{"id":1478,"date":"2025-07-12T09:18:46","date_gmt":"2025-07-12T09:18:46","guid":{"rendered":"https:\/\/www.test-king.com\/blog\/?p=1478"},"modified":"2026-01-02T10:54:17","modified_gmt":"2026-01-02T10:54:17","slug":"complete-guide-to-passing-az-104-microsoft-azure-administrator","status":"publish","type":"post","link":"https:\/\/www.test-king.com\/blog\/complete-guide-to-passing-az-104-microsoft-azure-administrator\/","title":{"rendered":"Complete Guide to Passing AZ-104: Microsoft Azure Administrator"},"content":{"rendered":"\r\n<p>As more organizations transition their infrastructure to the cloud, Microsoft Azure has become a key platform for modern IT operations. With its wide array of services and tools, Azure empowers businesses to deploy, manage, and monitor applications at scale. For IT professionals, this shift means growing demand for those who can manage cloud environments effectively, and that\u2019s where the AZ-104: Microsoft Azure Administrator Associate certification comes in.<\/p>\r\n\r\n\r\n\r\n<p>This study guide is designed to walk you through the critical skills and concepts required to pass the AZ-104 exam and excel as an Azure Administrator. In this first part, we\u2019ll cover what the certification entails, what skills you need, and how to get started on your learning journey.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>What Is the AZ-104 Certification?<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>The AZ-104 Microsoft Azure Administrator exam is a mid-level certification aimed at professionals who want to demonstrate their ability to manage Azure resources and services. Earning this credential validates your ability to perform day-to-day tasks such as managing identities, deploying and managing Azure compute resources, implementing storage solutions, configuring virtual networks, and monitoring Azure environments.<\/p>\r\n\r\n\r\n\r\n<p>This certification is ideal for system administrators, network admins, or anyone responsible for managing cloud infrastructure.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Who Should Take the AZ-104 Exam?<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>The AZ-104 is designed for individuals who:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Have a foundational understanding of Microsoft Azure (completion of AZ-900 is helpful but not required).<\/li>\r\n\r\n\r\n\r\n<li>They are involved in managing Azure subscriptions, resource groups, virtual machines, and networking.<\/li>\r\n\r\n\r\n\r\n<li>Use tools like Azure PowerShell, Azure CLI, and the Azure Portal.<\/li>\r\n\r\n\r\n\r\n<li>Want to advance their career in cloud administration or validate hands-on experience with Azure.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>If you&#8217;re currently working in IT or looking to pivot to cloud-based roles, this certification provides a strong path forward.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Key Skills Measured in the AZ-104 Exam<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>The AZ-104 exam measures five major skill domains. Understanding these early on will help you tailor your study plan:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>1. Manage Azure Identities and Governance (15\u201320%)<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Manage Microsoft Entra (formerly Azure AD) users and groups<\/li>\r\n\r\n\r\n\r\n<li>Configure role-based access control (RBAC)<\/li>\r\n\r\n\r\n\r\n<li>Create and manage Azure policies and resource locks.<\/li>\r\n\r\n\r\n\r\n<li>Use management groups and subscriptions for resource organization<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>2. Implement and Manage Storage (15\u201320%)<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Create and manage storage accounts<\/li>\r\n\r\n\r\n\r\n<li>Configure Azure Blob Storage and Azure Files<\/li>\r\n\r\n\r\n\r\n<li>Implement data redundancy and lifecycle management.<\/li>\r\n\r\n\r\n\r\n<li>Secure storage with shared access signatures (SAS) and network rules<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>3. Deploy and Manage Azure Compute Resources (20\u201325%)<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Deploy virtual machines and scale sets<\/li>\r\n\r\n\r\n\r\n<li>Configure availability sets and zones<\/li>\r\n\r\n\r\n\r\n<li>Automate VM deployment using templates and Bicep<\/li>\r\n\r\n\r\n\r\n<li>Deploy containers using Azure Container Instances and App Services<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>4. Configure and Manage Virtual Networking (20\u201325%)<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Configure VNets, subnets, and private endpoints<\/li>\r\n\r\n\r\n\r\n<li>Implement Azure DNS, network security groups (NSGs), and a firewall.<\/li>\r\n\r\n\r\n\r\n<li>Connect virtual networks using VNet peering and VPN gateway.s<\/li>\r\n\r\n\r\n\r\n<li>Secure access with Azure Bastion and network watcher tools<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>5. Monitor and Maintain Azure Resources (10\u201315%)<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Monitor resources with Azure Monitor and Log Analytics<\/li>\r\n\r\n\r\n\r\n<li>Set up alerts and an action group.s<\/li>\r\n\r\n\r\n\r\n<li>Analyze costs using Azure Cost Management.<\/li>\r\n\r\n\r\n\r\n<li>Optimize workloads for performance and reliability.y<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Each of these categories reflects real-world responsibilities of an Azure administrator.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Essential Tools: Azure Portal, PowerShell, and CLI<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>A certified Azure Administrator must be proficient in several key tools:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Portal<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>The Azure Portal is the web-based user interface used for managing all Azure services. It\u2019s ideal for visual learners and those new to Azure.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure CLI<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>The Azure Command-Line Interface (CLI) is a cross-platform tool that allows you to manage resources through command-line scripts. It\u2019s especially useful for automation and scripting in Linux environments.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure PowerShell<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>For those in Windows-heavy environments, Azure PowerShell offers powerful scripting capabilities. Many organizations rely on it for automated deployments, configuration changes, and resource cleanup.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Getting Started with Microsoft Entra and Identity Management<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>One of the first areas covered in the AZ-104 exam is managing Azure identities. Microsoft Entra ID, formerly known as Azure Active Directory, is Microsoft\u2019s cloud-based identity and access management service.<\/p>\r\n\r\n\r\n\r\n<p>You&#8217;ll need to learn how to:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Create and manage users, groups, and devices<\/li>\r\n\r\n\r\n\r\n<li>Set password policies and enable multi-factor authentication (MFA)<\/li>\r\n\r\n\r\n\r\n<li>Assign roles and permissions using Azure role-based access control (RBAC)<\/li>\r\n\r\n\r\n\r\n<li>Implement Conditional Access policies to secure access to services<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Hands-on practice is crucial. Set up a test tenant and try creating users, assigning roles, and enforcing security settings.<\/p>\r\n<table>\r\n<tbody>\r\n<tr>\r\n<td>\r\n<p><b>Related Exams:<\/b><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/AZ-900.htm\"><span style=\"font-weight: 400;\">Microsoft AZ-900 &#8211; Microsoft Azure Fundamentals Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/DP-100.htm\"><span style=\"font-weight: 400;\">Microsoft DP-100 &#8211; Designing and Implementing a Data Science Solution on Azure Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/DP-203.htm\"><span style=\"font-weight: 400;\">Microsoft DP-203 &#8211; Data Engineering on Microsoft Azure Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/DP-300.htm\"><span style=\"font-weight: 400;\">Microsoft DP-300 &#8211; Administering Microsoft Azure SQL Solutions Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/DP-420.htm\"><span style=\"font-weight: 400;\">Microsoft DP-420 &#8211; Designing and Implementing Cloud-Native Applications Using Microsoft Azure Cosmos DB Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Storage Fundamentals for AZ-104<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Azure offers scalable, secure, and redundant storage solutions that you&#8217;ll manage daily as an administrator. Here&#8217;s what you need to focus on:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Storage Types<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Blob Storage \u2013 Ideal for storing unstructured data such as images and documents.<\/li>\r\n\r\n\r\n\r\n<li>Azure Files \u2013 Provides fully managed file shares in the cloud.<\/li>\r\n\r\n\r\n\r\n<li>Queues and Tables \u2013 For messaging and NoSQL data storage.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Key Skills<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Creating and managing storage accounts<\/li>\r\n\r\n\r\n\r\n<li>Implementing data replication (LRS, GRS, ZRS)<\/li>\r\n\r\n\r\n\r\n<li>Configuring network access rules<\/li>\r\n\r\n\r\n\r\n<li>Using shared access signatures (SAS) for secure temporary access<\/li>\r\n\r\n\r\n\r\n<li>Enabling encryption and soft delete options<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Be sure to test access control options and experiment with lifecycle policies to understand how they affect cost and performance.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Establishing Governance and Security<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>A key responsibility of Azure administrators is enforcing security and compliance through governance. You\u2019ll use features like:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Resource locks to prevent accidental deletions<\/li>\r\n\r\n\r\n\r\n<li>Azure Policy to enforce organizational standards.<\/li>\r\n\r\n\r\n\r\n<li>Management groups are used to structure a large-scale environment.<\/li>\r\n\r\n\r\n\r\n<li>Tagging for cost and resource tracking<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Security isn\u2019t optional\u2014it\u2019s integral to your role. From configuring NSGs to using Azure Defender for Cloud, administrators are expected to protect workloads by default.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Tips to Start Your AZ-104 Prep<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>To get the most from your study time:<\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li>Review Microsoft\u2019s official exam guide \u2013 Stay current with what\u2019s covered.<\/li>\r\n\r\n\r\n\r\n<li>Set up a free Azure account \u2013 Nothing beats hands-on practice.<\/li>\r\n\r\n\r\n\r\n<li>Use Microsoft Learn \u2013 It\u2019s free and exam-focused.<\/li>\r\n\r\n\r\n\r\n<li>Join study groups and forums \u2013 Reddit, Tech Community, and Discord are great places.<\/li>\r\n\r\n\r\n\r\n<li>Practice with mock exams \u2013 Familiarize yourself with question formats and timing.<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p>In this series of our Microsoft Azure Administrator study guide, we\u2019ve laid the foundation for your AZ-104 certification journey. You\u2019ve learned what the certification covers, the core responsibilities of an Azure Administrator, and which tools and services you\u2019ll need to master.<\/p>\r\n\r\n\r\n\r\n<p>We\u2019ll take a deeper dive into deploying and managing Azure compute resources\u2014think virtual machines, scale sets, availability zones, containers, and Azure App Services. These skills form the backbone of infrastructure deployment and will make up a significant portion of the AZ-104 exam.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Deploying and Managing Compute Resources<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Welcome back to our AZ-104 Microsoft Azure Administrator study series. We covered the exam structure, key skills, and foundational tools like the Azure Portal, PowerShell, and CLI. Now, we\u2019ll dive into one of the most critical and practical domains: Azure Compute.<\/p>\r\n\r\n\r\n\r\n<p>Compute resources power the core of any Azure workload\u2014whether you\u2019re spinning up virtual machines, hosting apps in containers, or deploying serverless functions. As an Azure Administrator, you must understand how to deploy, configure, and maintain these resources efficiently and securely.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Why Computing Is Important for AZ-104<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>The AZ-104 exam dedicates 20\u201325% of its questions to deploying and managing compute resources. These skills directly impact availability, cost, and performance, making them essential for real-world operations.<\/p>\r\n\r\n\r\n\r\n<p>Key topics include:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Virtual Machines (VMs)<\/li>\r\n\r\n\r\n\r\n<li>Virtual Machine Scale Sets (VMSS)<\/li>\r\n\r\n\r\n\r\n<li>Availability options (sets and zones)<\/li>\r\n\r\n\r\n\r\n<li>Containers and App Services<\/li>\r\n\r\n\r\n\r\n<li>Custom images and automation with ARM templates or Bicep<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Virtual Machines: Core of Azure Compute<\/strong><\/h2>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Creating VMs<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Azure VMs let you run Windows or Linux-based workloads in the cloud. You can create them through:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Azure Portal (GUI)<\/li>\r\n\r\n\r\n\r\n<li>Azure CLI (az vm create)<\/li>\r\n\r\n\r\n\r\n<li>PowerShell (New-AzVM)<\/li>\r\n\r\n\r\n\r\n<li>ARM\/Bicep templates for automation<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>When provisioning a VM, you&#8217;ll choose:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Size (SKU): Determines CPU, memory, and cost<\/li>\r\n\r\n\r\n\r\n<li>Image: Predefined OS images or custom ones<\/li>\r\n\r\n\r\n\r\n<li>Disk type: Standard or Premium SSD<\/li>\r\n\r\n\r\n\r\n<li>Network: Attach to an existing VNet\/subnet<\/li>\r\n\r\n\r\n\r\n<li>Authentication: Password or SSH key<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Key Management Tasks<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Start\/Stop\/Restart\/Deallocate VMs<\/li>\r\n\r\n\r\n\r\n<li>Resize the VM SKU (carefully\u2014some sizes may not be compatible with existing disks)<\/li>\r\n\r\n\r\n\r\n<li>Attach and detach data disks.<\/li>\r\n\r\n\r\n\r\n<li>Enable and configure boot diagnostics<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>High Availability with Availability Sets and Zones<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Azure offers built-in options to ensure VM uptime:<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Availability Sets<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Protect against hardware failure within a single data center.<\/li>\r\n\r\n\r\n\r\n<li>Use update domains and fault domains to separate resources.s<\/li>\r\n\r\n\r\n\r\n<li>Typically used for traditional apps needing redundancy within a region<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Availability Zones<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Provide data center-level fault isolation within an Azure region<\/li>\r\n\r\n\r\n\r\n<li>Each zone is a physically separate location.<\/li>\r\n\r\n\r\n\r\n<li>Recommended for mission-critical workloads<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Virtual Machine Scale Sets (VMSS)<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Scale sets allow you to automatically deploy and manage identical VMs across availability zones or sets.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Benefits:<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Elastic scaling based on CPU\/memory or schedule<\/li>\r\n\r\n\r\n\r\n<li>Integrated load balancing<\/li>\r\n\r\n\r\n\r\n<li>Supports autoscaling rules and manual instance control<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Example: Use az vmss create or an ARM\/Bicep template to deploy a VMSS.<\/p>\r\n\r\n\r\n\r\n<p>Scale sets are ideal for front-end web servers, batch processing, or scenarios where workloads fluctuate.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Containers: Azure Container Instances (ACI) and AKS<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Containers offer a lightweight way to deploy apps without managing VMs or OS-level dependencies.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Container Instances (ACI)<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Best for simple, fast, serverless container deployments<\/li>\r\n\r\n\r\n\r\n<li>You define an image, CPU\/memory settings, and networking.<\/li>\r\n\r\n\r\n\r\n<li>Run isolated containers without VM overhead.d<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Example CLI command:<\/p>\r\n\r\n\r\n\r\n<p>bash<\/p>\r\n\r\n\r\n\r\n<p>CopyEdit<\/p>\r\n\r\n\r\n\r\n<p>az container create \\<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0&#8211;name myapp \\<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0&#8211;image nginx \\<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0&#8211;cpu 1 &#8211;memory 1 \\<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0&#8211;resource-group myrg \\<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0&#8211;ip-address public<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Kubernetes Service (AKS)<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Fully managed Kubernetes cluster<\/li>\r\n\r\n\r\n\r\n<li>More complex, used for orchestrating microservices<\/li>\r\n\r\n\r\n\r\n<li>Not heavily emphasized in AZ-104, but worth understanding<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>App Services: PaaS Hosting for Web Apps<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Azure App Service lets you host web apps, REST APIs, and mobile backends without managing infrastructure.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Key Features:<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Support for multiple languages (.NET, Node.js, Python, etc.)<\/li>\r\n\r\n\r\n\r\n<li>Deployment slots for staging\/production<\/li>\r\n\r\n\r\n\r\n<li>Integrated with GitHub or Azure DevOps for CI\/CD<\/li>\r\n\r\n\r\n\r\n<li>Auto-scaling and custom domains<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p><em>Know how to:<\/em><\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Create an App Service Plan<\/li>\r\n\r\n\r\n\r\n<li>Deploy and scale a Web App.<\/li>\r\n\r\n\r\n\r\n<li>Configure deployment slots and custom domains<\/li>\r\n\r\n\r\n\r\n<li>Set up identity and access settings.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Automating Deployments with ARM Templates and Bicep<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>As an Azure Administrator, automating your deployments with Infrastructure as Code (IaC) is a huge productivity boost.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Options:<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li><strong>ARM templates<\/strong>: JSON-based, verbose but powerful<\/li>\r\n\r\n\r\n\r\n<li><strong>Bicep<\/strong>: A simplified, readable DSL that transpiles to ARM<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Bicep example to deploy a VM:<\/p>\r\n\r\n\r\n\r\n<p>bicep<\/p>\r\n\r\n\r\n\r\n<p>CopyEdit<\/p>\r\n\r\n\r\n\r\n<p>resource vm &#8216;Microsoft.Compute\/virtualMachines@2022-03-01&#8217; = {<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0name: &#8216;myVM&#8217;<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0location: resourceGroup().location<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0properties: {<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0\u00a0\u00a0hardwareProfile: { vmSize: &#8216;Standard_B1s&#8217; }<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0\u00a0\u00a0&#8230;<\/p>\r\n\r\n\r\n\r\n<p>\u00a0\u00a0}<\/p>\r\n\r\n\r\n\r\n<p>}<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Remote Access and Security<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Managing compute resources means securing them, too.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Use Azure Bastion to securely connect to VMs without exposing RDP\/SSH ports.<\/li>\r\n\r\n\r\n\r\n<li>Configure Just-in-Time VM access to reduce attack surfaces<\/li>\r\n\r\n\r\n\r\n<li>Monitor compute activity via Azure Monitor and Log Analytics.<\/li>\r\n\r\n\r\n\r\n<li>Apply NSGs (Network Security Groups) to control traffic<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Cost Optimization and Sizing<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Being able to right-size VMs and scale appropriately is vital. Azure provides tools like:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Azure Pricing Calculator<\/li>\r\n\r\n\r\n\r\n<li>Azure Advisor for VM optimization suggestions<\/li>\r\n\r\n\r\n\r\n<li>Cost Management to track and manage spending<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Know when to use burstable (B-series) VMs vs. compute-optimized SKUs, and how spot instances differ from standard pricing.<\/p>\r\n\r\n\r\n\r\n<p>\u00a0Deploy VMs using the portal, CLI, and templates.<br \/>\u00a0 Create and configure a scale set.s<br \/>\u00a0 Configure availability sets and zones<br \/>\u00a0 Set up ACI and deploy containers.<br \/>\u00a0 Deploy a web app to Azure App Services.<br \/>\u00a0 Automate infrastructure with Bicep<br \/>\u00a0 Use Bastion and NSGs for secure VM access.s<br \/>\u00a0 Monitor VM performance and logs.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Configuring and Managing Virtual Networking<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>This section focuses on virtual networking in Azure\u2014a key topic that accounts for about 20\u201325% of the AZ-104 exam. Understanding how to create, secure, and troubleshoot Azure networks is essential for any cloud administrator.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>1. Virtual Networks (VNets) and Subnets<\/strong><\/h2>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Virtual Network (VNet)<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>A VNet is a logically isolated network in Azure. It allows you to host and securely connect Azure resources, much like a traditional on-premises network.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Customizable IP address range using CIDR<\/li>\r\n\r\n\r\n\r\n<li>Can span across availability zones<\/li>\r\n\r\n\r\n\r\n<li>Supports service endpoints and private links<\/li>\r\n\r\n\r\n\r\n<li>Connects to on-prem networks via VPN or ExpressRoute<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Subnets<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Subnets divide a VNet into smaller address spaces, organizing resources by function or trust level.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Each subnet has a portion of the VNet&#8217;s IP address range.<\/li>\r\n\r\n\r\n\r\n<li>Required for deploying most resources<\/li>\r\n\r\n\r\n\r\n<li>Allows assignment of security policies<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>2. Network Security Groups (NSGs)<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>NSGs are used to control inbound and outbound network traffic.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Contain rules with priority, source\/destination, protocol, and port.<\/li>\r\n\r\n\r\n\r\n<li>Can be applied to subnets or individual network interfaces (NICs)<\/li>\r\n\r\n\r\n\r\n<li>Default rules allow VNet traffic and deny internet inbound traffic<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Key concepts:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Lower priority number = higher precedence<\/li>\r\n\r\n\r\n\r\n<li>Rules can allow or deny traffic.c<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>3. Application Security Groups (ASGs)<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>ASGs simplify network rule management by grouping VMs with similar roles.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Combine ASGs with NSGs for a dynamic traffic rule.s<\/li>\r\n\r\n\r\n\r\n<li>No need to manage individual IP addresses<\/li>\r\n\r\n\r\n\r\n<li>Useful for scaling applications without changing NSG rules<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>4. VNet Peering<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>VNet peering connects two VNets, enabling private communication across them.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Traffic flows through Azure&#8217;s backbone network.<\/li>\r\n\r\n\r\n\r\n<li>Supports regional and global peering<\/li>\r\n\r\n\r\n\r\n<li>Transitive routing is not supported by default<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Each VNet must have a non-overlapping IP address space.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>5. DNS and Private DNS Zones<\/strong><\/h2>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure DNS<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Hosts public DNS zones in Azure.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Allows domain name resolution for internet-facing services<\/li>\r\n\r\n\r\n\r\n<li>Managed via the Azure portal, CLI, or ARM templates<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Private DNS Zones<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Provide name resolution for virtual networks internally.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>No need for custom DNS servers<\/li>\r\n\r\n\r\n\r\n<li>Can be linked to one or more VNets<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>6. User-Defined Routes (UDRs)<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Custom routing rules that override Azure\u2019s system routes.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Used to direct traffic to a Network Virtual Appliance (NVA)<\/li>\r\n\r\n\r\n\r\n<li>Applied through route tables associated with subnets<\/li>\r\n\r\n\r\n\r\n<li>Can force traffic through firewalls or gateways<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>7. Load Balancers and Application Gateways<\/strong><\/h2>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Load Balancer<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Operates at Layer 4 (TCP\/UDP)<\/li>\r\n\r\n\r\n\r\n<li>Distributes traffic across VMs in a backend pool<\/li>\r\n\r\n\r\n\r\n<li>Supports both internal and external configurations<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Application Gateway<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Operates at Layer 7 (HTTP\/HTTPS)<\/li>\r\n\r\n\r\n\r\n<li>Performs intelligent routing (path- or host-based)<\/li>\r\n\r\n\r\n\r\n<li>Supports SSL termination and includes an optional Web Application Firewall (WAF)<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>8. Azure Firewall and Azure Bastion<\/strong><\/h2>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Firewall<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Managed, stateful firewall-as-a-service<\/li>\r\n\r\n\r\n\r\n<li>Filters outbound, inbound, and traffic between VNets<\/li>\r\n\r\n\r\n\r\n<li>Supports fully qualified domain name (FQDN) filtering, threat intelligence<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Bastion<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Provides secure RDP and SSH access via the Azure portal<\/li>\r\n\r\n\r\n\r\n<li>No need for public IPs on VMs<\/li>\r\n\r\n\r\n\r\n<li>Prevents opening ports like 3389 or 22<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>9. VPN Gateway and ExpressRoute<\/strong><\/h2>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>VPN Gateway<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Establishes a secure IPsec connection between Azure and on-premises networks<\/li>\r\n\r\n\r\n\r\n<li>Requires a virtual network gateway in Azure and a compatible VPN device on-premises<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>ExpressRoute<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Dedicated private connection to Azure<\/li>\r\n\r\n\r\n\r\n<li>Offers higher reliability, faster speeds, and lower latency compared to VPN<\/li>\r\n\r\n\r\n\r\n<li>Does not go over the public internet<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>10. Service Endpoints and Private Link<\/strong><\/h2>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Service Endpoints<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Extend Azure services into your VNet<\/li>\r\n\r\n\r\n\r\n<li>Traffic remains on Azure&#8217;s private backbone.<\/li>\r\n\r\n\r\n\r\n<li>No need to configure NAT or public IPs<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Private Link<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Assigns a private IP to Azure PaaS services<\/li>\r\n\r\n\r\n\r\n<li>Enables access to services from within the VNet<\/li>\r\n\r\n\r\n\r\n<li>Recommended over service endpoints for secure access<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>11. Monitoring and Troubleshooting<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Use built-in tools to monitor and resolve networking issues.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Network Watcher<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Enables network diagnostics and logging<\/li>\r\n\r\n\r\n\r\n<li>Includes features like connection troubleshooting and IP flow verification<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>NSG Flow Logs<\/strong><\/h3>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Capture inbound and outbound traffic flow through NSGs<\/li>\r\n\r\n\r\n\r\n<li>Useful for auditing and troubleshooting<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Practical Tasks to Master<\/strong><\/h2>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Deploy and configure VNets and subnets<\/li>\r\n\r\n\r\n\r\n<li>Implement and apply NSGs and ASGs<\/li>\r\n\r\n\r\n\r\n<li>Set up VNet peering (same and cross-region)<\/li>\r\n\r\n\r\n\r\n<li>Configure private DNS zones<\/li>\r\n\r\n\r\n\r\n<li>Create route tables and user-defined routes.<\/li>\r\n\r\n\r\n\r\n<li>Use load balancers and an application gateway.s<\/li>\r\n\r\n\r\n\r\n<li>Connect to on-prem via VPN Gateway and ExpressRoute (conceptual)<\/li>\r\n\r\n\r\n\r\n<li>Implement service endpoints and Private Link.<\/li>\r\n\r\n\r\n\r\n<li>Use Network Watcher tools for diagnostics.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Implementing and Managing Azure Storage Solutions<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Microsoft Azure storage is a cornerstone of the AZ-104 certification. As an Azure Administrator, your ability to effectively implement and manage storage resources impacts availability, performance, and security. This part of the study guide walks you through configuring access, managing storage accounts, and handling file and blob storage.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Configure Access to Azure Storage<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Access control is fundamental in managing storage. Azure provides multiple mechanisms to secure storage access, including identity-based access and shared keys.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Firewalls and Virtual Networks<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>To protect storage accounts, administrators can configure storage firewalls and virtual networks. This restricts access by allowing traffic only from selected networks. Setting up firewall rules includes defining specific IP address ranges and allowing trusted Azure services to bypass rules if needed.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Shared Access Signatures (SAS)<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Shared Access Signatures enable delegated access to storage resources without exposing the storage account key. SAS tokens can be scoped for read, write, delete, or list operations and can be time-bound. Stored access policies can be used to manage SAS constraints more easily.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Access Keys<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Storage accounts provide two keys that can be used interchangeably. It\u2019s best practice to regenerate keys periodically and to use Azure Key Vault to manage and store them securely.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Identity-Based Access for Azure Files<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Azure supports Active Directory-based authentication for file shares. Azure Files can use either on-premises Active Directory or Microsoft Entra ID to control access. This approach enhances security and aligns with existing identity management frameworks.<\/p>\r\n\r\n\r\n\r\n<p><strong>Configure and Manage Storage Accounts<\/strong><\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Creating Storage Accounts<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Azure supports different types of storage accounts, including general-purpose v2, premium block blobs, and file storage accounts. When creating a storage account, you\u2019ll select a performance tier (standard or premium), a redundancy type, and an access tier.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Redundancy Options<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Azure offers several redundancy models:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Locally Redundant Storage (LRS): Replicates data within a single data center.<\/li>\r\n\r\n\r\n\r\n<li>Zone-Redundant Storage (ZRS): Spreads data across different zones within a region.<\/li>\r\n\r\n\r\n\r\n<li>Geo-Redundant Storage (GRS): Replicates data to a secondary region.<\/li>\r\n\r\n\r\n\r\n<li>Read-Access GRS (RA-GRS): Allows read access to the secondary replica.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Choose redundancy based on business continuity and compliance needs.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Object Replication<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Azure Blob Storage supports replication between storage accounts. This feature allows data from one blob container to be copied automatically to another in a different account or region. It is useful for scenarios like data aggregation, global content distribution, or backups.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Encryption Settings<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>All data in Azure Storage is encrypted at rest using Microsoft-managed keys by default. You can also use customer-managed keys stored in Azure Key Vault for greater control. Disk encryption for virtual machines is configured separately using Azure Disk Encryption.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Management Tools<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Two key tools for managing data are Azure Storage Explorer and AzCopy.<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Azure Storage Explorer is a GUI tool that allows users to interact with storage accounts.<\/li>\r\n\r\n\r\n\r\n<li>AzCopy is a command-line utility designed for high-performance data transfers.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Use AzCopy for automation and scripting, especially when working with large volumes of data.<\/p>\r\n\r\n\r\n\r\n<p><strong>Configure Azure Files and Blob Storage<\/strong><\/p>\r\n\r\n\r\n\r\n<p>Azure supports both unstructured data in blob storage and structured files through Azure Files. Each comes with specific capabilities and configuration needs.<\/p>\r\n<table>\r\n<tbody>\r\n<tr>\r\n<td>\r\n<p><b>Related Exams:<\/b><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/DP-600.htm\"><span style=\"font-weight: 400;\">Microsoft DP-600 &#8211; Implementing Analytics Solutions Using Microsoft Fabric Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/DP-700.htm\"><span style=\"font-weight: 400;\">Microsoft DP-700 &#8211; Implementing Data Engineering Solutions Using Microsoft Fabric Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/DP-900.htm\"><span style=\"font-weight: 400;\">Microsoft DP-900 &#8211; Microsoft Azure Data Fundamentals Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/GH-100.htm\"><span style=\"font-weight: 400;\">Microsoft GH-100 &#8211; GitHub Administration Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<tr>\r\n<td>\r\n<p><a href=\"https:\/\/www.test-king.com\/exams\/GH-200.htm\"><span style=\"font-weight: 400;\">Microsoft GH-200 &#8211; GitHub Actions Exam Dumps &amp; Practice Test Questions<\/span><\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure File Shares<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Azure Files provides fully managed file shares accessible over SMB or NFS protocols. They are ideal for file servers, shared applications, and lift-and-shift scenarios.<\/p>\r\n\r\n\r\n\r\n<p>To create a file share, choose a storage account, define a share name, and configure quota settings. File shares can be mounted to Windows, Linux, or macOS machines, either on-premises or in the cloud.<\/p>\r\n\r\n\r\n\r\n<p>Snapshots allow for point-in-time recovery of file shares. Soft delete for shares is also available and can be enabled to protect against accidental deletions.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Blob Storage<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Blob storage is optimized for storing massive amounts of unstructured data, like text and binary data.<\/p>\r\n\r\n\r\n\r\n<p>To use blob storage, create a container inside a storage account. Within the container, you can store blobs in block, append, or page format depending on the use case. Most applications use block blobs for images, documents, and backups.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Storage Tiers<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Azure supports three main access tiers for blobs:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Hot: Frequently accessed data.<\/li>\r\n\r\n\r\n\r\n<li>Cool: Infrequently accessed data.<\/li>\r\n\r\n\r\n\r\n<li>Archive: Rarely accessed data with flexible latency requirements.<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>You can move blobs between tiers manually or automatically using lifecycle management policies. Tier selection impacts both cost and availability.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Lifecycle Management<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Lifecycle rules automate blob movement and deletion based on conditions like age or access time. For example, you can configure a rule to move data to the cool tier after 30 days and delete it after 180 days. These policies help manage costs effectively.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Versioning<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Blob versioning automatically saves the previous state of a blob whenever it&#8217;s modified or deleted. This is crucial for data recovery and audit scenarios. Versioning can be combined with soft delete to provide robust data protection.<\/p>\r\n\r\n\r\n\r\n<p><strong>Monitor Azure Storage Resources<\/strong><\/p>\r\n\r\n\r\n\r\n<p>Proper monitoring helps maintain the performance, availability, and security of storage services.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Metrics and Alerts<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Azure Monitor provides performance data for storage accounts. You can track metrics like:<\/p>\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n<li>Total ingress and egress<\/li>\r\n\r\n\r\n\r\n<li>Availability and latency<\/li>\r\n\r\n\r\n\r\n<li>Number of successful or failed requests<\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n<p>Set up alerts to notify admins when thresholds are breached, for example, when transactions exceed a certain count or when latency spikes.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Logs and Diagnostics<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Storage analytics logs give insight into operations like read, write, and delete requests. Diagnostic settings can be configured to send logs and metrics to Log Analytics, Event Hubs, or Storage accounts for further analysis.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Monitor Insights<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Storage Insights provides dashboards for performance trends. These dashboards highlight metrics like transaction volume, average latency, and capacity trends.<\/p>\r\n\r\n\r\n\r\n<p><strong>Secure Azure Storage<\/strong><\/p>\r\n\r\n\r\n\r\n<p>Security is critical in Azure storage management. A layered approach using identity, access control, encryption, and monitoring is ideal.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Role-Based Access Control (RBAC)<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>RBAC helps manage who has access to Azure resources. Assign roles like Reader, Contributor, or Storage Blob Data Owner at the resource group or account level.<\/p>\r\n\r\n\r\n\r\n<p>You can also create custom roles to meet unique access requirements. Always follow the principle of least privilege.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Shared Access and Time-Bound Tokens<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Use SAS tokens to provide time-limited access to storage data without exposing access keys. Combine these tokens with stored access policies to improve manageability and security.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Network Restrictions<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Limit access to storage accounts using virtual network rules and firewall settings. Only allow traffic from approved sources and enable secure transfer (HTTPS-only).<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Secure Transfer and TLS<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Enable the secure transfer option in storage account settings to enforce HTTPS. This ensures that data in transit is encrypted.<\/p>\r\n\r\n\r\n\r\n<p>You can also use Transport Layer Security (TLS) settings to enforce minimum TLS versions for clients accessing the storage.<\/p>\r\n\r\n\r\n\r\n<p><strong>Backup and Recovery<\/strong><\/p>\r\n\r\n\r\n\r\n<p>Azure provides comprehensive options for backup and disaster recovery.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Backup<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Azure Backup supports file shares, virtual machines, and other services. It stores backup data in a Recovery Services vault or Backup vault. You can define backup policies, schedule jobs, and configure retention.<\/p>\r\n\r\n\r\n\r\n<p>Use the Azure portal or PowerShell to restore deleted files, folders, or entire shares.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><strong>Azure Site Recovery<\/strong><\/h3>\r\n\r\n\r\n\r\n<p>Site Recovery supports replicating virtual machines across regions. It helps maintain business continuity during outages or disasters.<\/p>\r\n\r\n\r\n\r\n<p>Failover can be triggered manually or automatically based on conditions. After recovery, you can fail back to the original region once it is operational again.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Best Practices for Azure Storage Administration<\/strong><\/h2>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li>Use General-purpose v2 storage accounts for maximum flexibility.<\/li>\r\n\r\n\r\n\r\n<li>Enable soft delete and versioning to protect against accidental data loss.<\/li>\r\n\r\n\r\n\r\n<li>Set up lifecycle management to control storage costs.<\/li>\r\n\r\n\r\n\r\n<li>Regularly rotate storage access keys and use managed identities where possible.<\/li>\r\n\r\n\r\n\r\n<li>Implement monitoring and alerts for proactive storage management.<\/li>\r\n\r\n\r\n\r\n<li>Use geo-redundant storage when business continuity is a priority.<\/li>\r\n\r\n\r\n\r\n<li>Use private endpoints and service endpoints to restrict access.<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p>Mastering Azure Storage is essential for any administrator preparing for the AZ-104 exam. By configuring access controls, managing storage accounts, handling blob and file storage, and securing data, you lay the foundation for a resilient and scalable cloud architecture. Tools like Azure Monitor, RBAC, lifecycle management, and backup services help maintain this infrastructure efficiently. Understanding these storage solutions in depth prepares you not only for the certification but also for real-world Azure administration challenges.<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><strong>Final Thoughts<\/strong><\/h2>\r\n\r\n\r\n\r\n<p>Understanding and managing Azure Storage is a vital responsibility for any cloud administrator. The concepts in this section\u2014ranging from access management and security to performance optimization and disaster recovery\u2014form the backbone of real-world cloud infrastructure and are highly emphasized on the AZ-104 exam.<\/p>\r\n\r\n\r\n\r\n<p>While it\u2019s essential to grasp the technical configurations\u2014such as how to enable soft delete or generate a shared access signature\u2014it\u2019s equally important to understand the business implications of storage decisions. For example, choosing between LRS and GRS redundancy is not just a technical decision but a risk management strategy. Similarly, enabling lifecycle management can result in significant cost savings when handling large datasets in long-term archival scenarios.<\/p>\r\n\r\n\r\n\r\n<p>In practical terms, you\u2019ll often deal with scenarios where multiple stakeholders need controlled access to data. Developers might need temporary read-write access to blob containers, finance teams may need access to archived invoices via Azure Files, and security teams might need logs for auditing purposes. Implementing granular RBAC roles, using private endpoints, and deploying logging pipelines with Log Analytics are not just \u201ctest topics\u201d\u2014they\u2019re real operational tasks that directly impact security and governance.<\/p>\r\n\r\n\r\n\r\n<p>Moreover, as companies move toward hybrid cloud models, your ability to integrate on-premises Active Directory with Azure Files and support seamless file share access across networks becomes critical. Understanding how Azure supports NFS, SMB, and integration with Microsoft Entra ID (formerly Azure AD) ensures you can support enterprise-scale operations without sacrificing performance or compliance.<\/p>\r\n\r\n\r\n\r\n<p>With increasing regulatory scrutiny around data privacy, Azure Storage provides native features to help meet requirements like GDPR, HIPAA, and ISO standards. Encryption-at-rest, secure transfer over HTTPS, and customer-managed keys via Azure Key Vault are no longer optional; they are must-haves in any secure deployment. Using audit logs, versioning, and soft delete also supports compliance by preserving data integrity and offering recovery options.<\/p>\r\n\r\n\r\n\r\n<p>When preparing for the AZ-104 exam, don\u2019t treat these storage topics as isolated tasks. Practice configuring an entire environment: create a storage account, secure it, configure logging, mount an Azure File share, and simulate recovery from a deletion. This holistic view reinforces your learning and makes the concepts stick.<\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li><strong>Practice with the Azure Portal and CLI<\/strong>: You\u2019ll be expected to know not just how to perform tasks in the GUI but also how to use Azure CLI and PowerShell to automate those tasks.<\/li>\r\n\r\n\r\n\r\n<li><strong>Understand When to Use What<\/strong>: Learn the differences between file storage, blob storage, and disk storage\u2014and understand where each is appropriate. This helps in both exam questions and real-world design decisions.<\/li>\r\n\r\n\r\n\r\n<li><strong>Simulate Failure Scenarios<\/strong>: Try deleting data, moving data between tiers, and restoring snapshots. Understand how each mechanism behaves and what limitations may arise.<\/li>\r\n\r\n\r\n\r\n<li><strong>Use Microsoft Learn and Labs<\/strong>: Microsoft provides sandboxed environments where you can safely experiment. These environments also simulate the types of scenarios you&#8217;ll encounter on the exam.<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p>Storage is just one pillar of the Azure Administrator role. But because every workload\u2014whether compute, networking, or application\u2014depends on reliable, secure, and scalable storage, your competence in this area is foundational. As you progress toward certification and deeper responsibilities in cloud administration, expect to revisit these storage concepts in areas like automation (via ARM templates or Bicep), cost governance (with Azure Cost Management), and security baselining (through Defender for Cloud).<\/p>\r\n\r\n\r\n\r\n<p>Ultimately, your goal isn\u2019t just to pass the AZ-104 exam, but to become a confident, capable Azure Administrator. Mastering Azure Storage means you&#8217;re one step closer to that.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>As more organizations transition their infrastructure to the cloud, Microsoft Azure has become a key platform for modern IT operations. With its wide array of services and tools, Azure empowers businesses to deploy, manage, and monitor applications at scale. For IT professionals, this shift means growing demand for those who can manage cloud environments effectively, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[106,116],"tags":[],"class_list":["post-1478","post","type-post","status-publish","format-standard","hentry","category-all-certifications","category-microsoft"],"_links":{"self":[{"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/posts\/1478"}],"collection":[{"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/comments?post=1478"}],"version-history":[{"count":3,"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/posts\/1478\/revisions"}],"predecessor-version":[{"id":4922,"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/posts\/1478\/revisions\/4922"}],"wp:attachment":[{"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/media?parent=1478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/categories?post=1478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.test-king.com\/blog\/wp-json\/wp\/v2\/tags?post=1478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}