Microsoft Azure Administrator Study Cram (AZ-104)

Introduction

• Focus on key technical knowledge areas for Azure Administrator certification
• Designed to complement other study materials, not standalone
• Exam skills outline available on Microsoft site
• Hands-on experience is crucial alongside theoretical study
• Utilize free Microsoft Learn modules and other free resources
• Azure resources often have free layers to practice without significant cost

Azure Active Directory (Azure AD)

Identity and Authentication

• Azure AD is the identity provider for Azure cloud services
• Supports modern authentication protocols: OpenID Connect, SAML, WS-Fed
• Authorization via OAuth 2.0
• Microsoft Graph API facilitates programmatic interactions

Azure AD vs On-Premises Active Directory

• Azure AD and traditional AD are distinct; Azure AD is not a cloud version
• Traditional AD uses Kerberos, NTLM, LDAP; Azure AD uses cloud-native protocols
• Azure AD has flat structure, lacks Organizational Units

User and Group Management

• Users can be cloud-only or synchronized from on-premises AD
• Groups facilitate role-based access control (RBAC)
• Dynamic groups: Automatically assign users based on attributes
• Administrative Units for delegated management

Devices

• Device registration and join options for management and authentication
• Conditional access to enforce security policies

Licensing

• Free, Premium P1, and Premium P2 tiers with differing feature sets
• Advanced features like conditional access require premium tiers

Subscriptions and Resource Management

Subscriptions

• Azure is consumption-based; pay as you use
• Subscriptions tied to Azure AD tenant for identity management

Resource Groups

• Logical grouping of resources with a shared lifecycle
• Used for management and budgeting

Management Groups

• Organize subscriptions under a single hierarchy for policy and access management

Networking

Virtual Networks (VNet)

• Virtual networks span a single region and subscription
• Subnets within a VNet, typically using RFC1918 private IPs
• Peering allows inter-VNet communication

Network Security Groups (NSGs)

• Control inbound and outbound traffic with rules
• Applied at subnet or NIC level

Azure Firewall

• Provides advanced network security functionalities
• Rules at Layer 7, TLS inspection, and threat intelligence

DNS and Connectivity

• Azure DNS for internal and external name resolution
• Site-to-site VPN and ExpressRoute for connectivity with on-premises

Storage

Storage Accounts

• Core component for all storage services
• Types include Blob, File, Queue, and Table storage

Blob Storage

• Block, Page, and Append blobs for different use cases
• Access tiers: Hot, Cool, and Archive

File Storage

• Azure Files with SMB/NFS support
• Integration with on-premises through Azure File Sync

Managed Disks

• Abstraction over storage accounts, providing managed disks
• Different performance tiers: Standard HDD, Standard SSD, Premium SSD, Ultra Disk

Compute

Virtual Machines (VMs)

• Various VM sizes for different workloads
• Extensions for management (e.g., backup, anti-malware)

Virtual Machine Scale Sets

• Auto scale VMs based on demand
• Simplifies management of large VM deployments

Containers and Kubernetes

• Azure Container Instances for simple container deployment
• Azure Kubernetes Service (AKS) for container orchestration

App Services

• Platform as a Service (PaaS) for web apps
• App Service Plans determine compute resources

Monitoring and Management

Azure Monitor

• Centralized monitoring for metrics and logs
• Alerts and action groups for proactive management

Network Watcher

• Diagnose and visualize network performance issues
• Tools like topology, IP flow verify, and connection troubleshoot

Conclusion

• Hands-on practice is key to success in AZ-104
• Utilize a variety of learning resources
• Ensure a strong grasp of both theoretical knowledge and practical skills