AZ-104 Study Guide

Microsoft Azure Administrator

188 study sessions ☕ Support
Associate Azure
📅 Generate a Study Plan

Watch & Learn

I made these videos to help you prepare — watch the full course to learn, then test yourself with mock exam questions.

Exam Quick Facts

DetailValue
Exam CodeAZ-104
TitleMicrosoft Azure Administrator
LevelAssociate
Pass Score700 / 1000
Duration100 minutes
Questions~40–60 (multiple choice, case studies, labs)
Cost$165 USD (varies by region)
SchedulingPearson VUE
Skills UpdatedApril 17, 2026

Official Learning Paths

  1. 📘 Manage Azure identities and governance — Entra ID, RBAC, subscriptions, policies
  2. 📘 Implement and manage storage — Storage accounts, blobs, files, access controls
  3. 📘 Deploy and manage compute resources — VMs, containers, App Service, ARM/Bicep
  4. 📘 Implement and manage virtual networking — VNets, NSGs, load balancers, DNS
  5. 📘 Monitor and maintain Azure resources — Azure Monitor, backup, Site Recovery

📖 Study Resources

ResourceLink
📝 Official Exam PageMicrosoft Learn — AZ-104
📖 Official Study GuideMicrosoft Study Guide
🎯 Free Practice AssessmentStart Practice Assessment
🧪 Hands-on Labs (GitHub)AZ-104 Labs
🖥️ Exam SandboxTry the exam interface
🎬 Exam Readiness ZoneVideo prep series
📺 John Savill’s AZ-104 CramYouTube — AZ-104 Cram

Skills at a Glance

Skill AreaWeight
Manage Azure identities and governance20–25%
Implement and manage storage15–20%
Deploy and manage Azure compute resources20–25%
Implement and manage virtual networking15–20%
Monitor and maintain Azure resources10–15%

Who is this exam for?

The AZ-104 is the go-to certification for Azure administrators — the people who deploy, manage, and monitor an organisation’s Azure environment day-to-day. Unlike the AZ-900 (which is conceptual), the AZ-104 is hands-on and expects you to know how to actually do things in the Azure portal, CLI, and PowerShell.

You should have experience with operating systems, networking, servers, and virtualisation, plus familiarity with PowerShell, Azure CLI, ARM templates or Bicep, and the Azure portal. This exam was last updated on April 17, 2026 — make sure your study materials reflect the latest objectives.

💡 Tip: This exam includes lab-based questions where you perform tasks in a live Azure environment. Practice in the Azure portal and with the GitHub labs — reading alone won’t be enough.


Manage Azure identities and governance (20–25%)

This domain covers identity management through Microsoft Entra ID and governance through Azure Policy, RBAC, and subscriptions. You need to know how to create and manage users and groups, assign roles at different scopes, and enforce organisational policies.

Manage Microsoft Entra users and groups

Creating and managing users and groups is the foundation of identity management in Azure. You’ll need to know how to create cloud users, manage properties, handle licensing, work with external (guest) users, and configure self-service password reset.

Manage access to Azure resources

RBAC (Role-Based Access Control) determines who can do what on which Azure resources. Understanding built-in roles (Owner, Contributor, Reader), how role assignments work at different scopes (management group → subscription → resource group → resource), and how to interpret effective permissions is critical.

Manage Azure subscriptions and governance

Governance ensures your Azure environment stays organised, compliant, and cost-effective. Azure Policy enforces rules, resource locks prevent accidental changes, tags help you organise and track costs, and management groups let you manage policies across multiple subscriptions.


Implement and manage storage (15–20%)

Azure Storage is where your data lives. This domain covers configuring access controls (firewalls, SAS tokens, access keys), creating and managing storage accounts, and working with Azure Files and Blob Storage. You need hands-on experience with storage configuration — this domain is very practical.

Configure access to storage

Securing access to storage is critical. Azure Storage firewalls and virtual network rules restrict who can reach your data, SAS tokens provide time-limited access, and access keys give full control. Know the difference and when to use each approach.

Configure and manage storage accounts

Configure Azure Files and Azure Blob Storage

Azure Files provides fully managed file shares (think network drives in the cloud), while Blob Storage handles unstructured data like images, backups, and logs. Know how to configure tiers (Hot, Cool, Cold, Archive), lifecycle management policies, soft delete, snapshots, and versioning.


Deploy and manage Azure compute resources (20–25%)

This is one of the two largest domains. It covers everything from ARM templates and Bicep files (infrastructure as code) to virtual machines, containers (Container Instances, Container Apps, Container Registry), and App Service. Expect both conceptual and hands-on lab questions here.

Automate deployment of resources by using ARM templates or Bicep files

Infrastructure as code (IaC) lets you define your resources in a template file and deploy them consistently. ARM templates use JSON, Bicep uses a cleaner syntax that compiles to ARM. You need to be able to read, modify, and deploy both.

Create and configure virtual machines

VMs are still a core Azure service. You need to know how to create them, manage sizes and disks, configure encryption, deploy to availability zones and sets, work with Scale Sets, and move VMs between resource groups or regions.

Provision and manage containers in the Azure portal

Containers are lightweight alternatives to VMs. Azure Container Registry stores container images, Container Instances runs single containers without managing servers, and Container Apps provides a managed platform for microservices. Know when to use each.

Create and configure Azure App Service

App Service is Azure’s managed platform for hosting web apps, APIs, and mobile backends. You need to know how to create App Service plans, configure scaling, set up custom domains and SSL/TLS certificates, configure deployment slots (for blue-green deployments), and manage backups.


Implement and manage virtual networking (15–20%)

Networking connects everything in Azure. This domain covers creating and managing VNets and subnets, securing traffic with NSGs, configuring DNS, load balancing, and setting up secure access methods like Azure Bastion and private endpoints. Practice these skills in the portal — networking questions are often scenario-based.

Configure and manage virtual networks in Azure

Configure secure access to virtual networks

NSGs filter traffic to and from Azure resources using rules based on source/destination, port, and protocol. Application security groups let you group VMs logically. Private endpoints and service endpoints provide secure, private connectivity to Azure PaaS services without going over the public internet.

Configure name resolution and load balancing

Azure DNS lets you host your DNS zones in Azure. Load balancers distribute traffic across multiple backend instances — Azure Load Balancer for L4 (TCP/UDP) and Application Gateway for L7 (HTTP/HTTPS). Know how to create, configure, and troubleshoot both.


Monitor and maintain Azure resources (10–15%)

This is the smallest domain but still critical. It covers Azure Monitor (metrics, logs, alerts), monitoring specific resource types, Network Watcher, and backup/recovery with Azure Backup and Site Recovery. Don’t underestimate this domain — scenario questions on alerts and backup policies are common.

Monitor resources in Azure

Azure Monitor is the central platform for observability in Azure. You can view metrics, query logs using KQL, set up alert rules, and use Azure Monitor Insights for specialised views of VMs, storage, and networks. Network Watcher helps diagnose connectivity issues.

Implement backup and recovery

Azure Backup protects your data from accidental deletion and corruption. Site Recovery provides disaster recovery by replicating VMs to a secondary region. You need to know how to create vaults, configure backup policies, perform restores, and set up failover scenarios.


🧭 How does AZ-104 compare across AWS & Google Cloud?

See closest matches, skill overlap, and cost comparison with our Multi-Cloud Cert Compass.

Open Cert Compass →
💬