Microsoft Certified: Azure Administrator Associate (AZ-104)

What you will practice: Focus on Create, configure, and manage users (cloud-only and synced users conceptually); Create and manage groups (security groups vs Microsoft 365 groups).

• User & group administration
• Create, configure, and manage users (cloud-only and synced users conceptually)
• Create and manage groups (security groups vs Microsoft 365 groups)
• Group membership models: assigned vs dynamic membership (rules, common use cases)
• Administrative units (scoping admin permissions)
• Self-service password reset (SSPR) concepts and setup basics
• Device identity and access basics
• Device registration concepts (Entra-joined vs registered)
• Conditional Access concept alignment (what it does, where used, common policy patterns)
• Authentication and identity operations (admin-level)
• Basic sign-in troubleshooting signals (sign-in logs awareness)
• Identity governance touchpoints that impact admins (access reviews awareness, lifecycle patterns)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Focus on Role definitions vs role assignments vs scope (management group, subscription, resource group, resource); Built-in roles (Owner, Contributor, Reader, User Access Administrator) and common service-specific roles.

• Azure RBAC fundamentals
• Role definitions vs role assignments vs scope (management group, subscription, resource group, resource)
• Built-in roles (Owner, Contributor, Reader, User Access Administrator) and common service-specific roles
• Least privilege design for admins (typical patterns for operations teams)
• Assignments and governance
• Assign roles to users, groups, service principals, managed identities
• Understand effective permissions with multiple assignments and scope inheritance
• Resource locking and protection
• Resource locks: ReadOnly vs CanNotDelete (where to apply, operational implications)
• Privileged access concepts
• PIM (Privileged Identity Management) awareness: just-in-time role activation idea (common exam scenarios)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Focus on Subscription purpose, isolation, resource limits and quotas awareness; Apply policies and RBAC at management group scope.

• Subscriptions and billing boundary basics
• Subscription purpose, isolation, resource limits and quotas awareness
• Resource providers and registration basics
• Management groups
• Organize subscriptions with management groups
• Apply policies and RBAC at management group scope
• Azure Policy
• Policy definitions vs initiatives (policy sets)
• Assignments and scope (mgmt group/subscription/RG/resource)
• Policy effects: deny, audit, append, deployIfNotExists (what they do conceptually)
• Compliance evaluation, remediation tasks, managed identity for remediation where applicable
• Common policy-driven governance scenarios (tag enforcement, allowed locations/SKUs, require encryption)
• Tagging
• Tags strategy (cost management, ownership, environment)
• Applying tags at scale and inheritance expectations

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Focus on Storage account types and performance tiers (general purpose v2 emphasis); Redundancy options: LRS, ZRS, GRS, GZRS (and RA-* variants conceptually).

• Storage account fundamentals
• Storage account types and performance tiers (general purpose v2 emphasis)
• Redundancy options: LRS, ZRS, GRS, GZRS (and RA-* variants conceptually)
• Storage endpoints and namespace basics
• Blob Storage
• Containers, blobs, blob types (block/page/append) at a practical level
• Blob access tiers: hot/cool/archive (use cases and constraints)
• Lifecycle management policies (tiering and deletion)
• Object replication concepts (where used, what it achieves)
• Azure Files
• File shares, SMB access model concepts
• Azure File Sync concept (server endpoint vs cloud endpoint) awareness
• Typical use cases (lift-and-shift file shares)
• Queues and Tables
• When queues vs Service Bus conceptually (admin awareness)
• Table storage (NoSQL key/value style) basics

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Focus on Storage account keys vs SAS (account SAS vs service SAS vs user delegation SAS); Microsoft Entra authentication for blobs/files (conceptual use cases).

• Authentication and authorization for storage
• Storage account keys vs SAS (account SAS vs service SAS vs user delegation SAS)
• Microsoft Entra authentication for blobs/files (conceptual use cases)
• RBAC vs ACLs (especially for ADLS Gen2)
• Network security for storage
• Public endpoint access controls
• Firewalls and virtual network rules
• Private endpoints for storage (what it does, why it matters)
• Data protection and resilience
• Soft delete (blobs/containers) and versioning
• Immutable storage concepts (WORM) awareness
• Backup expectations vs replication (what replication is not)
• Encryption
• Encryption at rest (default), customer-managed keys (CMK) concept
• Key Vault integration awareness (high-level)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Focus on VM sizing and SKU selection (CPU/RAM, series awareness); Images: Marketplace, custom images, shared image gallery concept.

• VM deployment
• VM sizing and SKU selection (CPU/RAM, series awareness)
• Images: Marketplace, custom images, shared image gallery concept
• Availability options: Availability Sets vs Availability Zones
• VM extensions (use cases: Custom Script, monitoring agents, etc.)
• Cloud-init / custom data concept (Linux) and common provisioning patterns
• VM storage
• OS disk vs data disks, managed disks
• Disk types: Standard HDD/SSD, Premium SSD, Ultra Disk (use cases)
• Snapshots and disk backups conceptually
• VM management
• Start/stop/restart/redeploy operations
• VM Scale Sets (VMSS): scaling concepts, autoscale rules, upgrade policy awareness
• Patch management basics and maintenance considerations

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Focus on App Service Plans (pricing tiers, scaling up/out); Web Apps deployment slots (swap concepts).

• App Service
• App Service Plans (pricing tiers, scaling up/out)
• Web Apps deployment slots (swap concepts)
• Configuration: app settings, connection strings, managed identity integration awareness
• Access restrictions and basic auth concepts
• Containers
• Azure Container Instances (ACI): when used, limitations awareness
• Azure Container Registry (ACR): repositories, images/tags, authentication basics
• Container apps/AKS awareness (AZ-104 is admin-focused; AKS deep design is not the goal, but basic operational concepts can appear)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Focus on VNets and subnets (address spaces, CIDR planning basics); DNS in Azure: Azure-provided DNS vs custom DNS servers.

• Core VNet design
• VNets and subnets (address spaces, CIDR planning basics)
• IP addressing: private IPs, public IPs, NICs
• DNS in Azure: Azure-provided DNS vs custom DNS servers
• Route tables (UDRs) and next hop types
• Network security
• Network Security Groups (NSGs): inbound/outbound rules, priorities, service tags, effective rules
• Application Security Groups (ASGs): grouping VMs for rule targeting
• Azure Firewall basics (when used, what it does)
• DDoS Protection (Basic vs Standard awareness)
• Load balancing and traffic distribution
• Azure Load Balancer (L4) vs Application Gateway (L7) basic distinctions
• Health probes, backend pools, rule basics

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Focus on VNet peering (same region / global peering concepts, gateway transit, use remote gateways); Site-to-Site VPN (basic components: gateway, local network gateway, connection).

• Connectivity options
• VNet peering (same region / global peering concepts, gateway transit, use remote gateways)
• Site-to-Site VPN (basic components: gateway, local network gateway, connection)
• Point-to-Site VPN (client VPN concept and typical scenarios)
• ExpressRoute awareness (what it is, when used)
• Private access and name resolution
• Private endpoints and Private Link (service exposure privately)
• Private DNS zones (why needed with private endpoints; linking to VNets)
• Custom DNS forwarders concept in hybrid setups
• Monitoring and troubleshooting network
• Network Watcher tooling awareness: connection troubleshoot, IP flow verify, NSG flow logs (conceptual)
• Basic packet capture awareness (when and why)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Focus on This maps to the exam’s “Monitor and maintain Azure resources” area.; Metrics vs logs (when to use each).

• This maps to the exam’s “Monitor and maintain Azure resources” area.
• Azure Monitor fundamentals
• Metrics vs logs (when to use each)
• Diagnostic settings (send platform logs/metrics to Log Analytics, Storage, Event Hub)
• Log Analytics workspace basics, KQL awareness (admin-level queries)
• Alerts: metric alerts vs log alerts, action groups, alert rules
• Workbooks and dashboards (operational visibility)
• Backup and recovery
• Recovery Services vault concepts
• Azure Backup for VMs (policy, restore points, restore operations)
• File share backup awareness
• ASR (Azure Site Recovery) concept: replication and failover idea (admin awareness)
• Operational maintenance
• Update management / patching concepts (depending on tooling used)
• Resource health and service health (where to check outages vs resource-specific issues)
• Cost governance operations: budgets, cost alerts, basic cost analysis (common admin scenario patterns)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.