Manage Azure identities and governance (20–25%)

Overview

AZ-104 is a Microsoft certification course designed for IT professionals seeking to validate their skills in managing Azure resources, services and infrastructure. This course prepares learners for the Microsoft Certified: Azure Administrator Associate exam.

Course Objectives

Monitor and Troubleshoot Azure Resources: Monitor Azure resources using Azure Monitor, Azure Log Analytics and Azure Network Watcher.

  • Manage Azure Subscriptions and Resources: Learn to create, configure and manage Azure subscriptions, resource groups and resources.
  • Implement Storage Solutions: Understand Azure Storage services, including blob storage, file storage and disk storage.
  • Deploy and Manage Virtual Machines: Deploy, configure and manage virtual machines, including networking and security.
  • Configure and Manage Virtual Networks: Create, configure and manage virtual networks, subnets and network security groups.
  • Manage Azure Active Directory: Manage Azure AD, including user and group management, authentication and authorization.

Manage Microsoft Entra users and groups

  • Create users and groups
  • Manage user and group properties
  • Manage licenses in Microsoft Entra ID
  • Manage external users
  • Configure self-service password reset (SSPR)

Manage access to Azure resources

  • Manage built-in Azure roles
  • Assign roles at different scopes
  • Interpret access assignments

Manage Azure subscriptions and governance

  • Implement and manage Azure Policy
  • Configure resource locks
  • Apply and manage tags on resources
  • Manage resource groups
  • Manage subscriptions
  • Manage costs by using alerts, budgets, and Azure Advisor recommendations
  • Configure management groups

Implement and manage storage (15–20%)

Configure access to storage

  • Configure Azure Storage firewalls and virtual networks
  • Create and use shared access signature (SAS) tokens
  • Configure stored access policies
  • Manage access keys
  • Configure identity-based access for Azure Files

Configure and manage storage accounts

  • Create and configure storage accounts
  • Configure Azure Storage redundancy
  • Configure object replication
  • Configure storage account encryption
  • Manage data by using Azure Storage Explorer and AzCopy

Configure Azure Files and Azure Blob Storage

  • Create and configure a file share in Azure Storage
  • Create and configure a container in Blob Storage
  • Configure storage tiers
  • Configure snapshots and soft delete for Azure Files
  • Configure blob lifecycle management
  • Configure blob versioning

Deploy and manage Azure compute resources (20–25%)

Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files

  • Interpret an Azure Resource Manager template or a Bicep file
  • Modify an existing Azure Resource Manager template
  • Modify an existing Bicep file
  • Deploy resources by using an Azure Resource Manager template or a Bicep file
  • Export a deployment as an Azure Resource Manager template or convert an Azure Resource Manager template to a Bicep file

Create and configure virtual machines

  • Create a virtual machine
  • Configure Azure Disk Encryption
  • Move a virtual machine to another resource group, subscription, or region
  • Manage virtual machine sizes
  • Manage virtual machine disks
  • Deploy virtual machines to availability zones and availability sets
  • Deploy and configure an Azure Virtual Machine Scale Sets

Provision and manage containers in the Azure portal

  • Create and manage an Azure container registry
  • Provision a container by using Azure Container Instances
  • Provision a container by using Azure Container Apps
  • Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps

Create and configure Azure App Service

  • Provision an App Service plan
  • Configure scaling for an App Service plan
  • Create an App Service
  • Configure certificates and Transport Layer Security (TLS) for an App Service
  • Map an existing custom DNS name to an App Service
  • Configure backup for an App Service
  • Configure networking settings for an App Service
  • Configure deployment slots for an App Service

Implement and manage virtual networking (15–20%)

Configure and manage virtual networks in Azure

  • Create and configure virtual networks and subnets
  • Create and configure virtual network peering
  • Configure public IP addresses
  • Configure user-defined network routes
  • Troubleshoot network connectivity

Configure secure access to virtual networks

  • Create and configure network security groups (NSGs) and application security groups
  • Evaluate effective security rules in NSGs
  • Implement Azure Bastion
  • Configure service endpoints for Azure platform as a service (PaaS)
  • Configure private endpoints for Azure PaaS

Configure name resolution and load balancing

  • Configure Azure DNS
  • Configure an internal or public load balancer
  • Troubleshoot load balancing

Monitor and maintain Azure resources (10–15%)

Monitor resources in Azure

  • Interpret metrics in Azure Monitor
  • Configure log settings in Azure Monitor
  • Query and analyze logs in Azure Monitor
  • Set up alert rules, action groups, and alert processing rules in Azure Monitor
  • Configure and interpret monitoring of virtual machines, storage accounts, and networks by using Azure Monitor Insights
  • Use Azure Network Watcher and Connection Monitor

Implement backup and recovery

  • Create a Recovery Services vault
  • Create an Azure Backup vault
  • Create and configure a backup policy
  • Perform backup and restore operations by using Azure Backup
  • Configure Azure Site Recovery for Azure resources
  • Perform a failover to a secondary region by using Site Recovery
  • Configure and interpret reports and alerts for backups