Implement data protection measures including encryption, data loss prevention, and access controls to protect sensitive information. Data protection ensures that sensitive data remains secure even if other security controls are compromised.

The Defense-in-Depth Model

Understanding Defense-in-Depth

Defense-in-depth is a security strategy that implements multiple layers of security controls to protect against various types of threats and provide redundancy in case individual security controls fail. This approach recognizes that no single security control can provide complete protection and that multiple layers of defense are necessary to create a robust security posture. Defense-in-depth helps organizations protect against a wide range of threats while providing resilience against security control failures.

Defense-in-depth typically includes multiple security layers including physical security, network security, application security, data security, and identity and access management. Each layer provides different types of protection and works together with other layers to create a comprehensive security framework. This approach ensures that even if one security layer is compromised, other layers continue to provide protection and limit the potential impact of security breaches.

Defense-in-Depth Layers

Key Layers of Defense-in-Depth:

  • Physical security: Protect physical infrastructure including data centers, servers, and network equipment from unauthorized access and environmental threats. Physical security provides the foundation for all other security layers and ensures that infrastructure is protected from physical threats.
  • Network security: Implement network-level security controls including firewalls, intrusion detection systems, and network segmentation to protect against network-based attacks. Network security helps prevent unauthorized access to network resources and detects suspicious network activities.
  • Application security: Implement application-level security controls including secure coding practices, vulnerability management, and application firewalls to protect against application-based attacks. Application security helps ensure that applications are secure and resistant to common attack vectors.
  • Data security: Implement data protection measures including encryption, access controls, and data loss prevention to protect sensitive information. Data security ensures that sensitive data remains protected even if other security controls are compromised.
  • Identity and access management: Implement identity verification, access controls, and monitoring to ensure that only authorized users can access resources. Identity and access management provides the foundation for controlling who can access what resources and when.

Microsoft Defender for Cloud

Understanding Microsoft Defender for Cloud

Microsoft Defender for Cloud is a comprehensive cloud security platform that provides unified security management and advanced threat protection for Azure and hybrid cloud environments. The service provides continuous security assessment, threat detection, and security recommendations that help organizations improve their security posture and protect against various types of threats. Defender for Cloud integrates with various Azure services and third-party security solutions to provide comprehensive security coverage across the entire cloud environment.

Defender for Cloud offers several key capabilities including security posture management, threat protection, compliance management, and security orchestration and response. The service provides automated security assessments that identify security vulnerabilities and provide actionable recommendations for remediation. Defender for Cloud also provides advanced threat detection capabilities that use machine learning and behavioral analytics to identify suspicious activities and potential security threats.

Defender for Cloud Capabilities

Key Features of Microsoft Defender for Cloud:

  • Security posture management: Provide continuous security assessment and recommendations to help organizations improve their security posture. This capability identifies security vulnerabilities and provides actionable guidance for remediation.
  • Threat protection: Detect and respond to security threats using advanced analytics and machine learning. This capability provides real-time threat detection and automated response capabilities to help organizations quickly respond to security incidents.
  • Compliance management: Help organizations meet regulatory requirements and industry standards through compliance assessments and reporting. This capability provides visibility into compliance status and helps organizations maintain compliance with various regulations.
  • Security orchestration: Integrate with various security tools and services to provide unified security management and automated response capabilities. This capability helps organizations coordinate security activities and respond more effectively to security threats.
  • Cloud workload protection: Provide specialized protection for various cloud workloads including virtual machines, containers, and serverless applications. This capability ensures that different types of cloud workloads receive appropriate security protection.

Real-World Implementation Scenarios

Scenario 1: Enterprise Security Implementation

Situation: A large enterprise needs to implement comprehensive security controls for their Azure environment with strict compliance requirements.

Solution: Implement Microsoft Entra ID with MFA and conditional access policies, use RBAC for fine-grained access control, deploy Microsoft Defender for Cloud for threat protection, and implement defense-in-depth with multiple security layers including network segmentation and data encryption.

Scenario 2: Partner Collaboration

Situation: A company needs to collaborate with external partners while maintaining security and access control.

Solution: Use Azure Entra B2B to enable partner access with their own credentials, implement conditional access policies for external users, use RBAC to limit partner access to specific resources, and implement comprehensive audit logging for partner activities.

Scenario 3: Customer-Facing Application

Situation: A company needs to provide secure access to customer-facing applications with millions of users.

Solution: Use Azure Entra B2C for customer identity management, implement passwordless authentication for improved user experience, use conditional access for risk-based security controls, and implement Microsoft Defender for Cloud for application security monitoring.

Scenario 4: Zero Trust Implementation

Situation: An organization wants to implement Zero Trust security principles across their Azure environment.

Solution: Implement comprehensive identity verification with MFA and passwordless authentication, use conditional access for context-aware security controls, implement network segmentation and micro-segmentation, and use Microsoft Defender for Cloud for continuous monitoring and threat detection.

Best Practices for Azure Security

Identity and Access Management

  • Implement strong authentication: Use multi-factor authentication and passwordless authentication to improve security and user experience
  • Use conditional access: Implement risk-based access controls that adapt to changing security conditions
  • Follow least privilege: Grant users only the minimum permissions necessary for their job functions
  • Regular access reviews: Conduct regular reviews of user access and permissions to ensure they remain appropriate
  • Monitor and audit: Implement comprehensive monitoring and audit logging for all identity and access activities

Security Architecture

  • Implement defense-in-depth: Use multiple layers of security controls to provide comprehensive protection
  • Adopt Zero Trust principles: Implement security controls that continuously verify access and assume no implicit trust
  • Use Microsoft Defender for Cloud: Implement comprehensive security monitoring and threat protection
  • Regular security assessments: Conduct regular security assessments and vulnerability scans
  • Incident response planning: Develop and test incident response procedures for security breaches

Exam Preparation Tips

Key Concepts to Remember

  • Directory services: Understand the differences between Microsoft Entra ID and Domain Services
  • Authentication methods: Know the characteristics and use cases for SSO, MFA, and passwordless authentication
  • External identities: Understand when to use B2B vs. B2C for different scenarios
  • Conditional access: Know how conditional access policies work and when to use them
  • RBAC: Understand how role-based access control works and best practices for implementation
  • Zero Trust and defense-in-depth: Know the principles and implementation approaches for these security models
  • Microsoft Defender for Cloud: Understand the capabilities and use cases for this security platform

Practice Questions

Sample Exam Questions:

  1. What is the primary difference between Microsoft Entra ID and Microsoft Entra Domain Services?
  2. Which authentication method provides the highest level of security while improving user experience?
  3. When would you use Azure Entra B2B vs. B2C for external user management?
  4. What is the primary purpose of Azure Conditional Access policies?
  5. What are the key principles of the Zero Trust security model?
  6. How does defense-in-depth improve security compared to single-layer security approaches?
  7. What are the main capabilities of Microsoft Defender for Cloud?

AZ-900 Success Tip: Understanding Azure identity, access, and security services is essential for the AZ-900 exam and your Azure career. Focus on learning how these services work together to provide comprehensive security, understanding the differences between various authentication methods, and knowing when to use different security approaches. Practice identifying which security services would be most appropriate for different scenarios, and understand how modern security principles like Zero Trust and defense-in-depth apply to Azure environments. This knowledge will help you design secure Azure solutions and serve you well throughout your Azure learning journey.

Practice Lab: Exploring Azure Identity and Security

Lab Objective

This hands-on lab is designed for AZ-900 exam candidates to explore Azure identity, access, and security services. You'll examine Microsoft Entra ID features, configure authentication methods, explore RBAC, and understand security concepts to gain practical experience with Azure's security capabilities.

Lab Setup and Prerequisites

For this lab, you'll need a free Azure account (which provides $200 in credits for new users) and a web browser. No prior Azure experience is required, as we'll focus on understanding security concepts rather than complex configurations. The lab is designed to be completed in approximately 2-3 hours and provides hands-on experience with the key security services covered in the AZ-900 exam.

Lab Activities

Activity 1: Explore Microsoft Entra ID

  • Examine Entra ID features: Navigate through Microsoft Entra ID to understand user management, group management, and application registration capabilities. Explore the different features and understand how they work together for identity management.
  • Configure authentication methods: Set up different authentication methods including password policies, MFA settings, and passwordless authentication options. Understand how these methods provide different levels of security and user experience.
  • Explore security features: Examine security features including risk-based conditional access, identity protection, and audit logging. Understand how these features help protect against security threats.

Activity 2: Configure RBAC and Access Control

  • Examine built-in roles: Explore Azure RBAC built-in roles and understand the permissions associated with different roles. Practice assigning roles to users and groups to understand how access control works.
  • Create custom roles: Create custom roles with specific permissions to understand how role definitions work. Practice assigning custom roles to understand the flexibility of RBAC.
  • Test access control: Test access control by attempting to access resources with different role assignments. Understand how RBAC controls access to Azure resources.

Activity 3: Explore Conditional Access

  • Examine conditional access policies: Explore conditional access policy components including assignments, access controls, and conditions. Understand how these components work together to provide dynamic access control.
  • Configure test policies: Create simple conditional access policies to understand how they work. Practice configuring different conditions and access controls to understand policy behavior.
  • Test policy enforcement: Test conditional access policies by attempting to access resources under different conditions. Understand how policies adapt to different risk scenarios.

Activity 4: Explore Security Monitoring

  • Examine Microsoft Defender for Cloud: Explore Microsoft Defender for Cloud features including security posture management, threat protection, and compliance management. Understand how these features provide comprehensive security monitoring.
  • Review security recommendations: Examine security recommendations and understand how they help improve security posture. Practice implementing simple security recommendations.
  • Explore audit logs: Examine audit logs and security reports to understand how security activities are monitored and tracked. Understand the importance of security monitoring and compliance.

Lab Outcomes and Learning Objectives

Upon completing this lab, you should be able to explain how Azure identity and security services work together to provide comprehensive security, understand the differences between various authentication methods, and identify appropriate security approaches for different scenarios. You'll have hands-on experience with Microsoft Entra ID, RBAC, conditional access, and security monitoring. This practical experience will help you understand the real-world applications of Azure identity and security services covered in the AZ-900 exam.

Cleanup and Cost Management

After completing the lab activities, be sure to delete all created resources to avoid unexpected charges. The lab is designed to use minimal resources, but proper cleanup is essential when working with cloud services. Use Azure Cost Management tools to monitor spending and ensure you stay within your free tier limits.

Previous: Objective 2.3 Describe Azure Storage Services

Next: Objective 3.1 Describe Cost Management Azure