Practice Exams:

Everything You Need to Know About AZ-104: Microsoft Azure Administrator

The AZ-104 Microsoft Azure Administrator certification is one of the most practically significant and widely pursued credentials available to IT professionals who work with cloud infrastructure on the Microsoft Azure platform. It is an associate-level certification that validates a candidate’s demonstrated ability to implement, manage, and monitor core Azure services including virtual networks, storage accounts, virtual machines, identities, governance configurations, and monitoring solutions. Unlike foundational certifications that test theoretical awareness of cloud concepts, the AZ-104 specifically measures practical administrative competence, requiring candidates to demonstrate that they can actually perform the tasks that keep Azure environments running reliably, securely, and cost-effectively in real organizational settings.

The certification occupies an important position within the broader Microsoft certification ecosystem as the primary credential for cloud administrators whose daily professional responsibilities center on operating and maintaining Azure infrastructure rather than designing new architectures or developing applications. It sits above the AZ-900 Azure Fundamentals entry-level credential in terms of technical depth and practical skill requirements, and it serves as both a standalone professional recognition and a recommended preparation pathway for expert-level credentials including the AZ-305 Azure Solutions Architect Expert and the AZ-500 Azure Security Engineer Associate. For any IT professional whose career involves managing Azure cloud environments, the AZ-104 has become an increasingly expected professional baseline that employers actively prioritize when evaluating candidates for cloud administration roles.

Ideal Candidate Profile

The AZ-104 certification targets IT professionals who interact with Azure on a regular basis and carry operational responsibility for cloud infrastructure within their organizations. System administrators with backgrounds in Windows Server, Active Directory, and on-premises infrastructure management who are transitioning or have recently transitioned their skills to cloud-based environments represent the most natural audience for this certification. These professionals bring existing knowledge of networking, storage, virtualization, and identity management that translates directly to the Azure context, and the certification provides the formal recognition that their cloud skills match their on-premises expertise.

Network engineers who manage Azure virtual networks, VPN gateways, load balancers, and DNS configurations, security administrators who configure access controls and monitor compliance, and storage administrators who manage Azure storage accounts and backup solutions will all find significant portions of the exam content directly relevant to their daily work. Microsoft generally recommends that candidates have a minimum of six months of hands-on Azure experience before attempting the exam, along with practical familiarity with PowerShell or Azure CLI scripting, core networking concepts, and fundamental identity management principles. Professionals who have already earned the AZ-900 Azure Fundamentals certification will have useful conceptual grounding but should plan to invest considerable additional time in the hands-on technical content that distinguishes the AZ-104 from its foundational predecessor.

Five Primary Skill Domains

The AZ-104 exam is structured around five primary skill domains that together define the complete operational scope of an Azure administrator’s responsibilities. The first domain addresses managing Azure identities and governance, covering Azure Active Directory configuration, role-based access control implementation, subscription management, and Azure Policy enforcement. The second domain covers implementing and managing storage, addressing storage account creation, blob storage configuration, Azure Files setup, lifecycle management policies, and storage security controls. The third domain focuses on deploying and managing Azure compute resources, encompassing virtual machine deployment, availability configuration, container workloads, and App Service management.

The fourth domain addresses implementing and managing virtual networking, which is one of the most technically demanding sections and covers virtual network architecture, network security groups, Azure DNS, load balancing services, and cross-premises connectivity options. The fifth domain covers monitoring and maintaining Azure resources, addressing Azure Monitor configuration, backup and disaster recovery implementation, and resource cost management. Each domain carries a different weighting in the exam based on its relative importance in real-world Azure administration, and candidates who understand these weightings can prioritize their study time to focus proportionally more attention on the domains that account for the largest share of exam questions while ensuring they have adequate coverage of all five areas.

Identity and Governance Deep Dive

Identity and governance forms the security and organizational foundation upon which everything else in an Azure environment rests, and the AZ-104 exam tests this domain with appropriate thoroughness. Azure Active Directory is the cloud-based identity service that controls authentication and authorization across the Azure environment, and candidates must demonstrate the ability to create and manage user accounts, configure group types including security groups and Microsoft 365 groups, manage guest user access for external collaborators, and implement self-service capabilities like password reset and multi-factor authentication registration that reduce administrative burden while improving security posture.

Role-based access control is the mechanism that determines what authenticated users are authorized to do with Azure resources, and the exam covers how to assign both built-in roles and custom roles at appropriate scopes ranging from the broad management group level down to individual resources. Azure Policy allows administrators to define and enforce organizational standards at scale by creating policy definitions that evaluate resource configurations against required conditions and apply effects ranging from audit logging to automatic denial of non-compliant resource creation. Management groups that organize subscriptions into hierarchical structures for consistent governance application, Azure Blueprints that package governance configurations for repeatable deployment, and subscription management tasks including moving resources between subscriptions and managing cost allocation through tags are all governance topics that the exam covers to ensure candidates can establish and maintain a well-governed Azure environment.

Storage Services Configuration Details

Storage is a foundational Azure service that underpins countless application architectures, and the AZ-104 exam tests candidates on their practical ability to configure and manage the full range of Azure storage capabilities. Creating storage accounts requires selecting appropriate configuration options including the performance tier, which determines whether the account uses standard hard disk or premium solid-state disk storage, the account kind, and the replication option that determines how many copies of the data are maintained and in what geographic arrangement. Locally redundant storage maintains three synchronous copies within a single data center, zone-redundant storage distributes copies across three availability zones within a single region, geo-redundant storage replicates data to a secondary region hundreds of miles away, and geo-zone-redundant storage combines zone-redundant storage with geo-replication for the highest level of durability.

Azure Blob Storage configuration includes understanding access tiers and how to implement lifecycle management policies that automatically move blobs between hot, cool, and archive tiers based on age and access patterns to optimize storage costs over the data lifecycle. Azure Files provides fully managed cloud file shares accessible via the SMB and NFS protocols, and the exam covers how to create file shares, configure quotas, and deploy Azure File Sync agents that extend on-premises file servers with cloud-based tiering. Securing storage through shared access signatures that grant scoped and time-limited access to storage resources, configuring storage firewalls and virtual network service endpoints, implementing customer-managed encryption keys through Azure Key Vault, and managing the storage account access keys that provide full administrative access to all data in the account are security configuration skills that the exam tests comprehensively.

Virtual Machine Administration Skills

Virtual machines are among the most commonly managed resources in Azure environments, and the AZ-104 exam dedicates substantial coverage to the skills required to deploy, configure, and maintain them across their full operational lifecycle. Deploying virtual machines requires selecting appropriate sizes from the extensive catalog of general purpose, compute-optimized, memory-optimized, storage-optimized, and GPU-equipped options, choosing the operating system image from the Azure Marketplace or a custom image created from an existing virtual machine, and configuring the associated storage disks, network interfaces, and security settings that define how the machine operates within the environment.

Managing virtual machine disks involves understanding the differences between premium SSD, standard SSD, and standard HDD managed disk types and when each is appropriate based on the performance and cost requirements of the workload, configuring additional data disks beyond the operating system disk, and implementing Azure Disk Encryption to protect data at rest using BitLocker on Windows virtual machines and DM-Crypt on Linux virtual machines. Availability sets that distribute virtual machines across fault domains and update domains to protect against hardware failures and planned maintenance events, availability zones that distribute machines across physically separate data center facilities within a region for higher resilience, and virtual machine scale sets that automatically adjust instance counts in response to demand metrics are all high availability and scalability topics that the exam covers in the context of building resilient and elastic compute solutions.

Azure Networking Architecture Essentials

Networking is consistently identified as one of the most technically demanding domains on the AZ-104 exam, and it requires candidates to demonstrate both conceptual understanding of Azure networking architecture and practical skill in configuring networking resources through the portal, CLI, and PowerShell. Virtual networks are the foundational networking construct in Azure, providing isolated network environments within which Azure resources communicate privately, and candidates must understand how to design virtual networks with appropriate address spaces, create subnets with correctly sized CIDR blocks, and understand how subnet boundaries affect resource placement and routing within the virtual network.

Network security groups control inbound and outbound traffic to virtual machines and subnets through rules that evaluate traffic based on source address, destination address, port, and protocol, and the exam covers how to create effective security group rules that implement the principle of least privilege by allowing only the specific traffic types that are genuinely required for each resource. Virtual network peering connects separate virtual networks so that resources in each network can communicate using private IP addresses without traversing the public internet, and candidates must understand both local peering within a region and global peering across regions including the routing and access implications of each. User-defined routes that override Azure’s default routing behavior, service endpoints that extend virtual network identity to Azure platform services, and private endpoints that bring Azure platform service traffic entirely within the virtual network are advanced networking concepts that the exam includes to test candidates’ readiness for real-world network architecture decisions.

Load Balancing Service Selection

Azure provides multiple load balancing services that operate at different layers of the network stack and offer different capabilities, and the AZ-104 exam tests candidates on their ability to select and configure the appropriate service for different architectural scenarios. Azure Load Balancer operates at the transport layer using a four-tuple hash algorithm that distributes TCP and UDP connections across backend pool members, providing high-throughput, low-latency load distribution for applications that require simple connection-level balancing without application-layer routing intelligence. It supports both internet-facing configurations with public IP addresses and internal configurations for distributing traffic within a virtual network, and health probes that continuously monitor the availability of backend pool members to automatically remove unhealthy instances from the rotation.

Azure Application Gateway is an application-layer load balancer that understands HTTP and HTTPS traffic and provides capabilities that go significantly beyond what a transport-layer load balancer can offer. Path-based routing directs requests to different backend pools based on the URL path, enabling a single application gateway to front multiple services that share a domain name. Host-based routing distributes traffic to different backend pools based on the HTTP host header, enabling multi-site hosting behind a single IP address. SSL termination offloads the computational overhead of encryption and decryption from backend servers, and the integrated web application firewall protects web applications from the OWASP top ten vulnerabilities and other common attack patterns. Azure Traffic Manager and Azure Front Door provide global traffic distribution capabilities that operate above the regional level, and understanding the role of each service in a layered load balancing architecture is knowledge that the exam tests through scenario-based selection questions.

Hybrid Connectivity Options

Connecting Azure virtual networks to on-premises networks and to other Azure virtual networks through secure, private connections is a common and important administrative task that the AZ-104 exam covers in meaningful detail. Azure VPN Gateway creates encrypted site-to-site tunnels between on-premises network devices and Azure virtual networks using the IPsec and IKE protocols, allowing on-premises resources to access Azure resources and vice versa over the public internet using encryption that protects the traffic from interception. Configuring a VPN gateway requires creating the gateway resource itself within a dedicated gateway subnet, defining a local network gateway that represents the on-premises network and its VPN device, and establishing the connection that links the two together with the appropriate shared keys and protocol settings.

Point-to-site VPN connections extend the connectivity model to individual client devices, allowing remote workers to establish encrypted connections to an Azure virtual network from their personal or company-issued computers without requiring a dedicated hardware VPN device at each location. Azure ExpressRoute provides private, dedicated connectivity between on-premises networks and Azure data centers through telecommunication provider infrastructure that never touches the public internet, delivering higher reliability, lower and more consistent latency, and more predictable bandwidth than VPN-based connectivity can provide. Candidates for the AZ-104 exam are expected to understand the architectural differences between VPN Gateway and ExpressRoute, the scenarios where each is appropriate, and the general process for setting up each connectivity option, even though the deepest ExpressRoute operational details are reserved for more advanced certification levels.

Monitoring and Observability Setup

Monitoring is an essential operational discipline that the AZ-104 exam addresses through its coverage of Azure Monitor and the ecosystem of observability tools that connect to it. Azure Monitor is the central platform for collecting performance metrics from Azure resources, aggregating log data from applications and services, and providing the alerting and visualization capabilities that operations teams use to maintain awareness of environment health. Configuring diagnostic settings on Azure resources to route their metric and log data to a Log Analytics workspace, a storage account, or an event hub is a fundamental administrative skill that enables the centralized collection of operational data from resources across the environment.

Log Analytics workspaces provide the storage and query engine for log data collected by Azure Monitor, and the Kusto Query Language that powers Log Analytics queries is a skill that the exam tests through scenarios requiring candidates to identify the appropriate query structure for retrieving specific operational information. Creating metric alerts that trigger notifications when resource metrics cross defined thresholds, log alerts that fire when query results match specified conditions, and activity log alerts that respond to specific administrative actions performed against Azure resources are all alerting configuration skills that the exam covers. Application Insights extends monitoring to application-level telemetry including request rates, dependency tracking, exception logging, and custom event recording, while Azure Monitor Workbooks provide flexible reporting capabilities for creating custom visual dashboards that surface the operational information most relevant to each team’s responsibilities.

Backup and Recovery Implementation

Protecting organizational data and ensuring rapid recovery from failures are fundamental responsibilities of every Azure administrator, and the AZ-104 exam covers the tools and practices used to implement comprehensive backup and disaster recovery capabilities in Azure environments. Azure Backup is the primary data protection service that provides backup capabilities for Azure virtual machines, Azure Files shares, SQL Server databases running on Azure virtual machines, and SAP HANA databases. Configuring backup requires creating a Recovery Services vault that stores backup data and hosts the backup policies that define backup frequency, retention periods for daily, weekly, monthly, and yearly recovery points, and the consistency type used for virtual machine backups.

Virtual machine backup operates through an extension installed on the virtual machine that coordinates application-consistent snapshots using the Volume Shadow Copy Service on Windows or the pre and post scripts framework on Linux, ensuring that backed-up data represents a consistent state that can be recovered without data corruption. Performing restore operations that recover entire virtual machines, individual files and folders, or specific disks from backup recovery points, and understanding the recovery time implications of each restore approach, are practical skills that the exam tests to ensure candidates can actually help their organizations recover from data loss events. Azure Site Recovery provides disaster recovery capabilities by continuously replicating virtual machine configurations and data to a secondary Azure region, enabling failover to the secondary region when the primary region experiences an extended disruption, and the exam covers how to set up replication, validate recovery through test failover operations, and execute actual failover when needed.

Cost Management Best Practices

Managing Azure costs effectively is an operational responsibility that has grown in importance as organizations scale their cloud usage and as cloud spending becomes a significant line item in IT budgets. The AZ-104 exam reflects this importance by including cost management content that tests candidates on their knowledge of the tools and practices used to monitor, analyze, and optimize Azure spending. Azure Cost Management and Billing provides the primary interface for viewing current and historical spending data, analyzing costs by subscription, resource group, resource type, location, and tag, and creating budgets that trigger alert notifications when spending approaches or exceeds defined thresholds.

Azure Advisor analyzes resource configuration and usage patterns to generate personalized recommendations across cost, security, reliability, operational excellence, and performance categories, and the cost recommendations specifically identify resources that are underutilized, oversized, or eligible for reserved instance discounts that could significantly reduce spending. Resource tagging is a foundational cost governance practice that associates metadata with resources to enable cost allocation reporting by business unit, project, environment, or any other organizational dimension that management needs for financial accountability. Understanding the difference between reserved instances that provide significant discounts for committed usage of specific resource types and savings plans that provide discounts based on committed hourly spend with the flexibility to apply across different resource types helps administrators make informed purchasing decisions that reduce costs for predictable workloads while maintaining flexibility for variable ones.

PowerShell and CLI Automation

Automation through scripting is an expected competency for Azure administrators, and the AZ-104 exam includes content that tests candidates on their ability to use both Azure PowerShell and Azure CLI to perform administrative tasks programmatically rather than through the Azure portal. The exam does not require candidates to write complex scripts from scratch during the test, but it does present scenarios that require identifying the correct commands, parameters, and syntax for accomplishing specific administrative objectives using each scripting tool. Understanding the fundamental patterns for authenticating to Azure, selecting the subscription context, and constructing commands that create, read, update, and delete Azure resources is the baseline scripting knowledge the exam tests.

Azure PowerShell uses a consistent verb-noun cmdlet naming convention where verbs like Get, New, Set, and Remove combine with nouns that identify the resource type to form commands like Get-AzVirtualNetwork, New-AzStorageAccount, and Set-AzVMDiskEncryptionExtension. Azure CLI uses a hierarchical command structure where resource type groups like az vm, az network, and az storage combine with action verbs like create, list, update, and delete to form commands that parallel the PowerShell cmdlet set. Azure Cloud Shell provides a browser-based shell environment that is pre-authenticated with the signed-in user’s Azure credentials and has both Azure PowerShell and Azure CLI pre-installed, making it available from anywhere without requiring local tool installation. ARM templates and Bicep files that define Azure infrastructure as declarative code deployable through the portal, CLI, or PowerShell pipelines are infrastructure-as-code topics that the exam includes because they represent how professional Azure environments are managed at scale.

Exam Registration and Format

The AZ-104 exam typically contains between forty and sixty questions presented across several different formats that together test both knowledge and applied judgment. Multiple choice questions test understanding of concepts and capabilities. Multiple select questions require identifying all correct answers from a list, testing the breadth of knowledge rather than simple recognition of a single correct option. Drag-and-drop questions test the ability to sequence steps or match concepts to their descriptions. Case study questions present a detailed organizational scenario and ask multiple related questions that require integrating information from the scenario to select the best solution. The exam duration is approximately one hundred and twenty minutes, and the passing score is seven hundred out of a maximum of one thousand points.

Candidates register for the exam through the Microsoft certification portal where they can select either a Pearson VUE testing center location for in-person testing with a human proctor or an online proctored option that allows testing from any location with a compatible computer, webcam, and internet connection. Microsoft’s retake policy allows candidates who do not pass to retake the exam after a twenty-four-hour waiting period for the first retake, with a fourteen-day waiting period applied for subsequent retakes. The AZ-104 certification earned upon passing is valid for one year from the date of achievement and must be renewed annually through a free online assessment available through Microsoft Learn, which tests knowledge of recent platform changes and keeps the certification current as Azure evolves.

Professional Advancement After Certification

Earning the AZ-104 Microsoft Azure Administrator certification delivers concrete and immediate professional benefits in a technology job market where verified cloud administration skills command premium compensation and expanded career opportunities. Organizations across every industry vertical are operating significant Azure deployments and actively seek certified administrators who can manage those environments with the competence and confidence that the certification validates. Hiring managers treat the AZ-104 as a reliable and meaningful signal that distinguishes candidates who have demonstrated their knowledge through a rigorous standardized assessment from those who simply list Azure familiarity on a resume without any formal validation.

The AZ-104 credential also serves as an important gateway to more advanced Microsoft certifications that further accelerate career progression. The AZ-305 Azure Solutions Architect Expert, which is one of the most prestigious and well-compensated certifications in the cloud industry, recommends AZ-104 preparation as foundational to its more advanced architectural content. The AZ-500 Azure Security Engineer Associate, the AZ-400 Azure DevOps Engineer Expert, and several other specialist certifications similarly build on the foundational administrative knowledge that AZ-104 establishes. Certified professionals frequently report receiving salary increases, promotions, new job offers, and opportunities to take on more complex and visible projects following certification, and the cumulative career impact of the AZ-104 combined with subsequent advanced credentials can be transformative for IT professionals who pursue them with genuine commitment.

Conclusion

The AZ-104 Microsoft Azure Administrator certification stands as one of the most practically valuable and professionally significant credentials available to IT professionals who work with cloud infrastructure in the Microsoft Azure ecosystem. Its comprehensive coverage of identity and governance, storage configuration, virtual machine management, networking architecture, load balancing, hybrid connectivity, monitoring, backup, cost management, and automation scripting reflects the genuine breadth and depth of knowledge that effective Azure administration requires in real organizational environments. Earning this certification represents more than academic achievement; it represents the development of a well-rounded, practical skill set that makes a measurable difference to the cloud environments and the organizations they support.

Preparing for the AZ-104 demands a disciplined and honest approach that combines structured study of the official content with substantial hands-on practice in a real Azure environment. The scenario-based questions that characterize the exam are specifically designed to distinguish candidates who genuinely understand how to administer Azure from those who have memorized facts without developing applicable judgment. Building the kind of intuitive familiarity with Azure services that allows confident navigation of novel scenarios requires spending real time in the Azure portal, running real commands in Azure PowerShell and CLI, configuring real resources, and working through real administrative tasks across all five skill domains. No amount of reading can substitute for this hands-on engagement, and candidates who recognize this and invest accordingly will consistently outperform those who do not.

As Microsoft Azure continues to expand its global infrastructure footprint, broaden its service catalog, and deepen its penetration across enterprise, government, and mid-market organizations worldwide, the demand for certified Azure administrators will continue to grow in parallel. The organizations investing in Azure are committing to it as a long-term strategic platform, which means they need administrators who can not only manage it today but grow with it as its capabilities expand and as their own usage matures. The AZ-104 certified professional is positioned to be exactly that kind of administrator, equipped with the foundational knowledge and demonstrated competence to deliver enduring value throughout a technology relationship that will span years and decades.

The path from passing the AZ-104 exam to becoming a truly expert Azure administrator is a long and rewarding one, and the certification marks an important milestone on that journey rather than its conclusion. The administrators who derive the greatest career value from this credential are those who treat it as a foundation to build upon rather than a destination to arrive at, continuing to deepen their Azure knowledge through experience, staying current with platform developments through the renewal process and ongoing learning, and pursuing advanced certifications that build on the administrative foundation the AZ-104 establishes. Approach your preparation with the thoroughness, consistency, and genuine curiosity that excellent cloud administration demands, earn this certification with confidence, and use it as the foundation for a cloud career that will grow more rewarding with every year of dedicated practice and continued learning.

Related posts:

  1. Getting Ready for the AZ-104? Here’s How to Prepare for Success
  2. Complete Study Guide for AZ-104: Microsoft Azure Administrator
  3. What’s Not To Miss: Microsoft Certification Upgrade Offer
  4. Take New Microsoft Azure and Office 365 Exams For FREE!
  5. PL-600 Is Your Key to Leading Digital Transformation with Power Platform
  6. Mastering the AZ-700 – Your First Step Toward Azure Network Engineer Certification
  7. Mastering Scalable and Secure Data with Azure SQL
  8. Finland Training of AZ-140: Configuring and Operating Windows Virtual Desktop on Microsoft Azure
  9. Level Up Your Data Career with PL-300: Microsoft Power BI Data Analyst
  10. Top 5 Compelling Reasons to Conquer MB-300 Dynamics 365: Core Finance and Operations
img