Manage Azure identities and governance
20-25%Microsoft Entra users and groups, access assignments, Azure RBAC, subscriptions, resource groups, management groups, Azure Policy, locks, tags, budgets, alerts, and Advisor recommendations.
CertVectorAzure Administrator study guide
A six-week path from Azure administration basics to AZ-104 readiness.
AZ-104 rewards operational judgment: the right scope, the right Azure service, the right recovery step, and the least disruptive change. Use this plan with CertVector drills to build that habit.
AZ-104 domain weights
Implement and manage storage
15-20%Storage firewalls, virtual networks, SAS tokens, access keys, Azure Files identity access, redundancy, encryption, object replication, Storage Explorer, AzCopy, blob tiers, soft delete, snapshots, versioning, and lifecycle management.
Deploy and manage Azure compute resources
20-25%ARM and Bicep deployments, virtual machines, VM disks, availability sets and zones, Virtual Machine Scale Sets, Azure Container Registry, Azure Container Instances, Azure Container Apps, App Service plans, TLS, custom DNS, backup, networking, scaling, and deployment slots.
Implement and manage virtual networking
15-20%Virtual networks, subnets, peering, public IP addresses, user-defined routes, NSGs, ASGs, effective security rules, Azure Bastion, service endpoints, private endpoints, Azure DNS, internal and public load balancers, and connectivity troubleshooting.
Monitor and maintain Azure resources
10-15%Azure Monitor metrics and logs, alert rules, action groups, alert processing, VM/storage/network insights, Network Watcher, Connection monitor, Recovery Services vaults, Backup vaults, backup policies, restore operations, Azure Site Recovery, failover, and backup reporting.
Weekly progression
Move from identity and governance into resource operations, then finish with recovery and mixed scenario timing.
Week 1
Identity and Governance
Review Microsoft Entra users, groups, guest access, SSPR, RBAC scopes, role assignments, management groups, subscriptions, resource groups, tags, locks, Policy, budgets, and Advisor.
Week 2
Storage Operations
Practice storage account access, firewalls, virtual network rules, SAS tokens, access keys, identity-based Azure Files access, redundancy, encryption, object replication, Blob tiers, snapshots, soft delete, and lifecycle rules.
Week 3
Compute Deployment
Work through ARM and Bicep deployment decisions, VM sizing, disks, availability zones and sets, VM Scale Sets, containers, ACR, Container Apps, App Service, custom domains, TLS, backups, networking, scaling, and slots.
Week 4
Virtual Networking
Drill VNets, subnets, peering, public IP addresses, route tables, user-defined routes, NSGs, ASGs, Bastion, service endpoints, private endpoints, private DNS, Azure DNS, and load balancers.
Week 5
Monitoring and Recovery
Use Azure Monitor metrics and logs, alert rules, action groups, alert processing, Insights, Network Watcher, Connection monitor, Backup vaults, Recovery Services vaults, restore operations, Site Recovery, and failover scenarios.
Week 6
Timed Operations Readiness
Run mixed timed sets, review missed explanations by objective, retest weak domains, and practice choosing the least-disruptive Azure administration action from scenario evidence.
Use the plan inside the product
Start with mixed AZ-104 drills, inspect your weak domains, then use missed-question review to reinforce Azure administration decisions that were not clear.