Study guide for Exam AZ-104: Microsoft Azure Administrator
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
Useful links | Description |
Review the skills measured as of October 26, 2023 | This list represents the skills measured AFTER the date provided. Study this list if you plan to take the exam AFTER that date. |
Review the skills measured prior to October 26, 2023 | Study this list of skills if you take your exam PRIOR to the date provided. |
Change log | You can go directly to the change log if you want to see the changes that will be made on the date provided. |
How to earn the certification | Some certifications only require passing one exam, while others require passing multiple exams. |
Certification renewal | Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn. |
Your Microsoft Learn profile | Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates. |
Exam scoring and score reports | A score of 700 or greater is required to pass. |
Exam sandbox | You can explore the exam environment by visiting our exam sandbox. |
Request accommodations | If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation. |
Take a free Practice Assessment | Test your skills with practice questions to help you prepare for the exam. |
Updates to the exam
Our exams are updated periodically to reflect skills that are required to perform a role. We have included two versions of the Skills Measured objectives depending on when you are taking the exam.
We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. While Microsoft makes every effort to update localized versions as noted, there may be times when localized versions of an exam are not updated on this schedule. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
Note
The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
Note
Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.
Skills measured as of October 26, 2023
Audience profile
As a candidate for this exam, you should have subject matter expertise in implementing, managing, and monitoring an organization’s Microsoft Azure environment, including virtual networks, storage, compute, identity, security, and governance.
As an Azure administrator, you often serve as part of a larger team dedicated to implementing an organization's cloud infrastructure. You also coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.
You should be familiar with:
- Operating systems
- Networking
- Servers
- Virtualization
In addition, you should have experience with:
- PowerShell
- Azure CLI
- The Azure portal
- Azure Resource Manager templates
- Microsoft Entra ID
Skills at a glance
- Manage Azure identities and governance (20–25%)
- Implement and manage storage (15–20%)
- Deploy and manage Azure compute resources (20–25%)
- Implement and manage virtual networking (15–20%)
- Monitor and maintain Azure resources (10–15%)
Manage Azure identities and governance (20–25%)
Manage Microsoft Entra users and groups
- Create users and groups
- Manage user and group properties
- Manage licenses in Microsoft Entra ID
- Manage external users
- Configure self-service password reset (SSPR)
Manage access to Azure resources
- Manage built-in Azure roles
- Assign roles at different scopes
- Interpret access assignments
Manage Azure subscriptions and governance
- Implement and manage Azure Policy
- Configure resource locks
- Apply and manage tags on resources
- Manage resource groups
- Manage subscriptions
- Manage costs by using alerts, budgets, and Azure Advisor recommendations
- Configure management groups
Implement and manage storage (15–20%)
Configure access to storage
- Configure Azure Storage firewalls and virtual networks
- Create and use shared access signature (SAS) tokens
- Configure stored access policies
- Manage access keys
- Configure identity-based access for Azure Files
Configure and manage storage accounts
- Create and configure storage accounts
- Configure Azure Storage redundancy
- Configure object replication
- Configure storage account encryption
- Manage data by using Azure Storage Explorer and AzCopy
Configure Azure Files and Azure Blob Storage
- Create and configure a file share in Azure Storage
- Create and configure a container in Blob Storage
- Configure storage tiers
- Configure snapshots and soft delete for Azure Files
- Configure blob lifecycle management
- Configure blob versioning
Deploy and manage Azure compute resources (20–25%)
Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files
- Interpret an Azure Resource Manager template or a Bicep file
- Modify an existing Azure Resource Manager template
- Modify an existing Bicep file
- Deploy resources by using an Azure Resource Manager template or a Bicep file
- Export a deployment as an Azure Resource Manager template or convert an Azure Resource Manager template to a Bicep file
Create and configure virtual machines
- Create a virtual machine
- Configure Azure Disk Encryption
- Move a virtual machine to another resource group, subscription, or region
- Manage virtual machine sizes
- Manage virtual machine disks
- Deploy virtual machines to availability zones and availability sets
- Deploy and configure an Azure Virtual Machine Scale Sets
Provision and manage containers in the Azure portal
- Create and manage an Azure container registry
- Provision a container by using Azure Container Instances
- Provision a container by using Azure Container Apps
- Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps
Create and configure Azure App Service
- Provision an App Service plan
- Configure scaling for an App Service plan
- Create an App Service
- Configure certificates and Transport Layer Security (TLS) for an App Service
- Map an existing custom DNS name to an App Service
- Configure backup for an App Service
- Configure networking settings for an App Service
- Configure deployment slots for an App Service
Implement and manage virtual networking (15–20%)
Configure and manage virtual networks in Azure
- Create and configure virtual networks and subnets
- Create and configure virtual network peering
- Configure public IP addresses
- Configure user-defined network routes
- Troubleshoot network connectivity
Configure secure access to virtual networks
- Create and configure network security groups (NSGs) and application security groups
- Evaluate effective security rules in NSGs
- Implement Azure Bastion
- Configure service endpoints for Azure platform as a service (PaaS)
- Configure private endpoints for Azure PaaS
Configure name resolution and load balancing
- Configure Azure DNS
- Configure an internal or public load balancer
- Troubleshoot load balancing
Monitor and maintain Azure resources (10–15%)
Monitor resources in Azure
- Interpret metrics in Azure Monitor
- Configure log settings in Azure Monitor
- Query and analyze logs in Azure Monitor
- Set up alert rules, action groups, and alert processing rules in Azure Monitor
- Configure and interpret monitoring of virtual machines, storage accounts, and networks by using Azure Monitor Insights
- Use Azure Network Watcher and Connection Monitor
Implement backup and recovery
- Create a Recovery Services vault
- Create an Azure Backup vault
- Create and configure a backup policy
- Perform backup and restore operations by using Azure Backup
- Configure Azure Site Recovery for Azure resources
- Perform a failover to a secondary region by using Site Recovery
- Configure and interpret reports and alerts for backups
Study resources
We recommend that you train and get hands-on experience before you take the exam. We offer self-study options and classroom training as well as links to documentation, community sites, and videos.
Study resources | Links to learning and documentation |
Get trained | Choose from self-paced learning paths and modules or take an instructor-led course |
Find documentation | Azure documentation Microsoft Entra ID Azure Policy Azure Storage Azure Storage Explorer Azure Blob Storage ARM templates Azure Container Instances Azure Container Apps App Service Azure DNS Azure Bastion Application Gateway Azure Monitor Network Watcher Azure Site Recovery Azure Backup service |
Ask a question | Microsoft Q&A | Microsoft Docs |
Get community support | Azure Community Support |
Follow Microsoft Learn | Microsoft Learn - Microsoft Tech Community |
Find a video | Exam Readiness Zone Azure Fridays Browse other Microsoft Learn shows |
Change log
Key to understanding the table: The topic groups (also known as functional groups) are in bold typeface followed by the objectives within each group. The table is a comparison between the two versions of the exam skills measured and the third column describes the extent of the changes.
Skill area prior to October 26, 2023 | Skill area as of October 26, 2023 | Change |
Audience profile | Minor |
Manage Azure identities and governance | Manage Azure identities and governance | No change |
Manage Azure AD users and groups | Manage Microsoft Entra users and groups | Minor |
Manage access to Azure resources | Manage access to Azure resources | No change |
Manage Azure subscriptions and governance | Manage Azure subscriptions and governance | No change |
Implement and manage storage | Implement and manage storage | No change |
Configure access to storage | Configure access to storage | No change |
Configure and manage storage accounts | Configure and manage storage accounts | No change |
Configure Azure Files and Azure Blob Storage | Configure Azure Files and Azure Blob Storage | No change |
Deploy and manage Azure compute resources | Deploy and manage Azure compute resources | No change |
Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files | Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files | No change |
Create and configure VMs | Create and configure virtual machines | No change |
Provision and manage containers in the Azure portal | Provision and manage containers in the Azure portal | No change |
Create and configure an Azure App Service | Create and configure an Azure App Service | No change |
Implement and manage virtual networking | Implement and manage virtual networking | No change |
Configure and manage virtual networks in Azure | Configure and manage virtual networks in Azure | No change |
Configure secure access to virtual networks | Configure secure access to virtual networks | No change |
Configure name resolution and load balancing | Configure name resolution and load balancing | No change |
Monitor and maintain Azure resources | Monitor and maintain Azure resources | No change |
Monitor resources in Azure | Monitor resources in Azure | No change |
Implement backup and recovery | Implement backup and recovery | No change |
Skills measured prior to October 26, 2023
Audience profile
Candidates for this exam should have subject matter expertise in implementing, managing, and monitoring an organization’s Microsoft Azure environment, including virtual networks, storage, compute, identity, security, and governance.
An Azure administrator often serves as part of a larger team dedicated to implementing an organization's cloud infrastructure. Azure administrators also coordinate with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.
Candidates for this exam should be familiar with operating systems, networking, servers, and virtualization. In addition, professionals in this role should have experience using PowerShell, Azure Command-Line Interface (CLI), the Azure portal, Azure Resource Manager (ARM) templates, and Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.
Skills at a glance
- Manage Azure identities and governance (20–25%)
- Implement and manage storage (15–20%)
- Deploy and manage Azure compute resources (20–25%)
- Implement and manage virtual networking (15–20%)
- Monitor and maintain Azure resources (10–15%)
Manage Azure identities and governance (20–25%)
Manage Azure AD users and groups
- Create users and groups
- Manage user and group properties
- Manage licenses in Azure AD
- Manage external users
- Configure self-service password reset (SSPR)
Manage access to Azure resources
- Manage built-in Azure roles
- Assign roles at different scopes
- Interpret access assignments
Manage Azure subscriptions and governance
- Implement and manage Azure Policy
- Configure resource locks
- Apply and manage tags on resources
- Manage resource groups
- Manage subscriptions
- Manage costs by using alerts, budgets, and Azure Advisor recommendations
- Configure management groups
Implement and manage storage (15–20%)
Configure access to storage
- Configure Azure Storage firewalls and virtual networks
- Create and use shared access signature (SAS) tokens
- Configure stored access policies
- Manage access keys
- Configure identity-based access for Azure Files
Configure and manage storage accounts
- Create and configure storage accounts
- Configure Azure Storage redundancy
- Configure object replication
- Configure storage account encryption
- Manage data by using Azure Storage Explorer and AzCopy
Configure Azure Files and Azure Blob Storage
- Create and configure a file share in Azure Storage
- Create and configure a container in Blob Storage
- Configure storage tiers
- Configure snapshots and soft delete for Azure Files
- Configure blob lifecycle management
- Configure blob versioning
Deploy and manage Azure compute resources (20–25%)
Automate deployment of resources by using Azure Resource Manager (ARM) templates or Bicep files
- Interpret an ARM template or a Bicep file
- Modify an existing ARM template
- Modify an existing Bicep file
- Deploy resources by using an ARM template or a Bicep file
- Export a deployment as an ARM template or compile a deployment as a Bicep file
Create and configure virtual machines
- Create a virtual machine
- Configure Azure Disk Encryption
- Move a virtual machine to another resource group, subscription, or region
- Manage virtual machine sizes
- Manage virtual machine disks
- Deploy virtual machines to availability zones and availability sets
- Deploy and configure an Azure Virtual Machine Scale Sets
Provision and manage containers in the Azure portal
- Create and manage an Azure container registry
- Provision a container by using Azure Container Instances
- Provision a container by using Azure Container Apps
- Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps
Create and configure Azure App Service
- Provision an App Service plan
- Configure scaling for an App Service plan
- Create an App Service
- Configure certificates and TLS for an App Service
- Map an existing custom DNS name to an App Service
- Configure backup for an App Service
- Configure networking settings for an App Service
- Configure deployment slots for an App Service
Implement and manage virtual networking (15–20%)
Configure and manage virtual networks in Azure
- Create and configure virtual networks and subnets
- Create and configure virtual network peering
- Configure public IP addresses
- Configure user-defined network routes
- Troubleshoot network connectivity
Configure secure access to virtual networks
- Create and configure network security groups (NSGs) and application security groups
- Evaluate effective security rules in NSGs
- Implement Azure Bastion
- Configure service endpoints for Azure platform as a service (PaaS)
- Configure private endpoints for Azure PaaS
Configure name resolution and load balancing
- Configure Azure DNS
- Configure an internal or public load balancer
- Troubleshoot load balancing
Monitor and maintain Azure resources (10–15%)
Monitor resources in Azure
- Interpret metrics in Azure Monitor
- Configure log settings in Azure Monitor
- Query and analyze logs in Azure Monitor
- Set up alert rules, action groups, and alert processing rules in Azure Monitor
- Configure and interpret monitoring of virtual machines, storage accounts, and networks by using Azure Monitor Insights
- Use Azure Network Watcher and Connection Monitor
Implement backup and recovery
- Create a Recovery Services vault
- Create an Azure Backup vault
- Create and configure a backup policy
- Perform backup and restore operations by using Azure Backup
- Configure Azure Site Recovery for Azure resources
- Perform a failover to a secondary region by using Site Recovery
- Configure and interpret reports and alerts for backups