Open YouTube

Prepare for Microsoft Certification Exam AZ-104: Microsoft Azure Administrator

Microsoft Learnautoenpublicupdated

Exam Overview

  1. AZ-104 validates skills in Azure identity, governance, storage, compute, networking, monitoring, and recovery.
  2. Identity and governance and compute each represent 20–25%; storage and networking each 15–20%; monitoring represents 10–15%.
  3. The preparation series is a final review for identifying knowledge gaps, not a replacement for official training or hands-on experience.

Identity and Governance

  1. Study Entra ID users, groups, identity types, guest access, licensing, and both portal and command-line administration.
  2. Understand Azure RBAC roles, Entra administrator roles, scope inheritance, combined permissions, and least-privilege assignments.
  3. Know how Azure Policy, initiatives, compliance evaluation, and RBAC work together.
  4. Review resource locks, resource-group constraints, subscriptions, tenants, directories, management groups, and cost management.

Storage

  1. Understand storage firewalls, virtual network rules, service endpoints, private endpoints, and data-plane access restrictions.
  2. Know user-delegation, service, and account SAS tokens; stored access policies; access keys; Key Vault integration; and Azure AD authentication.
  3. Review Azure Files protocols, identity-based permissions, port 445 connectivity, and the limitations of NFS authentication.
  4. Compare LRS, ZRS, GRS, and GZRS by cost, availability, replication scope, disaster protection, and secondary read access.
  5. Learn blob access levels, storage tiers, retention periods, lifecycle policies, snapshots, soft delete, and versioning.

Compute

  1. Interpret, modify, and deploy ARM templates and Bicep files, focusing on their structure and core features.
  2. Understand end-to-end VM creation, VM families, disks, encryption, availability sets, SLAs, scaling, and resource moves.
  3. Compare ACR, ACI, Azure Container Apps, and AKS based on image storage, orchestration, simplicity, and scaling needs.
  4. Know how App Service plans define shared compute, pricing, vertical and horizontal scaling, deployment slots, security, and custom domains.

Networking

  1. Study VNets, subnets, public IPs, hybrid connectivity, VNet peering, and peering options such as forwarded traffic and gateway transit.
  2. Understand user-defined routes, next hops, system-route overrides, IP forwarding, and network virtual appliances.
  3. Know how NSGs evaluate five-tuple rules by priority and how ASGs logically group machines for use in those rules.
  4. Review Azure Bastion, service versus private endpoints, public versus private DNS, and public versus internal load balancers.
  5. Practice diagnosing connectivity and load-balancer failures using routing checks, Network Watcher, and health probes.

Monitoring and Recovery

  1. Understand Azure Monitor architecture, metrics, logs, agents, VM Insights, dashboards, alerts, severity levels, and action groups.
  2. Know Application Insights performance and failure views, plus Network Watcher and Connection Monitor setup and capabilities.
  3. Review Recovery Services vault creation, supported workloads, backup redundancy, recovery points, RTO, and RPO.
  4. Distinguish regional backup from Site Recovery replication and understand backup policies, failover, test failover, and troubleshooting steps.

Final Preparation

  1. Use scenario-based reasoning to decide how Azure services should be applied according to best practices.
  2. Prioritize the heavier identity, governance, and compute domains when study time is limited.
  3. Use the exam sandbox to learn the interface and question format, then take the free practice assessment to identify remaining gaps.

Actiepunten

  1. Review the official skills list and concentrate study time on the listed exam objectives.
  2. Practice managing Entra ID users and groups through both the Azure portal and command-line tools.
  3. Practice creating and configuring a virtual machine in a lab environment.
  4. Practice evaluating NSG rule tables and determining whether traffic is allowed or denied.
  5. Review any unfamiliar topic before progressing to the next exam domain.
  6. Complete the exam sandbox before scheduling the certification exam.
  7. Take the free practice assessment and revisit the weak areas it identifies.