Administrator Associate

AZ-104 is for learners ready to move beyond basic cloud concepts.

Students explore identity, subscriptions, resource groups, storage, virtual machines, networking, monitoring, backup, role-based access control, and governance. This path is best for learners who want to manage cloud environments, support enterprise systems, and prepare for Azure Administrator roles.

10Lessons
25-30%Networking Weight
100 minExam Duration
$597Course Path
Dope Translation

Administrator work with the jargon stripped out

PIM

That is temporary God-mode. Elevated access should expire, not live on somebody's account forever.

Azure Policy

The automated rule enforcer. If the org says every resource group needs a Department tag, Policy is what catches the rule breakers.

Private Endpoint

You pull a service like Azure SQL inside your private network so it is not hanging out on the public internet.

Role Coverage

Built around what Azure admins actually do

🪪 Identity and governance

Manage Entra ID, subscriptions, management groups, RBAC scopes, Azure Policy, and resource locks.

15-20%Least privilege

🖥️ Compute and apps

Deploy VMs, scale sets, availability zones, Bastion, App Service, deployment slots, and containers.

20-25%Operations-first

🗄️ Storage

Configure storage accounts, SAS tokens, lifecycle policies, redundancy options, and secure access patterns.

15-20%Data control

🌐 Networking and monitoring

VNets, subnets, NSGs, Azure Firewall, private endpoints, load balancing, Azure Monitor, backup, and automation.

25-30%High-impact domain
Full Curriculum

Ten modules for the Azure admin role

This flow follows the source outline you provided and keeps the practical labs front and center.

Lesson 1: Manage Entra ID Identity and governance

Topics

  • Create and manage users, groups, service principals, and guest accounts
  • SSPR, MFA, Conditional Access, and PIM basics
  • Licensing and identity operations
This is HR plus security guard duty. You decide who gets an account, what building they can enter, and whether they get temporary elevated access.
Lesson 2: Subscriptions, RBAC, and Azure Policy Governance controls

Topics

  • Subscriptions and management groups
  • Built-in and custom roles, assignment scope, resource locks
  • Definitions, initiatives, compliance, and auto-remediation
Lesson 3: Deploy and Manage Azure VMs Compute

Topics

  • Portal, CLI, and PowerShell deployment
  • Availability sets, zones, scale sets, Bastion
  • Disk encryption, extensions, snapshots, Azure Backup
Lesson 4: App Service and Containers Managed hosting

Topics

  • App Service Plans and deployment slots
  • GitHub Actions deployment
  • ACI and AKS overview for admin scope
Lesson 5: Storage Accounts Deep Dive Storage

Topics

  • Standard vs Premium, LRS/ZRS/GRS/GZRS
  • Blob tiers, lifecycle management, Storage Explorer, AzCopy
  • SAS tokens, storage firewall, service endpoints, Azure Files
A SAS token is a temporary key to a specific room, for a specific time, without handing over the master keys.
Lesson 6: VNets and Network Security Networking

Topics

  • VNet design, subnetting, CIDR notation
  • NSGs, ASGs, Azure Firewall
  • Private endpoints, DNS, service endpoints, peering
Lesson 7: Load Balancing and Traffic Management Network delivery

Topics

  • Azure Load Balancer and Application Gateway
  • Traffic Manager and Front Door
  • Layer 4 versus Layer 7 routing decisions
Lesson 8: Azure Monitor and Alerts Operations

Topics

  • Metrics, logs, Log Analytics, alerts, and dashboards
  • Health signals for core services
  • Visibility that supports admin response
Lesson 9: Azure Backup and Site Recovery Resilience

Topics

  • Backup vaults and recovery points
  • Disaster recovery and replication patterns
  • Restore testing and operational continuity
Lesson 10: Automation and Update Management Maintenance

Topics

  • Azure Automation, runbooks, and scheduled tasks
  • Update management and patch orchestration
  • Reducing manual drift in production
Labs

Use the same free and low-friction labs admins actually need

🧪 Learn Sandbox

Work through user management, policy, storage, networking, and monitoring modules in Microsoft Learn.

💳 Azure Free Account

Create real resource groups, VNets, storage accounts, and admin exercises in your own tenant with tight budgets enabled.

🐳 Browser Labs

Use Killercoda and Play with Docker to sharpen Linux, CLI, and container comfort that supports App Service and AKS topics.

Readiness Check

What helps learners succeed in AZ-104

🛠️ Helpful background

Microsoft recommends familiarity with operating systems, networking, servers, virtualization, the Azure portal, PowerShell, and Azure CLI.

💼 Real job alignment

This path lines up with what Azure admins actually do: identity, governance, storage, compute, networking, monitoring, backup, and maintenance.

📘 Best study moves

Pair hands-on labs with the official admin learning paths so the exam content connects directly to real tenant work.

Administration is where cloud becomes employable.

If AZ-900 is the language layer, AZ-104 is the operator layer. This is the cert path that signals you can configure, secure, and maintain Azure resources under real-world constraints.

$597

Administrator pathway

See pricing and bundles