
As I’ve been running a few AZ-104 exam preparation sessions recently as well as a few coming up, I thought it would be worth putting this together for those of you who need some additional resources for exam preparation.
I’ve previously passed all of precursors to this exam – AZ-100, AZ-101, AZ-102, AZ-103, as well as AZ-104, and have run training courses and exam preparation sessions on all of them, there are a few recommendations and suggestions I’ll make that may be a little bit different to what you see elsewhere.
What do I mean? As this exam has evolved, one of the things that has held true is that the people who tend to find this exam the easiest are those with traditional on-premises IT skills, combined with some Azure exposure. The reason why this combination of experiences makes the exam easier is many of the general concepts around networking and connectivity and virtualization are skills that are usually stronger with those that have had these experiences pre-cloud. That’s not to say it’s always the case, but it’s what I’ve seen over the last few years since AZ-100 and AZ-100 were first introduce.
Now, who are those who struggle the most? The group that I encounter that tend to find this exam tougher are those who might know alot about scripting, automation, and DevOps in general, but don’t really have what would be considered core on-premises IT skills. Common feedback from these exam takers is that it really feels like it should be called the Azure IaaS exam, especially if they live in world of PaaS and SasS, where many of the underlying infrastructure components are mostly already configured.
Regardless of where your skills are strongest, the important thing is to focus on your weakness with your exam preparation, rather than getting too carried away learning about the things you already work with. An example of this is that if you work mostly with SaaS via Microsoft 365, you may already have a strong enough set of skills to get through the identity questions without a challenge.
If you don’t have a networking background at all, I can’t stress enough how much a basic understanding of subnetting and CIDR notation can simplify many of the scenarios in this exam and it’s predecessors, I’m calling this one out in particular because of the number of times I’ve been asked “what does the slash and number at the end of that number with the dots in it mean?”, which means that some scenarios that weren’t designed to be testing these skills might end up being problematic for those exam takers.
For the latest updates to exam prep guides please check https://intunedin.net/exams
Manage Azure identities and governance (15-20%)
Manage Azure AD objects
- create users and groups
- create administrative units
- manage user and group properties
- manage device settings
- perform bulk user updates
- manage guest accounts
- configure Azure AD Join
- configure self-service password reset
Manage role-based access control (RBAC)
- create a custom role
- provide access to Azure resources by assigning roles
- interpret access assignments
Manage subscriptions and governance
- configure Azure policies
- configure resource locks
- apply tags on resources
- manage resource groups
- manage subscriptions
- manage costs
- configure management groups
Implement and manage storage (15-20%)
Secure storage
- configure network access to storage accounts
- create and configure storage accounts
- generate shared access signature (SAS) tokens
- manage access keys
- configure Azure AD Authentication for a storage account
- configure access to Azure Files
Manage storage
- export from Azure job
- import into Azure job
- install and use Azure Storage Explorer
- copy data by using AZCopy
- implement Azure storage replication
- configure blob object replication
Configure Azure files and Azure blob storage
- create an Azure file share
- create and configure Azure File Sync service
- configure Azure blob storage
- configure storage tiers
Deploy and manage Azure compute resources (25-30%)
Automate deployment and configuration of VMs by using Azure Resource Manager
- modify an Azure Resource Manager template
- configure a VHD template
- deploy from a template
- save a deployment as an ARM template
- deploy virtual machine extensions
Create and configure VMs
- configure Azure Disk Encryption
- move VMs from one resource group to another
- manage VM sizes
- add data discs
- configure networking
- redeploy VMs
- configure high availability
- deploy and configure scale sets
Create and configure containers
- configure sizing and scaling for Azure Container Instances
- configure container groups for Azure Container Instances
- configure storage for Azure Kubernetes Service (AKS)
- configure scaling for AKS
- configure network connections for AKS
- upgrade an AKS cluster
Create and configure Azure App Service
- create an App Service plan
- configure scaling settings in App Service plan
- create an App Service
- configure custom domain names
- configure backup for an App Service
- configure networking settings
- configure deployment settings
Configure and manage virtual networking (25-30%)
Implement and manage virtual networking
- create and configure virtual networks, including peering
- configure private and public IP addresses
- configure user-defined network routes
- implement subnets
- configure endpoints on subnets
- configure private endpoints
- configure Azure DNS, including custom DNS settings and private or public DNS zones
- What is Azure DNS?
- What is Azure Private DNS?
- Quickstart: Create an Azure DNS zone and record using the Azure portal
- Azure DNS FAQ
- Name resolution for resources in Azure virtual networks
- Use Azure DNS to provide custom domain settings for an Azure service
- Tutorial: Host your domain in Azure DNS
- Quickstart: Create an Azure private DNS zone using the Azure portal
Secure access to virtual networks
- create security rules
- associate an NSG to a subnet or network interface
- evaluate effective security rules
- deploy and configure Azure Firewall
- deploy and configure Azure Bastion Service
Configure load balancing
- configure Application Gateway
- configure an internal or public load balancer
- troubleshoot load balancing
Monitor and troubleshoot virtual networking
- monitor on-premises connectivity
- use Azure Monitor for Networks
- use Azure Network Watcher
- troubleshoot external networking
- troubleshoot virtual network connectivity
Integrate an on-premises network with an Azure virtual network
- create and configure Azure VPN Gateway
- create and configure ExpressRoute
- configure Azure Virtual WAN
Monitor and back up Azure resources (10-15%)
Monitor resources by using Azure Monitor
- configure and interpret metrics
- configure Azure Monitor logs
- query and analyze logs
- set up alerts and actions
- configure Application Insights
Implement backup and recovery
- create a Recovery Services Vault
- create and configure backup policy
- perform backup and restore operations by using Azure Backup
- perform site-to-site recovery by using Azure Site Recovery
- configure and review backup reports
For the latest updates to exam prep guides please check https://intunedin.net/exams