Azure · AZ-104

Operational Excellence — Azure Administrator (AZ-104)

6%of exam questions (12 of 200)

Monitoring depth and operational overhead pull in opposite directions

The exam surfaces this tension with constraints like "minimal configuration," "without deploying agents," or "existing Log Analytics workspace." Application Insights is deep but requires SDK instrumentation. Azure Monitor metrics are broader but shallower. Activity Log captures control-plane operations, not application behavior. Azure Policy enforces configuration drift, not runtime health. The wording in the scenario tells you which observability layer the question is testing — read the constraint before selecting the service.

What This Pattern Tests

Azure operational excellence questions test whether you automate operations with Azure-native tools. Azure Pipelines with YAML definitions provide version-controlled CI/CD. Azure Policy enforces resource configuration standards (require tags, restrict VM sizes, mandate encryption). Azure Automation runbooks handle routine tasks like VM patching, certificate rotation, and resource cleanup. For AZ-400, the focus is on combining Azure Boards for work tracking, Azure Repos for source control, and Azure Pipelines for build/release into a unified DevOps workflow. Azure Monitor action groups trigger Logic Apps or Azure Functions for automated incident response. The trap is building custom scripts on VMs when Azure Automation, Logic Apps, or Azure Functions provide managed alternatives.

Decision Axis

Manual scripts vs. managed automation services. Azure rewards declarative, policy-driven operations over imperative scripts.

Associated Traps

Near-Right Architecture (8)Front Door with session affinity or Traffic Manager with Application Gateway? Both go global — only one handles WebSockets.Over-Provisioning (4)Premium Blob Storage for application logs accessed once a year. Standard Hot with lifecycle policies costs 80% less.

More Top Traps on This Exam

Operational Complexity Underestimation · 28%Azure VMs with load balancers, auto-scaling rules, and custom monitoring — for a standard web API that App Service handles out of the box.

Decision Rules

When the scenario explicitly requires packet capture, hop-level path tracing, or connection-path diagnosis — not just metric dashboards — Azure Network Watcher satisfies signal-completeness; Azure Monitor Insights does not.

Azure Network WatcherAzure Monitor Insights

Whether a targeted Azure Monitor metric alert rule on the storage throttling metric satisfies signal-completeness at lower cost, or whether full Azure Monitor Insights for Storage (Log Analytics workspace plus all diagnostic categories) is required to meet the alerting SLA.

Azure MonitorAzure Monitor InsightsAzure Storage Accounts

Whether to apply a performance-visualization tool (Azure Monitor Insights) or a network-diagnostic tool (Azure Network Watcher) when metric dashboards are clean but network-layer connectivity failures persist — the deciding constraint is diagnostic depth at the packet and flow level, not metric surface area.

Azure Network WatcherAzure Monitor Insights

Domain Coverage

Monitor and Maintain Azure Resources

Difficulty Breakdown

Easy: 4Medium: 8

Build recognition speed →

See all AZ-104 patterns →