Complete Guide to Passing AZ-104: Microsoft Azure Administrator

As more organizations transition their infrastructure to the cloud, Microsoft Azure has become a key platform for modern IT operations. With its wide array of services and tools, Azure empowers businesses to deploy, manage, and monitor applications at scale. For IT professionals, this shift means growing demand for those who can manage cloud environments effectively, and that’s where the AZ-104: Microsoft Azure Administrator Associate certification comes in.

This study guide is designed to walk you through the critical skills and concepts required to pass the AZ-104 exam and excel as an Azure Administrator. In this first part, we’ll cover what the certification entails, what skills you need, and how to get started on your learning journey.

What Is the AZ-104 Certification?

The AZ-104 Microsoft Azure Administrator exam is a mid-level certification aimed at professionals who want to demonstrate their ability to manage Azure resources and services. Earning this credential validates your ability to perform day-to-day tasks such as managing identities, deploying and managing Azure compute resources, implementing storage solutions, configuring virtual networks, and monitoring Azure environments.

This certification is ideal for system administrators, network admins, or anyone responsible for managing cloud infrastructure.

Who Should Take the AZ-104 Exam?

The AZ-104 is designed for individuals who:

• Have a foundational understanding of Microsoft Azure (completion of AZ-900 is helpful but not required).
  
• They are involved in managing Azure subscriptions, resource groups, virtual machines, and networking.
  
• Use tools like Azure PowerShell, Azure CLI, and the Azure Portal.
  
• Want to advance their career in cloud administration or validate hands-on experience with Azure.

If you’re currently working in IT or looking to pivot to cloud-based roles, this certification provides a strong path forward.

Key Skills Measured in the AZ-104 Exam

The AZ-104 exam measures five major skill domains. Understanding these early on will help you tailor your study plan:

1. Manage Azure Identities and Governance (15–20%)

• Manage Microsoft Entra (formerly Azure AD) users and groups
  
• Configure role-based access control (RBAC)
  
• Create and manage Azure policies and resource locks.
  
• Use management groups and subscriptions for resource organization

2. Implement and Manage Storage (15–20%)

• Create and manage storage accounts
  
• Configure Azure Blob Storage and Azure Files
  
• Implement data redundancy and lifecycle management.
  
• Secure storage with shared access signatures (SAS) and network rules

3. Deploy and Manage Azure Compute Resources (20–25%)

• Deploy virtual machines and scale sets
  
• Configure availability sets and zones
  
• Automate VM deployment using templates and Bicep
  
• Deploy containers using Azure Container Instances and App Services

4. Configure and Manage Virtual Networking (20–25%)

• Configure VNets, subnets, and private endpoints
  
• Implement Azure DNS, network security groups (NSGs), and a firewall.
  
• Connect virtual networks using VNet peering and VPN gateway.s
  
• Secure access with Azure Bastion and network watcher tools

5. Monitor and Maintain Azure Resources (10–15%)

• Monitor resources with Azure Monitor and Log Analytics
  
• Set up alerts and an action group.s
  
• Analyze costs using Azure Cost Management.
  
• Optimize workloads for performance and reliability.y

Each of these categories reflects real-world responsibilities of an Azure administrator.

Essential Tools: Azure Portal, PowerShell, and CLI

A certified Azure Administrator must be proficient in several key tools:

Azure Portal

The Azure Portal is the web-based user interface used for managing all Azure services. It’s ideal for visual learners and those new to Azure.

Azure CLI

The Azure Command-Line Interface (CLI) is a cross-platform tool that allows you to manage resources through command-line scripts. It’s especially useful for automation and scripting in Linux environments.

Azure PowerShell

For those in Windows-heavy environments, Azure PowerShell offers powerful scripting capabilities. Many organizations rely on it for automated deployments, configuration changes, and resource cleanup.

Getting Started with Microsoft Entra and Identity Management

One of the first areas covered in the AZ-104 exam is managing Azure identities. Microsoft Entra ID, formerly known as Azure Active Directory, is Microsoft’s cloud-based identity and access management service.

You’ll need to learn how to:

• Create and manage users, groups, and devices
  
• Set password policies and enable multi-factor authentication (MFA)
  
• Assign roles and permissions using Azure role-based access control (RBAC)
  
• Implement Conditional Access policies to secure access to services

Hands-on practice is crucial. Set up a test tenant and try creating users, assigning roles, and enforcing security settings.

Storage Fundamentals for AZ-104

Azure offers scalable, secure, and redundant storage solutions that you’ll manage daily as an administrator. Here’s what you need to focus on:

Azure Storage Types

• Blob Storage – Ideal for storing unstructured data such as images and documents.
  
• Azure Files – Provides fully managed file shares in the cloud.
  
• Queues and Tables – For messaging and NoSQL data storage.

Key Skills

• Creating and managing storage accounts
  
• Implementing data replication (LRS, GRS, ZRS)
  
• Configuring network access rules
  
• Using shared access signatures (SAS) for secure temporary access
  
• Enabling encryption and soft delete options

Be sure to test access control options and experiment with lifecycle policies to understand how they affect cost and performance.

Establishing Governance and Security

A key responsibility of Azure administrators is enforcing security and compliance through governance. You’ll use features like:

• Resource locks to prevent accidental deletions
  
• Azure Policy to enforce organizational standards.
  
• Management groups are used to structure a large-scale environment.
  
• Tagging for cost and resource tracking

Security isn’t optional—it’s integral to your role. From configuring NSGs to using Azure Defender for Cloud, administrators are expected to protect workloads by default.

Tips to Start Your AZ-104 Prep

To get the most from your study time:

1. Review Microsoft’s official exam guide – Stay current with what’s covered.
   
2. Set up a free Azure account – Nothing beats hands-on practice.
   
3. Use Microsoft Learn – It’s free and exam-focused.
   
4. Join study groups and forums – Reddit, Tech Community, and Discord are great places.
   
5. Practice with mock exams – Familiarize yourself with question formats and timing.

In this series of our Microsoft Azure Administrator study guide, we’ve laid the foundation for your AZ-104 certification journey. You’ve learned what the certification covers, the core responsibilities of an Azure Administrator, and which tools and services you’ll need to master.

We’ll take a deeper dive into deploying and managing Azure compute resources—think virtual machines, scale sets, availability zones, containers, and Azure App Services. These skills form the backbone of infrastructure deployment and will make up a significant portion of the AZ-104 exam.

Deploying and Managing Compute Resources

Welcome back to our AZ-104 Microsoft Azure Administrator study series. We covered the exam structure, key skills, and foundational tools like the Azure Portal, PowerShell, and CLI. Now, we’ll dive into one of the most critical and practical domains: Azure Compute.

Compute resources power the core of any Azure workload—whether you’re spinning up virtual machines, hosting apps in containers, or deploying serverless functions. As an Azure Administrator, you must understand how to deploy, configure, and maintain these resources efficiently and securely.

Why Computing Is Important for AZ-104

The AZ-104 exam dedicates 20–25% of its questions to deploying and managing compute resources. These skills directly impact availability, cost, and performance, making them essential for real-world operations.

Key topics include:

• Virtual Machines (VMs)
  
• Virtual Machine Scale Sets (VMSS)
  
• Availability options (sets and zones)
  
• Containers and App Services
  
• Custom images and automation with ARM templates or Bicep

Virtual Machines: Core of Azure Compute

Creating VMs

Azure VMs let you run Windows or Linux-based workloads in the cloud. You can create them through:

• Azure Portal (GUI)
  
• Azure CLI (az vm create)
  
• PowerShell (New-AzVM)
  
• ARM/Bicep templates for automation

When provisioning a VM, you’ll choose:

• Size (SKU): Determines CPU, memory, and cost
  
• Image: Predefined OS images or custom ones
  
• Disk type: Standard or Premium SSD
  
• Network: Attach to an existing VNet/subnet
  
• Authentication: Password or SSH key

Key Management Tasks

• Start/Stop/Restart/Deallocate VMs
  
• Resize the VM SKU (carefully—some sizes may not be compatible with existing disks)
  
• Attach and detach data disks.
  
• Enable and configure boot diagnostics

High Availability with Availability Sets and Zones

Azure offers built-in options to ensure VM uptime:

Availability Sets

• Protect against hardware failure within a single data center.
  
• Use update domains and fault domains to separate resources.s
  
• Typically used for traditional apps needing redundancy within a region

Availability Zones

• Provide data center-level fault isolation within an Azure region
  
• Each zone is a physically separate location.
  
• Recommended for mission-critical workloads

Virtual Machine Scale Sets (VMSS)

Scale sets allow you to automatically deploy and manage identical VMs across availability zones or sets.

Benefits:

• Elastic scaling based on CPU/memory or schedule
  
• Integrated load balancing
  
• Supports autoscaling rules and manual instance control

Example: Use az vmss create or an ARM/Bicep template to deploy a VMSS.

Scale sets are ideal for front-end web servers, batch processing, or scenarios where workloads fluctuate.

Containers: Azure Container Instances (ACI) and AKS

Containers offer a lightweight way to deploy apps without managing VMs or OS-level dependencies.

Azure Container Instances (ACI)

• Best for simple, fast, serverless container deployments
  
• You define an image, CPU/memory settings, and networking.
  
• Run isolated containers without VM overhead.d

Example CLI command:

bash

CopyEdit

az container create \

  –name myapp \

  –image nginx \

  –cpu 1 –memory 1 \

  –resource-group myrg \

  –ip-address public

Azure Kubernetes Service (AKS)

• Fully managed Kubernetes cluster
  
• More complex, used for orchestrating microservices
  
• Not heavily emphasized in AZ-104, but worth understanding

App Services: PaaS Hosting for Web Apps

Azure App Service lets you host web apps, REST APIs, and mobile backends without managing infrastructure.

Key Features:

• Support for multiple languages (.NET, Node.js, Python, etc.)
  
• Deployment slots for staging/production
  
• Integrated with GitHub or Azure DevOps for CI/CD
  
• Auto-scaling and custom domains

Know how to:

• Create an App Service Plan
  
• Deploy and scale a Web App.
• Configure deployment slots and custom domains
  
• Set up identity and access settings.

Automating Deployments with ARM Templates and Bicep

As an Azure Administrator, automating your deployments with Infrastructure as Code (IaC) is a huge productivity boost.

Options:

• ARM templates: JSON-based, verbose but powerful
  
• Bicep: A simplified, readable DSL that transpiles to ARM
  

Bicep example to deploy a VM:

bicep

CopyEdit

resource vm ‘Microsoft.Compute/virtualMachines@2022-03-01’ = {

  name: ‘myVM’

  location: resourceGroup().location

  properties: {

    hardwareProfile: { vmSize: ‘Standard_B1s’ }

    …

  }

}

Remote Access and Security

Managing compute resources means securing them, too.

• Use Azure Bastion to securely connect to VMs without exposing RDP/SSH ports.
  
• Configure Just-in-Time VM access to reduce attack surfaces
  
• Monitor compute activity via Azure Monitor and Log Analytics.
  
• Apply NSGs (Network Security Groups) to control traffic

Cost Optimization and Sizing

Being able to right-size VMs and scale appropriately is vital. Azure provides tools like:

• Azure Pricing Calculator
  
• Azure Advisor for VM optimization suggestions
  
• Cost Management to track and manage spending

Know when to use burstable (B-series) VMs vs. compute-optimized SKUs, and how spot instances differ from standard pricing.

 Deploy VMs using the portal, CLI, and templates.
  Create and configure a scale set.s
  Configure availability sets and zones
  Set up ACI and deploy containers.
  Deploy a web app to Azure App Services.
  Automate infrastructure with Bicep
  Use Bastion and NSGs for secure VM access.s
  Monitor VM performance and logs.

Configuring and Managing Virtual Networking

This section focuses on virtual networking in Azure—a key topic that accounts for about 20–25% of the AZ-104 exam. Understanding how to create, secure, and troubleshoot Azure networks is essential for any cloud administrator.

1. Virtual Networks (VNets) and Subnets

Virtual Network (VNet)

A VNet is a logically isolated network in Azure. It allows you to host and securely connect Azure resources, much like a traditional on-premises network.

• Customizable IP address range using CIDR
  
• Can span across availability zones
  
• Supports service endpoints and private links
  
• Connects to on-prem networks via VPN or ExpressRoute

Subnets

Subnets divide a VNet into smaller address spaces, organizing resources by function or trust level.

• Each subnet has a portion of the VNet’s IP address range.
  
• Required for deploying most resources
  
• Allows assignment of security policies

2. Network Security Groups (NSGs)

NSGs are used to control inbound and outbound network traffic.

• Contain rules with priority, source/destination, protocol, and port.
  
• Can be applied to subnets or individual network interfaces (NICs)
  
• Default rules allow VNet traffic and deny internet inbound traffic

Key concepts:

• Lower priority number = higher precedence
  
• Rules can allow or deny traffic.c

3. Application Security Groups (ASGs)

ASGs simplify network rule management by grouping VMs with similar roles.

• Combine ASGs with NSGs for a dynamic traffic rule.s
  
• No need to manage individual IP addresses
  
• Useful for scaling applications without changing NSG rules

4. VNet Peering

VNet peering connects two VNets, enabling private communication across them.

• Traffic flows through Azure’s backbone network.
  
• Supports regional and global peering
  
• Transitive routing is not supported by default

Each VNet must have a non-overlapping IP address space.

5. DNS and Private DNS Zones

Azure DNS

Hosts public DNS zones in Azure.

• Allows domain name resolution for internet-facing services
  
• Managed via the Azure portal, CLI, or ARM templates

Private DNS Zones

Provide name resolution for virtual networks internally.

• No need for custom DNS servers
  
• Can be linked to one or more VNets

6. User-Defined Routes (UDRs)

Custom routing rules that override Azure’s system routes.

• Used to direct traffic to a Network Virtual Appliance (NVA)
  
• Applied through route tables associated with subnets
  
• Can force traffic through firewalls or gateways

7. Load Balancers and Application Gateways

Azure Load Balancer

• Operates at Layer 4 (TCP/UDP)
  
• Distributes traffic across VMs in a backend pool
  
• Supports both internal and external configurations

Application Gateway

• Operates at Layer 7 (HTTP/HTTPS)
  
• Performs intelligent routing (path- or host-based)
  
• Supports SSL termination and includes an optional Web Application Firewall (WAF)

8. Azure Firewall and Azure Bastion

Azure Firewall

• Managed, stateful firewall-as-a-service
  
• Filters outbound, inbound, and traffic between VNets
  
• Supports fully qualified domain name (FQDN) filtering, threat intelligence

Azure Bastion

• Provides secure RDP and SSH access via the Azure portal
  
• No need for public IPs on VMs
  
• Prevents opening ports like 3389 or 22

9. VPN Gateway and ExpressRoute

VPN Gateway

• Establishes a secure IPsec connection between Azure and on-premises networks
  
• Requires a virtual network gateway in Azure and a compatible VPN device on-premises

ExpressRoute

• Dedicated private connection to Azure
  
• Offers higher reliability, faster speeds, and lower latency compared to VPN
  
• Does not go over the public internet

10. Service Endpoints and Private Link

Service Endpoints

• Extend Azure services into your VNet
  
• Traffic remains on Azure’s private backbone.
  
• No need to configure NAT or public IPs

Private Link

• Assigns a private IP to Azure PaaS services
  
• Enables access to services from within the VNet
  
• Recommended over service endpoints for secure access

11. Monitoring and Troubleshooting

Use built-in tools to monitor and resolve networking issues.

Network Watcher

• Enables network diagnostics and logging
  
• Includes features like connection troubleshooting and IP flow verification
  

NSG Flow Logs

• Capture inbound and outbound traffic flow through NSGs
  
• Useful for auditing and troubleshooting

Practical Tasks to Master

• Deploy and configure VNets and subnets
  
• Implement and apply NSGs and ASGs
  
• Set up VNet peering (same and cross-region)
  
• Configure private DNS zones
  
• Create route tables and user-defined routes.
  
• Use load balancers and an application gateway.s
  
• Connect to on-prem via VPN Gateway and ExpressRoute (conceptual)
  
• Implement service endpoints and Private Link.
  
• Use Network Watcher tools for diagnostics.

Implementing and Managing Azure Storage Solutions

Microsoft Azure storage is a cornerstone of the AZ-104 certification. As an Azure Administrator, your ability to effectively implement and manage storage resources impacts availability, performance, and security. This part of the study guide walks you through configuring access, managing storage accounts, and handling file and blob storage.

Configure Access to Azure Storage

Access control is fundamental in managing storage. Azure provides multiple mechanisms to secure storage access, including identity-based access and shared keys.

Firewalls and Virtual Networks

To protect storage accounts, administrators can configure storage firewalls and virtual networks. This restricts access by allowing traffic only from selected networks. Setting up firewall rules includes defining specific IP address ranges and allowing trusted Azure services to bypass rules if needed.

Shared Access Signatures (SAS)

Shared Access Signatures enable delegated access to storage resources without exposing the storage account key. SAS tokens can be scoped for read, write, delete, or list operations and can be time-bound. Stored access policies can be used to manage SAS constraints more easily.

Access Keys

Storage accounts provide two keys that can be used interchangeably. It’s best practice to regenerate keys periodically and to use Azure Key Vault to manage and store them securely.

Identity-Based Access for Azure Files

Azure supports Active Directory-based authentication for file shares. Azure Files can use either on-premises Active Directory or Microsoft Entra ID to control access. This approach enhances security and aligns with existing identity management frameworks.

Configure and Manage Storage Accounts

Creating Storage Accounts

Azure supports different types of storage accounts, including general-purpose v2, premium block blobs, and file storage accounts. When creating a storage account, you’ll select a performance tier (standard or premium), a redundancy type, and an access tier.

Redundancy Options

Azure offers several redundancy models:

• Locally Redundant Storage (LRS): Replicates data within a single data center.
  
• Zone-Redundant Storage (ZRS): Spreads data across different zones within a region.
  
• Geo-Redundant Storage (GRS): Replicates data to a secondary region.
  
• Read-Access GRS (RA-GRS): Allows read access to the secondary replica.

Choose redundancy based on business continuity and compliance needs.

Object Replication

Azure Blob Storage supports replication between storage accounts. This feature allows data from one blob container to be copied automatically to another in a different account or region. It is useful for scenarios like data aggregation, global content distribution, or backups.

Encryption Settings

All data in Azure Storage is encrypted at rest using Microsoft-managed keys by default. You can also use customer-managed keys stored in Azure Key Vault for greater control. Disk encryption for virtual machines is configured separately using Azure Disk Encryption.

Management Tools

Two key tools for managing data are Azure Storage Explorer and AzCopy.

• Azure Storage Explorer is a GUI tool that allows users to interact with storage accounts.
  
• AzCopy is a command-line utility designed for high-performance data transfers.

Use AzCopy for automation and scripting, especially when working with large volumes of data.

Configure Azure Files and Blob Storage

Azure supports both unstructured data in blob storage and structured files through Azure Files. Each comes with specific capabilities and configuration needs.

Azure File Shares

Azure Files provides fully managed file shares accessible over SMB or NFS protocols. They are ideal for file servers, shared applications, and lift-and-shift scenarios.

To create a file share, choose a storage account, define a share name, and configure quota settings. File shares can be mounted to Windows, Linux, or macOS machines, either on-premises or in the cloud.

Snapshots allow for point-in-time recovery of file shares. Soft delete for shares is also available and can be enabled to protect against accidental deletions.

Azure Blob Storage

Blob storage is optimized for storing massive amounts of unstructured data, like text and binary data.

To use blob storage, create a container inside a storage account. Within the container, you can store blobs in block, append, or page format depending on the use case. Most applications use block blobs for images, documents, and backups.

Storage Tiers

Azure supports three main access tiers for blobs:

• Hot: Frequently accessed data.
  
• Cool: Infrequently accessed data.
  
• Archive: Rarely accessed data with flexible latency requirements.

You can move blobs between tiers manually or automatically using lifecycle management policies. Tier selection impacts both cost and availability.

Lifecycle Management

Lifecycle rules automate blob movement and deletion based on conditions like age or access time. For example, you can configure a rule to move data to the cool tier after 30 days and delete it after 180 days. These policies help manage costs effectively.

Versioning

Blob versioning automatically saves the previous state of a blob whenever it’s modified or deleted. This is crucial for data recovery and audit scenarios. Versioning can be combined with soft delete to provide robust data protection.

Monitor Azure Storage Resources

Proper monitoring helps maintain the performance, availability, and security of storage services.

Metrics and Alerts

Azure Monitor provides performance data for storage accounts. You can track metrics like:

• Total ingress and egress
  
• Availability and latency
  
• Number of successful or failed requests

Set up alerts to notify admins when thresholds are breached, for example, when transactions exceed a certain count or when latency spikes.

Logs and Diagnostics

Storage analytics logs give insight into operations like read, write, and delete requests. Diagnostic settings can be configured to send logs and metrics to Log Analytics, Event Hubs, or Storage accounts for further analysis.

Azure Monitor Insights

Storage Insights provides dashboards for performance trends. These dashboards highlight metrics like transaction volume, average latency, and capacity trends.

Secure Azure Storage

Security is critical in Azure storage management. A layered approach using identity, access control, encryption, and monitoring is ideal.

Role-Based Access Control (RBAC)

RBAC helps manage who has access to Azure resources. Assign roles like Reader, Contributor, or Storage Blob Data Owner at the resource group or account level.

You can also create custom roles to meet unique access requirements. Always follow the principle of least privilege.

Shared Access and Time-Bound Tokens

Use SAS tokens to provide time-limited access to storage data without exposing access keys. Combine these tokens with stored access policies to improve manageability and security.

Network Restrictions

Limit access to storage accounts using virtual network rules and firewall settings. Only allow traffic from approved sources and enable secure transfer (HTTPS-only).

Secure Transfer and TLS

Enable the secure transfer option in storage account settings to enforce HTTPS. This ensures that data in transit is encrypted.

You can also use Transport Layer Security (TLS) settings to enforce minimum TLS versions for clients accessing the storage.

Backup and Recovery

Azure provides comprehensive options for backup and disaster recovery.

Azure Backup

Azure Backup supports file shares, virtual machines, and other services. It stores backup data in a Recovery Services vault or Backup vault. You can define backup policies, schedule jobs, and configure retention.

Use the Azure portal or PowerShell to restore deleted files, folders, or entire shares.

Azure Site Recovery

Site Recovery supports replicating virtual machines across regions. It helps maintain business continuity during outages or disasters.

Failover can be triggered manually or automatically based on conditions. After recovery, you can fail back to the original region once it is operational again.

Best Practices for Azure Storage Administration

1. Use General-purpose v2 storage accounts for maximum flexibility.
   
2. Enable soft delete and versioning to protect against accidental data loss.
   
3. Set up lifecycle management to control storage costs.
   
4. Regularly rotate storage access keys and use managed identities where possible.
   
5. Implement monitoring and alerts for proactive storage management.
   
6. Use geo-redundant storage when business continuity is a priority.
   
7. Use private endpoints and service endpoints to restrict access.

Mastering Azure Storage is essential for any administrator preparing for the AZ-104 exam. By configuring access controls, managing storage accounts, handling blob and file storage, and securing data, you lay the foundation for a resilient and scalable cloud architecture. Tools like Azure Monitor, RBAC, lifecycle management, and backup services help maintain this infrastructure efficiently. Understanding these storage solutions in depth prepares you not only for the certification but also for real-world Azure administration challenges.

Final Thoughts

Understanding and managing Azure Storage is a vital responsibility for any cloud administrator. The concepts in this section—ranging from access management and security to performance optimization and disaster recovery—form the backbone of real-world cloud infrastructure and are highly emphasized on the AZ-104 exam.

While it’s essential to grasp the technical configurations—such as how to enable soft delete or generate a shared access signature—it’s equally important to understand the business implications of storage decisions. For example, choosing between LRS and GRS redundancy is not just a technical decision but a risk management strategy. Similarly, enabling lifecycle management can result in significant cost savings when handling large datasets in long-term archival scenarios.

In practical terms, you’ll often deal with scenarios where multiple stakeholders need controlled access to data. Developers might need temporary read-write access to blob containers, finance teams may need access to archived invoices via Azure Files, and security teams might need logs for auditing purposes. Implementing granular RBAC roles, using private endpoints, and deploying logging pipelines with Log Analytics are not just “test topics”—they’re real operational tasks that directly impact security and governance.

Moreover, as companies move toward hybrid cloud models, your ability to integrate on-premises Active Directory with Azure Files and support seamless file share access across networks becomes critical. Understanding how Azure supports NFS, SMB, and integration with Microsoft Entra ID (formerly Azure AD) ensures you can support enterprise-scale operations without sacrificing performance or compliance.

With increasing regulatory scrutiny around data privacy, Azure Storage provides native features to help meet requirements like GDPR, HIPAA, and ISO standards. Encryption-at-rest, secure transfer over HTTPS, and customer-managed keys via Azure Key Vault are no longer optional; they are must-haves in any secure deployment. Using audit logs, versioning, and soft delete also supports compliance by preserving data integrity and offering recovery options.

When preparing for the AZ-104 exam, don’t treat these storage topics as isolated tasks. Practice configuring an entire environment: create a storage account, secure it, configure logging, mount an Azure File share, and simulate recovery from a deletion. This holistic view reinforces your learning and makes the concepts stick.

1. Practice with the Azure Portal and CLI: You’ll be expected to know not just how to perform tasks in the GUI but also how to use Azure CLI and PowerShell to automate those tasks.
   
2. Understand When to Use What: Learn the differences between file storage, blob storage, and disk storage—and understand where each is appropriate. This helps in both exam questions and real-world design decisions.
   
3. Simulate Failure Scenarios: Try deleting data, moving data between tiers, and restoring snapshots. Understand how each mechanism behaves and what limitations may arise.
   
4. Use Microsoft Learn and Labs: Microsoft provides sandboxed environments where you can safely experiment. These environments also simulate the types of scenarios you’ll encounter on the exam.

Storage is just one pillar of the Azure Administrator role. But because every workload—whether compute, networking, or application—depends on reliable, secure, and scalable storage, your competence in this area is foundational. As you progress toward certification and deeper responsibilities in cloud administration, expect to revisit these storage concepts in areas like automation (via ARM templates or Bicep), cost governance (with Azure Cost Management), and security baselining (through Defender for Cloud).

Ultimately, your goal isn’t just to pass the AZ-104 exam, but to become a confident, capable Azure Administrator. Mastering Azure Storage means you’re one step closer to that.