Post

AZ-104 Study Notes

A comprehensive guide to preparing for the AZ-104 Azure Administrator certification exam.

Posted Updated
Preview Image
By Mahmud Elgoeuri
3 min read
AZ-104 Study Notes

Overview

The AZ-104 certification is designed for Azure Administrators who manage cloud services that span compute, storage, networking, and security within Microsoft Azure. This exam validates your skills in managing Azure resources effectively, automating deployments, implementing security, and maintaining cloud infrastructure.

Exam Content

  • Manage Azure identities and governance (20–25%)

  • Implement and manage storage (15–20%)

  • Deploy and manage Azure compute resources (20–25%)

  • Implement and manage virtual networking (15–20%)

  • Monitor and maintain Azure resources (10–15%)

1. Manage Azure identities and governance (20–25%)

  • Manage Microsoft Entra users and groups

    • Create users and groups

    • Manage user and group properties

    • Manage licenses in Microsoft Entra ID

    • Manage external users

    • Configure self-service password reset (SSPR)

  • Manage access to Azure resources

    • Manage built-in Azure roles

    • Assign roles at different scopes (subscription, resource group, resource)

    • Interpret access assignments

  • Manage Azure subscriptions and governance

    • Implement and manage Azure Policy

    • Configure resource locks

    • Apply and manage tags on resources

    • Manage resource groups

    • Manage subscriptions

    • Manage costs via alerts, budgets, Azure Advisor recommendations

    • Configure management groups

2. Implement and manage storage (15–20%)

  • Configure access to storage

    • Configure storage firewalls and v‑nets

    • Create/use Shared Access Signature (SAS) tokens

    • Configure stored access policies

    • Manage access keys

    • Configure identity-based access for Azure Files

  • Configure and manage storage accounts

    • Create/configure accounts

    • Configure redundancy, object replication, encryption

    • Manage data via Storage Explorer and AzCopy

  • Configure Azure Files and Blob Storage

    • File shares and blob containers

    • Configure tiers, soft delete, snapshots, lifecycle management, versioning

3. Deploy and manage Azure compute resources (20–25%)

  • Automate deployment with ARM/Bicep

    • Interpret, modify, deploy, export templates

  • Create and configure VMs

    • Provision VMs

    • Configure disk encryption

    • Move VMs across RG/subscription/region

    • Manage sizes, disks

    • Deploy with availability zones and sets

    • Configure VM Scale Sets

  • Provision/managing containers

    • Create container registry

    • Deploy Azure Container Instances & Azure Container Apps

    • Manage sizing and scaling

  • Create/configure Azure App Service

    • Provision plans, configure scaling

    • Deploy services, configure TLS/certificates

    • Map custom DNS, enable backups

    • Set networking & deployment slots

4. Implement and manage virtual networking (15–20%)

  • Configure/manage virtual networks

    • Create/configure VNets and subnets

    • Configure VNet peering, public IPs, user-defined routes

    • Troubleshoot connectivity

  • Configure secure access

    • Create NSGs, application security groups

    • Evaluate effective NSG rules

    • Implement Azure Bastion

    • Configure service and private endpoints for PaaS services

  • Configure DNS and load balancing

    • Configure Azure DNS

    • Set up internal/public load balancer

    • Troubleshoot load balancing configurations

5. Monitor and maintain Azure resources (10–15%)

  • Monitor resources

    • Interpret Azure Monitor metrics

    • Configure log settings and query/analyze logs

    • Set up alert rules, action groups, alert processing

    • Leverage Azure Monitor Insights for VMs, storage, networks

    • Use Network Watcher and Connection Monitor

  • Backup and recovery

    • Create Recovery Services vault and Backup vault

    • Set and configure backup policies

    • Perform backups/restores

    • Configure Azure Site Recovery with failover

    • Monitor and interpret backup reports and alerts

Let’s Start

1. **Manage Azure identities and governance

- Users

- Groups

  • Microsoft 365 Groups are used for collaboration between users, both inside and outside your company. They include collaboration services such as SharePoint and Planner. Microsoft Teams uses Microsoft 365 Groups for membership.
  • Distribution groups are used for sending email notifications to a group of people.
  • Security groups are used for granting access to resources such as SharePoint sites.
  • Mail-enabled security groups are used for granting access to resources such as SharePoint, and emailing notifications to those users.
  • Shared mailboxes are used when multiple people need access to the same mailbox, such as a company information or support email address.
  • Dynamic distribution groups are created to expedite the mass sending of email messages and other information within an organization.
 Microsoft 365 GroupsDistribution groupsSecurity groupsMail-enabled security groupsShared mailboxesDynamic distribution groups
Mail-enabledYesYesNoYesYesYes
Dynamic membership in Microsoft Entra IDYesNoYesNoNoNo

Resources

  • Azure Administrator Certification (AZ-104) - Full Course to PASS the Exam
Azure, AZ-104
Microsoft Azure Cloud Certification az104
This post is licensed under CC BY 4.0 by the author.