Basket
{{item.CourseTitle}}
Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}
Browse by Topic
Browse by Vendor
Unlimited Training
Attend all the top-notch LIVE Instructor-led Courses you want for the price of less than one course.
Why do so many candidates who know the material still struggle with the AZ-104 exam? The answer often lies in the gap between theoretical knowledge and practical, hands-on ability. The Microsoft Certified: Azure Administrator Associate certification isn’t just a test of what you know; it’s a rigorous assessment of what you can do. To succeed, you must be able to navigate the Azure Portal with confidence and perform critical administrative tasks efficiently.
This guide is designed to bridge that gap. Instead of just another study list, we provide a practical roadmap of 40 hands-on tasks. Moving from foundational skills to advanced governance, mastering these activities will build the muscle memory you need to tackle the performance-based questions and complex scenarios in the exam. This is your blueprint for turning knowledge into exam-passing competence.
The AZ-104 certification validates your ability to implement, manage, and monitor a Microsoft Azure environment. It’s a significant step up from the foundational AZ-900 exam, which focuses on cloud concepts and services. The AZ-104, in contrast, demands demonstrable, real-world skills in managing cloud resources day-to-day.
This certification is intended for Azure Administrators who are part of a larger team responsible for implementing an organisation's cloud infrastructure. Success proves you can translate business requirements into secure, scalable, and reliable cloud solutions. It signals to employers across the UK and globally that you possess the technical proficiency to manage their critical cloud operations.
To pass, you need a score of 700 out of 1,000. The exam, typically lasting 120-150 minutes, contains 40-60 questions. The format is varied to test skills comprehensively and includes:
Your preparation must therefore focus on practical application. A detailed AZ-104 study programme will cover the theory, but hands-on practice is what builds the confidence to excel in the lab portions of the test.
Every Azure environment is built on a core set of resources. Your first priority is to master the creation, configuration, and basic management of identity, compute, and storage. These are the building blocks for everything else you will do as an administrator.
| Task | Description |
| Create a Resource Group | Establish a logical container for grouping related Azure resources. |
| Deploy a Windows Virtual Machine (VM) | Create a basic Windows Server VM, understanding the core settings. |
| Deploy a Linux Virtual Machine (VM) | Provision a Linux VM and configure it to use an SSH key for access. |
| Create an Azure Active Directory (Azure AD) User and Group | Perform fundamental identity management by creating new user accounts and organising them into groups. |
| Assign and Remove RBAC Roles | Grant and revoke permissions for users and groups at different scopes (e.g., subscription, resource group). |
| Deploy an Azure Storage Account | Create a General-purpose v2 storage account, the standard for modern workloads. |
| Create a Blob Container and Upload a File | Set up a container within Blob storage and upload an object to it. |
| Create an Azure File Share and Mount it to a VM | Configure a serverless file share and connect it to a virtual machine. |
| Configure Multi-Factor Authentication (MFA) | Enhance security by requiring a second form of verification for users. |
| Configure Azure AD Self-Service Password Reset (SSPR) | Empower users to reset their own passwords, reducing administrative overhead. |
Once you can deploy resources, the next step is connecting them securely. This involves creating isolated networks, controlling traffic flow with security rules, and establishing connections both within Azure and to on-premises locations. Proficiency here is crucial for building robust and secure application environments.
| Task | Description |
| Create a Virtual Network (VNet) and Subnets | Set up the primary network boundary and segment it into smaller subnets. |
| Configure a Network Security Group (NSG) | Define firewall rules (inbound/outbound) to control traffic to and from resources. |
| Associate an NSG with a Subnet and/or NIC | Apply your defined security rules to an entire network segment or a specific VM interface. |
| Implement an Application Security Group (ASG) | Logically group VMs to simplify the management of NSG rules for application tiers. |
| Create a Public IP Address and Assign it to a VM | Make a virtual machine accessible from the public internet. |
| Configure DNS settings for a VNet | Manage name resolution using either Azure-provided or custom DNS servers. |
| Implement an Azure Load Balancer | Distribute network traffic across a pool of VMs for high availability and scalability. |
| Configure a VNet Peering | Connect two Azure VNets to allow private traffic flow between them. |
| Implement an Azure VPN Gateway | Establish a secure Site-to-Site connection between an on-premises network and Azure. |
| Implement a JIT (Just-in-Time) VM Access Policy | Secure management ports like RDP/SSH by opening them only on demand. |
A proficient Azure administrator does more than just build; they also manage, govern, and optimise. This involves enforcing organisational standards, protecting resources from accidental deletion, ensuring data resilience, monitoring for performance issues, and controlling costs. These tasks demonstrate a mature approach to cloud management.
| Task | Description |
| Implement Azure Policy | Enforce rules and standards across your resources, such as restricting deployment locations. |
| Configure Resource Locks (Read-Only/Delete) | Protect critical resources from accidental deletion or modification. |
| Implement Backup and Restore for a VM | Configure a Recovery Services vault to back up a VM and practice a file or full VM restore. |
| Create and Manage VM Snapshots | Take a point-in-time, agentless backup of a VM's disk. |
| Implement and Configure Tags on Resources | Apply metadata to resources for cost tracking, ownership, and automation purposes. |
| Configure Azure Cost Management Alerts | Set up budget alerts to get notified when spending exceeds predefined thresholds. |
| Configure VM Size and Disk Type | Adjust the compute and storage performance of a VM to meet changing demands. |
| Implement a Storage Account Replication Strategy | Understand and configure different data redundancy options like LRS, ZRS, GRS, or RA-GRS. |
| Configure Access Keys and Shared Access Signatures (SAS) | Manage programmatic access to storage accounts securely. |
| Deploy an Azure Resource Manager (ARM) Template | Use infrastructure-as-code to deploy resources in a repeatable and consistent manner. |
Things don’t always go to plan. A core responsibility of an administrator is to monitor the health of the environment and quickly diagnose problems when they arise. Knowing how to use Azure’s native monitoring and logging tools is essential for maintaining operational stability.
| Task | Description |
| Monitor Security Health with Microsoft Defender for Cloud | Use Defender for Cloud (formerly Azure Security Center) to review security posture and recommendations. |
| Use Azure Monitor to Create an Activity Log Alert | Configure an alert to trigger when a specific event occurs, such as deleting a critical resource. |
| Configure Diagnostic Settings for a Resource | Forward a resource's platform logs and metrics to a Log Analytics Workspace for analysis. |
| Use Log Analytics Queries (KQL) | Run basic Kusto Query Language (KQL) queries to search and analyse log data. |
| Use Network Watcher Tools (e.g., IP Flow Verify) | Diagnose network connectivity problems between VMs or endpoints. |
| Move a Resource between Resource Groups | Reorganise resources by moving them to a different logical group. |
| Create a Custom Role-Based Access Control (RBAC) Role | Define a granular set of permissions for a specific job function. |
| Configure Azure Administrator Training VM Auto-Shutdown | Set a schedule to automatically shut down VMs to save costs, a common lab task. |
| Implement Conditional Access Policies | Define access control rules based on signals like user location, device compliance, or sign-in risk. |
| Configure an Azure Firewall Basic Policy | Deploy and configure a basic policy for the managed, cloud-native firewall service. |
Earning the Microsoft AZ-104 certification is a powerful catalyst for your career. It validates your skills and opens up a wide range of opportunities in the high-demand field of cloud computing.
After achieving the AZ-104, your learning journey continues. Consider these next steps to further advance your career:
The Microsoft Azure administrator certification is more than just a credential; it is a foundational pillar upon which you can build a successful and rewarding career in cloud technology.
Get Unlimited access to ALL the LIVE Instructor-led Microsoft courses you want - all for the price of less than one course.