Is AZ-400 the hardest Azure exam?

AZ-400 is one of the hardest Azure exams. It requires broad knowledge spanning CI/CD pipelines, source control, testing, security, compliance, and monitoring. The Expert designation is justified - most candidates report it as more challenging than Associate-level exams.

What are the prerequisites for AZ-400?

AZ-400 has no formal prerequisites, but Microsoft strongly recommends passing either AZ-104 or AZ-204 first. In practice, candidates without solid Azure fundamentals and DevOps experience struggle significantly. 2+ years of Azure and DevOps experience is the practical baseline.

How long does it take to study for AZ-400?

Plan 8-12 weeks for AZ-400, with 2-3 hours of study daily. Hands-on lab work with Azure DevOps, GitHub Actions, and Azure Pipelines is essential - the exam tests real-world implementation knowledge heavily.

AZ-400 DevOps Engineer Expert Exam Preparation Guide

By Macdara Ó Murchú · Founder, AzurePrep·Last reviewed 6 April 2026·12 min read·2,630 words

The AZ-400 certification validates expertise in designing and implementing DevOps practices on Azure. This exam tests real-world ability to build continuous integration and continuous deployment (CI/CD) pipelines, manage infrastructure as code, and implement security and monitoring across Azure DevOps and GitHub. Passing AZ-400 demonstrates you can architect and execute enterprise-level DevOps solutions.

This guide covers everything you need to succeed on the AZ-400 exam, from prerequisites through domain breakdowns to actionable study strategies.

Is AZ-400 Right for You?

Prerequisites and Target Audience

AZ-400 is positioned as an expert-level certification, the highest tier in Microsoft's Azure role-based hierarchy. Microsoft requires candidates to hold either AZ-104 (Azure Administrator Associate) or AZ-204 (Azure Developer Associate) before attempting AZ-400.

Beyond formal prerequisites, AZ-400 targets:

Azure developers with hands-on CI/CD pipeline experience
Infrastructure and operations professionals expanding into DevOps
Release engineers managing Azure deployments
Cloud architects designing automation strategies
Experienced IT professionals transitioning to DevOps roles

The exam assumes you've already deployed applications on Azure, managed repositories, and worked with deployment automation. Theoretical knowledge alone will not suffice. Success requires practical experience implementing DevOps practices.

Why AZ-400 Is Challenging

AZ-400 ranks among the hardest Azure certifications for three key reasons:

Breadth of Coverage: The exam spans eight distinct technology domains. You must master Azure DevOps, GitHub Actions, containerization, infrastructure as code, monitoring, security scanning, and compliance frameworks simultaneously. No single skill dominates the exam.

Depth of Implementation: Questions test not just what technologies exist, but how to architect solutions using them. You'll face scenario-based questions requiring you to select the right tool combination and justify architectural decisions.

Hands-On Complexity: AZ-400 tests real-world DevOps problem-solving. You cannot memorize your way to passing. You need experience troubleshooting failed deployments, optimizing pipeline performance, and balancing security with deployment speed.

AZ-104/204PrerequisiteOne of these must be held first

$165Exam cost (USD)Expert level

5Exam domainsDevOps skill areas

Exam Overview and Domains

Exam Structure

The AZ-400 exam contains 40-60 questions delivered over 120 minutes (2 hours). Question formats include:

Multiple choice (select one correct answer)
Multiple select (select all that apply)
Scenario-based labs (hands-on simulations)
Case studies with multi-question scenarios

You need 700 out of 1000 points to pass. The scoring accounts for question difficulty, meaning some questions carry more weight than others.

Domain Breakdown

Domain	Percentage	Key Focus Areas
Configure processes and communications	10-15%	Azure DevOps Boards, team workflows, notifications, GitHub integration
Design and implement source control	15-20%	Git workflows, branch strategies, repository management, access control
Design and implement build and release pipelines	40-45%	YAML pipelines, multi-stage deployments, artifact management, release gates
Develop a security and compliance plan	10-15%	SAST/DAST, vulnerability scanning, secret management, policy enforcement
Implement an instrumentation strategy	10-15%	Application Insights, Log Analytics, monitoring alerts, distributed tracing

The largest domain covers pipelines, reflecting the core DevOps responsibility. Approximately 40-45% of exam questions test your ability to design and implement CI/CD automation. This is where preparation should be most concentrated.

Core Technologies and Concepts

Azure DevOps Platform

Azure DevOps is Microsoft's comprehensive suite for planning, developing, deploying, and maintaining software.

Azure Boards handles work item management and team planning. You must understand how to configure boards for different team workflows, set up sprints, manage backlogs, and integrate boards with pipelines for automated work item updates.

Azure Repos provides Git-based source control. The exam tests branching strategies (trunk-based development, Git flow), pull request policies, code review workflows, and repository permissions. You should know when to enforce branch protection rules and how to implement PR gates that require passing builds before merging.

Azure Pipelines is the CI/CD engine. This receives the heaviest exam focus. You'll work with YAML pipeline syntax, multi-stage pipelines with approval gates, variable management, service connections, and pipeline templates. Understanding task execution context, agent pools, and parallel job configurations is critical.

Azure Artifacts manages NuGet, npm, Maven, and Python packages. Know how to set up feeds, configure upstream sources, manage package retention policies, and integrate artifact feeds into pipelines.

Azure Test Plans organizes testing across releases. While less heavily tested, you should understand test case management, test result publication, and integration with pipelines.

GitHub and GitHub Actions

GitHub Actions provides workflow automation directly within GitHub repositories using YAML-based action files.

Workflow YAML Syntax: Actions workflows use on triggers, jobs, steps, and uses syntax. You must write workflow files that trigger on events (push, pull request, schedule, workflow_dispatch), define job conditions, manage outputs between jobs, and use expressions for conditional logic.

Secrets and Environments: GitHub provides secret management at repository and organization levels. The exam tests secure variable passing to workflows, environment-specific configurations, and secret rotation practices.

Actions and Marketplace: Know the difference between official Microsoft actions and community actions. Understand how to use pre-built actions from the GitHub Marketplace and when to author custom actions using JavaScript or Docker containers.

The exam may ask you to compare Azure DevOps Pipelines with GitHub Actions for specific scenarios. Generally, use Azure DevOps Pipelines for complex enterprise workflows and GitHub Actions for simpler, repository-centric automation.

Infrastructure as Code (IaC)

IaC enables defining Azure resources in declarative templates, essential for DevOps repeatability and version control.

Bicep: Microsoft's modern alternative to ARM templates, using a cleaner syntax. Bicep compiles to ARM JSON. The exam expects familiarity with Bicep syntax, modules, loops, conditions, and how to parameterize templates for reusability.

ARM Templates: Older JSON-based IaC format. Understanding template structure, linked templates, variable definitions, and function usage remains relevant for AZ-400.

Terraform: HashiCorp's multi-cloud IaC tool with growing Azure adoption. Know Terraform syntax, state management, modules, and how to integrate Terraform into pipelines using the Terraform task in Azure DevOps.

The exam tests choosing the right IaC approach for different scenarios and implementing IaC within CI/CD pipelines.

Containerization and Orchestration

Containers package applications with dependencies for consistent deployment across environments.

Docker: Know Dockerfile syntax, image layering, multi-stage builds for optimization, and best practices like using minimal base images and avoiding running containers as root.

Azure Container Registry (ACR): Microsoft's private Docker registry. Understand ACR tasks for automated image building, webhook triggers, image scanning with Defender for Containers, and geo-replication for global deployment.

Azure Kubernetes Service (AKS): Managed Kubernetes on Azure. Know how to deploy applications to AKS from pipelines, manage deployments, configure ingress controllers, and implement pod security policies.

The exam tests deploying containerized applications through complete CI/CD workflows, from code commit to Kubernetes deployment.

Monitoring and Logging

Observability ensures systems operate correctly and helps diagnose issues quickly.

Application Insights: Application Performance Monitoring (APM) for collecting telemetry from applications. Know how to instrument code, set up availability tests, define custom metrics, and create alerts from performance data.

Azure Monitor: Comprehensive monitoring service collecting metrics and logs from Azure resources. Understand metric collection, diagnostic settings, alert rules, and action groups.

Log Analytics: Query service for analyzing logs using Kusto Query Language (KQL). The exam may test writing basic KQL queries to investigate issues and create dashboards.

Instrumentation strategy questions test designing monitoring for entire pipelines, not just applications. Know how to track deployment success, pipeline performance metrics, and infrastructure health.

Security and Compliance

DevOps security integrates protection throughout development and deployment pipelines.

SAST (Static Application Security Testing): Tools like SonarQube and Microsoft Security DevOps scan source code before compilation. Know how to integrate SAST into pipelines and interpret scan results.

DAST (Dynamic Application Security Testing): Tools like OWASP ZAP and Burp Suite test running applications. Understand when to run DAST in pipelines and how to fail builds on critical vulnerabilities.

Secret Management: Secure handling of passwords, API keys, and certificates. Know Azure Key Vault integration with pipelines, GitHub Secrets, and variable masking.

Policy Enforcement: Azure Policy and compliance frameworks ensure configurations meet organizational standards. Understand policy definitions, effects, and integration with DevOps workflows.

The exam tests building secure pipelines that balance speed with protection, including when to scan, where to gate on security findings, and how to manage secrets safely.

DevOps Expert Path

AZ-900FundamentalsFUND

AZ-104Administrator AssocASSOC

AZ-400DevOps ExpertEXPERT

Developer Track

AZ-900FundamentalsFUND

AZ-204Developer AssocASSOC

AZ-400DevOps ExpertEXPERT

10-14 Week Study Plan

Prepare for AZ-400 over 10-14 weeks with structured, progressive learning.

Weeks 1-2: Foundation and Assessment

Start by establishing baseline knowledge. Review your AZ-104 or AZ-204 materials to refresh core Azure concepts.

Take a practice test on azureprep.com to identify knowledge gaps and understand exam format. azureprep.com offers free AZ-400 practice tests that closely mirror the actual exam. Your initial score indicates which domains need focus.

Study the exam skills outline from Microsoft Learn to map the official competencies. This ensures your preparation aligns with exactly what Microsoft tests.

Weeks 3-4: Azure DevOps Fundamentals

Deep dive into Azure DevOps. Work through Microsoft Learn modules on:

Azure Boards work item management and sprint planning
Azure Repos branching strategies and code review policies
Azure Pipelines YAML syntax and multi-stage pipeline design
Azure Artifacts feed management

Complete hands-on labs in your own Azure subscription. Create a sample project in Azure DevOps, set up a Git repository with branch policies, and build a basic multi-stage pipeline. Hands-on experience is non-negotiable for AZ-400 success.

Weeks 5-6: GitHub and CI/CD Advanced Topics

Study GitHub fundamentals and GitHub Actions. Learn YAML workflow syntax through practical examples. Build several GitHub Actions workflows ranging from simple Node.js deployments to complex multi-job orchestrations.

Compare Azure DevOps Pipelines with GitHub Actions. Know when to recommend each platform based on organizational needs, existing tooling, and specific features required.

Study advanced pipeline concepts: approval gates, deployment strategies (blue-green, canary), and multi-stage pipeline orchestration. Practice writing conditions that control when jobs execute.

Weeks 7-8: Infrastructure as Code

Master Bicep as your primary IaC language. Work through Bicep syntax including parameters, variables, outputs, loops (copy), and conditions. Build reusable Bicep modules for common Azure resources.

Learn ARM template fundamentals since legacy templates still appear on exams. Understand template structure and linked templates.

Study Terraform basics including state management, modules, and Azure provider configuration. Practice integrating Terraform into Azure Pipelines using the Terraform task.

Deploy infrastructure through pipelines. Create a Bicep pipeline that validates, previews, and deploys infrastructure to test and production environments.

Weeks 9-10: Containers and Deployment

Study Docker fundamentals: Dockerfile syntax, image layers, and multi-stage builds. Build Docker images for sample applications.

Learn Azure Container Registry: creating registries, configuring image scanning, setting up webhooks, and geo-replication.

Deploy applications to AKS from pipelines. Build a complete workflow that builds Docker images, pushes to ACR, and deploys to AKS using Helm or kubectl manifests.

Practice deploying to Azure App Service from pipelines as well, since the exam tests multiple deployment targets.

Weeks 11-12: Security, Monitoring, and Compliance

Integrate security scanning into pipelines. Set up SonarQube for SAST scanning and understand how to fail builds on critical issues. Research OWASP integration and dependency scanning tools.

Implement Azure Key Vault for secret management. Use Key Vault secrets in pipelines through service connections and variable linking.

Study Application Insights instrumentation. Instrument sample applications and create custom metrics, availability tests, and alerts.

Learn Log Analytics and Kusto Query Language basics. Write queries to investigate application issues and create dashboards.

Understand Azure Policy and compliance requirements in DevOps contexts.

Weeks 13-14: Practice and Refinement

Dedicate these final weeks to concentrated practice. Take multiple full-length practice exams on azureprep.com. azureprep.com's AZ-400 practice tests identify remaining weak areas.

For each incorrect answer, research the underlying concept deeply. Many students know surface facts but fail when scenarios test deeper understanding.

Review case study scenarios and labs. The actual exam includes scenario-based questions where you must apply knowledge to complex situations, not just answer isolated technical questions.

Focus on domains where you scored lowest on practice exams. If you struggled with pipeline implementation questions, spend time building increasingly complex pipelines. If security questions posed challenges, deep dive into SAST/DAST integration and secret management.

One week before the exam, take a practice test under timed conditions in a quiet environment replicating actual exam conditions. Review results and focus final study on verified weak points.

Key Study Resources

Microsoft Learn: Microsoft's free learning platform contains official AZ-400 learning paths with videos, interactive modules, and hands-on labs. Start here for comprehensive coverage.

azureprep.com AZ-400 Practice Tests: azureprep.com provides realistic practice exams with detailed explanations. Free practice tests help you understand exam format and identify knowledge gaps. Full-length practice tests simulate the actual exam experience.

Official Microsoft Documentation: Azure DevOps documentation, GitHub Actions documentation, and Azure architecture guidance contain authoritative information. Bookmark these for reference during labs.

Hands-On Lab Environments: Use Azure free credits or pay-as-you-go subscriptions to build real projects. Create Azure DevOps organizations, GitHub repositories, build pipelines, deploy containers, and configure monitoring. Hands-on experience transfers directly to exam questions.

YouTube and Community Resources: Search for Azure DevOps and GitHub Actions walkthroughs. Seeing experienced practitioners demonstrate workflows provides valuable perspective on best practices.

Common Pitfalls to Avoid

Focusing Too Much on Azure DevOps UI: The exam increasingly tests YAML pipeline syntax and GitHub Actions. Don't spend excessive time learning the Azure DevOps web interface. Understand YAML pipeline structure thoroughly.

Ignoring Real-World Scenarios: Study questions frequently present business problems requiring you to recommend solutions. Memorizing Azure DevOps components without understanding how to apply them to real situations leads to exam failures. Always think about the "why" behind each technology.

Neglecting Hands-On Practice: Reading about Azure DevOps differs vastly from configuring it yourself. You cannot pass AZ-400 through reading alone. Every week should include hands-on lab work.

Underestimating Security and Monitoring Domains: These domains receive 20-30% of exam questions combined. Don't treat them as secondary topics. Security scanning integration, secret management, and monitoring strategy are critical.

Not Understanding Pipeline Orchestration: Complex scenarios test multi-stage pipelines with approval gates, conditional job execution, and parallel stages. Ensure you understand how to design sophisticated pipeline workflows, not just simple linear deployments.

Confusing Similar Tools: Know the differences between Azure DevOps Pipelines and GitHub Actions, between Bicep and ARM templates, and between SAST and DAST. Scenario questions test choosing the right tool for specific contexts.

Exam Day Preparation

Arrive early to the testing center or set up your remote testing environment 15 minutes before the exam start time. Test your internet connection, webcam, and microphone if taking the exam remotely.

Read each question carefully before answering. Scenario-based questions contain significant details. Missing a detail could lead to selecting the wrong answer.

For multiple-select questions, ensure you understand what the question is asking before checking boxes. Some questions ask "which statements are true" while others ask "which of these will NOT achieve the objective."

Flag difficult questions and return to them after completing easier questions. This strategy ensures you earn points on easier questions before potentially spending excessive time on complex scenarios.

Manage your time. With 40-60 questions in 120 minutes, you have approximately 2 minutes per question. Allocate extra time for scenario-based questions, which require more analysis.

The exam includes unscored pilot questions that don't count toward your score but help Microsoft develop future exams. You won't know which questions are pilot questions, so answer all questions seriously.

Conclusion

AZ-400 represents expert-level mastery of Azure DevOps and modern software delivery practices. Success requires combining comprehensive knowledge across eight distinct domains with hands-on practical experience implementing complex CI/CD workflows.

The path forward is clear: start with foundational Azure DevOps and GitHub knowledge, progressively deepen expertise in infrastructure as code and containerization, and integrate security and monitoring throughout. Use azureprep.com practice tests to measure progress and identify refinement areas.

Dedicate 10-14 weeks to structured preparation including significant hands-on practice. Build real projects, automate real deployments, and troubleshoot real pipeline failures. This experience translates directly to exam success and, more importantly, to genuine professional capability.

The investment in AZ-400 certification pays dividends throughout your career.