AZ-104 Azure Administrator
A structured, learner-friendly pathway through Microsoft Azure Administrator Associate preparation, covering identity, governance, storage, compute, networking, hybrid connectivity, monitoring, backup, and recovery in a way that is easier to revise and easier to use.
Course coverage
What This AZ-104 Page Covers
This AZ-104 page is organized into 10 clear sections so learners can revise with structure instead of treating Azure administration as one large block. It covers identity, access control, governance, storage, compute, app hosting, networking, hybrid connectivity, monitoring, backup, and recovery in a more practical and manageable way.
Move between identity, governance, storage, compute, and networking during revision so the services connect more naturally and administrator decisions become easier to interpret.
Microsoft Entra ID Users, Groups, and Core Identity Objects
Build confidence with the identity tasks Azure administrators handle regularly, including users, groups, self-service identity features, core device identity concepts, and the signals that help you troubleshoot sign-in and access issues.
- Create, configure, and manage users, including the practical difference between cloud-only and synchronized identity concepts
- Create and manage groups, with attention to security groups, Microsoft 365 groups, and where each model is used
- Understand assigned and dynamic membership approaches and when automation improves identity administration
- Review administrative units and how scoped administration helps large organizations delegate responsibility safely
- Study self-service password reset concepts and common administrator responsibilities around setup and support
- Understand device identity basics, including registered and joined device concepts and why they matter for access decisions
- Connect Conditional Access awareness to everyday admin scenarios involving identity, location, device state, and sign-in risk
- Recognize common sign-in troubleshooting signals through logs, authentication status, and identity-related alerts
- Strengthen your understanding of identity governance touchpoints that affect day-to-day administration
- Revise this section when you want stronger control of the identity foundation that supports the rest of AZ-104
Access Control (RBAC) and Resource Permissions
Master the permission model used across Azure by learning how roles, assignments, inheritance, locking, and privileged access work together to protect resources while still allowing administrators to operate efficiently.
- Understand the relationship between role definitions, role assignments, and scope across management groups, subscriptions, resource groups, and resources
- Differentiate clearly among built-in roles such as Owner, Contributor, Reader, and User Access Administrator
- Apply least-privilege thinking so users and teams receive only the access required for their responsibilities
- Assign access to users, groups, service principals, and managed identities with better awareness of operational impact
- Understand how inherited access and multiple assignments combine to create effective permissions in real environments
- Study resource locks, including ReadOnly and CanNotDelete, and know when each control is useful
- Recognize the value of privileged access controls and just-in-time elevation for sensitive roles
- Use this section to sharpen your decision-making when exam questions test scope, permissions, and governance together
- Improve your ability to prevent over-permissioning while still supporting operations teams and service continuity
- Treat RBAC as a core AZ-104 skill because it appears in both direct permission questions and wider administration scenarios
Subscriptions, Management Groups, and Governance with Policy
Learn how Azure administrators organize environments and apply governance at scale by working with subscription boundaries, management groups, Azure Policy, remediation, and tagging strategy.
- Understand the purpose of subscriptions as billing, isolation, and administration boundaries
- Review resource providers and registration basics so platform services can be used correctly within subscriptions
- Organize subscriptions with management groups to support enterprise structure and policy consistency
- Apply RBAC and policy thinking at management group scope for stronger top-down governance
- Differentiate policy definitions from initiatives and understand how policy sets simplify control at scale
- Study policy assignment scope across management group, subscription, resource group, and resource levels
- Understand key policy effects such as deny, audit, append, and deployIfNotExists conceptually and operationally
- Review compliance evaluation, remediation tasks, and managed identity awareness for policy-driven corrections
- Practice governance scenarios involving tags, location restrictions, approved SKUs, and encryption requirements
- Use this section to build a stronger governance mindset rather than memorizing policy terms in isolation
Storage Accounts and Core Data Services
Cover the main Azure storage building blocks by understanding storage account choices, redundancy, blob and file services, lifecycle behavior, and the differences among core data services.
- Review storage account types, performance tiers, and the practical importance of general-purpose v2
- Understand redundancy models such as LRS, ZRS, GRS, GZRS, and their read-access variants conceptually
- Study storage endpoints and namespace basics so service behavior makes more sense during administration
- Work through blob storage concepts including containers, blob types, and access tiers such as hot, cool, and archive
- Understand lifecycle management policies and the administrative value of automated tiering and deletion
- Review object replication concepts and the situations where cross-region data movement matters
- Understand Azure Files, SMB access patterns, and Azure File Sync at a practical awareness level
- Compare queues, tables, and related service choices so you know which storage service best fits a scenario
- Use this section to strengthen storage design awareness before moving deeper into storage security
- Treat storage as both a service-choice topic and a recurring exam area tied to performance, resilience, and cost
Storage Security, Access, and Data Protection
Strengthen your control of Azure storage security by focusing on authentication choices, network protection, encryption, resilience features, and the differences between storage access models.
- Compare storage account keys, service SAS, account SAS, and user delegation SAS with a clear security lens
- Understand where Microsoft Entra authentication fits for blob and file access use cases
- Differentiate RBAC from ACL-based access control, especially in scenarios involving ADLS Gen2 concepts
- Review storage firewalls, virtual network rules, and the security value of restricting public access
- Understand private endpoints for storage and why private connectivity matters for sensitive workloads
- Study soft delete, versioning, and immutability concepts so recovery and retention decisions are easier to handle
- Separate backup expectations from replication so you do not confuse resilience with recoverability
- Revise encryption at rest and customer-managed key concepts at the administrator level
- Build better awareness of Key Vault integration as part of secure data protection strategy
- Use this section to connect identity, network controls, and storage resilience into one stronger security model
Deploy and Manage Azure Virtual Machines
Prepare for core IaaS administration by learning how to size, deploy, protect, update, and scale Azure virtual machines in ways that match real operational needs.
- Choose appropriate VM sizes and series with better awareness of compute, memory, and workload needs
- Understand image choices including marketplace images, custom images, and shared image gallery concepts
- Compare availability sets and availability zones as resilience and uptime design choices
- Study VM extensions and common operational uses such as configuration, scripts, and agents
- Review OS disks, data disks, managed disks, and storage choices such as Standard SSD, Premium SSD, and Ultra Disk
- Understand snapshots and backup concepts that support protection and recovery of virtual machines
- Practice VM lifecycle actions such as start, stop, restart, redeploy, and ongoing maintenance operations
- Understand VM Scale Sets, autoscaling awareness, and upgrade policy basics from an administrator viewpoint
- Review patching and maintenance considerations so VM administration is tied to reliability, not just deployment
- Use this section to strengthen one of the most operationally important parts of the AZ-104 blueprint
App Hosting and Containers
Understand the Azure services administrators use to support hosted applications and containerized workloads, with attention to App Service, deployment operations, and registry fundamentals.
- Review App Service Plan concepts including pricing tiers, scaling up, and scaling out
- Understand deployment slots and swap behavior so release workflows become easier to interpret
- Study app settings, connection strings, and managed identity awareness within hosted application operations
- Review access restrictions and basic application access control patterns
- Understand when Azure Container Instances are suitable and where their limits become important
- Study Azure Container Registry basics including repositories, images, tags, and authentication
- Build lightweight awareness of container apps and AKS concepts at the administrator level expected here
- Connect app hosting choices to cost, scale, and administrative simplicity in exam-style decisions
- Use this section to move beyond VM-only thinking and strengthen platform service awareness
- Treat hosted apps and containers as a practical extension of Azure administration rather than a separate specialty
Virtual Networking Fundamentals
Develop a solid networking base for AZ-104 by working through VNets, subnets, IP addressing, routing, DNS, NSGs, Azure Firewall, and load-balancing concepts.
- Understand VNet and subnet design, including address spaces and CIDR planning basics
- Review private IPs, public IPs, NICs, and how network identities are assigned to resources
- Compare Azure-provided DNS with custom DNS servers and understand where each approach fits
- Study route tables and next hop concepts so traffic flow questions are easier to solve
- Master Network Security Groups, rule priorities, service tags, and effective rule interpretation
- Understand Application Security Groups as a cleaner way to target network rules
- Review Azure Firewall and DDoS Protection awareness in broader network security design
- Compare Azure Load Balancer and Application Gateway at a clear, administrator-friendly level
- Understand probes, backend pools, and rule basics that shape traffic distribution
- Use this section to build the foundation needed before moving into hybrid connectivity and troubleshooting
Hybrid Connectivity and Network Services
Focus on the connectivity patterns that link networks, services, and name resolution across Azure and hybrid environments, including peering, VPN, private access, and monitoring tools.
- Understand VNet peering in same-region and global scenarios, including gateway transit awareness
- Review the components and purpose of Site-to-Site VPN connections
- Study Point-to-Site VPN concepts and the kinds of user access scenarios they support
- Build awareness of ExpressRoute and when dedicated private connectivity becomes valuable
- Understand private endpoints and Private Link as ways to expose services privately
- Review private DNS zones and why name resolution matters in private endpoint designs
- Study custom DNS forwarder concepts in hybrid environments where multiple name systems must work together
- Understand Network Watcher tools such as connection troubleshoot, IP flow verify, and NSG flow logs conceptually
- Build packet capture awareness so you know when deeper network investigation is appropriate
- Use this section to strengthen the networking scenarios that combine design, private access, and troubleshooting
Monitor, Maintain, Backup, and Recover Azure Resources
Consolidate your operational readiness by studying Azure Monitor, diagnostic settings, alerts, backup, site recovery, resource health, and the maintenance controls administrators rely on every day.
- Understand metrics versus logs and when each source of operational insight is more useful
- Review diagnostic settings and the destinations used to collect platform logs and metrics
- Study Log Analytics workspace basics and administrator-level awareness of KQL-driven investigations
- Compare metric alerts and log alerts, including action groups and rule behavior
- Review workbooks and dashboards as tools for operational visibility and decision support
- Understand Recovery Services vault concepts and the foundations of Azure Backup for VMs
- Build awareness of file share backup and Azure Site Recovery replication and failover concepts
- Review patching, update management, and broader maintenance activities that protect service continuity
- Understand resource health, service health, budgets, and cost alerts as part of responsible administration
- Use this section to tie monitoring, resilience, recovery, and cost governance into one operational skill set
This 10-section structure supports stronger AZ-104 preparation by breaking Azure administration into manageable domains while still showing how identity, permissions, governance, storage, compute, networking, and operational resilience connect across the platform.
Choose an AZ-104 Practice Section
Open any section directly to begin focused revision. Topic-based practice makes it easier to strengthen weak areas, connect services, and build confidence with administrator scenarios.
Each section opens in a new tab so learners can move easily between notes, review, and targeted AZ-104 practice.
Why this AZ-104 page is stronger and easier to use
This page does more than list Azure topic headings. It gives learners a practical revision pathway through the major administrator domains, with clearer organization, stronger user-facing text, and faster movement from topic overview to focused practice.
The structure separates Azure administration into recognizable operational domains so learners can quickly identify whether they need to review identity, RBAC, policy, storage, virtual machines, networking, hybrid connectivity, or backup and monitoring.
This is especially useful for learners who want a more manageable way to revise AZ-104, strengthen service-to-service understanding, and improve their ability to interpret real administrator scenarios instead of memorizing isolated facts.
Why this structure works for learners
Have questions?
Frequently Asked Questions
These short answers explain how to use the AZ-104 page effectively.
What is the purpose of this AZ-104 page?
This page gives learners a structured overview of the major AZ-104 areas before they move into section-based practice. It helps break Azure administration into clearer, more manageable domains for revision.
How should I use the 10 sections on this page?
Start with one section at a time, complete the practice for that section, review the explanations, and then move to the next area. After covering all sections, return to weaker domains for more targeted revision.
Do the practice links open in a new tab?
Yes. Each section is set to open in a new tab so you can move easily between revision notes, topic overview, and focused practice.
Is this page useful even if I already studied AZ-104 once?
Yes. The page works well as a revision map because it lets you return quickly to weak areas such as RBAC, virtual networking, storage security, policy, or Azure Monitor without restarting your entire study flow.