AZ-104 Microsoft Azure Administrator Exam

You're a great admin... on-prem. Now, become a great admin in the cloud and prove it by passing the Microsoft Certified: Azure Administrator Associate exam!

Practice Test

Practice Test

Configure Azure Files and Azure Blob Storage

Implement and manage storage

Azure Files provides fully managed file shares in the cloud that you can access via SMB or NFS. A file share behaves like a traditional on-premises file server, allowing multiple users and applications to store and share files. You provision a share inside an Azure Storage account, which handles the underlying infrastructure and replication.

To create a file share, you can use the Azure portal, Azure PowerShell, or Azure CLI. Steps include:

Selecting or creating a storage account
Opening the File shares blade
Defining the share name and quota

Once created, you can connect from Windows, Linux, or macOS using the SMB or NFS protocol with the storage account key or Azure AD credentials.

After creation, configure performance tiers (standard or premium) and set quota limits to manage capacity. You can also apply NTFS ACLs or posix permissions over NFS shares for fine-grained access control. Ensuring the right combination of performance tier and quota helps optimize both cost and performance for your workloads.

Create and configure a container in Blob Storage

A blob container is a logical grouping for blobs, which are objects such as text or binary files. Containers provide a way to organize data in an object storage service, much like folders in a file system. Each container lives within an Azure Storage account and can be configured for public or private access.

You can create a container via the Azure portal, Azure PowerShell, or Azure CLI. The process involves:

Choosing the storage account
Creating a new container with a unique name
Setting the public access level

Containers default to private, restricting access only to authenticated users. You can also enable anonymous read access if your application requires public data retrieval.

After creation, you can upload, list, and manage blobs using the Azure Storage REST API or SDKs. Assign role-based access control (RBAC) roles such as Storage Blob Data Reader to control who can read or write blobs in a container. Properly configuring access helps prevent unauthorized data exposure and ensures compliance with organizational policies.

Configure storage tiers

Azure Blob Storage offers three access tiers—Hot, Cool, and Archive—to balance cost and performance. Each tier caters to different data usage patterns:

Hot: Frequent access
Cool: Infrequent access
Archive: Rare access with long retrieval times

You can set the tier for individual blobs or at the container level using Azure CLI, PowerShell, or the Azure portal. When you tier down data, you reduce storage costs but may incur higher access fees when reading or rehydrating blobs.

Tiering can be automated with lifecycle management policies to move data between tiers based on last modified dates. For example, you can configure a policy to move blobs older than 30 days to Cool and those older than 180 days to Archive. This approach optimizes cost while ensuring data remains available according to your retention requirements.

Understanding the cost model for each tier is critical to managing your budget. Hot tier storage costs more per gigabyte but has lower access charges, while Archive is the cheapest for storage but the most expensive to retrieve. Selecting the right tier mix ensures you balance performance needs with cost savings.

Configure soft delete for blobs and containers

Soft delete helps protect against accidental blob or container deletion by retaining deleted data for a configurable retention period. When soft delete is enabled, deleting a blob or container marks it as soft-deleted instead of permanently removing it. During the retention period, you can restore the data seamlessly.

To enable soft delete, use Azure CLI, PowerShell, or the Azure portal under the Data protection settings. You must specify a retention period between 1 and 365 days. Deleted blobs within this window can be recovered by:

Listing soft-deleted blobs
Invoking the Restore operation

Soft delete for containers works similarly: deleting a container moves it to a soft-deleted state where its blobs can be restored as a group. This feature is especially valuable in scenarios where you need to recover entire sets of data quickly.

Remember that enabling soft delete increases storage costs because deleted blobs are retained. You should plan retention periods that balance recovery needs with cost implications. Monitoring soft-deleted objects regularly helps avoid unexpected charges.

Configure snapshots and soft delete for Azure Files

Snapshots for Azure Files provide a read-only, point-in-time version of a file share or individual files. A snapshot captures the state of files at the moment it’s taken, enabling quick restores or backups. Unlike soft delete, which protects against delete operations, snapshots protect against data corruption or unintended overwrites.

You create snapshots through Azure CLI, PowerShell, or the Azure portal in the File share operations. Each snapshot consumes incremental storage based on changes since the last snapshot. You can list and copy snapshots back to the base share or to another location for recovery.

Soft delete for Azure Files works like blob soft delete. When enabled, deleting files or entire shares moves them to a recoverable state for a specified retention period. Use Storage account settings under Data protection to configure retention. During the retention period, you can restore files or snapshots to recover lost or corrupted data.

Combining snapshots and soft delete gives dual protection against both logical errors and accidental deletions. Snapshots guard against data corruption, while soft delete ensures you can recover even if snapshots are accidentally removed. Together, these features enhance data resilience for file-based workloads.

Configure blob lifecycle management

Blob lifecycle management automates data movement and deletion based on customizable rules. You define a policy that evaluates blob properties like last modified or creation date to transition or delete data. This policy runs daily and enforces rules without manual intervention.

A typical lifecycle policy might:

Move blobs older than 30 days to the Cool tier
Archive blobs older than 180 days
Delete blobs older than 365 days

You author these rules in a JSON file and apply them to a storage account using Azure CLI, PowerShell, or the Azure portal. Lifecycle management helps optimize costs by ensuring data is stored in the most appropriate tier over time.

Monitoring and testing your rules is essential to avoid unexpected data loss. Use the Evaluate policy feature in the portal to simulate actions before applying them. Well-designed lifecycle policies reduce administrative overhead and maintain cost-efficient storage.

Configure blob versioning

Blob versioning maintains multiple versions of a blob whenever it is updated or overwritten. Each change creates a new version, providing a history of updates that you can view, list, or restore. Versioning is ideal for protecting against unintentional overwrites and for audit purposes.

Enable versioning at the storage account level through the Data protection settings in the Azure portal or via Azure CLI and PowerShell. Once enabled, every write operation on a blob generates a version ID. You can then:

Retrieve a previous version by specifying its version ID
Permanently delete individual versions or all versions of a blob

Blob versioning works hand-in-hand with soft delete and snapshots to give you comprehensive data protection. You retain both current and historical data, ensuring you can recover from accidental updates or data corruption. Properly managing versioned blobs and retention settings controls storage costs while maximizing data safety.

Conclusion

View Study Guide

Take a free practice quiz