AZ-104: Microsoft Azure Administrator

Azure identities and governance (15-20%)

Manage Azure AD objects

• Create users and groups
  • Creating a new user in Azure AD
  • Create a basic group and add members using Azure Active Directory
  • Add or delete users using Azure Active Directory
  • Create Azure users and groups in Azure Active Directory

• Manage user and group properties
  • Edit your group information using Azure Active Directory
  • Add or update a user’s profile information using Azure Active Directory
  • Manage users and groups in Azure Active Directory

• Manage device settings
  • Manage device identities using the Azure portal
  • How To: Manage stale devices in Azure AD
  • What is enterprise state roaming?
  • Manage device identity with Azure AD join and Enterprise State Roaming

• Perform bulk user updates
  • Bulk create users in Azure Active Directory
  • Manage users and groups in Azure Active Directory

• Manage guest accounts
  • What is guest user access in Azure Active Directory B2B?
  • Manage guest access with Azure AD access reviews
  • Quickstart: Add guest users to your directory in the Azure portal
  • Create Azure users and groups in Azure Active Directory

• Configure Azure AD join
  • How to: Plan your Azure AD join implementation
  • Tutorial: Configure hybrid Azure Active Directory join for managed domains
  • Manage device identity with Azure AD join and Enterprise State Roaming

• Configure self-service password reset
  • Plan an Azure Active Directory self-service password reset
  • How it works: Azure AD self-service password reset
  • Licensing requirements for Azure AD self-service password reset
  • Allow users to reset their password with Azure Active Directory self-service password reset

Manage role-based access control (RBAC)

• Create a custom role
  • Custom roles for Azure resources
  • Create custom roles for Azure resources with role-based access control

• Interpret access assignments
  • List role assignments using Azure RBAC and the Azure portal
  • Understand deny assignments for Azure resources
  • Manage access to an Azure subscription by using Azure role-based access control

• Manage multiple directories
  • Understand how multiple Azure Active Directory organizations interact

Manage subscription and governance

• Configure Azure policies
  • What is Azure Policy?
  • Quickstart: Create a policy assignment to identify non-compliant resources
  • Tutorial: Create and manage policies to enforce compliance
  • Apply and monitor infrastructure standards with Azure Policy

• Configure resource locks
  • Lock resources to prevent unexpected changes
  • Control and organize Azure resources with Azure Resource Manager

• Apply tags
  • Use tags to organize your Azure resources
  • Control and organize Azure resources with Azure Resource Manager

• Create and manage resource groups (move and remove)
  • Manage Azure Resource Manager resource groups by using the Azure portal
  • Move Azure resources to another resource group

• Manage subscriptions
  • Create an additional Azure subscription
  • Change your Azure subscription to a different offer
  • Transfer billing ownership of an Azure subscription to another account

• Configure Cost Management
  • What is Azure Cost Management and Billing?
  • Quickstart: Explore and analyze costs with cost analysis
  • Analyze costs and create budgets with Azure Cost Management
  • Predict costs and optimize spending for Azure

• Configure management groups
  • Create management groups for resource organization and management
  • Manage your resources with management groups

Implement and manage storage (10-15%)

Manage storage accounts

• Configure network access to storage accounts
  • Introduction to Azure Storage
  • Configure Azure Storage firewalls and virtual networks
  • Secure access to your storage account

• Create and configure storage accounts
  • Storage account overview
  • Create an Azure Storage account
  • Upgrade to a general-purpose v2 storage account
  • Create an Azure Storage account

• Generate shared access signature
  • Delegate access with a shared access signature
  • Grant limited access to Azure Storage resources using shared access signatures (SAS)
  • Control access to Azure Storage with shared access signatures

• Manage access keys
  • Manage storage account access keys
  • Secure your Azure Storage account (Learn)

• Implement Azure storage replication
  • Azure Storage redundancy

• Configure Azure AD Authentication for a storage account
  • Authorize access to blobs and queues using Azure Active Directory

Manage data in Azure Storage

• Export from Azure job
  • Use the Azure Import/Export service to export data from Azure Blob storage
  • Export large amounts of data from Azure by using Azure Import/Export

• Import into Azure job
  • Use the Azure Import/Export service to import data to Azure Blob Storage
  • Move large amounts of data to the cloud by using Azure Data Box family (Learn)
  • Get started with Storage Explorer
  • Upload, download, and manage data with Azure Storage Explorer

• Copy data by using AZCopy
  • Get started with AzCopy
  • Copy and move blobs from one container or storage account to another from the command line and in code

Configure Azure files and Azure blob storage

• Create an Azure file share
  • What is Azure Files?
  • Create an Azure file share
  • Quickstart: Create and manage Azure file shares with the Azure portal
  • Store and share files in your application with Azure Files

• Create and configure Azure File Sync service
  • Planning for an Azure File Sync deployment
  • Tutorial: Extend Windows file servers with Azure File Sync
  • Create and configure Azure File Sync service

• Configure Azure blob storage
  • What is Azure Blob storage?
  • Quickstart: Upload, download, and list blobs with the Azure portal
  • Store application data with Azure Blob storage

• Configure storage tiers for Azure blobs
  • Azure Blob storage: hot, cool, and archive access tiers
  • Optimize storage performance and costs using Blob storage tiers

Deploy and manage Azure compute resources (25-30%)

Configure VMs for high availability and scalability

• Configure high availability
  • Availability options for virtual machines in Azure
  • Manage the availability of Windows virtual machines in Azure
  • Microsoft Azure Well-Architected Framework – Reliability

• Deploy and configure scale sets
  • What are virtual machine scale sets?
  • Quickstart: Create a virtual machine scale set in the Azure portal
  • Build a scalable application with virtual machine scale sets

Automate deployment and configuration of VMs

• Modify Azure Resource Manager (ARM) template
  • Azure Resource Manager templates overview
  • Extend Azure Resource Manager template functionality
  • Tutorial: Create and deploy your first Azure Resource Manager template
  • Build Azure Resource Manager templates

• Configure VHD template
  • Create a VM from a VHD by using the Azure portal
  • Deploy Azure virtual machines from VHD templates

• Deploy from template
  • Quickstart: Create and deploy ARM templates by using the Azure portal

• Save a deployment as an ARM template
  • Download the template for a VM
  • Single and multi-resource export to a template in Azure portal

• Automate configuration management by using custom script extensions
  • Custom Script Extension for Windows
  • Use the Azure Custom Script Extension Version 2 with Linux virtual machines
  • Protect your virtual machine settings with Azure Automation State Configuration

Create and configure VMs

• Configure Azure Disk Encryption
  • Azure Disk Encryption for Linux VMs
  • Azure Disk Encryption for Windows VMs
  • Secure your Azure virtual machine disks

• Move VMs from one resource group to another
  • Move a Windows VM to another Azure subscription or resource group

• Manage VM sizes
  • Sizes for Linux virtual machines in Azure
  • Sizes for Windows virtual machines in Azure
  • Resize a Windows VM

• Add data discs
  • Attach a managed data disk to a Windows VM by using the Azure portal
  • Use the portal to attach a data disk to a Linux VM
  • Choose the right disk storage for your virtual machine workload
  • Add and size disks in Azure virtual machines

• Configure networking
  • Virtual networks and virtual machines in Azure
  • Configure the network for your virtual machines

• Redeploy VMs
  • Redeploy Windows virtual machine to new Azure node
  • Redeploy Linux virtual machine to new Azure node

Create and configure containers

• Create and configure Azure Kubernetes Service (AKS)
  • Azure Kubernetes Service (AKS)
  • Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal
  • Introduction to Azure Kubernetes Service
  • Azure Kubernetes Service Workshop

• Create and configure Azure Container Instances (ACI)
  • What is Azure Container Instances?
  • Quickstart: Deploy a container instance in Azure using the Azure portal
  • Run Docker containers with Azure Container Instances

Create and configure Web Apps

• Create and configure App Service
  • App Service overview
  • Configure an App Service app in the Azure portal
  • Deploy and run a containerized web app with Azure App Service

• Create and configure App Service Plans
  • Azure App Service plan overview
  • Manage an App Service plan in Azure
  • Scale an App Service web app to efficiently meet demand with App Service scale up and scale out

Configure and manage virtual networking (30-35%)

Implement and manage virtual networking

• Create and configure VNET peering
  • Virtual network peering overview
  • Create, change, or delete a virtual network peering
  • Azure Virtual Network frequently asked questions (FAQ) VNet Peering
  • Tutorial: Connect virtual networks with virtual network peering using the Azure portal
  • Create a virtual network peering – different deployment models, same subscription
  • Distribute your services across Azure virtual networks and integrate them by using virtual network peering

• Configure private and public IP addresses, network routes, network interface, subnets, and virtual network
  • What is Azure Virtual Network?
  • Quickstart: Create a virtual network using the Azure portal
  • Virtual network traffic routing
  • Networking limits
  • Create, change, or delete a public IP address
  • Add, change, or remove IP addresses for an Azure network interface
  • Associate a public IP address to a virtual machine
  • Subnet extension
  • Virtual network traffic routing
  • Add network interfaces to or remove network interfaces from virtual machines
  • Design an IP addressing schema for your Azure deployment
  • Manage and control traffic flow in your Azure deployment with routes

Configure name resolution

• Configure Azure DNS
  • What is Azure DNS?
  • What is Azure Private DNS?
  • Quickstart: Create an Azure DNS zone and record using the Azure portal
  • Host your domain on Azure DNS

• Configure custom DNS settings
  • Name resolution for resources in Azure virtual networks
  • Add your custom domain name using the Azure Active Directory portal
  • Use Azure DNS to provide custom domain settings for an Azure service

• Configure a private or public DNS zone
  • Tutorial: Host your domain in Azure DNS
  • Quickstart: Create an Azure private DNS zone using the Azure portal

Secure access to virtual networks

• Create security rules
  • Network Security Groups
  • Create, change, or delete a network security group
  • Tutorial: Filter network traffic with a network security group using the Azure portal

• Associate an NSG to a subnet or network interface
  • Secure and isolate access to Azure resources by using network security groups and service endpoints

• Evaluate effective security rules
  • Diagnose a virtual machine network traffic filter problem
  • Troubleshoot inbound network connectivity for Azure Load Balancer

• Deploy and configure Azure Firewall
  • Azure Firewall documentation
  • Tutorial: Deploy and configure Azure Firewall using the Azure portal

• Deploy and configure Azure Bastion Service
  • Azure Bastion documentation

Configure load balancing

• Configure Application Gateway
  • Application Gateway configuration overview
  • Quickstart: Direct web traffic with Azure Application Gateway – Azure portal
  • Load balance your web service traffic with Application Gateway

• Configure an internal load balancer
  • What is Azure Load Balancer?
  • Azure Load Balancer Components
  • Tutorial: Balance internal traffic load with a Basic load balancer in the Azure portal
  • Improve application scalability and resiliency by using Azure Load Balancer

• Configure load balancing rules
  • Tutorial: Load balance internet traffic to VMs using the Azure portal

• Configure a public load balancer
  • Quickstart: Create a Load Balancer to load balance VMs using the Azure portal
  • Troubleshoot Azure Load Balancer

Monitor and troubleshoot virtual networking

• Monitor on-premises connectivity
  • Diagnose on-premises connectivity via VPN gateways

• Use Network Performance Monitor
  • Network Performance Monitor solution: Performance monitoring

• Use Network Watcher
  • What is Azure Network Watcher?
  • Monitor and troubleshoot your end-to-end Azure network infrastructure by using network monitoring tools

• Troubleshoot external networking
  • Troubleshoot connections with Azure Network Watcher using the Azure portal

• Troubleshoot virtual network connectivity
  • Troubleshooting connectivity problems between Azure VMs

Integrate an on-premises network with an Azure virtual network

• Create and configure Azure VPN Gateway
  • What is a VPN Gateway?
  • Create a route-based VPN gateway using the Azure portal
  • Connect your on-premises network to Azure with VPN Gateway

• Create and configure VPNs
  • Create a Site-to-Site connection in the Azure portal

• Configure ExpressRoute
  • ExpressRoute overview
  • Tutorial: Create and modify an ExpressRoute circuit
  • Connect your on-premises network to the Microsoft global network by using ExpressRoute

• Configure Azure Virtual WAN
  • About Azure Virtual WAN
  • Tutorial: Create a Site-to-Site connection using Azure Virtual WAN

Monitor and back up Azure resources (10-15%)

Monitor resources by using Azure Monitor

• Configure and interpret metrics (Analyze metrics across subscriptions)
  • Metrics in Azure Monitor
  • Quickstart: Monitor an Azure resource with Azure Monitor
  • Monitor the health of your Azure virtual machine by collecting and analyzing diagnostic data

• Configure Log Analytics (Implement a Log Analytics workspace, Configure diagnostic settings)
  • Get started with Log Analytics in Azure Monitor
  • Manage access to log data and workspaces in Azure Monitor
  • Create a Log Analytics workspace in the Azure portal
  • Create diagnostic setting to collect resource logs and metrics in Azure
  • Analyze your Azure infrastructure by using Azure Monitor logs

• Query and analyze logs (Create a query, Save a query to the dashboard, Interpret graphs)
  • Overview of log queries in Azure Monitor
  • Get started with log queries in Azure Monitor

• Set up alerts and actions (Create and test alerts, Create action groups, View alerts in Azure Monitor, Analyze alerts across subscriptions)
  • Create, view, and manage metric alerts using Azure Monitor
  • Metric Alerts with Dynamic Thresholds in Azure Monitor
  • Create Metric Alerts for Logs in Azure Monitor
  • Improve incident response with alerting on Azure

• Configure Application Insights
  • Manage Application Insights resources using PowerShell
  • Capture and view page load times in your Azure web app with Application Insights

Implement backup and recovery

• Configure and review backup reports
  • Configure Azure Backup reports

• Perform backup and restore operations by using Azure Backup Service
  • Back up a virtual machine in Azure
  • Restore a disk and create a recovered VM in Azure
  • Protect your virtual machines by using Azure Backup

• Create a Recovery Services Vault (Use soft delete to recover Azure VMs)
  • Recovery Services vaults overview
  • Create a Recovery Services vault
  • Soft delete for virtual machines

• Create and configure backup policy
  • Manage Azure VM backups with Azure Backup service

• Perform site-to-site recovery by using Azure Site Recovery
  • About Site Recovery
  • Set up disaster recovery of on-premises VMware virtual machines or physical servers to a secondary site
  • Protect your Azure infrastructure with Azure Site Recovery