Author note from Jason Zandri – the hyperlinks provided herein are directly from those as found via Microsoft’s public facing Azure content. While assembled and linked by me, none of that originating work, as cross referenced via the links, is my own – the only ownership of any sort that I claim is the direct content of this posting itself.
The Microsoft Azure Administrator Exam (AZ-104) is designed for candidates looking to measure their ability to accomplish the following technical tasks: manage Azure subscriptions and resources; implement and manage storage; deploy and manage virtual machines (VMs); configure and manage virtual networks; and manage identities.
This exam replaces the former version of the exam, Exam AZ-103: Microsoft Azure Administrator, which you can still study for and take through its expiration (planned for August 31, 2020).
Microsoft Azure Administrator Exam (AZ-104) became available on April 2, 2020.
Taking and passing the AZ-103 exam (through August 31, 2020) or the replacement exam, AZ-104, grants the examinee the following certification – Microsoft Certified: Azure Administrator Associate
There are five main domains for the exam:
Manage Azure Identities and Governance (15-20%)
Implement and manage storage (15-20%)
Deploy and manage Azure Compute Resources (15-20%)
Configure and manage virtual networking (30-35%)
Monitor and back up Azure resources (15-20%)
Below is a listing of all the subtopic information as it corresponds back to these five main domains. Where I have been able to, I have provided links to additional study details and resources for additional review.
Manage Azure Identities and Governance (15-20%)
— Manage Azure AD objects (users, groups, and devices)
— What is Azure Active Directory?
— Create users and groups
— Add or delete users using Azure Active Directory
— New-AzureADUser
— Manage user and group properties
— Add or update a user’s profile information using Azure Active Directory
— Edit your group information using Azure Active Directory
— Manage device settings
— Manage device identities using the Azure portal
— How To: Manage stale devices in Azure AD
— Perform bulk user updates
— Manage guest accounts
— What is guest user access in Azure Active Directory B2B?
— Manage guest access with Azure AD access reviews
— Quickstart: Add guest users to your directory in the Azure portal
— Configure Azure AD Join
— How to: Plan your Azure AD join implementation
— How To: Plan your hybrid Azure Active Directory join implementation
— Tutorial: Configure hybrid Azure Active Directory join for federated domains
— Tutorial: Configure hybrid Azure Active Directory join for managed domains
— Configure self-service password reset
— Plan an Azure Active Directory self-service password reset
— How it works: Azure AD self-service password reset
— Licensing requirements for Azure AD self-service password reset
— Manage role-based access control (RBAC)
— What is role-based access control (RBAC) for Azure resources?
— Create a custom role
— Tutorial: Create a custom role for Azure resources using Azure PowerShell
— Tutorial: Create a custom role for Azure resources using Azure CLI
— Add or remove role assignments using Azure RBAC and the Azure portal
— List role assignments using Azure RBAC and the Azure portal
— Understand deny assignments for Azure resources
— Understand how multiple Azure Active Directory tenants interact
— Manage subscriptions and governance
— Overview of Management services in Azure
— Configure Azure policies
— What is Azure Policy?
— Quickstart: Create a policy assignment to identify non-compliant resources
— Tutorial: Create and manage policies to enforce compliance
— Configure resource locks
— Configure resource policies
— Identify auditing requirements
— Lock resources to prevent unexpected changes
— Understand best practices for minimizing Azure costs such as performing cost analysis, creating spending limits and quotas, and using tags to identify cost owners; use Azure reservations; use Azure Advisor recommendations
— Manage resource groups
— Use Azure policies for resource groups
— Implement and set tagging on resource groups
— Move resources across resource groups
— Remove resource groups
— Manage Azure Resource Manager resource groups by using the Azure portal
— Manage Azure resource groups by using Azure PowerShell
— Understand Azure subscriptions
— Create an additional Azure subscription
— Change your Azure subscription to a different offer
— Configure cost center quotas and tagging
— Understand planning and management of costs
— Azure Advisor – Cost recommendations
— What is Azure Cost Management and Billing?
— Quickstart: Explore and analyze costs with cost analysis
— Create management groups for resource organization and management
— Organize your resources with Azure management groups
— Manage your resources with management groups
Implement and manage storage (15-20%)
— Manage storage accounts
— Introduction to Azure Storage
— Locally redundant storage (LRS)
— Zone-redundant storage (ZRS)
— Geo-redundant storage (GRS)
— Read-access geo-redundant storage (RA-GRS)
— Geo-zone-redundant storage (GZRS)
— Zone-redundant storage (ZRS): Highly available Azure Storage applications
— Azure Storage redundancy
— Azure Blobs: A massively scalable object store for text and binary data.
— Azure Files: Managed file shares for cloud or on-premises deployments.
— Azure Queues: A messaging store for reliable messaging between application components.
— Azure Tables: A NoSQL store for schemaless storage of structured data.
— Azure Files – highly available network file shares
— Introduction to Azure Files
— Create Azure file share
— Deploy Azure File Sync
— Configure Azure Storage firewalls and virtual networks
— Storage account overview
— Create an Azure Storage account
— Upgrade to a general-purpose v2 storage account
— Create and configure storage accounts
— Configure network access to the storage account
— Understand Virtual Network Service Endpoints
— Configure Azure Storage firewalls and virtual networks
— Create and configure storage account
— Azure storage account overview
— Generate shared access signature
— Install and use Azure Storage Explorer
— Get started with Storage Explorer
— Manage access keys (PowerShell) and manage via the Portal
— Delegate access with a shared access signature
— Using Shared Access Signatures (SAS)
— Grant limited access to Azure Storage resources using shared access signatures (SAS)
— Manage storage account access keys
— Azure Storage redundancy
— Authorize access to blobs and queues using Azure Active Directory
— Manage data in Azure Storage
— Use the Azure Import/Export service to export data from Azure Blob storage
— Use the Azure Import/Export service to import data to Azure Blob Storage
— Delete an import/export job
— Import data to Azure Blobs
— Export data from Azure Blobs
— Import data to Azure Files
— Disks: Use Azure Backup to back up the VM disks used by your Azure virtual machines. Also consider using Azure Site Recovery to protect your VMs in the event of a regional disaster.
— Block blobs: Turn on soft delete to protect against object-level deletions and overwrites, or copy block blobs to another storage account in a different region using AzCopy, Azure PowerShell, or the Azure Data Movement library.
— Files: Use AzCopy or Azure PowerShell to copy your files to another storage account in a different region.
— Tables: use AzCopy to export table data to another storage account in a different region.
— What is Azure CLI
— Get started with Azure CLI
— Install the Azure CLI
— Quickstart: Create and manage Azure file shares with the Azure portal
— Create an Azure file share
— Planning for an Azure File Sync deployment
— Tutorial: Extend Windows file servers with Azure File Sync
— Quickstart: Upload, download, and list blobs with the Azure portal
— Azure Blob storage: hot, cool, and archive access tiers
— Tutorial: Build a highly available application with Blob storage
— Create an Azure Storage account
— Implement Azure storage replication
— Azure AD Connect Sync: Customizing Synchronization options
— Integrating your on-premises identities with Azure Active Directory
— Create Azure sync group
— Troubleshoot Azure File Sync
— Introduction to Storage Queues
— Azure Table Storage Overview
— Overview of Azure Table storage
— Introduction to Azure managed disks
— Azure Storage Service Encryption for Data at Rest
— Service-Level Agreement (SLA) for Storage
Deploy and manage Azure Compute Resources (15-20%)
— Azure Advisor – Get started with Advisor
— Azure Advisor – High Availability recommendations
— Azure Advisor – Security recommendations
— Azure Advisor – Performance recommendations
— Azure Advisor – Cost recommendations
— Availability options for virtual machines in Azure
— Create and configure a VM for Windows in the portal
— Create and configure a VM for Windows with PowerShell
— Create a Windows virtual machine with the Azure CLI
— Create and Manage Windows VMs with Azure PowerShell
— Manage Azure disks with Azure PowerShell
— Deploy applications to a Windows virtual machine in Azure with the Custom Script Extension
— Create a custom image of an Azure VM with Azure PowerShell
— Configure high availability
— Deploy and configure scale sets
— Quickstart: Create a virtual machine scale set in the Azure portal
— Quickstart: Create a virtual machine scale set with Azure CLI
— Quickstart: Create a virtual machine scale set with Azure PowerShell
— Quickstart: Create a Windows virtual machine scale set with an Azure template
— Quickstart: Create a Linux virtual machine scale set with an Azure template
— Tutorial: Create and manage a virtual machine scale set with the Azure CLI
— Tutorial: Create and manage a virtual machine scale set with Azure PowerShell
— Tutorial: Create and use disks with virtual machine scale set with the Azure CLI
— Tutorial: Create and use disks with virtual machine scale set with Azure PowerShell
— Automate deployment of VMs
— Tutorial: Automatically scale a virtual machine scale set with the Azure CLI
— Tutorial: Automatically scale a virtual machine scale set with Azure PowerShell
— Manage the availability of Windows virtual machines in Azure
— Configure multiple virtual machines in an availability set for redundancy
— Use managed disks for VMs in an availability set
— Use scheduled events to proactively response to VM impacting events
— Configure each application tier into separate availability sets
— Combine a Load Balancer with availability sets
— Use availability zones to protect from datacenter level failures
— Modify Azure Resource Manager (ARM) template
— Save a deployment as an ARM template
— Extend Azure Resource Manager template functionality
— Update a resource in an Azure Resource Manager template
— Understand the structure and syntax of Azure Resource Manager templates
— Azure Resource Manager templates overview
— Tutorial: Create and deploy your first ARM template.
— Understand the structure and syntax of ARM templates.
— Quickstart: Create and deploy ARM templates by using the Azure portal
— Start/Stop VMs during off-hours solution in Azure Automation
— Prepare a Windows VHD or VHDX to upload to Azure
— Deploy an Azure VM from a user VHD
— Prepare and customize a master VHD image
— Upload a Windows VM image to Azure for Resource Manager deployments
— Quickstart: Create and deploy Azure Resource Manager templates by using the Azure portal
— Download the template for a VM
— Use the Azure Custom Script Extension Version 2 with Linux virtual machines
— Custom Script Extension for Windows
— Deploy applications to a Windows virtual machine in Azure with the Custom Script Extension
— Tutorial: Create and use a custom image for virtual machine scale sets with the Azure CLI
— Tutorial: Create and use a custom image for virtual machine scale sets with Azure PowerShell
— Tutorial: Automatically scale a virtual machine scale set with an Azure template
— Azure Disk Encryption for Linux VMs
— Azure Disk Encryption for Windows VMs
— Move a Windows VM to another Azure subscription or resource group
— Windows VM sizes
— Move resources to a new resource group or subscription
— Attach a managed data disk to a Windows VM by using the Azure portal
— Attach a data disk to a Windows VM with PowerShell
— Using Managed Disks in Azure Resource Manager Templates
— Quickstart template for deploying multiple data disks
— Manage Azure disks with Azure PowerShell
— How to open ports to a virtual machine with the Azure portal
— Create and manage a Windows virtual machine that has multiple NICs
— Redeploy Windows virtual machine to new Azure node
— Azure Kubernetes Service (AKS)
— Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal
— Kubernetes core concepts for AKS
— Intro Azure Kubernetes Service (AKS)
— AKS quickstart in the Azure portal or with the Azure CLI
— Kubernetes role-based access control (RBAC)
— Access and identity options for AKS
— Integrate Azure Active Directory with AKS
— Kubernetes master logs
— Monitor Azure Kubernetes Service container health
— What is Azure Container Instances?
— Quickstart: Deploy a container instance in Azure using the Azure portal
— Quickstart: Deploy a container instance in Azure using the Azure CLI
— App Service overview
— Azure App Service plan overview
— Create an ASP.NET Core web app in Azure
— Azure App Service plan overview
— Manage an App Service plan in Azure
— Azure VM replication between regions
Configure and manage virtual networking (30-35%)
— Virtual network peering overview
— Create and manage Azure virtual networks for Windows virtual machines with Azure PowerShell
— Create connectivity between virtual networks
— Create and configure VNET peering
— Create and configure VNET to VNET
— Verify virtual network connectivity
— Create virtual network gateway
— Implement and manage virtual networking
— Virtual network traffic routing
— Configure a Point-to-Site connection to a VNet using native Azure certificate authentication
— Troubleshoot Azure point-to-site connection problems
— Configure a VNet-to-VNet VPN gateway connection by using the Azure portal
— Common PowerShell commands for Azure Virtual Networks
— Configure a VPN gateway for transit in a virtual network peering
— Virtual network peering permissions
— User-defined routes overview
— Hub-spoke network topology in Azure
— Configure virtual network-to-virtual network connections
— Configure a VPN gateway for transit in a virtual network peering
— Diagnose a virtual machine routing problem
— Troubleshoot connections with Azure Network Watcher using the Azure portal
— Troubleshoot virtual network peering issues
— What are the constraints related to Global VNet Peering and Load Balancers?
— Create a Hub-spoke network topology in Azure.
— Create, change, or delete a virtual network peering.
— Azure Virtual Network frequently asked questions (FAQ) VNet Peering
— Tutorial: Connect virtual networks with virtual network peering using the Azure portal
— Create a virtual network peering – different deployment models, same subscription
— Virtual network peering constraints and behaviors
— Learn about all virtual network peering settings
— Learn how to create a hub and spoke network topology
— What is Azure Virtual Network?
— Outbound connections in Azure – Outbound connections
— Outbound connections in Azure – Public IP addresses
— Outbound connections in Azure – Load Balancer
— Virtual network service integration
— Virtual network service endpoints overview
— Point-to-site VPN
— Site-to-site VPN
— Network security groups
— Application security groups
— Route tables
— Azure VPN Gateway
— Quickstart: Create a virtual network using the Azure portal
— Virtual network traffic routing
— Networking limits
— Create, change, or delete a virtual network
— Create, change, or delete a public IP address
— Add, change, or remove IP addresses for an Azure network interface
— Associate a public IP address to a virtual machine
— Subnet extension
— Virtual network traffic routing
— Add network interfaces to or remove network interfaces from virtual machines
— What is Azure DNS?
— What is Azure Private DNS?
— Quickstart: Create an Azure DNS zone and record using the Azure portal
— Azure DNS FAQ
— Name resolution for resources in Azure virtual networks
— Name resolution using your own DNS server
— Use Azure DNS to provide custom domain settings for an Azure service
— Tutorial: Host your domain in Azure DNS
— Quickstart: Create an Azure private DNS zone using the Azure portal
— Create, change, or delete a network security group
— Create, change, or delete a network interface
— Tutorial: Deploy and configure Azure Firewall using the Azure portal
— Create an Azure Bastion host
— Application Gateway configuration overview
— Tutorial: Balance internal traffic load with a Basic load balancer in the Azure portal
— Create an internal load balancer by using the Azure PowerShell module
— Quickstart: Create a Load Balancer to load balance VMs using the Azure portal
— Troubleshoot Azure Load Balancer
— Diagnose on-premises connectivity via VPN gateways
— Network Performance Monitor solution: Performance monitoring
— What is Azure Network Watcher?
— Troubleshoot Virtual Network Gateway and Connections using Azure Network Watcher Azure CLI
— Troubleshoot connections with Azure Network Watcher using the Azure portal
— Create a route-based VPN gateway using the Azure portal
— Create a Site-to-Site connection in the Azure portal
— ExpressRoute overview
— Virtual Network Gateways for ExpressRoute
— Configure Express Route
— Create and modify an ExpressRoute circuit
— Link a virtual network to an ExpressRoute circuit
— About Azure Virtual WAN
— Tutorial: Create a Site-to-Site connection using Azure Virtual WAN
Monitor and back up Azure resources (15-20%)
— Metrics in Azure Monitor
— Analyze log data in Azure Monitor
— Learn more about the Azure Monitor data platform.
— Learn about log data in Azure Monitor.
— Learn about the monitoring data available for different resources in Azure.
— Quickstart: Monitor an Azure resource with Azure Monitor
— Tutorial: Collect and analyze resource logs from an Azure resource
— Monitoring Azure resources with Azure Monitor
— Get started with Log Analytics in Azure Monitor
— Get started with log queries in Azure Monitor
— Overview of log queries in Azure Monitor
— Create, view, and manage metric alerts using Azure Monitor
— Metric alerts overview
— Platform metrics
— Custom metrics
— Popular logs from Azure Monitor converted to metrics
— Learn how to create, view, and manage metric alerts in Azure
— Learn how to deploy metric alerts using Azure Resource Manager templates
— Learn more about action groups
— Learn more about Dynamic Thresholds condition type
— Create Metric Alerts for Logs in Azure Monitor
— Metrics are available for large list of Azure services
— Performance counters for Windows & Linux machines
— Heartbeat records for Agent Health
— Update management records
— Event data logs
— Learn about log alerts in Azure.
— Learn about alerts in Azure.
— Manage Application Insights resources using PowerShell
— Restore a disk and create a recovered VM
— Restore files to a Virtual Machine in Azure
— Back up a Windows Server to Azure
— Recover files from Azure to a Windows Server
— Back up an Azure VM
— Back up Windows Server or Windows workstation
— Back up DPM workloads to Azure
— Prepare to back up workloads using Azure Backup Server
— Manage Azure VM backups
— Managing files and folders
— Recover individual files from an Azure VM
— Restore an Azure VM
— Securing cloud backup data in Recovery Services vaults
— Back up an IaaS VM
— Back up an Azure Backup Server
— Back up a Windows Server
— Backup multiple Azure VMs
— Azure Backup – Frequently asked questions – Recovery Services Vault
— Azure Backup – Frequently asked questions – Azure VM Backup
— Azure Backup – Frequently asked questions – Backup Azure Files
— Azure Backup – FAQ – SQL Server databases that are running on an Azure VM backup
— Recover files from Azure virtual machine backup
— Back up and restore encrypted Azure VM
— Restore Key Vault key and secret for encrypted VMs using Azure Backup
— Create Recovery Services Vault
— Configure and review backup reports
— Perform backup operation
— Create and configure backup policy
— Restore a disk and create a recovered VM in Azure
— Back up and restore Azure VMs with PowerShell
— Back up a virtual machine in Azure with the CLI
— Manage Azure VM backups with Azure Backup service
— Restore files to a virtual machine in Azure
— About Site Recovery
— Azure Site Recovery
— What is Site Recovery?
— Replicate VMware virtual machines and Windows/Linux physical servers to Azure
— Set up disaster recovery to a secondary Azure region for an Azure VM
— Disaster recovery of on-premises VMware virtual machines or physical servers to a secondary site
The detailed information provided below is presented in general reference to the domain topics listed above, but it is more closely aligned to the former Azure Administrator role as outlined in the prior exam with the AZ-103 designation. As such, this additional information via the linked articles below may only be partially relevant with respect to the scope of information that you might need specifically for the AZ-104 exam and the new domain objectives. It is offered as additional reference and for the benefit of extended knowledge and review.
There are five main domains for the former AZ-103 exam:
- Manage Azure subscriptions and resources (15-20%)
- Implement and manage storage (15-20%)
- Deploy and manage virtual machines (VMs) (15-20%)
- Configure and manage virtual networks (30-35%)
- Manage identities (15-20%)
Manage Azure subscriptions and resources (15-20%)
— Azure subscription and service limits, quotas, and constraints
— Sign up your organization to use Azure Active Directory
— Assign administrator permissions
— Administrator role permissions in Azure Active Directory
— Configure Azure subscription policies at Azure subscription level
— Overview of the Azure Policy service
— Analyze resource utilization and consumption
— Configure diagnostic settings on resources
— Create baseline for resources
— Create and test alerts
— Analyze alerts across subscription – Overview of alerts in Microsoft Azure
— Analyze metrics across subscription – Metrics in Azure Monitor
— Create action groups
— Monitor for unused resources
— Monitor your spend / Report on spend – Predict costs and optimize spending for Azure
— Utilize Log Search query functions
— View alerts in Log Analytics
— Manage role based access control (RBAC)
— Configure access to Azure resources by assigning roles
— Troubleshoot RBAC
— Implement RBAC policies
— Assign RBAC Roles
Implement and manage storage (15-20%)
— Monitor activity log by using Log Analytics
— Analyze log data in Azure Monitor
— Implement Azure storage replication
— Azure AD Connect Sync: Customizing Synchronization options
— Integrating your on-premises identities with Azure Active Directory
— Create Azure sync group
— Troubleshoot Azure File Sync
— Introduction to Storage Queues
— Azure Table Storage Overview
— Overview of Azure Table storage
— Introduction to Azure managed disks
— Azure Storage Service Encryption for Data at Rest
— Service-Level Agreement (SLA) for Storage
— Azure Storage security guide
— Import and export data to Azure
— Create import / export job in Azure
— Use Azure Data Box
— Configure Azure content delivery network (CDN) endpoints
— Perform a restore operation
— Manage anonymous read access to containers and blobs
Deploy and manage virtual machines (VMs) (15-20%)
— Add network interfaces
— PowerShell Desired State Configuration (DSC)
— Create a basic DSC configuration
— Use DSC for Linux
— Move VMs from one resource group to another
— Redeploy Windows virtual machine to new Azure node
— Manage VM backups
— What is Azure Backup
— Implement Azure backup
— Support matrix for Azure VM backup
— Backup multiple Azure VMs
— Azure Backup – Frequently asked questions – Recovery Services Vault
— Azure Backup – Frequently asked questions – Azure VM Backup
— Azure Backup – Frequently asked questions – Backup Azure Files
— Azure Backup – FAQ – SQL Server databases that are running on an Azure VM backup
— Recover files from Azure virtual machine backup
— Back up and restore encrypted Azure VM
— Quickstart – Create and encrypt a Linux VM with Azure CLI
— Quickstart – Create and encrypt a Linux VM with Azure Powershell
— Azure Disk Encryption scenarios on Linux VMs
— Azure Disk Encryption prerequisites CLI script
— Azure Disk Encryption prerequisites PowerShell script
— Creating and configuring a key vault for Azure Disk Encryption
— Quickstart – Create and encrypt a Windows VM with Azure CLI
— Quickstart – Create and encrypt a Windows VM with Azure Powershell
— Azure Disk Encryption scenarios on Windows VMs
Configure and manage virtual networks (30-35%)
— Configure private and public IP addresses
— Configure private IP addresses for a virtual machine using the Azure portal
— Assign multiple IP addresses to a Windows VM
— Configure network routes, network interface, subnets, and virtual network
— Configure name resolution
— Configure Azure DNS
— Host your domain in Azure DNS
— Create custom DNS records for a web app
— Create private DNS zone and record
— Create and configure a Network Security Group (NSG)
— Create, view all, view details of, change, and delete a security rule
— Identify required ports
— Evaluate effective security rules
— Implement Azure load balancer
— Configure internal load balancer
— Configure load balancing rules
— Configure public load balancer
— Troubleshoot load balancing
— Monitor and troubleshoot virtual networking
— Monitor on-premises connectivity
— Use Network resource monitoring
— Use Network Watcher
— Troubleshoot external networking
— Troubleshoot virtual network connectivity
— Integrate on premises network with Azure virtual network
— Create and configure Azure VPN Gateway
— Create and configure site to site VPN
— About VPN Gateway configuration settings
— Verify on premises connectivity, troubleshoot on premises connectivity with Azure
— About zone-redundant gateways
— About Virtual WAN
— Add, change, or delete a virtual network subnet
— Tutorial: Create and manage a VPN gateway using PowerShell
— Create and modify peering configuration
— Configure route filters for Microsoft peering
— Create a user-defined route table with routes and a network virtual appliance
— Configure BGP for an Azure VPN Gateway
— Use BGP with ExpressRoute
— View all routes for a subnet
— Determine the next hop type
Manage identities (15-20%)
— Manage Azure Active Directory (AD)
— Add custom domains
— Azure Active Directory Domain Services
— Features of Azure AD Domain Services
— Understand how synchronization works in Azure AD Domain Services
— Deploy Azure AD App Proxy
— AD DS Troubleshooting guide
— AD DS Troubleshooting alerts on your managed domain
— AD DS Frequently Asked Questions
— Overview of Azure AD Domain Services
— Azure AD Domain Services and Features
— Azure AD Domain Services Deployment scenarios
— Find out if Azure AD Domain Services suits your use-cases
— Understand how Azure AD Domain Services synchronizes with your Azure AD directory
— Azure AD Domain Services – Getting Started guide
— Join a Windows Server virtual machine to an Azure AD Domain Services managed domain
— Manage an Azure AD Domain Services domain
— Group Policy Management Console
— Add users to Azure AD
— Assign licenses to users
— Sign up for Azure AD Premium
— Set expiration for user-created groups
— Set naming policy for user-created groups
— Create a dynamically populated group
— Implement and manage hybrid identities
— Install Azure AD Connect, including password hash and pass-through synchronization
— Use Azure AD Connect to configure federation with on-premises Active Directory Domain Services
— Manage password sync and password writeback
— Manage your settings for two-step verification
— Require MFA for the Azure portal
— Enable self-service password reset on-premises integration
— Integrate with Azure Identity Protection
— Enable MFA by using bulk update
— Configure fraud alerts
— Configure bypass options
— Configure Trusted IPs
— Configure verification methods
— Choose the right authentication method for your Azure Active Directory hybrid identity solution
The detailed information provided below is presented in general reference to the domain topics as they were listed prior for the former AZ-103 exam, but this additional information via the linked articles goes beyond the full scope of information that you might need specifically for the reworked AZ-104 exam as the domain topics have changed. It is offered as additional reference and for the benefit of extended knowledge and review.
— Microsoft Azure glossary: A dictionary of cloud terminology on the Azure platform
— Microsoft Azure – All Products
— Azure Active Directory Documentation (ALL)
— Sign up for Azure Active Directory Premium editions
— Add your custom domain name using the Azure Active Directory portal
— Add branding to your organization’s Azure Active Directory sign-in page
— Associate or add an Azure subscription to your Azure Active Directory tenant
— What are virtual machine scale sets
— Overview of autoscale with Azure virtual machine scale sets
— Overview of autoscale in Microsoft Azure Virtual Machines, Cloud Services, and Web Apps
— Automatically scale a virtual machine scale set in the Azure portal
— Advanced autoscale configuration using Resource Manager templates for VM Scale Sets
— How to configure auto scaling for a Cloud Service in the portal
— Configure multiple virtual machines in an availability set for redundancy
— Use managed disks for VMs in an availability set
— Use scheduled events to proactively response to VM impacting events
— Configure each application tier into separate availability sets
— Combine a Load Balancer with availability sets
— Use availability zones to protect from datacenter level failures
— Create a virtual machine
— Create a Windows virtual machine in the Azure portal
— Create a Windows virtual machine in Azure with PowerShell
— Create a Windows virtual machine with the Azure CLI
— Create a custom image of an Azure VM with Azure PowerShell
— Create and deploy highly available virtual machines with Azure PowerShell
— Create a virtual machine scale set and deploy a highly available app on Windows with Azure PowerShell
— Load balance Windows virtual machines in Azure to create a highly available application with Azure PowerShell
— Filter network traffic with a network security group.
— Load balance Windows virtual machines in Azure to create a highly available application.
— Azure Resource Manager overview
— Security groups
— Create and Manage Windows VMs with Azure PowerShell
— Back up and restore files for Windows virtual machines in Azure
— Monitor and update a Windows virtual machine in Azure
— Use Azure Security Center to monitor Windows virtual machines
— Maintenance for virtual machines in Azure
— Add a Managed Disk using PowerShell
— Create a zone redundant virtual machine scale set
— Load balance VMs across zones using a Standard Load Balancer with a zone-redundant frontend
— Load balance VMs within a zone using a Standard Load Balancer with a zonal frontend
— Zone-redundant storage
— SQL Database
— Event Hubs geo-disaster recovery
— Service Bus geo-disaster recovery
— Create a zone-redundant virtual network gateway
— VMware to Azure disaster recovery architecture
— SLA for Virtual Machines
— Load balance internet traffic to VMs
— Load balance internal traffic to VMs
— Load balance VMs across availability zones
— Load balance VMs within a specific availability zone
— Configure port forwarding in Load Balancer
— Manage web traffic with an application gateway.
— Restrict web traffic with a web application firewall on an application gateway.
— Enable SSL termination on an application gateway.
— Host multiple web sites using an application gateway.
— Route traffic based on the URL in an application gateway.
— Redirect traffic to specific servers in an application gateway pool.
— Create an application using .NET with Azure SQL DB or Node.js with MongoDB
— Map an existing custom domain to your application
— Bind an existing SSL certificate to your application
— Add a CDN to your application
— Create and manage a scale set with the Azure CLI or Azure Powershell
— Use data disks with the Azure CLI or Azure Powershell
— Use a custom VM image with the Azure CLI or Azure Powershell
— Deploy apps to a scale set with the Azure CLI or Azure Powershell
— Autoscale a scale set with the Azure CLI or Azure Powershell
— Azure Application Architecture Guide
— Create a function that integrates with Azure Logic Apps
— Create a serverless API using Azure Functions
— Create an OpenAPI definition for a function
— Automate resizing uploaded images using Event Grid
— Create a serverless web app to store pictures with metadata
— Filter network traffic
— Route network traffic
— Restrict network access to resources
— Connect virtual networks
— Deploy your site to Azure
— Scale with Azure Load Balancer
— Reduce latency with Azure Traffic Manager
— Azure Service Health Dashboard
— Designing resilient applications for Azure: An overview of the key concepts for architecting highly available applications in Azure.
— Availability checklist: A checklist for verifying that your application implements the best design practices for high availability.
— Designing highly available applications using RA-GRS: Design guidance for building applications to take advantage of RA-GRS.
— What is VPN Gateway
— About VPN Gateway configuration settings
— Virtual Network Gateways for ExpressRoute.
— About zone-redundant gateways.
— About Virtual WAN
— VPN Gateway FAQ
— Azure Content Delivery Network – Dynamic site acceleration
— Azure Content Delivery Network – CDN caching rules
— Azure Content Delivery Network – HTTPS custom domain support
— Azure Content Delivery Network – Azure diagnostics logs
— Azure Content Delivery Network – File compression
— Azure Content Delivery Network – Geo-filtering
— Compare Azure CDN product features
— Azure Event Grid to enable your business to react quickly to critical events in a reliable, scalable, and secure manner.
— Azure Logic Apps to automate business processes.
— Azure Machine Learning to add machine learning and AI models to your solution.
— Azure Stream Analytics to run real-time analytic computations on the data streaming from your devices.
— Azure Functions Premium plan for enterprise serverless workloads
— Azure Functions – Create a function that integrates with Azure Logic App
— Azure Functions – Create a serverless API using Azure Functions
— Azure Functions – Create an OpenAPI definition for a function
— Azure Functions – Automate resizing uploaded images using Event Grid
— Azure Functions – Create a serverless web app to store pictures with metadata
— Optimize the performance and reliability of Azure Functions
— Check traffic with a schedule-based logic app
— Manage mailing list requests with a logic app
— Process emails and attachments with a logic app
— Monitor changes to VMs with logic apps
— Resize uploaded images
— Integrating Azure Automation with Event Grid
— Tutorial: Deploy and configure Azure Firewall using the Azure portal
— Deploy Azure Firewall using a template
— Create an Azure Firewall test environment
— Azure boundary security best practices
— Azure database security best practices
— Azure data security and encryption best practices
— Azure identity management and access control security best practices
— Azure network security best practices
— Azure operational security best practices
— Azure PaaS Best Practices
— Azure Service Fabric security best practices
— Best practices for Azure VM security
— Implementing a secure hybrid network architecture in Azure
— Internet of Things security best practices
— Securing PaaS databases in Azure
— Securing PaaS web and mobile applications using Azure App Service
— Securing PaaS web and mobile applications using Azure Storage
— Security best practices for IaaS workloads in Azure
— Security groups
— Azure network security overview
— Azure identity management security overview
— Azure Active Directory Premium
— Security principals
— Overview of single sign-on
— What is application access and single sign-on with Azure Active Directory?
— Integrate Azure Active Directory single sign-on with SaaS apps
— Enabling Azure AD Application Proxy
— Publish applications using Azure AD Application Proxy
— Single sign-on with Application Proxy
— Working with conditional access
— Multi-Factor Authentication
— What is Azure Multi-Factor Authentication?
— Built-in roles for Azure resources
— View your access and usage reports
— Get started with Azure Active Directory reporting
— Azure Active Directory reporting guide
— What is Azure Active Directory B2C?
— Azure Active Directory B2C preview: Sign up and sign in consumers in your applications
— Azure Active Directory B2C Preview: Types of applications
— Get started with Azure AD device registration
— Automatic device registration with Azure AD for Windows domain-joined devices
— Set up automatic registration of Windows domain-joined devices with Azure AD
— What is Azure AD Privileged Identity Management?
— Assign Azure AD directory roles in PIM
— Azure AD Identity Protection
— Channel 9: Azure AD and Identity Show: Identity Protection Preview
— Hybrid identity white paper
— Azure AD team blog
— Azure AD access reviews
— Manage user access with Azure AD access reviews
— Tutorial: Authenticate and authorize users end-to-end in Azure App Service (Windows)
— Tutorial: Authenticate and authorize users end-to-end in Azure App Service for Linux
— How to configure your app to use Azure Active Directory login
— How to configure your app to use Facebook login
— How to configure your app to use Google login
— How to configure your app to use Microsoft Account login
— How to configure your app to use Twitter login
— What is Azure Active Directory
— Edit the Azure Information Protection policy and create a new label
— Configure Azure Information Protection policy settings that work together
— Azure ATP frequently asked questions
— Working with security alerts
— Azure ATP Architecture
— Azure ATP prerequisites
— Azure ATP sizing tool
— Azure ATP capacity planning
— Configure event forwarding
— Configuring Windows event forwarding
— Install Azure ATP
— Azure ATP Prerequisites
— What’s new in Azure ATP
— Plan capacity for Azure ATP
— Azure ATP Reconnaissance alerts
— What are Azure Reservations
— Locally redundant storage (LRS): Low-cost data redundancy for Azure Storage
— Zone-redundant storage (ZRS): Highly available Azure Storage applications
— Geo-redundant storage (GRS): Cross-regional replication for Azure Storage
— Azure Storage scalability and performance targets
— Designing highly available applications using RA-GRS Storage
— Microsoft Azure Storage redundancy options and read access geo redundant storage
— SOSP Paper – Azure Storage: A highly available cloud storage service with strong consistency
— Authenticate access to Azure blobs and queues using Azure Active Directory
— Overview of Azure Active Directory authorization over SMB for Azure Files (preview)
— Authorize Storage access with Shared Key
— Configure a DSC pull server
— Configure an alias record to refer to an Azure Public IP address
— Configure an alias record to support apex domain names with Traffic Manager
— Configure an alias record for zone records
— Azure Network Security Groups (NSG) – Best Practices and Lessons Learned
— Tutorial: Balance internal traffic load with a Basic load balancer in the Azure portal
— Azure Standard Load Balancer overview
— Azure Policy
— Azure Role Based Access Controls
Jason Zandri
BUSINESS PROGRAM MANAGER
AZURE TECHNICAL TRAINER
https://www.linkedin.com/company/microsoft
https://www.linkedin.com/in/jasonzandri/