The core knowledge system required to obtain AZ-104 (Microsoft Azure Administrator Associate) in 2026 corresponds to the five official exam areas of Microsoft, focusing on the deployment, management, security, and monitoring of Azure environments, and adapting to the cloud management and compliance needs of European and American enterprises.

The following is the structured core knowledge system and practical points of AZ-104, which are in line with the technical requirements of the production environment of European and American enterprises.

1. Manage Azure Identity and Access

The core of this module is Microsoft Entra ID and permission governance, which is the fundamental threshold for cloud security in European and American enterprises.

Microsoft Entra ID Management: Lifecycle management of user/group/guest accounts, multi factor authentication, self-service password reset configuration, cross tenant access, and external collaboration.

Access control: Built in and custom role design, implementation of the principle of minimizing permissions, configuration of conditional access policies, permission auditing and compliance reporting.

Subscription and Governance: Azure Policy defines resource compliance rules, prevents accidental deletion of resource locks, implements cost and asset tracking through tag policies, and sets budget and cost alerts.

Application and Device Management: Enterprise application registration and SSO integration, Azure AD Join/Hybrid Join configuration, implementation of device compliance policies.

2. Deploy and manage computing resources

Focusing on automated deployment and high availability of VM and containerized resources, adapting to hybrid cloud and DevOps processes in European and American enterprises.

The entire process of virtual machines: Windows/Linux VM creation and custom image, availability/scale set configuration, automatic scaling of expansion sets, Azure Disk encryption and backup strategy.

Container and PaaS computing: Azure container instance and container registry management, Azure App Service configuration and deployment slots, automatic scaling and CI/CD integration of Web Apps.

Resource automation: ARM template/VNet writing and parameterized deployment, Azure CLI/PowerShell script batch operation and maintenance, Azure DevOps Pipeline implementation for IaC delivery.

3. Configure and manage virtual networks

The network is the core of cloud infrastructure, requiring isolation, secure access, and traffic control to comply with zero trust and compliance requirements in Europe and America.

Network infrastructure: virtual network, subnet, routing table and peer-to-peer interconnection configuration, public IP and private IP planning, user-defined routing to achieve traffic path control.

Security access control: design of network security group and application security group rules, Azure Bastion remote access, isolation of PaaS traffic by service/dedicated endpoints, DDoS protection and WAF configuration.

Load balancing and DNS: Internal/public load balancer configuration, Azure DNS zone and record management, traffic manager for multi zone failover.

Network operation and maintenance: connectivity testing and NSG flow log analysis, VNet peer-to-peer/VPN/FHIR troubleshooting.

4. Implement and manage storage

Storage is the core of data assets, which needs to balance performance, security, and compliance, and adapt to European and American GDPR and industry data standards.

Storage account management: type selection, redundant policy configuration, hierarchical access optimization cost.

Data Security and Access: Storage Access Signature and Shared Access Policy, Azure AD Authentication and RBAC Permission Control, Blob Soft Deletion and Version Control, Data Encryption and Compliance Audit.

Data service configuration: Blob storage lifecycle rules, Azure Files and file synchronization deployment, cross regional object replication for disaster recovery.

5. Monitor and maintain Azure resources

Ensure business continuity, comply with SLA and disaster recovery requirements of European and American enterprises, and reduce the risk of business interruption.

Monitoring and alerts: Azure Monitor configuration metrics/log queries, Application Insights for application performance monitoring, Log Analytics workspace design, custom alert and notification channels.

Backup and Recovery: Recovery service repository/backup repository configuration, VM/file/database backup strategy development, Azure Site Recovery for cross regional failover, backup reporting and compliance verification.

Troubleshooting: Analysis of resource health status, diagnosis of common network/computing/storage issues, implementation of Azure Advisor optimization recommendations.

6. Core Tools and Basic Abilities

Without the ability to use tools, efficient operation and maintenance cannot be achieved, which is the basic threshold for cloud administrators in European and American enterprises.

Management tools: daily operation and automation script writing for Azure Portal, Azure CLI, PowerShell, Cloud Shell.

IaC and DevOps: Writing and deploying ARM templates/mods, Azure DevOps implements infrastructure as code delivery.

Cross platform and Compliance: Fundamentals of Windows/Linux Systems, Compliance Implementation of GDPR/ISO 27001 in Azure, Cost Management and Resource Optimization Skills.

Special attention: New and key strengthening directions for 2026

Zero trust architecture: deep configuration of conditional access policies, dedicated endpoints, and Just In Time VM access.

Multi cloud and hybrid networks: Network interconnection between Azure and third-party clouds, and integration of FHIR Direct and SD-WAN.

AI assisted operations: AI anomaly detection in Azure Monitor and cost/security optimization recommendations for Advisor.

Compliance and Security Enhancement: EU NIS2 Directive, US CMMC 2.0 Security Configuration and Audit in Azure.

Conclusion: The core knowledge system of AZ-104 in 2026 is based on the framework of "identity computing network storage monitoring", combined with tool automation and compliance security, fully adapted to the job requirements of cloud management in European and American enterprises.

Preparing for the exam should focus on the official learning path of Microsoft Learn. You can choose to cooperate with SPOTO's training courses to complete practical operations, with a focus on strengthening the automation capabilities of ARM/Bicep and CLI/PowerShell, ensuring seamless integration of skills with the production environment of the enterprise.