AZ-104 : Microsoft Azure Administrator
Manage Azure identities and governance (15-20%)
Manage Azure AD objects [Microsoft]
Manage role-based access control (RBAC) [Microsoft]
Manage subscriptions and governance [Microsoft]
- Create users and groups
- Manage user and group properties
- Manage device settings
- Perform bulk user updates
- Manage guest accounts
- Configure Azure AD Join
- Configure self-service password reset
- NOT : Azure AD Connect; PIM
- Create a custom role
- Provide access to Azure ressources by assigning roles
- subscriptions
- resource groups
- resources (VM, disk, etc.)
- Interpret access asignments
- Manage multiple directories
- Configure Azure Policies
- Configure resource locks
- Apply tags
- Create and manage resource groups
- move resources
- remove resource groups
- Manage subscriptions
- Configure management groups
Implement and manage storage (10-15%) [Microsoft]
Manage storage accounts [Microsoft]
- Configure network access to storage accounts
- Create and configure storage accounts
- Generate shared access signature
- Manage access keys
- Implement Azure Storage replication
- Configure Azure AD authentification for a storage account
Manage data in Azure Storage [Microsoft]
- Export from Azure job
- Import into Azure job
- Install and use Azure Storage Explorer
- Copy data by using AZcopy
Configure Azure files and Azure Blob storage [Microsoft]
- Create an Azure file share
- Create and configure Azure File Sync service
- Configure Azure blob storage
- Configure storage tiers for Azure Blobs
Deploy and manage Azure compute resources (25-30%)
Configure VMs for high availability and scalability [Microsoft]
- Configure high availability
- Deploy and configure scale sets
Automate deployment and configuration of VMs [Microsoft]
- Modify Azure Resource Manager (ARM) template
- Configure VHD template
- Deploy from template
- Save a deployment as an ARM template
- Automate configuration management by using custom script extensions
Create and configure VMs
- Configure Azure Disk Encryption
- Move VMs from one resource group to another
- Manage VM sizes
- Add data discs
- Configure networking
- Redeploy VMs
Create and configure containers
- Create and configure Azure Kubernetes Service (AKS)
- Create and configure Azure Container Instances (ACI)
- NOT : Selecting a container solution architecture or product; container registry settings
Create and configure Web Apps
- Create and configure App Service
- Create and configure App Service Plans
- NOT : Azure Functions; Logic Apps; Event Grid
Configure and manage virtual networking (30-35%) [Microsoft]
Implement and manage virtual networking [Microsoft]
- Create and configure VNET peering
- Configure private and public IP addresses, network routes, network interface, subnets, and virtual network
Configure name resolution [Microsoft]
- Configure Azure DNS
- Configure custom DNS settings
- Configure a private or public DNS zone
Secure access to virtual networks [Microsoft]
- Create security rules
- Associate an NSG to a subnet or network interface
- Evaluate effective security rules
- Deploy and configure Azure Firewall
- Deploy and configure Azure Bastion Service
- NOT : Implement Application Security Groups; DDoS
Configure load balancing [Microsoft]
- Configure Application Gateway
- Configure an internal load balancer
- Configure a public load balancer
- Troubleshoot load balancing
- NOT : Traffic Manager and FrontDoor PrivateLink
Monitor and troubleshoot virtual networking [Microsoft]
- Monitor on-premises connectivity
- Use Network Performance Monitor
- Use Network Watcher
- Troubleshoot external networking
- Troubleshoot virtual network connectivity
Integrate an on-premises network with an Azure virtual network [Microsoft]
- Create and configure Azure VPN Gateway
- Create and configure VPNs
- Configure ExpressRoute
- Configure Azure Virtual WAN
Monitor and backup Azure Resources (10-15%)
Monitor resources by using Azure Monitor [Microsoft]
- Configure and interpret metrics
- analyze metrics across subscriptions
- Configure Log Analytics
- implement a Log Anaytics workspace
- configure diagnostic settings
- Query and analyze logs
- create a query
- save a query to the dashboard
- interpret graphs
- Set up alerts and actions
- create and test alerts
- create action groups
- view alerts in Azure Monitor
- analyze alerts across subscriptions
- Configure Application Insights
- NOT : Network monitoring
Implement backup and recovery [Microsoft]
- Configure and review backup reports
- Perform backup and restore operations by using Azure Backup Service
- Create a Recovery Services Vault
- use soft delete to recover Azure VMs
- Create and configure backup policy
- Perform site-to-site recovery by using Azure Site Recovery
- NOT : SQL or HANA