AI-200 — Microsoft Azure AI Cloud Developer Associate Quick Review

Last revised: June 18, 2026

Quick Review for Microsoft AI-200 candidates covering Azure AI architecture, generative AI, search, security, deployment, and practice priorities.

Quick Review purpose

This Quick Review is for candidates preparing for Microsoft Azure AI Cloud Developer Associate (AI-200), exam code AI-200. Use it as a fast, practical review before working through topic drills, mock exams, and detailed explanations in an IT Mastery question bank.

The goal is not to replace hands-on Azure work. The goal is to help you quickly recognize the major design choices, implementation patterns, traps, and troubleshooting signals that commonly appear in Azure AI developer scenarios.

Exam identity

Item	Details
Vendor/provider	Microsoft
Official exam title	Microsoft Azure AI Cloud Developer Associate (AI-200)
Official exam code	AI-200
Review focus	Azure AI application development, service selection, integration, security, responsible AI, deployment, and operational readiness
Practice connection	Best used with original practice questions, topic drills, mock exams, and detailed explanations

How to use this Quick Review

Scan the decision tables first. AI developer exams often test whether you choose the right Azure AI service and integration pattern.
Review the traps. Many misses come from confusing similar services, authentication methods, indexing concepts, or generative AI terms.
Practice immediately after each section. Use topic drills to confirm that you can apply the idea under exam-style wording.
Read explanations even for correct answers. Detailed explanations help you notice distractors, missing requirements, and better service choices.
Finish with mixed mock exams. The real challenge is switching contexts quickly across AI Search, Azure OpenAI, Language, Vision, Speech, Document Intelligence, security, and deployment scenarios.

High-yield domain map

Area	What to know quickly	Common exam-style decision
Azure AI service selection	Match the requirement to the correct managed service	“Which service should be used for text extraction, translation, search, chat, speech, or image analysis?”
Azure OpenAI and generative AI	Prompts, deployments, tokens, embeddings, RAG, grounding, safety	“How should an app generate accurate responses using enterprise data?”
Azure AI Search	Indexes, indexers, data sources, skillsets, vector search, semantic ranking	“How should documents be prepared, indexed, and retrieved for an AI app?”
Language services	Sentiment, key phrases, entity recognition, summarization, custom text classification	“Which prebuilt or custom NLP capability fits the requirement?”
Vision services	Image analysis, OCR, object detection, custom vision scenarios	“Is prebuilt image analysis enough, or is custom training needed?”
Speech services	Speech-to-text, text-to-speech, translation, speaker-related scenarios	“Which speech capability supports the user interaction?”
Document Intelligence	Structured extraction from forms, invoices, receipts, contracts, custom documents	“How do you extract fields from semi-structured or structured documents?”
Bot and conversational apps	Channels, state, orchestration, authentication, handoff	“How should the user-facing AI interaction be implemented?”
Security and access	Microsoft Entra ID, managed identities, keys, Key Vault, RBAC, private networking	“How should an app securely call an AI service?”
Responsible AI	Safety, content filtering, transparency, evaluation, human review	“How do you reduce risk from harmful, biased, or ungrounded output?”
Monitoring and operations	Logging, metrics, alerts, tracing, cost and latency review	“How do you diagnose failures or poor model responses?”

Service selection quick table

Requirement	Usually consider	Watch for
Generate or summarize natural language	Azure OpenAI	Need grounding, safety controls, token management, and evaluation
Answer questions over private documents	Azure OpenAI + Azure AI Search	RAG is usually preferred over fine-tuning for knowledge-grounded answers
Search documents by meaning	Azure AI Search vector search	Requires embeddings and a vector field in the index
Search documents with keywords and filters	Azure AI Search lexical search	Requires well-designed fields, analyzers, filters, and scoring
Combine keyword, vector, and semantic relevance	Azure AI Search hybrid/semantic approaches	Know the role of each retrieval method
Extract text and fields from forms	Azure AI Document Intelligence	Choose prebuilt vs custom model based on document type
Extract printed or handwritten text from images	Azure AI Vision OCR or Document Intelligence	Choose based on image/document structure and downstream field extraction
Analyze image content	Azure AI Vision	Custom vision is for domain-specific classification/detection needs
Convert speech to text	Azure AI Speech	Consider language, latency, diarization, and audio quality requirements
Convert text to speech	Azure AI Speech	Consider voice, language, output format, and application channel
Translate text	Azure AI Translator	Do not confuse translation with summarization or sentiment analysis
Analyze sentiment or key phrases	Azure AI Language	Use prebuilt NLP unless custom classification/extraction is required
Build a chatbot interface	Azure Bot Service or app framework integrated with AI services	Bot channel and conversation state are separate from model reasoning
Detect or moderate harmful content	Azure AI Content Safety / safety features	Safety is not the same as correctness or grounding
Store secrets	Azure Key Vault	Prefer managed identity over hard-coded secrets
App-to-service authentication without secrets	Managed identity + RBAC where supported	Keys are simpler but weaker operationally

Azure OpenAI review

Core concepts to recognize

Concept	Quick meaning	Candidate trap
Model	The underlying capability family	Do not assume the model name alone controls app behavior; prompt, data, parameters, and retrieval matter
Deployment	Azure-hosted deployment of a selected model	Apps call a deployment name, not just a generic model label
Prompt	Instructions and context sent to the model	Vague prompts cause inconsistent output
System message	High-priority behavioral instruction	Do not put policy-critical instructions only in user text
Temperature	Controls randomness	Higher is not “better”; use lower values for deterministic business answers
Max tokens	Limits generated output	Too low truncates answers; too high may increase cost/latency
Embedding	Numeric representation of semantic meaning	Used for similarity search, clustering, and retrieval
RAG	Retrieval-augmented generation	Preferred for grounding answers in changing enterprise content
Fine-tuning	Adjusting model behavior using training examples	Not a replacement for retrieving current facts
Content filter	Safety layer for harmful content categories	Does not guarantee factual accuracy
Function/tool calling	Model selects structured calls to external tools	App still validates inputs, authorizes actions, and handles errors

RAG decision path

    flowchart TD
	    A[User asks a question] --> B{Need private or current knowledge?}
	    B -- No --> C[Prompt model with instructions]
	    B -- Yes --> D[Retrieve relevant content]
	    D --> E[Use Azure AI Search or another retrieval layer]
	    E --> F[Add retrieved passages to prompt]
	    F --> G[Generate grounded answer]
	    G --> H{Need citations or auditability?}
	    H -- Yes --> I[Return sources and confidence cues]
	    H -- No --> J[Return concise answer]

RAG implementation checklist

Step	Key review point	Common mistake
Ingest data	Pull content from approved sources	Indexing stale, duplicate, or unauthorized data
Chunk documents	Split into meaningful sections	Chunks too small lose context; chunks too large reduce retrieval precision
Generate embeddings	Use consistent embedding model and dimensions	Mixing incompatible embeddings in one vector field
Build index	Include text, metadata, vector fields, filters	Forgetting metadata needed for security trimming or filtering
Retrieve	Use keyword, vector, semantic, or hybrid retrieval	Assuming vector search always beats keyword search
Ground prompt	Provide relevant snippets and instructions	Passing too much irrelevant context to the model
Generate answer	Ask for concise, sourced, bounded responses	Letting the model answer beyond supplied evidence
Evaluate	Test accuracy, citation quality, latency, cost, safety	Testing only happy-path questions

Prompt design review

Strong prompts usually include:

Role or task: “You are an assistant that answers from provided policy excerpts.”
Boundaries: “If the answer is not in the provided context, say you do not know.”
Output format: JSON, table, bullet list, short paragraph, or classification label.
Grounding rules: Use only retrieved content when required.
Safety rules: Avoid restricted content, unsafe advice, or sensitive data exposure.
Examples: Few-shot examples for formatting or classification consistency.

Weak prompts often:

Ask for broad expertise without source boundaries.
Mix several tasks without ordering them.
Fail to specify output format.
Trust the model to infer compliance, privacy, or security rules.
Include user-controlled content in a way that enables prompt injection.

Generative AI traps

Trap	Why it matters
“Fine-tune the model so it knows company documents”	Fine-tuning changes behavior; RAG is usually the pattern for private, current knowledge
“Use a higher temperature for more accurate answers”	Higher temperature increases variation; it does not improve factuality
“Content filtering proves the answer is correct”	Safety filtering and factual grounding are different controls
“Put all documents into the prompt”	Token limits, cost, latency, and relevance suffer
“The model should enforce authorization”	Authorization must be implemented by the application and data layer
“Embeddings are encrypted text”	Embeddings are vector representations, not a replacement for data protection
“Vector search requires no metadata”	Metadata is critical for filters, permissions, freshness, and source display

Azure AI Search review

Core objects

Object	Purpose	Review note
Data source	Defines where source data comes from	Often paired with an indexer
Index	Searchable structure containing fields	Field design affects filtering, sorting, scoring, faceting, and retrieval
Indexer	Crawls data and populates index	Useful for supported data sources and scheduled updates
Skillset	Enrichment pipeline during indexing	Can extract text, entities, key phrases, or custom enrichments
Field	Searchable, filterable, sortable, facetable, retrievable attributes	Attributes must match query requirements
Analyzer	Controls tokenization for text search	Important for language-specific or custom search behavior
Vector field	Stores embedding vectors	Dimensions must match embedding output
Semantic ranking	Improves ranking using semantic understanding	Not the same thing as vector search
Synonym map	Expands equivalent terms	Helps lexical search, not a substitute for embeddings

Search pattern comparison

Pattern	Best for	Limitation
Keyword search	Exact terms, filters, known terminology	Misses semantically similar wording
Vector search	Meaning-based similarity	May retrieve semantically related but contextually wrong chunks
Semantic ranking	Improving relevance and captions/answers	Depends on candidate results and supported configuration
Hybrid search	Combining lexical and vector strengths	Requires tuning and evaluation
Filtered search	Tenant, department, date, access control, product	Filters must be represented as fields
Faceted search	User-driven narrowing	Fields must be facetable

AI Search implementation traps

Mark fields correctly for searchable, filterable, sortable, facetable, and retrievable behavior.
Do not expect to filter on a field that was not configured for filtering.
Do not expose documents from unauthorized tenants; implement security trimming.
Do not assume indexers support every source or transformation requirement.
Use skillsets when enrichment is needed during indexing.
Validate chunking and retrieval quality with realistic user questions.
Monitor index freshness if source documents change frequently.
Use metadata such as source URI, title, document type, timestamp, tenant, department, and permissions.

Azure AI Language review

Capability	Use when	Do not confuse with
Sentiment analysis	Need positive, neutral, negative, or opinion signals	Intent recognition or topic classification
Key phrase extraction	Need important terms from text	Full summarization
Named entity recognition	Need people, places, organizations, dates, quantities	Custom business field extraction
Entity linking	Need entities connected to known knowledge sources	Simple keyword extraction
Language detection	Need to identify text language	Translation
Text summarization	Need shorter representation of content	Sentiment analysis
Conversational language understanding	Need intents/entities from user utterances	Open-ended generative chat
Custom text classification	Need domain-specific categories	Prebuilt sentiment or key phrases
Custom named entity recognition	Need domain-specific entities	General NER

Language service decision rules

Use prebuilt capabilities when the requirement matches standard NLP tasks.
Use custom classification or extraction when labels/entities are domain-specific.
Use Azure OpenAI when the requirement is open-ended generation, reasoning over context, or flexible summarization.
Use AI Search + Azure OpenAI when answers must be grounded in a large private corpus.
For production extraction, plan for evaluation data, confidence thresholds, review queues, and error handling.

Vision and OCR review

Requirement	Likely approach	Key distinction
Describe image content	Azure AI Vision image analysis	General image understanding
Read text from images	OCR capability	Text extraction, not structured field extraction
Detect objects in images	Vision object detection or custom model	Use custom when domain-specific objects are needed
Classify specialized images	Custom vision-style approach	Requires labeled training data
Extract fields from invoices, receipts, IDs, or forms	Azure AI Document Intelligence	Structured document extraction
Process scanned documents	Document Intelligence or OCR depending on structure	Decide whether fields/tables/layout matter

Vision traps

OCR extracts text; it does not automatically understand business meaning.
Object detection locates objects; classification labels an image.
Custom models require representative labeled data.
Image quality, resolution, orientation, and handwriting affect accuracy.
If the requirement includes tables, key-value pairs, or form fields, consider Document Intelligence instead of generic OCR.

Document Intelligence review

Prebuilt vs custom decision

Scenario	Better fit	Why
Standard invoices, receipts, IDs, tax-like forms, or common documents	Prebuilt model if available	Faster implementation and less training effort
Company-specific forms with consistent layout	Custom extraction model	Learns fields from representative samples
Multiple document types	Classifier plus extraction models	Route documents before extraction
Need layout, tables, and text structure	Layout capability	Useful before downstream processing
Need high accuracy for business processing	Extraction plus validation workflow	Human review may be needed for low confidence

Document extraction workflow

Receive document from an approved source.
Validate file type, size, and quality.
Select prebuilt, custom, or layout model.
Extract fields, tables, and confidence values.
Validate required fields and business rules.
Send low-confidence or high-risk cases to review.
Store extracted data with source traceability.
Monitor accuracy by document type and version.

Document Intelligence traps

Do not choose generic OCR when the requirement asks for named fields from forms.
Do not assume one custom model works for unrelated document layouts.
Do not ignore confidence scores.
Do not train on ideal samples only; include realistic variation.
Do not skip downstream validation just because extraction succeeded.

Speech review

Requirement	Capability	Review point
Convert audio to text	Speech-to-text	Consider language, audio quality, noise, and real-time vs batch
Convert text to audio	Text-to-speech	Consider voice, style, format, and latency
Translate spoken input	Speech translation	Different from text translation after transcription
Build voice-enabled app	Speech SDK + application logic	Speech recognition is not the conversation brain
Improve domain vocabulary	Custom speech-related configuration where appropriate	Useful for specialized names and terms

Speech traps

Speech-to-text produces transcripts; it does not automatically summarize or classify unless combined with another service.
Background noise and microphone quality affect recognition.
Real-time scenarios prioritize latency; batch scenarios can prioritize completeness.
Text-to-speech voice selection affects user experience but not text correctness.
Translation, transcription, and conversational understanding are separate tasks.

Bot and conversational app review

Concept	What to know	Common trap
Channel	Where users interact, such as web chat or collaboration tools	Channel configuration is separate from AI reasoning
Conversation state	Stored context across turns	Do not rely only on model memory for durable state
Dialog/orchestration	Controls conversation flow	Generative output still needs app-level control for business processes
Authentication	Identifies user	Needed before accessing private data
Authorization	Determines what data/actions user can access	Must be enforced outside the model
Handoff	Escalation to human or another workflow	Important for low confidence or high-risk cases

Conversational design rules

Use the model for natural language understanding and generation, not for unchecked business authority.
Store durable state in application storage where required.
Validate user identity before retrieving private data.
Apply security trimming before retrieved content reaches the prompt.
Use structured tool/function calls for actions such as ticket creation, lookup, or transaction submission.
Log enough context to troubleshoot without exposing sensitive information unnecessarily.

Security and identity review

Authentication and authorization

Requirement	Preferred pattern	Watch for
Azure-hosted app calls Azure service	Managed identity where supported	Avoid hard-coded keys
Store service secrets	Azure Key Vault	Rotate secrets and restrict access
Grant app access to resource	RBAC or service-specific access control	Assign least privilege
User-specific data access	User auth + authorization + security trimming	Do not let the model decide access rights
Network isolation	Private endpoints, firewall rules, virtual network integration where applicable	Confirm service support and app routing
Protect data in transit	HTTPS/TLS	Do not send sensitive data to unapproved endpoints
Protect logs	Redaction, retention, role restrictions	Logs can leak prompts, documents, and outputs

Key security reminders

Prefer Microsoft Entra ID and managed identities over static keys when supported.
If keys are used, store them securely and rotate them.
Keep secrets out of code, prompts, config files, and logs.
Apply least privilege to data stores, search indexes, AI services, and monitoring systems.
Treat prompts and model outputs as data that may contain sensitive information.
Implement tenant isolation and document-level access checks for multi-user RAG apps.
Validate all model-suggested actions before execution.

Responsible AI review

Risk	Control
Hallucinated answers	Grounding, citations, refusal rules, evaluation
Harmful content	Content filters, safety classifiers, escalation paths
Biased or unfair output	Diverse test cases, monitoring, human review
Privacy leakage	Data minimization, redaction, access control
Prompt injection	Input isolation, instruction hierarchy, retrieval sanitization
Overreliance	Confidence cues, source links, human approval for high-risk cases
Poor transparency	Explain limitations and show sources where appropriate
Unsafe automation	Require approval for sensitive actions

Responsible AI traps

Safety filtering is not a complete responsible AI program.
Grounded generation can still produce wrong synthesis if retrieval is poor.
Human review should be targeted to risk, uncertainty, or business impact.
Evaluation should include adversarial, ambiguous, and out-of-scope prompts.
Prompt injection can come from users, documents, web pages, or tool outputs.
Do not expose chain-of-thought-style hidden reasoning; provide concise explanations or sources instead.

Application integration review

Common architecture patterns

Pattern	When used	Key implementation concern
Direct API call from backend	Simple app-to-AI service integration	Secure credentials and handle retries
Serverless processing	Event-driven document/audio/image processing	Manage timeout, scaling, and idempotency
Web app with chat backend	Interactive generative AI experience	Session state, auth, retrieval, streaming
RAG pipeline	Private knowledge Q&A	Ingestion, chunking, embeddings, index quality
Batch enrichment	Large-scale document processing	Throughput, retry, cost, monitoring
Tool-using agent	Model calls app functions	Validate tool input/output and permissions
Human-in-the-loop workflow	High-risk or low-confidence decisions	Queue design, audit trail, reviewer UI

API and SDK reminders

Know whether the scenario is asking for management-plane work, such as provisioning resources, or data-plane work, such as calling a model or analyzing a document.
Handle transient failures with retries and backoff.
Use regional endpoints and deployment names correctly.
Do not expose service keys in client-side code.
Validate request size, supported file formats, and rate/throughput limits in design scenarios.
Use structured outputs when downstream systems need reliable parsing.
Log correlation IDs and request metadata for troubleshooting.

Deployment and operations review

Concern	What to review
Environment separation	Dev/test/prod resources, separate keys, separate indexes, safe rollout
Configuration	Endpoints, deployment names, model versions, index names, thresholds
Observability	Metrics, logs, traces, alerts, failure rates, latency
Quality evaluation	Golden datasets, regression tests, prompt/version comparisons
Cost control	Token usage, batch size, index size, unnecessary retrieval, logging volume
Latency	Model choice, streaming, caching, retrieval time, network path
Resilience	Retries, fallback messages, circuit breakers, graceful degradation
Compliance support	Audit logs, access records, retention, data handling controls

Troubleshooting signals

Symptom	Likely area to inspect
Answers are fluent but wrong	Retrieval quality, prompt grounding, source freshness
Answers omit known documents	Indexing, chunking, filters, permissions, vector generation
Search results ignore filters	Field configuration or query construction
Model output is truncated	Token limits or output configuration
Responses vary too much	Temperature, prompt specificity, missing examples
App returns unauthorized errors	Identity, RBAC, service permissions, endpoint configuration
Works locally but not in Azure	Managed identity, firewall, private endpoint, app settings
High latency	Retrieval pipeline, model selection, response length, network path
High cost	Excessive context, large outputs, repeated calls, inefficient indexing
Poor document extraction	Wrong model, document quality, unsupported layout, insufficient training data

High-yield comparison: RAG vs fine-tuning vs prompt engineering

Need	Prompt engineering	RAG	Fine-tuning
Improve formatting	Strong	Moderate	Possible but often unnecessary
Enforce response style	Strong	Moderate	Strong for repeated style patterns
Use current private data	Weak	Strong	Weak
Cite source documents	Weak	Strong	Weak
Reduce hallucinations over enterprise content	Moderate	Strong	Limited
Teach domain-specific behavior	Moderate	Moderate	Strong when examples are stable
Avoid retraining when documents change	Strong	Strong	Weak
Add business rules	Moderate	Strong when combined with app logic	Moderate
Best first step for most apps	Yes	Yes when knowledge grounding is required	No, only when justified

High-yield comparison: Azure AI Search vs database search

Requirement	Azure AI Search	Traditional database query
Full-text search	Strong	Limited or add-on dependent
Relevance ranking	Strong	Usually not the primary design
Vector similarity	Strong when configured	Not always native
Facets and search UX	Strong	Requires custom implementation
Transaction processing	Not primary purpose	Strong
Relational joins	Not primary purpose	Strong
RAG retrieval	Strong fit	Possible but often less specialized
Filtering by metadata	Strong if fields are configured	Strong
Frequent transactional updates	Consider carefully	Strong

Common candidate mistakes

Service choice mistakes

Choosing Azure OpenAI for every text problem, even when a prebuilt Language capability is simpler.
Choosing generic OCR when the scenario requires structured field extraction from forms.
Choosing fine-tuning when the requirement is current private knowledge.
Choosing Speech services for conversation intelligence without adding language understanding or generative logic.
Choosing AI Search when the task is transactional database lookup rather than relevance-based search.

Architecture mistakes

Putting service keys in browser or mobile client code.
Forgetting managed identity and least privilege.
Building RAG without document-level authorization.
Treating embeddings as a database replacement.
Ignoring index field attributes needed for filters and facets.
Sending too much irrelevant context to the model.
Skipping human review for high-impact automated decisions.

Exam-reading mistakes

Missing qualifiers like prebuilt, custom, real-time, batch, private data, least privilege, low latency, or structured output.
Answering for the most advanced technology instead of the simplest service that satisfies the requirement.
Confusing safety, security, and correctness.
Ignoring whether the task is ingestion, retrieval, generation, deployment, or monitoring.
Overlooking that the app, not the model, must enforce identity, authorization, and business rules.

Fast decision rules

Use these quick rules when you are stuck between similar answers:

Need enterprise Q&A over documents? Use RAG: Azure AI Search for retrieval plus Azure OpenAI for generation.
Need current facts? Retrieve them; do not rely on model training.
Need private data access control? Authenticate the user and security-trim before prompting.
Need structured form fields? Use Document Intelligence, not just OCR.
Need sentiment, entities, or key phrases? Use Azure AI Language prebuilt features unless the labels are custom.
Need image labels or object detection? Use Vision capabilities; use custom only for domain-specific recognition.
Need speech input or output? Use Speech services; combine with Language or Azure OpenAI for understanding and response generation.
Need secure app-to-service access? Prefer managed identity and RBAC where supported.
Need safer generative output? Combine grounding, safety filters, evaluation, and human review.
Need reliable downstream automation? Use structured outputs and validate before action.

Practice priorities for AI-200

Use IT Mastery practice to convert this review into exam readiness. Prioritize original practice questions in this order:

Priority	Topic drill	What to prove
1	Service selection	You can choose the right Azure AI service from scenario clues
2	Azure OpenAI basics	You understand deployments, prompts, tokens, parameters, and safety
3	RAG and AI Search	You can design ingestion, indexing, embeddings, retrieval, and grounding
4	Security	You can pick managed identity, Key Vault, RBAC, and least-privilege patterns
5	Document Intelligence	You can distinguish OCR, layout, prebuilt extraction, and custom models
6	Language, Vision, Speech	You can map requirements to prebuilt and custom AI capabilities
7	Responsible AI	You can identify controls for hallucination, harm, privacy, and human review
8	Monitoring and troubleshooting	You can diagnose latency, wrong answers, auth errors, stale indexes, and cost issues
9	Mixed mock exams	You can switch topics quickly under time pressure
10	Detailed explanations	You can explain why distractors are wrong, not just why the answer is right

Final pre-practice checklist

Before starting a mock exam, make sure you can answer these without notes:

Which service extracts structured fields from invoices or forms?
Which pattern supports private document Q&A with source grounding?
Why is RAG usually different from fine-tuning?
What is the role of embeddings in vector search?
What index field settings are needed for filtering, sorting, faceting, and retrieval?
How do you prevent users from seeing unauthorized documents in a chatbot?
When should you use prebuilt Language capabilities instead of Azure OpenAI?
What is the difference between OCR and Document Intelligence extraction?
How should an Azure-hosted app authenticate to AI services securely?
What controls reduce hallucination, harmful output, and prompt injection?
What should you inspect when answers are wrong but fluent?
What should you inspect when an app works locally but fails after deployment?

Next step

After reviewing the tables above, move directly into AI-200 topic drills in an IT Mastery question bank. Start with service selection and RAG scenarios, then use mixed mock exams and detailed explanations to find weak areas before your final review.

Continue in IT Mastery

Use this Quick Review as a final concept map, then move into IT Mastery for focused topic drills, mixed practice sets, timed mock exams, and detailed explanations. The practice questions are original IT Mastery practice items; they are not official Microsoft questions, copied live-exam content, or exam dumps.

Study Plan