- Manage identities and governance
- Implement and manage storage
- Deploy and manage Azure compute resources
- Implement and maintain virtual networking
- Monitor and maintain Azure resources
| Domain | Exam weight | Core topics to study |
|---|---|---|
| Manage identities and governance | 20–25% | Microsoft Entra ID (Azure AD), RBAC, policies, subscriptions, management groups, ARM templates, CLI/PowerShell resource management |
| Implement and manage storage | 15–20% | Storage account types, replication, access control, blob/files/queues/tables, lifecycle management |
| Deploy and manage compute resources | 20–25% | Azure VMs (provisioning, sizing, extensions), PaaS compute (App Service, Container Instances, Container Apps), basic container concepts |
| Implement and maintain virtual networking | 15–20% | vNets, subnets, NSGs, peering, VPN Gateway, load balancers, UDRs, routing |
| Monitor and maintain resources | 10–15% | Azure Backup, Site Recovery, Azure Monitor, Log Analytics, diagnostic settings, alerts and metrics |
- Microsoft Entra ID (formerly Azure AD): users, groups, service principals, managed identities.
- Authentication and conditional access basics.
- Role-Based Access Control (RBAC): built-in & custom roles, assignments and effective permissions.
- Governance constructs: management groups, subscriptions, resource groups, Azure Policy (definition/assignment).
- Resource deployment and automation: ARM templates, Bicep (if applicable), Azure CLI, and Azure PowerShell for provisioning and role assignments.
- Troubleshooting identity and access issues.
- Storage account types and tiers (Standard/Premium, hot/cool/archive).
- Data replication options (LRS, GRS, RA-GRS, ZRS) and choosing based on availability and recovery needs.
- Access control: shared keys, SAS tokens, Azure AD integration.
- Data management: lifecycle policies, soft delete, immutable blobs, file shares.
- Virtual Machines: deployment, sizes, extensions (e.g., custom script, VM Agent), managed disks, availability sets/zones, backups and updates.
- PaaS compute: App Service plans and app deployment, Azure Container Instances, Container Apps and how they differ from AKS.
- Containers and orchestration: basic container concepts and when to choose PaaS vs container services.
- Virtual networks, subnets, and network security groups (NSGs).
- Private connectivity: Virtual Network Peering and VPN Gateway for inter-site connectivity.
- Traffic management: Azure Load Balancer, Application Gateway (high level), route tables, and user-defined routes (UDRs).
- Network troubleshooting basics and service endpoints/private endpoints.
- Azure Backup: backup policies, recovery points, and restore operations.
- Azure Site Recovery (ASR) basics for disaster recovery scenarios.
- Azure Monitor: collecting metrics, logs, and configuring diagnostic settings.
- Log Analytics and Kusto Query Language (KQL) basics for querying logs.
- Setting up alerts (metric and log alerts) and automated actions.
- Microsoft Entra ID is the new name for Azure AD. This is a rebranding; functionality remains consistent, though some product pages and learning content may reference the new name.
- Always verify current exam objectives and platform terminology on official Microsoft pages.
For up-to-date exam objectives and guided learning paths, rely on official sources such as Microsoft Learn and the Azure documentation. Combine hands-on practice (deploying VMs, setting up RBAC, configuring networks, and using Azure Monitor) with study modules to reinforce practical skills.
- Microsoft Learn — official learning paths and modules for AZ-104.
- Azure documentation — product docs, how-tos, and architecture guidance.
- Azure Kubernetes Service (AKS) course example — additional AKS-focused content if you want to dive deeper into container orchestration.