For many Azure learners, the next logical certification to train for after completing Azure Fundamentals is Azure Administrator Associate. Whereas Fundamentals will provide an overview of cloud concepts and a broad insight into Azure services at a very high level, the Administrator certification is more in the nuts and bolts of popular Azure services covering compute, storage, networking, security, governance and backup.
Let’s look at this certification in more detail.
Who is this certification for?
As the name may suggest, the Azure Administrator certification is for those who want to demonstrate practical skills in using Azure. Moving away from the conceptual view that Azure Fundamentals provides.
A candidate may have been using Azure for some time and wants to validate their skills. Alternatively, if someone is an IT professional working with on premises technology or has existing skills with another cloud provider, then gaining skills on Azure provides them and their organisation with options to move workloads into the cloud or devising a multi cloud strategy.
Passing the AZ-104 exam is also one of two exams you need to pass to gain your Microsoft Certified: Azure Solutions Architect Expert and Microsoft Certified: DevOps Engineer Expert badges, once you have also passed the AZ-305 and AZ-400 respectively. Whilst the latter can also be obtained by passing the AZ-204 (Azure Developer) instead, the fact you can unlock two expert level certifications with this one associate level cert, it makes strong choice to give yourself the most future opportunities, depending on your interests.
Exam requirements
To obtain the Microsoft Certified: Azure Administrator Associate certification, you have to pass a single exam, AZ-104: Microsoft Azure Administrator. There are no prerequisite exam or certification but if you haven’t already, why not attempt the AZ-900, Azure Fundamentals exam first? Whilst at a higher level, the fundamental learning path has some crossover and would enhance your understanding.
Microsoft associate level certifications expire after one year, so they will require a yearly renewal assessment which can be completed as soon as six months before expiry. The renewal assessment is free and there is usually some modules Microsoft presents for you to study before taking the assessment. It is recommended to go through the modules as the idea of the certification renewal is to be up to date with your knowledge, and Microsoft shapes the content to cover new features and concepts. Be sure to take the assessment in plenty of time, so if you fail, you can take it again before it expires – you can take it as many times as you need.
Microsoft role-based (associate, speciality and expert, not fundamentals) exams are now open book, meaning you will have access to the Microsoft Lean website for the exam. There isn’t extra time given for using it, which forces the candidate to use it sparingly, but it may help on a question such as help recalling some CLI or PowerShell syntax for a given task.
Topics covered
As well as some perquisite subjects including Azure Resource Manager, ARM Templates, CLI and PowerShell, the five header learning path topics for the Azure Administrator Learning Path are Manage identities and governance in Azure, Implement and manage storage in Azure, Deploy and manage Azure compute resources, Configure and manage virtual networks for Azure administrators and Monitor and back up Azure resources. Let’s look at each section in more detail.
The first topic is Manage identities and governance in Azure which has a big emphasis on Microsoft Entra ID (formally Azure Active Directory). Entra ID is Microsoft’s Directory and Identity Management service in the Azure cloud, part of the wider Entra Identity and Access Management (IAM) solution. Moving into the practical parts of this section, the candidate is expected to know about user and group management, including administrative units there is also a need to understand guest accounts via Entra B2B. The learning path then moves onto Azure subscriptions and covers cost management and resource tagging. To implement guardrails, Azure policy is used to set what is allowed to help with cost and compliance considerations and can be set at management group, subscription or resource group level and are hierarchical. There is a big emphasis on role-based access control (RBAC) which generally is the best practice method of assigning permissions to resources. Lastly for this section there is self-service password reset which allows users to initiate their own password reset to cut down on administrator burden.
Next up is Implement and manage storage in Azure, in which the candidate will need to know about storage accounts and how they are used and secured. The first module in this learning path is configuring storage accounts, having a knowledge of blobs, queues, files and tables and their use cases. An important part in this section is storage replication strategies – it is highly likely to feature in the exam as will public and private network access considerations. Blob storage is a major part in all public cloud offerings so it’s no surprise there’s a whole module in the learning path and another high probability of being in the exam. Being able to understand and implement the different blob access tiers, including using lifecycle management rules is important. This is followed by deploying and managing Azure Files for NFS/SMB file sharing and using Azure File Sync for using as a file cache via prem or cloud-based Windows servers. The major security focus for storage is on Shared Access Signatures (SAS). To conclude the storage path, there’s a section tools and services, namely Azure Storage Explorer, Azure Import/Export service and AZcopy.
A big subject area is the next topic, Deploy and manage Azure compute resources which currently makes up 20-25% of the exam. Beginning with creating and managing a Virtual Machine in the portal and CLI, with an emphasis on ensuring the candidate knows about correctly sizing and choosing the correct storage performance for your requirements. There are sections on availability. This includes availability sets (update domains and fault domains), availability zones, scaling up and out (vertical and horizontal scaling) with a focus on VM scale sets and autoscaling. Moving away from VMs, the learning path includes Azure App Service. On the Microsoft Learn content, it talks about the concept of the App Service Plan – which is the best for your application workload. What is interesting is they list the features and capacity of each of the plans. This may be a tough one to memorise so if there is a question on this, it would be a perfect use of the open book feature of the exam if you got a question for example on what plan gives you the ability to run up to 30 instances and you cannot recall. Other areas in the App Service section are scaling, DevOps best practice including the use of deployment slots, security, custom domains, backing up and restoring, and monitoring your App Service using application insights. The last area covered is Azure Container Instances (ACI) to run Docker images in Azure.
The cornerstone of any cloud project is networking. Whether surfacing an internal application or hosting a publicly accessible website, networking configuration will need to be considered and deployed. Configure and manage virtual networks for Azure administrators is the learning path that covers all things networking. There are many services that fall under the networking umbrella, so there’s a lot to cover in this section. To begin, the virtual network (VNet). The VNet is the focal point for planning many Azure projects. The candidate will need to know about IP addressing and subnetting when building their VNets. Expanding on VNets themselves, virtual network peering is a service to connect virtual networks regionally or globally, even across different Azure tenants. Another area of focus is Network Security Groups (NSGs) which provides IP and port allow and deny rules (OSI layer 3 and 4) at subnet or NIC level. There is a fair amount of DNS items to know about such as DNS zones including private DNS zones to manage and resolve domain names in your virtual network and hosting your domain on Azure DNS. Routing and endpoints are on the skills path, with user defined routes (UDF) and service and private endpoints being essential items to know about as it is highly unlikely one or more of those won’t have at least one question on. To conclude this section, there are two of the Azure load balancing solutions; Azure Load Balancer which works at OSI layer 4 and Azure Application Gateway which is an OSI layer 7 load balancer, making it able to do smart stuff like URL path or multi-site routing and offering the optional Azure Web Application Firewall (WAF) to defend against multiple threats.
Monitor and back up Azure resources is the final learning path for this certification. To kick off, Azure backup provides robust, scalable and secure backup solutions for VMs (including SQL and SAP HANA in virtual machines), Azure files, Azure blob storage, Azure managed disks and Azure Database for PostgreSQL server. Azure backup can also backup on premises machines and virtual machines using the Microsoft Azure Recovery Services (MARS) agent. Next, we move to monitoring, and the central hub for monitoring in Azure is Azure Monitor. The candidate is expected to know about logs and metrics that are generated from various Azure services, with a focus on using this data to create alerts when certain thresholds are exceeded. The Log Analytics workspace is generally where the logs and data are stored for Azure monitor. For querying the data, Azure Log Analytics supports the Kusto Query Language (KQL) which is SQL-like and provides fast powerful queries for examining events and exceptions. There are many KQL queries built in to get you started or you can write your own.
Exam hints and tips
This is an associate level exam so it is going to require more detailed knowledge of the subject matter then say a fundamentals exam, which is a broad overview, or expert, which is usually conceptual in nature (think design and planning). As such it going to test your in-depth knowledge on many Azure components. So practice using, or at least watching a demonstration video of the services covered being deployed and administered will give a significant advantage over a mere overview of the product.
Expanding on the previous point, there are often questions regarding putting a set of steps in the correct order, so knowing the sequence in how something is deployed will aid answering this type of question correctly.
Another popular exam format is the case study. A case study section of the exam typically describes the existing and planned status of a fictious organisation’s Azure and wider IT landscape. It will then ask around 4-5 questions that you will look through the information given to determine the correct course of action. Beware, these can burn up time if you aren’t careful. The best way to approach these is skim the info quickly then look at the first question. There is far more detail in the case study then there are questions so looking at the questions soon, you can refer to the most appropriate section to get the answer.
Microsoft exams tend not to ask about detailed facts and figures, such as how much a service costs but there may be questions such as knowing what is the most cost efficient SKU that will unlock a certain feature or level of performance. Sometimes this is hard to train for as it invariably means memorising fine grained details. For this, remember that an associate level exam is open book, allowing you access to the Microsoft Learn website. It could make all the difference to exam success if used correctly – just remember the clock is still ticking down whilst you are looking up and reading content. Expert and specialist exams also are open book – not fundamentals.
At the time of writing, the MS Learn website search isn’t always good at bringing up the best result to the top of the list, so a practice at search terms or learning to swiftly navigate the website via links could be helpful before taking an exam. You cannot go out to an external search engine to help narrow down a page you require – no other websites including other Microsoft website resources are accessible from the exam.
There are more exam hints and tips on the Azure Fundamentals Certification post which also apply to this exam.
Recommended resources
It is a good idea to include Microsoft’s own content for the AZ-104 exam as part of your learning toolkit. Being Microsoft’s official content, they have been careful to cover all areas of the exam skills measured. For some, the official content and some hands-on experience is likely enough to pass the exam, however having a couple of different learning materials broadens coverage and gives the learning process a fresh dynamic.
Becoming a regular mention on the blog, John Savill has an AZ-104 course on YouTube. He knows Azure inside and out and has excellent presentation skills. The study cram itself is incredible and now there is a v2 with updated information. John works for Microsoft and his John Savill’s Technical Training YouTube channel has many useful videos, often organised into playlists for various certifications. This free content is as good if not better than many paid for courses.
Beyond that, there are tons of comprehensive AZ-104 courses on YouTube. It really is incredible what people offer for free and the quality of some of the content. It is worth trying one or two and seeing if you favour a particular presentation style and if it is helping your understanding. When I took the AZ-104 back in 2021, I used a course by Mike Pfeiffer and Tim Warner, which was on Mike’s training website, cloudskills.io but that has since been bought by the training company, INE so I have spent some time looking at what is on offer commercially with a view to knowing something about the provider or presenter. There is a comprehensive course on LinkedIn Learning presented by T Ray Humphrey in conjunction with Microsoft Press. I haven’t done the course, but being a LinkedIn premium subscriber, I have access to LinkedIn Learning and have found the content high quality when studying for other exams. Chase Dovey presents an AZ-104 course on Pluralsight, which again I haven’t done but I have done other courses with Pluralsight and have consumed learning content with Chase in the past.
Next steps
The Azure Administrator Associate certification is arguably the most useful Azure certification there is. It is heavy on process and the nuts and bolts of using Azure. Therefore, if someone wants to be proficient in creating and maintaining Azure services, this is certainly unbeatable in that respect.
After passing the AZ-104 exam, the candidate could pass just one more exam (AZ-305) to unlock the Microsoft Certified: Azure Solutions Architect Expert certification. Additionally, passing the AZ-400 exam in addition to passing the AZ-104, the candidate will be awarded the Microsoft Certified: DevOps Engineer Expert certification*. These two certifications should therefore be a consideration as a next step.
Beyond that, there are role-based certifications in areas such as Data, Networking, AI and Security which may appeal to those who would like to specialise.
*You can also pass the AZ-204: Developing Solutions for Microsoft Azure exam alongside the AZ-400 to obtain the DevOps Engineer Expert certification instead of the AZ-104.
0 Comments
1 Pingback