Study guide for Exam AZ-104: Microsoft Azure Administrator
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description |
|---|---|
| Review the skills measured as of October 27, 2022 | This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date. |
| Review the skills measured prior to October 27, 2022 | Study this list of skills if you take your exam PRIOR to the date provided. |
| Change log | You can go directly to the change log if you want to see the changes that will be made on the date provided. |
| How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. |
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
| Your Microsoft Learn profile | Connecting your certification profile to Learn allows you to schedule and renew exams and share and print certificates. |
| Passing score | A score of 700 or greater is required to pass. |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
| Take a free Practice Assessment | Test your skills with practice questions to help you prepare for the exam. |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of October 27, 2022
Audience Profile
Candidates for this exam should have subject matter expertise in implementing, managing, and monitoring an organization’s Microsoft Azure environment, including virtual networks, storage, compute, identity, security, and governance.
An Azure administrator often serves as part of a larger team dedicated to implementing an organization's cloud infrastructure. Azure administrators also coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.
Candidates for this exam should be familiar with operating systems, networking, servers, and virtualization. In addition, professionals in this role should have experience using PowerShell, Azure CLI, the Azure portal, Azure Resource Manager templates (ARM templates), and Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.
Manage Azure identities and governance (15–20%)
Implement and manage storage (15–20%)
Deploy and manage Azure compute resources (20–25%)
Configure and manage virtual networking (20-25%)
Monitor and maintain Azure resources (10–15%)
Manage Azure identities and governance (15–20%)
Manage Azure AD objects
Create users and groups
Manage licenses in Azure AD
Create administrative units
Manage user and group properties
Manage device settings and device identity
Perform bulk updates
Manage guest accounts
Configure self-service password reset
Manage access control
Create custom role-based access control (RBAC) and Azure AD roles
Provide access to Azure resources by assigning roles at different scopes
Interpret access assignments
Manage Azure subscriptions and governance
Configure and manage Azure Policy
Configure resource locks
Apply and manage tags on resources
Manage resource groups
Manage subscriptions
Manage costs by using alerts, budgets, and recommendations
Configure management groups
Implement and manage storage (15–20%)
Configure access to storage
Configure network access to storage accounts
Create and configure storage accounts
Generate shared access signature tokens
Configure stored access policies
Manage access keys
Configure Azure AD authentication for a storage account
Configure storage encryption
Manage data in Azure storage accounts
Create import and export jobs
Manage data by using Azure Storage Explorer and AzCopy
Implement Azure Storage redundancy
Configure object replication
Configure Azure Files and Azure Blob Storage
Create an Azure file share
Configure Azure Blob Storage
Configure storage tiers
Configure blob lifecycle management
Deploy and manage Azure compute resources (20–25%)
Automate deployment of resources by using templates
Modify an ARM template
Deploy a template
Save a deployment as an ARM template
Deploy virtual machine (VM) extensions
Create and configure VMs
Create a VM
Manage images by using the Azure Compute Gallery
Configure Azure Disk Encryption
Move VMs from one resource group to another
Manage VM sizes
Add data disks
Configure VM network settings
Configure VM availability options
Deploy and configure VM scale sets
Create and configure containers
Configure sizing and scaling for Azure Container Instances
Configure container groups for Azure Container Instances
Create and configure Azure Container Apps
Configure storage for Azure Kubernetes Service (AKS)
Configure scaling for AKS
Configure network connections for AKS
Upgrade an AKS cluster
Create and configure an Azure App Service
Create an App Service plan
Configure scaling settings in an App Service plan
Create an App Service
Secure an App Service
Configure custom domain names
Configure backup for an App Service
Configure networking settings
Configure deployment settings
Configure and manage virtual networking (20–25%)
Configure virtual networks
Create and configure virtual networks and subnets
Create and configure virtual network peering
Configure private and public IP addresses
Configure user-defined network routes
Configure Azure DNS
Configure secure access to virtual networks
Create and configure network security groups (NSGs) and application security groups (ASGs)
Evaluate effective security rules
Implement Azure Bastion
Configure service endpoints on subnets
Configure private endpoints
Configure load balancing
Configure Azure Application Gateway
Configure an internal or public load balancer
Troubleshoot load balancing
Monitor virtual networking
Monitor on-premises connectivity
Configure and use Azure Monitor for networks
Use Azure Network Watcher
Troubleshoot external networking
Troubleshoot virtual network connectivity
Monitor and maintain Azure resources (10–15%)
Monitor resources by using Azure Monitor
Configure and interpret metrics
Configure Azure Monitor Logs
Query and analyze logs
Set up alerts and actions
Configure monitoring of VMs, storage accounts, and networks by using VM insights
Implement backup and recovery
Create an Azure Recovery Services vault
Create an Azure Backup vault
Create and configure backup policy
Perform backup and restore operations by using Azure Backup
Configure Azure Site Recovery for Azure resources
Perform failover to a secondary region by using Azure Site Recovery
Configure and review backup reports
Study Resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
| Study resources | Links to learning and documentation |
|---|---|
| Get trained | Choose from self-paced learning paths and modules or take an instructor-led course |
| Find documentation | Azure documentation Azure Active Directory (AD) Azure Policy Storage Storage Explorer Blob Storage ARM templates Container Instances Azure Kubernetes Service (AKS) App Service Azure DNS Azure Bastion Application Gateway Azure Monitor Network Watcher Azure Site Recovery Azure Backup |
| Ask a question | Microsoft Q&A | Microsoft Docs |
| Get community support | Azure Community Support |
| Follow Microsoft Learn | Microsoft Learn - Microsoft Tech Community |
| Find a video | Exam Readiness Zone Azure Fridays Browse other Microsoft Learn shows |
Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.
| Skill area prior to October 27, 2022 | Skill area as of October 27, 2022 | Change |
|---|---|---|
| Audience profile | Minor | |
| Manage Azure identities and governance | Manage Azure identities and governance | No change |
| Manage Azure Active Directory (Azure AD) objects | Manage Azure AD objects | Minor |
| Manage access control | Manage access control | No change |
| Manage Azure subscriptions and governance | Manage Azure subscriptions and governance | No change |
| Implement and manage storage | Implement and manage storage | No change |
| Configure access to storage | Configure access to storage | No change |
| Manage data in Azure storage accounts | Manage data in Azure storage accounts | No change |
| Configure Azure Files and Azure Blob Storage | Configure Azure Files and Azure Blob Storage | No change |
| Deploy and manage Azure compute resources | Deploy and manage Azure compute resources | No change |
| Automate deployment of resources by using templates | Automate deployment of resources by using templates | No change |
| Create and configure VMs | Create and configure VMs | No change |
| Create and configure containers | Create and configure containers | Minor |
| Create and configure an Azure App Service | Create and configure an Azure App Service | No change |
| Configure and manage virtual networking | Configure and manage virtual networking | No change |
| Configure virtual networks | Configure virtual networks | No change |
| Configure secure access to virtual networks | Configure secure access to virtual networks | No change |
| Configure load balancing | Configure load balancing | No change |
| Monitor virtual networking | Monitor virtual networking | No change |
| Monitor and maintain Azure resources | Monitor and maintain Azure resources | No change |
| Monitor resources by using Azure Monitor | Monitor resources by using Azure Monitor | No change |
| Implement backup and recovery | Implement backup and recovery | No change |
Skills measured prior to October 27, 2022
Audience profile
Candidates for this exam should have subject matter expertise in implementing, managing, and monitoring an organization’s Microsoft Azure environment, including virtual networks, storage, compute, identity, security, and governance.
An Azure administrator often serves as part of a larger team dedicated to implementing an organization's cloud infrastructure. Azure administrators also coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.
Candidates for this exam should be familiar with operating systems, networking, servers, and virtualization. In addition, professionals in this role should have experience using PowerShell, Azure CLI, the Azure portal, and Azure Resource Manager templates (ARM templates).
Manage Azure identities and governance (15–20%)
Implement and manage storage (15–20%)
Deploy and manage Azure compute resources (20–25%)
Configure and manage virtual networking (20-25%)
Monitor and maintain Azure resources (10–15%)
Manage Azure identities and governance (15–20%)
Manage Azure Active Directory (Azure AD) objects
Create users and groups
Manage licenses in Azure AD
Create administrative units
Manage user and group properties
Manage device settings and device identity
Perform bulk updates
Manage guest accounts
Configure self-service password reset
Manage access control
Create custom role-based access control (RBAC) and Azure AD roles
Provide access to Azure resources by assigning roles at different scopes
Interpret access assignments
Manage Azure subscriptions and governance
Configure and manage Azure Policy
Configure resource locks
Apply and manage tags on resources
Manage resource groups
Manage subscriptions
Manage costs by using alerts, budgets, and recommendations
Configure management groups
Implement and manage storage (15–20%)
Configure access to storage
Configure network access to storage accounts
Create and configure storage accounts
Generate shared access signature tokens
Configure stored access policies
Manage access keys
Configure Azure AD authentication for a storage account
Configure storage encryption
Manage data in Azure storage accounts
Create import and export jobs
Manage data by using Azure Storage Explorer and AzCopy
Implement Azure Storage redundancy
Configure object replication
Configure Azure Files and Azure Blob Storage
Create an Azure file share
Configure Azure Blob Storage
Configure storage tiers
Configure blob lifecycle management
Deploy and manage Azure compute resources (20–25%)
Automate deployment of resources by using templates
Modify an ARM template
Deploy a template
Save a deployment as an ARM template
Deploy virtual machine (VM) extensions
Create and configure VMs
Create a VM
Manage images by using the Azure Compute Gallery
Configure Azure Disk Encryption
Move VMs from one resource group to another
Manage VM sizes
Add data disks
Configure VM network settings
Configure VM availability options
Deploy and configure VM scale sets
Create and configure containers
Configure sizing and scaling for Azure Container Instances
Configure container groups for Azure Container Instances
Configure storage for Azure Kubernetes Service (AKS)
Configure scaling for AKS
Configure network connections for AKS
Upgrade an AKS cluster
Create and configure an Azure App Service
Create an App Service plan
Configure scaling settings in an App Service plan
Create an App Service
Secure an App Service
Configure custom domain names
Configure backup for an App Service
Configure networking settings
Configure deployment settings
Configure and manage virtual networking (20–25%)
Configure virtual networks
Create and configure virtual networks and subnets
Create and configure virtual network peering
Configure private and public IP addresses
Configure user-defined network routes
Configure Azure DNS
Configure secure access to virtual networks
Create and configure network security groups (NSGs) and application security groups (ASGs)
Evaluate effective security rules
Implement Azure Bastion
Configure service endpoints on subnets
Configure private endpoints
Configure load balancing
Configure Azure Application Gateway
Configure an internal or public load balancer
Troubleshoot load balancing
Monitor virtual networking
Monitor on-premises connectivity
Configure and use Azure Monitor for networks
Use Azure Network Watcher
Troubleshoot external networking
Troubleshoot virtual network connectivity
Monitor and maintain Azure resources (10–15%)
Monitor resources by using Azure Monitor
Configure and interpret metrics
Configure Azure Monitor Logs
Query and analyze logs
Set up alerts and actions
Configure monitoring of VMs, storage accounts, and networks by using VM insights
Implement backup and recovery
Create an Azure Recovery Services vault
Create an Azure Backup vault
Create and configure backup policy
Perform backup and restore operations by using Azure Backup
Configure Azure Site Recovery for Azure resources
Perform failover to a secondary region by using Azure Site Recovery
Configure and review backup reports