- Published on
Re-Credentialing the Whole Stack: Reaching Full Capability on a New Cloud
- Authors

- Name
- Mark Beacom
- @mbeacom

When I took on a new platform as a Senior Cloud Solution Architect in Microsoft's Cloud & AI Platforms organization, I gave myself a deliberate constraint: reach full capability across the entire stack—not comfortable familiarity, but the depth where I can defend a design decision to a room of skeptical engineers or a customer's risk committee—and do it systematically enough to compress the timeline.
I'd operated at full capability on other major hyperscalers before, and that's precisely why I refused to treat a new platform as "the same concepts with different names." The primitives rhyme across clouds—identity, isolation, delivery, observability—but the differences are exactly where credibility is won or lost. So I used certifications the way I'd use a well-designed test suite: not as proof of competence, but as a forcing function. A cert taken seriously turns "I'm generally familiar with that" into "I've pressure-tested that against the current version of the platform and can defend the trade-off."
Skip to the composite if you'd rather see the argument than the journey: the shape of "full capability" for an enterprise cloud architect has quietly been rewritten across four layers—and it's true on whichever cloud you call home.
- Layer 1: The platform substrate is still the price of admission
- Layer 2: AI moved from a service you call to a system you operate
- Layer 3: The architect who can't speak business AI won't move the deal
- Layer 4: The parallel track—portability, security, and the multicloud reality enterprises actually live in
- What the composite actually says
- A few honest caveats
- What's Next?
Over roughly a single quarter, that constraint turned into nine Microsoft certifications, a parallel track of Cloud Native Computing Foundation credentials, and a Kubernetes security exam still on the calendar. But the specific badges are the least interesting part. What the exercise made unavoidable was a bigger realization: coming to the stack fresh, with a trained eye from other clouds, I could see that the stack itself has been reorganized. AI didn't bolt a new skill onto the old architect role. It inserted a whole new operating layer—and it moved the bar for everyone who builds on top of any hyperscaler.
Here's how I'd map the terrain.
Layer 1: The platform substrate is still the price of admission
Every AI-flavored workload gets deployed onto—and constrained by—the same primitives that have always governed serious cloud: identity, network isolation, landing zones, resiliency targets, change control, and infrastructure as code. In an enterprise (and especially in regulated industries like financial services), that substrate isn't background detail. It's the whole conversation. A generative-AI pattern that can't survive a data-residency requirement, a private-endpoint mandate, or an auditor's question about who deployed what and when is not a pattern you can ship.
So the foundation was the classic Azure engineering ladder: Azure Administrator Associate (AZ-104), then Azure Solutions Architect Expert (AZ-305), and DevOps Engineer Expert (AZ-400). Coming from other clouds, this is where a new platform's specific opinions live—its identity model, its networking defaults, its governance surface—and where "it's basically the same as what I know" quietly becomes wrong in ways that matter. Administrator forces fluency in the operational reality architects are tempted to wave away. The Solutions Architect Expert is the design capstone: trading cost, resilience, security, and operations against each other. And DevOps Engineer is the connective tissue—because in a governed environment the deployment pipeline is a control. How you promote a change, gate it, prove it was reviewed, and roll it back is the evidence trail, not a developer convenience.
The architect who treats platform and DevOps as "someone else's job" cannot credibly govern an AI workload—because in an enterprise the governance lives in the platform and the pipeline, regardless of which cloud it runs on.
Layer 2: AI moved from a service you call to a system you operate
This is the shift I'd most want peers on any cloud to internalize. Two years ago, "AI on the platform" for most architects meant calling a managed model or an OpenAI-style endpoint and handling the response. That framing is now dangerously incomplete. The center of gravity has moved to operating AI systems—grounding them in proprietary data, orchestrating agents, evaluating output quality, and monitoring for drift, cost, and safety in production.

I worked this layer in three deliberate steps.
I earned Azure AI Fundamentals and then, when Microsoft refreshed the exam to center on Microsoft Foundry rather than the older à-la-carte AI services, re-validated the same certification against the newer version (the AI-900 exam retired and was replaced by AI-901). That refresh is itself a tell that generalizes: the "fundamentals" of applied AI are being rewritten around Foundry, agents, and generative patterns in the span of a single year. If your mental model of cloud AI—on any platform—is more than a year old, it's stale.
From there, the Azure AI Apps and Agents Developer Associate certification—the successor to the long-standing Azure AI Engineer track (the AI-102 exam retired and was replaced by AI-103). The rename is not cosmetic. "Apps and Agents" is the industry telling you where enterprise AI is going: retrieval-augmented generation over a customer's own data, multi-agent orchestration, prompt and content safety, and integration into real applications rather than demos.
The capstone of this layer was the Machine Learning Operations Engineer Associate certification (exam AI-300, Operationalizing Machine Learning and Generative AI Solutions). This is the one I'd flag hardest, because it names the thing the whole market is still catching up to: GenAIOps. It covers the MLOps discipline you'd expect—model lifecycle, registries, infrastructure as code for machine learning—but extends into operating generative systems: evaluation, observability, quality assurance, and performance optimization for agents and LLM applications.
This is where "we built a Copilot prototype" either becomes a governed, monitored, auditable production system or quietly dies in a proof-of-concept graveyard. Model risk management, output evaluation, and traceability aren't features you add later. They're the architecture.
The through-line across this layer: AI in an enterprise is an operational discipline, not an API call. The architect who can only wire up an endpoint has automated the easy 20%. The hard, valuable 80% is everything that keeps that endpoint trustworthy in production—and none of it is specific to one vendor's badge.
Layer 3: The architect who can't speak business AI won't move the deal
Technical depth is necessary and insufficient. In an enterprise, the decision to adopt AI at scale is made by people who will never read a Bicep template—and who are, rightly, nervous about governance, cost, data protection, and the reputational exposure of a hallucination in a customer-facing channel. If the architect in the room can't translate the technical reality into ROI, risk posture, and an adoption plan, the technically superior design still loses.
So I deliberately closed the loop with the business-and-adoption credentials: AI Business Professional (AB-730), AI Transformation Leader (AB-731), and Copilot and Agent Administration Fundamentals (AB-900). These get dismissed as "the non-technical ones," which misreads them. The Transformation Leader material is essentially a framework for the conversation an executive actually wants to have: where does generative AI create value, what are the cost drivers (tokens, ROI, build-versus-buy), how do you stand up an AI governance council, and how do you run responsible-AI review against fairness, reliability, privacy, security, and accountability. The Copilot and Agent Administration credential grounds the "how do we actually roll this out and control it" question—licensing, data protection, and the administration surface for Copilot and agents inside a tenant with compliance obligations in every direction.
This is the layer where responsible AI stops being a slide and becomes a control framework. An enterprise—a regulated bank most of all—cannot deploy an agent it cannot govern, cannot explain, or cannot switch off. Being able to lead that conversation, not just survive it, is increasingly the differentiating skill.
Layer 4: The parallel track—portability, security, and the multicloud reality enterprises actually live in
Alongside the Microsoft path, I've been working a vendor-neutral Cloud Native Computing Foundation track: Certified Cloud Native Platform Engineering Associate (CNPA), Kubernetes and Cloud Native Associate (KCNA), Kubernetes and Cloud Native Security Associate (KCSA), and Certified GitOps Associate (CGOA). Next on the calendar are the hands-on CKS and CKAD—and passing CKS also recertifies my CKA against the latest curriculum. Completing that set earns the Linux Foundation's Kubestronaut badge, with the Golden Kubestronaut to follow, which is the honest reason I've been knocking out the adjacent credentials rather than stopping at Kubernetes alone.
Why keep investing in deliberately vendor-neutral credentials? Because this is the layer that actually travels with you between clouds—and, coming from deep experience on other hyperscalers, it's the through-line I trust most. Enterprises do not live in a single-cloud fantasy. They run hybrid estates, they carry portability and concentration-risk requirements, and their most sophisticated buyers ask pointed questions about lock-in. The portable primitives—Kubernetes, GitOps as a deployment-governance model, cloud-native security posture—are the same regulated-industry concerns from Layer 1 expressed in a language that isn't tied to any one provider. The best way to earn the right to recommend a platform is to demonstrably understand the alternatives, and to be fluent in the layer that sits above all of them.
What the composite actually says

Line the four layers up and a picture emerges that's larger than any single badge, and larger than any single cloud. The modern enterprise cloud architect is expected to be fluent, simultaneously, in:
- The platform and delivery substrate that makes a workload governable.
- The AI operating layer that makes generative systems trustworthy in production.
- The business and responsible-AI framework that gets adoption approved and controlled.
- The portable, cloud-native foundation that lets all of it hold up in a hybrid, multicloud reality.
That's a wider span than the role demanded even a couple of years ago—the AI operating layer, in particular, barely existed as a distinct tier. It's precisely why the most senior architecture tracks exist as distinct roles: the enterprise, priority-account work assumes you can operate across all four layers in the same customer conversation, often in the same meeting. Re-credentialing didn't make me that architect. It gave me a current, accurate map of the territory the role is responsible for—on this platform specifically, and across clouds generally—and it closed the exact gaps where "generally familiar" wasn't good enough to defend a decision in front of a customer's risk function.
A few honest caveats
A badge is a forcing function for structured study and a signal of seriousness—not a substitute for the scar tissue you earn shipping real workloads. I'd never present a badge as evidence of competence; I present it as evidence that I did the reading and can be trusted to know what I don't know.
The compressed timeline worked because the domains reinforced each other—studying GenAIOps made the AI developer material click, and a solid platform foundation made all of it concrete. And it worked because I wasn't starting from zero: the fastest way to reach full capability on a new cloud is to already understand what "full capability" looks like on another, then go find the specific places where this platform's answers differ. I would not recommend the sprint to everyone. I would recommend the map.
If you're an architect—whether you're deepening on the cloud you already run, or extending your reach to an additional one—the takeaway isn't "go collect nine certifications." It's this: audit yourself against the four layers. Most of us are strong in one or two and hand-wave the rest. The role has changed underneath all of us, and the accounts that matter most are the ones least willing to tolerate the hand-waving.
What's Next?
CKS and CKAD are on the near horizon, and with them the Kubestronaut and Golden Kubestronaut milestones. But the more interesting work is the application: helping enterprises move generative AI from governed prototype to governed production—which, it turns out, is a problem that lives in all four layers at once, on every cloud.
If any of this resonates—especially the GenAIOps and responsible-AI-as-a-control-framework angles—I'd genuinely like to compare notes. That's the conversation I find most worth having right now.
