Azure Administrator Associate (AZ-104) Study Guide

🎯 Overview

This comprehensive study guide is designed to help you prepare for the Microsoft Certified: Azure Administrator Associate certification (Exam AZ-104). The guide covers all exam objectives with practical examples, hands-on labs, and real-world scenarios.

📋 Exam Information

• Exam Code: AZ-104
• Exam Title: Microsoft Azure Administrator
• Duration: 100 minutes
• Question Types: Multiple choice, case studies, interactive components
• Passing Score: 700/1000
• Prerequisites: None (but Azure fundamentals recommended)

🎯 Learning Objectives

By completing this study guide, you will be able to:

1. Manage Azure identities and governance (20-25%)
2. Implement and manage storage (15-20%)
3. Deploy and manage Azure compute resources (20-25%)
4. Implement and manage virtual networking (15-20%)
5. Monitor and maintain Azure resources (10-15%)

📚 Study Guide Structure

Module 1: Azure Identities and Governance

Duration: 1-2 weeks
Weight: 20-25% of exam

Learning Objectives

• Manage Microsoft Entra ID users, groups, and devices
• Configure self-service password reset (SSPR)
• Implement role-based access control (RBAC)
• Manage Azure subscriptions and governance
• Configure Azure policies and resource locks

Key Topics

Microsoft Entra ID (Azure AD)

• User and group management
• Guest users and B2B collaboration
• Administrative units
• Self-service password reset (SSPR)
• Multi-factor authentication (MFA)
• Conditional Access policies

Role-Based Access Control (RBAC)

• Built-in roles vs custom roles
• Role assignments and scope
• Azure RBAC vs Microsoft Entra roles
• Deny assignments
• Privileged Identity Management (PIM)

Subscriptions and Governance

• Management groups hierarchy
• Subscription management
• Cost management and billing
• Resource groups and tagging
• Azure Policy definitions and assignments
• Resource locks (CanNotDelete, ReadOnly)

Hands-on Labs

1. Lab 1.1: Create and manage Microsoft Entra users and groups
2. Lab 1.2: Configure SSPR and MFA
3. Lab 1.3: Implement RBAC role assignments
4. Lab 1.4: Create and assign Azure policies
5. Lab 1.5: Configure management groups and resource locks

Study Resources

• Microsoft Entra ID Documentation
• Azure RBAC Documentation
• Azure Policy Documentation

---

Module 2: Azure Storage

Duration: 1-2 weeks
Weight: 15-20% of exam

Learning Objectives

• Configure and manage storage accounts
• Configure Azure Blob Storage and access tiers
• Configure Azure Files and Azure File Sync
• Implement storage security and access control
• Manage data redundancy and failover

Key Topics

Storage Accounts

• Storage account types (Standard, Premium)
• Performance tiers (Standard, Premium)
• Replication options (LRS, ZRS, GRS, RA-GRS, GZRS, RA-GZRS)
• Access tiers (Hot, Cool, Cold, Archive)
• Lifecycle management policies

Azure Blob Storage

• Container and blob types (Block, Append, Page)
• Access levels (Private, Blob, Container)
• Blob versioning and soft delete
• Immutable storage and legal holds
• Object replication

Azure Files

• SMB and NFS file shares
• Azure File Sync
• File share snapshots
• Premium file shares
• Identity-based authentication

Storage Security

• Shared access signatures (SAS)
• Stored access policies
• Storage account keys
• Microsoft Entra authentication
• Private endpoints
• Storage firewalls and virtual networks

Hands-on Labs

1. Lab 2.1: Create and configure storage accounts
2. Lab 2.2: Configure blob storage and access tiers
3. Lab 2.3: Implement Azure Files and File Sync
4. Lab 2.4: Configure storage security with SAS tokens
5. Lab 2.5: Set up private endpoints for storage

Study Resources

• Azure Storage Documentation
• Azure Blob Storage Documentation
• Azure Files Documentation

---

Module 3: Azure Compute Resources

Duration: 2 weeks
Weight: 20-25% of exam

Learning Objectives

• Automate deployment using ARM templates and Bicep
• Create and configure virtual machines
• Provision and manage containers
• Create and configure Azure App Service
• Configure Azure Kubernetes Service (AKS)

Key Topics

Infrastructure as Code

• ARM templates structure and syntax
• Bicep language and deployment
• Template functions and parameters
• Linked and nested templates
• Deployment modes (Incremental, Complete)
• What-if deployment analysis

Virtual Machines

• VM sizes and series
• VM availability options (Availability Sets, Zones, Scale Sets)
• VM images and custom images
• VM extensions
• Azure Bastion and Just-in-Time access
• VM backup and disaster recovery
• Azure Dedicated Hosts

Containers

• Azure Container Instances (ACI)
• Azure Container Registry (ACR)
• Container groups
• Azure Kubernetes Service (AKS)
• AKS networking and storage
• AKS scaling and upgrades

Azure App Service

• App Service plans and pricing tiers
• Web apps, API apps, and mobile apps
• Deployment slots and swap
• Custom domains and SSL certificates
• App Service authentication
• Scaling (manual, auto, scale out)
• WebJobs and background tasks

Hands-on Labs

1. Lab 3.1: Deploy resources using ARM templates
2. Lab 3.2: Deploy resources using Bicep
3. Lab 3.3: Create and configure VMs with availability
4. Lab 3.4: Configure VM Scale Sets with autoscaling
5. Lab 3.5: Deploy containers with ACI and ACR
6. Lab 3.6: Create and configure AKS cluster
7. Lab 3.7: Deploy and configure App Service
8. Lab 3.8: Configure deployment slots and CI/CD

Study Resources

• Azure Virtual Machines Documentation
• ARM Templates Documentation
• Bicep Documentation
• Azure App Service Documentation
• Azure Kubernetes Service Documentation

---

Module 4: Azure Virtual Networking

Duration: 1-2 weeks
Weight: 15-20% of exam

Learning Objectives

• Configure virtual networks and subnets
• Configure network security groups and application security groups
• Configure Azure DNS
• Configure VNet peering and VPN Gateway
• Configure load balancing solutions

Key Topics

Virtual Networks

• VNet address spaces and subnets
• Subnet delegation
• Service endpoints
• Private endpoints and Private Link
• Network interfaces and IP configurations

Network Security

• Network Security Groups (NSGs)
• NSG rules and priority
• Application Security Groups (ASGs)
• Azure Firewall
• DDoS Protection
• Web Application Firewall (WAF)

DNS and Name Resolution

• Azure DNS zones (public and private)
• DNS record types
• Alias records
• Azure Private DNS
• Custom DNS servers

Connectivity

• VNet peering (regional and global)
• VPN Gateway (Site-to-Site, Point-to-Site)
• ExpressRoute
• Virtual WAN
• Azure Bastion

Load Balancing

• Azure Load Balancer (Layer 4)
• Application Gateway (Layer 7)
• Traffic Manager (DNS-based)
• Azure Front Door
• Load balancer health probes

Hands-on Labs

1. Lab 4.1: Create and configure virtual networks
2. Lab 4.2: Configure NSGs and ASGs
3. Lab 4.3: Configure Azure DNS zones
4. Lab 4.4: Implement VNet peering
5. Lab 4.5: Configure VPN Gateway
6. Lab 4.6: Configure Azure Load Balancer
7. Lab 4.7: Configure Application Gateway

Study Resources

• Azure Virtual Network Documentation
• Azure DNS Documentation
• Azure VPN Gateway Documentation
• Azure Load Balancer Documentation

---

Module 5: Monitor and Maintain Azure Resources

Duration: 1 week
Weight: 10-15% of exam

Learning Objectives

• Configure Azure Monitor and metrics
• Configure alerts and action groups
• Configure Log Analytics and KQL queries
• Configure Azure Backup
• Configure disaster recovery

Key Topics

Azure Monitor

• Metrics and metric alerts
• Activity logs
• Diagnostic settings
• Application Insights
• Azure Monitor Workbooks
• Network Watcher

Alerts and Notifications

• Alert rules and conditions
• Action groups
• Alert processing rules
• Smart detection
• IT Service Management (ITSM) integration

Log Analytics

• Log Analytics workspaces
• Kusto Query Language (KQL)
• Log queries and saved searches
• Data collection rules
• Azure Monitor Agent

Backup and Recovery

• Azure Backup vaults
• Recovery Services vaults
• VM backup and restore
• Azure Site Recovery
• Backup policies and retention
• Cross-region restore

Disaster Recovery

• Azure Site Recovery (ASR)
• Replication policies
• Recovery plans
• Failover and failback
• Test failover

Hands-on Labs

1. Lab 5.1: Configure Azure Monitor metrics and dashboards
2. Lab 5.2: Create alerts and action groups
3. Lab 5.3: Configure Log Analytics workspace
4. Lab 5.4: Write KQL queries for log analysis
5. Lab 5.5: Configure Azure Backup for VMs
6. Lab 5.6: Configure Azure Site Recovery

Study Resources

• Azure Monitor Documentation
• Log Analytics Documentation
• Azure Backup Documentation
• Azure Site Recovery Documentation

---

🛠️ Tools and Technologies

Azure Portal

The primary web-based interface for managing Azure resources. Understand how to navigate and use the portal effectively.

Azure CLI

Command-line interface for managing Azure resources:

# Example: Create a resource group
az group create --name myResourceGroup --location eastus

# Example: Create a storage account
az storage account create \
  --name mystorageaccount \
  --resource-group myResourceGroup \
  --location eastus \
  --sku Standard_LRS

Azure PowerShell

PowerShell module for managing Azure resources:

# Example: Create a resource group
New-AzResourceGroup -Name myResourceGroup -Location eastus

# Example: Create a VM
New-AzVM `
  -ResourceGroupName myResourceGroup `
  -Name myVM `
  -Location eastus `
  -Image Win2019Datacenter

ARM Templates

JSON-based templates for infrastructure as code:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2021-09-01",
      "name": "[parameters('storageAccountName')]",
      "location": "[resourceGroup().location]",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "StorageV2"
    }
  ]
}

Bicep

Domain-specific language for Azure deployments:

param storageAccountName string
param location string = resourceGroup().location

resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
  name: storageAccountName
  location: location
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
}

---

📝 Exam Tips

Before the Exam

1. Complete all Microsoft Learn modules for AZ-104
2. Practice with hands-on labs in a free Azure subscription
3. Take practice assessments on Microsoft Learn
4. Review the exam study guide for any updates

During the Exam

1. Read each question carefully
2. Look for keywords like "MOST", "LEAST", "FIRST"
3. Eliminate obviously wrong answers
4. Flag difficult questions and return later
5. Manage your time - 100 minutes for all questions

Key Areas to Focus

• Identity: Understand RBAC, Entra ID, and policy assignments
• Storage: Know the differences between storage types and redundancy options
• Compute: Be comfortable with VMs, containers, and App Service
• Networking: Understand NSGs, VNet peering, and load balancing
• Monitoring: Know Azure Monitor, alerts, and backup strategies

---

🔗 Additional Resources

• Official AZ-104 Exam Page
• AZ-104 Study Guide
• Microsoft Learn - AZ-104 Learning Path
• Azure Documentation
• Azure Architecture Center
• Azure Pricing Calculator