Azure Administrator: AZ-104

Explore Azure administration tools, including the Azure portal, Cloud Shell, Azure PowerShell, Azure CLI, and the Azure mobile app, and learn when to use each for single-resource or bulk management.

Navigate and customize the Azure portal, manage resources with resource groups and storage accounts, and use Cloud Shell with PowerShell or Bash to deploy and delete resources.

Explore Azure Copilot, the built-in AI assistant that explains the basics tab and inbound port rules for virtual machines, guides configurations, and enables role-based access control.

Create and link a resource group in Canada Central; deploy a Windows Server 2022 virtual machine with a virtual network, public IP, and RDP access, while understanding region constraints.

Tag resources with key-value pairs in Azure, such as storage accounts, virtual machines, or virtual networks, to enable search, management, cost tracking, budget, automation, and governance.

Define environment and project tags to group resources and track costs by project. Enforce mandatory tags with governance policies and use automation to flag or shut down resources.

Create a storage account, apply the tag storage with value prod, and use the tag service to view resources with that tag and generate cost breakdowns by tag.

Discover ARM templates, a declarative JSON file to deploy and manage Azure resources, enabling infrastructure as code with reusable, modular templates, parameterization, validation, and ci cd integration.

Explore Azure arm templates by building and editing a Windows VM deployment with parameters and resources. Learn to visualize, download, and reuse templates for automation.

Leverage Azure quickstart templates to rapidly deploy end-to-end solutions with pre-built ARM templates (JSON or Bicep) and infrastructure as code, following verified best practices.

Plan and size Azure virtual machines by defining workload goals, compute resources, operating system, VM size, storage, networking, security, backups, and monitoring to optimize cost and performance.

Azure virtual machines use 2 disks: OS disk and a temporary disk for page file, with optional data disk, stored in Azure Storage as HDD, premium SSD, or ultra SSD.

Explore creating and managing a new azure virtual machine in the portal, including resource group, network interface, disks, public IP, DNS, security group, extensions, and resize options.

Deploy a Linux virtual machine in Azure by selecting Ubuntu Server 24.04 and configuring SSH key or password with port 22 open; management mirrors Windows VMs in Azure.

Azure Bastion lets you securely connect to Windows RDP (3389) or Linux SSH (22) over port 443 via the Azure portal with multi-factor authentication, keeping public ports closed.

Explore deploying Azure Bastion, with manual vs Microsoft-deployed prerequisites and automatic network setup; connect to your VM using RDP or SSH, via browser or portal.

Explore the Azure pricing calculator to estimate virtual machine costs across regions, compare pay-as-you-go and three-year reserved options, and learn how signing in saves estimates.

Explore Azure storage services, including blob storage and Azure files, to store documents, images, and backups, access data via URL, stream media, and use shared access signatures for controlled access.

Cloud storage uses a unique URL, with the storage account name forming the subdomain; create an alias to map a friendly domain to the target storage account.

Create storage account in the azure portal with a unique 3 to 24 character lowercase name. Choose storage v2, locally redundant storage, and hot or cool access; review and create.

Explore storage with Azure Storage Explorer, enabling upload and download of blobs, queues, tables, files, and Cosmos DB data, via the desktop tool or the Azure portal.

Blob storage handles unstructured data by organizing blobs within containers, offering private or public access and hot, cold, and archive tiers, with block, page, and append blobs.

Configure blob access policies in the Azure portal to grant read access via stored policies and shared access signatures (SAS) URLs, applying permissions to files or folders.

Evaluate Azure storage pricing by balancing data access costs, storage tiers hot, cool, archive, per transaction costs, and tier changes incur read or write charges.

Compare Azure files and Azure blobs to choose storage for shared folders and unstructured data. Azure files use SMB and emulate on-prem file servers; blobs stream video.

Demonstrates creating an Azure file share, uploading files, and mapping the share as a local drive on Windows, with options via PowerShell, net use, and Storage Explorer.

Use shadow copies to snapshot file shares at specific times and recover previous file versions. Create, view, and restore snapshots in storage explorer and share snapshots.

Azure storage role based access control defines built-in and custom roles that grant security principals access to storage accounts, blob containers, blobs, file shares, tables and queues.

Demonstrates creating a new virtual network in the Azure portal, configuring the address space and subnets, and setting up a resource group with v subnet one and v subnet two.

Learn to add multiple NICs to an Azure VM, assign separate subnets and IPs, and understand how admin and Azure reboots may change NIC order, with MAC/IP preservation.

Create a storage account and file share, upload a file, and verify internet accessibility with a shared access signature; configure service endpoint for storage and restrict access to the subnet.

Demonstrates securing remote desktop with azure bastion by removing direct internet exposure, denying port 3389, and connecting via the azure portal over ssl for internal rdp.

Explore virtual network connectivity, including vignette pairing and vignette-to-vignette connections, and learn express route configuration.

Connects Azure virtual networks via vnet peering to enable cross-network access, with regional and global peering, and gateways such as the virtual network gateway (formerly vpn gateway) for external resources.

Enable VNet peering between two virtual networks to connect two VMs in separate resource groups. Configure inbound ports, network discovery, and file and printer sharing to ensure seamless communication.

Connect two virtual networks with a VPN gateway to create a secure tunnel for site-to-site and on premise connectivity, using active-active gateways for fault tolerance.

Understand how Azure express route provides dedicated, high-speed connections from on-premises to the Microsoft cloud, enabling large data migrations, business continuity, and disaster recovery across regions up to 10 gbps.

Explore how a load balancer distributes traffic across multiple web servers via a front-end IP and health probes for high availability, with NAT rules for remote desktop in Azure.

Create a traffic manager profile in the Azure portal, select a routing method like performance, and configure endpoints, time-to-live, and probes to manage regional traffic and failover.

Deploy a lab environment quickly by loading the A-Z firewall template from the lesson resources, creating a resource group, and provisioning virtual machines and networks in Azure.

Explore Azure monitoring tools to track networks, virtual machines, databases, and applications across Azure and on-premises environments, including Azure alerts and Network Watcher for traffic troubleshooting.

Create Azure alerts for virtual machines by defining a CPU above 80 percent condition evaluated every five minutes, triggering an action group email to administrators.

Explore Azure Monitor metrics and logs by creating a chart for a virtual machine, compare metrics to alerts, and review service health for outages and maintenance.