Administrator Associate

AZ-104 trains you to run Azure, not just talk about it.

This path is for the operator who needs to manage Entra ID, subscriptions, RBAC, policy, storage, VMs, networking, monitoring, backup, and automation in a real tenant. It is technical, hands-on, and role-based.

10Lessons
25-30%Networking Weight
120 minExam Duration
$597Course Path
Review modules Need fundamentals first?
Dope Translation

Administrator work with the jargon stripped out

PIM

That is temporary God-mode. Elevated access should expire, not live on somebody's account forever.

Azure Policy

The automated rule enforcer. If the org says every resource group needs a Department tag, Policy is what catches the rule breakers.

Private Endpoint

You pull a service like Azure SQL inside your private network so it is not hanging out on the public internet.

Role Coverage

Built around what Azure admins actually do

🪪 Identity and governance

Manage Entra ID, subscriptions, management groups, RBAC scopes, Azure Policy, and resource locks.

15-20%Least privilege

🖥️ Compute and apps

Deploy VMs, scale sets, availability zones, Bastion, App Service, deployment slots, and containers.

20-25%Operations-first

🗄️ Storage

Configure storage accounts, SAS tokens, lifecycle policies, redundancy options, and secure access patterns.

15-20%Data control

🌐 Networking and monitoring

VNets, subnets, NSGs, Azure Firewall, private endpoints, load balancing, Azure Monitor, backup, and automation.

25-30%High-impact domain
Full Curriculum

Ten modules for the Azure admin role

This flow follows the source outline you provided and keeps the practical labs front and center.

Lesson 1: Manage Entra ID Identity and governance

Topics

  • Create and manage users, groups, service principals, and guest accounts
  • SSPR, MFA, Conditional Access, and PIM basics
  • Licensing and identity operations
This is HR plus security guard duty. You decide who gets an account, what building they can enter, and whether they get temporary elevated access.
Lesson 2: Subscriptions, RBAC, and Azure Policy Governance controls

Topics

  • Subscriptions and management groups
  • Built-in and custom roles, assignment scope, resource locks
  • Definitions, initiatives, compliance, and auto-remediation
Lesson 3: Deploy and Manage Azure VMs Compute

Topics

  • Portal, CLI, and PowerShell deployment
  • Availability sets, zones, scale sets, Bastion
  • Disk encryption, extensions, snapshots, Azure Backup
Lesson 4: App Service and Containers Managed hosting

Topics

  • App Service Plans and deployment slots
  • GitHub Actions deployment
  • ACI and AKS overview for admin scope
Lesson 5: Storage Accounts Deep Dive Storage

Topics

  • Standard vs Premium, LRS/ZRS/GRS/GZRS
  • Blob tiers, lifecycle management, Storage Explorer, AzCopy
  • SAS tokens, storage firewall, service endpoints, Azure Files
A SAS token is a temporary key to a specific room, for a specific time, without handing over the master keys.
Lesson 6: VNets and Network Security Networking

Topics

  • VNet design, subnetting, CIDR notation
  • NSGs, ASGs, Azure Firewall
  • Private endpoints, DNS, service endpoints, peering
Lesson 7: Load Balancing and Traffic Management Network delivery

Topics

  • Azure Load Balancer and Application Gateway
  • Traffic Manager and Front Door
  • Layer 4 versus Layer 7 routing decisions
Lesson 8: Azure Monitor and Alerts Operations

Topics

  • Metrics, logs, Log Analytics, alerts, and dashboards
  • Health signals for core services
  • Visibility that supports admin response
Lesson 9: Azure Backup and Site Recovery Resilience

Topics

  • Backup vaults and recovery points
  • Disaster recovery and replication patterns
  • Restore testing and operational continuity
Lesson 10: Automation and Update Management Maintenance

Topics

  • Azure Automation, runbooks, and scheduled tasks
  • Update management and patch orchestration
  • Reducing manual drift in production
Labs

Use the same free and low-friction labs admins actually need

🧪 Learn Sandbox

Work through user management, policy, storage, networking, and monitoring modules in Microsoft Learn.

Open admin modules

💳 Azure Free Account

Create real resource groups, VNets, storage accounts, and admin exercises in your own tenant with tight budgets enabled.

Launch free account

🐳 Browser Labs

Use Killercoda and Play with Docker to sharpen Linux, CLI, and container comfort that supports App Service and AKS topics.

Run lab

Administration is where cloud becomes employable.

If AZ-900 is the language layer, AZ-104 is the operator layer. This is the cert path that signals you can configure, secure, and maintain Azure resources under real-world constraints.

$597

Administrator pathway

See pricing and bundles