Study guide for Exam AZ-104: Microsoft Azure Administrator
Purpose of this document
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
| Useful links | Description |
|---|---|
| Review the skills measured as of October 26, 2023 | This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date. |
| Review the skills measured prior to October 26, 2023 | Study this list of skills if you take your exam PRIOR to the date provided. |
| Change log | You can go directly to the change log if you want to see the changes that will be made on the date provided. |
| How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. |
| Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
| Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. |
| Exam scoring and score reports | A score of 700 or greater is required to pass. |
| Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
| Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
| Take a free Practice Assessment | Test your skills with practice questions to help you prepare for the exam. |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of October 26, 2023
Audience profile
As a candidate for this exam, you should have subject matter expertise in implementing, managing, and monitoring an organization’s Microsoft Azure environment, including virtual networks, storage, compute, identity, security, and governance.
As an Azure administrator, you often serve as part of a larger team dedicated to implementing an organization's cloud infrastructure. You also coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.
You should be familiar with:
Operating systems
Networking
Servers
Virtualization
In addition, you should have experience with:
PowerShell
Azure CLI
The Azure portal
Azure Resource Manager templates
Microsoft Entra ID
Skills at a glance
Manage Azure identities and governance (20–25%)
Implement and manage storage (15–20%)
Deploy and manage Azure compute resources (20–25%)
Implement and manage virtual networking (15–20%)
Monitor and maintain Azure resources (10–15%)
Manage Azure identities and governance (20–25%)
Manage Microsoft Entra users and groups
Create users and groups
Manage user and group properties
Manage licenses in Microsoft Entra ID
Manage external users
Configure self-service password reset (SSPR)
Manage access to Azure resources
Manage built-in Azure roles
Assign roles at different scopes
Interpret access assignments
Manage Azure subscriptions and governance
Implement and manage Azure Policy
Configure resource locks
Apply and manage tags on resources
Manage resource groups
Manage subscriptions
Manage costs by using alerts, budgets, and Azure Advisor recommendations
Configure management groups
Implement and manage storage (15–20%)
Configure access to storage
Configure Azure Storage firewalls and virtual networks
Create and use shared access signature (SAS) tokens
Configure stored access policies
Manage access keys
Configure identity-based access for Azure Files
Configure and manage storage accounts
Create and configure storage accounts
Configure Azure Storage redundancy
Configure object replication
Configure storage account encryption
Manage data by using Azure Storage Explorer and AzCopy
Configure Azure Files and Azure Blob Storage
Create and configure a file share in Azure Storage
Create and configure a container in Blob Storage
Configure storage tiers
Configure snapshots and soft delete for Azure Files
Configure blob lifecycle management
Configure blob versioning
Deploy and manage Azure compute resources (20–25%)
Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files
Interpret an Azure Resource Manager template or a Bicep file
Modify an existing Azure Resource Manager template
Modify an existing Bicep file
Deploy resources by using an Azure Resource Manager template or a Bicep file
Export a deployment as an Azure Resource Manager template or convert an Azure Resource Manager template to a Bicep file
Create and configure virtual machines
Create a virtual machine
Configure Azure Disk Encryption
Move a virtual machine to another resource group, subscription, or region
Manage virtual machine sizes
Manage virtual machine disks
Deploy virtual machines to availability zones and availability sets
Deploy and configure an Azure Virtual Machine Scale Sets
Provision and manage containers in the Azure portal
Create and manage an Azure container registry
Provision a container by using Azure Container Instances
Provision a container by using Azure Container Apps
Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps
Create and configure Azure App Service
Provision an App Service plan
Configure scaling for an App Service plan
Create an App Service
Configure certificates and Transport Layer Security (TLS) for an App Service
Map an existing custom DNS name to an App Service
Configure backup for an App Service
Configure networking settings for an App Service
Configure deployment slots for an App Service
Implement and manage virtual networking (15–20%)
Configure and manage virtual networks in Azure
Create and configure virtual networks and subnets
Create and configure virtual network peering
Configure public IP addresses
Configure user-defined network routes
Troubleshoot network connectivity
Configure secure access to virtual networks
Create and configure network security groups (NSGs) and application security groups
Evaluate effective security rules in NSGs
Implement Azure Bastion
Configure service endpoints for Azure platform as a service (PaaS)
Configure private endpoints for Azure PaaS
Configure name resolution and load balancing
Configure Azure DNS
Configure an internal or public load balancer
Troubleshoot load balancing
Monitor and maintain Azure resources (10–15%)
Monitor resources in Azure
Interpret metrics in Azure Monitor
Configure log settings in Azure Monitor
Query and analyze logs in Azure Monitor
Set up alert rules, action groups, and alert processing rules in Azure Monitor
Configure and interpret monitoring of virtual machines, storage accounts, and networks by using Azure Monitor Insights
Use Azure Network Watcher and Connection Monitor
Implement backup and recovery
Create a Recovery Services vault
Create an Azure Backup vault
Create and configure a backup policy
Perform backup and restore operations by using Azure Backup
Configure Azure Site Recovery for Azure resources
Perform a failover to a secondary region by using Site Recovery
Configure and interpret reports and alerts for backups
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
| Study resources | Links to learning and documentation |
|---|---|
| Get trained | Choose from self-paced learning paths and modules or take an instructor-led course |
| Find documentation | Azure documentation Microsoft Entra ID Azure Policy Azure Storage Azure Storage Explorer Azure Blob Storage ARM templates Azure Container Instances Azure Container Apps App Service Azure DNS Azure Bastion Application Gateway Azure Monitor Network Watcher Azure Site Recovery Azure Backup service |
| Ask a question | Microsoft Q&A | Microsoft Docs |
| Get community support | Azure Community Support |
| Follow Microsoft Learn | Microsoft Learn - Microsoft Tech Community |
| Find a video | Exam Readiness Zone Azure Fridays Browse other Microsoft Learn shows |
Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.
| Skill area prior to October 26, 2023 | Skill area as of October 26, 2023 | Change |
|---|---|---|
| Audience profile | Minor | |
| Manage Azure identities and governance | Manage Azure identities and governance | No change |
| Manage Azure AD users and groups | Manage Microsoft Entra users and groups | Minor |
| Manage access to Azure resources | Manage access to Azure resources | No change |
| Manage Azure subscriptions and governance | Manage Azure subscriptions and governance | No change |
| Implement and manage storage | Implement and manage storage | No change |
| Configure access to storage | Configure access to storage | No change |
| Configure and manage storage accounts | Configure and manage storage accounts | No change |
| Configure Azure Files and Azure Blob Storage | Configure Azure Files and Azure Blob Storage | No change |
| Deploy and manage Azure compute resources | Deploy and manage Azure compute resources | No change |
| Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files | Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files | No change |
| Create and configure VMs | Create and configure virtual machines | No change |
| Provision and manage containers in the Azure portal | Provision and manage containers in the Azure portal | No change |
| Create and configure an Azure App Service | Create and configure an Azure App Service | No change |
| Implement and manage virtual networking | Implement and manage virtual networking | No change |
| Configure and manage virtual networks in Azure | Configure and manage virtual networks in Azure | No change |
| Configure secure access to virtual networks | Configure secure access to virtual networks | No change |
| Configure name resolution and load balancing | Configure name resolution and load balancing | No change |
| Monitor and maintain Azure resources | Monitor and maintain Azure resources | No change |
| Monitor resources in Azure | Monitor resources in Azure | No change |
| Implement backup and recovery | Implement backup and recovery | No change |
Skills measured prior to October 26, 2023
Audience profile
Candidates for this exam should have subject matter expertise in implementing, managing, and monitoring an organization’s Microsoft Azure environment, including virtual networks, storage, compute, identity, security, and governance.
An Azure administrator often serves as part of a larger team dedicated to implementing an organization's cloud infrastructure. Azure administrators also coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.
Candidates for this exam should be familiar with operating systems, networking, servers, and virtualization. In addition, professionals in this role should have experience using PowerShell, Azure Command-Line Interface (CLI), the Azure portal, Azure Resource Manager (ARM) templates, and Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.
Skills at a glance
Manage Azure identities and governance (20–25%)
Implement and manage storage (15–20%)
Deploy and manage Azure compute resources (20–25%)
Implement and manage virtual networking (15–20%)
Monitor and maintain Azure resources (10–15%)
Manage Azure identities and governance (20–25%)
Manage Azure AD users and groups
Create users and groups
Manage user and group properties
Manage licenses in Azure AD
Manage external users
Configure self-service password reset (SSPR)
Manage access to Azure resources
Manage built-in Azure roles
Assign roles at different scopes
Interpret access assignments
Manage Azure subscriptions and governance
Implement and manage Azure Policy
Configure resource locks
Apply and manage tags on resources
Manage resource groups
Manage subscriptions
Manage costs by using alerts, budgets, and Azure Advisor recommendations
Configure management groups
Implement and manage storage (15–20%)
Configure access to storage
Configure Azure Storage firewalls and virtual networks
Create and use shared access signature (SAS) tokens
Configure stored access policies
Manage access keys
Configure identity-based access for Azure Files
Configure and manage storage accounts
Create and configure storage accounts
Configure Azure Storage redundancy
Configure object replication
Configure storage account encryption
Manage data by using Azure Storage Explorer and AzCopy
Configure Azure Files and Azure Blob Storage
Create and configure a file share in Azure Storage
Create and configure a container in Blob Storage
Configure storage tiers
Configure snapshots and soft delete for Azure Files
Configure blob lifecycle management
Configure blob versioning
Deploy and manage Azure compute resources (20–25%)
Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files
Interpret an ARM template or a Bicep file
Modify an existing ARM template
Modify an existing Bicep file
Deploy resources by using an ARM template or a Bicep file
Export a deployment as an ARM template or compile a deployment as a Bicep file
Create and configure virtual machines
Create a virtual machine
Configure Azure Disk Encryption
Move a virtual machine to another resource group, subscription, or region
Manage virtual machine sizes
Manage virtual machine disks
Deploy virtual machines to availability zones and availability sets
Deploy and configure an Azure Virtual Machine Scale Sets
Provision and manage containers in the Azure portal
Create and manage an Azure container registry
Provision a container by using Azure Container Instances
Provision a container by using Azure Container Apps
Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps
Create and configure Azure App Service
Provision an App Service plan
Configure scaling for an App Service plan
Create an App Service
Configure certificates and TLS for an App Service
Map an existing custom DNS name to an App Service
Configure backup for an App Service
Configure networking settings for an App Service
Configure deployment slots for an App Service
Implement and manage virtual networking (15–20%)
Configure and manage virtual networks in Azure
Create and configure virtual networks and subnets
Create and configure virtual network peering
Configure public IP addresses
Configure user-defined network routes
Troubleshoot network connectivity
Configure secure access to virtual networks
Create and configure network security groups (NSGs) and application security groups
Evaluate effective security rules in NSGs
Implement Azure Bastion
Configure service endpoints for Azure platform as a service (PaaS)
Configure private endpoints for Azure PaaS
Configure name resolution and load balancing
Configure Azure DNS
Configure an internal or public load balancer
Troubleshoot load balancing
Monitor and maintain Azure resources (10–15%)
Monitor resources in Azure
Interpret metrics in Azure Monitor
Configure log settings in Azure Monitor
Query and analyze logs in Azure Monitor
Set up alert rules, action groups, and alert processing rules in Azure Monitor
Configure and interpret monitoring of virtual machines, storage accounts, and networks by using Azure Monitor Insights
Use Azure Network Watcher and Connection Monitor
Implement backup and recovery
Create a Recovery Services vault
Create an Azure Backup vault
Create and configure a backup policy
Perform backup and restore operations by using Azure Backup
Configure Azure Site Recovery for Azure resources
Perform a failover to a secondary region by using Site Recovery
Configure and interpret reports and alerts for backups