Course Content
Introduction to Azure Identities & Governance (AZ-104)
In Azure, everything starts with identity. This topic introduces the core ideas of identities and governance, explaining how Azure verifies who you are (authentication), what you’re allowed to do (authorization), and how access is kept under control with tools like Entra ID, RBAC, and policies. You’ll learn why governance is critical for secure, well-managed cloud environments and how these concepts form the foundation for almost every question you’ll face in the AZ-104 exam.
0/10
AZ-104 Exam Overview
Introduction to Azure Identities & Governance
Entra ID Basics (AZ-104)
User Types in Azure (AZ-104)
Licensing in Entra ID (Free, P1, P2).
Guest Access & B2B Collaboration (AZ-104)
Role-Based Access Control (RBAC) – AZ-104
RBAC Scope & Inheritance – AZ-104
Privileged Identity Management (PIM) & Conditional Access
Exam Tips & Pitfalls – Identities & Governance
Azure Storage
In this module, you’ll learn how Azure stores and protects data across different services. We’ll cover storage accounts, blobs, files, and disks, as well as how to secure and back them up. You’ll also explore features like replication, redundancy, lifecycle management, soft delete, and immutability to ensure data durability and compliance. Finally, you’ll understand how to control access with SAS tokens, firewalls, and private endpoints. This module is a critical part of AZ-104 since storage makes up a large portion of real-world Azure administration and is heavily tested in the exam.
0/8
Introduction to Azure Storage
Storage Accounts in Azure
Blob Storage (Containers, Access Tiers, Lifecycle)
Azure Files (SMB, NFS, File Sync)
Disk Storage (Managed Disks, Snapshots, Images)
Data Protection in Azure Storage
Storage Security & Access
Exam Tips & Pitfalls – Storage
Azure Networking
Networking is the backbone of any cloud environment, and Azure provides powerful tools to securely connect resources, control traffic, and enable hybrid connectivity. In this module, you’ll learn how to design and manage Virtual Networks (VNets), subnets, IP addressing, DNS, and routing. You’ll also explore security controls such as Network Security Groups (NSGs), Azure Firewall, and DDoS protection, and discover how to connect environments using VPN Gateway, ExpressRoute, Private Link, and Service Endpoints. By the end of this module, you’ll be able to configure secure and resilient network environments in Azure — a critical skill for both the AZ-104 exam and real-world administration.
0/9
Introduction to Azure Networking
Virtual Networks (VNets & Subnets)
IP Addressing & DNS in Azure
Network Security Groups (NSGs)
Azure Firewall & DDoS Protection
VPN Gateway & ExpressRoute
Load Balancers & Application Gateway
Private Link & Service Endpoints
Exam Tips & Pitfalls – Networking
Azure Compute
Azure Compute provides the processing power behind your applications. Whether it’s running virtual machines, hosting web apps, or deploying containerized workloads, compute services are at the core of what Azure offers. In this module, you’ll explore the different compute options in Azure, including: Virtual Machines (VMs): Traditional servers in the cloud with flexible OS and sizing options. VM Scale Sets & Availability Sets: For high availability and automatic scaling of workloads. App Services: Fully managed hosting for web apps and APIs. Containers & AKS: Lightweight, portable application hosting using Docker and Kubernetes. Azure Functions & Logic Apps: Serverless compute for event-driven automation. Backup & Recovery: Ensuring workloads are resilient and recoverable. By the end of this module, you’ll be able to deploy, manage, and secure compute resources in Azure, and know which compute service to pick for each scenario. This knowledge is heavily tested in the AZ-104 exam with real-world, scenario-based questions.
0/8
Introduction to Azure Compute
Virtual Machines (sizes, OS disks, extensions)
VM Scale Sets & Availability Sets
App Services – Plans, Scaling, Deployment Slots
Azure Container Instances (ACI) & AKS Basics
Azure Functions & Logic Apps
Backup & Recovery for Compute
Exam Tips & Pitfalls – Compute
Monitoring & Backup
Keeping track of Azure resources is just as important as deploying them. This module introduces the tools and services that help you monitor performance, diagnose issues, and protect workloads with backups and disaster recovery. You’ll learn how to: Use Azure Monitor to collect metrics, logs, and insights across resources. Query and analyze data with Log Analytics and Kusto Query Language (KQL). Set up alerts and action groups to respond to issues automatically. Configure Azure Backup for VMs, files, and apps. Use Azure Site Recovery (ASR) to keep workloads running in case of outages. By the end of this module, you’ll know how to ensure Azure resources are healthy, secure, and recoverable — a critical skill for both the AZ-104 exam and real-world administration.
0/7
Introduction to Azure Monitoring
Azure Monitor & Metrics
Log Analytics & KQL Basics
Azure Alerts & Action Groups
Backup & Recovery Vault
Azure Site Recovery (ASR)
Exam Tips & Pitfalls – Monitoring & Backup
Security
Security is one of the most important responsibilities of an Azure Administrator. This module introduces the tools and services in Azure that help protect identities, data, applications, and workloads. You’ll learn how to apply the principle of least privilege, enforce compliance, and monitor threats in real-time. In this module, we’ll cover: Azure Security Center (Defender for Cloud): A unified security management system with recommendations, compliance monitoring, and threat protection. Key Vault: Secure storage for secrets, keys, and certificates. Azure Policies & Blueprints: Enforce rules and ensure resources meet governance and compliance standards. Microsoft Sentinel (SIEM): Intelligent security analytics for detecting and responding to threats. Zero Trust Approach: Best practices for securing resources, identities, and networks. By the end of this module, you’ll understand how to secure Azure resources effectively and how to recognize exam scenarios that test security responsibilities.
0/5
Introduction to Azure Security
Defender for Cloud (Azure Security Center)
Key Vault (Secrets, Keys, Certificates)
Azure Policies & Blueprints
Exam Tips & Pitfalls – Security
Automation
Automation in Azure helps reduce manual effort, enforce consistency, and speed up deployments. As an Azure Administrator, you’ll often need to automate resource provisioning, updates, and ongoing operations. In this module, you’ll explore: ARM Templates (Azure Resource Manager): Infrastructure-as-code for repeatable deployments. Azure Automation & Runbooks: Automate operational tasks such as starting/stopping VMs, patching, or cleanup. Azure CLI & PowerShell: Command-line tools to script and manage Azure resources. CI/CD with GitHub Actions & DevOps Pipelines: Deploy apps and infrastructure continuously. Automation Best Practices: Idempotency, version control, and policy enforcement. By the end of this module, you’ll understand how to design repeatable, consistent, and secure automation in Azure — a key focus in both real-world administration and the AZ-104 exam.
0/5
Introduction to Azure Automation
ARM Templates (Infrastructure as Code)
Automation Accounts & Runbooks
Azure CLI & PowerShell Basics
Exam Tips & Pitfalls – Automation
Data Protection & Governance
Protecting data and ensuring compliance are critical responsibilities for Azure Administrators. In this module, you’ll learn how Azure helps safeguard information, enforce governance rules, and meet regulatory requirements. You’ll explore: Azure Information Protection (AIP): Classify, label, and protect documents and emails. Azure Purview (Microsoft Purview): Data discovery, cataloging, and compliance monitoring. Data Encryption: Encryption at rest and in transit, plus customer-managed keys. Retention & Compliance Policies: Manage data lifecycle, including archiving and deletion. Governance Best Practices: Using tags, locks, and management groups for better control. By the end of this module, you’ll understand how to keep Azure resources secure, compliant, and well-governed. These topics are tested in the AZ-104 exam through scenario-based questions on compliance, labeling, and lifecycle management.
0/3
Data Encryption in Azure (at rest & in transit)
Retention Policies & Governance Tools
Exam Tips & Pitfalls – Data Protection & Governance
Azure Resource Management & Cost Optimization
Managing resources effectively is just as important as deploying them. In this module, you’ll learn how to organize Azure resources, apply governance consistently, and monitor costs to avoid surprises. We’ll cover: Resource Groups: Logical containers for organizing resources. Tags: Label resources for cost tracking and automation. Resource Locks: Prevent accidental deletion or changes. Management Groups: Apply policies and RBAC across multiple subscriptions. Azure Cost Management & Budgets: Track spending, set budgets, and get alerts. Optimization Best Practices: Rightsizing, shutting down unused resources, and using reservations. By the end of this module, you’ll be able to: Organize resources using groups, tags, and locks. Enforce consistency with management groups and policies. Use Cost Management to control spending and optimize usage. These topics are frequently tested in the AZ-104 exam through scenario-based questions about governance and cost control.
0/5
Introduction to Azure Resource Management
Resource Groups, Tags & Locks
Management Groups & Policy Scope
Azure Cost Management & Budgets
Exam Tips & Pitfalls – Resource Management & Cost Optimization
High Availability & Exam Readiness
High availability (HA) ensures your Azure workloads remain accessible and reliable even when failures occur. In this final module, we’ll tie together HA concepts with exam readiness strategies to help you succeed in the AZ-104. You’ll explore: Availability Sets vs Availability Zones vs VM Scale Sets: Understanding redundancy at rack, datacenter, and scaling levels. Load Balancing & Resiliency: Choosing between Azure Load Balancer and Application Gateway. Service Level Agreements (SLAs): How Azure guarantees uptime and how combining services increases reliability. Designing for Fault Tolerance: Building solutions that survive hardware, region, or service failures. Final Exam Tips & Readiness Checklist: Common traps, key recall points, and strategies to maximize your score. By the end of this module, you’ll be able to: Explain and choose the right HA strategy for any Azure workload. Understand how Microsoft calculates SLAs. Approach AZ-104 questions with confidence, spotting keywords and avoiding trick options.
0/4
Availability Sets vs Availability Zones vs VM Scale Sets
Load Balancing & Resiliency Patterns
Azure SLAs & Designing for High Availability
Final Exam Tips & Readiness Checklist
Survey
0/1
Survey
AZ-104: Azure Administrator

Why Load Balancing Matters

High availability isn’t just about redundancy — it’s also about spreading traffic so no single resource is overwhelmed.
Azure provides Layer 4 and Layer 7 load balancers to keep apps resilient and scalable.

Azure Load Balancer (Layer 4)

  • Operates at Transport Layer (TCP/UDP).

  • Distributes traffic across VMs or VM Scale Sets.

  • Supports public (internet-facing) and internal load balancing.

  • Uses health probes to detect unhealthy instances.

Use Case:

  • Distribute TCP traffic (e.g., SQL, RDP, web traffic without inspection).

Azure Application Gateway (Layer 7)

  • Operates at Application Layer (HTTP/HTTPS).

  • Supports URL-based routing, host-based routing, and Web Application Firewall (WAF).

  • Can do SSL termination (decrypt/re-encrypt traffic).

  • Provides session affinity for sticky sessions.

Use Case:

  • Route /images to one backend pool, /videos to another.

  • Protect apps with WAF against SQL injection or XSS.

Azure Front Door

  • Global Layer 7 load balancer with content delivery (CDN) and application acceleration.

  • Routes traffic to the nearest healthy backend (multi-region).

  • Adds resiliency at a global scale.

Use Case:

  • Multi-region apps needing performance + HA.

Traffic Manager

  • DNS-based global traffic routing.

  • Routes traffic based on:

    • Priority (failover).

    • Performance (closest endpoint).

    • Geographic rules.

  • Works at DNS level, not as a load balancer.

Use Case:

  • Redirect users to the closest regional datacenter.

Confusion Buster 🚨

  • Load Balancer vs App Gateway

    • LB = Layer 4, TCP/UDP only.

    • App Gateway = Layer 7, HTTP/HTTPS + WAF.

  • Front Door vs Traffic Manager

    • Front Door = real-time routing + CDN, Layer 7.

    • Traffic Manager = DNS-based redirection, not true load balancing.

Exam trap: If question says “URL-based routing” → App Gateway. If it says “multi-region DNS failover” → Traffic Manager. If it says “global load balancer with acceleration” → Front Door.

Simple Example

A shopping website:

  • Uses Application Gateway with WAF for frontend web apps.

  • Uses Internal Load Balancer to spread SQL DB traffic.

  • Uses Traffic Manager for failover between East US and West Europe regions.

  • Adds Front Door to accelerate content globally.

Exam Tip

  • “Distribute TCP traffic inside a region” → Load Balancer.

  • “Route HTTP traffic with WAF” → Application Gateway.

  • “Multi-region, DNS-based failover” → Traffic Manager.

  • “Global load balancing with CDN + acceleration” → Front Door.

What to Expect in the Exam

  • Direct Q: “Which service provides Layer 7 load balancing with WAF?” → Application Gateway.

  • Scenario: “Global app needs users routed to nearest region automatically.” → Traffic Manager or Front Door (depending on Layer 7 vs DNS).

  • Trick Q: “Azure Load Balancer can inspect HTTP headers.” (False — only App Gateway/Front Door can).

Previous
Next