A web-based unified console that provides a graphical user interface for managing Azure resources through Azure Resource Manager, alongside tools like Azure PowerShell, Azure CLI, and ARM templates.

Azure management tools (complete list)

Azure portal, Azure PowerShell, Azure Command-Line Interface (CLI), Azure Resource Manager templates.

Where to configure RBAC in the portal

On the Access control (IAM) blade of a subscription, resource group, or individual resource, where you assign roles at the chosen scope.

Where to view recent changes to a resource

The Activity log blade for that resource, resource group, or subscription, which shows operations, who performed them, and their status.

What is Activity log?

A log provided by Azure Resource Manager that records control-plane operations on resources, resource groups, and subscriptions, including who performed an action, what was changed, and whether it succeeded.

What is Azure Policy?

Azure Policy is a service in Azure that you use to create, assign, and manage policies that enforce rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.

What is Azure portal?

A web-based unified console that provides a graphical user interface for managing Azure resources through Azure Resource Manager.

Hands-On Mindset: Navigating Azure Portal and Core Services (Conceptual Walkthrough) — Mastering Microsoft Azure Fundamentals (AZ-900): Complete Exam-Ready Course

Q: You need to give a teammate read-only access to all resources in a specific resource group, using only the Azure portal. Where do you configure this?

On the resource group blade, under Access control (IAM). RBAC is configured through Access control (IAM) on the relevant scope. To give read-only access to all resources in a resource group, open that resource group in the portal, go to Access control (IAM), and add a role assignment using the Reader role. Azure Policy is for compliance rules, Cost Management is for budgets, and subscription ownership is not changed from a VM blade.

Orienting Yourself: What the Azure Portal Represents

Portal as a Control Panel

The Azure portal is your web-based control panel for all Azure resources in your subscriptions. It is not a separate product; it is a graphical front end to the same management APIs used by scripts and templates.

Azure Resource Manager (ARM)

Everything you see in the portal is powered by Azure Resource Manager (ARM), the management layer that lets you create, update, and delete Azure resources consistently across tools.

Azure Management Tools

ARM is accessed through four Azure management tools: Azure portal, Azure PowerShell, Azure Command-Line Interface (CLI), and Azure Resource Manager templates. They all work with the same resources and permissions.

Tying to Architecture

The portal surfaces Azure core architectural components: regions, region pairs, Availability Zones, Azure datacenters, Azure resources, resource groups, and subscriptions, shown as lists, blades, and dashboards.

First Contact: Home, Global Search, and Directory/Subscription

Global Search and Context

At the top of the portal, global search is your fastest way to find services or resources. Next to it, the directory and subscription selector controls which tenant and subscription you are viewing.

Left Navigation Menu

The left-hand navigation shows Home, Dashboard, and commonly used services like Virtual machines and Storage accounts. You can use it to quickly jump to core services or back to Home.

Home vs Dashboard

Home provides common services and recent resources. Dashboard is a customizable canvas where you can pin tiles such as resource groups, metrics charts, and cost charts for a personalized view.

Exam-Relevant Actions

For AZ-900, know how to describe using search to open Resource groups, checking which subscription is active, and returning to Home or Dashboard if you get lost in the portal.

Finding the Core: Subscriptions, Resource Groups, and Resources

Subscriptions Blade

Search for "Subscriptions" to open a blade listing your subscriptions with IDs and states. Subscriptions are billing and management boundaries where many RBAC and cost settings are applied.

Resource Groups List

Open "Resource groups" to see all groups with columns like Name, Subscription, Location, and Resource count. Each resource group is a logical container for Azure resources.

Inside a Resource Group

Click a resource group to view its Overview, which lists all resources in that group, and Settings, where you find Access control (IAM), Policies, and the Activity log.

Exam-Focused Tasks

Be able to describe how to use the portal to view all resource groups, inspect resources in one group, and apply RBAC or policies at the resource group scope.

Conceptual Walkthrough: Creating a Resource Group

Open Resource Groups

From Home, open "Resource groups" using the left menu or search. You see a list of existing groups and a Create button to start a new one.

Start the Wizard

Click Create to open a wizard, usually starting on a Basics tab where you choose subscription, enter a resource group name, and select a region.

Review and Create

After filling Basics, select Review + create. The portal validates your input, then you click Create and watch the deployment notification complete.

Recognize the Pattern

This pattern of Basics, configuration, Review + create, and deployment notification appears across most resource creation flows, including VMs and storage accounts.

Conceptual Walkthrough: Deploying a Virtual Machine from the Portal

Open Virtual Machines

Search for "Virtual machines" and open the service. Click Create → Azure virtual machine to start the deployment wizard for a new VM.

Basics for the VM

On Basics, choose subscription and resource group, name the VM, select a region, pick an image and size, set admin credentials, and decide whether to open RDP or SSH ports.

Disks and Networking

On Disks, choose an OS disk type that affects performance and cost. On Networking, let the portal create a virtual network, subnet, NIC, and public IP to connect your VM.

Management and Create

On Management and Monitoring, configure options like auto-shutdown and diagnostics. Then use Review + create to validate settings and start the VM deployment.

Conceptual Walkthrough: Creating a Storage Account and Attaching Storage

Create a Storage Account

Search for "Storage accounts", open the service, and click Create. On Basics, pick the same subscription and resource group as your VM, name the account, and choose a region.

Configure Storage Options

Select performance and redundancy options, then review Networking and Data protection settings. Use Review + create to validate and then deploy the storage account.

Explore Storage Services

Open the new storage account and from its Overview access services like Containers, File shares, Tables, and Queues for different data workloads.

Relating to the VM

Conceptually attach storage by creating file shares or data disks, then connecting them to your VM. Both resources live in the same resource group and region for low-latency solutions.

Monitoring and Activity: Resource Blades, Activity Log, and Metrics

Resource Blades

Each resource has its own blade with sections like Overview, Activity log, Access control, and Monitoring. The Overview shows key details and quick actions such as Start or Stop.

Activity Log

The Activity log shows a timeline of operations on the resource, resource group, or subscription, including who made changes and whether deployments succeeded or failed.

Monitoring with Azure Monitor

Under Monitoring, Metrics graphs show performance such as CPU or requests, Alerts let you define notifications, and Logs provide deeper diagnostics if enabled.

Exam Connections

Expect questions about where to find recent changes (Activity log), performance charts (Metrics), and alert configuration (Alerts under Monitoring) in the portal.

Governance in the Portal: RBAC, Azure Policy, and Cost Management

RBAC in the Portal

RBAC is configured via Access control (IAM) on subscriptions, resource groups, and resources. You choose a scope, then assign roles like Reader or Contributor to users or groups.

Azure Policy Locations

Azure Policy has its own service blade and also appears as Policies under subscription or resource group Settings. You assign policies or initiatives at a chosen scope.

Cost Management + Billing

Use Cost Management + Billing to view cost analysis, set budgets, and configure alerts. Costs are usually scoped to subscriptions, but can be filtered down to resource groups.

Governance and AZ-900

Be ready to identify where in the portal you manage RBAC, assign Azure Policy, and review or control costs using Cost Management + Billing.

Thought Exercise: Tracing an End-to-End Solution in the Portal

Use this mental exercise to connect portal blades back to architectural components and management tools.

Scenario:

You join a project where an existing web application runs on a VM, stores data in a storage account, and must stay within a monthly cost budget. You have Reader access to the subscription.

Task:

Walk through, in your head, how you would answer each question using only the Azure portal:

What subscriptions and resource groups exist?

Which portal pages or blades would you open first?
How would you tell which resource group contains the web VM?

Where is the VM running, and what else is in its solution?

Once you find the VM, which fields on the Overview blade tell you its region and size?
How would you discover related resources, like the virtual network or storage account?

How is access controlled?

At the resource group level, where would you look to see which roles are assigned to which users?
How does this relate to the shared responsibility model you learned earlier?

Is the solution being monitored?

On the VM blade, which sections show performance metrics and alert rules?
How could you tell whether diagnostic logs are being sent to Azure Monitor Logs?

Are we staying within budget?

Which portal area would you open to see current spend for this subscription?
Where would you check if a budget and cost alerts are configured?

Write down your mental navigation steps in order (for example, "Search → Resource groups → open rg-webapp-prod → ..."). This sequence thinking is exactly what AZ-900 case-style questions expect.

Quiz 1: Locating Core Services and Governance Features

Test your ability to conceptually navigate the Azure portal.

You need to give a teammate read-only access to all resources in a specific resource group, using only the Azure portal. Where do you configure this?

On the resource group blade, under Access control (IAM)
In the Azure Policy service, by assigning a built-in Reader policy
In Cost Management + Billing, by creating a new budget and adding the user
On the VM Overview blade, by changing the subscription owner

Show Answer

Answer: A) On the resource group blade, under Access control (IAM)

RBAC is configured through Access control (IAM) on the relevant scope. To give read-only access to all resources in a resource group, open that resource group in the portal, go to Access control (IAM), and add a role assignment using the Reader role. Azure Policy is for compliance rules, Cost Management is for budgets, and subscription ownership is not changed from a VM blade.

Quiz 2: Resource Deployment Flow and Monitoring

Check your understanding of deployment patterns and monitoring locations.

You just clicked Create to deploy a new virtual machine from the Azure portal. Which sequence best matches the typical flow you will see?

Basics → Disks → Networking → Management/Monitoring → Review + create → Deployment notification
Networking → Disks → Basics → Review + create → Billing → Deployment notification
Basics → Review + create → Activity log → Azure Policy → Deployment notification
Disks → Cost Management → Subscriptions → Review + create → Deployment notification