Master the AZ-104: Conquer Azure’s 5 domains with confidence

If the Microsoft Azure Administrator Associate (AZ-104) exam feels like a towering cloud mountain to climb, fear not! It’s divided into five domains, each representing a slice of the Azure Administrator pie. And while it’s tempting to binge on all the knowledge at once, taking it one bite (or domain) at a time will make it far more digestible—and perhaps even enjoyable.

So, grab your admin chef’s hat, sharpen your mental knives, and let’s explore the five key domains of the AZ-104.

Manage Azure identities and governance: The Rulebook of Azure 

Think of this domain as Azure’s rulebook, ensuring only the right players can access the game, and they follow the rules once inside. Your job? Be the referee, enforcing good governance.

Key services and tasks

• Microsoft Entra ID users and groups:        
  - Create and manage users, groups, and guest accounts in Microsoft Entra ID.
  - Assign roles like Reader or Contributor to control access.
  - Enable Multi-Factor Authentication (MFA) to protect accounts from the dreaded “oops, I clicked a phishing link” scenario.

• Manage Access to Azure Resources:
  - Use Role-Based Access Control (RBAC) to grant permissions with precision (no admin rights for everyone—this isn’t Oprah handing out free cars!).
  - Create custom roles if the built-ins don’t quite fit your needs.

• Governance:
  - Apply Azure Policy to enforce guardrails (like ensuring all resources have tags).
  - Use Management Groups to organize subscriptions and apply policies at scale.

Why It Matters:

You’re the gatekeeper of all things Azure—setting up secure access and keeping chaos at bay. Think of it as a cosmic sorting hat for Azure users and resources.

Implement and manage storage: Azure’s Infinite Closet 

Azure Storage is the cloud’s answer to Narnia’s wardrobe—a bottomless closet where you can stash everything from files to blobs, tables, and queues.

Key services and tasks

• Configure Access to Storage:        
  - Set up secure access with Shared Access Signatures (SAS), firewalls, and virtual network rules.
  - Manage storage account keys— leaving them unprotected is like hiding your house keys under the mat.

• Manage Storage Accounts:
  - Create and configure Storage Accounts, the Swiss Army knife of storage.
  - Choose replication strategies like LRS (Locally Redundant Storage) or GRS (Geo-Redundant Storage) to safeguard your data.

• Azure Files and Azure Blob Storage:
  - Implement Azure Files for network file shares that make on-prem file servers jealous.
  - Use Azure Blob Storage for scalable, cost-effective storage of unstructured data

Why It Matters:

Storage is where you get to play “Tetris” with data. Whether you’re archiving blobs in cold storage or spinning up blazing-fast file shares, you’re the master of making everything fit.

Deploy and manage Azure compute resources: The Brains of Azure 

This domain is all about managing Azure’s computational workhorses—virtual machines, containers, and app services.

Key services and tasks

• Automate Deployments: 
  - Use ARM Templates or Bicep files to deploy infrastructure as code. If you’re feeling automated, dive into CI/CD with tools like Azure DevOps.
  

• Create and Configure Virtual Machines (VMs):
  - Deploy VMs with the right size, disk type, and network configurations.
  - Use extensions for tasks like automatically installing software.
  
  
• Provision Containers:
  - Deploy containers in Azure Kubernetes Service (AKS) or Azure Container Instances (ACI) for lightweight, portable workloads.
  
  
• Azure App Service
  - Host web apps without worrying about the underlying servers.
  - Configure scaling so your app doesn’t crash when it hits the front page of Reddit.

Why It Matters:

This is the hands-on, problem-solving part. You’re the mechanic—but for virtual engines that power the cloud.

Implement and manage virtual networking: Azure’s Digital Freeways 

In Azure, networking is the foundation that lets resources talk to each other—and this domain ensures the roads are safe, efficient, and well-connected.

Key services and tasks

• Virtual Networks (VNets):
  - Create VNets and subnets, the building blocks of Azure networking.
  - Plan address spaces carefully (no overlapping IP ranges unless you enjoy debugging nightmares).

• Secure Access:
  - Configure Network Security Groups (NSGs) to control traffic at the subnet or NIC level.
  - Implement VPN Gateways for hybrid connectivity with on-prem environments.

• Name Resolution and Load Balancing:
  - Configure Azure DNS for custom domains.
  - Use Azure Load Balancer or Application Gateway to distribute traffic intelligently.

Why It Matters:

Networking makes you feel like a digital city planner. You’re building highways and bridges for resources to connect seamlessly.

Monitor and maintain Azure resources: The Watchtower

This is where you flex your inner detective, ensuring resources run smoothly while preparing for the unexpected.

Key services and tasks

• Monitor Resources:
  - Use Azure Monitor and Log Analytics to track performance, costs, and health.
  - Set up alerts for anomalies like CPU spikes or resource exhaustion.

• Backup and Recovery:
  - Implement Azure Backup for VMs, databases, and file shares.
  - Configure Azure Site Recovery (ASR) to replicate workloads for disaster recovery.

Why It Matters:

You’re the captain of a Spaceship Azure, monitoring dashboards and ensuring everything’s in tip-top shape. Make it so, Number One.

Wrapping It Up

The AZ-104 exam is your ticket to mastering Azure administration, covering everything from gatekeeping identities to building robust virtual networks. Each domain builds skills that are immediately applicable to real-world cloud environments. So, whether you’re deploying VMs or monitoring a fleet of resources, ace this exam and you’re on your way to becoming an Azure rockstar.

Now, go grab that certification—and maybe a bite of victory cake afterward!