Prepare for Microsoft AZ-104 with this practical Azure Administrator study guide. It maps the official exam objectives to Microsoft Learn resources and explains what to focus on for identities, governance, storage, compute, networking, monitoring, backup, and maintenance.
AZ-104
Microsoft Azure Administrator
Checked: 19 June 2026
Skills measured from 17 April 2026
AZ-104 Exam Study Guide
A practical objective-by-objective guide for Microsoft AZ-104. It explains the current Azure Administrator exam scope, links each area to Microsoft Learn, and highlights the kind of operational decisions that commonly appear in the exam.
Focus areas: Microsoft Entra ID, Azure governance, storage, virtual machines, containers, virtual networking, monitoring, backup, and recovery.
Official exam scope
Microsoft describes AZ-104 candidates as Azure administrators who implement, manage, and monitor an organization’s Azure environment, including virtual networks, storage, compute, identity, security, and governance. You should be comfortable with operating systems, networking, servers, virtualization, PowerShell, Azure CLI, the Azure portal, ARM templates or Bicep, and Microsoft Entra ID.
Official references: Microsoft Learn AZ-104 study guide · AZ-104 exam page · Azure Administrator Associate certification
Manage Azure identities and governance20–25%
Implement and manage storage15–20%
Deploy and manage Azure compute resources20–25%
Implement and manage virtual networking15–20%
Monitor and maintain Azure resources10–15%
Exam reality: AZ-104 is not a theory-only exam. Expect portal, CLI/PowerShell, configuration, troubleshooting, least-privilege, cost, monitoring, networking, storage, and recovery scenarios. Microsoft says the bullets illustrate how the skill is assessed and related topics may also appear.
Manage Azure identities and governance
Manage Microsoft Entra users and groups
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Create users and groups | Open Microsoft Learn | Microsoft Entra user and group management | Know when to create cloud users, groups, dynamic groups, and role-assignable groups. Expect portal-style questions about required fields, group membership, and admin roles. | Learn presents this as identity objects, group membership, assignment, and administration tasks in Microsoft Entra ID. |
| Manage user and group properties | Open Microsoft Learn | Edit identity attributes, membership, owners, and settings | Be ready to identify where to update profile details, group owners, membership type, and group properties. Exam questions often test what can be changed after creation. | Learn shows group and user configuration through Entra admin center steps and property pages. |
| Manage licenses in Microsoft Entra ID | Open Microsoft Learn | License assignment to users and groups | Understand direct vs group-based licensing, license assignment errors, and how users inherit service plans. Expect scenario questions about assigning Microsoft cloud service licenses. | Learn represents licensing as user/group assignment plus service plan enablement and troubleshooting. |
| Manage external users | Open Microsoft Learn | B2B guest users and external collaboration | Know guest user invitation, collaboration settings, access reviews at a high level, and when to use external identities. Exam angle: choose the right external access method. | Learn explains external identity lifecycle, invitations, redemption, and collaboration controls. |
| Configure self-service password reset (SSPR) | Open Microsoft Learn | Password reset registration, methods, and scope | Know who can use SSPR, authentication methods, registration requirements, and writeback conceptually. Expect questions about enabling SSPR for selected groups. | Learn presents SSPR as policy configuration, authentication methods, user registration, and reset flow. |
Manage access to Azure resources
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Manage built-in Azure roles | Open Microsoft Learn | Azure RBAC built-in role selection | Know Owner vs Contributor vs Reader vs User Access Administrator. Expect least-privilege questions where the answer is a built-in role, not a custom role. | Learn lists built-in roles by category with allowed actions and typical assignment use cases. |
| Assign roles at different scopes | Open Microsoft Learn | Role assignment inheritance at management group, subscription, resource group, and resource scope | Understand that permissions inherit downward and that narrower scopes reduce blast radius. Expect questions asking where to assign a role for least privilege. | Learn shows role assignment workflow: scope, role, member, review, and assignment. |
| Interpret access assignments | Open Microsoft Learn | Check effective access and role assignments | Be able to inspect why a user has access through direct assignment or group inheritance. Exam angle: determine effective permission from overlapping assignments. | Learn demonstrates the Check access blade and role assignment review. |
Manage Azure subscriptions and governance
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Implement and manage Azure Policy | Open Microsoft Learn | Policy definitions, initiatives, assignments, compliance, and remediation | Know the difference between Azure Policy and RBAC. Expect deny, audit, modify, append, and deployIfNotExists style scenario questions. | Learn represents governance as policy definitions assigned at scopes with compliance evaluation. |
| Configure resource locks | Open Microsoft Learn | Delete and read-only locks | Know that locks override user permissions and protect resources from accidental changes or deletion. Expect questions about CanNotDelete vs ReadOnly. | Learn shows management locks and their effect on resource operations. |
| Apply and manage tags on resources | Open Microsoft Learn | Tagging for organization, automation, and cost reporting | Know tag inheritance is not automatic unless policy or automation applies it. Exam angle: use tags for cost allocation and resource classification. | Learn presents tag creation, update, limitations, and policy-based enforcement. |
| Manage resource groups | Open Microsoft Learn | Resource group lifecycle and deployment scope | Understand resource group location vs resource location, moving resources, deleting groups, and grouping by lifecycle. Expect operational admin scenarios. | Learn shows resource group creation, access, locks, tags, and deletion. |
| Manage subscriptions | Open Microsoft Learn | Subscription administration, access, billing, and organization | Know how subscriptions isolate billing and governance. Expect questions about using multiple subscriptions for environments, billing, or administrative boundaries. | Learn frames subscriptions as containers for resources, billing, policy, and RBAC scopes. |
| Manage costs by using alerts, budgets, and Azure Advisor recommendations | Open Microsoft Learn | Cost Management budgets, alerts, and optimization recommendations | Know budgets do not stop resources by themselves; they notify. Expect questions on cost alerts, Advisor recommendations, and rightsizing unused resources. | Learn shows budgets, alerts, cost analysis, and Advisor as cost-control tools. |
| Configure management groups | Open Microsoft Learn | Hierarchy above subscriptions for governance at scale | Understand when to use management groups for policy/RBAC across many subscriptions. Expect hierarchy and inheritance questions. | Learn represents management groups as a governance tree for policy and access assignments. |
Implement and manage storage
Configure access to storage
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Configure Azure Storage firewalls and virtual networks | Open Microsoft Learn | Storage account network access controls | Know public network access, selected networks, service endpoints, private endpoints, and trusted Azure services. Exam questions often ask why access is blocked. | Learn shows firewall rules, VNet rules, IP allowlists, and private connectivity options. |
| Create and use shared access signature (SAS) tokens | Open Microsoft Learn | Delegated storage access using SAS | Understand service SAS, account SAS, user delegation SAS, permissions, start/expiry time, and HTTPS-only access. Expect secure temporary-access scenarios. | Learn explains SAS types, signing methods, permissions, and security recommendations. |
| Configure stored access policies | Open Microsoft Learn | Reusable SAS constraints for containers and shares | Know stored access policies let you revoke or change SAS behavior centrally. Exam angle: choose stored access policy when multiple SAS tokens need common control. | Learn represents stored access policies as container-level policy objects tied to service SAS. |
| Manage access keys | Open Microsoft Learn | Storage account key rotation and shared key access | Know each storage account has two keys to support rotation. Expect questions about regenerating keys and avoiding shared key when Entra auth is possible. | Learn shows key viewing, rotation, and connection string considerations. |
| Configure identity-based access for Azure Files | Open Microsoft Learn | Azure Files authentication with identity providers | Know when to use identity-based authentication for SMB Azure file shares and how it differs from storage keys. Expect hybrid identity questions. | Learn presents AD DS, Microsoft Entra Kerberos, and permission layers for Azure Files. |
Configure and manage storage accounts
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Create and configure storage accounts | Open Microsoft Learn | Storage account kind, performance, access, and configuration | Know account type, region, redundancy, performance tier, hierarchical namespace, and access settings. Expect create/configure portal questions. | Learn shows the storage account creation workflow and key configuration choices. |
| Configure Azure Storage redundancy | Open Microsoft Learn | LRS, ZRS, GRS, GZRS, RA-GRS, and RA-GZRS | Be able to choose redundancy based on availability, region failure protection, and read access. Expect cost vs durability tradeoff questions. | Learn compares redundancy options, replication scope, and failover implications. |
| Configure object replication | Open Microsoft Learn | Asynchronous block blob replication between storage accounts | Know prerequisites such as versioning and change feed, and that replication is for block blobs. Expect replication-policy questions. | Learn presents source/destination accounts, replication rules, and supported scenarios. |
| Configure storage account encryption | Open Microsoft Learn | Storage Service Encryption and customer-managed keys | Know Microsoft-managed vs customer-managed keys, infrastructure encryption, and Key Vault integration. Exam angle: satisfy encryption-control requirements. | Learn explains encryption at rest and key-management options. |
| Manage data by using Azure Storage Explorer and AzCopy | Open Microsoft Learn | GUI and command-line data movement tools | Know when to use AzCopy for bulk copy/sync and Storage Explorer for interactive management. Expect tool-selection questions. | Learn shows upload, download, copy, sync, and authentication patterns for storage data operations. |
Configure Azure Files and Azure Blob Storage
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Create and configure a file share in Azure Files | Open Microsoft Learn | SMB/NFS file shares in Azure Storage | Know quota, access tier, snapshots, identity access, and mounting concepts. Exam questions may ask how to expose shared files to VMs. | Learn shows file share creation, quota settings, and access configuration. |
| Create and configure a container in Azure Blob Storage | Open Microsoft Learn | Blob containers and access levels | Know private vs anonymous access, uploading blobs, and container-level organization. Expect basic blob administration scenarios. | Learn represents containers as logical blob groupings with access and management settings. |
| Configure storage tiers | Open Microsoft Learn | Hot, cool, cold, and archive access tiers | Choose tiers based on access frequency, retrieval time, and cost. Expect scenario questions about archive rehydration and lifecycle transitions. | Learn compares tier costs, latency, availability, and supported account types. |
| Configure soft delete for blobs and containers | Open Microsoft Learn | Protection from accidental deletion | Know retention period and recovery behavior for deleted blobs and containers. Exam angle: restore accidentally deleted data. | Learn shows soft delete enablement and recovery flow. |
| Configure snapshots and soft delete for Azure Files | Open Microsoft Learn | Point-in-time protection for Azure file shares | Know share snapshots preserve file share state and can support restore. Expect difference between snapshots, backup, and soft delete. | Learn represents file protection through snapshots, share-level restore, and retention features. |
| Configure blob lifecycle management | Open Microsoft Learn | Rule-based movement and deletion of blobs | Know lifecycle rules can tier, archive, or delete blobs based on age, last access, or prefix. Expect automation/cost-control questions. | Learn shows lifecycle policy rules, filters, actions, and scheduling. |
| Configure blob versioning | Open Microsoft Learn | Automatic previous versions for blobs | Know versioning protects against overwrites and works with soft delete and replication scenarios. Exam angle: recover previous object versions. | Learn presents version IDs, restore options, and feature interactions. |
Deploy and manage Azure compute resources
Automate deployment of resources by using ARM templates or Bicep files
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Interpret an Azure Resource Manager template or a Bicep file | Open Microsoft Learn | Declarative infrastructure-as-code structure | Read resources, parameters, variables, outputs, dependencies, and modules. Expect questions asking what a template will deploy. | Learn explains Bicep syntax and how it compiles to ARM templates. |
| Modify an existing Azure Resource Manager template | Open Microsoft Learn | Edit JSON ARM templates safely | Know parameters, variables, resources, functions, and dependencies. Exam angle: adjust a template to change SKU, name, or location. | Learn represents ARM templates as JSON sections with schema, parameters, resources, and outputs. |
| Modify an existing Bicep file | Open Microsoft Learn | Edit Bicep resources, params, modules, and outputs | Expect syntax questions around params, existing resources, dependencies, loops, and modules. Know Bicep is easier than raw JSON templates. | Learn shows Bicep file structure and resource declarations. |
| Deploy resources by using an ARM template or a Bicep file | Open Microsoft Learn | Resource deployment to Azure scopes | Know deployment commands from portal, CLI, and PowerShell; understand validation and what-if conceptually. Exam angle: choose deployment method. | Learn shows deployment commands and target scopes for IaC files. |
| Export a deployment as an ARM template or convert an ARM template to a Bicep file | Open Microsoft Learn | Template export and Bicep decompile | Know exported templates are a starting point, not perfect production IaC. Expect conversion/export scenario questions. | Learn presents ARM-to-Bicep decompile and limitations of generated files. |
Create and configure virtual machines
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Create a virtual machine | Open Microsoft Learn | VM creation and base configuration | Know region, image, size, disks, admin access, networking, NSG, and availability options. Expect portal workflow questions. | Learn shows VM creation steps and core VM properties. |
| Configure encryption at host for Azure virtual machines | Open Microsoft Learn | End-to-end encryption for VM data at host | Know encryption at host protects temp disks and caches in addition to managed disks. Exam angle: meet strict encryption requirement. | Learn explains prerequisites and enablement for encryption at host. |
| Move a virtual machine to another resource group, subscription, or region | Open Microsoft Learn | Resource move constraints and Azure Resource Mover | Know that moving between resource groups/subscriptions differs from regional move. Expect questions about dependencies and unsupported move cases. | Learn represents moves as validated operations with resource-specific limitations. |
| Manage virtual machine sizes | Open Microsoft Learn | Resize VMs and understand size families | Choose size based on CPU, memory, disk, GPU, and workload. Exam angle: resize VM and understand deallocation may be required. | Learn categorizes VM sizes by workload family and capability. |
| Manage virtual machine disks | Open Microsoft Learn | Managed disks, OS/data disks, performance, and snapshots | Know disk types, attach/detach, resize, snapshots, and encryption. Expect performance/cost disk SKU questions. | Learn presents managed disk lifecycle and performance options. |
| Deploy virtual machines to availability zones and availability sets | Open Microsoft Learn | VM availability and fault isolation | Know availability zones protect from datacenter failure; availability sets use fault/update domains. Expect HA design questions. | Learn compares availability options and SLA impact. |
| Deploy and configure Azure Virtual Machine Scale Sets | Open Microsoft Learn | Autoscaling groups of VMs | Know scale sets provide identical VM instances, autoscale, and load balancing. Exam angle: choose VMSS for scalable compute. | Learn represents VMSS as orchestration for scalable VM workloads. |
Provision and manage containers in the Azure portal
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Create and manage an Azure Container Registry | Open Microsoft Learn | Private registry for container images | Know ACR stores images and integrates with Container Apps, ACI, AKS, and identity access. Expect push/pull and SKU questions. | Learn shows registry creation, image push, repository, and access management. |
| Provision a container by using Azure Container Instances | Open Microsoft Learn | Serverless single-container or simple group workloads | Choose ACI for quick, isolated containers without orchestration. Exam angle: run container image with CPU/memory and restart policy. | Learn presents ACI as simple container execution from portal or CLI. |
| Provision a container by using Azure Container Apps | Open Microsoft Learn | Managed container apps with scaling and revisions | Know Container Apps for microservices, HTTP ingress, KEDA-based scaling, and revisions. Expect choose-service questions vs ACI/App Service. | Learn shows creating apps, environments, ingress, scaling, and revisions. |
| Manage sizing and scaling for containers, including ACI and Container Apps | Open Microsoft Learn | CPU, memory, replicas, scale rules | Know ACI uses requested CPU/memory, while Container Apps can scale replicas based on triggers. Exam angle: configure scaling behavior. | Learn represents scaling through container resources, min/max replicas, and event-based rules. |
Create and configure Azure App Service
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Provision an App Service plan | Open Microsoft Learn | Hosting plan for App Service apps | Know pricing tier controls compute, features, and scale. Expect questions about where apps run and how plans affect cost. | Learn presents App Service plans as compute containers for one or more apps. |
| Configure scaling for an App Service plan | Open Microsoft Learn | Scale up/out for App Service | Know scale up changes tier/size and scale out changes instance count. Exam angle: solve performance or availability requirements. | Learn shows manual scale and autoscale options. |
| Create an App Service | Open Microsoft Learn | Deploy web apps to managed Azure hosting | Know runtime stack, region, plan, deployment method, and basic app settings. Expect create-web-app workflow questions. | Learn presents App Service creation and deployment as a managed PaaS task. |
| Configure certificates and TLS for an App Service | Open Microsoft Learn | HTTPS, TLS bindings, and certificates | Know managed certificates vs uploaded certificates and SNI SSL binding. Expect custom domain HTTPS questions. | Learn shows certificate import/create and TLS binding to custom domains. |
| Map an existing custom DNS name to an App Service | Open Microsoft Learn | Custom domain mapping | Know CNAME vs A records, domain verification, and TXT records. Exam angle: configure a web app with custom hostname. | Learn shows DNS record creation and App Service domain validation. |
| Configure backup for an App Service | Open Microsoft Learn | App and database backup for supported tiers | Know backup schedule, storage account requirement, and restore options. Exam angle: protect and restore web app configuration/content. | Learn presents backups as scheduled app snapshots stored in Azure Storage. |
| Configure networking settings for an App Service | Open Microsoft Learn | Inbound/outbound App Service networking | Know VNet integration, private endpoint, access restrictions, and hybrid connections conceptually. Expect network-isolation questions. | Learn separates inbound access control from outbound VNet integration features. |
| Configure deployment slots for an App Service | Open Microsoft Learn | Staging slots and swap | Know slots support testing, warm-up, and rollback through swaps. Expect slot setting vs swapped setting questions. | Learn shows slot creation, deployment, swap, and traffic routing. |
Implement and manage virtual networking
Configure and manage virtual networks in Azure
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Create and configure virtual networks and subnets | Open Microsoft Learn | VNet address spaces, subnets, and IP planning | Know CIDR, subnet sizing, reserved addresses, and subnet association with NSGs/routes. Expect address-overlap and subnet planning questions. | Learn shows VNet and subnet creation plus basic VM connectivity. |
| Create and configure virtual network peering | Open Microsoft Learn | Private connectivity between VNets | Know peering is non-transitive by default, supports gateway transit options, and requires non-overlapping address spaces. Expect connectivity design questions. | Learn shows bidirectional peering setup and connectivity testing. |
| Configure public IP addresses | Open Microsoft Learn | Public IP resources, SKU, allocation, and association | Know static vs dynamic, Basic vs Standard concepts, and where public IPs attach. Exam angle: expose resources securely. | Learn represents public IP as a separate resource used by NICs, load balancers, gateways, and Bastion. |
| Configure user-defined routes | Open Microsoft Learn | Route tables and next-hop control | Know UDRs override system routes and are associated to subnets. Expect questions about routing traffic through NVAs or firewalls. | Learn shows route table creation, subnet association, and effective route behavior. |
| Troubleshoot network connectivity | Open Microsoft Learn | Connectivity diagnostics and effective routes/security | Use Network Watcher tools for connectivity checks, IP flow verify, next hop, and packet capture. Expect diagnose-why-VM-cannot-connect scenarios. | Learn presents troubleshooting as step-by-step tests through Network Watcher. |
Configure secure access to virtual networks
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Create and configure NSGs and application security groups | Open Microsoft Learn | Layer 3/4 traffic filtering and workload grouping | Know NSG rule priority, direction, source/destination, service tags, ASGs, and default rules. Expect allow/deny evaluation questions. | Learn explains NSG rules, default rules, priority, and association to subnet or NIC. |
| Evaluate effective security rules in NSGs | Open Microsoft Learn | Understand resulting access after multiple NSG assignments | Know subnet and NIC NSGs combine, lower priority number wins, and default deny inbound applies. Exam angle: determine whether traffic is allowed. | Learn shows effective security rules and IP flow verification. |
| Implement Azure Bastion | Open Microsoft Learn | Secure RDP/SSH through browser without public IP | Know Bastion requires AzureBastionSubnet and removes need for public IP on VMs. Expect secure administration scenario questions. | Learn presents Bastion architecture, SKU concepts, and connection workflow. |
| Configure service endpoints for Azure PaaS | Open Microsoft Learn | Extend VNet identity to selected Azure service public endpoints | Know service endpoints keep service public IPs but restrict access to selected VNets. Exam angle: choose service endpoint vs private endpoint. | Learn explains supported services, subnet configuration, and service firewall integration. |
| Configure private endpoints for Azure PaaS | Open Microsoft Learn | Private Link access to PaaS over private IP | Know private endpoints assign a NIC/private IP in your VNet and often require private DNS. Expect secure PaaS access questions. | Learn presents Private Link architecture, private endpoint NICs, and DNS integration. |
Configure name resolution and load balancing
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Configure Azure DNS | Open Microsoft Learn | Public DNS zones and record sets | Know DNS zones, record types, delegation, and Azure-hosted public DNS. Expect custom domain/name-resolution questions. | Learn represents Azure DNS through zones, record sets, and name-server delegation. |
| Configure an internal or public load balancer | Open Microsoft Learn | Layer 4 load balancing for TCP/UDP | Know frontend IP, backend pool, health probe, and load-balancing rules. Exam angle: choose internal vs public load balancer. | Learn shows load balancer components and traffic distribution model. |
| Troubleshoot load balancing | Open Microsoft Learn | Probe, backend, rule, and connectivity diagnostics | Know unhealthy probes remove instances from rotation. Expect questions about why traffic does not reach backend VMs. | Learn presents troubleshooting through probes, metrics, rules, and backend health checks. |
Monitor and maintain Azure resources
Monitor resources in Azure
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Interpret metrics in Azure Monitor | Open Microsoft Learn | Numerical platform and resource metrics | Know metrics are near real-time numeric time-series data. Expect questions interpreting CPU, availability, latency, and aggregation charts. | Learn explains metric namespaces, dimensions, aggregation, and metric explorer. |
| Configure log settings in Azure Monitor | Open Microsoft Learn | Diagnostic settings and log destinations | Know diagnostic settings send resource logs/metrics to Log Analytics, Storage, or Event Hubs. Exam angle: capture logs for compliance or analysis. | Learn shows categories, destinations, retention considerations, and resource-level configuration. |
| Query and analyze logs in Azure Monitor | Open Microsoft Learn | Kusto Query Language in Log Analytics | Know basic KQL filtering, summarizing, and time range concepts. Expect simple query interpretation questions. | Learn represents log analysis through Log Analytics workspaces and KQL queries. |
| Set up alert rules, action groups, and alert processing rules | Open Microsoft Learn | Azure Monitor alerting workflow | Know signal, condition, action group, severity, and processing rules. Exam angle: notify admins when metric/log condition is met. | Learn shows alert rule types and how actions are triggered. |
| Configure and interpret monitoring of VMs, storage accounts, and networks by using Azure Monitor Insights | Open Microsoft Learn | Resource-specific insight workbooks and monitoring experiences | Know VM Insights, Storage insights, and Network insights help visualize health and performance. Expect choose-monitoring-tool questions. | Learn presents Insights as curated monitoring views built on Azure Monitor data. |
| Use Azure Network Watcher and Connection Monitor | Open Microsoft Learn | Network diagnostics and end-to-end connectivity monitoring | Know Connection Monitor tracks reachability and latency between endpoints. Expect troubleshoot connectivity and monitor network path questions. | Learn shows test groups, endpoints, probes, and network diagnostics. |
Implement backup and recovery
| Official objective bullet | Microsoft Learn documentation | Topic covered | Main points / likely exam angle | How Microsoft Learn represents it |
|---|---|---|---|---|
| Create a Recovery Services vault | Open Microsoft Learn | Vault for Azure Backup and Site Recovery | Know Recovery Services vault stores backup data and ASR metadata. Exam angle: prerequisite for backing up Azure VMs or configuring replication. | Learn shows vault creation, region selection, redundancy, and protection setup. |
| Create an Azure Backup vault | Open Microsoft Learn | Newer vault type for supported backup workloads | Know Backup vault is used by newer Azure Backup workloads and differs from Recovery Services vault. Expect identify-correct-vault questions. | Learn explains Backup vault architecture, supported datasources, and management model. |
| Create and configure a backup policy | Open Microsoft Learn | Backup schedule and retention | Know policy defines frequency and retention. Expect questions about daily/weekly/monthly retention and applying policies to VMs. | Learn shows policy creation and VM protection configuration. |
| Perform backup and restore operations by using Azure Backup | Open Microsoft Learn | Protect and recover Azure resources | Know restore options such as create new VM, restore disks, or replace existing disk where supported. Expect recovery scenario questions. | Learn presents backup jobs, recovery points, and restore workflows. |
| Configure Azure Site Recovery for Azure resources | Open Microsoft Learn | Disaster recovery replication for Azure VMs | Know ASR replicates workloads to another region for DR. Exam angle: configure replication, target region, and recovery plan conceptually. | Learn shows enabling replication for Azure VMs and prerequisites. |
| Perform a failover to a secondary region by using Site Recovery | Open Microsoft Learn | Planned/unplanned failover and failback concepts | Know test failover vs failover, commit, and reprotect. Expect DR operation ordering questions. | Learn represents failover as controlled recovery steps using recovery points and plans. |
| Configure and interpret reports and alerts for backups | Open Microsoft Learn | Backup monitoring, alerts, and reports | Know how to monitor backup jobs, failures, alerts, and reports. Exam angle: notify admins of failed backups and review compliance. | Learn shows Backup Center, Azure Monitor alerts, logs, and reports. |
Fast revision checklist
- Know Microsoft Entra users, groups, SSPR, guest users, and licensing.
- Understand Azure RBAC roles, scopes, inheritance, and effective access.
- Use Azure Policy, tags, locks, management groups, and budgets for governance.
- Choose the right storage redundancy, access control, SAS, keys, and firewall settings.
- Know blob tiers, lifecycle management, versioning, snapshots, and soft delete.
- Read basic ARM and Bicep files and understand deployment scope.
- Configure VMs, disks, availability, scale sets, containers, and App Service.
- Plan VNets, subnets, peering, routes, NSGs, Bastion, service endpoints, and private endpoints.
- Troubleshoot connectivity using effective routes, NSG rules, Network Watcher, and Connection Monitor.
- Use Azure Monitor metrics, logs, alerts, insights, Backup, and Site Recovery.
Suggested study order
Start with identity and RBAC because they affect almost every Azure resource. Then study storage and networking, because many AZ-104 questions combine access, routing, endpoints, and security rules. Finish with compute, monitoring, backup, and disaster recovery. For each objective, open the linked Microsoft Learn page and practice the portal workflow or CLI command at least once.
