Service Confusion — Azure Fundamentals (AZ-900)
You picked the right service category but the wrong specific service. The exam tests precise service selection, not general knowledge.
Azure Logic Apps Isn't Just Functions With More Steps
The scenario describes a workflow connecting SaaS apps and triggering notifications on a schedule. Candidates reach for Azure Functions because it 'runs code.' But Functions requires you to write and maintain that logic — Logic Apps provides the connector-based orchestration the scenario is describing. When the exam says 'no custom code' or 'prebuilt connectors,' the service distinction stops being cosmetic.
The Scenario
The question asks for a messaging solution between microservices needing guaranteed ordering and exactly-once delivery. You pick Azure Service Bus because it handles enterprise messaging. But read again — the scenario says "simple point-to-point queue with messages under 64KB, no topics or subscriptions needed." Azure Queue Storage handles this at a fraction of the cost. Service Bus is correct when you need sessions, dead-lettering, scheduled delivery, or pub/sub topics. The exam tested whether you default to the enterprise-grade tool for a lightweight problem.
How to Spot It
- •Azure has paired services in almost every category: Service Bus vs. Queue Storage (enterprise messaging vs. simple queues), Cosmos DB vs. Table Storage (global distribution vs. simple key-value), App Service vs. Container Apps (traditional web vs. microservices). The exam tests whether you match capability to actual requirements.
- •When you pick the more powerful service, check: does the scenario actually need topics, sessions, or dead-lettering? If the requirements are "simple queue" or "basic storage," the lighter-weight service is correct.
- •Look for cost and simplicity signals: "cost-effective," "simplest solution," "least complexity." These point away from Service Bus, Cosmos DB, and AKS toward their simpler counterparts.
Decision Rules
Which tool benchmarks on-premises CapEx/OpEx costs against Azure spend to justify migration, rather than estimating Azure-only service costs for a net-new deployment?
Whether the workload's variable, event-driven utilization pattern is best served by always-on VM capacity—billed continuously regardless of use—or by a consumption-based serverless model that scales to zero and charges only per execution.
Whether true scale-to-zero serverless compute (Azure Functions consumption plan) or pay-as-you-go virtual machines best satisfies the dual requirement of zero upfront CapEx and zero idle-period charges for a sporadically triggered workload.
Whether consumption-based serverless compute (Azure Functions) or provisioned VM-based compute (Azure Virtual Machines) satisfies the dual constraint of zero upfront CapEx and cost proportional to actual workload execution for a variable, event-driven usage pattern.
When the requirement is to monitor and act on real-time or historical Azure consumption data — not estimate future costs — Azure Cost Management is the correct service; Azure Pricing Calculator operates only on hypothetical pre-deployment configurations and cannot surface or alert on live spend.
When the stated data volume cannot be transferred online within the available bandwidth and time window, choose Azure Data Box (offline physical shipment) over AzCopy (online network transfer).
Choose Azure Policy over RBAC when the requirement is to enforce a resource configuration state across all subscriptions via inheritance, not to restrict which identities can perform actions on resources.
When the requirement is preventive, configuration-level compliance that propagates automatically across a subscription hierarchy, Azure Policy (policy inheritance) is the correct answer — RBAC addresses who can act, not what configuration resources must maintain.
Which service enforces a resource-deployment configuration rule at ARM scope across subscriptions versus which service governs data classification and lineage within the data estate.
Whether the immutable delete-prevention requirement — one that must hold regardless of the caller's RBAC role — is satisfied by a direct resource-lifecycle control or by a data-estate governance tool.
Which service enforces resource-deployment constraints (allowed regions) automatically across subscriptions versus which service governs the data estate through classification and lineage.
Use Azure Resource Locks (CanNotDelete) to enforce resource lifecycle protection on a specific resource, rather than Microsoft Purview, which governs data classification and lineage but cannot intercept ARM delete operations.
Whether serverless container execution (Azure Container Instances) or auto-scaling IaaS (Azure Virtual Machine Scale Sets) better satisfies the explicit constraint of eliminating VM configuration and OS update management from the customer's operational scope.
Choose availability zones (intra-region, datacenter-level fault isolation) over region pairs (inter-region disaster recovery) when the dominant constraints are single-datacenter failure tolerance, data residency within one region, and avoidance of cross-region replication costs.
Choose availability zones (intra-region, datacenter-level fault isolation) over region pairs (inter-region disaster recovery) when the dominant constraints are single-datacenter failure tolerance, data residency within one region, and cost minimization.
When the scenario requires that hybrid traffic must not traverse the public internet AND guarantees consistent bandwidth, ExpressRoute is the correct choice; VPN Gateway is disqualified because its IPsec tunnel still routes over the public internet regardless of encryption.
Choose ExpressRoute when the requirement is a private dedicated circuit that bypasses the public internet entirely; choose VPN Gateway when cost-effective encrypted connectivity over the public internet is acceptable.
Select Azure Cost Management budgets (active threshold alerting) over Azure Tags (passive metadata labeling) when the stated requirement is proactive notification upon exceeding a defined spend limit.
When the requirement is idempotent, repeatable, drift-preventing infrastructure provisioning, choose ARM Templates (declarative IaC) rather than Azure Arc (hybrid management plane) or imperative tools such as Azure CLI or Azure PowerShell.
Whether the scenario's primary need is proactive best-practice guidance surfaced before issues arise (Azure Advisor) or reactive threshold-based alerting on live resource metrics and logs (Azure Monitor).
Select the Azure cost tool that performs a pre-migration total-cost comparison between on-premises and Azure, not one that estimates Azure-only deployment costs.
Choose Azure Arc when the requirement is to bring existing on-premises or non-Azure servers under Azure management governance; choose ARM Templates when the requirement is declarative idempotent deployment of Azure-hosted resources — these are mutually exclusive scopes.
Does the scenario require proactive best-practice recommendations surfaced before incidents occur (Azure Advisor) or reactive resource-level metric and log alerting triggered after a condition is met (Azure Monitor)?
Whether the scenario requires a cost comparison between on-premises infrastructure and Azure (TCO Calculator) or an estimate of Azure service costs in isolation (Pricing Calculator), determined by the presence of an on-premises baseline and a financial justification requirement.
Whether to use Azure Arc, which extends the Azure management plane to on-premises servers for unified drift-free governance, or ARM Templates, which provides idempotent Azure-native deployments but cannot enroll or govern pre-existing on-premises servers.
Whether Azure Advisor (proactive resource-configuration-based best-practice recommendations) or Azure Service Health (platform-level event and maintenance notification) satisfies a requirement to receive actionable optimization guidance before failures occur.
Select Azure TCO Calculator — not Azure Pricing Calculator — when the requirement is a pre-migration cost comparison between on-premises infrastructure and Azure; TCO Calculator ingests on-premises workload inputs to generate a side-by-side financial business case, whereas Pricing Calculator estimates Azure-only service costs for configurations that are already known and fully defined within Azure.
Choose Azure Arc when the dominant requirement is extending Azure's ongoing management control plane (policy, monitoring, governance) to pre-existing on-premises or multi-cloud servers; choose ARM Templates when the requirement is idempotent declarative deployment of new Azure resources. The two roles are complementary but not interchangeable — Arc provides hybrid-reach governance; ARM Templates provide drift-free provisioning within Azure.
Which Azure monitoring tool proactively evaluates deployed resource configurations and surfaces best-practice reliability recommendations, versus which tools react to platform-level events or metric thresholds only after conditions materialize?
Whether Microsoft Entra Conditional Access (signal-based authentication policy) or Azure RBAC (resource permission scoping for authenticated identities) satisfies a requirement to enforce MFA conditionally based on network location and user type.
Domain Coverage
Difficulty Breakdown
Related Patterns