Practice Exams:

Everything You Need to Know About the AZ-104 Microsoft Azure Administrator Certification

The AZ-104 Microsoft Azure Administrator certification is one of the most widely recognized and practically valuable credentials available to IT professionals working with cloud infrastructure. It is an associate-level certification issued by Microsoft that validates a candidate’s ability to implement, manage, and monitor an organization’s Microsoft Azure environment. This includes managing virtual networks, storage accounts, compute resources, identities, and governance configurations that together form the operational backbone of an enterprise Azure deployment. Earning this certification demonstrates that a professional has moved beyond theoretical familiarity with Azure and possesses the hands-on skills needed to administer real cloud environments.

The certification is positioned within Microsoft’s broader certification framework as the primary credential for professionals whose daily responsibilities center on keeping Azure infrastructure running reliably, securely, and cost-effectively. It sits above the foundational AZ-900 Azure Fundamentals credential and serves as a prerequisite or recommended preparation step for several expert-level certifications including the AZ-305 Azure Solutions Architect Expert. For any IT professional whose career involves managing cloud infrastructure on Microsoft Azure, the AZ-104 certification is not just a worthwhile goal but an increasingly expected professional baseline that employers actively seek when hiring for cloud administration roles.

Who Should Pursue AZ-104

The AZ-104 certification is designed for IT professionals who work with Azure on a daily basis and are responsible for implementing, managing, and monitoring cloud infrastructure. System administrators who are transitioning their skills from on-premises Windows Server and Active Directory environments to the cloud will find this certification a natural and important next step. Network engineers who manage virtual networks, VPN gateways, and DNS configurations within Azure will find the exam content directly aligned with their responsibilities. Security administrators who configure role-based access control, monitor compliance policies, and respond to security alerts in Azure will also find significant portions of the exam relevant to their work.

Candidates who are best positioned for the AZ-104 exam typically have at least six months of hands-on experience working with Azure services and a solid understanding of core IT concepts including networking, storage, virtualization, and identity management. Prior experience with PowerShell or Azure CLI scripting is highly beneficial because the exam includes scenario-based questions that require knowledge of how to perform administrative tasks programmatically rather than only through the Azure portal. IT professionals who have earned the AZ-900 Azure Fundamentals certification will have a useful conceptual foundation but should expect to invest significant additional study time in the hands-on technical content that the AZ-104 demands.

Core Exam Skill Domains

The AZ-104 exam is organized around five primary skill domains that together represent the full scope of an Azure administrator’s operational responsibilities. The first domain covers managing Azure identities and governance, which includes configuring Azure Active Directory, implementing role-based access control, managing subscriptions, and applying Azure Policy to enforce organizational standards. The second domain covers implementing and managing storage, which includes configuring storage accounts, managing blob storage, implementing Azure Files, and configuring storage security and replication options.

The third domain covers deploying and managing Azure compute resources, which includes creating and managing virtual machines, configuring virtual machine availability, deploying containerized workloads, and managing Azure App Service deployments. The fourth domain covers implementing and managing virtual networking, which includes configuring virtual networks, network security groups, Azure DNS, Azure Load Balancer, and VPN connections between Azure and on-premises environments. The fifth domain covers monitoring and maintaining Azure resources, which includes configuring Azure Monitor, implementing backup and disaster recovery solutions, and managing resource costs. Each domain is weighted according to its importance in real-world Azure administration, and the exam draws questions proportionally from each area.

Azure Identity and Governance

Identity and governance is one of the most critical domains tested on the AZ-104 exam because getting identity management right is the foundation of a secure and well-governed Azure environment. Students preparing for this domain learn how to manage Azure Active Directory, which is the cloud-based identity and access management service that controls who can authenticate to Azure and what they are authorized to do. This includes creating and managing user accounts, group memberships, and guest user access, as well as configuring self-service password reset and multi-factor authentication policies that protect accounts from unauthorized access.

Role-based access control is a central concept in this domain that determines what actions authenticated users and service principals are permitted to perform on Azure resources. Students learn how to assign built-in Azure roles at different scopes including management group, subscription, resource group, and individual resource levels, and how to create custom roles when the built-in roles do not provide exactly the right set of permissions for a specific use case. Azure Policy is another key topic that allows administrators to enforce organizational standards at scale by defining rules that prevent non-compliant resources from being created and automatically remediate existing resources that violate policy definitions. Management groups, which organize subscriptions into a hierarchy for consistent policy and access control application, and Azure Blueprints, which package governance configurations for repeatable environment deployment, round out this comprehensive governance coverage.

Storage Account Configuration

Storage is a fundamental building block of virtually every Azure architecture, and the AZ-104 exam tests candidates thoroughly on their ability to configure and manage Azure storage services. Students learn how to create storage accounts with appropriate performance tiers, replication options, and access settings for different workload requirements. The choice between standard and premium performance tiers, and among locally redundant storage, zone-redundant storage, geo-redundant storage, and geo-zone-redundant storage replication options, depends on the balance of cost, performance, and durability requirements that each workload demands.

Azure Blob Storage is covered in depth, including how to configure access tiers that optimize costs by moving data between hot, cool, and archive tiers based on access frequency. Students learn how to implement lifecycle management policies that automatically transition blobs between tiers or delete them when they reach the end of their useful life. Azure Files provides fully managed file shares that can be mounted by Windows, Linux, and macOS clients using the SMB protocol, and the exam covers how to configure file shares, set quotas, and connect Azure File Sync to extend on-premises file servers into the cloud. Storage security topics include configuring shared access signatures that grant time-limited, permission-scoped access to storage resources, implementing storage firewall rules and virtual network service endpoints, and managing storage account keys and their rotation.

Virtual Machine Deployment and Management

Virtual machines are among the most commonly managed resources in Azure, and the AZ-104 exam dedicates substantial coverage to the skills required to deploy, configure, and maintain them effectively. Students learn how to create virtual machines through the Azure portal, Azure CLI, PowerShell, and ARM templates, and how to select appropriate virtual machine sizes based on CPU, memory, and storage requirements. Configuring virtual machine disks, including the choice between premium SSD, standard SSD, and standard HDD managed disks, and understanding how to add and configure data disks beyond the operating system disk, are practical skills tested on the exam.

Virtual machine availability is a critical operational concern that the exam addresses through topics like availability sets, which distribute virtual machines across fault domains and update domains to protect against hardware failures and planned maintenance events, and availability zones, which distribute virtual machines across physically separate data center facilities within an Azure region. Students also learn how to configure virtual machine scale sets that automatically add or remove virtual machine instances based on demand, applying the same auto-scaling principles to IaaS workloads that are available for PaaS services. Managing virtual machine extensions that automate post-deployment configuration tasks, implementing Azure Disk Encryption to protect virtual machine data at rest, and resizing virtual machines to accommodate changing workload requirements are additional practical skills that appear on the exam.

Azure Networking Fundamentals

Networking is one of the most technically demanding domains on the AZ-104 exam and requires candidates to understand both the conceptual foundations of Azure networking and the practical configuration of networking resources. Students learn how to design and implement virtual networks with appropriate address spaces and subnet configurations, understanding how subnet sizing affects the number of available IP addresses and how overlapping address spaces create routing conflicts between connected networks. Network security groups are a fundamental security mechanism that controls inbound and outbound traffic to virtual machines and subnets through configurable rules that evaluate traffic based on source, destination, port, and protocol.

Virtual network peering connects two virtual networks so that resources in each network can communicate privately without traversing the public internet, and the exam covers both peering within a single region and global peering between virtual networks in different Azure regions. Azure DNS allows organizations to host their domain names in Azure and manage DNS records using the same tools and APIs used for other Azure resources, and the exam covers both public DNS zones for internet-facing name resolution and private DNS zones for name resolution within virtual networks. User-defined routes allow administrators to override Azure’s default routing behavior and control how traffic flows between subnets, virtual appliances, and external networks, which is essential knowledge for implementing hub-and-spoke network topologies and network virtual appliance architectures.

Load Balancing and Traffic Management

Azure provides multiple load balancing services for distributing network traffic across multiple backend resources, and the AZ-104 exam tests candidates on how to select and configure the appropriate service for different scenarios. Azure Load Balancer operates at the transport layer and distributes TCP and UDP traffic across backend virtual machines based on a hash of the source IP, source port, destination IP, destination port, and protocol. It is appropriate for distributing traffic within a single region and supports both internet-facing configurations with a public IP address and internal configurations for distributing traffic within a virtual network.

Azure Application Gateway operates at the application layer and provides advanced traffic routing capabilities including path-based routing, host-based routing, SSL termination, and web application firewall functionality that protects web applications from common exploits. Students learn how to configure backend pools, HTTP settings, listeners, and routing rules within an Application Gateway and understand when the additional capabilities of Application Gateway justify its higher cost compared to a basic load balancer. Azure Traffic Manager is a DNS-based traffic routing service that distributes traffic across endpoints in different Azure regions using routing methods including priority, weighted, performance, geographic, and subnet-based routing. Understanding the differences between these load balancing services and knowing which one to recommend for a given set of requirements is a skill that the exam tests through scenario-based questions.

VPN and Connectivity Solutions

Connecting Azure virtual networks to on-premises networks and to other Azure virtual networks through encrypted tunnels is a common administrative task that the AZ-104 exam covers in detail. Azure VPN Gateway provides site-to-site VPN connections between on-premises networks and Azure virtual networks using IPsec and IKE protocols, and the exam covers how to configure the gateway, define local network gateways that represent the on-premises network, and establish and monitor VPN connections. Point-to-site VPN connections allow individual client devices to connect to an Azure virtual network over an encrypted tunnel, which is useful for remote workers who need access to resources in Azure without requiring a full site-to-site connection.

Azure ExpressRoute provides private, dedicated connectivity between on-premises networks and Azure data centers through a connectivity provider, bypassing the public internet entirely for higher reliability, lower latency, and more predictable performance than VPN connections can provide. While ExpressRoute configuration details are more heavily covered in expert-level certifications, AZ-104 candidates are expected to understand when ExpressRoute is appropriate compared to VPN Gateway and what the general architecture of an ExpressRoute connection looks like. Virtual WAN is a networking service that provides optimized and automated branch-to-branch connectivity through Azure, and understanding its role in large-scale network architectures is another topic that appears in the exam’s networking domain.

Azure Monitor and Diagnostics

Monitoring is a foundational operational discipline for any Azure administrator, and the AZ-104 exam tests candidates on their ability to configure comprehensive monitoring solutions using Azure Monitor and its associated services. Azure Monitor is the central platform for collecting, analyzing, and acting on telemetry from Azure resources, including metrics that measure the performance and health of resources in near real time and logs that provide detailed records of operations, errors, and events across the Azure environment. Students learn how to create metric alerts that notify administrators when resource metrics cross defined thresholds and how to configure log-based alerts that trigger when specific patterns appear in log data.

Log Analytics workspaces are a key component of the Azure Monitor ecosystem that collect and store log data from Azure resources, virtual machines, and other sources, providing a powerful query interface based on the Kusto Query Language that allows administrators to search, analyze, and visualize log data in flexible and sophisticated ways. Students learn how to configure diagnostic settings on Azure resources to route their log and metric data to a Log Analytics workspace, a storage account for archival, or an event hub for streaming to external systems. Azure Monitor Workbooks provide a flexible reporting canvas for creating rich visual reports from monitoring data, and Application Insights extends monitoring to application-level telemetry including request rates, response times, failure rates, and custom application events.

Backup and Disaster Recovery

Protecting organizational data and ensuring that services can be restored quickly after a failure is a core responsibility of every Azure administrator, and the AZ-104 exam covers the tools and practices used to implement backup and disaster recovery in Azure environments. Azure Backup is the primary backup service for protecting virtual machines, Azure Files shares, SQL Server databases running on virtual machines, and other workloads. Students learn how to create Recovery Services vaults, configure backup policies that define backup frequency and retention periods, initiate and monitor backup jobs, and perform restore operations that recover data from backup recovery points.

Azure Site Recovery provides disaster recovery capabilities that replicate virtual machines from a primary Azure region to a secondary region so that if the primary region experiences an extended outage, workloads can be failed over to the secondary region with minimal data loss and recovery time. Students learn how to configure replication for Azure virtual machines, test failover to verify that recovery works correctly without impacting production workloads, and perform actual failover and failback operations when disaster recovery is invoked. Understanding recovery point objectives and recovery time objectives, and how the configuration choices in Azure Backup and Site Recovery affect an organization’s ability to meet them, is conceptual knowledge that the exam tests alongside the practical configuration skills.

Azure App Service Management

Azure App Service is a fully managed platform for hosting web applications, REST APIs, and mobile backends without managing the underlying server infrastructure, and the AZ-104 exam includes coverage of how to deploy and manage App Service resources. Students learn how to create App Service plans that define the compute resources shared by the web apps running within them, and how to select appropriate pricing tiers based on the features, scale, and performance requirements of the hosted applications. Deploying web applications to App Service using deployment slots, which are separate environments within the same App Service plan that can run different versions of the application, is a key operational skill that enables zero-downtime deployments through slot swapping.

Configuring custom domains and SSL certificates for App Service applications, setting up application settings and connection strings that provide configuration values to the application without hardcoding them in the code, and configuring autoscale rules that add or remove App Service instances based on CPU utilization, memory pressure, or custom metrics are all practical skills covered in this section of the exam. Monitoring App Service applications using the built-in diagnostic logging and metrics, integrating with Application Insights for deeper application performance monitoring, and configuring deployment center to set up continuous deployment pipelines from source control repositories are additional topics that round out the App Service coverage on the AZ-104 exam.

Cost Management and Optimization

Managing and optimizing Azure costs is an increasingly important responsibility for Azure administrators, and the AZ-104 exam reflects this by including content on the tools and practices used to monitor, analyze, and control cloud spending. Azure Cost Management and Billing provides dashboards and reports that show current and historical spending by subscription, resource group, resource type, and tag, allowing administrators to understand where money is being spent and identify opportunities for optimization. Students learn how to create budgets that trigger alerts when spending approaches or exceeds defined thresholds, providing early warning of unexpected cost increases before they become significant financial problems.

Azure Advisor is a personalized recommendation service that analyzes resource configuration and usage data to provide actionable recommendations across cost, security, reliability, operational excellence, and performance categories. Cost recommendations from Advisor frequently identify underutilized virtual machines that should be resized or shut down, unattached managed disks that are incurring charges without being used, and reserved instance purchasing opportunities that could significantly reduce costs for predictable, steady-state workloads. Students learn how to evaluate and implement Advisor recommendations, configure resource tags that enable cost allocation and chargeback to different business units, and use Azure pricing calculator and total cost of ownership calculator to estimate costs before deploying new resources.

PowerShell and CLI Scripting

Automation through scripting is an expected competency for Azure administrators, and the AZ-104 exam tests candidates on their ability to perform administrative tasks using both Azure PowerShell and Azure CLI. While the exam does not require candidates to write complex scripts from scratch, it does include questions that present scripting scenarios and ask candidates to identify the correct commands or parameters for accomplishing specific administrative tasks. Students learn the fundamental patterns for authenticating to Azure, selecting the appropriate subscription context, and running commands that create, configure, query, and delete Azure resources using both scripting interfaces.

Azure PowerShell uses a noun-verb cmdlet syntax that will feel familiar to anyone with Windows PowerShell experience, while Azure CLI uses a hierarchical command structure with a more Linux-friendly syntax that integrates naturally into shell scripts and automation pipelines. Both tools provide equivalent capabilities for most administrative tasks, and choosing between them is largely a matter of personal preference and the existing tooling ecosystem of the organization. Students also learn about Azure Cloud Shell, which provides a browser-based shell environment pre-authenticated with the user’s Azure credentials and pre-installed with both Azure PowerShell and Azure CLI, allowing administrators to run scripts from anywhere without installing any local tools. ARM templates and their modern successor Bicep are also covered as infrastructure-as-code tools for deploying Azure resources in a repeatable and version-controlled manner.

Exam Preparation and Study Plan

Preparing effectively for the AZ-104 exam requires a structured approach that combines official study resources, hands-on practice in a real Azure environment, and regular self-assessment through practice questions. Microsoft Learn provides a free official learning path for the AZ-104 that covers all exam skill domains through reading modules, guided exercises, and knowledge checks. This learning path is regularly updated to reflect changes in the exam objectives and the Azure platform and should be the foundation of every candidate’s study plan regardless of what other resources they use.

Hands-on practice is absolutely essential for the AZ-104 because the exam tests practical skills that cannot be developed through reading alone. Candidates should work through the Microsoft Learn sandbox exercises and supplement them with practice in their own Azure subscription, where they can freely experiment with creating, configuring, and deleting resources across all the domains covered by the exam. A free Azure account provides enough credit and free-tier access to practice most of the skills covered on the exam without significant cost. Practice exams that simulate the format and difficulty of the real AZ-104 test are highly recommended for identifying knowledge gaps and building confidence with the exam’s question style before the actual test date.

Exam Registration and Format Details

The AZ-104 exam typically contains between forty and sixty questions presented in a variety of formats including multiple choice, multiple select, drag-and-drop, case studies, and scenario-based questions that present a business or technical situation and ask candidates to identify the best solution. The exam duration is approximately one hundred and twenty minutes, and the passing score is seven hundred out of a possible one thousand points. Questions are distributed across all five skill domains with weightings that reflect the relative importance of each domain in real-world Azure administration practice.

Candidates register for the exam through the Microsoft certification portal and can choose to take it at a Pearson VUE testing center or through an online proctored option from their own location using a compatible computer with a webcam. Microsoft’s exam retake policy allows candidates who do not pass on their first attempt to retake the exam after a waiting period, with the waiting period increasing for subsequent attempts. The certification earned upon passing the AZ-104 exam is valid for one year, after which it must be renewed through a free online assessment available through Microsoft Learn to demonstrate continued proficiency as the Azure platform evolves. Reviewing the official Microsoft AZ-104 certification page before registering is always recommended to confirm current pricing, scheduling options, exam objectives, and renewal requirements.

Career Value After Certification

Earning the AZ-104 Microsoft Azure Administrator certification delivers tangible and immediate career benefits in a job market where cloud skills are among the most in-demand and well-compensated in the technology industry. Organizations across every sector are running significant portions of their IT infrastructure on Azure and actively seek certified administrators who can manage those environments competently and confidently. The AZ-104 credential gives hiring managers a reliable, standardized signal that a candidate has verified knowledge of the Azure services and administrative skills that the role requires.

Certified professionals frequently report salary increases, promotions, and expanded job opportunities following certification. Many find that the credential opens doors to roles they previously would not have been considered for, including cloud administrator, cloud engineer, infrastructure architect, and DevOps engineer positions at organizations that build on Azure. The AZ-104 also serves as a valuable stepping stone toward more advanced certifications including the AZ-305 Azure Solutions Architect Expert and the AZ-500 Azure Security Engineer Associate, which together with the AZ-104 can form a comprehensive and highly marketable Azure certification portfolio. As Microsoft Azure continues to expand its global market share and more organizations migrate workloads to the cloud, the long-term career value of the AZ-104 certification will only grow stronger.

Conclusion

The AZ-104 Microsoft Azure Administrator certification represents one of the most practical and immediately valuable credentials available to IT professionals who work with cloud infrastructure. Its comprehensive coverage of identity and governance, storage, compute, networking, monitoring, backup, and cost management reflects the genuine breadth of responsibilities that Azure administrators carry in modern organizations. Earning this certification is not simply a matter of passing an exam but of developing a thorough and well-rounded understanding of how to operate a professional Azure environment that is secure, reliable, performant, and cost-efficient.

The preparation journey for the AZ-104 demands real engagement with the Azure platform through hands-on practice that builds the kind of practical skill and intuitive familiarity with the tools that scenario-based exam questions are designed to test. Candidates who spend time actually creating virtual networks, configuring storage accounts, deploying virtual machines, setting up monitoring alerts, and writing PowerShell scripts in a real Azure environment will find themselves far better prepared than those who rely exclusively on reading and video instruction without complementary practice. The investment of time and effort required to prepare properly for this exam is considerable, but it pays dividends that extend well beyond the certification itself into every aspect of day-to-day Azure administration work.

As organizations deepen their commitment to cloud infrastructure and as Azure continues to expand the breadth and sophistication of its service offerings, the role of the Azure administrator grows more complex and more important simultaneously. The professionals who hold the AZ-104 certification are recognized as having the knowledge and skills to navigate that complexity effectively and to contribute meaningfully to the cloud operations that keep modern businesses running. Whether you are beginning your cloud career, transitioning from on-premises infrastructure, or seeking formal validation of existing Azure skills, the AZ-104 certification is a powerful and well-respected credential that will serve your professional development for years to come.

The global demand for certified Azure administrators shows no sign of slowing as digital transformation initiatives continue across every industry and as organizations recognize that the cloud skills gap represents one of the most significant talent challenges they face. Professionals who invest in earning and maintaining the AZ-104 certification position themselves at the forefront of this demand, with a credential that employers trust and a skill set that makes a real and measurable difference to the organizations they serve. Begin your preparation with a clear study plan, commit to consistent hands-on practice in a real Azure environment, leverage the wealth of official and third-party resources available, and pursue this certification with the same professionalism and dedication that the Azure administrator role itself demands.

Related posts:

  1. HPExpertOne: Balanced Approach That Deserves a Closer Look
  2. What Is VCE File Format, and How It Can Be Used To The Max
  3. What’s CIW, And Should I Earn A CIW Credential?
  4. Red Hat Certified Architect (RHCA): Wider Exam Selection is Here
  5. HP has released new HPE SAW Certification
  6. A Complete Guide to Using the Microsoft 365 Admin Center
  7. AWS Kinesis Data Streams Compared With AWS Kinesis Data Firehose
  8. Quick DevOps Best Practices Checklist
  9. A Full Overview of JVM Programming Languages
  10. Linux Interview Prep: 60 Key Questions and Answers
img