AZ-104 Study Guide: Mastering Azure Governance, Sync, and Redundancy

Master tricky AZ-104 exam topics including Azure AD Connect Delta sync, RA-GRS storage, Azure Policy tag inheritance, and resource move dependencies.

1. Azure Tags and Governance

Tags are metadata elements used for cost management and resource organization.

  • Non-Inheritance: By default, tags applied to a Resource Group (RG) do not flow down to the resources within it.
  • Enforcement via Azure Policy: To automate tagging, you must use Azure Policy.
    • Append/Modify: Adds the tag if it is missing during creation.
    • Inherit from RG: Specifically pulls the value from the parent container.
  • Permissions: To apply tags, you need Microsoft.Resources/tags/write permissions (included in Contributor and Owner roles).

2. Resource Mobility

Moving resources is a common administrative task with strict prerequisites.

  • Tenant Constraint: You can move resources between subscriptions only if they belong to the same Entra ID (Azure AD) tenant.
  • Dependency Management: Resources must be moved with their dependencies. For example, a Virtual Machine must be moved simultaneously with its Managed Disks and Network Interfaces (NICs).
  • Operational Impact:
    • The resource remains available during the move.
    • Both the source and destination Resource Groups are locked for the duration of the operation.
    • The Resource ID changes (important for scripts/automation).

3. Azure AD (Entra ID) Licensing

Licensing and RBAC (Role-Based Access Control) are distinct concepts often confused in exam scenarios.

  • Assignment vs. Role: Assigning a user the Global Administrator role does not grant them a P1/P2 license. Licenses must be assigned explicitly to users or groups.
  • Group-Based Licensing:
    • Licenses assigned to a group are inherited by all members.
    • Note: While direct members inherit licenses, check specific documentation for your tenant version regarding nested group inheritance, as standard Entra ID behavior often requires direct membership for license assignment.
FeatureRole-Based Access (RBAC)Licensing (P1/P2)
PurposePermissions to manage resourcesAccess to premium features
ExampleOwner, Contributor, ReaderConditional Access, PIM, Self-Service Password Reset
AssignmentScope (Sub, RG, Resource)User or Group level

4. Monitoring and ITSM Integration

Transforming telemetry into actionable tickets is a key objective for the “Monitor and Back Up Resources” section of the exam.

  • The Chain of Action:
    1. Metric/Log: Collected by Azure Monitor (e.g., % CPU).
    2. Alert Rule: Defines the threshold (e.g., CPU > 90%).
    3. Action Group: Defines who or what is notified.
  • ITSM Connector: Within an Action Group, the ITSM action type allows you to connect to ServiceNow, System Center Service Manager, or other providers to automatically generate incidents.

5. Azure Marketplace and Private Offers

Marketplace management revolves around billing account permissions.

  • Private Offers: Negotiated deals between a publisher and a specific customer.
  • Requirements:
    • The Billing Account must allow Marketplace purchases.
    • The user accepting the offer must have Subscription Owner or Contributor rights to initiate the deployment.
  • Credits: Many Marketplace items (especially third-party software) are billed separately from Azure Consumption Credits.

LinkedInCopyPinterestRedditTelegramChatGPTSMS

Related Posts

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by