Skip to main content
  1. CloudCertPro - Learn the Architecture Behind the Certification
  2. >
  3. Azure Cloud Knowledge Hub - CloudCertPro
  4. >
  5. Azure Domains Learning Hub: Master Azure by Capability Domains

Azure Domains Learning Hub: Master Azure by Capability Domains

Master Azure through capability domains rather than individual services.

True cloud expertise comes from understanding what a platform can do—its capabilities—not from memorizing every service name. Azure Domains organize Azure into logical capability areas that form the backbone of every certification and every well‑architected solution.

Explore Azure Domains →
Browse Azure Architecture →
View Azure Certifications →

What Are Azure Domains?
#

Azure services evolve rapidly. Features are added, names change, new offerings appear. What remains stable are the underlying cloud capabilities: identity, compute, networking, storage, security, governance, and more.

A domain is a collection of related Azure services, concepts, architecture principles, and operational practices that together deliver a specific cloud capability. It’s the what and why before the which service.

For example, the Identity Domain isn’t just Microsoft Entra ID. It encompasses authentication, authorization, RBAC, managed identities, conditional access, and Zero Trust principles. By learning the domain, you understand the role of each service and how they work together—so when a new identity service appears, you can immediately see where it fits.

This approach provides:

  • A stable mental model that outlasts specific exam objectives
  • The ability to make architectural decisions across any Azure workload
  • A direct link between foundational knowledge and scenario‑based exam questions

At CloudCertPro, we teach domains as the bridge between services and architecture. Services are the products; domains are the capabilities; architecture is the design that solves business problems.

The Azure Knowledge Model
#

CloudCertPro organizes Azure knowledge into a progression that moves from the concrete to the abstract, and back to real solutions.

Azure Services (Products)
        ↓
  Azure Domains (Capabilities)
        ↓
Azure Architecture (Design Principles, Patterns, Frameworks)
        ↓
   Design Decisions (Trade‑offs, Selection)
        ↓
    Real Solutions (Workloads, Enterprise Systems)
  • Azure Services – The individual building blocks: Virtual Machines, Virtual Network, Azure OpenAI.
  • Azure Domains – Capability areas that group services and concepts: Compute, Networking, AI & Machine Learning.
  • Azure Architecture – Reusable patterns, the Well‑Architected Framework, and decision frameworks that use domain capabilities.
  • Design Decisions – Choosing the right services within a domain based on requirements.
  • Real Solutions – Deployable, governed, and monitored systems built on these decisions.

Every certification at CloudCertPro is structured around this model, ensuring you develop the architectural thinking that lasts far beyond any exam.

Azure Domains Overview
#

Domain Purpose Key Services Key Certifications
Identity Manage users, groups, and access control across Azure and Microsoft 365 Microsoft Entra ID, RBAC, Managed Identities, Conditional Access AZ-104, AZ-305
Compute Run applications, containers, and serverless functions at scale Virtual Machines, App Service, Functions, AKS, Container Apps AZ-104, AZ-305
Networking Connect, deliver, and secure applications and hybrid infrastructure Virtual Network, Load Balancer, Application Gateway, ExpressRoute, Private Link AZ-104, AZ-305
Storage Store and protect files, objects, disks, and data lakes Storage Account (Blob, Files, Queue), Managed Disks, Data Lake Storage AZ-104, AZ-305
Databases Managed relational, NoSQL, and caching data platforms Azure SQL, Cosmos DB, PostgreSQL, MySQL, Redis AZ-305
Security Protect workloads, manage keys, detect threats, and ensure compliance Key Vault, Defender for Cloud, Sentinel, WAF, Purview AZ-104, AZ-305
Observability Monitor, diagnose, and gain operational insights into Azure and apps Azure Monitor, Log Analytics, Application Insights AZ-104, AZ-305
AI & Machine Learning Build intelligent apps with cognitive services, ML, and generative AI Azure OpenAI, AI Search, Cognitive Services, Azure ML, AI Foundry AI-901, AI-103, AI-300, GH-600
Data Analytics Ingest, process, and analyze large-scale data workloads Synapse Analytics, Databricks, Fabric, Data Factory, Stream Analytics AZ-305, AI-300
DevOps Automate software delivery and infrastructure as code Azure DevOps, GitHub Actions, Container Registry, Artifacts AZ-104, AZ-305
Governance Enforce policies, manage costs, and organize enterprise environments Azure Policy, Management Groups, Cost Management, Advisor AZ-104, AZ-305
Integration Connect applications and services through messaging, events, and APIs Service Bus, Event Grid, Event Hubs, Logic Apps, API Management AZ-305, AI-300, GH-600
Architecture Apply design principles, decision frameworks, and well‑architected guidance (All services – this domain is about design thinking) AZ-305
Agent Systems Design autonomous, tool‑using AI agents and multi‑agent orchestrations Azure OpenAI, AI Search, Functions, Logic Apps, Cosmos DB, AI Foundry GH-600

Each domain page is a deep‑dive knowledge center that unpacks concepts, services, architecture patterns, and certification coverage.

Identity Domain
#

Identity is the control plane of cloud security. Every resource access, every API call, every administrative action is governed by identity. Mastering this domain means understanding authentication flows, authorization models, and how to build Zero Trust into every solution.

Topics: Authentication (OAuth, SAML, OpenID Connect), authorization (RBAC, ABAC), Managed Identities, Conditional Access, Privileged Identity Management, identity governance, hybrid identity.

Core Services: Microsoft Entra ID, Azure RBAC, Managed Identities, Conditional Access, PIM.

Certifications: AZ-104, AZ-305.

Explore Identity Domain →

Compute Domain
#

The Compute Domain covers everything that executes code and hosts workloads—from traditional virtual machines to cloud‑native container platforms and serverless functions. Architects must choose the right compute model based on control, scalability, and cost.

Topics: IaaS vs. PaaS vs. serverless, VM scaling and availability, container orchestration, auto‑scaling, compute isolation, and performance optimization.

Core Services: Virtual Machines, Virtual Machine Scale Sets, Azure App Service, Azure Functions, Azure Kubernetes Service (AKS), Azure Container Apps.

Certifications: AZ-104, AZ-305.

Explore Compute Domain →

Networking Domain
#

Networking defines how resources communicate, how traffic is secured, and how hybrid environments are connected. A strong networking foundation is critical for both operational roles (AZ-104) and architecture design (AZ-305).

Topics: IP addressing, DNS, routing, load balancing (L4 and L7), hybrid connectivity (VPN, ExpressRoute), network security (NSG, ASG, Azure Firewall), private endpoints, service endpoints.

Core Services: Virtual Network, Load Balancer, Application Gateway, Azure Front Door, VPN Gateway, ExpressRoute, Azure Firewall, Private Link.

Certifications: AZ-104, AZ-305.

Explore Networking Domain →

Storage Domain
#

Data persistence in the cloud requires understanding multiple storage models: object, block, file, and archival. The Storage Domain also spans data protection, backup, and disaster recovery strategies.

Topics: Blob, file, and queue storage; storage tiers (Hot, Cool, Cold, Archive); redundancy (LRS, ZRS, GRS); lifecycle management; backup and site recovery.

Core Services: Storage Account (Blob, Files, Queue, Table), Managed Disks, Azure Data Lake Storage, Azure Backup, Azure Site Recovery.

Certifications: AZ-104, AZ-305.

Explore Storage Domain →

Databases Domain
#

Modern cloud applications rely on a mix of relational, NoSQL, and in‑memory data stores. This domain teaches you to choose the right data platform based on consistency, scale, latency, and operational overhead.

Topics: Relational vs. NoSQL trade‑offs, sharding, replication, data consistency models, connection security, managed database scaling.

Core Services: Azure SQL Database, SQL Managed Instance, Azure Cosmos DB, Azure Database for PostgreSQL/MySQL, Azure Cache for Redis.

Certifications: AZ-305.

Explore Databases Domain →

Security Domain
#

Cloud security is not a single service but a layered discipline: identity, network, data, and workload protection. This domain covers threat protection, key management, compliance posture, and security operations.

Topics: Defense in depth, Zero Trust, security monitoring, SIEM, key management, data classification, vulnerability assessment.

Core Services: Microsoft Defender for Cloud, Azure Key Vault, Microsoft Sentinel, Web Application Firewall, Microsoft Purview.

Certifications: AZ-104, AZ-305.

Explore Security Domain →

Observability Domain
#

Operational excellence demands visibility. Observability includes monitoring, logging, diagnostics, and alerting for infrastructure, applications, and networks.

Topics: Metrics vs. logs, distributed tracing, alert design, diagnostic settings, workbooks, operational dashboards.

Core Services: Azure Monitor, Log Analytics Workspace, Application Insights, Network Watcher, Azure Service Health.

Certifications: AZ-104, AZ-305.

Explore Observability Domain →

AI & Machine Learning Domain
#

Azure provides a spectrum of AI capabilities—from pre‑built cognitive services to custom machine learning platforms and generative AI. This domain covers the end‑to‑end AI lifecycle on Azure.

Topics: Computer vision, NLP, speech, generative AI (LLMs, RAG), prompt engineering, model training vs. inference, MLOps, responsible AI.

Core Services: Azure OpenAI Service, Azure AI Search, Azure AI Services (Cognitive Services), Azure Machine Learning, Azure AI Foundry.

Certifications: AI-901, AI-103, AI-300, GH-600.

Explore AI & Machine Learning Domain →

Data Analytics Domain
#

Data analytics transforms raw data into insights. This domain covers data lakes, data warehousing, stream processing, and unified analytics platforms.

Topics: Batch vs. stream processing, lakehouse architecture, ETL/ELT pipelines, data mesh, data governance.

Core Services: Azure Synapse Analytics, Azure Databricks, Microsoft Fabric, Azure Data Factory, Azure Stream Analytics.

Certifications: AZ-305, AI-300.

Explore Data Analytics Domain →

DevOps Domain
#

DevOps encompasses the cultural and technical practices that shorten the development cycle. On Azure, this means CI/CD pipelines, infrastructure as code, and automated testing.

Topics: Source control, build and release pipelines, IaC (ARM, Bicep, Terraform), container registries, approval gates.

Core Services: Azure DevOps Services, GitHub Actions, Azure Container Registry, Azure Artifacts.

Certifications: AZ-104, AZ-305.

Explore DevOps Domain →

Governance Domain
#

Enterprise‑scale cloud requires guardrails. Governance ensures resources remain compliant, costs are controlled, and environments stay organized as they grow.

Topics: Policy as code, management group hierarchy, cost optimization, resource tagging, compliance reporting.

Core Services: Azure Policy, Management Groups, Azure Cost Management + Billing, Azure Advisor, Resource Graph.

Certifications: AZ-104, AZ-305.

Explore Governance Domain →

Architecture Domain
#

This unique domain is the bridge between technical capability and solution design. It teaches you to think like an architect: evaluating trade‑offs, applying patterns, and aligning to the Azure Well‑Architected Framework.

Topics: Design principles (e.g., scale horizontally, design for failure), decision frameworks, cloud design patterns, reliability, security, cost and performance pillars.

Core Services: All Azure services – but the focus is on design reasoning, not individual service features.

Certifications: AZ-305.

Explore Architecture Domain →

Integration Domain
#

Enterprise solutions rarely consist of a single service. The Integration Domain covers how to connect applications, data, and processes reliably across cloud and on‑premises systems.

Topics: Messaging patterns (queues, pub/sub), event‑driven architecture, API‑led connectivity, enterprise service bus patterns, workflow automation.

Core Services: Azure Service Bus, Event Grid, Event Hubs, Azure Logic Apps, API Management.

Certifications: AZ-305, AI-300, GH-600.

Explore Integration Domain →

Agent Systems Domain
#

The emerging domain of agentic AI: designing autonomous systems that plan, use tools, call APIs, and collaborate. Built on generative AI but distinct in its focus on goal‑driven behavior and multi‑step reasoning.

Topics: Agent anatomy (planning, memory, tool use), function calling, multi‑agent orchestration, agentic workflows, enterprise agent deployment.

Core Services: Azure OpenAI Service, Azure AI Search, Azure Functions, Logic Apps, Cosmos DB, Azure AI Foundry.

Certifications: GH-600.

Explore Agent Systems Domain →

Domains by Certification
#

This matrix shows which domains are most heavily tested in each Azure certification. Use it to focus your learning.

Certification Core Domains
AZ-104 (Azure Administrator) Identity, Governance, Storage, Compute, Networking, Observability
AZ-305 (Azure Solutions Architect) All core domains, with emphasis on Architecture, Governance, Security, Integration, Databases
AI-901 (Azure AI Fundamentals) AI & Machine Learning
AI-103 (Azure AI Engineer) AI & Machine Learning, Integration (for AI APIs)
AI-300 (Operationalizing ML & GenAI) AI & Machine Learning, Data Analytics, Integration, Governance
GH-600 (Agentic AI Developer) Agent Systems, AI & Machine Learning, Integration (for tool execution)
AB-100 (Agentic AI Business Solutions Architect) All above, plus Governance, Security, Integration – at enterprise business level

View all Azure Certifications →

Domains to Architecture Mapping
#

Every domain contributes directly to architecture decisions. This table shows how domains map to the architecture toolkit.

Domain Architecture Principles Design Patterns Well‑Architected Pillar
Identity Least privilege, Zero Trust Federated identity, token‑based auth Security
Compute Scale horizontally, design for failure Auto‑scaling, queue‑based load leveling Reliability, Performance Efficiency
Networking Defense in depth, plan for connectivity Hub‑spoke, private endpoint, circuit breaker (network layer) Security, Reliability
Storage Optimize for access patterns, protect data Valet key, static content hosting Cost Optimization, Reliability
Security Assume breach, automate security response Sidecar (for security), rate limiting Security
Observability Monitor everything, alert on symptoms Health endpoint monitoring, correlation IDs Operational Excellence
Governance Policy‑driven management, cost awareness Deployment stamp, resource tagging Cost Optimization, Operational Excellence
Integration Loose coupling, idempotence Event‑driven architecture, competing consumers Reliability, Performance Efficiency

This mapping turns domain knowledge into actionable design decisions. When you face an AZ‑305 or architecture scenario question, you’ll draw from these connections.

Explore Azure Architecture Hub →

Recommended Learning Paths #

Azure Administrator Path (AZ-104)
#

  1. Identity – Grasp the foundational access control model.
  2. Storage – Understand data persistence and redundancy.
  3. Compute – Master VM, App Service, and container options.
  4. Networking – Learn to connect and secure resources.
  5. Observability – Implement monitoring and alerting.

Azure Solutions Architect Path (AZ-305)
#

  1. Master Core Domains – Identity, Compute, Networking, Storage, Databases, Security.
  2. Architecture Domain – Apply Well‑Architected Framework and design principles.
  3. Governance & Cost – Design enterprise‑scale management and cost controls.
  4. Integration – Design messaging and event‑driven architectures.
  5. Real‑world Scenarios – Cross‑domain case studies.

Azure AI Engineer Path (AI-103 → AI-300 → GH-600)
#

  1. AI & Machine Learning – From cognitive services to generative AI.
  2. Integration – Connect AI models with applications and data sources.
  3. Data Analytics – Prepare and process data for AI workloads.
  4. Agent Systems – Design autonomous AI workflows.

Internal Navigation Hub
#

Learn Azure by Capability Domains
#

Move beyond memorizing service names. Build a deep, structured understanding of Azure capabilities that empowers you to design, certify, and operate with confidence.

Explore Azure Services →
Learn Azure Architecture →
Start Certification Learning →

Frequently Asked Questions
#

Why learn Azure by domains instead of just studying for a specific exam?
Domains provide a durable mental model. Exams change, services evolve, but cloud capabilities remain. When you learn the identity domain thoroughly, you pass the identity questions on AZ‑104, AZ‑305, and you can design secure systems in your job—regardless of exam version.

How many Azure domains are there?
We organize Azure into 14 core domains (including Architecture and Agent Systems). These cover the full spectrum of cloud capabilities you need for certifications and real‑world architecture.

Do all certifications cover the same domains?
No. Associate certifications like AZ‑104 focus on operational domains (Identity, Compute, Networking, Storage, Observability). Expert certifications like AZ‑305 require deeper architecture thinking across all domains. AI certifications add the AI/ML, Data Analytics, and Agent Systems domains.

How do domains relate to Azure services?
A domain is a capability area; services are the tools that implement it. For example, the Storage Domain is the capability to persist data. Within it, Blob Storage implements object storage, Azure Files implements SMB/NFS shares, and Managed Disks provides block storage. Understanding the domain means you can evaluate any storage service on its merits.

Does CloudCertPro provide exam dumps or real questions?
No. We teach Azure through domains, architecture, and scenario‑based reasoning. This builds the skills that not only pass exams but sustain your career as a cloud professional.