AZ-104: Microsoft Azure Administrator Study Guide

Exam Overview

• Certification: Microsoft Azure Administrator Associate
• Exam Code: AZ-104
• Target Audience: Azure administrators managing cloud environments
• Experience Required: 6-12 months hands-on Azure administration experience

Skills Measured (as of April 18, 2025)

1. Manage Azure Identities and Governance (20-25%)

Manage Microsoft Entra Users and Groups

• Create users and groups
• Manage user and group properties
• Manage licenses in Microsoft Entra ID
• Manage external users
• Configure self-service password reset (SSPR)

Manage Access to Azure Resources

• Manage built-in Azure roles
• Assign roles at different scopes
• Interpret access assignments

Manage Azure Subscriptions and Governance

• Implement and manage Azure Policy
• Configure resource locks
• Apply and manage tags on resources
• Manage resource groups
• Manage subscriptions
• Manage costs using alerts, budgets, and Azure Advisor recommendations
• Configure management groups

2. Implement and Manage Storage (15-20%)

Configure Access to Storage

• Configure Azure Storage firewalls and virtual networks
• Create and use shared access signature (SAS) tokens
• Configure stored access policies
• Manage access keys
• Configure identity-based access for Azure Files

Configure and Manage Storage Accounts

• Create and configure storage accounts
• Configure Azure Storage redundancy
• Configure object replication
• Configure storage account encryption
• Manage data using Azure Storage Explorer and AzCopy

Configure Azure Files and Azure Blob Storage

• Create and configure a file share in Azure Storage
• Create and configure a container in Blob Storage
• Configure storage tiers
• Configure soft delete for blobs and containers
• Configure snapshots and soft delete for Azure Files
• Configure blob lifecycle management
• Configure blob versioning

3. Deploy and Manage Azure Compute Resources (20-25%)

Automate Deployment of Resources

• Interpret Azure Resource Manager templates or Bicep files
• Modify existing ARM templates and Bicep files
• Deploy resources using ARM templates or Bicep
• Export deployments as templates or convert to Bicep

Create and Configure Virtual Machines

• Create a virtual machine
• Configure Azure Disk Encryption
• Move VMs to another resource group, subscription, or region
• Manage VM sizes
• Manage VM disks
• Deploy VMs to availability zones and availability sets
• Deploy and configure Azure Virtual Machine Scale Sets

Provision and Manage Containers

• Create and manage Azure container registry
• Provision containers using Azure Container Instances
• Provision containers using Azure Container Apps
• Manage sizing and scaling for containers

Create and Configure Azure App Service

• Provision App Service plans
• Configure scaling for App Service plans
• Create App Services
• Configure certificates and TLS
• Map custom DNS names
• Configure backup
• Configure networking settings
• Configure deployment slots

4. Implement and Manage Virtual Networking (15-20%)

Configure and Manage Virtual Networks

• Create and configure virtual networks and subnets
• Create and configure virtual network peering
• Configure public IP addresses
• Configure user-defined network routes
• Troubleshoot network connectivity

Configure Secure Access to Virtual Networks

• Create and configure network security groups (NSGs) and application security groups
• Evaluate effective security rules in NSGs
• Implement Azure Bastion
• Configure service endpoints for Azure PaaS
• Configure private endpoints for Azure PaaS

Configure Name Resolution and Load Balancing

• Configure Azure DNS
• Configure internal or public load balancer
• Troubleshoot load balancing

5. Monitor and Maintain Azure Resources (10-15%)

Monitor Resources in Azure

• Interpret metrics in Azure Monitor
• Configure log settings in Azure Monitor
• Query and analyze logs in Azure Monitor
• Set up alert rules, action groups, and alert processing rules
• Configure and interpret monitoring of VMs, storage accounts, and networks using Azure Monitor Insights
• Use Azure Network Watcher and Connection Monitor

Implement Backup and Recovery

• Create Recovery Services vault
• Create Azure Backup vault
• Create and configure backup policies
• Perform backup and restore operations using Azure Backup
• Configure Azure Site Recovery for Azure resources
• Perform failover to secondary region using Site Recovery
• Configure and interpret reports and alerts for backups

Key Study Resources

Official Microsoft Learn Paths

• AZ-104: Prerequisites for Azure administrators
• AZ-104: Manage identities and governance in Azure
• AZ-104: Implement and manage storage in Azure
• AZ-104: Deploy and manage Azure compute resources
• AZ-104: Configure and manage virtual networks
• AZ-104: Monitor and back up Azure resources

Practice Resources

• Free Practice Assessment on Microsoft Learn
• Azure free account for hands-on labs
• Azure sandbox environments

Documentation

• Microsoft Entra ID documentation
• Azure Policy documentation
• Azure Storage documentation
• ARM templates documentation
• Azure Monitor documentation
• Azure Backup service documentation

Exam Details

• Passing Score: 700
• Question Format: Multiple choice, case studies, drag-and-drop, hot area
• Exam Duration: 120 minutes (150 minutes for non-native English speakers)
• Languages Available: Multiple languages including English, Japanese, Chinese, Korean, German, French, Spanish, Portuguese
• Exam Cost: $165 USD (varies by region)

Preparation Tips

Recommended Study Time

• 3-6 months for beginners
• 1-3 months for experienced IT professionals
• Focus on hands-on experience with Azure Portal, PowerShell, and CLI

Key Areas to Focus On

1. Identity and access management with Microsoft Entra ID
2. Storage account configuration and management
3. Virtual machine deployment and management
4. Virtual networking and network security
5. Monitoring and backup strategies

Hands-On Practice Areas

• Configure RBAC and Azure Policy
• Deploy and manage virtual machines
• Configure storage accounts and blob storage
• Set up virtual networks and network security groups
• Implement backup and disaster recovery
• Configure monitoring and alerts

Important Tools to Master

• Azure Portal
• Azure PowerShell
• Azure CLI
• Azure Storage Explorer
• ARM Templates/Bicep
• Azure Monitor

Certification Path

• Prerequisites: Azure Fundamentals (AZ-900) recommended but not required
• Renewal: Required every 12 months through Microsoft Learn
• Next Steps:
  • Azure Solutions Architect Expert (AZ-305)
  • Azure DevOps Engineer Expert (AZ-400)
  • Azure Security Engineer Associate (AZ-500)

Key Topics for Deep Study

Identity Management

• Microsoft Entra ID fundamentals
• RBAC vs Azure Policy
• Conditional Access policies
• Privileged Identity Management basics

Storage

• Storage account types and replication
• SAS tokens and access keys
• Blob lifecycle management
• Azure Files vs Blob Storage

Compute

• VM sizing and families
• Availability sets vs Availability zones
• Scale sets configuration
• Container services comparison

Networking

• Virtual network concepts
• NSG rules and priority
• Service endpoints vs Private endpoints
• Load balancer types and configurations

Monitoring

• Metrics vs Logs
• Alert rules and action groups
• Log Analytics queries (KQL basics)
• Network Watcher capabilities