Azure

Azure Zero-to-Hero

A five-tier mastery path — Foundation to Specialist — covering every Azure domain, every core certification, and real job, troubleshooting and architecting skills.

Foundation → Intermediate → Advanced → Expert → Specialist ~250 hours 137 of 137 lessons ready AZ-900 · AI-900 · DP-900 · AZ-104 · AZ-204 · AZ-500 · AZ-700 · AZ-305 · AZ-400 · AI-102 · DP-203 · AZ-140 · SC-100
Start the course

A complete, job-oriented path through Microsoft Azure: fundamentals, identity, networking, compute, data, security, governance, enterprise landing zones, operations, automation, and resilience — built from production-grade lessons and capped with a real-world capstone.

What you’ll be able to do

  • Navigate Azure confidently — subscriptions, regions, resource groups, portal, CLI and Cloud Shell
  • Design identity and access with Microsoft Entra ID, RBAC, Conditional Access and PIM
  • Build secure hub-and-spoke networks with firewalls, private endpoints and global traffic management
  • Run compute and data services — App Service, Functions, Container Apps, SQL, Cosmos DB, PostgreSQL
  • Govern an enterprise estate with the Cloud Adoption Framework, landing zones and Policy-as-Code
  • Operate in production — monitoring, backup, DR, patching, cost engineering and resilience testing
  • Be interview- and certification-ready, and able to deliver a real Azure landing zone end to end

Prerequisites

  • Basic IT literacy (files, networks, a terminal) — no prior cloud experience required
  • A free Azure account for the hands-on labs (free tier / trial credit is enough)

Who it’s for

Career-changers and developers new to the cloud, sysadmins moving to Azure, and engineers preparing for AZ-104/AZ-305 or real Azure delivery work.

Curriculum

Tier 1 · Foundation — Cloud & Azure Basics (AZ-900)

Begin at zero: what the cloud is, how Azure is organised, the global backbone, the tooling, and cloud economics.

  1. 1 Cloud Computing Fundamentals: IaaS, PaaS, SaaS & the Shared-Responsibility Model Junior 12 min read
  2. 2 What Is Azure? Accounts, Subscriptions, Regions & Resource Groups Junior 14 min read
  3. 3 Azure Global Infrastructure: Geographies, Regions, Availability Zones, Availability Sets, Fault & Update Domains Junior 16 min read
  4. 4 Working with Azure: Portal, CLI, PowerShell & Cloud Shell Junior 14 min read
  5. 5 Azure Cloud Economics: Pricing, TCO, SLAs, Service Lifecycle & Support Junior 21 min read
  6. 6 A Simple Serverless API on Azure for Beginners Junior 17 min read

Tier 1 · Foundation — Identity & Security Basics (AZ-900)

Who you are and how you sign in — the first thing every Azure workload depends on.

  1. 7 Microsoft Entra ID Fundamentals: Tenants, Users, Groups & RBAC Junior 16 min read
  2. 8 Authentication in Azure: SSO, MFA, Passwordless & Conditional Access Intermediate 15 min read

Tier 1 · Foundation — AI Fundamentals (AI-900)

Artificial intelligence from scratch: ML, the Azure AI services, generative AI, and Responsible AI.

  1. 9 AI-900: AI & Machine Learning Fundamentals on Azure (incl. Responsible AI) Junior 22 min read
  2. 10 AI-900: Azure AI Services — Vision, Language, Speech, Document Intelligence & Search Junior 16 min read
  3. 11 AI-900: Generative AI & Azure OpenAI Fundamentals Junior 18 min read

Tier 1 · Foundation — Data Fundamentals (DP-900)

Data from scratch: core concepts, relational data, non-relational data and analytics on Azure.

  1. 12 DP-900: Core Data Concepts, Roles & Workloads Junior 16 min read
  2. 13 DP-900: Relational Data on Azure Junior 16 min read
  3. 14 DP-900: Non-Relational Data & Analytics on Azure Junior 18 min read

Tier 2 · Intermediate — Identity & Access Administration (AZ-104)

Administer identity day to day: RBAC at scale, privileged access, and Conditional Access.

  1. 15 Microsoft Entra ID & Governance Admin Deep Dive: Users, Groups, RBAC, Policy, Locks & Tags Intermediate 34 min read
  2. 16 Just-in-Time Azure Resource Access: PIM for Azure Roles, Groups, and Approval Workflows Advanced 15 min read
  3. 17 Stopping Token Theft: Conditional Access Token Protection and Authentication Context Expert 16 min read

Tier 2 · Intermediate — Core Networking (AZ-104)

The networking an administrator runs every day: VNets, egress, secure access, and load balancing.

  1. 18 Azure Virtual Network Basics: Subnets, NSGs, and Peering Junior 16 min read
  2. 19 Deterministic Outbound with Azure NAT Gateway: Fixing SNAT Port Exhaustion Intermediate 13 min read
  3. 20 Azure Bastion Deep Dive: Native Client Tunneling, Shareable Links, and Just-in-Time Secure Access Intermediate 15 min read
  4. 21 Azure Load Balancing Deep Dive: Load Balancer, App Gateway, Front Door & Traffic Manager Intermediate 34 min read

Tier 2 · Intermediate — Compute (AZ-104)

Run and resize compute: virtual machines, availability, disks, and App Service.

  1. 22 Azure Virtual Machines Deep Dive: Every Creation & Post-Creation Setting Intermediate 30 min read
  2. 23 Azure VM Resilience: Availability Sets (Fault & Update Domains), Availability Zones & Scale Sets Intermediate 26 min read
  3. 24 Azure Managed Disks Deep Dive: Every Disk Type, Caching, Encryption & Performance Intermediate 24 min read
  4. 25 Azure App Service Deep Dive: Plans, Scaling, Slots, TLS, Custom Domains & Networking Intermediate 34 min read

Tier 2 · Intermediate — Storage (AZ-104)

Store data durably: storage accounts, blob lifecycle, and file shares.

  1. 26 Azure Storage Accounts Deep Dive: Every Option (Redundancy, Tiers, SAS, Encryption, Lifecycle) Intermediate 32 min read
  2. 27 Blob Storage Data Protection: Lifecycle Tiering, Immutability, and Recovery Intermediate 15 min read
  3. 28 Azure Files and Azure NetApp Files: Identity-Based SMB, AD/Kerberos Auth, Snapshots, and Hybrid Sync Advanced 17 min read

Tier 2 · Intermediate — Monitoring & Management (AZ-104)

Keep the estate healthy: Azure Monitor, service health, and patch management.

  1. 29 Azure Monitor Deep Dive: Metrics, Logs (KQL), Alerts, Action Groups & Insights Intermediate 34 min read
  2. 30 Azure Service Health, Advisor & Resource Graph Intermediate 13 min read
  3. 31 Azure Update Manager: Maintenance Configurations, Scheduled Patching, and Hybrid Coverage with Arc Intermediate 16 min read

Tier 2 · Intermediate — Backup & Recovery (AZ-104)

Protect data: Azure Backup and immutable, multi-user-authorised recovery.

  1. 32 Azure Backup & Site Recovery Deep Dive: Vaults, Policies, Restore & DR Failover Intermediate 32 min read
  2. 33 Azure Backup Hardening: Immutable Vaults, Multi-User Authorization, Soft Delete, and Cross-Region Restore Advanced 16 min read

Tier 2 · Intermediate — Governance & Cost (AZ-104)

Organise and control spend: resource organisation, Policy-as-Code, FinOps and reservations.

  1. 34 Azure Landing Zone: Resource Organization — Management Groups, Subscription Strategy, Naming & Resource Group Structure Advanced 26 min read
  2. 35 Azure Policy as Code: A Git-Driven Governance Pipeline Advanced 15 min read
  3. 36 FinOps on Azure: From Cost Visibility to Engineered Savings Advanced 17 min read
  4. 37 Azure Commitment Strategy: Reservations, Savings Plans, and Hybrid Benefit Optimization Advanced 16 min read

Tier 3 · Advanced — Developing Solutions (AZ-204)

Build cloud-native apps: Functions, Durable, Container Apps, zero-downtime deploys, Cosmos and Redis.

  1. 38 Azure Functions Flex Consumption: VNet Integration, Concurrency, and Cold-Start Tuning Advanced 14 min read
  2. 39 Durable Functions in Production: Orchestrations, Fan-out/Fan-in, and Entity State Advanced 16 min read
  3. 40 Azure Container Apps Deep Dive: Dapr, KEDA Scaling, Revisions, and Split Traffic Advanced 16 min read
  4. 41 Hardening Azure App Service: VNet Integration, Private Endpoints, and Zero-Downtime Slots Intermediate 15 min read
  5. 42 Cosmos DB for NoSQL: Partition Key Design, RU Optimization, and Hot Partition Repair Expert 14 min read
  6. 43 Azure Cache for Redis Enterprise: Clustering, Active Geo-Replication, and Resilient Failover Patterns Advanced 18 min read

Tier 3 · Advanced — Messaging & Integration (AZ-204)

Decouple and integrate systems: Service Bus, Event Grid, API Management and Logic Apps.

  1. 44 Azure Service Bus at Scale: Sessions, Deduplication, and Dead-Letter Handling Advanced 17 min read
  2. 45 Event-Driven Architectures with Azure Event Grid: MQTT, Routing, and Reliable Delivery Advanced 16 min read
  3. 46 API Management Self-Hosted Gateway: Hybrid APIs and Advanced Policy Engineering Expert 18 min read
  4. 47 Azure Logic Apps Standard: Stateful Workflows, VNet Integration, and B2B/EDI Integration Accounts Advanced 18 min read

Tier 3 · Advanced — Hybrid Identity, Federation & SSO

Connect on-premises identity to the cloud: hybrid identity, ADFS migration, sync and SCIM provisioning.

  1. 48 Azure Enterprise Architecture: Hybrid Identity & SSO Advanced 28 min read
  2. 49 Migrating from Entra Connect Sync to Entra Cloud Sync: A Step-by-Step Cutover Guide Advanced 15 min read
  3. 50 Migrating from AD FS to Entra ID Authentication: Staged Cutover with PHS, Staged Rollout, and Claims-Rule Mapping Expert 18 min read
  4. 51 Building a SCIM 2.0 Provisioning Endpoint and Integrating It with Entra ID Automatic Provisioning Expert 14 min read

Tier 3 · Advanced — Networking Engineering (AZ-700)

Design enterprise networks: deep VNet, firewall, private DNS/endpoints, App Gateway, Front Door, vWAN and BGP.

  1. 52 Azure Virtual Networks Deep Dive: Every Setting from Subnets to Peering Intermediate 28 min read
  2. 53 Routing All Egress Through Azure Firewall: UDRs, Forced Tunneling, and Policy Advanced 13 min read
  3. 54 Hybrid DNS at Scale: Azure DNS Private Resolver with Conditional Forwarding Advanced 15 min read
  4. 55 Private Endpoints and Private DNS at Scale: A Hub-and-Spoke Resolution Architecture Expert 15 min read
  5. 56 Application Gateway v2 and WAF: L7 Routing, TLS Termination, and Tuning That Holds Advanced 15 min read
  6. 57 Global Traffic Management: Azure Front Door and Traffic Manager for Multi-Region Failover Advanced 13 min read
  7. 58 Scaling Connectivity with Azure Virtual WAN: A Global Network Build Expert 15 min read
  8. 59 BGP Route Control in Hybrid Cloud: Communities, AS-Path, and Local-Pref Without Black Holes Expert 17 min read
  9. 60 DNSSEC End to End: Signing Public Zones and Enforcing Validation on Hybrid Resolvers Advanced 16 min read

Tier 3 · Advanced — Security Engineering (AZ-500)

Engineer defence in depth: Zero Trust, Key Vault & encryption, Defender for Cloud/XDR, and Sentinel.

  1. 61 Azure Zero-Trust & the Multi-Layer Security Model Intermediate 16 min read
  2. 62 Eliminating Secrets: Key Vault and Workload Identity Federation End to End Advanced 16 min read
  3. 63 Eliminating Secrets in Azure: Key Vault, Managed Identity, and Automated Rotation Advanced 14 min read
  4. 64 Encryption at Rest in Azure: Customer-Managed Keys, HSM, and Double Encryption Expert 13 min read
  5. 65 Azure Managed HSM and Secure Key Release: Attestation-Gated Keys for Confidential Workloads Expert 16 min read
  6. 66 Operationalizing Microsoft Defender for Cloud: CSPM, Secure Score, and Workload Protection Advanced 13 min read
  7. 67 Cloud Workload Protection in Practice: Defender for Servers, Containers, and Databases Advanced 14 min read
  8. 68 Defender for Cloud Attack Path Analysis: Custom Recommendations and Governance Rules Expert 15 min read
  9. 69 Standing Up Microsoft Sentinel: Data Connectors, Analytics Rules, and SOAR Playbooks Advanced 16 min read
  10. 70 Sentinel Detection-as-Code: Content Hub, Repositories, and CI/CD Pipelines Expert 17 min read
  11. 71 Deploying Microsoft Defender for Endpoint: Onboarding, ASR Rules, and EDR in Block Mode Intermediate 15 min read
  12. 72 Detecting Identity Attacks with Defender for Identity: Sensors, Honeytokens, and ISPM Advanced 16 min read
  13. 73 Defender XDR Advanced Hunting: Custom Detection Rules and Automatic Attack Disruption Expert 16 min read

Tier 3 · Advanced — Data Engineering Core

Run data at scale: Azure SQL, PostgreSQL, Cosmos multi-region, Data Factory/Synapse/Fabric and the data lake.

  1. 74 Azure SQL Database Advanced Patterns: Hyperscale, Elastic Pools, Ledger, and Always Encrypted with Secure Enclaves Expert 17 min read
  2. 75 Azure SQL Managed Instance HA: Failover Groups, the Link Feature, and Business Continuity Advanced 16 min read
  3. 76 Azure Database for PostgreSQL Flexible Server: Zone-Redundant HA, Read Replicas, PgBouncer, and In-Place Upgrades Advanced 17 min read
  4. 77 Cosmos DB Multi-Region Writes: Consistency Levels and Conflict Resolution Expert 17 min read
  5. 78 Azure Data Integration & Analytics: Data Factory, Synapse & Microsoft Fabric Advanced 20 min read
  6. 79 Azure Enterprise Architecture: Enterprise Data Lake & Analytics Advanced 27 min read

Tier 3 · Advanced — Compute at Scale & Specialized Compute

Scale and specialise compute: VM Scale Sets, AKS microservices, and dedicated/spot/confidential/HPC compute.

  1. 80 VM Scale Sets with Flexible Orchestration: Azure Image Builder, Compute Gallery, and Automatic Rolling Upgrades Advanced 17 min read
  2. 81 Azure Enterprise Architecture: Production Microservices on AKS Advanced 21 min read
  3. 82 Azure Specialized Compute: Dedicated Hosts, Spot, Confidential VMs, HPC & Batch Advanced 32 min read

Tier 3 · Advanced — Observability & APM

See inside production: data-collection rules, distributed tracing, and managed Prometheus/Grafana.

  1. 83 Azure Monitor End to End: Data Collection Rules, Workbooks, Metric/Log Alerts, and Action Group Automation Advanced 17 min read
  2. 84 Application Insights with OpenTelemetry: Distributed Tracing and Adaptive Sampling for .NET Advanced 15 min read
  3. 85 Azure Monitor Managed Prometheus and Managed Grafana for AKS, End to End Advanced 16 min read

Tier 4 · Expert — Architecture & Design Mastery (AZ-305)

Think like an architect: the Well-Architected Framework, CAF, architecture styles, the design-pattern catalogue, and mission-critical design.

  1. 86 The Azure Well-Architected Framework, In Depth: 5 Pillars as a Tradeoff System Advanced 34 min read
  2. 87 Cloud Adoption Framework & Azure Landing Zones, In Depth Advanced 32 min read
  3. 88 Choosing an Architecture: Styles & the Ten Design Principles Advanced 22 min read
  4. 89 The 43 Azure Cloud Design Patterns: A Complete, Practical Catalogue Advanced 41 min read
  5. 90 Mission-Critical (AlwaysOn) Architecture on Azure: The Apex Design Advanced 32 min read

Tier 4 · Expert — Enterprise Landing Zones

Build the enterprise platform: CAF landing zones across identity, network, security, governance and platform automation.

  1. 91 Designing an Azure Landing Zone with the Cloud Adoption Framework Advanced 16 min read
  2. 92 Azure Landing Zone: Identity & Access Management — Entra ID Design, the RBAC Model, PIM, Conditional Access, Hybrid Identity, and the Identity Subscription Advanced 26 min read
  3. 93 Azure Landing Zone: Network Topology & Connectivity — Hub-Spoke vs Virtual WAN, the Connectivity Subscription, Hybrid Links, Segmentation, DNS, Inspection & Private Link Advanced 26 min read
  4. 94 Azure Landing Zone: Security — Defender for Cloud, Sentinel, Encryption & Key Management, the Security Baseline Policy Set, and Secure Score Advanced 27 min read
  5. 95 Azure Landing Zone: Governance — Azure Policy Initiatives, Cost Guardrails, Compliance Frameworks & Tag Enforcement Advanced 28 min read
  6. 96 Azure Landing Zone: Platform Automation & DevOps — IaC with Bicep & Terraform, the ALZ Accelerator, Subscription Vending, Platform CI/CD & GitOps Advanced 27 min read
  7. 97 Subscription Vending at Scale: Automating Landing Zone Onboarding Expert 16 min read
  8. 98 Azure Cloud Adoption Framework: Secure — Methodology, Zero Trust, MCRA/MCSB, and Securing Access, Operations, Assets & Innovation Advanced 26 min read

Tier 4 · Expert — Resilience & Disaster Recovery

Design for failure: zone/region failover, multi-region active-active, and chaos engineering.

  1. 99 Azure Site Recovery for IaaS: Zone-to-Zone and Region Failover with Recovery Plans Advanced 17 min read
  2. 100 Active-Active Multi-Region on Azure: Building for RTO Near Zero Expert 14 min read
  3. 101 Resilience Validation with Azure Chaos Studio: Fault Injection Experiments for AKS, VMSS, and Networking Advanced 18 min read

Tier 4 · Expert — DevOps, IaC & Automation (AZ-400)

Ship safely and repeatably: Bicep, Azure Verified Modules, Azure DevOps pipelines, and blue-green releases.

  1. 102 Shipping Azure Workloads with Bicep: Deployment Stacks, what-if, and a CI Pipeline Intermediate 14 min read
  2. 103 Operating a Bicep Private Module Registry and Templating at Scale Advanced 15 min read
  3. 104 Building a Platform Layer with Azure Verified Modules and Terraform Advanced 16 min read
  4. 105 Designing Multi-Stage Azure DevOps YAML Pipelines with Environments, Approvals, and Deployment Gates Advanced 15 min read
  5. 106 Azure DevOps Scale Set Agents: Ephemeral Pools, Autoscaling, and Pipeline Hardening Advanced 16 min read
  6. 107 Zero-Downtime Blue-Green Deployments on Azure: App Service Slots, Front Door, and Pipeline Automation Intermediate 14 min read
  7. 108 Building a FinOps Practice on Azure: From Tagging to Showback Automation Advanced 15 min read

Tier 4 · Expert — FinOps & Cost Strategy

Optimise spend as a discipline: the cost-optimisation pillar and its tradeoffs.

  1. 109 Azure Well-Architected: Cost Optimization — Cost Models, Rate & Usage Optimization, Guardrails, and a FinOps Culture Advanced 24 min read
  2. 110 Cost Optimization Without Wrecking Reliability: Navigating WAF Tradeoffs Expert 16 min read

Tier 5 · Specialist — AI Engineering (AI-102)

Engineer production AI: enterprise Azure OpenAI, AI Search/RAG, private endpoints, and agent orchestration.

  1. 111 An Enterprise Landing Zone for Azure OpenAI: Networking, Quotas, and Gateways Expert 17 min read
  2. 112 Azure AI Search for RAG: Vector Indexing, Hybrid Search, Semantic Ranking, and Indexer Pipelines Advanced 16 min read
  3. 113 Enterprise RAG Platform on Azure OpenAI with Private Endpoints Advanced 20 min read
  4. 114 AI Agent Orchestration with Tool-Calling and Guardrails Advanced 20 min read
  5. 115 AI-102: Building Production AI — RAG, Copilots, Vision & Document Intelligence Advanced 26 min read

Tier 5 · Specialist — Data Engineering (DP-203)

Engineer the data platform: lakehouse governance, streaming at scale, and end-to-end pipelines.

  1. 116 Databricks Lakehouse on Azure with Unity Catalog Governance Advanced 19 min read
  2. 117 Azure Event Hubs at Scale: Partitioning, Capture, Kafka Endpoint, and Stream Analytics Processing Advanced 18 min read
  3. 118 DP-203: End-to-End Azure Data Engineering — Ingest, Store, Transform, Serve & Stream Advanced 26 min read

Tier 5 · Specialist — Hybrid, Arc & Migration

Extend Azure everywhere: Arc-enabled servers and Kubernetes, VMware migration, and the CAF migrate methodology.

  1. 119 Azure Arc-Enabled Servers: Onboarding at Scale, Machine Configuration Guest Policy, and Extended Security Updates Advanced 17 min read
  2. 120 Azure Arc-Enabled Kubernetes: GitOps, Policy, and Fleet Governance for Hybrid Clusters Advanced 16 min read
  3. 121 VMware to Azure VMware Solution Migration and Hybrid Operations Advanced 19 min read
  4. 122 Azure Cloud Adoption Framework: Migrate — Assess/Deploy/Release, Azure Migrate Dependency Analysis, Waves & the Migration Factory, Replication & Cutover, Testing & Rollback Advanced 26 min read

Tier 5 · Specialist — End-User Computing (AZ-140)

Deliver desktops & apps at scale: AVD and Windows 365 with FSLogix, MSIX and identity integration.

  1. 123 Azure End-User Computing: AVD, Windows 365 Cloud PC, FSLogix & MSIX App Attach Intermediate 21 min read
  2. 124 Azure Virtual Desktop for 5,000 Knowledge Workers with FSLogix and Okta Advanced 18 min read

Tier 5 · Specialist — IoT & Digital Twins

Connect the physical world: IoT Hub, Device Provisioning, IoT Edge and Azure Digital Twins.

  1. 125 Azure IoT: IoT Hub, Device Provisioning, IoT Edge & Digital Twins Intermediate 27 min read

Tier 5 · Specialist — Compliance, Sovereignty & Regulated Cloud

Run regulated estates: Compliance Manager, regulatory frameworks, sovereign clouds and data residency.

  1. 126 Azure Compliance, Sovereignty & Regulated Cloud: Compliance Manager, Frameworks & Data Residency Advanced 30 min read

Tier 5 · Specialist — Cybersecurity Architecture (SC-100)

Architect security strategy: confidential computing and end-to-end Zero-Trust reference designs.

  1. 127 Confidential Computing for Sensitive Analytics on Azure Advanced 18 min read
  2. 128 SC-100: Cybersecurity Architect — Zero-Trust Strategy & Reference Designs Advanced 24 min read

Track · Troubleshooting (Easy → Complex)

Diagnose anything: a method and per-domain playbooks, the diagnostics toolkit, then complex multi-service incident RCA.

  1. 129 Azure Troubleshooting Playbooks: Network, VM, Identity, Storage & Apps Intermediate 18 min read
  2. 130 The Azure Diagnostics Toolkit: Network Watcher, Resource Health, Boot Diagnostics & KQL Intermediate 16 min read
  3. 131 Advanced Azure Troubleshooting: Complex Multi-Service Incidents & Root-Cause Analysis Advanced 29 min read

Track · Architecting (Easy → Complex)

Turn requirements into designs: a six-rung ladder from a simple web app to mission-critical, plus real proposal walkthroughs. Builds on Tier 4.

  1. 132 The Azure Architecting Ladder: From a Simple Web App to Mission-Critical Advanced 36 min read
  2. 133 Azure Architecture Case Studies: Real Proposal Walkthroughs (Easy → Complex) Advanced 41 min read

Track · Certification Center

Pass the exams: the master exam-prep kit with objective checklists, practice questions and cheat sheets.

  1. 134 Azure Exam-Prep Kit: Objective Checklists, Practice Questions & Cheat Sheets Advanced 20 min read

Track · Job-Ready — Projects, Capstone & Interview

Get hired: a hands-on capstone landing zone, a portfolio-projects ladder, and full interview preparation.

  1. 135 Capstone: Design & Build a Production-Ready Azure Landing Zone Advanced 22 min read
  2. 136 Real-World Azure Portfolio Projects: From Cloud Resume Challenge to Landing Zone Advanced 18 min read
  3. 137 Azure Interview & Certification Prep: Scenarios + AZ-104/AZ-305 Roadmap Advanced 18 min read
All courses Browse all Azure articles