AZ-104: Microsoft Azure Administrator Associate

Explore Azure's global backbone, a vast network of regions, data centers, fiber and subsea cables, enabling low-latency access, region pairs with disaster recovery, and availability zones for zone-redundant, compliant deployments.

Explore the four Azure subscription types—free, student, pay-as-you-go, and enterprise agreement—covering credits, billing, and eligibility, with guidance for learners to choose between free or pay-as-you-go options.

Sign up for Azure via try free option, enter country and region, and enjoy 12 months of free services including 55 always free services and 200 USD for 30 days.

Explore the Azure resource hierarchy, including root management group and subscriptions, set up your subscription, and create a resource group to organize future demos.

Create a monthly Azure budget in cost management for your subscription. Configure a $200 threshold and alerts for 80% of actual spending or forecasted values to stay informed.

Install PowerShell on Windows via Win Get, then install the Azure PowerShell module for Windows by running elevated commands and confirming prompts.

Install the Azure CLI on Windows using WinGet, paste the install command in a terminal, then close and reopen terminals to use the CLI and verify az --version (2.77.0).

Install the Azure CLI on macOS using Homebrew, following the commands in the resources section. Paste commands into the terminal, run them, and verify the installation with az version.

Discover the five Azure management tools, including the Azure portal, Azure PowerShell, Azure CLI, Azure Cloud Shell, and Azure Copilot, for deploying, automating, and managing Azure resources.

Discover how Azure PowerShell uses the Azure PowerShell module to create, read, update, and delete resources, and see a practical demo building a resource group and a virtual machine.

Authenticate with Azure PowerShell, create a resource group and Windows Server VM in North Europe, manage resources from the terminal, and delete the resource group with force delete.

Install and run the Azure CLI on Windows or Mac OS, then create a resource group, virtual network, subnet, public IP, network interface, and a virtual machine with proper routing.

Use the Azure CLI to provision resources: login, select locations, create a resource group, vnet and subnet, a public IP, NIC, and a Windows VM; troubleshoot size availability errors.

Explore Azure Copilot in the Azure portal to create resource groups and a virtual machine, inspect resources with Azure Resource Graph queries, and learn safe create, list, and delete workflows.

Explore the Microsoft Entra suite, its four pillars and key products for zero trust access, employee and external identities, cloud permissions, and workload identities.

Explore Microsoft Entra ID, the cloud identity and access management service formerly known as Azure AD, securing access to Microsoft 365, Azure, and apps. Learn conditional access and identity protection.

Explore android user identities in Entra ID, including synchronized identities from on-premises Active Directory via Entra Connect, cloud and cloud-only identities, and guest identities from Facebook, Microsoft, Apple, and Google.

Showcases configuring managed identities in Azure, creating a resource group, a VM, and a SQL database, and assigning system and user assigned identities with SQL Server Contributor role.

Explore how groups in entry ID enable access control, security with role-based access, automation via dynamic memberships, and self-service, comparing security groups with M365 groups and assigned versus dynamic membership.

Create a security group in Entra ID by selecting security type, naming and describing it, optionally assign Microsoft Entra roles, set membership to assigned, add an owner, and create.

Learn to manage licenses in Microsoft Entra ID via the M365 admin center, view subscriptions, approve requests, configure an auto-claim policy, and assign licenses to users.

Enable external identities in Azure AD to let guests from other tenants access resources. Explore B2B collaboration, B2B direct connect, B2C, and cross-tenant settings for secure collaboration.

Enable self-service password reset (SSPR) so users reset passwords with the Microsoft Authenticator app, reducing helpdesk calls, and leverage password writeback in hybrid environments with robust auditing.

Explore how Entra ID roles grant permissions across the Microsoft ecosystem, including teams administration, security policy management, and roles like teams administrator and global reader.

Explore built-in Entra ID roles in the Azure portal, inspect the security administrator role, view permissions such as conditional access policy creation, and configure activation, MFA, approvals, and group-based assignments.

Learn to create custom Azure RBAC roles by starting from scratch or cloning an existing role, selecting permissions, and setting an assignable scope within a resource group, with JSON export.

Assign built-in and custom Azure RBAC roles via IAM, selecting members and active, eligible, or time-bound assignments, to prevent privilege creep with PIM guidance.

Define and enforce Azure resource guardrails with JSON policy definitions, bundle them into policy initiatives, and apply at management group, subscription, or resource group levels to support Defender for Cloud.

Examine how to use Azure policy by exploring definitions, selecting built-in policies like allowed locations, and assigning a policy to a subscription to deny resource creation outside approved regions.

Test Azure policy by validating allowed regions, demonstrating how only North Europe is permitted and others are blocked, with policy details and pre-create validation.

Explore Azure resource locks (resource logs) that prevent modification or deletion by applying read-only or delete locks at subscription, resource group, or resource levels, with inheritance to all contained resources.

Explore Azure Advisor, a digital cloud assistant that analyzes your resource configuration and offers proactive recommendations across cost, performance, reliability, security, and operational excellence per the Azure Well-Architected framework.

Explore Azure Advisor overview, pillar scores, and targeted security recommendations like disk encryption for virtual machines; use filters and Well-Architected framework checks to validate resource configurations at no cost.

Explore Azure storage types, blob for unstructured data, files for shared access, queues for messaging, and tables for NoSQL data, and understand storage accounts, redundancy, and endpoints.

Explore authentication and authorization for Azure storage, covering storage account access keys, shared access signatures, and Android-based authentication for blobs, queues, and more.

Explore shared access signatures in Azure Storage to grant access to blob containers and queues via user delegation SAS credentials or service and account SAS with storage account keys.

Configure a storage account shared access signature by selecting services, resource types, permissions, time, ip addresses, allowed protocols, and signing key to generate the SAS and connection string.

Adopt Android based authentication to prove identity and authorize access to a storage account, leveraging Android authentication features and a simple Azure RBAC role assignment.

Configure Entra ID-based authentication and authorization for a storage account by disabling access keys, enabling portal-based authentication, and assigning storage account contributor roles through IAM.

Explore how Azure resource firewalls protect paas services like storage accounts and Azure SQL databases by filtering traffic from specific IPs or VNets, without replacing full firewall offerings.

Configure the resource firewall for a storage account by enabling selective public access, adding virtual networks and IP addresses, configuring routing, and applying exceptions for trusted services.

Learn about Azure immutable blob storage with write once, read many, and how time-based retention and legal hold enforce immutability for compliance and audits, including version control.

Explore Azure storage options: locally, zone, geo, and geo zone redundant storage. Learn how each protects against data center and regional failures and supports backups and failover.