AZ-104

This section focuses on the Microsoft Azure Administrator AZ-104 Exam

The Microsoft Azure Administrator Associate AZ-104 has been updated as of October 26, 2023. And contains new objectives and skills measured. Microsoft expects you to be an expert in implementing, managing, and monitoring an organizations Azure infrastructure for this exam. Microsoft recommends six months of hands on experience managing Azure before attempting the exam. The Azure Administrator serves as part of a larger team usually. They are dedicated to implementing an organizations cloud infrastructure. Azure Administrator Associates coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions

Here is a link to the the Microsoft Documentation for AZ-104

The responsibilities that Microsoft outlines for this role are:

Microsoft recommends familiarity with the following topics:

Microsoft recommends experience with the following topics:

Skills Measured

Please click a link below to navigate to that learning module.

NOTE: The bullets that follow each of the skills measured are intended to illustrate how they are assessing that skill. The list is not definitive or exhaustive. NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Manage Azure identities and governance (20 - 25%)

Manage Microsoft Entra users and groups
• Create users and groups
• Manage user and group properties
• Manage licenses in Microsoft Entra ID
• Manage external users
• Configure self-service password reset (SSPR)
Manage access to Azure resources
• Manage built-in Azure roles
• Assign roles at different scopes
• Interpret access assignments
Manage Azure subscriptions and governance
• Implement and manage Azure Policy
• Configure resource locks
• Apply and manage tags on resources
• Manage resource groups
• Manage subscriptions
• Manage costs by using alerts, budgets, and Azure Advisor recommendations
• Configure management groups

Implement and manage storage (15 - 20%)

Configure access to storage
• Configure Azure Storage firewalls and virtual networks
• Create and use shared access signature (SAS) tokens
• Configure stored access policies
• Manage access keys
• Configure identity-based access for Azure Files
Configure and manage storage accounts
• Create and configure storage accounts
• Configure Azure Storage redundancy
• Configure object replication
• Configure storage account encryption
• Manage data by using Azure Storage Explorer and AzCopy
Configure Azure Files and Azure Blob Storage
• Create and configure a file share in Azure Storage
• Create and configure a container in Blob Storage
• Configure storage tiers
• Configure snapshots and soft delete for Azure Files
• Configure blob lifecycle management
• Configure blob versioning

Deploy and manage Azure compute resources (20 - 25%)

Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files
• Interpret an Azure Resource Manager template or a Bicep file
• Modify an existing Azure Resource Manager template
• Modify an existing Bicep file
• Deploy resources by using an Azure Resource Manager template or a Bicep file
• Export a deployment as an Azure Resource Manager template or convert an Azure Resource Manager template to a Bicep file
Create and configure virtual machines
• Create a virtual machine
• Configure Azure Disk Encryption
• Move a virtual machine to another resource group, subscription, or region
• Manage virtual machine sizes
• Manage virtual machine disks
• Deploy virtual machines to availability zones and availability sets
• Deploy and configure an Azure Virtual Machine Scale Sets
Provision and manage containers in the Azure portal
• Create and manage an Azure container registry
• Provision a container by using Azure Container Instances
• Provision a container by using Azure Container Apps
• Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps
Create and configure Azure App Service
• Provision an App Service plan
• Configure scaling for an App Service plan
• Create an App Service
• Configure certificates and Transport Layer Security (TLS) for an App Service
• Map an existing custom DNS name to an App Service
• Configure backup for an App Service
• Configure networking settings for an App Service
• Configure deployment slots for an App Service

Implement and manage virtual networking (15 - 20%)

Configure and manage virtual networks in Azure
• Create and configure virtual networks and subnets
• Create and configure virtual network peering
• Configure public IP addresses
• Configure user-defined network routes
• Troubleshoot network connectivity
Configure secure access to virtual networks
• Create and configure network security groups (NSGs) and application security groups
• Evaluate effective security rules in NSGs
• Implement Azure Bastion
• Configure service endpoints for Azure platform as a service (PaaS)
• Configure private endpoints for Azure PaaS
Configure name resolution and load balancing
• Configure Azure DNS
• Configure an internal or public load balancer
• Troubleshoot load balancing

Monitor and maintain Azure resources (10 - 15%)

Monitor resources in Azure
• Interpret metrics in Azure Monitor
• Configure log settings in Azure Monitor
• Query and analyze logs in Azure Monitor
• Set up alert rules, action groups, and alert processing rules in Azure Monitor
• Configure and interpret monitoring of virtual machines, storage accounts, and networks by using Azure Monitor Insights
• Use Azure Network Watcher and Connection Monitor
Implement backup and recovery
• Create a Recovery Services vault
• Create an Azure Backup vault
• Create and configure a backup policy
• Perform backup and restore operations by using Azure Backup
• Configure Azure Site Recovery for Azure resources
• Perform a failover to a secondary region by using Site Recovery
• Configure and interpret reports and alerts for backups