Azure Mastery Download
Azure Mastery

Microsoft Certification AZ-400

Predict your score. Pass with proof.

On-device AI scores your readiness, builds an adaptive study plan, and flags topics fading from memory — before they cost you the exam.

444 practice questions AI score prediction 100% offline
Download free iPhone & iPad · Free to start

AZ-400 Study App for iOS — Designing and Implementing Microsoft DevOps Solutions

Get exam-ready for AZ-400 (Designing and Implementing Microsoft DevOps Solutions) — the single exam that earns the Microsoft Certified: DevOps Engineer Expert credential — on iPhone or iPad. Azure Mastery ships 444 AZ-400 practice questions across all five domains, the largest single-cert bank in our library. AI-driven readiness prediction targets the 50–55% pipelines domain first.

The exam

What is the AZ-400 exam?

AZ-400 is the single exam required to earn the Microsoft Certified: DevOps Engineer Expert credential — Microsoft's senior DevOps certification spanning both Azure DevOps and GitHub. To award the Expert tier, Microsoft also requires you to hold an Associate-level prerequisite: either AZ-104 (Azure Administrator Associate) or AZ-204 (Azure Developer Associate). Passing AZ-400 alone does not award the Expert credential.

AZ-400 is the broadest exam in the Azure family by service surface — you'll be tested across five DevOps domains, with the build/release pipelines domain alone weighted at 50–55% of the exam. Expect dual coverage of Azure Pipelines AND GitHub Actions, Azure DevOps Repos AND GitHub repositories, Bicep AND ARM templates, plus security scanning (Microsoft Defender for DevOps, GitHub Advanced Security, Dependabot, CodeQL), monitoring (Azure Monitor, Application Insights, KQL queries), and progressive deployment patterns (blue-green, canary, ring, feature flags via Azure App Configuration).

Microsoft updated the AZ-400 skills outline on 24 April 2026 with minor updates across all five domains — branching strategies, package management, deployments, IaC, auth/secrets, and monitoring. Every question in Azure Mastery's AZ-400 bank is mapped to the current outline. Read the official outline at learn.microsoft.com.

Skills measured · April 2026

AZ-400 exam objectives

Five DevOps domains, with weights set by Microsoft's April 2026 update. The build/release pipelines domain alone is weighted at 50–55% — more than the other four combined. Every domain summary below is paraphrased from the official skills outline.

Design and implement processes and communications10–15%

Traceability and flow of work — GitHub Flow, feedback cycles, GitHub Issues, GitHub Projects integration with Azure Boards. Metrics and queries for the full DevOps lifecycle (cycle time, time to recovery, lead time) plus project planning, development, testing, security, delivery, and operations. Configure collaboration: wikis with Markdown and Mermaid syntax, release notes, automated docs from Git history, webhook integrations, Microsoft Teams integration. Around 4–9 questions.

Design and implement a source control strategy10–15%

Branching strategies — trunk-based, feature branch, release branch — plus pull request workflows, branch policies and protection rules. Repository management at scale — Git Large File Storage (LFS), Scalar, cross-repository sharing, permissions, tags. Recovering specific data via Git commands and removing data from history. Around 4–9 questions.

Design and implement build and release pipelines50–55%

The largest domain by far. Package management (GitHub Packages, Azure Artifacts, SemVer, CalVer); testing strategy (unit, integration, load, code coverage, quality gates); pipeline implementation (YAML in Azure Pipelines AND GitHub Actions, agent/runner infrastructure, triggers, multi-stage pipelines, reusable templates, environment checks/approvals); deployment strategies (blue-green, canary, ring, progressive exposure, feature flags via Azure App Configuration, A/B testing, hotfix paths, deployment slots); IaC (Bicep, ARM, Azure Automation State Configuration, Azure Machine Configuration, Azure Deployment Environments); pipeline maintenance (health, optimisation, classic-to-YAML migration). Around 20–33 questions per sitting.

Develop a security and compliance plan10–15%

Authentication and authorisation — service principals vs Managed Identities (system-assigned vs user-assigned), GitHub Apps, GITHUB_TOKEN, personal access tokens, Azure DevOps service connections, GitHub permissions and roles, Azure DevOps permissions and security groups. Sensitive information management — Azure Key Vault, GitHub Secrets, OpenID Connect / workload identity federation. Security and compliance scanning — Microsoft Defender for Cloud DevOps Security, GitHub Advanced Security, container scanning, CodeQL, Dependabot. Around 4–9 questions.

Implement an instrumentation strategy5–10%

The smallest domain. Configure Azure Monitor and Azure Monitor Logs to integrate with DevOps tools; collect telemetry via Application Insights, VM Insights, Container Insights, and storage/network monitoring. Configure GitHub monitoring (insights, charts, alerts on Actions and Pipelines events). Analyse metrics — infrastructure indicators (CPU, memory, disk, network), application performance, distributed tracing, and basic Kusto Query Language (KQL) queries. Around 2–6 questions.

Designed for AZ-400

How Azure Mastery helps you pass AZ-400

Azure Mastery ships with 444 AZ-400 practice questions — the largest single-cert bank in our library, sized to match AZ-400's enormous service surface. Every question is mapped to the current (April 2026) skills outline, with domain tags across all five DevOps areas. Around half the questions exercise the build/release pipelines domain, matching its 50–55% exam weighting. YAML pipeline snippets (both Azure Pipelines and GitHub Actions), Bicep templates, and KQL queries appear throughout — practising the same artefacts you'll see in the live exam.

The on-device Exam IQ engine predicts your AZ-400 score before you sit the exam. After roughly 30 questions it has enough signal to give a confidence-scored prediction (e.g. "708 ±60, 68% confidence") — and tells you the specific topics that are dragging your readiness down. No vague "study more" advice; just a ranked list of objectives where improvement would move your score the furthest.

The adaptive study plan rebuilds itself from your answer history. Get a release-gate or deployment-strategy scenario wrong? You'll see another build-and-release-pipeline question in the next session. Master "branch-protection vs PR validation" three sessions running and the engine backs off, surfacing fresh security-and-compliance or instrumentation scenarios. The plan optimises for the gap between where you are and the 700 pass score, not for blind volume.

Knowledge decay tracking matters more for AZ-400 than for foundational exams — five domains is a lot to retain, and the topic you mastered three weeks into your study window is the topic you'll forget by exam day if you stop revising. Azure Mastery tracks every topic's decay curve and flags topics approaching expiry. The padlock icon on the Today screen is your "revisit before you forget" cue, and weak-spot drills automatically pull from decayed topics first.

Real exam simulation mode runs at AZ-400's actual length and time pressure: a randomised 40–60-question set drawn from the full 444-question bank, weighted by domain percentages from the April 2026 outline, with the 100-minute timer running and no jumping back to flag-and-review. It's the closest you can get to the live Pearson VUE / online-proctored experience without sitting the exam.

Everything runs on-device. Your answer history, your readiness gauge, your decay alerts — none of it leaves your iPhone or iPad. No account required to start, no tracking, no sync server. Privacy-first by design.

10-week study plan

Suggested AZ-400 study plan

AZ-400 has the broadest service surface of any Azure exam. Plan eight to twelve weeks even if you already hold AZ-104 or AZ-204. The ten-week plan below front-loads the small process and source-control domains, then spends three full weeks on the 50–55% build/release pipelines domain, before security and instrumentation in the second half.

  1. Process, communications, source control

    • Week 1: GitHub Flow, Azure Boards, dashboards, DevOps metrics (cycle time, lead time, time to recovery), wikis (Markdown + Mermaid), webhook integrations, Microsoft Teams hooks.
    • Week 2: Branching strategies (trunk-based, feature, release), pull request workflow, branch protection rules, Git LFS, repo scaling, recovering data via Git commands, removing data from history.

  2. Build pipelines + package management

    • Week 3: Package management (GitHub Packages, Azure Artifacts, SemVer, CalVer), feeds, dependency versioning, pipeline artifact versioning. Quality and release gates.
    • Week 4: Pipeline implementation — YAML in Azure Pipelines AND GitHub Actions, agents/runners (cost, licensing, self-hosted), trigger rules, multi-stage pipelines, reusable templates, environment checks/approvals.
    • Week 5: Testing strategy — unit, integration, load tests; configuring test tasks/agents/results integration; code coverage analysis.

  3. Deployments + IaC + maintenance

    • Week 6: Deployment strategies (blue-green, canary, ring, progressive exposure, feature flags via Azure App Configuration, A/B testing), hotfix paths, deployment slots, container deployments, database deployments.
    • Week 7: IaC — Bicep, ARM templates, Azure Automation State Configuration, Azure Machine Configuration, Azure Deployment Environments. Plus pipeline maintenance — health monitoring, optimisation for cost/time/performance, retention strategy, classic-to-YAML migration.

  4. Security and compliance

    • Week 8: Auth — service principals vs Managed Identities (system vs user), GitHub Apps + GITHUB_TOKEN + PATs, Azure DevOps service connections, GitHub permissions and roles, Azure DevOps permissions/security groups, projects/teams configuration. Sensitive info — Azure Key Vault for secrets/keys/certs, OpenID Connect/workload identity federation in GitHub Actions and Azure Pipelines, secure files. Scanning — Microsoft Defender for DevOps, GitHub Advanced Security, Dependabot, container scanning, CodeQL.

  5. Instrumentation + sharpen + simulate

    • Week 9: Azure Monitor + Logs integration with DevOps tools, Application Insights, VM/Container/Storage/Network Insights, GitHub Insights, alerts on Actions/Pipelines events. Analyse infra metrics, distributed tracing, basic KQL queries.
    • Week 10: Focus Weak Spots in the first half (decay alerts pull older topics back); two full-length 100-minute Exam Simulator runs in the second half. Schedule the exam when scoring 730+ consistently.

Inside the app

Every Microsoft question type, on iPhone

AZ-400's question bank uses the same formats Microsoft puts on the live exam — not just multiple choice. Each visualisation below is a faithful mock of how the type renders inside Azure Mastery on iPhone and iPad. Exam-simulator mode runs all of them at full 100-minute length with no flag-and-review jumps, mirroring Pearson VUE.

Multiple choice

One correct answer from four to six options. The most common type on every Azure exam — practical recall of services, settings, and limits.

~50% of questions

Multi-select

Pick two or more correct answers from a list. Microsoft tells you exactly how many to choose. Partial credit not awarded — you need every selection right.

All-or-nothing

Drag-and-drop

Arrange items into the correct sequence — deployment steps, the order operations occur in a pipeline, troubleshooting flows. Long-press to drag on touch.

Order matters

Hotspot

Tap the correct area of an image — the right setting in a portal screenshot, the right resource in a topology diagram. Practical visual recall under time pressure.

Tap target

Case studies

A multi-paragraph scenario followed by 4–6 linked questions. Common on AZ-400 in the storage and identity domains; dominant on AZ-305 and AZ-400.

Multi-question

Why Wrong AI

An Azure Mastery exclusive. When you answer incorrectly, an on-device Apple Foundation Model writes a targeted explanation grounded in the correct rationale. Never leaves your device.

App exclusive

Frequently asked

AZ-400 FAQs

What prerequisite do I need for AZ-400?

You need an Azure Associate-tier certification — either AZ-104 (Azure Administrator Associate) or AZ-204 (Azure Developer Associate) — plus AZ-400 to earn the DevOps Engineer Expert credential. Passing AZ-400 alone does not award the Expert tier. Most candidates come to AZ-400 from AZ-204 (developers moving into platform/SRE work) or AZ-104 (sysadmins formalising their CI/CD work).

How much does the AZ-400 exam cost?

The AZ-400 voucher is USD $165 in the United States. Pricing varies by region — in the UK it's typically around £128. Microsoft sometimes runs free-voucher promotions during Microsoft Build or Microsoft Ignite — worth checking your Microsoft Learn profile for active offers. The DevOps Engineer Expert tier also requires annual renewal (free, online via Microsoft Learn) once earned.

Does the AZ-400 certification expire?

Yes. Microsoft Expert certifications — including DevOps Engineer Expert (which AZ-400 unlocks) — expire annually. Renewal is free: a 25–30 question online assessment on Microsoft Learn within the six-month window before your expiration date. The renewal targets recent skills outline updates, so staying current is straightforward if you remain broadly active in DevOps work.

What is the AZ-400 retake policy if I fail?

The first retake is allowed after 24 hours. Second and third retakes each require a 14-day wait. Microsoft caps retakes at five attempts per 12-month rolling period. Each attempt requires a new voucher purchase. AZ-400 has the broadest service surface of any Azure exam — first-time pass rate is meaningfully lower than AZ-104 or AZ-900.

How long should I study for AZ-400?

Plan eight to twelve weeks for AZ-400, even if you already hold AZ-104 or AZ-204. AZ-400 covers an enormous service surface — Azure Pipelines AND GitHub Actions, both Azure DevOps AND GitHub repositories, Bicep AND ARM templates, Azure Key Vault AND GitHub Secrets, plus security scanning, monitoring, branching strategies, and progressive deployment patterns. The build/release pipelines domain alone is 50–55% of the exam. Don't book until Azure Mastery's readiness gauge shows roughly 730 or higher with reasonable confidence.

AZ-400 vs AZ-305 — which Expert cert should I take?

Pick the one that matches your role. AZ-400 (DevOps Engineer Expert) is for SREs, platform engineers, and developers who own CI/CD; AZ-305 (Azure Solutions Architect Expert) is for architects designing the systems CI/CD deploys. The two are complementary — AZ-305 assumes you can specify a deployment strategy, AZ-400 assumes you can implement it. Some candidates hold both. They share AZ-104/AZ-204 as the Associate prerequisite.

Where AZ-400 fits

Certification path that includes AZ-400

AZ-400 is the single exam required for the Microsoft Certified: DevOps Engineer Expert credential. The Expert tier requires an Associate-level prerequisite — either AZ-104 (admins) or AZ-204 (developers). Without one of those, passing AZ-400 alone does not award the Expert credential.

Ready to pass AZ-400?

Download Azure Mastery free. 444 AZ-400 practice questions — the largest single-cert bank in our library — across all five DevOps domains, AI score prediction, full-length exam simulator, adaptive study plan that targets the 50–55% pipelines domain first. iPhone & iPad.

Download Azure Mastery — free iPhone & iPad · Free to start · No account required