Microsoft Azure, formerly known as Windows Azure, is Microsoft’s public cloud computing platform. It provides a broad range of cloud services, including compute, analytics, storage and networking. Users can pick and choose from these services to develop and scale new applications or run existing applications in the public cloud.

The Azure platform aims to help businesses manage challenges and meet their organizational goals. It offers tools that support all industries — including e-commerce, finance and a variety of Fortune 500 companies — and is compatible with open source technologies. This gives users the flexibility to use their preferred tools and technologies. In addition, Azure offers four different forms of cloud computing: infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS) and serverless functions.

Microsoft charges for Azure on a pay-as-you-go (PAYG) basis, meaning subscribers receive a bill each month that only charges them for the specific resources and services they have used.

Navigate the intricacies of Azure with our curated set of intermediate-level interview questions and insightful answers. Uncover in-depth discussions on Azure services, deployment strategies, security protocols, and best practices. Whether you’re a seasoned cloud professional or gearing up for an Azure interview, this resource is your key to mastering intermediate Azure concepts.

Intermediate Azure Interview Questions

Azure Diagnostics API helps to gather diagnostic data, such as system event logs and performance monitoring, from applications operating on Azure. Azure Diagnostics has to be enabled for the cloud service roles. The collected data can be later used for creating visual chart representations that enable better monitoring and create performance metric alerts.

There are two deployment environments:

  • Staging environment: It is used to validate the changes of an application before making it live.
  • Production environment: This is where applications go live and can be accessed by target users with a DNS-friendly URL.


Azure Blob (binary large object) storage is the object storage solution for the cloud. It is capable of storing large unstructured data in text or binary format and is suitable for serving documents, media, or text to the browser directly. The data is accessible from anywhere.

The blobs are grouped into containers and tied to user accounts. This service has three components:

  • Storage account: This can be a general storage account or a blob storage account registered in Microsoft Azure.
  • Container:Containers are used for grouping blobs. Each container can store an unlimited number of blobs. The container name should be in lowercase.
  • Blob:A blob is a file or document of any type and size. Three kinds of blobs are supported by Azure:
    • Block blobs: Text and binary files up to 195GB, 50,000 blocks of maximum 4 MB each
    • Append blobs:Appends operations such as logging data in log files
    • Page blobs:For frequent read or write operations

Role instance is a virtual machine where application code is run using running role configurations. Multiple instances of a role are also possible according to the definition in cloud service configuration files.

To run an application, a designer gets to the Windows Azure Portal through his/her web program by logging in with a Windows Live ID. The user at that point chooses whether to create a host account for running applications, a storage account for storing data, or both.

Once the designer has a host account, he/she can utilize a Windows Azure Portal to submit applications to Windows Azure.

Azure Fabric is the principal core concept. It gives a service called Azure Fabric Controller. It is called the OS for Azure since it handles/oversees:

  • All roles (processing) and resources
  • Sending and activating services
  • Monitoring the health of all services
  • Releasing and allocating resources
  • Provisioning VM, terminating, etc.
  • Patches get updated for the installed OS on VM in the most automated form

A hybrid cloud is a blend of internal and external cloud services, a mix of a private cloud joined with the utilization of public cloud services. This kind of cloud is most appropriate when you need to keep the classified information in your vicinity (private cloud) and consume alternate services from a public cloud.

Storage keys or access keys are utilized as a validation mode for accessing the storage services account to control data based on our prerequisites. In Windows Azure, we have an alternative to give a primary access key and a secondary access key, despite the fact that we will utilize a solitary access key to confirm our application to the storage. The primary reason to give the secondary access key is to avoid downtime to the application.

It enables users to control the distribution of user traffic of installed Azure cloud services. There are three distinctive load-balancing strategies provided by Azure. The Manager who works on traffic applies a routing policy to the Domain Name Service (DNS) questions on your domain names and maps the DNS courses to the apt instances of your applications.

Organization in SQL Azure is introduced for scalability. Federation helps both managers and developers scale information. It helps managers by making repartitioning and redistributing of information in a simpler manner. It enables developers in the layer of routing and sharing of information. It helps in routing without application downtime.

SQL Azure database is just an approach to get associated with cloud services where you can store your database into the cloud. Microsoft Azure is the most ideal approach to utilize PaaS where you can have different databases on a similar account.

Microsoft SQL Azure has a similar component of SQL Server, i.e., high accessibility, versatility, and security in the core.

Microsoft Azure SQL database has an element; it makes backups of each active database automatically. Consistently a backup is taken and geo-repeated to empower the 1-hour recuperation point objective (RPO) for Geo-Restore.


BLOB: BLOBs offer a component for storing a lot of content or binary data, for example, pictures, audio, and visual documents. They can scale up to 200 terabytes and can be acquired by utilizing REST APIs.

Table: Tables represent storage areas across machines for information that is in the form of properties on the cloud.

Line: The sole target of a queue is to empower communication among Web and Worker Role instances. They help in storing messages that may be accessed by a customer.


A table is a kind of Azure Storage where you can store your information. BLOBs are put in a compartment and an entity on a table.

Following are the key concepts in a table:

  • Tables allow structured data storage.
  • There can be 0 to n number of tables in a storage account.
  • Tables store information as an accumulation of elements.
  • An element has an essential key and properties as a key–value pair.

One can secure Azure functions through the following:

  • Security Center
  • Log and monitor
  • Function access keys
  • Authentication/authorization
  • Permissions
  • Secret management
  • Set up usage quotas
  • Data validation
  • Error handling
  • Disabled remote debugging
  • Restricted CORS access
  • Store the data encrypted
  • Secure deployment
  • Deployment credentials
  • Disabled FTP
  • Secure scm endpoint
  • Continuous security validation
  • Network security

Conditional Access is used by Azure AD as a tool to make decisions, bring signals together, and impose organizational policies.

Through Conditional Access policies, one can implement the right access controls whenever required to keep the organization secure and stay out of the users’ way when not needed.

In Azure, a static IP address is used when the address connected to the device is not to be changed.

Site Recovery orchestrates and automates the replication of Azure VMs in different locations—on-premises machines to a secondary data center, and on-premises VMs and physical servers to Azure.

It contributes to business continuity and disaster recovery (BCDR) by enabling access to apps from the secondary location in case of an outage at the primary site.

Azure CDN reduces the bandwidth and load time. It also helps speed up the responsiveness.

Azure Traffic Manager has the following benefits:

  • Optimized performance
  • No downtime during the update or maintenance process
  • Easily configurable on the Windows Azure portal

A library is an interface that enables the management and storage of a document created in Word, Excel, or PowerPoint. A list, on the other hand, is the representation of an item in a tabular format (with columns and rows). It can be attached with documents.

Azure has over 6,000 flexible offerings, and it utilizes the data capacity offered by Microsoft for Software, Platform, and Infrastructure as a Service (SaaS, PaaS, and IaaS).

Azure Backup includes three types of replications that keep both storage and data highly available.

  • Geo-redundant storage (GRS):The default and recommended option that replicates data to a secondary region far from the primary location
  • Locally redundant storage (LRS):Creates three copies of the data in a storage scale unit within a data center
  • Zone-redundant storage (ZRS):Replicates the data in availability zones with data residency and resiliency in the same region and has no downtime

That’s it for Intermediate Azure Interview questions and answers. Now, we will move on to advanced Azure Interview questions.

Azure files system is used as a common repository system for data sharing among virtual machines that are configured using protocols such as NFS, FTPS, SMB, etc.


  • These are the Azure computation resources that can be used to deploy and manage sets of identical Virtual Machines (VMs).
  • These scale sets are configured in the same manner and are designed to support the autoscaling of the applications without the need for pre-provisioning of the VMs.
  • They help to build large-scale applications targeting big data and containerized workloads in an easier manner.
  • Availability Set is nothing but a logical grouping of VMs (Virtual Machines) that allows Azure cloud to understand how the application was developed for providing availability and redundancy.
  • Each VM in the availability set is assigned 2 kinds of domains by Azure:
    • Fault Domain: These define the grouping of VMs that would share a common power source and common network switch. The VMs within availability sets are separated across up to 3 fault domains by default. This separation of VMs in fault domains helps our applications to be available by reducing impacts of network outages, power interruptions, and certain hardware failures.
    • Update Domain: These indicate the grouping of VMs and underlying hardware which are eligible to be rebooted at the same time. Only one update domain can be rebooted at a time, however, the order of reboot does not proceed in a sequential manner. Before the maintenance of another update domain, the previously rebooted domain is given a recovery time of 30 minutes to ensure that the domain is up.
  • Azure provides flexibility to configure up to 3 fault domains and 20 update domains for an availability set.

Yes, it is possible and is done by means of the Transient Fault Handling Block. There can be multiple causes of transient failures while using the cloud environment:

  • Due to the presence of more load balancers, we can see that the application to database connections fail periodically.
  • While using multi-tenant services, the calls get slower and eventually time out because other applications are using resources to hit the same resource heavily.
  • The last cause can be we ourselves as the user trying to hit the resource very frequently which causes the service to deliberately deny the connection to us to support other tenants in the architecture.

Instead of showing errors to the user periodically, the application can recognize the errors that are transient and automatically try to perform the same operation again typically after some seconds with the hope of establishing the connection. By making use of the Transient Fault Handling Application Block mechanism, we can generate the retry intervals and make the application perform retries. In the majority of the cases, the error would be resolved on the second try and hence the user need not be made aware of these errors unnecessarily.

Following is the sample code that can be used for the retry policy. Here, if the connection is not successful, then the action is retried based on the retry policy defined. There are 3 retry strategies – Fixed Interval, Incremental Interval, Exponential Backoff Strategy.


* Class to detect Transient Blocks – Here

* OperationCancelledException is

* detected and then the retry strategy is employed.


internal class AppTransientDetection : ITransientErrorDetectionStrategy


    bool IsTransient(Exception exception) =>

        exception is OperationCanceledException;




* Retry Strategy – Here Fixed Interval Strategy is employed and is retried for 5 times.


RetryStrategy retryStrategy = new FixedInterval(retryCount: 5, retryInterval: TimeSpan.FromSeconds(2));


RetryPolicy retryPolicy = new RetryPolicy(new AppTransientDetection(), retryStrategy);

retryPolicy.ExecuteAction(() => {

    try {

        string commandText = @”USE FEDERATION User_Federation(ShardId =” + shardId + “) WITH RESET, FILTERING=ON”;



    } catch (Exception e) {





  • Azure Functions service can be used for executing the code without a server.
  • Serverless Azure Functions are used for simplifying complex orchestration and challenging resolutions. They are meant for being stateless and short-lived.
  • They help to connect with other services without the need for hard coding of the integrations thereby making the development process faster.
  • It helps the developer to write and concentrate on the business logic code thereby saving time and effort.
  • They also provide the features of monitoring and analyzing code performance by means of Azure Application Insights that help in identifying bottlenecks and failure points across the components of the application.

Yes, it is possible by making use of the Key Vault mapping to any Admin VM, we can log in to another VM without the need for a password.

No! As the name itself says, Azure Internal Load Balancer supports only Private IP addresses, and hence the assignment of a public IP address or DNS name is not possible.

Categorized in: