Microsoft Azure Administrator

AZ-104 Exam Preparation Guide

Transcript analysis and practical study plan for preparing for the Microsoft AZ-104: Microsoft Azure Administrator exam.

Recommended use: open the supporting video in a new tab, read once end-to-end, then use the domain checklists, supporting links and labs as a revision tracker.

Supporting AZ-104 video

Squarespace is blocking the embedded player on this plan, so this uses a clickable thumbnail instead. Select the image below to open the video in YouTube.

Open the AZ-104 supporting video on YouTube

1. Executive summary

Scope of this guide: this guide analyses an AZ-104 exam-prep transcript and restructures it into a practical preparation guide. It is not a question dump; it is a study and readiness guide.

Learn the official skills list first. Avoid spending most of your time on adjacent topics that are not in the AZ-104 outline.
Practise in a real Azure subscription or Microsoft Learn sandbox where possible. The exam expects operational judgement.
Treat each question as a scenario: identify the required service, scope, permissions, constraints and best-practice answer.
Use least privilege, cost control, security, resilience and operational maintainability as decision filters.
Use the Exam Sandbox before exam day so the interface and question styles do not cost you time.

2. Exam blueprint and weighting

The five objective domains below should be used as your revision structure.

Item	What to know
Exam	AZ-104: Microsoft Azure Administrator
Certification	Microsoft Certified: Azure Administrator Associate
Audience	Azure administrators implementing, managing and monitoring Azure environments.
Prerequisite working knowledge	Operating systems, networking, servers, virtualisation, PowerShell, Azure CLI, Azure portal, ARM/Bicep and Microsoft Entra ID.
Pass score	700 or greater.
Main preparation tools	Official study guide, Microsoft Learn modules, hands-on labs, free Practice Assessment and Exam Sandbox.

The biggest preparation point: prioritise the two heaviest domains first: identities and governance, and compute. Together they can account for nearly half of the exam. Storage and networking are still substantial, and monitoring/backup is smaller but often precise and procedural.

Domain	Weight	Priority	Why it matters
Manage Azure identities and governance	20-25%	Very high	Covers Entra users/groups, RBAC, subscriptions, policy, locks, tags, cost management and management groups. These are foundational across almost every Azure environment.
Implement and manage storage	15-20%	High	Tests access, storage accounts, redundancy, SAS, Azure Files, Blob Storage, lifecycle management, soft delete and versioning.
Deploy and manage Azure compute resources	20-25%	Very high	Covers ARM/Bicep, VMs, VM availability, scale sets, containers, App Service and scaling. This is one of the most task-heavy areas.
Implement and manage virtual networking	15-20%	High	Covers VNets, subnets, peering, UDRs, NSGs, ASGs, Bastion, endpoints, DNS and load balancers. Many questions are troubleshooting or rule-evaluation scenarios.
Monitor and maintain Azure resources	10-15%	Medium, but do not skip	Covers Azure Monitor, logs, alerts, insights, Network Watcher, backups and Site Recovery. Smaller weighting, but procedural details can be decisive.

Supporting links

3. Preparation strategy

3.1 The working method

Read the current official Microsoft Learn AZ-104 study guide and copy the skills list into a tracker.
For each skill, decide whether you can perform it in the Azure portal, explain when to use it, and identify the common exam trap.
Build small labs for the key tasks. Do not only watch videos.
Use the free Practice Assessment to find weak areas. Treat it as diagnostic rather than as the exam itself.
Use the Exam Sandbox before booking or at least before exam week.
Do a final pass on high-yield comparison topics: RBAC vs Entra roles, policy vs locks, service endpoints vs private endpoints, scale up vs scale out, ACI vs ACA vs AKS, Backup vs Site Recovery.

3.2 What the exam is really testing

Scope: management group, subscription, resource group or resource.
Permissions: which built-in role is enough, and where it should be assigned.
Constraints: region support, resource move limits, networking rules, SKU/tier limitations and feature prerequisites.
Operational sequence: which steps must happen first, especially for backup, recovery, networking and deployment scenarios.
Best practice: least privilege, policy-based governance, cost controls, secure access and resilient architecture.

3.3 Topics not to over-prioritise

The transcript warns candidates not to chase areas that are not in the official skills list. You may need awareness of related features, but deep configuration of the following should not dominate AZ-104 revision:

Deep Intune administration.
Deep Conditional Access design, beyond knowing licensing relationships where relevant.
Advanced Microsoft Entra Privileged Identity Management configuration, beyond recognising P2 licensing where relevant.
Deep Kubernetes design. Know when AKS is appropriate, but the AZ-104 container focus is ACR, ACI and Azure Container Apps.
Application development internals. For App Service and Application Insights, focus on administrator tasks.

Supporting links

Prepare for a Microsoft examMicrosoft guidance on study guides, exam prep videos, Learn modules and practice assessments.Practice assessmentsFree Microsoft Learn practice assessments and readiness reporting.AZ-104 prerequisites learning pathBaseline Azure concepts for AZ-104 candidates.AZ-104T00 courseStructured course covering subscriptions, identity, storage, compute, networking, backup and monitoring.

4. Domain 1 - Manage Azure identities and governance

Weighting: 20-25%

This is one of the highest-value revision areas.

4.1 Core knowledge

Area	You need to know
Microsoft Entra users and groups	Create and manage users and groups; understand cloud identities, directory-synchronised identities and guest users; manage user and group properties; understand group-based access.
Licensing	Understand Free, P1, P2 and Entra Suite at a high level; know that some capabilities require premium licensing; know how licence assignment and group inheritance work.
External users	Guest users are added to your tenant as external identities. Know invitation flow, access review concepts and sponsor/review best practice.
SSPR	Know that self-service password reset is in scope and understand its purpose, enablement and user impact.
Azure RBAC	Know Owner, Contributor and Reader well. Understand role definitions, role assignments, security principals and scopes.
Entra roles vs Azure RBAC roles	Entra roles control directory administration. Azure RBAC controls Azure resource access. Do not confuse the two.
Governance	Azure Policy, initiatives, resource locks, tags, resource groups, subscriptions, costs, budgets, Advisor recommendations and management groups.

4.2 Exam traps and decision rules

Permissions are additive across assignments unless denied by other controls. If a user is Reader at one scope and Contributor at a lower scope, evaluate the effective result at the target resource.
Scope inheritance flows downwards: management group to subscription to resource group to resource.
Least privilege is normally the expected answer. Assign the narrowest role at the narrowest useful scope.
Policy and RBAC do different things. RBAC says who can attempt an action. Policy can restrict what is allowed even when a user has permission.
Resource locks protect against accidental deletion or modification. Policy enforces standards at scale. Know when to use each.
Every Azure resource belongs to exactly one resource group; resource groups cannot be nested or renamed; resources in a group can be in different regions.
Management groups sit above subscriptions and are used to organise policy and access control across multiple subscriptions.
Cost questions often involve budgets, alerts, Azure Advisor recommendations, reservations and Azure Hybrid Benefit.

Supporting links

AZ-104 identities and governance pathMicrosoft Learn path for Entra objects, RBAC, subscriptions and governance.Azure RBAC overviewRole assignments, additive permissions and access control for Azure resources.Azure built-in rolesReference for Owner, Contributor, Reader and other built-in roles.Azure Policy overviewPolicy, compliance, initiatives and remediation concepts.Resource locksCanNotDelete and ReadOnly locks and when they apply.Management groupsSubscription hierarchy for policy and access management at scale.Manage resource groupsResource group creation, movement, locking and management.Create Azure budgetsCost Management budgets and alerts.

5. Domain 2 - Implement and manage storage

Weighting: 15-20%

The topic list is broad, so do not underestimate this section.

5.1 Core knowledge

Area	You need to know
Storage access	Storage firewalls, virtual network rules, public IP restrictions, trusted Azure services, service endpoints and private endpoints.
SAS tokens	User delegation SAS, service SAS and account SAS. Prefer user delegation SAS where possible because it uses Microsoft Entra credentials and RBAC.
Stored access policies	Extra control for SAS tokens; understand revocation by deleting or changing the policy and that propagation can take a short time.
Access keys	Know why hard-coding keys is poor practice; use Key Vault and understand the effect of disabling shared key access.
Azure Files	SMB/NFS access patterns, identity-based access for SMB scenarios, Windows ACL preservation, and the need for TCP 445 for SMB connectivity.
Storage redundancy	LRS, ZRS, GRS, GZRS and read-access variants. Know the trade-off between cost, availability, regional disaster protection and read access.
Encryption	Storage Service Encryption is automatic. Know Microsoft-managed keys versus customer-managed keys and Key Vault dependency for customer-managed keys.
Tools	Storage Explorer is GUI-based. AzCopy is command-line and optimised for copying data to/from Azure Storage. Know authentication options and use cases.
Blob and file protection	Soft delete, snapshots, lifecycle management, storage tiers and blob versioning.

5.2 High-yield details from the transcript

Storage firewalls and virtual network rules apply to data-plane operations.
A stored access policy can make SAS revocation easier than managing individual SAS tokens directly.
For Azure file shares over SMB, port 445 must be open and SMB 3.0 encryption matters for secure transfer.
Blob access levels are private, blob and container. Know the security implication of each.
Blob tiers: hot, cool, cold and archive. The transcript highlights minimum retention periods of 30 days for cool, 90 days for cold and 180 days for archive.
Archive has the lowest storage cost but rehydration takes time. Moving data before minimum retention does not block the move, but may create early deletion charges.
Blob lifecycle policies automate tiering and deletion based on rules such as blob age, container or path.
Blob versioning creates versions on modification; understand the cost and latency implications of many versions.

Supporting links

AZ-104 storage learning pathOfficial modules for storage accounts, Blob Storage, security and Azure Files.Storage account overviewStorage account types, services and core concepts.Storage network securityFirewalls, virtual network rules and network access to storage.Storage firewall limitationsData-plane limitations and trusted boundary notes.Shared access signaturesSAS types, delegated access and user delegation SAS.Prevent Shared Key authorizationHow disabling Shared Key affects access methods.Storage redundancyLRS, ZRS, GRS, GZRS and read-access variants.Blob access tiersHot, cool, cold and archive tier behaviour and retention guidance.Blob lifecycle managementAutomated tiering and deletion policies.Blob versioningBlob versions, restore behaviour and cost implications.Azure Files identity-based accessAuthentication and access control patterns for Azure file shares.AzCopyCommand-line copy and sync tool for Azure Storage.

6. Domain 3 - Deploy and manage Azure compute resources

Weighting: 20-25%

Along with identities and governance, this is a top-priority domain.

6.1 Core knowledge

Area	You need to know
ARM templates	JSON structure: schema, contentVersion, parameters, variables, functions, resources and outputs. Be able to interpret, modify, deploy and export templates.
Bicep	Readable domain-specific language for Azure deployment. Know parameters, conditions, loops, modules, deployment and conversion/compilation to ARM.
Virtual machines	Create VMs, select image/size, configure network, disks, management options, extensions, backups, monitoring and auto-shutdown.
VM sizing and disks	Know VM family intent, disk attachment, data disk limits by size, managed disks and encryption at host.
Availability	Availability zones, availability sets, update domains, fault domains, load balancers and VM scale sets.
Moving VMs	Moving between resource groups/subscriptions versus region moves; understand dependencies and downtime impact.
Container Registry	Private Docker-compatible registry for container images; know tiers, image storage and integration with AKS, App Service and other services.
ACI	Fastest simple container runtime without managing VMs; good for simple or burst workloads.
Azure Container Apps	Managed serverless container platform for microservices and event-driven/containerised workloads.
App Service	App Service plan, app creation, TLS/certificates, custom DNS, backup, networking, scaling and deployment slots.

6.2 Exam traps and decision rules

Do not memorise every VM size. Know the family pattern and match the workload: general purpose, compute optimised, memory optimised and so on.
Scale up means increasing the power/tier/size of an instance. Scale out means adding instances.
VM scale sets manage groups of identical VMs and support automatic scale behaviour.
ACI is for quick simple container execution; Azure Container Apps is managed/serverless for containerised apps; AKS is the full orchestration answer when the scenario requires Kubernetes-level control.
An App Service plan defines the compute resources and cost model. Multiple apps can share the same plan.
Deployment slot settings can be marked as slot settings so they stick to the slot and do not swap.
For ARM/Bicep questions, focus on reading structure and intent rather than memorising full syntax.

Supporting links

AZ-104 compute learning pathOfficial modules for VMs, containers and web apps.ARM template syntaxTemplate structure: parameters, variables, resources and outputs.Bicep overviewBicep language concepts and ARM deployment relationship.Bicep file structureParameters, variables, resources, modules and outputs in Bicep files.VM sizes overviewVM families and workload-oriented size selection.Availability setsFault domains, update domains and availability set behaviour.VM scale setsDeploy and manage sets of load-balanced, scalable VMs.Azure Container RegistryPrivate container image registry and SKU capabilities.Azure Container InstancesFast serverless container execution without managing VMs.Azure Container AppsServerless platform for containerised apps and microservices.App Service plansPlan tiers, compute resources and scale decisions.Deployment slotsStaging slots, swaps and slot-specific settings.

7. Domain 4 - Implement and manage virtual networking

Weighting: 15-20%

Expect scenario and troubleshooting questions.

7.1 Core knowledge

Area	You need to know
VNets and subnets	Create VNets/subnets; understand address spaces, segmentation, communication between Azure resources, internet access and hybrid connectivity.
VNet peering	Connect VNets; know peering status, virtual network access, forwarded traffic and gateway transit options.
Public IP addresses	Configure and understand static/dynamic allocation and SKU implications for modern deployments.
User-defined routes	Route tables, next hop types, overriding system routes and using network virtual appliances.
Network troubleshooting	VM-to-VM, VM-to-internet, secondary NIC and route problems. Know what to check first.
NSGs	Inbound/outbound rules, default rules, priority order and five-tuple evaluation: source, source port, destination, destination port and protocol.
ASGs	Logical grouping of VMs for NSG rule targeting. ASGs do not filter traffic by themselves; NSGs do.
Azure Bastion	Secure RDP/SSH through browser over TLS without exposing VM public IP addresses.
Service endpoints and private endpoints	Both secure access to PaaS, but service endpoints extend subnet identity to the service while private endpoints place a private IP for the service in the VNet.
DNS and load balancing	Azure DNS vs Private DNS; internal vs public Load Balancer; frontend IPs, backend pools, rules and health probes.

7.2 Exam traps and decision rules

For NSG questions, sort rules by priority and direction before deciding allow/deny.
Remember default NSG rules. A custom higher-priority rule can override the default behaviour.
ASGs simplify rule management when IP addresses change; they do not replace NSGs.
UDRs are used when the scenario wants to force traffic through a firewall or network virtual appliance.
Private endpoints are usually the answer when the requirement is private IP access to a PaaS service.
For Bastion scenarios, look for requirements such as no VM public IP, browser-based RDP/SSH and reduced attack surface.
For load balancer troubleshooting, check frontend IP, backend pool membership, rules, health probes, NSGs and VM health.

Supporting links

AZ-104 networking learning pathOfficial modules for VNets, NSGs, DNS, peering, routes and Load Balancer.Virtual Network overviewCore Azure network building block for secure communication.Virtual network peeringVNet-to-VNet connectivity and peering settings.Virtual network routingSystem routes, custom routes and next hop behaviour.Network security groupsInbound/outbound filtering and rule priority.Application security groupsLogical grouping for NSG rule targeting.Azure BastionBrowser or native-client RDP/SSH without VM public IPs.Service endpointsSecuring Azure service traffic from subnets over the Azure backbone.Private endpointsPrivate IP access to Azure services through Private Link.Private Link FAQUseful comparison of service endpoints and private endpoints.Azure Load BalancerLayer 4 public and internal load balancing.Load Balancer health probesProbe behaviour and common causes of unreachable backends.

8. Domain 5 - Monitor and maintain Azure resources

Weighting: 10-15%

This is the smallest domain, but backup and recovery questions often require exact steps.

8.1 Core knowledge

Area	You need to know
Azure Monitor metrics	Interpret metrics such as CPU and IOPS; understand near-real-time monitoring and data sources.
Logs and Log Analytics	Configure diagnostic/log settings, query and analyse logs, save queries and create dashboards.
Alerts	Alert rules include scope, condition/criteria, severity, action groups and alert processing rules.
Monitor Insights	Use insights for VMs, storage accounts and networks; understand what extra visibility each provides.
Application Insights	Know the administrator-level purpose: request rates, response times, failures, dependencies, exceptions, page views and custom events.
Network Watcher	Topology, diagnostics, Connection Monitor, performance/connectivity checks and network troubleshooting.
Recovery Services vault	Used for backup and recovery scenarios; stores recovery points and supports workloads such as Azure VMs and Azure Files.
Backup vault and policies	Know backup schedules, retention, redundancy choices and reporting.
Azure Site Recovery	Disaster recovery and replication/failover to a secondary Azure region. Know test failover and failover sequence at a high level.
Reporting and alerts	Backup integrates with Resource Graph, Monitor alerts/logs and built-in/custom reporting.

8.2 Exam traps and decision rules

Metrics and logs are different data types. Metrics are numerical time-series values; logs are queryable event/detail records.
Log Analytics is used when you need richer retention, KQL querying, saved queries and dashboards.
Action groups define what happens when an alert fires.
Network Watcher is the expected diagnostic service for Azure networking problems.
Azure Backup is for backup/restore. Azure Site Recovery is for disaster recovery and failover.
For restore or failover questions, look carefully for required order: permissions, vault, policy/replication, validation, test failover/restore, cleanup.

Supporting links

AZ-104 monitor and backup pathOfficial modules for Azure Monitor, Azure Backup and VM monitoring.Azure Monitor overviewMetrics, logs, analysis and alerting across Azure resources.Log Analytics overviewRun and edit log queries against Azure Monitor Logs.Azure Monitor alertsMetric alerts, log search alerts and alert rule types.Application Insights overviewApplication performance, failures and telemetry monitoring.Network Watcher overviewNetwork diagnostic and monitoring tools.Connection MonitorContinuous endpoint connectivity monitoring.Azure Backup overviewBackup and restore service for Azure and hybrid workloads.Recovery Services vaultsVaults, recovery points and protected workload data.Azure Site Recovery overviewReplication, failover and failback for disaster recovery.Backup monitoring and reportingAzure Backup integration with Resource Graph, Monitor alerts/logs and Resource Health.

9. Practical lab checklist

Use this as a practical build plan. The aim is not to create a large production environment, but to touch the administrator tasks likely to appear in scenarios.

Lab	Tasks to perform	Evidence you should be able to explain
1. Governance baseline	Create resource groups; add tags; create a budget; assign a simple policy or initiative; apply a lock.	Policy vs lock; tag inheritance limitations; cost alert permissions; resource group constraints.
2. Entra and RBAC	Create a test user/group; assign Reader at subscription and Contributor at a resource group; review effective access.	RBAC inheritance, least privilege, Azure RBAC vs Entra admin roles.
3. Storage security	Create a storage account; restrict access with firewall/VNet rule; create SAS; rotate keys; test Storage Explorer/AzCopy.	SAS types, stored access policy use, firewall scope, key security.
4. Blob lifecycle	Upload blobs; configure hot/cool/archive tiering; enable soft delete and versioning; create lifecycle rule.	Tier trade-offs, retention periods, lifecycle rule conditions, version cost.
5. Azure Files	Create a file share; connect from a Windows client; test SMB connectivity.	Port 445, SMB versions, share access, snapshot/soft delete.
6. ARM/Bicep deployment	Deploy a simple storage account or VNet using Bicep; inspect equivalent ARM JSON.	Parameters, resources, outputs, deployment flow.
7. VM operations	Create a VM; add a data disk; resize VM; configure monitoring; enable backup.	VM size implications, disks, backup flow, management options.
8. Availability and scale	Create an availability set or scale set; review fault/update domains or scaling options.	Availability choices, scale up vs scale out, VMSS behaviour.
9. Containers and App Service	Create ACR; run a container in ACI or Azure Container Apps; create App Service plan/app; configure deployment slot.	ACI vs ACA vs AKS; App Service plan cost/scaling; sticky slot settings.
10. Networking	Create two VNets; peer them; add NSGs and ASGs; configure UDR; deploy Bastion if possible.	Peering settings, NSG priority, ASG purpose, UDR next hop, Bastion architecture.
11. Load balancing	Create a public or internal Load Balancer with backend VMs; test health probes.	Frontend/backend/rule/probe relationship and troubleshooting order.
12. Monitoring and recovery	Create Log Analytics workspace; configure diagnostic settings; create alert/action group; test backup and Site Recovery concepts.	Metrics vs logs, alerts, Network Watcher, Backup vs Site Recovery.

Supporting links

AZ-104 prerequisites pathStart here if you need baseline Azure admin concepts.AZ-104 identities and governance pathUse for governance, subscriptions, RBAC and Entra practice.AZ-104 storage pathUse for Storage, Blob and Azure Files labs.AZ-104 compute pathUse for VM, container and App Service labs.AZ-104 networking pathUse for VNet, NSG, DNS, routing and Load Balancer labs.AZ-104 monitor and backup pathUse for Azure Monitor, Backup and recovery labs.

10. Exam-day strategy

Read the requirement before the scenario text. Identify the task: deploy, secure, troubleshoot, reduce cost, monitor or recover.
Look for scope words: tenant, management group, subscription, resource group, resource, subnet, NIC, storage account, container or file share.
Eliminate answers that are too broad, too privileged, too expensive or do not meet the stated constraint.
When two answers work, prefer the one that is least privileged, policy-driven, secure and operationally simpler.
For network questions, map direction and path: source, destination, protocol, port, route, NSG, endpoint and load balancer health.
For sequence questions, identify dependencies: create vault before backup; define policy before assignment; create backend pool/probe/rules before expecting load balancer success.
Use Microsoft Learn during the exam only for targeted lookup. The timer continues, so do not plan to research every question.
Use mark-for-review strategically. Do not get stuck on one complex scenario at the expense of easier marks.
Be careful with breaks. Microsoft warns that after starting an unscheduled break you cannot return to questions already viewed before the break.

Supporting links

Exam duration and experienceExam timing, question counts, break behaviour and Microsoft Learn access.Practice assessmentsUse to test readiness and identify weak domains.Prepare for an examMicrosoft’s preparation guidance for certification exams.AZ-104 certification pageExam registration, learning paths and practice options.

11. Final readiness checklist

Readiness item	Target before booking
Official objectives	You can explain every bullet in the current skills measured list at a high level.
Portal confidence	You can find where to configure each major service without searching externally.
Command-line confidence	You recognise common Azure CLI and PowerShell approaches for core tasks.
ARM/Bicep confidence	You can read a simple deployment file and identify parameters, resources and outputs.
Lab evidence	You have completed most of the practical labs in section 9 or equivalent Microsoft Learn labs.
Practice Assessment	You have used the free Practice Assessment to identify weak domains and retested after revision.
Exam Sandbox	You have used the sandbox and understand the interface, review screen and question interactions.
High-yield comparisons	You can explain the comparison topics below without notes.

High-yield comparisons to memorise:
Azure RBAC vs Entra roles; Azure Policy vs resource locks; management groups vs subscriptions vs resource groups; service endpoints vs private endpoints; NSGs vs ASGs; scale up vs scale out; availability sets vs zones vs scale sets; ACI vs Azure Container Apps vs AKS; storage access keys vs SAS vs Microsoft Entra authentication; LRS/ZRS/GRS/GZRS and read-access variants; metrics vs logs; Azure Backup vs Azure Site Recovery.

Supporting links

Official AZ-104 study guideUse this as the final source of truth for skills measured.Azure Administrator AssociateConfirm exam details before booking.Practice assessmentsRetest weak areas before exam day.Exam duration and experienceReview question experience, timing, breaks and Microsoft Learn access.

12. Useful official links and reference library

Use these links as the reference library for the guide. The first two links are the most important to check before booking because exam objectives and certification guidance can change.

Supporting AZ-104 video

1. Executive summary

2. Exam blueprint and weighting

Supporting links

3. Preparation strategy

3.1 The working method

3.2 What the exam is really testing

3.3 Topics not to over-prioritise

Supporting links

4. Domain 1 - Manage Azure identities and governance

4.1 Core knowledge

4.2 Exam traps and decision rules

Supporting links

5. Domain 2 - Implement and manage storage

5.1 Core knowledge

5.2 High-yield details from the transcript

Supporting links

6. Domain 3 - Deploy and manage Azure compute resources

6.1 Core knowledge

6.2 Exam traps and decision rules

Supporting links

7. Domain 4 - Implement and manage virtual networking

7.1 Core knowledge

7.2 Exam traps and decision rules

Supporting links

8. Domain 5 - Monitor and maintain Azure resources

8.1 Core knowledge

8.2 Exam traps and decision rules

Supporting links

9. Practical lab checklist

Supporting links

10. Exam-day strategy

Supporting links

11. Final readiness checklist

Supporting links

12. Useful official links and reference library

AZ-104 exam and preparation

Domain learning paths

Administrator reference docs

mike@michaelwhitehouse.com