Azure Pricing and Governance Explained for Microsoft Azure Fundamentals AZ-900

Azure pricing has three main dimensions: compute (charged per hour or per second for VMs and functions), storage (charged per gigabyte per month), and outbound data transfer (charged per gigabyte leaving Azure to the internet or to other regions). Inbound data transfer to Azure is free.

The Azure Pricing Calculator estimates costs for any combination of Azure services before you deploy them. You select the services you plan to use, configure the specifications, and it generates a monthly cost estimate. The Total Cost of Ownership (TCO) Calculator is different: it estimates how much you would save by migrating on-premises workloads to Azure. You input your current infrastructure (number of servers, storage, networking costs, labor) and it calculates the comparable Azure cost, generating a comparison report for use in business cases.

Azure Cost Management and Billing is the tool for monitoring actual spending after you deploy. It shows spending by service, resource group, subscription, or tag over any time period. Budgets in Cost Management let you set spending thresholds and trigger email alerts or automated actions when spending approaches the limit. Cost Analysis visualizes where spending is occurring, enabling you to identify unexpected spikes and optimize resource usage.

Azure Policy enforces organizational standards across Azure resources. A policy definition is a rule (for example, all resources must have a specific tag, or all storage accounts must use HTTPS). Policies are assigned at the management group, subscription, or resource group level. Resources that do not comply are flagged, and some policy effects can prevent non-compliant resources from being created at all. Policy initiatives are collections of policy definitions applied together as a package.

Role-Based Access Control (RBAC) controls who can perform which actions on which Azure resources. Roles are assigned to users, groups, or service principals at the management group, subscription, resource group, or individual resource level. The three built-in roles are Owner (full access including granting access to others), Contributor (create and manage resources, cannot grant access), and Reader (view resources only). Custom roles can define precise permission sets for specific scenarios.

Azure's organizational hierarchy consists of Management Groups (containers for subscriptions, for applying policies across multiple subscriptions), Subscriptions (billing boundaries with their own resource quotas), Resource Groups (logical containers for related resources within a subscription), and individual Resources (VMs, storage accounts, databases). Policies and RBAC applied at a higher level are inherited by everything below it.

Pricing Calculator: estimate cost before deploying. TCO Calculator: compare on-premises vs Azure costs for migration business case.

Cost Management: analyze actual spend after deployment. Budgets: set thresholds and trigger alerts.

Azure Policy: enforce organizational rules. Non-compliant resources are flagged or blocked depending on effect.

RBAC: who can do what. Owner: full control including access. Contributor: create/manage. Reader: view only.

Management Group > Subscription > Resource Group > Resource. Policy and RBAC inherit downward through this hierarchy.

Tags: key-value pairs on resources for cost allocation, ownership tracking, and policy application.