Practice Exams:
Home Blog AZ-104 vs AZ-103: What’s New in the Azure Administrator Exam

AZ-104 vs AZ-103: What’s New in the Azure Administrator Exam

When it comes to Microsoft Azure certifications, one thing is guaranteed: change. As the cloud computing industry evolves, so do the skills needed to manage and operate within it. That evolution is reflected in Microsoft’s approach to its certification exams. The retirement of AZ-103 and the introduction of AZ-104 is one such example of this shift.

AZ-103, which previously served as the pathway to becoming a Microsoft Certified: Azure Administrator Associate, was officially retired. In its place, AZ-104 has become the new standard. While it builds on the foundation laid by AZ-103, AZ-104 introduces a range of updates designed to test more advanced, practical, and role-specific knowledge.

If you’re aiming for a career in Azure administration, it’s important to understand what changed between the two exams — and more importantly, what those changes mean for your learning path and career trajectory.

Why Microsoft Made the Change

The transition from AZ-103 to AZ-104 is not just about new content. It reflects Microsoft’s broader move toward a role-based certification model. Rather than testing generic knowledge of Azure services, these certifications now focus on the actual skills professionals use in the field.

With cloud adoption surging and more businesses moving critical infrastructure to platforms like Azure, the need for competent, real-world-ready professionals has never been higher. The Azure Administrator Associate certification plays a key role in validating the expertise of those responsible for keeping cloud systems operational, secure, and optimized.

AZ-104 is structured to reflect current job roles more accurately. It’s not just about being able to spin up virtual machines or configure networks — it’s about managing and maintaining an enterprise-grade Azure environment. That includes implementing governance, optimizing performance, configuring backups, and ensuring secure access.

From Resource Creation to Resource Management

One of the most significant shifts from AZ-103 to AZ-104 is the move from basic resource creation to in-depth resource management. AZ-103 tested whether a candidate could create and configure services like storage accounts, virtual networks, and virtual machines. That’s important, but in modern cloud environments, it’s only the beginning.

AZ-104 expects candidates to go further. It requires an understanding of how to manage those resources after they’ve been deployed. That includes monitoring performance, maintaining configurations, managing updates, and implementing security controls.

The change is particularly noticeable in how the exam addresses monitoring and backup solutions. In AZ-103, these were secondary topics. In AZ-104, they are essential. Monitoring, for instance, is no longer just a checkbox — it’s a full-fledged domain that focuses on how administrators can maintain visibility into their environments.

Monitoring and Backup as Core Responsibilities

AZ-104 reflects the importance of observability in modern cloud environments. Candidates are expected to demonstrate knowledge of tools like Azure Monitor, Log Analytics, and Application Insights. These tools help track the health and performance of Azure services, collect telemetry data, and set up alerts based on thresholds and anomalies.

Azure Backup, once a subsection within the storage domain in AZ-103, is now covered in greater depth. In real-world scenarios, backup is a crucial part of disaster recovery planning. Organizations depend on their Azure administrators to ensure that data is recoverable in the event of corruption, accidental deletion, or service failures.

Understanding how to create backup policies, configure recovery vaults, and test recovery scenarios is now part of the expected skill set. This marks a more realistic and practical approach to evaluating candidates for this role.

Governance and Identity Now Share the Spotlight

Another key change in the exam structure is the merging of two separate domains into a unified identity and governance domain. In AZ-103, identity and resource management were tested independently. AZ-104 combines them under the umbrella of “Manage Azure identities and governance.”

This change reflects a more integrated view of how organizations manage access, control, and compliance in Azure environments. Azure administrators need to understand how identity and governance intersect — for example, how Azure Active Directory roles tie into resource permissions, or how to enforce policy compliance using Azure Policy.

In this section, candidates are expected to understand how to configure RBAC, manage resource locks, implement policies, and control access to Azure services. They must also understand the use of management groups and subscriptions in large-scale environments. These skills are crucial in enterprises with multiple departments or teams sharing a cloud environment.

Storage Moves Beyond Provisioning

In AZ-103, the focus within the storage domain was primarily on setting up and configuring storage accounts, file shares, and related services. AZ-104 shifts the emphasis toward managing data within those storage environments.

Candidates now need to understand how to implement lifecycle management for blob storage, control access to data, and monitor storage usage. This includes more in-depth knowledge of shared access signatures, Azure Storage Explorer, and logging for storage operations.

Interestingly, Azure Data Factory and CDN, which were part of the AZ-103 objectives, have been removed from AZ-104. This reflects a tighter focus on core administrator responsibilities. The idea is not to broaden the exam, but to make it deeper and more relevant to day-to-day operations.

Expanding the Scope of Computing

Virtual machines remain a central topic in AZ-104, as they were in AZ-103. But the newer exam also expands the scope to include containers and app services.

Candidates need to know how to deploy and configure App Services, manage app settings, and integrate with storage and monitoring solutions. Containers, including AKS (Azure Kubernetes Service), are also covered. This reflects the increasing use of containerized applications in modern infrastructure, especially in DevOps-driven organizations.

This means the Azure Administrator now needs a working understanding of how different compute models interact with other services in the Azure ecosystem. It’s no longer enough to simply deploy VMs. You need to know when to use containers or app services and how to monitor and scale them effectively.

Networking Adds Security Tools

Networking has always been a critical component of the Azure Administrator certification. Virtual networks, subnets, public IPs, and network interfaces were thoroughly covered in AZ-103. AZ-104 retains this focus but adds new layers related to security.

Two notable additions are Azure Bastion and Azure Firewall. Azure Bastion provides secure RDP and SSH connectivity to Azure virtual machines without exposing them to the public internet. Azure Firewall, on the other hand, offers advanced threat protection for network traffic.

The inclusion of these services emphasizes how security is now a central concern for Azure administrators. Candidates must understand how to manage network security groups, application security groups, and implement firewall rules across different subnets.

Preparing for AZ-104

With the AZ-104 exam covering more depth across fewer but more refined topics, the best way to prepare is to focus on hands-on experience. While reading documentation and understanding theoretical concepts are important, it’s real-world practice that will help you pass the exam and be successful in a role.

Use Azure’s free tier or a sandbox environment to deploy services, monitor their performance, and test various configurations. Create and restore backups, set up alerts, test identity policies, and explore how services like Azure Monitor or Application Insights work in tandem with others.

The move from AZ-103 to AZ-104 reflects more than just an update — it’s a strategic realignment of how Microsoft validates Azure administration skills. The new exam better aligns with the expectations placed on professionals in real organizations. It prioritizes security, monitoring, governance, and integration — all essential for running cloud environments effectively.

If you’re planning to pursue the Azure Administrator Associate certification, AZ-104 is your new path forward. And it’s a strong path, both for building your skills and boosting your value in a competitive job market.

In this series, we’ll explore each domain of AZ-104 in detail, starting with identity, governance, and security.

Mastering Identity, Governance, and Security in the AZ-104 Microsoft Azure Administrator Certification

With the release of the AZ-104 exam, Microsoft has redefined what it means to be an effective Azure Administrator. One of the most critical areas in this updated certification is the combined focus on identity, governance, and security. In AZ-103, identity and subscription/resource management were tested separately. Now, in AZ-104, they are merged under a unified domain that highlights the importance of integrating identity and governance as part of cloud operations.

In this article, we’ll explore what you need to master in this domain of the AZ-104 certification. We’ll break down each concept and skill area to help you build the right mindset and hands-on ability for this portion of the exam.

The Importance of Identity and Governance in Azure

In a traditional on-premises environment, access control and resource governance could be siloed between departments. In the cloud, those boundaries blur. Azure administrators must be capable of securing access to resources, managing identities across tenants, and enforcing policies to ensure consistent usage.

The AZ-104 exam emphasizes this reality. Whether it’s managing Azure Active Directory, implementing role-based access control (RBAC), or creating policies using Azure Policy, administrators must be able to align operational tasks with organizational governance and compliance needs.

Identity and governance aren’t just about security — they’re about stability, accountability, and control. Misconfigured permissions can expose sensitive data or result in service disruptions. Poor governance can lead to cost overruns or policy violations. Mastering these concepts is not just about passing the exam — it’s about being an effective cloud professional.

Managing Azure Active Directory Users and Groups

The first area to focus on is Azure Active Directory, which plays a central role in identity management. In AZ-104, you need to understand how to manage users and groups, assign licenses, and configure properties such as password policies and authentication methods.

Azure AD isn’t just for internal users. It also supports guest accounts and external collaboration. The exam expects you to know how to invite guest users and apply conditional access policies to secure their access.

Group-based access is critical for scaling permissions across large organizations. You should be comfortable creating security groups, assigning group owners, and using group-based licensing to streamline administrative overhead. Understanding dynamic groups and how they’re used to automate user assignment is also part of the skill set expected.

Role-Based Access Control (RBAC)

One of the most tested areas in AZ-104 is RBAC. This model lets administrators grant granular access to Azure resources based on roles. For the exam, you need to understand how to assign built-in roles such as Owner, Contributor, and Reader, as well as how to create custom roles when built-in roles don’t meet specific needs.

It’s important to understand the scope hierarchy: management groups, subscriptions, resource groups, and individual resources. Permissions applied at a higher level are inherited by lower levels unless explicitly overridden. You must also understand the principle of least privilege and how to audit role assignments to maintain a secure posture.

Knowing how to use the Azure portal, CLI, and PowerShell to assign roles will also help you during practical assessments.

Configuring and Managing Azure Subscriptions and Management Groups

Resource governance in Azure starts with subscriptions. In AZ-104, you are expected to know how to manage subscription-level settings, configure cost management alerts, and apply policies.

Management groups allow you to organize subscriptions under a single hierarchy. This is particularly useful for large enterprises with multiple departments or business units. Policies and RBAC roles can be applied at the management group level and flow down to all subscriptions beneath them.

Being able to link Azure subscriptions to an Azure AD tenant and configure directory settings like tenant branding, security defaults, and multi-factor authentication policies is important.

Implementing and Managing Azure Policies

Azure Policy is a service that enables administrators to enforce rules and effects over resources. It helps ensure that your environment stays compliant with organizational standards.

In AZ-104, candidates are expected to know how to assign policy definitions and initiatives, understand policy effects like “Audit” or “Deny”, and identify non-compliant resources. You’ll need to be familiar with how policies can enforce location restrictions, control resource types, or ensure that tagging standards are applied.

Initiatives allow multiple policies to be grouped for easier management. This is especially useful for applying a set of governance controls across an entire subscription or management group.

Implementing Resource Locks and Tags

Resource locks prevent accidental deletion or modification of critical resources. The AZ-104 exam will test your ability to apply ReadOnly or Delete locks and understand how these locks interact with permissions.

Tags help in organizing and tracking resources. Understanding how to use tags for billing, automation, and compliance is essential. The exam will likely assess your ability to apply tags consistently and enforce tagging via Azure Policy.

Tags can also be used for filtering and cost reporting in Azure Cost Management, so being comfortable with them can improve your ability to manage resources at scale.

Configuring and Using Azure Blueprint Basics

Azure Blueprints are mentioned in the AZ-104 study guide, and while the exam doesn’t dive deep into implementation, you should understand their purpose. Blueprints allow organizations to define a repeatable set of Azure resources and policies that implement and adhere to organizational standards.

This includes ARM templates, policy assignments, role assignments, and resource groups. Knowing how to assign and lock a blueprint can be important in enterprise environments where compliance must be ensured automatically upon deployment.

Securing Administrative Access

AZ-104 covers security from an identity perspective, particularly in ensuring that administrative access is controlled and auditable.

Understanding privileged identity management (PIM) is helpful, even if not extensively covered. PIM allows just-in-time access for administrators and enforces approval workflows for elevated access. At a minimum, you need to understand how to secure Global Administrator roles, enforce multi-factor authentication, and monitor sign-in activity using Azure AD logs.

Security defaults in Azure AD are another area to study. These enable a pre-configured set of identity security mechanisms, including enforced MFA, blocking legacy authentication, and requiring administrator protections.

Monitoring Identity and Governance with Logs

Effective governance also involves monitoring. In AZ-104, you’re expected to know how to review sign-in logs, audit logs, and access reviews. Azure AD provides insights into user activity, risky sign-ins, and privilege escalations.

Monitoring tools help detect unusual behavior, like repeated failed login attempts or access from unexpected locations. You should be familiar with configuring alerts based on audit logs and integrating Azure AD logs with Azure Monitor or Log Analytics for centralized visibility.

Best Practices for Identity and Governance in Azure

While studying for AZ-104, it helps to approach identity and governance topics from a practical, real-world angle. Here are a few best practices to guide your learning:

  • Use groups for access control instead of assigning roles to individual users.

  • Apply the principle of least privilege to minimize the attack surface.

  • Assign roles at the lowest scope necessary to meet job requirements.

  • Use management groups and policies to enforce compliance at scale.

  • Monitor role assignments and log all administrative actions.

  • Implement conditional access policies to enforce device compliance and location-based access.

  • Enforce MFA for all users, especially administrators.

  • Regularly review user access using access reviews and audit reports.

By following these practices and understanding their implementation in the Azure portal, CLI, and ARM templates, you’ll be well-prepared for this section of the exam.

The combined focus on identity and governance in AZ-104 shows just how critical these areas are to successful cloud administration. Gone are the days when provisioning a virtual machine was enough. Azure administrators must now ensure those machines are secured, properly governed, and aligned with enterprise policies from the moment they’re created.

This domain requires a mix of technical skills and strategic thinking. It’s not just about getting things to work — it’s about making sure they work the right way, in the right context, and under the right controls.

In the article, we’ll shift our attention to another vital part of the AZ-104 certification — managing Azure storage and data solutions.

Implementing and Managing Storage in the AZ-104 Microsoft Azure Administrator Certification

Cloud storage plays a critical role in almost every Azure deployment, whether it’s hosting application data, storing virtual machine disks, managing backups, or supporting analytics workloads. In the transition from AZ-103 to AZ-104, Microsoft’s exam has evolved to emphasize not just the creation of storage resources but the ability to manage, secure, monitor, and optimize those resources throughout their lifecycle.

This article will explore the full range of storage-related topics covered in the AZ-104 certification. We’ll go beyond basic provisioning and dig into advanced storage management practices, data protection, and operational controls. By the end of this guide, you’ll have a strong understanding of what’s required to confidently tackle the storage domain of AZ-104 — and more importantly, succeed in real-world Azure administration roles.

Shifting the Focus: From Configuration to Management

In AZ-103, storage tasks revolved around creating and configuring storage accounts, setting up containers, file shares, and basic permissions. In AZ-104, the focus has expanded. Administrators are now expected to manage access, enforce policies, implement lifecycle rules, monitor performance, and protect data with backup and replication strategies.

This shift reflects the growing responsibility of Azure administrators to not just provision resources, but to ensure that they remain secure, cost-efficient, and reliable over time. Storage is no longer a passive component of cloud infrastructure — it is now a dynamic and integrated service requiring continuous oversight.

Understanding Azure Storage Accounts

Azure Storage Accounts are the foundation of most storage services in Azure. The AZ-104 exam requires familiarity with the different types of storage accounts and their use cases. You need to understand:

  • General-purpose v2 accounts, which support blobs, files, queues, and tables

  • Blob storage accounts, which are optimized for unstructured data

  • Premium performance tiers, used for scenarios that demand low latency and high throughput

You should be comfortable creating storage accounts using the portal, PowerShell, and CLI, and understand how to configure key settings such as replication (LRS, GRS, ZRS), access tiers (hot, cool, archive), and secure transfer requirements.

Blob Storage: The Cornerstone of Azure Data

Blob storage is central to many cloud-based applications and is extensively covered in AZ-104. You should know how to:

  • Create and manage containers

  • Upload and download blobs

  • Set access levels (private, blob, container)

  • Use shared access signatures to grant limited-time access to blobs

  • Implement lifecycle management policies for cost optimization

Lifecycle management is particularly important. The exam expects you to know how to automate the transition of blobs between tiers or delete them based on age, access patterns, or metadata. This ensures that storage costs remain aligned with data usage.

File Storage and Azure Files

Azure Files provides fully managed file shares in the cloud that can be accessed using the SMB protocol. This is often used for lift-and-shift migrations of on-premises file shares or for shared application storage.

AZ-104 tests your ability to:

  • Create file shares

  • Configure NTFS and share-level permissions

  • Mount file shares to Windows and Linux VMs

  • Integrate Azure Files with Active Directory (both Azure AD DS and hybrid)

Administrators must understand how to secure access using identity-based authentication, manage quotas, and monitor usage metrics. There is also increasing emphasis on backup and restore capabilities for Azure Files, which are essential for business continuity.

Securing Storage with Keys and Shared Access Signatures

Storage account security is a core area of knowledge. In AZ-104, you need to understand how to manage storage account keys, rotate them, and limit access using shared access signatures (SAS). You should be able to:

  • Generate SAS tokens with specific permissions and expiration times

  • Differentiate between account-level and service-level SAS

  • Use stored access policies to centrally manage SAS settings

In addition, understanding Azure Storage Firewall and virtual network integration is important. These features help administrators control which IP addresses or subnets can access the storage account, adding an essential layer of security.

Implementing Azure Storage Encryption

Data protection is a key responsibility for any Azure administrator. Azure Storage provides encryption at rest using Microsoft-managed keys by default. However, for enhanced control, administrators can configure customer-managed keys (CMK) stored in Azure Key Vault.

The AZ-104 exam expects candidates to:

  • Understand how to enable encryption with CMK

  • Configure key rotation policies

  • Manage identity permissions for key vault access

This topic also includes knowledge of Azure Disk Encryption for virtual machines and the ability to protect data in transit using HTTPS.

Monitoring Storage Performance and Usage

In large-scale environments, it’s not enough to deploy storage — you also need to monitor it. The AZ-104 exam covers:

  • Enabling diagnostic settings for storage accounts

  • Using metrics to track capacity, latency, and availability

  • Setting up alerts for usage thresholds

  • Viewing logs to audit access and operations

You’ll be expected to navigate these monitoring capabilities via the Azure portal, as well as understand how to route logs and metrics to Log Analytics, Event Hubs, or storage for further analysis. This allows organizations to maintain visibility into their storage performance and security posture.

Managing Azure Backup and Recovery Services

Backup is no longer an afterthought. In AZ-104, the ability to configure and manage backups is an independent area of focus. You must understand how to:

  • Set up Azure Recovery Services vaults

  • Create and manage backup policies

  • Enable backup for Azure VMs, file shares, and SQL databases

  • Perform on-demand and scheduled backups

  • Restore data to original or alternate locations

You should also understand long-term retention options and how to monitor backup health. Backup solutions must be both secure and compliant, which is why integration with identity-based access controls and auditing features is critical.

Supporting High Availability with Replication Options

Microsoft Azure offers multiple replication strategies to ensure data durability and availability. The AZ-104 exam requires knowledge of:

  • Locally-redundant storage (LRS)

  • Zone-redundant storage (ZRS)

  • Geo-redundant storage (GRS)

  • Read-access geo-redundant storage (RA-GRS)

Choosing the right replication model depends on the workload’s requirements. LRS is suitable for dev/test environments, while GRS is used for business-critical applications that require geographic disaster recovery. You need to understand the implications of switching between these models and their impact on cost and performance.

Automation and Scripting for Storage Management

Automation is a recurring theme in AZ-104. You should know how to use tools like Azure CLI and PowerShell to manage storage accounts, blob containers, lifecycle policies, and backups.

Typical scripting tasks include:

  • Creating storage accounts with specific configurations

  • Uploading and downloading data

  • Configuring access policies

  • Deploying ARM templates that define storage infrastructure

This ensures consistent deployment, reduces manual errors, and supports infrastructure as code practices.

Real-World Scenarios You Need to Understand

The AZ-104 exam doesn’t just test theoretical knowledge. Many of the questions are framed as real-world scenarios. You need to be prepared to answer questions such as:

  • A company wants to archive blob data that hasn’t been accessed in 90 days. How should you configure lifecycle policies?

  • An administrator needs to give a partner company read-only access to a single file for 48 hours. What’s the best method?

  • A development team needs to access file shares using Active Directory credentials. What configuration is required?

  • A VM running critical applications requires backup and restore support with minimal downtime. What service should be used?

Understanding how to apply your knowledge to these kinds of scenarios is the key to passing AZ-104 and being job-ready.

Managing Azure storage is far more than just provisioning a storage account. As the AZ-104 certification clearly illustrates, today’s Azure administrators are responsible for securing, optimizing, monitoring, and automating storage solutions across the organization.

From blob lifecycle policies to RBAC-secured access, from encrypted backups to cost-effective tiering strategies, the skills tested in this domain are directly aligned with the real-world demands of managing cloud infrastructure at scale.

As you prepare for this exam, focus on hands-on experience. Create storage accounts, deploy blobs and files, experiment with access control, and simulate backup and restore scenarios. The more you interact with Azure storage tools, the more confident you’ll become.

In the series, we’ll explore compute and networking — two core infrastructure components that tie all other services together.

Computer and Networking Essentials for the AZ-104 Microsoft Azure Administrator Certification

The AZ-104 certification represents a significant evolution in the way Microsoft expects Azure administrators to handle compute and networking. In AZ-103, much of the emphasis was placed on provisioning infrastructure. In AZ-104, there’s a notable shift toward practical, in-depth management of cloud infrastructure, built around performance, security, scalability, and automation.

Two foundational areas of the certification—compute and networking—have been refined to reflect how organizations deploy and maintain services in production. Compute is no longer limited to virtual machines, and networking now involves more advanced scenarios like network security, routing, and hybrid configurations.

This guide dives into the compute and networking domains that make up a substantial portion of the AZ-104 exam. Whether you’re preparing for certification or reinforcing your job readiness, understanding these areas thoroughly is essential for success.

Virtual Machines in the Real World

Virtual machines continue to be the backbone of many cloud deployments. In AZ-104, administrators are expected not only to know how to create and configure VMs but also to ensure they are properly maintained, scalable, and integrated with other Azure services.

Candidates must be able to:

  • Create and configure virtual machines using different tools such as the portal, PowerShell, and Azure CLI

  • Choose the appropriate VM size and performance tier for the workload.

  • Manage operating system configurations, including Linux and Windows.

  • Attach and configure the data disk.s

  • Enable and manage extensions like custom scripts and diagnostic agents.

  • Automate the creation of VMs using templates and configuration files

Availability is critical. AZ-104 tests knowledge of high availability through availability sets and availability zones. You must also know how to configure scale sets to manage groups of identical virtual machines that automatically scale based on demand.

An administrator’s ability to monitor and troubleshoot VMs, including boot diagnostics, serial console access, and activity logs, is now part of the certification scope. These skills help ensure reliability in live environments.

Azure App Services for Simplified Compute Management

While virtual machines offer flexibility, many organizations choose platform-as-a-service offerings for web applications. Azure App Service is the preferred method for hosting web apps without managing the underlying infrastructure.

AZ-104 includes:

  • Deploying web apps to Azure App Service

  • Configuring application settings, environment variables, and SSL bindings

  • Scaling apps vertically and horizontally through scaling rules

  • Managing deployment slots for zero-downtime updates

  • Enabling continuous deployment using repositories and automation

App Service offers a simplified management model but still requires administrators to understand how to secure, scale, and monitor applications. Metrics like response times, request counts, and error rates must be tracked using built-in monitoring features.

Containers and Azure Kubernetes Service

Containerized applications are increasingly common in cloud-native environments. The AZ-104 exam recognizes this by including container services such as Azure Container Instances and Azure Kubernetes Service.

You should understand:

  • Creating and managing containers using Azure Container Instances

  • Deploying multi-container groups with custom networking configurations

  • Understanding container image sources, such as Azure Container Registry

  • Deploying, scaling, and managing clusters with Azure Kubernetes Service (AKS)

AKS, while not tested as deeply as in a DevOps-focused certification, still requires foundational knowledge. This includes understanding nodes, pods, scaling, and how to expose containerized services using Kubernetes concepts.

Container orchestration is critical in organizations adopting microservices architecture, and Azure administrators must be ready to support developers through reliable, scalable container hosting.

Automating Compute Deployment

Infrastructure as code is now a core expectation for cloud administrators. In AZ-104, automation is embedded into most compute-related tasks.

You are expected to:

  • Use Azure Resource Manager templates to define infrastructure

  • Automate deployments using CLI and PowerShell

  • Create reusable templates for virtual machines, availability sets, and more.

  • Understand parameterization for flexible deployments across environments

Automation supports consistency and efficiency, reduces manual errors, and enables repeatable deployments across development, test, and production stages.

Core Networking Concepts for Azure Administrators

Networking in Azure provides the foundation for all other services. It’s essential to understand how to create secure, scalable, and resilient network configurations that support virtual machines, applications, and hybrid setups.

In AZ-104, networking skills include:

  • Creating and managing virtual networks and subnets

  • Assigning and managing public and private IP addresses

  • Understanding address spaces, CIDR notation, and network planning

  • Implementing user-defined routes and peering between virtual networks

  • Managing DNS settings, both custom and Azure-provided

Virtual networks in Azure are isolated by default. Administrators must connect resources securely and efficiently across resource groups, regions, or even between on-premises and cloud environments using site-to-site VPN or ExpressRoute.

Network Security and Access Control

Security is a core focus in the AZ-104 exam. Network administrators must apply proper access control mechanisms to protect resources.

You are expected to:

  • Configure network security groups (NSGs) and application security groups (ASGs)

  • Create and manage inbound and outbound rules.s

  • Understand rule priorities, default behavior, and logging.

  • Implement Azure Firewall and Azure Bastion for secure access.s

  • Set up service endpoints and private endpoints to control data flow

Bastion allows secure browser-based RDP/SSH access to virtual machines without exposing them to the public internet. Azure Firewall allows for central, scalable network traffic control with logging and rule management.

Both services have been added to the AZ-104 scope and reflect the growing importance of perimeter and internal network controls.

Load Balancing and Traffic Management

Managing application performance and availability often requires load balancing and traffic distribution. In AZ-104, candidates should know how to:

  • Implement Azure Load Balancer for high availability at layer 4

  • Use Azure Application Gateway for layer 7 traffic routing and SSL offloading.

  • Configure rules, health probes, and backend pools

  • Enable autoscaling and redundancy across availability zones

In addition to load balancing within a region, administrators may need to distribute traffic across global endpoints using Azure Front Door or Traffic Manager, though these are more commonly covered in higher-level certifications.

Understanding how these services integrate with compute resources is key to building scalable and fault-tolerant architectures.

Monitoring Network Resources

Visibility into network traffic, performance, and health is crucial for diagnosing issues and optimizing infrastructure. The AZ-104 exam includes monitoring as part of operational responsibilities.

You should be familiar with:

  • Enabling diagnostics on virtual network gateways and firewalls

  • Viewing metrics such as throughput, latency, and dropped packets.

  • Using Network Watcher for topology visualization and connection troubleshooting

  • Capturing packets and analyzing flow logs to detect anomalies

Monitoring supports proactive management and compliance enforcement, ensuring that network configurations meet internal policies and external regulatory requirements.

Hybrid Networking Scenarios

Many enterprises operate in hybrid environments, combining on-premises infrastructure with Azure resources. AZ-104 introduces key concepts to support this model.

You should understand:

  • Creating and managing VPN gateways for site-to-site connections

  • Setting up point-to-site VPNs for remote access

  • Configuring ExpressRoute for private, dedicated connectivity

  • Understanding shared key authentication and routing configuration

Hybrid connectivity allows businesses to extend their data centers to the cloud without compromising security or performance. Azure administrators are responsible for maintaining connectivity, failover readiness, and traffic control in hybrid topologies.

DNS, Routing, and Advanced Scenarios

While DNS might seem like a basic topic, it plays a crucial role in service discovery and routing in complex deployments.

AZ-104 covers:

  • Managing Azure DNS zones and records

  • Integrating custom DNS with virtual networks

  • Configuring user-defined routes to control packet flow

  • Isolating traffic using service endpoints and route filters

In production environments, managing name resolution and traffic control can make the difference between a responsive application and one that fails under load or exposes unintended vulnerabilities.

Compute and networking form the heart of any cloud infrastructure. The AZ-104 Microsoft Azure Administrator certification elevates the expectations from simple deployment to active, skilled management of resources that are secure, scalable, and resilient.

Virtual machines, containers, web apps, and load balancers now operate in a tightly integrated environment, supported by intelligent monitoring and automation. Networking is no longer just about connecting services—it’s about controlling flow, enforcing policy, and enabling seamless hybrid experiences.

To prepare effectively for the AZ-104 exam, you need hands-on experience. Build VMs, deploy web apps, create virtual networks, and simulate different access scenarios. Master the use of CLI, templates, and monitoring tools.

Final Thoughts

The evolution from AZ-103 to AZ-104 is not just a routine exam update—it reflects a broader transformation in the expectations placed on Azure professionals. In today’s cloud environments, companies expect more than technical proficiency in setting up infrastructure. They require professionals who can manage, optimize, and secure complex deployments in real-time.

Azure administrators today play a far more active and involved role in the cloud lifecycle than in the past. The AZ-104 certification tests your ability not just to deploy a virtual machine, but to keep it running securely, troubleshoot it under pressure, and scale it according to unpredictable traffic patterns. That level of operational readiness is now standard.

The inclusion of compute resources like containers, web apps, and Kubernetes, along with load balancing and advanced network security, points toward Microsoft’s desire to ensure its certified professionals are future-ready. It’s no longer enough to know how to create resources—you need to be able to govern, monitor, and optimize them with confidence.

In particular, the move toward role-based certifications like AZ-104 is strategic. By mapping exam content to real-world roles, Microsoft ensures that certified individuals are not only theoretically competent but also practically effective. For employers, this improves trust in what a certification means. For candidates, it gives clarity and direction. It’s now easier to align your learning with your job responsibilities or the job you’re targeting.

For professionals coming from AZ-103, the AZ-104 certification is both a continuation and an elevation. The core principles of managing Azure infrastructure are still relevant, but the skill ceiling has been raised. You are now expected to demonstrate deeper proficiency in monitoring, automation, and security across distributed and hybrid environments.

If you are pursuing this certification as a step toward career advancement, it’s important to think beyond the exam. AZ-104 provides a solid foundation for moving into more advanced roles like DevOps engineer, cloud architect, or security specialist. Many of the skills you develop while studying for AZ-104—like using templates, configuring monitoring, or deploying scalable workloads—will be directly applicable to higher-level certifications and job responsibilities.

In practical terms, one of the best ways to prepare is to mirror real-world usage. Set up your own Azure subscription or use a sandbox environment and build something meaningful: deploy a three-tier application, secure it with NSGs and Azure Firewall, scale it using virtual machine scale sets or App Service Plans, monitor it using Azure Monitor, and test its resilience with failover and backup configurations.

This hands-on approach builds more than just exam readiness—it builds confidence. And in the cloud industry, confidence backed by actual skill is what sets apart a good administrator from a great one.

Finally, keep in mind that technology and cloud platforms continue to evolve. What you learn for AZ-104 today will likely shift again in the next couple of years. Stay adaptable. Stay curious. And treat certifications not as endpoints, but as milestones in a continuous journey of professional growth.

The AZ-104 Microsoft Azure Administrator certification doesn’t just verify your knowledge—it challenges you to think like an administrator responsible for live systems, real users, and tangible business impact. Embrace that challenge, and you’ll not only pass the exam, you’ll be prepared for whatever comes next in your cloud career.

 

Related Posts

Master the AZ-104: Become a Certified Azure Administrator

AZ-104 Exam Guide: Become a Microsoft Azure Administrator

How to Become a Microsoft Azure Database Administrator

Prep Guide for the Azure Data Fundamentals Exam

Mastering Azure: Top Coding Skills Every administrator Must Know

Pass the AZ-800: Become a Certified Azure Hybrid Administrator

Is Becoming a Microsoft Certified Azure Administrator Difficult?

The Key Responsibilities of a Microsoft Azure Administrator

Empower Your Career with Microsoft Azure Administrator Certification

Crack the DP-900 Exam: Unlock Your Microsoft Azure Data Career