📘

AZ-104 V2 Study Cram Notes

Jul 12, 2024

AZ-104 V2 Study Cram Notes

Introduction

  • Update on AZ-104 Study Cram to reflect changes in the material.
  • Links available in the description to different sections.
  • Recommendations for hands-on activities and reviewing the study guide.

Preparation Tips

  • Schedule the exam and use self-paced modules for all necessary knowledge.
  • Utilization of the Azure 104 playlist and Azure Masterclass V2.
  • Hands-on practice with Azure Portal, CLI, and where applicable, templates.
  • Focus on applied skills for the administrator exam.

Entra ID (formerly Azure AD)

  • Identity Provider from Microsoft: Supports cloud protocols like OAuth2, OpenID Connect, SAML, and WS-Fed.
  • Comparing On-Prem and Cloud Identities: Active Directory Domain Services for on-prem, Entra ID for cloud.
  • Graph API: REST-based interaction with services like Office 365 and Entra ID.
  • Replicating Identities: Active Directory Domain Services replicate to Entra ID using Entra Connect or Entra Connect Cloud Sync.
  • Tenant and Domain Setup: Custom and default domain configurations.
  • User and Guest Accounts: Handling on-prem synced, cloud-created, and external guest accounts.
  • Groups: Types (security, Microsoft 365), membership (assigned, dynamic), and licenses.
  • Devices: Registering and joining devices to Entra ID; managing through company policies.
  • Licensing: Free, P1, and P2 with identity governance add-ons.
  • Self-Service Password Reset: Configuration and deployment for hybrid and cloud accounts.
  • Roles and Permissions: Global Administrator and other specific roles; administrative units for granular permissions.

Azure Environments and Regions

  • Different Clouds: Azure commercial, Azure Gov, China, and more.
  • Regions and Availability Zones: Distributed data centers for redundancy within a region; paired regions for broader disaster recovery.
  • Management Group Structure: Hierarchical structure starting from the tenant root for governance and budget tracking.
  • Free Trials and Consumption-Based Pricing: Strategies to manage Azure costs effectively.

Cost Management

  • Azure Cost Analysis: Tools to analyze spending and forecasts.
  • Budgets and Alerts: Setting financial thresholds and notifications via Action Groups.
  • Azure Hybrid Benefit and Reservations: Utilizing existing licenses and committing to long-term use for cost savings.

Resource Organization

  • Subscriptions and Resource Groups: Logical organization and role-based access at different levels.
  • Tags: Key-value pairs for metadata, applied at various resource levels but not inherited.

Azure Policy

  • Policy Definitions and Compliance: Setting conditions and actions with audit or deny effects; initiatives for grouping policies.
  • Role-Based Access Control (RBAC): Assigning minimal necessary permissions at appropriate scopes.
  • Resource Locks: Preventing unintended changes or deletions at various levels.

Networking Fundamentals

  • Virtual Networks (VNets): Defined by IP address ranges, split into subnets; important for resource isolation and communication.
  • Public and Private IPs: Handling external exposure carefully; using Azure Firewall, and Network Security Groups (NSGs) for security.
  • Peering and Transit: Connecting VNets for resource access, using remote gateways and Gateway Transit configuration.
  • Azure Virtual Network Manager: Automating network configuration and security admin rules.

Additional Networking

  • NSGs and ASGs: Configuring security rules for traffic control and using tags for simpler management.
  • Azure Firewall: First-party network virtual appliance for filtering traffic and managing security at scale.
  • Azure DNS: Public and private DNS management, enabling internal name resolution.
  • ExpressRoute and VPN: Private connectivity to Azure resources; using ExpressRoute for dedicated connections.

Load Balancing and High Availability

  • Load Balancers: Azure Load Balancer for Layer 4, and Application Gateway for Layer 7 HTTP/HTTPS traffic.
  • Global and Regional Load Balancing: Solutions like Azure Traffic Manager, Cross-Region Load Balancer, and Front Door for high availability across regions.

Storage Fundamentals

  • Storage Accounts: Standard and premium types, general-purpose V2 commonly used.
  • Blob, Files, Table, and Queue Storage: Different storage services for various data types.
  • Redundancy Options: LRS, ZRS, GRS, GZRS for data resiliency; optional Read-Access GRS.
  • Tools for Storage Management: Use of Azure Storage Explorer and AzCopy.
  • Lifecycle Management: Automating tiered storage management.

Managed Disks

  • Types of Managed Disks: Standard HDD, Standard SSD, Premium SSD, SSD V2, and Ultra Disks with varying performance characteristics.
  • Disk Encryption: Using customer-managed keys with Disk Encryption Sets.
  • Performance and Bursting: Choosing appropriate sizes and performance tiers for applications.

Compute Resources

  • Virtual Machines (VMs): Key considerations in choosing appropriate SKUs and sizes for workloads.
  • Virtual Machine Scale Sets (VMSS): For automated scaling of VM instances based on load.
  • Containers and Kubernetes: Azure Kubernetes Service for orchestrating containers. Use of Azure Container Instances for simpler deployments.

Backup and Disaster Recovery

  • Azure Backup Center: Managing backups across different services; consistent policy application.
  • Azure Site Recovery: Orchestrating disaster recovery for VM workloads.

Monitoring and Alerts

  • Azure Monitoring: Using Azure Monitor for metrics and logs; configuring diagnostic settings.
  • Alerts and Actions: Creating alert rules and configuring action groups for automated responses.
  • Network Watcher: Tools for network diagnostics and topology insights.

Full transcript