THE MODN CHRONICLES

Interview Prep

Interview Questions on Azure — Compute, Networking, Storage, Security, and What Cloud Interviews Actually Test

Azure is the #2 cloud platform globally and the #1 choice in enterprise India thanks to the Microsoft ecosystem. Every cloud engineer, DevOps, and backend role now tests Azure knowledge. Here are the questions that actually get asked.

Cloud infrastructure and Azure services

Azure powers enterprise India. If you work with the Microsoft stack, you need to know this platform inside out.

Azure in Indian IT Interviews

Azure is the #2 cloud platform globally and arguably #1 in enterprise India. The reason is simple — most Indian enterprises already run on the Microsoft ecosystem (Windows Server, SQL Server, Active Directory, Office 365). Azure is the natural cloud extension. TCS, Infosys, and Wipro all have massive Azure practices. Microsoft Gold Partners across India hire Azure-certified engineers constantly.

Azure interviews test three things: conceptual understanding (IaaS vs PaaS vs SaaS, service categories), practical knowledge (VMs, App Service, VNet, Storage), and architecture thinking (when to use which service, cost optimization, security). Cloud engineer roles focus on compute and networking. DevOps roles focus on pipelines and IaC. Backend roles focus on App Service, Azure SQL, and Functions.

This guide covers 10 Azure questions that actually get asked in Indian interviews — from fundamentals to security and DevOps.

The first Azure interview question is always: “What is Azure and what are its key service categories?” If you cannot list Compute, Networking, Storage, Database, AI/ML, DevOps, and Security — the interview is already going sideways.

Core Services

Q1: What is Azure? What are the key service categories?

Azure = Microsoft's cloud computing platform
Offers 200+ services across multiple categories.

Key Service Categories:
┌─────────────────────────────────────────────┐
│  Compute      → VMs, App Service, Functions │
│  Networking   → VNet, Load Balancer, CDN    │
│  Storage      → Blob, File, Queue, Table    │
│  Database     → Azure SQL, Cosmos DB        │
│  AI / ML      → Cognitive Services, ML      │
│  DevOps       → Pipelines, Repos, Boards    │
│  Security     → Azure AD, Key Vault, RBAC   │
└─────────────────────────────────────────────┘

Service Models:
- IaaS → Infrastructure (VMs, VNet, Storage)
- PaaS → Platform (App Service, Azure SQL)
- SaaS → Software (Microsoft 365, Dynamics)

Azure Geography:
- Regions (60+) → Availability Zones (3 per region)
- Resource Groups → logical containers
- Subscriptions → billing boundary
- Management Groups → organize subscriptions

Hierarchy:
Management Group > Subscription > Resource Group > Resource

Q2: What is the difference between IaaS, PaaS, and SaaS? Give Azure examples.

Shared Responsibility Model:

                IaaS        PaaS        SaaS
┌──────────┬───────────┬───────────┬───────────┐
│ Data     │ You       │ You       │ You       │
│ App      │ You       │ You       │ Provider  │
│ Runtime  │ You       │ Provider  │ Provider  │
│ OS       │ You       │ Provider  │ Provider  │
│ Server   │ Provider  │ Provider  │ Provider  │
│ Network  │ Provider  │ Provider  │ Provider  │
│ Storage  │ Provider  │ Provider  │ Provider  │
└──────────┴───────────┴───────────┴───────────┘

Azure Examples:
IaaS → Virtual Machines, Virtual Network, Disks
  You manage: OS, runtime, app, data
  Azure manages: physical hardware, networking

PaaS → App Service, Azure SQL Database, Functions
  You manage: app code, data
  Azure manages: OS, patching, scaling, infra

SaaS → Microsoft 365, Dynamics 365, Power BI
  You manage: data, user configuration
  Azure manages: everything else

When to use:
IaaS → legacy apps, full control needed, custom OS
PaaS → web apps, APIs, focus on code not infra
SaaS → productivity tools, CRM, email

Compute & Networking

Q3: Azure VMs vs App Service vs Azure Functions — when to use which?

Three compute options, three different use cases:

┌─────────────────┬──────────────┬──────────────┐
│   Azure VMs     │ App Service  │  Functions   │
├─────────────────┼──────────────┼──────────────┤
│ IaaS            │ PaaS         │ Serverless   │
│ Full OS control │ Managed      │ Event-driven │
│ You patch OS    │ Auto-patched │ No server    │
│ Always running  │ Always on    │ On-demand    │
│ Pay per hour    │ Pay per plan │ Pay per exec │
└─────────────────┴──────────────┴──────────────┘

When to use VMs:
- Legacy applications that need specific OS
- Custom software installations
- Full control over environment
- Lift-and-shift migrations

When to use App Service:
- Web apps and APIs
- No need to manage infrastructure
- Built-in CI/CD, SSL, custom domains
- Auto-scaling without VM management

When to use Azure Functions:
- Event-driven processing (file upload, queue msg)
- Scheduled tasks (cron jobs)
- Microservices with sporadic traffic
- Pay only when code runs (cost-efficient)

Cost comparison (approximate):
VM (B2s):     ~₹3,000/month (always running)
App Service:  ~₹5,000/month (Basic plan)
Functions:    ~₹0 to ₹500/month (consumption)

Q4: What is Azure Virtual Network (VNet)?

VNet = your private network in Azure
Think of it as your own data center network in the cloud.

Key Components:
┌─────────────────────────────────────────┐
│              VNet (10.0.0.0/16)         │
│  ┌──────────────┐  ┌──────────────┐    │
│  │ Subnet A     │  │ Subnet B     │    │
│  │ 10.0.1.0/24  │  │ 10.0.2.0/24  │    │
│  │ [Web VMs]    │  │ [DB VMs]     │    │
│  │ NSG: Allow   │  │ NSG: Deny    │    │
│  │ HTTP/HTTPS   │  │ public       │    │
│  └──────────────┘  └──────────────┘    │
└─────────────────────────────────────────┘

Subnets → divide VNet into segments
NSGs (Network Security Groups) → firewall rules
  - Inbound/outbound rules
  - Allow or deny traffic by port, IP, protocol

VNet Peering → connect two VNets
  - Traffic stays on Azure backbone (private)
  - Can peer across regions (global peering)

VPN Gateway → connect on-premises to Azure
  - Site-to-Site VPN (office to Azure)
  - Point-to-Site VPN (laptop to Azure)

ExpressRoute → dedicated private connection
  - Does NOT go over public internet
  - Higher bandwidth, lower latency
  - Used by enterprises (banks, large IT companies)

How VMs communicate:
- Same VNet → automatic (by private IP)
- Different VNets → need peering or VPN
- Internet → need public IP or NAT Gateway

Q5: What is Azure Load Balancer vs Application Gateway?

Two different load balancing services:

Azure Load Balancer (Layer 4 — TCP/UDP):
┌─────────────────────────────────────────┐
│ Works at transport layer (TCP/UDP)      │
│ Does NOT inspect HTTP content           │
│ Fast, low-latency                       │
│ Use for: non-HTTP traffic, internal LB  │
│ Example: distribute TCP traffic to VMs  │
└─────────────────────────────────────────┘

Application Gateway (Layer 7 — HTTP/HTTPS):
┌─────────────────────────────────────────┐
│ Works at application layer (HTTP/HTTPS) │
│ CAN inspect HTTP headers, URLs, cookies │
│ Features:                               │
│   - URL-based routing (/api → backend)  │
│   - SSL termination (offload HTTPS)     │
│   - Web Application Firewall (WAF)      │
│   - Cookie-based session affinity       │
│   - WebSocket support                   │
│ Use for: web apps, APIs, microservices  │
└─────────────────────────────────────────┘

When to use which:
Load Balancer → internal services, TCP/UDP, VMs
App Gateway → web apps, need WAF, URL routing

Azure Front Door → global HTTP load balancing
  - CDN + WAF + global routing
  - For multi-region applications

Storage & Database

Q6: What are Azure Storage types?

Azure Storage Account provides 4 services:

1. Blob Storage (Binary Large Objects)
   - Unstructured data: files, images, videos, backups
   - Types: Block blobs, Append blobs, Page blobs
   - Containers organize blobs (like folders)

2. Table Storage
   - NoSQL key-value store
   - Cheap, fast for simple structured data
   - No complex queries (use Cosmos DB instead)

3. Queue Storage
   - Message queue for async processing
   - Max message size: 64 KB
   - Used for decoupling services

4. File Storage (Azure Files)
   - SMB file shares in the cloud
   - Mount as network drive on Windows/Linux
   - Replace on-premises file servers

Access Tiers (Blob Storage):
┌──────────┬────────────┬──────────────────┐
│ Tier     │ Cost       │ Use Case         │
├──────────┼────────────┼──────────────────┤
│ Hot      │ High store │ Frequent access  │
│          │ Low access │ Active data      │
├──────────┼────────────┼──────────────────┤
│ Cool     │ Low store  │ Infrequent       │
│          │ High access│ 30+ days old     │
├──────────┼────────────┼──────────────────┤
│ Archive  │ Lowest     │ Rarely accessed  │
│          │ Highest    │ 180+ days old    │
│          │ access     │ Hours to retrieve│
└──────────┴────────────┴──────────────────┘

Redundancy Options:
LRS → 3 copies in one data center
ZRS → 3 copies across availability zones
GRS → 6 copies across two regions
RA-GRS → GRS + read access to secondary

Q7: Azure SQL vs Cosmos DB — when to use which?

Two database services, very different use cases:

Azure SQL Database:
┌─────────────────────────────────────────┐
│ Relational database (SQL Server in cloud)│
│ Structured data with schemas            │
│ ACID transactions                       │
│ Complex JOINs and queries               │
│ Single-region (with geo-replication)    │
│ Best for: ERP, CRM, financial apps      │
└─────────────────────────────────────────┘

Azure Cosmos DB:
┌─────────────────────────────────────────┐
│ NoSQL, globally distributed             │
│ Multi-model (multiple APIs)             │
│ Single-digit millisecond latency        │
│ Automatic multi-region replication      │
│ 5 consistency levels                    │
│ Best for: IoT, gaming, global apps      │
└─────────────────────────────────────────┘

Cosmos DB APIs:
- SQL API (document, JSON) ← most popular
- MongoDB API (MongoDB compatible)
- Cassandra API (wide-column)
- Gremlin API (graph database)
- Table API (key-value, replaces Table Storage)

Decision guide:
Need ACID + complex queries → Azure SQL
Need global distribution → Cosmos DB
Need schema flexibility → Cosmos DB
Need relational integrity → Azure SQL
Budget-conscious → Azure SQL (cheaper)
Multi-region low latency → Cosmos DB
Cloud security and DevOps pipeline

Azure security and DevOps are where interviews separate cloud beginners from production-ready engineers.

Security & DevOps

Q8: What is Azure Active Directory (Azure AD / Entra ID)?

Azure AD (now Microsoft Entra ID) = cloud identity service

What it does:
- Authentication → "Who are you?" (verify identity)
- Authorization → "What can you do?" (permissions)

Key Features:
┌─────────────────────────────────────────┐
│ SSO (Single Sign-On)                    │
│   → One login for all apps              │
│                                         │
│ MFA (Multi-Factor Authentication)       │
│   → Password + phone/app verification   │
│                                         │
│ Conditional Access                      │
│   → Rules: "If location=unknown,        │
│     require MFA"                        │
│                                         │
│ Service Principals                      │
│   → App identities (not human users)    │
│   → Used for CI/CD, automation          │
│                                         │
│ Managed Identities                      │
│   → Azure resources authenticate to     │
│     other Azure resources (no passwords)│
└─────────────────────────────────────────┘

Azure AD vs On-Premises AD:
On-Prem AD → LDAP, Kerberos, domain-joined PCs
Azure AD → OAuth 2.0, SAML, cloud apps
Azure AD Connect → syncs on-prem AD to Azure AD
  (hybrid identity for enterprises)

Q9: What is Azure DevOps?

Azure DevOps = suite of development tools

5 Services:
┌─────────────────────────────────────────┐
│ Boards    → Work tracking (like Jira)   │
│ Repos     → Git repositories            │
│ Pipelines → CI/CD automation            │
│ Test Plans→ Manual/automated testing    │
│ Artifacts → Package management (npm,    │
│             NuGet, Maven)               │
└─────────────────────────────────────────┘

CI/CD Pipeline (YAML example):
trigger:
  - main

pool:
  vmImage: 'ubuntu-latest'

steps:
  - task: NodeTool@0
    inputs:
      versionSpec: '18.x'

  - script: npm ci
    displayName: 'Install dependencies'

  - script: npm run build
    displayName: 'Build'

  - script: npm test
    displayName: 'Run tests'

  - task: AzureWebApp@1
    inputs:
      azureSubscription: 'my-subscription'
      appName: 'my-web-app'
      package: '$(System.DefaultWorkingDirectory)'

Azure DevOps vs GitHub Actions:
- Azure DevOps → enterprise, full ALM suite
- GitHub Actions → open source, GitHub-native
- Both support YAML pipelines
- Many Indian enterprises use Azure DevOps

Q10: What are Azure RBAC roles?

RBAC = Role-Based Access Control
Controls WHO can do WHAT on WHICH resources.

Built-in Roles:
┌──────────────┬──────────────────────────┐
│ Owner        │ Full access + can assign │
│              │ roles to others          │
├──────────────┼──────────────────────────┤
│ Contributor  │ Full access but CANNOT   │
│              │ assign roles             │
├──────────────┼──────────────────────────┤
│ Reader       │ View only, no changes    │
└──────────────┴──────────────────────────┘

Scope Hierarchy (roles inherit downward):
Management Group
  └── Subscription
       └── Resource Group
            └── Resource

Example:
"Reader" at Subscription level
  → can view ALL resource groups and resources

"Contributor" at Resource Group level
  → can modify resources in THAT group only

Custom Roles:
{
  "Name": "VM Operator",
  "Actions": [
    "Microsoft.Compute/virtualMachines/start/action",
    "Microsoft.Compute/virtualMachines/restart/action"
  ],
  "NotActions": [],
  "AssignableScopes": ["/subscriptions/{sub-id}"]
}

Principle of Least Privilege:
→ Give minimum permissions needed
→ Use Reader by default
→ Elevate only when required
→ Review access regularly

How to Prepare

Azure Interview — Priority by Role

Cloud Engineer

  • • VMs, App Service, Functions
  • • VNet, NSGs, Load Balancer
  • • Storage accounts & tiers
  • • Azure AD & RBAC
  • • Architecture & cost optimization

DevOps Engineer

  • • Azure Pipelines (YAML)
  • • ARM templates / Bicep / Terraform
  • • Container instances & AKS
  • • Azure Repos & Artifacts
  • • Monitoring (App Insights, Log Analytics)

Backend Developer

  • • App Service deployment
  • • Azure SQL & Cosmos DB
  • • Azure Functions (triggers)
  • • Blob Storage integration
  • • Managed Identity for auth

Practice Azure Interview Questions with AI

Get asked real Azure interview questions — compute, networking, storage, security, and DevOps scenarios. Practice explaining architecture and service selection decisions.

Free · AI-powered feedback · Azure questions