MarkIT Training

IT Security and Microsoft Azure Training

Azure Administrator (AZ-104)

Written by

Mark Nathan

in

AZ-104 Badge

Students will learn to implement, manage, and monitor a Microsoft Azure environment, which includes virtual networks, storage, compute, identity, security, and governance.

Azure administrators typically work as part of a larger team dedicated to implementing an organization’s cloud infrastructure, collaborating with other roles to deliver Azure networking, security, database, application development, and DevOps solutions.

Skills taught:

Manage Azure identities and governance (20–25%):

  • Manage Microsoft Entra users and groups
    • Create users and groups
    • Manage user and group properties
    • Manage licenses in Microsoft Entra ID
    • Manage external users
    • Configure self-service password reset (SSPR)
  • Manage access to Azure resources
    • Manage built-in Azure roles
    • Assign roles at different scopes
    • Interpret access assignments
  • Manage Azure subscriptions and governance
    • Implement and manage Azure Policy
    • Configure resource locks
    • Apply and manage tags on resources
    • Manage resource groups
    • Manage subscriptions
    • Manage costs using alerts, budgets, and Azure Advisor recommendations
    • Configure management groups

Implement and manage storage (15–20%):

  • Configure access to storage
    • Configure Azure Storage firewalls and virtual networks
    • Create and use shared access signature (SAS) tokens
    • Configure stored access policies
    • Manage access keys
    • Configure identity-based access for Azure Files
  • Configure and manage storage accounts
    • Create and configure storage accounts
    • Configure Azure Storage redundancy
    • Configure object replication
    • Configure storage account encryption
    • Manage data using Azure Storage Explorer and AzCopy
  • Configure Azure Files and Azure Blob Storage
    • Create and configure a file share in Azure Storage
    • Create and configure a container in Blob Storage
    • Configure storage tiers
    • Configure snapshots and soft delete for Azure Files
    • Configure blob lifecycle management
    • Configure blob versioning

Deploy and manage Azure compute resources (20–25%):

  • Automate deployment of resources using Azure Resource Manager (ARM) templates or Bicep files
    • Interpret an Azure Resource Manager template or a Bicep file
    • Modify an existing Azure Resource Manager template
    • Modify an existing Bicep file
    • Deploy resources using an Azure Resource Manager template or a Bicep file
    • Export a deployment as an Azure Resource Manager template or convert an Azure Resource Manager template to a Bicep file
  • Create and configure virtual machines
    • Create a virtual machine
    • Configure Azure Disk Encryption
    • Move a virtual machine to another resource group, subscription, or region
    • Manage virtual machine sizes
    • Manage virtual machine disks
    • Deploy virtual machines to availability zones and availability sets
    • Deploy and configure an Azure Virtual Machine Scale Sets
  • Provision and manage containers in the Azure portal
    • Create and manage an Azure container registry
    • Provision a container using Azure Container Instances
    • Provision a container using Azure Container Apps
    • Manage sizing and scaling for containers, including Azure Container Instances and Azure Container Apps
  • Create and configure Azure App Service
    • Provision an App Service plan
    • Configure scaling for an App Service plan
    • Create an App Service
    • Configure certificates and Transport Layer Security (TLS) for an App Service
    • Map an existing custom DNS name to an App Service
    • Configure backup for an App Service
    • Configure networking settings for an App Service
    • Configure deployment slots for an App Service

Implement and manage virtual networking (15–20%):

  • Configure and manage virtual networks in Azure
    • Create and configure virtual networks and subnets
    • Create and configure virtual network peering
    • Configure public IP addresses
    • Configure user-defined network routes
    • Troubleshoot network connectivity
  • Configure secure access to virtual networks
    • Create and configure network security groups (NSGs) and application security groups
    • Evaluate effective security rules in NSGs
    • Implement Azure Bastion
    • Configure service endpoints for Azure platform as a service (PaaS)
    • Configure private endpoints for Azure PaaS
  • Configure name resolution and load balancing
    • Configure Azure DNS
    • Configure an internal or public load balancer
    • Troubleshoot load balancing

Monitor and maintain Azure resources (10–15%):

  • Monitor resources in Azure
    • Interpret metrics in Azure Monitor
    • Configure log settings in Azure Monitor
    • Query and analyze logs in Azure Monitor
    • Set up alert rules, action groups, and alert processing rules in Azure Monitor
    • Configure and interpret monitoring of virtual machines, storage accounts, and networks using Azure Monitor Insights
    • Use Azure Network Watcher and Connection Monitor
  • Implement backup and recovery
    • Create a Recovery Services vault
    • Create an Azure Backup vault
    • Create and configure a backup policy
    • Perform backup and restore operations using Azure Backup
    • Configure Azure Site Recovery for Azure resources
    • Perform a failover to a secondary region using Site Recovery
    • Configure and interpret reports and alerts for backups

Share on Social Media or Email

More posts