📚

Comprehensive AZ-104 Study Guide Overview

Mar 18, 2025

View transcript

AZ-104 V2 Study Cram

Introduction

  • This is an updated version of the AZ-104 study cram.
  • Some modifications have been made since the last version.
  • Links to different sections of the knowledge are provided in the description.
  • The recommendation is to engage in hands-on activities and review the study guide.

Preparation

  • Go through the study guide and knowledge areas.
  • Try out technologies and get hands-on experience.
  • Utilize self-paced learning modules and labs.
  • Explore Azure Masterclass V2 for detailed learning.

Entra ID (formerly Azure AD)

  • Identity provider from Microsoft.
  • Key protocols: OAuth 2, OpenID Connect, SAML, WS-Fed.
  • Uses HTTPS TLS encryption.
  • On-premises interacts with protocols like Kerberos, NTLM, LDAP.
  • Microsoft Graph for interaction.
  • Flat structure, no organizational units, uses administrative units for granular permissions.

Replication

  • Active Directory Domain Services to Entra ID.
  • Entra Connect Sync (on-premises engine).
  • Entra Connect Cloud Sync (cloud-based engine).

Applications

  • Applications trust Entra ID for authentication and authorization.
  • Support for Azure, Microsoft 365, third-party SaaS applications.

Tenants

  • Organization has a specific tenant instance.
  • Custom domains can be added and verified.
  • Tenant does not reside in an Azure subscription.

Accounts

  • Cloud accounts and hybrid accounts.
  • External users can also be guests or members.

Groups

  • Use groups for permissions, roles, and licenses.
  • Security groups for roles, Microsoft 365 groups for collaboration.
  • Dynamic membership rules available.

Devices

  • Devices can be registered or joined.
  • Registration is suitable for personal devices, join for corporate devices.

Licensing

  • Three levels: Free, P1, P2.
  • P1 adds conditional access, P2 adds privileged identity management.
  • Identity governance add-on for richer capabilities.

Self-Service Password Reset

  • Allows users to reset passwords for cloud accounts and hybrids with write back.
  • Configurable authentication methods.

Roles

  • Global administrator is very privileged.
  • Entra ID roles differ from Azure subscription roles.

Administrative Units

  • Create units to delegate permissions for users, groups, and devices.
  • Needed for granular permissions.

Azure Cloud Overview

Regions and Availability

  • Multiple clouds: Azure Commercial, Azure Gov, Azure China.
  • Each cloud has its own URL and regions.
  • Regions have availability zones (AZs) for resilience.
  • Use paired regions for disaster recovery.

Subscriptions

  • Subscriptions trust a specific tenant.
  • Organized into management groups, help for governance and budget tracking.

Resource Groups

  • Resources organized into resource groups for management and tracking.
  • Suitable for resources that are provisioned, run, and decommissioned together.

Cost Management

  • Consumption-based pricing.
  • Tools: Cost analysis, budgets, Azure Advisor.

Financial Optimization

  • Azure Hybrid Benefit for existing licenses.
  • Azure Reservations and Savings Plans for cost savings.

Networking Fundamentals

Virtual Networks (VNet)

  • VNet spans only a subscription and region.
  • Subnets can span availability zones.
  • Private IP allocations with DHCP.

Connectivity

  • VNet peering within and across regions.
  • Use Gateway Transit for VNet-to-VNet connectivity.
  • Azure Virtual Network Manager for centralized management and security.

Security

  • Network Security Groups (NSGs) for traffic filtering.
  • Service tags and application security groups for management.
  • Azure Firewall for advanced traffic filtering.

DNS

  • Azure DNS for public and private zones.
  • Alias records to prevent dangling DNS.

Private Connectivity

  • VPN Gateway for site-to-site and point-to-site VPNs.
  • ExpressRoute for private connectivity to Microsoft network.

Load Balancing

  • Azure Load Balancer for layer 4 (TCP/UDP) load balancing.
  • Azure Application Gateway for layer 7 (HTTP/S) load balancing.

Storage

Storage Accounts

  • General Purpose v2 for most use cases.
  • Premium options for specific services like block blob, page blob, and files.
  • Redundancy options: LRS, ZRS, GRS, RA-GRS.

Blob Storage

  • Tiers: Hot, Cool, Cold, Archive.
  • Life cycle management for tiering and deletion.

Azure Files

  • SMB and NFS shares.
  • Azure File Sync for hybrid use cases.

Compute

Virtual Machines (VMs)

  • Sizes and SKUs for specific workloads.
  • Options for availability sets and zones for resilience.

Virtual Machine Scale Sets

  • Uniform and flexible for scaling VMs.

Containers and Kubernetes

  • Azure Container Instances for simple use cases.
  • Azure Kubernetes Service (AKS) for complex orchestration.

App Services

  • App Service plans for running web apps.
  • Deployment slots for staging and production.

Monitoring and Management

Monitoring

  • Activity log for subscription-level audit logs.
  • Azure Monitor for metrics and logs.
  • Alerts for proactive monitoring.

Logging

  • Azure Log Analytics for advanced querying and insights.
  • Basic logs for cost-effective storage.

Network Watcher

  • Tools for diagnosing and visualizing network traffic and issues.

Conclusion

  • Hands-on experience and learning modules are essential for exam preparation.
  • Logical thinking and elimination strategies help in answering exam questions.
  • Don't panic if you don't pass the exam on the first try; focus on improving weak areas.

Full transcript