AZ-104 for SCBx (8-APR-2025)
April 8, 2025About 12 min
Microsoft Learn
Microsoft Learn is a free, online resource that provides learning materials and training for Microsoft products
- Microsoft Learn
- Azure Documents
- Azure Architecture Center
- Microsoft Certified Poster
- AZ-104 : Study guide
- AZ-104 : Lab host
- AZ-104 : Exam Infomation
Module 01 : Administer Identity
- What is Microsoft Entra ID?
- Compare Active Directory to Microsoft Entra ID
- Microsoft Entra Plans & Pricing
- Microsoft Entra ID self-service password reset deployment
Understand Microsoft Entra ID- Implement and manage hybrid identity
- How to create, invite, and delete users
- Learn about groups and access rights in Microsoft Entra ID
- Assign or remove licenses
- Administrative units in Microsoft Entra ID
Module 02 : Administer Governance and Compliance
Describe the core architectural components of Azure
- A list of regions and their locations
- Regional pairs
- Microsoft Datacenters
- What is a Cloud subscription?
- Azure Free
- Create an addtional Azure subscription
- Subscription considerations and recommendations
- Management groups
- Explore flexible purchasing options for Azure
- Manage Azure Resource Manager resource groups by using the Azure portal
- Organize your Azure resources effectively
- Azure subscription and service limits, quotas, and constraints
- Create management groups for resource organization and management
- Manage your subscriptions at scale with management groups
- Resource naming and tagging decision guide
- Azure usage charges
- Describe the core architectural components of Azure
- Control and organize Azure resources with Azure Resource Manager
Azure Policy
- What is Azure Policy?
- Quickstart: Create a policy assignment to identify non-compliant resources using Azure portal
- Tutorial: Create and manage policies to enforce compliance
- Intro to Azure Policy
- Azure Policy initiatives
- Implement access management for Azure resources
Azure RBAC
- List Azure role definitions
- Create or update Azure custom roles using the Azure portal
- Assign Azure roles using the Azure portal
- Manage access to your Azure environment with Azure role-based access control
- Tutorial: Grant a user access to Azure resources using the Azure portal
- Quickstart: Check access for a user to a single Azure resource
- Lock your Azure resources to protect your infrastructure
Module 03 : Administer Azure Resources
Configure Azure Resources with the Azure Portal, PowerShell, and the CLI
- What is the Azure portal?
- What is Azure Cloud Shell?
- Get started with Azure PowerShell
- Get started with Azure CLI
Deploy Azure resources with templates
- What are ARM templates?
- Understand the structure and syntax of ARM templates
- Parameters in ARM templates
- What is Bicep?
- Quickstart templates
Module 04 : Administer Virtual Networking
Configure Virtual Networks
- What is Azure Virtual Network?
- QuickStart: Create a virtual network using the Azure portal
- Design an IP addressing schema for your Azure deployment
- Create, change, or delete an Azure public IP address
- Public IP addresses
- Private IP addresses
- Public IP address prefix
- What is routing preference?
Configure Network Security Groups (NSGs)
- Network security groups
- Create, change, or delete a network security group
- Tutorial: Filter network traffic with a network security group
- Secure and isolate access to Azure resources by using network security groups and service endpoints
- Application security groups
Host your domain on Azure DNS
- What is Azure DNS?
- Overview of DNS zones and records
- Host your domain on Azure DNS
- Quickstart: Create an Azure private DNS zone using the Azure portal
Module 05 : Administer Intersite Connectivity
Configure VNet Peering
- Virtual network peering
- Azure Virtual Network frequently asked questions (FAQ)
- Create, change, or delete a virtual network peering
- Tutorial: Connect virtual networks with virtual network peering
- Service chaining
- Configure Azure Virtual Network peering
- Distribute your services across Azure virtual networks and integrate them by using virtual network peering
Manage and control traffic flow with routes
- Virtual network traffic routing
- Virtual Network service endpoints
- Tutorial: Restrict network access to PaaS resources with virtual network service endpoints
- Introduction to Azure Private Link
- Private Link documentation
- Manage and control traffic flow in your Azure deployment with routes
Module 06 : Administer Network Traffic
Introduction to Azure Load Balancer
- Azure Load Balancer SKUs
- Quickstart: Create a public load balancer to load balance VMs using the Azure portal
- Introduction to Azure Load Balancer
- Improve application scalability and resiliency by using Azure Load Balancer
- Load balance non-HTTP(S) traffic in Azure
Introduction to Azure Application Gateway
- Application Gateway configuration overview
- Application Gateway multi-site hosting
- Quickstart: Direct web traffic with Azure Application Gateway - Azure portal
- Introduction to Azure Application Gateway
- Load balance your web service traffic with Application Gateway
- Load balance HTTP(S) traffic in Azure
- Encrypt network traffic end to end with Azure Application Gateway
Introduction to Network Watcher
- What is Azure Network Watcher?
- IP flow verify overview
- Next hop overview
- View topology
- Monitor and troubleshoot your end-to-end Azure network infrastructure by using network monitoring tools
- Analyze your Azure infrastructure by using Azure Monitor logs
- Troubleshoot network security issues with Microsoft Azure
- Troubleshoot connectivity issues with virtual machines in Microsoft Azure
Module 07 : Administer Azure Storage
Configure Storage Accounts
- Introduction to Azure Storage
- Storage account overview
- Create an Azure storage account
- Azure Storage redundancy
- Secure your Azure Storage account
- Configure Azure Storage firewalls and virtual networks
- Configure storage accounts
- Describe Azure storage services
- Create an Azure Storage account
- Provide disaster recovery by replicating storage data across regions and failing over to a secondary location
Configure Blob Storage
- What is Azure Blob storage?
- Manage blob containers using the Azure portal
- Configure anonymous read access for containers and blobs
- Access tiers for blob data
- Store application data with Azure Blob Storage
- Configure a lifecycle management policy
- Object replication for block blobs
- Configure Azure Blob Storage
- Manage the Azure Blob storage lifecycle
- Optimize your cost with Azure Blob Storage
- Guided Project - Azure Files and Azure Blobs
Configure Storage Security
- Delegate access by using a shared access signature
- Grant limited access to Azure Storage resources using shared access signatures (SAS)
- Azure Storage encryption for data at rest
- Configure Azure Storage security
- Secure your Azure Storage account
- Plan and implement security for storage
- Implement shared access signatures
Configure Azure Files
- What is Azure Files?
- Mount SMB Azure file shares on Linux clients
- Require secure transfer to ensure secure connections
- Use share snapshots with Azure Files
- Get started with Storage Explorer
- Upload, download, and manage data with Azure Storage Explorer
- Configure Azure Files
- Introduction to Azure Files
- Implement a hybrid file server infrastructure
- Get started with AzCopy
- What is Azure Import/Export service?
- Planning for an Azure File Sync deployment
Module 08 : Administer Azure Virtual Machines
Introduction to Azure Virtual Machines
- Microsoft Applied Skills: Deploy and administer Linux virtual machines on Microsoft Azure
- Shared responsibility in the cloud
- Sizes for virtual machines in Azure
- Azure VM sizes with no local temporary disk
- What is Azure Bastion?
- Connect to virtual machines through the Azure portal by using Azure Bastion
- Introduction to Azure virtual machines
- Choose the right disk storage for your virtual machine workload
- Provisioning a Linux virtual machine in Microsoft Azure
- Create a Windows virtual machine in Azure
Configure Virtual Machine Availability
- Availability sets overview
- What are availability zones?
- Overview of autoscale with Azure Virtual Machine Scale Sets
- Configure virtual machine availability
- Introduction to Azure Virtual Machine Scale Sets
- Build a scalable application with Virtual Machine Scale Sets
Module 09 : Administer PaaS Compute Options
Configure Azure App Service Plans
- What are Azure App Service plans?
- Azure App Service on Linux pricing
- Scale up an app in Azure App Service
- Automatic scaling in Azure App Service
- Get started with autoscale in Azure
- Configure Azure App Service plans
- Scale an App Service web app to efficiently meet demand with App Service scale up and scale out
Configure Azure App Services
- App Service overview
- Deployment best practices
- Manage an App Service plan in Azure
- Set up staging environments in Azure App Service
- Azure security baseline for App Service
- Set up an existing custom domain in Azure App Service
- Back up and restore your app in Azure App Service
- Host a web application with Azure App Service
- Scale apps in Azure App Service
- Explore Azure App Service deployment slots
- Stage a web app deployment for testing and rollback by using App Service deployment slots
- Dynamically meet changing web app performance requirements with autoscale rules
Configure Azure Container Instances Apps
- Containers vs. virtual machines
- Introduction to Azure Container Registry
- What is Azure Container Instances?
- Container groups in Azure Container Instances
- Quickstart: Deploy a container instance in Azure using the Azure portal
- Deploy microservices with Azure Container Apps
- Azure Container Apps overview
- Comparing Container Apps with other Azure container options
- Configure Azure Container Instances
- Introduction to Docker containers
- Run Docker containers with Azure Container Instances
- Implement Azure Container Apps
- What is Kubernetes?
- Core concepts for Azure Kubernetes Service (AKS)
- Docker on Azure
Module 10 : Administer Data Protection
Introduction to Azure Backup
- What is the Azure Backup service?
- Backup cloud and on-premises workloads to cloud
- What is Azure Business Continuity Center?
- Introduction to Azure Backup
Protect your virtual machines by using Azure Backup
- An overview of Azure VM backup
- Create a snapshot of a virtual hard disk
- Quickstart: Back up a virtual machine in Azure
- Soft delete for virtual machines
- About Site Recovery
- Protect your virtual machines by using Azure Backup
- Monitor workload protection in Azure Backup
- Implement hybrid backup and recovery with Windows Server IaaS
- Protect your Azure infrastructure with Azure Site Recovery
Module 11 : Administer Monitoring
Introduction to Azure Monitor
- Azure Monitor overview
- Azure Monitor data sources and data collection methods
- Azure Monitor Metrics overview
- Azure Monitor Logs overview
- Send Azure Monitor Activity log data
- Azure Monitor data sources and data collection methods
- Send Azure Monitor Activity log data
- Use the Azure Monitor activity log and activity log insights
- Introduction to Azure Monitor
- Monitor your Azure virtual machines with Azure Monitor
- Monitor, diagnose, and troubleshoot your Azure Storage
Improve incident response with alerting on Azure
- What are Azure Monitor alerts?
- Choosing the right type of alert rule
- Create or edit a metric alert rule
- Enable recommended alert rules in the Azure portal
- Action groups
- Improve incident response with Azure Monitor alerts
- Configure for alerts and detections in Microsoft Defender for Endpoint
- Remediate security alerts using Microsoft Defender for Cloud
Analyze your infrastructure using Azure Monitor logs
- Overview of Log Analytics in Azure Monitor
- Create a Log Analytics workspace
- Log queries in Azure Monitor
- Get started with log queries in Azure Monitor Logs
- Kusto Query Language overview
- Tutorial: Learn common operators
- Analyze your Azure infrastructure by using Azure Monitor logs
- Write your first query with Kusto Query Language
In class diagram
Governance Map (Flat)
Governance Map (Hierarchical)
VNet Connectivity
Storage account security