πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AZ-104 Domain 3
Domain 3 β€” Module 5 of 7 71%
16 of 27 overall

AZ-104 Study Guide

Domain 1: Manage Azure Identities and Governance

  • Microsoft Entra ID: Your Identity Foundation Free
  • Users, Groups & Licenses Free
  • RBAC: Who Can Do What in Azure Free
  • Subscriptions, Resource Groups & Management Groups Free
  • Azure Policy & Resource Locks Free
  • Tags, Cost Management & Azure Advisor Free

Domain 2: Implement and Manage Storage

  • Storage Accounts & Redundancy
  • Securing Storage: Keys, SAS & Firewalls
  • Blob Containers & Storage Tiers
  • Blob Lifecycle, Versioning & Soft Delete
  • Azure Files: Shares, Snapshots & Recovery

Domain 3: Deploy and Manage Azure Compute Resources

  • ARM Templates & Bicep: Infrastructure as Code
  • Virtual Machines: Create & Configure Free
  • VM Disks, Encryption & Migration
  • Availability Sets, Zones & Scale Sets
  • Containers: ACR, ACI & Container Apps
  • App Service Plans & Scaling
  • App Service: Slots, Certificates & Networking

Domain 4: Implement and Manage Virtual Networking

  • Virtual Networks & Subnets
  • VNet Peering & User-Defined Routes
  • NSGs & Application Security Groups
  • Azure Bastion, Service & Private Endpoints
  • Azure DNS & Load Balancers

Domain 5: Monitor and Maintain Azure Resources

  • Azure Monitor: Metrics & Logs
  • Alerts, Insights & Network Watcher
  • Azure Backup & Vaults
  • Azure Site Recovery & Disaster Recovery

AZ-104 Study Guide

Domain 1: Manage Azure Identities and Governance

  • Microsoft Entra ID: Your Identity Foundation Free
  • Users, Groups & Licenses Free
  • RBAC: Who Can Do What in Azure Free
  • Subscriptions, Resource Groups & Management Groups Free
  • Azure Policy & Resource Locks Free
  • Tags, Cost Management & Azure Advisor Free

Domain 2: Implement and Manage Storage

  • Storage Accounts & Redundancy
  • Securing Storage: Keys, SAS & Firewalls
  • Blob Containers & Storage Tiers
  • Blob Lifecycle, Versioning & Soft Delete
  • Azure Files: Shares, Snapshots & Recovery

Domain 3: Deploy and Manage Azure Compute Resources

  • ARM Templates & Bicep: Infrastructure as Code
  • Virtual Machines: Create & Configure Free
  • VM Disks, Encryption & Migration
  • Availability Sets, Zones & Scale Sets
  • Containers: ACR, ACI & Container Apps
  • App Service Plans & Scaling
  • App Service: Slots, Certificates & Networking

Domain 4: Implement and Manage Virtual Networking

  • Virtual Networks & Subnets
  • VNet Peering & User-Defined Routes
  • NSGs & Application Security Groups
  • Azure Bastion, Service & Private Endpoints
  • Azure DNS & Load Balancers

Domain 5: Monitor and Maintain Azure Resources

  • Azure Monitor: Metrics & Logs
  • Alerts, Insights & Network Watcher
  • Azure Backup & Vaults
  • Azure Site Recovery & Disaster Recovery
Domain 3: Deploy and Manage Azure Compute Resources Premium ⏱ ~12 min read

Containers: ACR, ACI & Container Apps

Not every workload needs a full VM. Containers are lightweight, fast, and perfect for microservices. Learn Azure Container Registry, Container Instances, and Container Apps β€” the three container services an Azure admin needs to know.

Containers vs VMs

β˜• Simple explanation

If a VM is a house (full building with its own plumbing and electricity), a container is an apartment (shares the building’s infrastructure but has its own space).

Containers package your application with everything it needs to run β€” code, libraries, settings β€” but share the host operating system. They start in seconds (not minutes like VMs), use less resources, and are perfect for microservices.

Azure gives you three container services: Container Registry (stores your container images), Container Instances (run containers without managing servers), and Container Apps (run containers with auto-scaling and traffic management).

Containers are lightweight, isolated runtime environments that share the host OS kernel. Unlike VMs, they don’t need a full OS per instance, making them faster to start (seconds vs minutes) and more resource-efficient. Azure provides three primary container services for AZ-104 scope: Azure Container Registry (ACR) for image storage, Azure Container Instances (ACI) for serverless container execution, and Azure Container Apps (ACA) for managed container orchestration with built-in scaling.

Azure Container Registry (ACR)

ACR is a private Docker container registry β€” a storage service for your container images.

SKUFeaturesStorageUse Case
BasicCore features, limited throughput10 GBDev/test, personal projects
StandardIncreased throughput and storage100 GBMost production workloads
PremiumGeo-replication, private link, content trust500 GBEnterprise, multi-region deployments

Key operations:

  • az acr create β€” create a registry
  • az acr build β€” build an image in the cloud (no local Docker needed)
  • docker push myregistry.azurecr.io/myapp:v1 β€” push an image
  • docker pull myregistry.azurecr.io/myapp:v1 β€” pull an image

Azure Container Instances (ACI)

ACI is the simplest way to run a container in Azure β€” no VMs, no orchestrator, no cluster management. Just run a container.

Key features:

  • Starts in seconds
  • Per-second billing
  • Supports both Linux and Windows containers
  • Container groups β€” multiple containers sharing resources (like a Kubernetes pod)
  • Can mount Azure Files for persistent storage

Limitations: No auto-scaling, no built-in load balancing, no traffic splitting. For those, use Container Apps.

Azure Container Apps (ACA)

ACA is a managed container platform built on Kubernetes (but you don’t manage Kubernetes). It adds the features ACI lacks.

Key features:

  • Auto-scaling β€” scale based on HTTP traffic, CPU, memory, or event-driven (KEDA)
  • Scale to zero β€” no instances running = no compute cost
  • Revision management β€” deploy new versions alongside old ones
  • Traffic splitting β€” route percentage of traffic to different revisions (canary deployments)
  • Built-in ingress β€” HTTPS endpoints without configuring a load balancer
Container Instances vs Container Apps
FeatureACI (Container Instances)ACA (Container Apps)
Best forSimple tasks, batch jobs, testingWeb apps, APIs, microservices
Auto-scalingNoYes (HTTP, CPU, memory, events)
Scale to zeroNo (minimum 1 instance)Yes
Load balancingNo (manual)Yes (built-in ingress)
Traffic splittingNoYes (canary deployments)
PricingPer-second (vCPU + memory)Per-second + scale to zero
πŸ’‘ Exam tip: ACI vs ACA decision

The exam loves asking when to use ACI vs ACA. Simple rule: ACI for simple, short-lived tasks (batch processing, build agents, quick scripts). ACA for web apps and APIs that need scaling, load balancing, and traffic management. If the question mentions β€œauto-scale” or β€œmicroservices,” it’s ACA.

Question

What is Azure Container Registry (ACR) used for?

Click or press Enter to reveal answer

Answer

ACR is a private Docker container registry that stores and manages container images. It integrates with ACI, ACA, AKS, and other container services. Premium SKU adds geo-replication and private link support.

Click to flip back
Question

What is the key advantage of Azure Container Apps over Container Instances?

Click or press Enter to reveal answer

Answer

Container Apps provides auto-scaling (including scale to zero), built-in load balancing, traffic splitting between revisions, and event-driven scaling via KEDA. Container Instances lacks all these features β€” it's simpler but less capable for production web workloads.

Click to flip back
Question

What are the three ACR SKUs and when would you use Premium?

Click or press Enter to reveal answer

Answer

Basic (dev/test, 10 GB), Standard (production, 100 GB), Premium (enterprise, 500 GB). Use Premium when you need geo-replication (multi-region image availability), private link (no public endpoint), or content trust (signed images). Most production workloads use Standard.

Click to flip back
Real-world: Meridian Financial's container architecture

Meridian Financial runs their customer-facing API on Azure Container Apps with:

  • ACR Premium with geo-replication (UK South + UK West) for fast pulls in both regions
  • 3 microservices as separate Container Apps, each auto-scaling independently
  • Scale to zero enabled on the reporting service (only used during business hours)
  • Traffic splitting β€” 90% to current revision, 10% to the new version for canary testing
  • Revision mode: multiple β€” both old and new versions run simultaneously during deployments

Total monthly cost: ~60% less than their previous VM-based setup, with better scaling.

Knowledge check

Knowledge Check

CloudFirst Labs needs to deploy a web API that auto-scales based on HTTP traffic and can scale to zero when idle to save costs. Which service should they use?
Knowledge Check

TechCorp needs to run a nightly batch job that processes CSV files and exits when done. The job runs for about 10 minutes. Which container service is most appropriate?

🎬 Video coming soon

← Previous

Availability Sets, Zones & Scale Sets

Next β†’

App Service Plans & Scaling

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.