Tools for Interacting with Azure
Azure provides multiple ways to manage and deploy resources. Each approach suits different audiences and automation needs.
| Tool | Type | Best for |
|---|---|---|
| Azure portal | Web-based GUI | Visual management, exploration, one-off tasks |
| Azure Cloud Shell | Browser-based shell (Bash or PowerShell) | Scripted management without local installation |
| Azure CLI | Command-line (Bash syntax) | Scripting and automation on any OS |
| Azure PowerShell | Command-line (PowerShell cmdlets) | Scripting and automation using PowerShell syntax |
Azure Portal
The Azure portalA web-based, unified console at portal.azure.com for managing Azure subscriptions. Provides a GUI for creating, managing, and monitoring everything from simple web apps to complex deployments. Designed for resiliency — maintains a presence in every Azure datacenter and requires no downtime for maintenance. is the primary web-based GUI for Azure, designed for resiliency with a presence in every Azure datacenter and no downtime for maintenance. Key characteristics:
- Build, manage, and monitor everything from simple web apps to complex cloud deployments.
- Create custom dashboards for an organized resource view.
- Updates continuously; no version upgrades needed.
Azure Cloud Shell
Azure Cloud ShellA browser-based shell tool accessible directly from the Azure portal. Requires no local installation, supports both Azure PowerShell and Azure CLI, is automatically authenticated to your Azure credentials, and includes a persistent Azure Files share for storing scripts between sessions. requires no local installation — it is automatically authenticated to your Azure credentials and includes a persistent Azure Files share for storing scripts between sessions.
Azure CLI vs. Azure PowerShell
Both tools offer the same management capabilities via different syntax:
| Feature | Azure CLI | Azure PowerShell |
|---|---|---|
| Syntax style | Bash | PowerShell cmdlets |
| Platforms | Windows, Linux, Mac, Cloud Shell | Windows, Linux, Mac, Cloud Shell |
| Command style | az vm create ... | New-AzVM ... |
| Best for | Bash/Linux users, DevOps pipelines | Windows admins, existing PowerShell users |
Both can automate single tasks or orchestrate complex multi-resource deployments through scripts.
Azure Arc
Azure ArcExtends Azure management to resources that run outside of Azure — including on-premises datacenters and other cloud providers (multicloud). Works with Azure Resource Manager to project non-Azure resources into Azure so you can manage them with the same tools and policies. projects on-premises and multicloud resources into Azure Resource Manager so you can manage them with the same tools and policies as native Azure resources. What Azure Arc can manage outside of Azure:
- Servers (Windows and Linux)
- Kubernetes clusters
- Azure data services (Arc-enabled SQL Managed Instance, PostgreSQL)
- SQL Server
- Virtual machines (preview)
With Azure Arc, organizations can apply consistent Azure governance, Azure Policy, and Azure Monitor across an entire hybrid and multicloud estate — no separate tooling per environment.
Azure Resource Manager (ARM)
Azure Resource Manager (ARM)The deployment and management layer for all of Azure. Every request from the portal, CLI, PowerShell, SDK, or REST API goes through ARM. ARM authenticates and authorizes the request, routes it to the correct Azure service, and returns consistent results regardless of which tool made the request. is the unified management layer for all of Azure — every portal click, CLI command, and SDK call is authenticated and authorized by ARM before reaching the target service. ARM benefits:
- Manage infrastructure through declarative templates (JSON files) rather than imperative scripts.
- Deploy, manage, and monitor all resources for a solution as a group.
- Re-deploy consistently across dev, test, and production environments.
- Defines dependencies so resources deploy in the correct order.
- Native integration with RBAC.
- Apply tags to resources for cost reporting and organization.
Infrastructure as Code (IaC)
Infrastructure as Code (IaC)Defining infrastructure in files (code) rather than through manual portal clicks or one-off scripts. Enables repeatability, version control, and automation of resource deployments. replaces manual portal configuration with version-controlled files that can be deployed consistently across dev, test, and production environments:
| Tool | Format | Notes |
|---|---|---|
| ARM templates | JSON (declarative) | Native Azure format; verbose but comprehensive |
| Bicep | Bicep DSL (declarative) | Simpler syntax that compiles to ARM JSON; preferred for new projects |
| Azure CLI / PowerShell scripts | Imperative scripts | Good for simple tasks; less repeatable than templates |
| Terraform | HCL (third-party) | Multi-cloud IaC; widely used but not an Azure-native tool |
ARM templates define the desired end state in JSON. Azure Resource Manager validates the template and orchestrates resource creation, deploying independent resources in parallel where possible.
Bicep is a domain-specific language that compiles to ARM JSON. It offers simpler, more readable syntax while retaining all ARM capabilities. Bicep is NOT a separate service — it uses the same ARM deployment engine.
Management Tool Comparison — Full Matrix
| Tool | Requires installation | Auth method | Automation suitability | Best syntax audience |
|---|---|---|---|---|
| Azure portal | None (browser) | Browser login | Low (point-and-click) | Visual/GUI users |
| Cloud Shell | None (browser) | Auto-authenticated | High | Any (browser access) |
| Azure CLI | Yes (or Cloud Shell) | az login | Very high | Bash / DevOps |
| Azure PowerShell | Yes (or Cloud Shell) | Connect-AzAccount | Very high | PowerShell / Windows admins |
| REST API | None (HTTP client) | Bearer token | Very high | Developers |
Cloud Shell key advantage: automatically authenticated to your Azure account — no az login or Connect-AzAccount required.
ARM Templates — Key Properties
| Property | Detail |
|---|---|
| Format | JSON (declarative) |
| Deployment model | Desired end state — ARM figures out the "how" |
| Idempotent | Same template = same result, every time |
| Dependency resolution | ARM detects and respects resource dependencies automatically |
| Parallelism | Independent resources deploy simultaneously |
| Modularity | Nested templates, linked templates, and template specs |
| Extensibility | Deployment scripts run PowerShell or Bash before/after resource creation |
ARM vs. Bicep — Syntax Comparison
Both produce the same deployment result. Bicep is just a friendlier authoring surface:
| Aspect | ARM JSON | Bicep |
|---|---|---|
| Line count (same resource) | ~50 lines | ~10 lines |
| Readability | Verbose, JSON | Clean, DSL |
| Compilation | Native | Compiles to ARM JSON |
| Tooling | ARM template engine | Same ARM engine (via transpile) |
| New project recommendation | Legacy | Preferred |
Azure Arc — What It Manages vs. What It Is Not
| Azure Arc CAN do | Azure Arc CANNOT do |
|---|---|
| Apply Azure Policy to on-premises servers | Run native Azure services on-premises (that's Azure Stack) |
| Use Azure Monitor on non-Azure Kubernetes | Replace the on-premises infrastructure |
| Manage SQL Server with Azure tooling | Provide Azure compute in on-premises datacenter |
| Apply RBAC and tags to non-Azure resources | Connect resources without installing the Arc agent |
Explore Management Tools in the Azure Portal
Step 1 — Open Azure Cloud Shell
- Sign in to portal.azure.com.
- Click the Cloud Shell icon (terminal icon) in the top navigation bar.
- Choose Bash — observe that it is already authenticated to your Azure account (no login step).
- Run:
az account show— see your subscription details without any login. - Switch to PowerShell mode and run:
Get-AzSubscription— same information, different syntax.
Step 2 — Deploy a Resource with a Custom ARM Template
- In the portal, search for "Deploy a custom template" and open Custom deployment.
- Click Build your own template in the editor.
- Paste a simple ARM template (e.g., a storage account template from MS Learn docs).
- Observe the JSON structure:
$schema,resources,parameters,outputs. - Cancel without deploying.
Step 3 — Explore Azure Arc
- Search for Azure Arc in the portal.
- Navigate to Infrastructure → Servers — this is where on-premises/non-Azure servers would appear after the Arc agent is installed.
- Click + Add to see the process for connecting a server — note the agent installation script.
- Cancel without connecting.
Step 4 — Review Azure Resource Manager via Portal Requests
- Open browser Developer Tools (F12) while in the Azure portal.
- Navigate to the Network tab and create a simple resource action (e.g., navigate to a resource's properties).
- Observe the API calls to
management.azure.com— these are all ARM REST API calls that every portal action translates to.
AZ-900 Exam Focus
Exam Trap
"Azure CLI and Azure PowerShell have different capabilities" — Wrong. Both tools are functionally equivalent — the difference is only syntax. CLI uses Bash commands (az); PowerShell uses cmdlets (New-Az*, Get-Az*). Neither has features the other lacks.
Exam Trap
"Azure Cloud Shell requires installing software on your local machine" — Wrong. Cloud Shell runs entirely in the browser; no local installation is needed. It is automatically authenticated with your Azure credentials.
Exam Trap
"Azure Arc allows you to run Azure services in your on-premises datacenter" — Misleading. Arc projects on-premises resources into Azure for management; it does not run native Azure services on-premises. That capability belongs to Azure Stack.
Exam Trap
"ARM templates are imperative — they describe steps to execute" — Wrong. ARM templates are declarative — they describe the desired end state, and ARM figures out the execution steps, dependencies, and parallelism automatically.
Exam Trap
"Bicep is a separate service from ARM" — Wrong. Bicep compiles to ARM JSON templates; it is just a friendlier authoring language that uses the same ARM deployment engine. No additional service or registration is required.
Must Memorize
CLI = Bash syntax · PowerShell = cmdlet syntax · functionally identical
Cloud Shell = browser-based · auto-authenticated · no local install
ARM templates = declarative JSON · desired end state · idempotent
Bicep = compiles to ARM JSON · simpler syntax · same engine
Question — click to flip
Q: What is the difference between Azure CLI and Azure PowerShell?
Question — click to flip
Q: What is Azure Cloud Shell and what are its key advantages?
Question — click to flip
Q: What is Azure Arc used for?
Question — click to flip
Q: What is the difference between declarative and imperative Infrastructure as Code?
Question — click to flip
Q: What is Bicep and how does it relate to ARM templates?
Question — click to flip
Q: Every Azure management action — whether from the portal, CLI, PowerShell, or SDK — goes through which service?