Preparing for the AZ-104 Microsoft Azure Administrator Exam

As I’ve been running a few AZ-104 exam preparation sessions recently as well as a few coming up, I thought it would be worth putting this together for those of you who need some additional resources for exam preparation.

I’ve previously passed all of precursors to this exam – AZ-100, AZ-101, AZ-102, AZ-103, as well as AZ-104, and have run training courses and exam preparation sessions on all of them, there are a few recommendations and suggestions I’ll make that may be a little bit different to what you see elsewhere.

What do I mean? As this exam has evolved, one of the things that has held true is that the people who tend to find this exam the easiest are those with traditional on-premises IT skills, combined with some Azure exposure. The reason why this combination of experiences makes the exam easier is many of the general concepts around networking and connectivity and virtualization are skills that are usually stronger with those that have had these experiences pre-cloud. That’s not to say it’s always the case, but it’s what I’ve seen over the last few years since AZ-100 and AZ-100 were first introduce.

Now, who are those who struggle the most? The group that I encounter that tend to find this exam tougher are those who might know alot about scripting, automation, and DevOps in general, but don’t really have what would be considered core on-premises IT skills. Common feedback from these exam takers is that it really feels like it should be called the Azure IaaS exam, especially if they live in world of PaaS and SasS, where many of the underlying infrastructure components are mostly already configured.

Regardless of where your skills are strongest, the important thing is to focus on your weakness with your exam preparation, rather than getting too carried away learning about the things you already work with. An example of this is that if you work mostly with SaaS via Microsoft 365, you may already have a strong enough set of skills to get through the identity questions without a challenge.

If you don’t have a networking background at all, I can’t stress enough how much a basic understanding of subnetting and CIDR notation can simplify many of the scenarios in this exam and it’s predecessors, I’m calling this one out in particular because of the number of times I’ve been asked “what does the slash and number at the end of that number with the dots in it mean?”, which means that some scenarios that weren’t designed to be testing these skills might end up being problematic for those exam takers.

Manage Azure identities and governance (15-20%)

Manage Azure AD objects

• create users and groups
  • Creating a new user in Azure AD
  • Add or delete users using Azure Active Directory
  • Create a group (Azure portal)
  • Create or update a dynamic group in Azure Active Directory
  • Create a basic group and add members using Azure Active Directory
• manage user and group properties
  • Add or remove group owners
  • Add or update a user’s profile information using Azure Active Directory
  • Edit your group information using Azure Active Directory
• manage device settings
  • Manage device identities using the Azure portal
  • Enable enterprise state roaming
• perform bulk user updates
  • Bulk import group members in Azure Active Directory
• manage guest accounts
  • Add guest users
  • Assign role to guest user
  • Restrict guest user access
  • What is guest user access in Azure Active Directory B2B?
  • Manage guest access with Azure AD access reviews
  • Quickstart: Add guest users to your directory in the Azure portal
• configure Azure AD Join
  • What is a device identity?
  • Azure AD joined devices
  • How to: Plan your Azure AD join implementation
• configure self-service password reset
  • Licensing requirements for Azure AD self-service password reset
  • Plan an Azure Active Directory self-service password reset
  • How it works: Azure AD self-service password reset

Manage role-based access control (RBAC)

• create a custom role
  • Tutorial: Create a custom role for Azure resources using Azure PowerShell
  • Tutorial: Create a custom role for Azure resources using Azure CLI
• provide access to Azure resources by assigning roles
  • Add or remove role assignments using Azure RBAC and the Azure portal
• interpret access assignments
  • List role assignments using Azure RBAC and the Azure portal
  • Understand deny assignments for Azure resources
• manage multiple directories
  • Understand how multiple Azure Active Directory tenants interact

Manage subscriptions and governance

• configure Azure policies
  • What is Azure Policy?
  • Quickstart: Create a policy assignment to identify non-compliant resources
  • Tutorial: Create and manage policies to enforce compliance
• configure resource locks
  • Lock resources to prevent unexpected changes
• apply tags
  • Use tags to organize your Azure resources
• create and manage resource groups
  • Manage Azure Resource Manager resource groups by using the Azure portal
  • Manage Azure resource groups by using Azure PowerShell
• manage subscriptions
  • Create an additional Azure subscription
  • Change your Azure subscription to a different offer
• configure Cost Management
  • What is Azure Cost Management and Billing?
  • Quickstart: Explore and analyze costs with cost analysis
• configure management groups
  • Create management groups for resource organization and management
  • Manage your resources with management groups

Implement and manage storage (10-15%)

Manage storage accounts

• configure network access to storage accounts
  • Configure Azure Storage firewalls and virtual networks
• create and configure storage accounts
  • Storage account overview
  • Create an Azure Storage account
  • Upgrade to a general-purpose v2 storage account
• generate shared access signature
  • Delegate access with a shared access signature
  • Grant limited access to Azure Storage resources using shared access signatures (SAS)
• manage access keys
  • Manage storage account access keys
• implement Azure storage replication
  • Azure Storage redundancy
• configure Azure AD Authentication for a storage account
  • Authorize access to blobs and queues using Azure Active Directory

Manage data in Azure Storage

• export from Azure job
  • Use the Azure Import/Export service to export data from Azure Blob storage
• import into Azure job
  • Use the Azure Import/Export service to import data to Azure Blob Storage
• install and use Azure Storage Explorer
  • Get started with Storage Explorer
• copy data by using AZCopy
  • Get startedd with AzCopy

Configure Azure files and Azure blob storage

What is Azure Files?

• create an Azure file share
  • Quickstart: Create and manage Azure file shares with the Azure portal
  • Create an Azure file share
• create and configure Azure File Sync service
  • Planning for an Azure File Sync deployment
  • Tutorial: Extend Windows file servers with Azure File Sync
• configure Azure blob storage
  • Quickstart: Upload, download, and list blobs with the Azure portal
• configure storage tiers for Azure blobs
  • Azure Blob storage: hot, cool, and archive access tiers

Deploy and manage Azure compute resources (25-30%)

Configure VMs for high availability and scalability

• configure high availability
  • Availability options for virtual machines in Azure
  • Manage the availability of Windows virtual machines in Azure
• deploy and configure scale sets
  • What are virtual machine scale sets?

Automate deployment and configuration of VMs

• modify Azure Resource Manager (ARM) template
  • Extend Azure Resource Manager template functionality
  • Azure Resource Manager templates overview
  • Tutorial: Create and deploy your first Azure Resource Manager template
• configure VHD template
  • Create a VM from a VHD by using the Azure portal
• deploy from template
  • Quickstart: Create and deploy Azure Resource Manager templates by using the Azure portal
• save a deployment as an ARM template
  • Download the template for a VM
• automate configuration management by using custom script extensions
  • Custom Script Extension for Windows
  • Use the Azure Custom Script Extension Version 2 with Linux virtual machines

Create and configure VMs

• configure Azure Disk Encryption
  • Azure Disk Encryption for Linux VMs
  • Azure Disk Encryption for Windows VMs
• move VMs from one resource group to another
  • Move a Windows VM to another Azure subscription or resource group
• manage VM sizes
  • Resize a Windows VM
• add data discs
  • Attach a managed data disk to a Windows VM by using the Azure portal
  • Attach a data disk to a Windows VM with PowerShell
• configure networking
  • Common PowerShell commands for Azure Virtual Networks
  • How to open ports to a virtual machine with the Azure portal
  • Create and manage a Windows virtual machine that has multiple NICs
• redeploy VMs
  • Redeploy Windows virtual machine to new Azure node

Create and configure containers

• create and configure Azure Kubernetes Service (AKS)
  • Azure Kubernetes Service (AKS)
  • Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal
• create and configure Azure Container Instances (ACI)
  • What is Azure Container Instances?
  • Quickstart: Deploy a container instance in Azure using the Azure portal
  • Quickstart: Deploy a container instance in Azure using the Azure CLI

Create and configure Web Apps

• create and configure App Service
  • App Service overview
  • Create an ASP.NET Core web app in Azure
• create and configure App Service Plans
  • Azure App Service plan overview
  • Manage an App Service plan in Azure

Configure and manage virtual networking (30-35%)

Implement and manage virtual networking

• create and configure VNET peering
  • Virtual network peering overview
  • Azure Virtual Network frequently asked questions (FAQ) VNet Peering
  • Tutorial: Connect virtual networks with virtual network peering using the Azure portal
  • Create a virtual network peering – different deployment models, same subscription
  • Create, change, or delete a virtual network peering
• configure private and public IP addresses, network routes, network interface, subnets, and virtual network
  • What is Azure Virtual Network?
  • Quickstart: Create a virtual network using the Azure portal
  • Virtual network traffic routing
  • Networking limits
  • Create, change, or delete a public IP address
  • Add, change, or remove IP addresses for an Azure network interface
  • Associate a public IP address to a virtual machine
  • Subnet extension
  • Virtual network traffic routing
  • Add network interfaces to or remove network interfaces from virtual machines

Configure name resolution

• configure Azure DNS
  • What is Azure DNS?
  • What is Azure Private DNS?
  • Quickstart: Create an Azure DNS zone and record using the Azure portal
  • Azure DNS FAQ
• configure custom DNS settings
  • Name resolution for resources in Azure virtual networks
  • Use Azure DNS to provide custom domain settings for an Azure service
• configure a private or public DNS zone
  • Tutorial: Host your domain in Azure DNS
  • Quickstart: Create an Azure private DNS zone using the Azure portal

Secure access to virtual networks

• create security rules
  • Create, change, or delete a network security group
• associate an NSG to a subnet or network interface
  • Create, change, or delete a network security group
• evaluate effective security rules
  • Create, change, or delete a network interface
• deploy and configure Azure Firewall
  • Tutorial: Deploy and configure Azure Firewall using the Azure portal
• deploy and configure Azure Bastion Service
  • Create an Azure Bastion host

Configure load balancing

• configure Application Gateway
  • Application Gateway configuration overview
• configure an internal load balancer
  • Tutorial: Balance internal traffic load with a Basic load balancer in the Azure portal
• configure load balancing rules
  • Create an internal load balancer by using the Azure PowerShell module
• configure a public load balancer
  • Quickstart: Create a Load Balancer to load balance VMs using the Azure portal
• troubleshoot load balancing
  • Troubleshoot Azure Load Balancer

Monitor and troubleshoot virtual networking

• monitor on-premises connectivity
  • Diagnose on-premises connectivity via VPN gateways
• use Network Performance Monitor
  • Network Performance Monitor solution: Performance monitoring
• use Network Watcher
  • What is Azure Network Watcher?
• troubleshoot external networking
  • Troubleshoot Virtual Network Gateway and Connections using Azure Network Watcher Azure CLI
• troubleshoot virtual network connectivity
  • Troubleshoot connections with Azure Network Watcher using the Azure portal

Integrate an on-premises network with an Azure virtual network

• create and configure Azure VPN Gateway
  • Create a route-based VPN gateway using the Azure portal
• create and configure VPNs
  • Create a Site-to-Site connection in the Azure portal
• configure ExpressRoute
  • ExpressRoute overview
  • Tutorial: Create and modify an ExpressRoute circuit
• configure Azure Virtual WAN
  • About Azure Virtual WAN
  • Tutorial: Create a Site-to-Site connection using Azure Virtual WAN

Monitor and back up Azure resources (10-15%)

Monitor resources by using Azure Monitor

• configure and interpret metrics
  • Metrics in Azure Monitor
  • Quickstart: Monitor an Azure resource with Azure Monitor
• configure Log Analytics
  • Get started with Log Analytics in Azure Monitor
• query and analyze logs
  • Overview of log queries in Azure Monitor
• set up alerts and actions
  • Create, view, and manage metric alerts using Azure Monitor
  • Metric Alerts with Dynamic Thresholds in Azure Monitor
  • Create Metric Alerts for Logs in Azure Monitor
• configure Application Insights
  • Manage Application Insights resources using PowerShell

Implement backup and recovery

• configure and review backup reports
  • Configure Azure Backup reports
• perform backup and restore operations by using Azure Backup Service
  • Back up a virtual machine in Azure
  • Restore a disk and create a recovered VM in Azure
• create a Recovery Services Vault
  • Create a Recovery Services vault
• create and configure backup policy
  • Manage Azure VM backups with Azure Backup service
• perform site-to-site recovery by using Azure Site Recovery
  • About Site Recovery
  • Set up disaster recovery of on-premises VMware virtual machines or physical servers to a secondary site