Microsoft Azure Fundamentals (AZ900) + Azure

Administrator Associate (AZ104) Training Course

Outline

Microsoft Azure Fundamental (AZ900) Course Outline

Module 1: Describe Cloud Concepts (25-30%)

Describe cloud computing

• Define cloud computing
• Describe the shared responsibility model
• Define cloud models, including public, private, and hybrid
• Identify appropriate use cases for each cloud model
• Describe the consumption-based model
• Compare cloud pricing models
• Describe serverless

Describe the benefits of using cloud services

• Describe the benefits of high availability and scalability in the cloud
• Describe the benefits of reliability and predictability in the cloud
• Describe the benefits of security and governance in the cloud
• Describe the benefits of manageability in the cloud

Describe cloud service types

• Describe infrastructure as a service (IaaS)
• Describe platform as a service (PaaS)
• Describe software as a service (SaaS)
• Identify appropriate use cases for each cloud service (IaaS, PaaS, and SaaS)

Module 2: Describe Azure architecture and services (35–40%)

Describe the core architectural components of Azure
• Describe Azure regions, region pairs, and sovereign regions
• Describe availability zones
• Describe Azure datacenters
• Describe Azure resources and resource groups
• Describe subscriptions
• Describe management groups
• Describe the hierarchy of resource groups, subscriptions, and management groups

Describe Azure compute and networking services

• Compare compute types, including containers, virtual machines, and functions
• Describe virtual machine options, including Azure virtual machines, Azure Virtual
Machine Scale Sets, availability sets, and Azure Virtual Desktop
• Describe the resources required for virtual machines
• Describe application hosting options, including web apps, containers, and virtual
machines
• Describe virtual networking, including the purpose of Azure virtual networks, Azure
virtual subnets, peering, Azure DNS, Azure VPN Gateway, and ExpressRoute
• Define public and private endpoints

Describe Azure storage services

• Compare Azure Storage services
• Describe storage tiers
• Describe redundancy options
• Describe storage account options and storage types
• Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure
File Sync
• Describe migration options, including Azure Migrate and Azure Data Box

Describe Azure identity, access, and security

• Describe directory services in Azure, including Azure Active Directory (Azure AD), part
of Microsoft Entra and Azure Active Directory Domain Services (Azure AD DS)
• Describe authentication methods in Azure, including single sign-on (SSO), multi-factor
authentication (MFA), and passwordless
• Describe external identities in Azure, including business-to-business (B2B) and
business-to-customer (B2C)
• Describe Conditional Access in Azure AD
• Describe Azure role-based access control (RBAC)
• Describe the concept of Zero Trust
• Describe the purpose of the defense-in-depth model
• Describe the purpose of Microsoft Defender for Cloud
Module 3: Describe Azure management and governance (30–35%)
Describe cost management in Azure
• Describe factors that can affect costs in Azure
• Compare the pricing calculator and the Total Cost of Ownership (TCO) Calculator
• Describe cost management capabilities in Azure
• Describe the purpose of tags

Describe features and tools in Azure for governance and compliance

• Describe the purpose of Microsoft Purview in Azure
• Describe the purpose of Azure Policy
• Describe the purpose of resource locks

Describe features and tools for managing and deploying Azure

resources
• Describe the Azure portal
• Describe Azure Cloud Shell, including Azure Command-Line Interface (CLI) and Azure
PowerShell
• Describe the purpose of Azure Arc
• Describe infrastructure as code (IaC)
• Describe Azure Resource Manager (ARM) and ARM templates

Describe monitoring tools in Azure

• Describe the purpose of Azure Advisor
• Describe Azure Service Health
• Describe Azure Monitor, including Log Analytics, Azure Monitor alerts, and
Application Insights
Microsoft Azure Administrator (AZ104) Training
Course Outline

Module 1 - Manage Azure identities and governance (20–25%)

Manage Microsoft Entra users and groups

• Create users and groups

• Manage user and group properties
• Manage licenses in Microsoft Entra ID
• Manage external users
• Configure self-service password reset (SSPR)

Manage access to Azure resources

• Manage built-in Azure roles

• Assign roles at different scopes
• Interpret access assignments

Manage Azure subscriptions and governance

• Implement and manage Azure Policy

• Configure resource locks
• Apply and manage tags on resources
• Manage resource groups
• Manage subscriptions
• Manage costs by using alerts, budgets, and Azure Advisor recommendations
• Configure management groups
Module 2 - Implement and manage storage (15–20%)
Configure access to storage

• Configure Azure Storage firewalls and virtual networks

• Create and use shared access signature (SAS) tokens
• Configure stored access policies
• Manage access keys
• Configure identity-based access for Azure Files

Configure and manage storage accounts

• Create and configure storage accounts

• Configure Azure Storage redundancy
• Configure object replication
• Configure storage account encryption
• Manage data by using Azure Storage Explorer and AzCopy

Configure Azure Files and Azure Blob Storage

• Create and configure a file share in Azure Storage

• Create and configure a container in Blob Storage
• Configure storage tiers
• Configure snapshots and soft delete for Azure Files
• Configure blob lifecycle management
• Configure blob versioning

Module 3 - Deploy and manage Azure compute resources (20–25%)

Automate deployment of resources by using Azure Resource Manager (ARM)
templates or Bicep files

• Interpret an Azure Resource Manager template or a Bicep file

• Modify an existing Azure Resource Manager template
• Modify an existing Bicep file
• Deploy resources by using an Azure Resource Manager template or a Bicep file
• Export a deployment as an Azure Resource Manager template or convert an Azure
Resource Manager template to a Bicep file
 Create and configure virtual machines

• Create a virtual machine

• Configure Azure Disk Encryption
• Move a virtual machine to another resource group, subscription, or region
• Manage virtual machine sizes
• Manage virtual machine disks
• Deploy virtual machines to availability zones and availability sets
• Deploy and configure an Azure Virtual Machine Scale Sets

Provision and manage containers in the Azure portal

• Create and manage an Azure container registry

• Provision a container by using Azure Container Instances
• Provision a container by using Azure Container Apps
• Manage sizing and scaling for containers, including Azure Container Instances and
Azure Container Apps

Create and configure Azure App Service

• Provision an App Service plan

• Configure scaling for an App Service plan
• Create an App Service
• Configure certificates and Transport Layer Security (TLS) for an App Service
• Map an existing custom DNS name to an App Service
• Configure backup for an App Service
• Configure networking settings for an App Service
• Configure deployment slots for an App Service

Module 4 - Implement and manage virtual networking (15–20%)

Configure and manage virtual networks in Azure

• Create and configure virtual networks and subnets

• Create and configure virtual network peering
• Configure public IP addresses
• Configure user-defined network routes
• Troubleshoot network connectivity
 Configure secure access to virtual networks

• Create and configure network security groups (NSGs) and application security groups
• Evaluate effective security rules in NSGs
• Implement Azure Bastion
• Configure service endpoints for Azure platform as a service (PaaS)
• Configure private endpoints for Azure PaaS

Configure name resolution and load balancing

• Configure Azure DNS

• Configure an internal or public load balancer
• Troubleshoot load balancing

Module 5 - Monitor and maintain Azure resources (10–15%)

Monitor resources in Azure

• Interpret metrics in Azure Monitor

• Configure log settings in Azure Monitor
• Query and analyze logs in Azure Monitor
• Set up alert rules, action groups, and alert processing rules in Azure Monitor
• Configure and interpret monitoring of virtual machines, storage accounts, and
networks by using Azure Monitor Insights
• Use Azure Network Watcher and Connection Monitor

Implement backup and recovery

• Create a Recovery Services vault

• Create an Azure Backup vault
• Create and configure a backup policy
• Perform backup and restore operations by using Azure Backup
• Configure Azure Site Recovery for Azure resources
• Perform a failover to a secondary region by using Site Recovery
• Configure and interpret reports and alerts for backups