In today’s fast-evolving technology landscape, Microsoft continuously updates and extends its certification tracks to help IT professionals stay relevant and competitive. The Microsoft Azure Administrator Associate certification, validated by passing the AZ-104 exam, is one such credential that proves a professional’s ability to effectively manage and monitor Azure cloud environments.

The role of an Azure Administrator is crucial within any organization adopting cloud technologies. This professional is responsible for the implementation, management, and monitoring of cloud resources, ensuring that Azure compute, storage, identity, and networking services are configured and maintained properly. With cloud environments becoming increasingly complex, the demand for skilled administrators who can handle these responsibilities continues to grow.

Microsoft retired the earlier AZ-103 exam in August 2020 and replaced it with AZ-104. This new exam broadens the coverage, placing additional emphasis on storage, compute, and government services. Compared to AZ-103, AZ-104 delves deeper into areas like Azure Active Directory governance and identity management, reflecting how real-world enterprises increasingly rely on hybrid and cloud-integrated identity solutions.

What Does the AZ-104 Exam Cover?

The AZ-104 exam tests candidates across five major domains that collectively represent the core responsibilities of an Azure Administrator:

1. Managing Azure Identities and Governance
   
2. Implementing and Managing Storage
   
3. Deploying and Managing Azure Compute Resources
   
4. Configuring and Managing Virtual Networking
   
5. Monitoring and Backing up Azure Resources
   

Each domain carries a specific percentage of the exam’s total questions, indicating their relative importance:

• Managing Azure Identities and Governance: 15-20%
  
• Implementing and Managing Storage: 10-15%
  
• Deploying and Managing Azure Compute Resources: 25-30%
  
• Configuring and Managing Virtual Networking: 30-35%
  
• Monitoring and Backing up Azure Resources: 10-15%

The largest focus areas are virtual networking and compute resources, together making up about two-thirds of the exam questions. This means that when preparing for AZ-104, candidates should prioritize these topics while ensuring they also cover the other domains.

Exam Format and Structure

The AZ-104 exam typically consists of 40 to 60 questions, which candidates must complete within 150 minutes (2.5 hours). The questions include multiple-choice, scenario-based, and lab-style items designed to assess practical knowledge and problem-solving skills.

To pass the exam, candidates must achieve a minimum score of 700 out of 1000. Once certified, the credential remains valid for two years, after which professionals must either retake the exam or pursue higher-level certifications to maintain their status.

Microsoft offers the exam in several languages, including English, Korean, Simplified Chinese, and Japanese. The exam fee is set at $165, making it accessible to professionals worldwide seeking to prove their cloud administration skills.

Why Has the AZ-104 Exam Evolved?

The shift from AZ-103 to AZ-104 reflects the changing cloud landscape. Organizations now rely more heavily on hybrid environments that combine on-premises and cloud resources. This has elevated the importance of identity management through Azure Active Directory and role-based access control to secure resources effectively.

The AZ-104 exam tests candidates on managing these hybrid identities, subscription management, and governance policies, which are critical in modern enterprise cloud strategies. It ensures that certified professionals not only understand the technical aspects but also the operational and security policies that govern cloud infrastructure.

Who Should Take the AZ-104 Exam?

The AZ-104 exam is targeted at IT professionals who have experience with Azure administration or are ready to build practical skills in this domain. It suits those responsible for managing cloud infrastructure, including compute, storage, networking, and identity services.

This certification is ideal for professionals seeking to validate their ability to:

• Implement and manage Azure resources
  
• Configure and secure virtual networks
  
• Manage identities and governance within Azure environments.
  
• Monitor performance and ensure backup and recovery of Azure services

Whether you are an IT administrator looking to specialize in cloud technologies or a fresh graduate aiming to prove your Azure skills, the AZ-104 certification serves as a valuable credential to advance your career.

Prerequisites, Skills, and Preparation Strategy for AZ-104 Exam Success

The Microsoft Azure Administrator Associate AZ-104 exam is designed as an intermediate-level certification aimed at IT professionals who want to demonstrate their ability to manage Azure environments. While the exam officially has no strict prerequisites, preparing thoroughly and understanding the necessary skills are essential for passing. This article will guide you through the recommended experience, critical skills, and effective preparation strategies that will help you succeed on the AZ-104 certification exam.

Prerequisites for Taking the AZ-104 Exam

Although Microsoft does not mandate formal prerequisites for the AZ-104 exam, the certification is not intended for absolute beginners. The ideal candidate will have some practical exposure to cloud concepts and experience working with Azure services.

Professionals preparing for this exam should have:

• Six months to one year of hands-on experience administering Azure workloads.
  
• A solid understanding of core Azure services such as compute, storage, networking, and security.
  
• Familiarity with cloud security principles, governance models, and subscription management.
  
• Basic knowledge of PowerShell, Azure CLI, and Azure Portal operations for managing resources.

This background will make it easier to grasp the exam objectives and apply your knowledge to scenario-based questions. Without practical experience, it can be challenging to pass the exam, as it tests real-world skills more than rote memorization.

Key Skills You Need to Master for the AZ-104 Exam

The AZ-104 certification confirms that you can implement, manage, and monitor an organization’s Azure environment effectively. To meet these expectations, your skills must cover a wide range of topics within Azure administration, including:

• Identity and Access Management: Managing Azure Active Directory users, groups, and roles is essential. You must understand hybrid identity management, including syncing on-premises Active Directory with Azure AD and configuring multi-factor authentication. Role-based access control (RBAC) policies to assign permissions securely are a vital skill.
  
• Governance and Compliance: Implementing governance strategies such as Azure Policy and Blueprints to enforce rules and compliance is crucial. Managing subscriptions, resource groups, and cost control measures is also part of this domain.
  
• Compute Resources: Deploying and managing virtual machines (VMs), configuring scale sets, and understanding container services like Azure Kubernetes Service (AKS) or Azure Container Instances (ACI) are key components. You should know how to size and adjust compute resources to meet workload demands.
  
• Storage Solutions: Creating and configuring Azure storage accounts, managing blobs, files, queues, and tables, and applying security measures like encryption and access tiers are necessary skills. You should also understand storage replication and backup options.
  
• Networking: Designing and implementing virtual networks, subnets, network security groups (NSGs), VPN gateways, and ExpressRoute are among the most heavily weighted topics in the exam. You need to configure virtual network peering, routing, and hybrid connectivity options confidently.
  
• Monitoring and Backup: Using Azure Monitor to track resource performance, setting up alerts, and configuring backup and recovery solutions from the final domain. Knowledge of Azure Site Recovery and the ability to troubleshoot issues based on logs and metrics are important.

Understanding the Exam Format and Question Types

The AZ-104 exam comprises 40 to 60 questions to be completed within 150 minutes. The question types vary and may include:

• Multiple-choice questions: These test your foundational knowledge and understanding of Azure concepts.
  
• Multiple-choice questions: You may need to choose more than one correct answer, which tests your ability to evaluate different aspects of a scenario.
  
• Scenario-based questions: These provide a real-world situation and require you to select the best course of action or solution.
  
• Lab-style or hands-on tasks: These simulate Azure portal or command-line operations, testing your practical skills in resource management.

Because the exam covers multiple domains with differing weights, the key to passing is focusing on the most heavily tested areas while ensuring a balanced understanding of all topics.

Crafting a Solid Preparation Strategy

Preparation for the AZ-104 exam requires a structured approach, combining theory with hands-on practice. Here are some proven steps to prepare effectively:

1. Understand the Exam Objectives Thoroughly

Microsoft provides a detailed skills outline for AZ-104. Use it as your primary roadmap. This document breaks down the exam domains and lists specific tasks and skills candidates need to master. Familiarize yourself with this content and use it to create a study plan that allocates time based on the exam’s domain weightage.

2. Leverage Official Microsoft Learning Paths

Microsoft offers free and paid learning modules designed specifically for the AZ-104 exam. These modules cover key topics such as managing Azure identities, deploying and managing compute resources, and configuring virtual networks. The Microsoft Learn platform provides interactive content and assessments that help reinforce concepts.

3. Gain Hands-On Experience with Azure Portal and Tools

Practical experience is crucial. Use Azure’s free tier or sandbox environments to practice creating and managing resources. Work with Azure Portal for graphical management, Azure CLI for command-line operations, and PowerShell scripting for automation. Running real-world scenarios will boost your confidence and problem-solving skills.

4. Use Practice Tests and Sample Questions

Practice exams help you familiarize yourself with the format and time constraints. They also highlight areas where you need improvement. Take multiple practice tests and review explanations for both correct and incorrect answers to deepen your understanding.

5. Study Azure Documentation and Community Resources

Microsoft’s official Azure documentation is comprehensive and regularly updated. When you encounter difficult topics, refer to the docs for detailed explanations and best practices. Additionally, engaging with Azure communities, forums, and discussion groups can provide helpful tips and clarification.

6. Focus on Time Management

During your preparation and on exam day, manage your time wisely. The 150-minute limit means you should not spend too long on any one question. Practice pacing yourself by timing your practice exams and learning how to flag and return to difficult questions.

Balancing Study Topics Based on Exam Weightage

Because the AZ-104 exam covers various domains with different weights, organizing your study priorities can maximize your efficiency:

• Allocate the most study time to Configuring and Managing Virtual Networking (30-35%) and Deploying and Managing Azure Compute Resources (25-30%), since together they cover the majority of exam questions.
  
• Spend moderate time managing Azure Identities and Governance (15-20%) because identity management is crucial for security and compliance.
  
• Allocate adequate time to Implementing and Managing Storage (10-15%) and Monitoring and backing up Azure Resources (10-15%) to ensure a comprehensive understanding.

This strategy ensures you cover all essential domains but spend extra effort on areas that can most influence your exam results.

Avoiding Common Preparation Pitfalls

Many candidates make mistakes during their AZ-104 exam preparation, which can cost valuable time and effort:

• Neglecting hands-on practice: The exam tests practical knowledge, so purely theoretical study won’t suffice.
  
• Underestimating networking concepts: Networking is heavily weighted; avoid glossing over these topics.
  
• Ignoring time management: Poor pacing can lead to rushed answers and lower scores.
  
• Relying solely on memorization: Understand the ‘why’ and ‘how’ behind Azure services rather than memorizing facts.
  
• Not reviewing practice test results: Use practice tests to identify weaknesses and focus your study accordingly.

Additional Tips for Effective Preparation

• Create study notes and flashcards for important concepts and commands to review regularly.
  
• Join study groups or forums where you can discuss doubts and share knowledge.
  
• Simulate exam conditions during practice tests to build stamina and confidence.
  
• Stay updated with Azure service changes as cloud technology evolves rapidly.

Successfully passing the AZ-104 exam requires more than basic knowledge; it demands practical skills, strategic study, and time management. By gaining hands-on experience, focusing on heavily weighted domains like networking and computing, and using a variety of study materials, you can build the confidence needed to clear the exam on your first attempt.

This certification opens the door to career advancement in cloud administration and demonstrates your ability to manage Microsoft Azure environments efficiently. In the next part of this series, we will explore each exam domain in greater detail, helping you understand exactly what skills and knowledge you must master for AZ-104 success.

Deep Dive into Managing Azure Identities and Governance for AZ-104 Exam

One of the foundational pillars of the Microsoft Azure Administrator Associate AZ-104 exam is managing Azure identities and governance. This domain carries significant weight, accounting for 15-20% of the exam questions. Mastery of this area not only helps you score well but also equips you with essential skills to secure and govern Azure environments effectively. In this part, we will explore the key components of identity management, governance strategies, and best practices to prepare you thoroughly for this domain of the exam.

Understanding Azure Active Directory (Azure AD)

Azure Active Directory is at the heart of identity management in Microsoft Azure. It is Microsoft’s cloud-based identity and access management service, which allows organizations to manage users, groups, and access to resources across hybrid and cloud environments.

As an Azure administrator, you must understand how to:

• Create and manage Azure AD users and groups
  
• Assign roles and permissions through role-based access control (RBAC)
  
• Configure multi-factor authentication (MFA) to enhance security
  
• Manage device identities and registration for hybrid setups

In real-world scenarios, organizations often use Azure AD to synchronize on-premises Active Directory users with the cloud using Azure AD Connect. Understanding this hybrid identity model is critical for managing identities seamlessly across environments.

Managing Azure AD Users, Groups, and Roles

The AZ-104 exam expects you to be proficient in creating and managing users and groups in Azure AD. This includes:

• Adding new users and configuring their profile settings
  
• Creating and managing security and Microsoft 365 groups
  
• Assigning users to groups for simplified permission management
  
• Implementing dynamic group memberships based on user attributes

Role-based access control is a key concept that governs how permissions are assigned. RBAC allows granular control by assigning roles to users, groups, or service principals. You should be familiar with built-in roles such as Owner, Contributor, and Reader, and know how to create custom roles when necessary.

Implementing Multi-Factor Authentication and Conditional Access

Security is paramount in cloud administration. Multi-factor authentication adds a vital layer of protection by requiring users to verify their identity through additional means, such as a mobile app or SMS code.

The AZ-104 exam tests your ability to enable and configure MFA policies. You should also understand Conditional Access policies, which enforce access controls based on user location, device status, or risk level. Conditional Access integrates with Azure AD Identity Protection to protect against suspicious sign-in behavior.

Managing Hybrid Identities with Azure AD Connect

Many enterprises operate in hybrid environments where on-premises Active Directory and Azure AD coexist. Azure AD Connect synchronizes identities between these environments, allowing users to access resources seamlessly.

You need to understand the synchronization process, including password hash synchronization, pass-through authentication, and federation options like Active Directory Federation Services (AD FS). Troubleshooting synchronization issues and managing the hybrid identity lifecycle is also critical.

Azure Governance and Management Tools

Effective governance ensures that resources are managed according to organizational policies and compliance requirements. This domain includes managing subscriptions, resource groups, policies, and role assignments.

• Subscriptions and Management Groups: Organize resources and apply governance controls at scale using management groups.
  
• Resource Groups: Logical containers for resources; understanding how to organize and manage them is essential.
  
• Azure Policy: Enforce organizational standards and assess compliance by creating policies that restrict resource properties or configurations.
  
• Azure Blueprints: Package governance artifacts like policies, role assignments, and resource templates to deploy consistent environments.

By mastering these governance tools, you ensure that Azure environments remain compliant and secure, reducing risks and simplifying management.

Monitoring and Auditing Access and Activity

Tracking user activity and access patterns helps maintain security and troubleshoot issues. Azure provides several tools for monitoring and auditing:

• Azure Monitor and Logs: Collect and analyze activity logs for resource management and troubleshooting.
  
• Azure AD Sign-in Logs: Track authentication attempts and identify suspicious activities.
  
• Azure Security Center: Provides security recommendations and threat detection to protect Azure resources.

Understanding how to access and interpret these logs is essential for identifying potential security breaches or misconfigurations.

Hands-On Skills for Managing Identities and Governance

Managing identities and governance in Azure is a foundational skill set for any Azure Administrator. This domain is crucial as it ensures secure access to resources, enforces policies, and manages user roles effectively. To excel in the AZ-104 exam and your role as an administrator, developing hands-on skills in this area is essential.

Azure Active Directory (Azure AD) Management

Azure Active Directory is the backbone of identity management in Azure. It enables centralized control over user identities, authentication, and authorization across cloud services.

A practical skill you should master is creating and managing Azure AD users and groups. This includes:

• Adding new users manually through the Azure portal or automating user creation via PowerShell scripts.
  
• Organizing users into groups to simplify permissions management, including security groups and Microsoft 365 groups.
  
• Managing guest users and external collaboration through Azure AD B2B (Business-to-Business), allowing secure access for partners or contractors without creating internal accounts.

You should also practice resetting passwords, enforcing multi-factor authentication (MFA), and configuring self-service password reset (SSPR). These capabilities enhance security and reduce administrative overhead.

Role-Based Access Control (RBAC)

RBAC is fundamental to governance in Azure, enabling you to grant precise permissions without over-provisioning.

Hands-on experience with RBAC involves:

• Assigning built-in roles such as Owner, Contributor, Reader, and specialized roles like Virtual Machine Contributor or Network Contributor to users, groups, and service principals.
  
• Creating custom roles when built-in roles do not meet specific access requirements.
  
• Testing access by simulating user permissions to verify that security boundaries are correctly implemented.

Through the Azure portal, Azure CLI, or PowerShell, you should practice managing RBAC assignments at different scopes — subscription, resource group, and individual resource levels — to understand the hierarchical nature of permissions.

Managing Azure Subscriptions and Management Groups

Governance extends beyond just individual resources to managing subscriptions and organizing them for enterprise-scale administration.

You should be comfortable with:

• Creating and managing multiple Azure subscriptions and associating them with the correct billing accounts.
  
• Using management groups to organize subscriptions hierarchically, enabling centralized policy enforcement and role assignments across many subscriptions at once.
  
• Applying Azure Policy at the management group or subscription level to enforce organizational standards, such as requiring tags on resources or restricting allowed VM sizes.

Practice creating policies using JSON templates, assigning them, and reviewing compliance results. This hands-on work will prepare you to govern environments effectively and meet compliance needs.

Implementing Conditional Access Policies

Conditional Access is a critical security feature that enforces access controls based on conditions such as user location, device status, or risk level.

You should gain experience by:

• Creating policies that require MFA for risky sign-ins or restrict access to Azure resources from untrusted networks.
  
• Testing policies in report-only mode before enforcing them, ensuring they do not disrupt legitimate user workflows.
  
• Integrating Conditional Access with identity protection features to automate responses to detected risks.

Hands-on labs involving Conditional Access enable you to understand how policy decisions affect user experience and resource security.

Hybrid Identity and Azure AD Connect

Many organizations maintain a hybrid environment with on-premises Active Directory synchronized with Azure AD.

Practical skills include:

• Installing and configuring Azure AD Connect to synchronize on-premises identities to Azure AD securely.
  
• Managing synchronization rules to filter which objects are synchronized.
  
• Troubleshooting synchronization errors and monitoring the health of Azure AD Connect.

Understanding how to manage hybrid identity scenarios is vital, especially when organizations migrate workloads or operate in a mixed environment.

Monitoring and Auditing Identities and Access

To maintain governance, you must monitor and audit access and changes to identities.

You should practice:

• Using Azure AD logs and Microsoft Sentinel (or Azure Monitor) to review sign-in activities and detect unusual access patterns.
  
• Setting up alerts for suspicious activities, like multiple failed sign-ins or sign-ins from unfamiliar locations.
  
• Exporting audit logs and reports to support compliance and forensic investigations.

Effective monitoring helps identify potential security risks before they impact business operations.

By regularly practicing these hands-on activities in a real or sandbox Azure environment, you will build confidence and the practical skills required to manage identities and governance proficiently. This not only helps you clear the AZ-104 exam but also equips you to safeguard your organization’s cloud infrastructure effectively.

Exam Tips for the Identities and Governance Domain

• Focus on understanding how RBAC differs from traditional access control models.
  
• Study the differences between Azure AD user types and groups.
  
• Learn how to apply Conditional Access policies effectively and understand common scenarios.
  
• Be familiar with hybrid identity concepts and common synchronization methods.
  
• Practice creating and assigning Azure Policies and Blueprints to enforce governance.

Implementing and Managing Storage in Azure for the AZ-104 Exam

Storage is a fundamental component of Azure infrastructure, and the AZ-104 exam allocates 10-15% of its questions to this domain. As an Azure administrator, you must know how to create, configure, secure, and monitor storage accounts and their services.

Azure Storage Account Basics

Azure Storage accounts provide a unified namespace to store blobs, files, queues, tables, and disks. You should understand the different types of storage accounts available:

• General-purpose v2 accounts: Support blobs, files, queues, and tables, with the latest features.
  
• Blob storage accounts: Specialized for unstructured object storage.
  
• Premium storage accounts: Designed for high-performance workloads with SSDs.

Choosing the right storage account type depends on workload requirements, performance needs, and cost considerations.

Working with Azure Blobs, Files, and Disks

Azure Blob Storage is used for storing large amounts of unstructured data such as images, videos, and backups. You need to know how to:

• Create and manage blob containers and upload/download blobs.
  
• Configure access tiers (hot, cool, archive) to optimize cost based on data usage.
  
• Set up shared access signatures (SAS) to delegate limited access to blobs securely.

Azure Files provides managed file shares accessible via SMB or NFS protocols. Understanding how to create file shares and mount them to VMs is important.

Managed disks are used for VM storage. You should know how to create, attach, detach, and resize managed disks and understand disk types like Standard HDD, Standard SSD, and Premium SSD.

Securing Azure Storage

Security in storage involves:

• Enabling encryption at rest by default with Azure Storage Service Encryption.
  
• Implementing network restrictions using virtual network service endpoints and private endpoints.
  
• Configuring access policies and using Shared Access Signatures for controlled access.
  
• Managing firewalls and virtual network rules to limit access to storage accounts.

Backup and Disaster Recovery

Understanding the Azure Backup service and configuring recovery options is essential for protecting data. You should know how to create backup policies and restore data from backups.

Monitoring and Troubleshooting Storage

Using Azure Monitor and diagnostic logs to track storage account performance and diagnose issues is part of an administrator’s responsibilities. Familiarity with metrics such as latency, availability, and capacity utilization helps maintain optimal performance.

Practical Skills for Azure Storage Management

• Create and manage storage accounts and containers through the portal, CLI, and PowerShell.
  
• Configure access tiers and generate SAS tokens for secure access.
  
• Manage file shares and attach managed disks to virtual machines.
  
• Implement security controls and monitor storage activity.

Mastering the domains of Azure identities, governance, and storage management is vital for passing the AZ-104 exam and becoming a competent Azure Administrator. These topics cover foundational security and infrastructure components, enabling you to manage and protect your organization’s cloud environment effectively.

Deploying and Managing Azure Compute Resources for the AZ-104 Exam

The Azure compute domain is one of the heaviest-weighted sections of the AZ-104 exam, making up approximately 25-30% of the questions. As an Azure Administrator, your ability to deploy, configure, and manage compute resources in Azure is critical for efficient cloud operations. This section covers virtual machines (VMs), containers, and Azure App Services, among other compute options.

Understanding Azure Virtual Machines

Virtual machines remain the core compute resource in Azure, providing scalable and customizable infrastructure to run applications and workloads.

You should know how to:

• Create and configure VMs using the Azure portal, Azure CLI, and PowerShell.
  
• Select the appropriate VM size and series based on workload requirements (e.g., General purpose, Compute optimized, Memory optimized).
  
• Understand VM image options such as Windows Server, Linux distributions, and custom images.

Additionally, be familiar with VM availability features, including:

• Availability sets, which protect against hardware failures by distributing VMs across fault domains and update domains.
  
• Availability zones, which offer higher resiliency by spreading VMs across physically separate locations within an Azure region.
  
• Scale sets, which allow automatic scaling of identical VMs to meet changing demand.

VM Management and Configuration

An Azure Administrator must manage the VM lifecycle efficiently, including:

• Starting, stopping, restarting, and deleting VMs.
  
• Configuring VM networking, including assigning public and private IP addresses.
  
• Attaching and managing disks, such as data disks and OS disks, including resizing and snapshot management.
  
• Implementing VM extensions and custom scripts to automate configuration tasks post-deployment.

You should also understand VM backup and recovery options to ensure business continuity.

Container Services and Azure Kubernetes Service (AKS)

Containers are becoming an increasingly popular compute model. The AZ-104 exam expects you to be familiar with Azure Container Instances (ACI) and Azure Kubernetes Service (AKS).

• Azure Container Instances provide a quick way to run containers in Azure without managing servers.
  
• Azure Kubernetes Service is a managed Kubernetes environment that simplifies deploying, scaling, and managing containerized applications.

While deep Kubernetes knowledge is not required for AZ-104, understanding how to deploy containerized applications and manage container instances is important.

Azure App Services

Azure App Services allow you to host web apps, REST APIs, and mobile backends in a fully managed platform. You should know how to:

• Create and configure App Service plans and web apps.
  
• Deploy code using continuous integration options like GitHub or Azure DevOps.
  
• Scale apps vertically (upgrading the service plan) and horizontally (adding instances).
  
• Implement deployment slots for staging and production environments.

App Services support multiple programming languages and provide built-in monitoring and diagnostics.

Configuring and Managing Virtual Networking for the AZ-104 Exam

Networking is the heaviest weighted domain in the AZ-104 exam, accounting for up to 35% of the questions. A strong grasp of Azure Virtual Networking concepts and management is crucial to success.

Azure Virtual Networks (VNets)

VNets are fundamental components that allow Azure resources to securely communicate with each other and with on-premises networks. You need to understand:

• How to create and configure VNets, including defining IP address ranges and subnets.
  
• The concept of network security groups (NSGs) is to control inbound and outbound traffic at the subnet or VM level.
  
• How to implement route tables to customize network traffic routing within VNets.
  
• Subnet delegation and service endpoints for optimized and secure access to Azure services.

VPN Gateway and ExpressRoute

Connecting on-premises networks to Azure is common in hybrid cloud environments. You should know the differences and setup processes for:

• VPN Gateway, which uses encrypted IPsec tunnels over the public internet.
  
• ExpressRoute provides private, dedicated connectivity to Azure with higher reliability and lower latency.

Understanding the benefits and limitations of each connection type, as well as how to configure site-to-site VPNs, point-to-site VPNs, and ExpressRoute circuits, is essential.

Load Balancing and Traffic Management

For high availability and scalability, load balancing distributes incoming traffic across multiple instances.

Key concepts include:

• Azure Load Balancer which operates at the transport layer (Layer 4) and supports TCP and UDP load balancing.
  
• Azure Application Gateway, a Layer 7 load balancer capable of HTTP/HTTPS traffic routing with features like SSL termination and Web Application Firewall (WAF).
  
• Azure Traffic Manager, a DNS-based traffic routing solution that directs users to the nearest or healthiest endpoint across global Azure regions.

Understanding when and how to use each service is critical for designing resilient and performant architectures.

Azure Network Watcher and Monitoring

Monitoring and diagnosing network issues is another important responsibility. Azure Network Watcher provides tools to:

• Monitor network performance and health.
  
• Capture and analyze network traffic with packet capture.
  
• Diagnose VPN connectivity issues and perform IP flow verification.
  
• Track topology and visualize resources and their connections.

Familiarity with these tools will help you maintain a healthy and secure Azure network environment.

Monitoring and Backing up Azure Resources

The final domain of the AZ-104 exam involves monitoring Azure resources and implementing backup strategies. This domain accounts for approximately 10-15% of exam questions and covers important operational aspects of Azure administration.

Azure Monitor Overview

Azure Monitor is the comprehensive solution for collecting, analyzing, and acting on telemetry data from your Azure resources.

You should understand how to:

• Set up metrics and log collection from virtual machines, applications, and other resources.
  
• Create alerts based on specific metrics or activity log events to proactively notify administrators of potential issues.
  
• Use Azure Monitor dashboards to visualize performance and availability.

Log Analytics and Application Insights

Azure Monitor integrates with Log Analytics and Application Insights to provide deep diagnostics and analytics.

• Log Analytics enables querying and analyzing large volumes of log data for troubleshooting and auditing.
  
• Application Insights monitors live applications, providing performance metrics, usage analytics, and error tracking.

Knowledge of how to create queries using Kusto Query Language (KQL) and configure data sources is beneficial.

Backup Solutions in Azure

Protecting data and applications through backups is vital for disaster recovery and compliance.

You should know:

• How to configure Azure Backup to protect virtual machines, SQL databases, and file shares.
  
• Different backup policies and retention options to meet business requirements.
  
• Restore operations, including file-level recovery and full VM restore.
  
• Azure Site Recovery for orchestrated disaster recovery between regions or to on-premises environments.

Implementing Alerts and Automation

Configuring automated actions based on monitoring data helps streamline operations. You should be familiar with:

• Creating action groups for alert notifications via email, SMS, or webhook.
  
• Using Azure Automation to run scripts in response to alerts or schedules.
  
• Integrating Azure Monitor with IT service management (ITSM) tools.

Final Thoughts

Preparing for the AZ-104 exam requires a strong understanding of Azure compute, networking, and monitoring domains. Practical experience in deploying VMs, configuring VNets, and implementing monitoring solutions is crucial.

Focus your study time on the high-weight domains like virtual networking and compute resources, while also ensuring you cover identity management and storage thoroughly. Use hands-on labs and Azure’s free tier to reinforce theoretical knowledge with practical skills.

By mastering these areas, you not only increase your chances of passing the AZ-104 exam but also build the expertise needed to succeed as a Microsoft Azure Administrator.