Describe the benefits of using cloud services
📘Microsoft Certified: Azure Fundamentals (AZ-900)
Microsoft Certified: Azure Fundamentals (AZ-900)
Main Topic: Describe the benefits of using cloud services
Sub-topic: Describe the benefits of security and governance in the cloud
This section is very important for the AZ-900 exam. You must understand how Microsoft Azure improves security and governance compared to traditional on-premises IT environments.
The exam tests your understanding of:
- How Azure improves security
- What governance means in cloud computing
- Which Azure services help with security and governance
- Why cloud security is often stronger than traditional data center security
Let’s explain everything in simple and clear language.
1️⃣ What Is Security in the Cloud?
Cloud security means protecting:
- Data
- Applications
- Virtual machines
- Networks
- User identities
- Cloud resources
In traditional IT environments, companies must:
- Buy firewalls
- Configure network security
- Patch servers manually
- Monitor threats themselves
- Secure physical servers
In Azure, many security responsibilities are handled by Microsoft.
2️⃣ Shared Responsibility Model (VERY IMPORTANT FOR EXAM)
This is a key concept for AZ-900.
In cloud computing, security responsibility is shared between:
- Microsoft (Cloud Provider)
- Customer (You)
Microsoft is responsible for:
- Physical data center security
- Physical servers
- Storage hardware
- Networking hardware
- Hypervisor
- Global infrastructure
Customer is responsible for:
- User accounts
- Passwords
- Data
- Applications
- Configuration of services
- Access permissions
The responsibility changes depending on the service model:
| Service Model | Microsoft Secures | Customer Secures |
|---|---|---|
| IaaS | Infrastructure | OS, apps, data |
| PaaS | Infrastructure + OS | Apps, data |
| SaaS | Almost everything | User access & data |
You must understand this table for the exam.
3️⃣ Benefits of Security in Azure
Now let’s explain why Azure security is a benefit.
✅ 1. Built-in Security Controls
Azure includes many security features by default:
- Firewalls
- DDoS protection
- Encryption
- Identity protection
- Threat detection
In a traditional IT setup, companies must buy and configure these tools separately.
In Azure, they are already integrated.
✅ 2. Physical Security of Data Centers
Microsoft Azure data centers have:
- 24/7 surveillance
- Biometric access controls
- Security guards
- Backup power systems
- Disaster protection systems
Most organizations cannot build this level of physical security on their own.
This is a major benefit of cloud computing.
✅ 3. Encryption (Very Important)
Azure protects data using encryption:
🔐 Data at Rest
Data stored in:
- Azure Storage
- Azure SQL Database
- Virtual machine disks
Is automatically encrypted.
🔐 Data in Transit
Data moving between:
- Users and Azure
- Azure services
Is encrypted using HTTPS/TLS.
This protects data from being intercepted.
✅ 4. Identity and Access Management (IAM)
In Azure, identity is managed using:
🔑 Microsoft Entra ID (formerly Azure AD)
This allows:
- User authentication
- Multi-factor authentication (MFA)
- Role-based access control (RBAC)
- Conditional access policies
Example in IT environment:
- A database admin gets full database access.
- A support engineer gets read-only access.
- A normal employee gets no access.
This prevents unauthorized access.
✅ 5. Multi-Factor Authentication (MFA)
MFA requires:
- Password
- Plus another verification method (SMS, app, biometrics)
This reduces the risk of:
- Password theft
- Account compromise
Very important security feature for the exam.
✅ 6. Advanced Threat Protection
Azure includes intelligent threat detection services such as:
- Microsoft Defender for Cloud
- Microsoft Sentinel (SIEM solution)
These services:
- Monitor activities
- Detect suspicious behavior
- Alert administrators
- Provide security recommendations
Example:
If a virtual machine suddenly starts sending unusual traffic, Azure can detect and alert it.
✅ 7. DDoS Protection
Azure provides built-in protection against:
- Distributed Denial of Service (DDoS) attacks
This prevents attackers from overwhelming applications with traffic.
✅ 8. Automatic Security Updates
In traditional IT:
- Admins must patch servers manually.
In Azure:
- Microsoft automatically patches infrastructure.
- Many services are auto-updated.
This reduces security risks caused by outdated systems.
4️⃣ What Is Governance in the Cloud?
Security protects resources.
Governance controls how resources are used.
Governance ensures:
- Rules are followed
- Costs are controlled
- Compliance requirements are met
- Resources are deployed correctly
Think of governance as IT policy enforcement in the cloud.
5️⃣ Benefits of Governance in Azure
✅ 1. Role-Based Access Control (RBAC)
RBAC allows organizations to:
- Assign specific roles
- Control what users can do
- Apply least privilege principle
Example:
- One user can create virtual machines.
- Another can only view resources.
- Another can manage billing only.
This prevents accidental or unauthorized changes.
✅ 2. Azure Policy
Azure Policy helps enforce organizational rules.
You can:
- Restrict resource locations
- Enforce tagging requirements
- Prevent certain VM sizes
- Require encryption
Example:
An organization may require:
- All storage accounts must use encryption.
- All resources must be deployed only in a specific region.
Azure Policy automatically enforces this.
This is very important for compliance and exam understanding.
✅ 3. Resource Locks
Azure allows you to apply locks to resources:
- Read-only lock
- Delete lock
This prevents:
- Accidental deletion
- Accidental modification
Example:
A production database can be locked to prevent deletion.
✅ 4. Blueprints (Governed Deployments)
Azure Blueprints allow organizations to:
- Deploy standardized environments
- Apply policies automatically
- Ensure compliance from the beginning
Example:
When deploying a new project environment, it automatically includes:
- Security policies
- Network rules
- Role assignments
✅ 5. Management Groups
Management Groups allow:
- Centralized control of multiple subscriptions
- Apply policies at higher levels
Large organizations may have:
- Multiple departments
- Multiple Azure subscriptions
Management Groups allow governance across all of them.
✅ 6. Compliance Certifications
Microsoft Azure complies with:
- ISO
- SOC
- GDPR
- HIPAA
- Many global standards
This helps organizations meet legal and regulatory requirements.
This is a big advantage compared to building your own data center.
6️⃣ Why Security and Governance Are Better in the Cloud
Azure provides:
- Centralized management
- Built-in security tools
- Automatic updates
- Global compliance
- Intelligent threat monitoring
- Identity-based access control
- Policy-based enforcement
Traditional IT environments require:
- Manual configuration
- Separate tools
- Higher cost
- More complexity
Azure simplifies everything.
7️⃣ Exam Tips for AZ-900
You should clearly understand:
✅ Shared Responsibility Model
✅ Microsoft Entra ID (Azure AD)
✅ Role-Based Access Control (RBAC)
✅ Azure Policy
✅ Resource Locks
✅ Microsoft Defender for Cloud
✅ Encryption (at rest & in transit)
✅ DDoS protection
✅ Management Groups
✅ Compliance standards
The exam does NOT require deep technical configuration knowledge.
It tests:
- Concept understanding
- Ability to identify the correct service
- Knowing who is responsible for what
8️⃣ Simple Summary
Security in Azure means:
- Protecting data
- Protecting identities
- Protecting applications
- Monitoring threats
- Encrypting information
Governance in Azure means:
- Controlling access
- Enforcing rules
- Preventing mistakes
- Meeting compliance requirements
Azure provides strong built-in security and governance tools that:
- Reduce risk
- Improve control
- Lower management effort
- Increase trust
- Improve compliance
