The Ultimate

AZ-104 Exam Prep Guide

Resource links, reading, video, and training resources

Version: 1.0
Date: January 7, 2021
Author: Pete Zerger, CISSP, MVP
Contents
Introduction ......................................................................................................................................3
FREEE AZ-104 Exam Training Resources ..............................................................................................3
Quick Exam Strategy Guidance ...........................................................................................................3
Lab setup ...........................................................................................................................................3
What to expect on the exam ..............................................................................................................3
Should I just use a practice exam? ......................................................................................................3
Domain 1: Manage Azure identities and governance (15-20%) ............................................................5
1. Manage Azure AD objects ................................................................................................................. 5
2. Manage role-based access control (RBAC) ....................................................................................... 6
3. Manage subscriptions and governance ............................................................................................ 6
Domain 2: Implement and manage storage (10-15%) ..........................................................................8
1. Manage storage accounts ................................................................................................................. 8
2. Manage data in Azure Storage .......................................................................................................... 9
3. Configure Azure files and Azure blob storage................................................................................... 9
Domain 3: Deploy and manage Azure compute resources (25-30%) ................................................... 11
1. Configure VMs for high availability and scalability ............................................................................. 11
2. Automate deployment and configuration of VMs .......................................................................... 11
3. Create and configure VMs .............................................................................................................. 12
4. Create and configure containers..................................................................................................... 12
5. Create and configure Web Apps ..................................................................................................... 13
Domain 4: Configure and manage virtual networking (30-35%) ......................................................... 14
1. Implement and manage virtual networking ................................................................................... 14
2. Configure name resolution ............................................................................................................. 14
3. Secure access to virtual networks................................................................................................... 15
4. Configure load balancing ................................................................................................................ 15
5. Monitor and troubleshoot virtual networking................................................................................ 16
6. Integrate an on-premises network with an Azure virtual network ................................................ 17
Domain 5: Monitor and back up Azure resources (10-15%) ................................................................ 18
1. Monitor resources by using Azure Monitor .................................................................................... 18
2. Implement backup and recovery .................................................................................................... 18
Conclusion ....................................................................................................................................... 19
Introduction
This guide includes Microsoft documentation and study resources for skills tested in all four domains of
the AZ-104 exam, including exam updates effective January 27, 2021, which are highlighted in red. If
you follow the recommendations in this guide, including reading, video, and some hands-on practice, I
am confident you will be ready to crush it on exam day! While I can share with you the material that will
enable you to ensure you are well-prepared, I am forbidden from sharing details of the exam itself.
Therefore, my focus is to help you prepare quickly and effectively for anything you might encounter.

IMPORTANT: This guide includes links to FREE hands-on lab exercises

from MS Learn within the areas of the skills measured they support!

FREEE AZ-104 Exam Training Resources

You can find FREE self-paced, hands-on training from Microsoft, which includes FREE Azure access for
hands on labs using a feature called Azure Sandbox. This free training is available at the URL below.

https://docs.microsoft.com/en-us/learn/certifications/exams/az-104?tab=tab-learning-paths

Quick Exam Strategy Guidance

You will find more and more Azure tutorials and Microsoft exam prep videos on our “Inside Azure
Management” YouTube channel over time. Be sure to Subscribe and get notifications.

Lab setup
To get the most from this guide you need the following trial subscriptions or equivalent access:
• An Azure subscription
• Azure AD Premium

If you are missing any of the above, do not worry. There is ample reading and learning material, as well
as several free video links throughout this guide.

What to expect on the exam

There are a few things that will help you better prepare for the exam:
• Plan for 3 ½ hours (210 minutes). The exam is 180 minutes, with up to 30 minutes for various
surveys and exam tutorial items. HOWEVER, with adaptive exams being the norm, you may well
finish much sooner if you are well-prepared.
• Know the solutions hands-on. On Microsoft associate-level certification exams like this one, you
may encounter simulations on the exam that test your knowledge of feature configuration.

I hate to state the obvious, but it bears repeating. Remember to get plenty of rest the night before the
exam. For a potentially long exam experience, you want to have a clear head.

Should I just use a practice exam?

Practice exams can help you determine where you need to focus your study time. You can find AZ-104
practice exam material in a few places, including Udemy.com, WhizLabs, and LinkedIn

AZ-104 Exam Prep Back to ToC 3|Page

Now let’s get started.

AZ-104 Exam Prep Back to ToC 4|Page

Domain 1: Manage Azure identities and governance (15-20%)
Back to ToC

This domain is all about managing identity and access in Azure. You will want EMS E5, which includes
Azure AD Plan 2 and all the advanced features covered in this domain. Links to relevant reading,
tutorials, and training for each skill tested are listed below.

1. Manage Azure AD objects

1. Create users and groups

• Create a basic group and add members using Azure Active Directory
• Manage Microsoft Azure AD users
• LAB EXERCISE - Add and delete users in Azure Active Directory
• LAB EXERCISE - Assign users to Azure Active Directory groups

2. Manage user and group properties

• Edit your group information using Azure Active Directory

3. Manage device settings

• Manage device identities using the Azure portal

4. Perform bulk user updates

• Bulk create users in Azure Active Directory

• Bulk add group members in Azure Active Directory

5. Manage guest accounts

• Quickstart: Add guest users to your directory in the Azure portal

• LAB EXERCISE - Give guest users access in Azure Active Directory B2B

6. Configure Azure AD Join

• Join your work device to your organization's network

• Tutorial: Configure hybrid Azure Active Directory join for managed domains
• Tutorial: Create and configure an Azure Active Directory Domain Services managed domain

AZ-104 Exam Prep Back to ToC 5|Page

 7. Configure Self-Service Password Reset

• Tutorial: Enable users to unlock their account or reset passwords using Azure Active
Directory self-service password reset
• How does self-service password reset writeback work in Azure Active Directory?
• VIDEO: How to configure self-service password reset for users in Windows Azure AD
• LAB EXERCISE - Set up self-service password reset

2. Manage role-based access control (RBAC)

1. Create a custom role

• Create or update Azure custom roles using the Azure portal

• Create and assign a custom role in Azure Active Directory
• Tutorial: Create an Azure custom role using Azure PowerShell
• LAB EXERCISE - Create an Azure custom role
• LAB EXERCISE - View and manage an Azure custom role

2. Provide access to Azure resource by assigning roles

• Tutorial: Grant a user access to Azure resources using the Azure portal
• Tutorial: Grant a group access to Azure resources using Azure PowerShell
• LAB EXERCISE - Grant access using Azure RBAC and the Azure portal

3. Interpret access assignments

• Quickstart: View the access a user has to Azure resources
• List Azure role assignments using the Azure portal
• Understand Azure deny assignments
• LAB EXERCISE - List access using Azure RBAC and the Azure portal
• LAB EXERCISE - View activity logs for Azure RBAC changes

4. Manage multiple directories

• Understand how multiple Azure Active Directory organizations interact
• How Azure subscriptions are associated with Azure AD

3. Manage subscriptions and governance

1. Configure Azure policies

AZ-104 Exam Prep Back to ToC 6|Page

 • What is Azure Policy?
• Recommended policies for Azure services
• LAB EXERCISE - Restrict deployments to a specific location by using Azure Policy

2. Configure resource locks

• Lock resources to prevent unexpected changes
• LAB EXERCISE - Protect a storage account from accidental deletion by using a
resource lock

3. Apply tags
• Use tags to organize your Azure resources and management hierarchy
• Tutorial: Manage tag governance with Azure Policy

4. Create and manage resource groups

• Manage Azure Resource Manager resource groups by using the Azure portal
• Manage Azure Resource Manager resource groups by using Azure CLI
• Manage Azure Resource Manager resource groups by using Azure PowerShell

5. Manage subscriptions
• Use multiple Azure subscriptions
• Organize and manage multiple Azure subscriptions

6. Configure Cost Management

• What is Azure Cost Management + Billing?
• Manage costs with automation
• LAB EXERCISE - Predict and optimize with Cost Management and Azure Advisor

7. Configure management groups

• What are Azure management groups?

AZ-104 Exam Prep Back to ToC 7|Page

Domain 2: Implement and manage storage (10-15%)
Back to ToC

This domain is focuses on configuration and management of Azure storage. To get the hands-on
experience you need for the exam will require an Azure subscription.

1. Manage storage accounts

1. Configure network access to storage accounts

• Configure Azure Storage firewalls and virtual networks
• Tutorial: Connect to a storage account using an Azure Private Endpoint

2. Create and configure storage accounts

• Create a storage account
• LAB EXERCISE - Create a storage account using the Azure portal

3. Generate shared access signature

• Getting Started with Shared Access Signatures (SAS)
• Grant limited access to Azure Storage resources using shared access signatures (SAS)
• Exercise - Use shared access signatures to delegate access to Azure Storage
• Exercise - Use stored access policies to delegate access to Azure Storage

4. Manage access keys

• Manage storage account access keys
• Manage storage account keys with Key Vault and the Azure CLI
• Manage storage account keys with Key Vault and Azure PowerShell

5. Implement Azure storage replication

• Object replication for block blobs
• Deploy Azure File Sync
• LAB EXERCISE - View replication status
• LAB EXERCISE - Fail over to secondary location

6. Configure Azure AD Authentication for a storage account

• Authorize access to blobs and queues using Azure Active Directory

AZ-104 Exam Prep Back to ToC 8|Page

2. Manage data in Azure Storage

1. Export from Azure job

• What is Azure Import/Export service?
• View the status of Azure Import/Export jobs
• Reviewing Azure Import/Export job status with copy log files

2. Import into Azure job

• What is Azure Import/Export service?
• View the status of Azure Import/Export jobs
• Reviewing Azure Import/Export job status with copy log files

3. Install and use Azure Storage Explorer

• Get started with Storage Explorer
• Use Azure Storage Explorer to manage Azure managed disks

4. Copy data by using AZCopy

• Get started with AzCopy
• Transfer data with AzCopy and file storage

3. Configure Azure files and Azure blob storage

1. Create an Azure file share

• Create an Azure file share
• Quickstart: Create and manage Azure Files share with Windows virtual machines
• LAB EXERCISE - Create and connect to an Azure Files share
• LAB EXERCISE - Secure access to files stored in Azure Files
• LAB EXERCISE - Troubleshoot Azure File Sync

2. Create and configure Azure File Sync service

• Deploy Azure File Sync

3. Configure Azure blob storage

AZ-104 Exam Prep Back to ToC 9|Page

 • Quickstart: Upload, download, and list blobs with the Azure portal
• Configure Azure Storage connection strings

4. Configure storage tiers for Azure blobs

• Access tiers for Azure Blob Storage - hot, cool, and archive
• Performance tiers for block blob storage

5. Configure blob lifecycle management

• Azure Blob Storage lifecycle management generally available
• Optimize costs by automating Azure Blob Storage access tiers

6. Configure blob object replication

• Configure object replication for block blobs
• Object replication for block blobs

AZ-104 Exam Prep Back to ToC 10 | P a g e

Domain 3: Deploy and manage Azure compute resources (25-30%)
Back to ToC

This domain focuses on Azure VM, container, and web (App Service) workloads.

1. Configure VMs for high availability and scalability

1. Configure high availability

• Availability options for virtual machines in Azure
• Tutorial: Create and deploy highly available virtual machines with Azure PowerShell
• Tutorial: Create and deploy highly available virtual machines with the Azure CLI

2. Deploy and configure scale sets

• Quickstart: Create a virtual machine scale set in the Azure portal
• Quickstart: Create a virtual machine scale set with the Azure CLI
• Quickstart: Create a virtual machine scale set with Azure PowerShell
• Quickstart: Create a Windows virtual machine scale set with an ARM template

2. Automate deployment and configuration of VMs

1. Modify Azure Resource Manager (ARM) template

• Quickstart: Create and deploy ARM templates by using the Azure portal

2. Configure VHD template

• Prepare and customize a master VHD image
• LAB EXERCISE - Create an image of an Azure VM from the Azure CLI and provision a new VM

3. Deploy from template

• Tutorial: Create and deploy your first ARM template

4. Save a deployment as an ARM template

• Tutorial: Use exported template from the Azure portal

5. Automate configuration management by using custom script extensions

• Custom Script Extension for Windows

AZ-104 Exam Prep Back to ToC 11 | P a g e

3. Create and configure VMs

1. Configure Azure Disk Encryption

• Azure Disk Encryption for virtual machines and virtual machine scale sets
• Azure Disk Encryption for Windows VMs
• LAB EXERCISE - Encrypt existing VM disks
• LAB EXERCISE - Use a Resource Manager template to decrypt the VM

2. Move VMs from one resource group to another

• Move a Windows VM to another Azure subscription or resource group

3. Manage VM sizes

• Virtual machine sizing guidelines

• LAB EXERCISE - Sizing VMs properly

4. Add data discs

• Attach a managed data disk to a Windows VM by using the Azure portal

• Attach a data disk to a Windows VM with PowerShell
• LAB EXERCISE - Resize a VM disk

5. Configure networking

• Configure the network for your virtual machines

6. Redeploy VMs

• Redeploy Windows virtual machine to new Azure node

• Redeploy Linux virtual machine to new Azure node

4. Create and configure containers

1. Create and configure Azure Kubernetes Service (AKS)

• Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal
• Quickstart: Deploy an Azure Kubernetes Service cluster using the Azure CLI
• LAB EXERCISE - Deploy Kubernetes with Azure Kubernetes Service

AZ-104 Exam Prep Back to ToC 12 | P a g e

 • LAB EXERCISE - Create a private, highly available container registry
• LAB EXERCISE - Deploy the ratings front end
• LAB EXERCISE - Deploy an ingress for the front end
• LAB EXERCISE - Enable SSL/TLS on the front-end ingress

2. Create and configure Azure Container Instances (ACI)

• Deploy a model to Azure Container Instances
• LAB EXERCISE - Run Azure Container Instances
• LAB EXERCISE - Troubleshoot Azure Container Instances

5. Create and configure Web Apps

1. Create and configure App Service

• Configure an App Service app in the Azure portal
• Create an App Service Environment
• LAB EXERCISE - Create web sites

2. Create and configure App Service Plans

• Azure App Service plan overview

AZ-104 Exam Prep Back to ToC 13 | P a g e

Domain 4: Configure and manage virtual networking (30-35%)
Back to ToC

This domain is focuses on Azure virtual network configuration and troubleshooting, including Azure DNS
for name resolution.

1. Implement and manage virtual networking

1. Create and configure VNET peering

• Configure virtual network peering

• Create, change, or delete a virtual network peering
• LAB EXERCISE - Configure virtual network peering connections by using Azure CLI
commands
• LAB EXERCISE - Verify virtual network peering by using SSH between Azure virtual
machines

2. Configure private and public IP addresses, network routes, network interface, subnets,
and virtual network

• Add, change, or remove IP addresses for an Azure network interface

• Manage public IP addresses
• LAB EXERCISE - Configure network settings

2. Configure name resolution

1. Configure Azure DNS

• Quickstart: Create an Azure DNS zone and record using the Azure portal
• Quickstart: Create an Azure DNS zone and record using Azure PowerShell
• Quickstart: Create an Azure DNS zone and record using Azure CLI
• Quickstart: Create an Azure DNS zone and record using an ARM template
• LAB EXERCISE - Create a DNS zone and an A record by using Azure DNS

2. Configure custom DNS settings

• Use Azure DNS to provide custom domain settings for an Azure service

3. Configure a private or public DNS zone

AZ-104 Exam Prep Back to ToC 14 | P a g e

 • Quickstart: Create an Azure DNS zone and record using the Azure portal
• Quickstart: Create an Azure private DNS zone using the Azure portal

3. Secure access to virtual networks

1. Create security rules

• Work with security rules

2. Associate an NSG to a subnet or network interface

• Associate or dissociate a network security group to or from a subnet or network interface

3. Evaluate effective security rules

• Diagnose a virtual machine network traffic filter problem

• Introduction to Effective security rules view in Azure Network Watcher

4. Deploy and configure Azure Firewall

• Tutorial: Deploy and configure Azure Firewall using the Azure portal
• Deploy and configure Azure Firewall using Azure PowerShell
• Deploy and configure Azure Firewall using Azure CLI

5. Deploy and configure Azure Bastion Service

• Tutorial: Configure Bastion and connect to a Windows VM through a browser

• LAB EXERCISE – Connect to a virtual machine by using Azure Bastion
• LAB EXERCISE - Enable diagnostic logs and monitor remote sessions

4. Configure load balancing

1. Configure Application Gateway

• Application Gateway configuration overview

• LAB EXERCISE - Create and configure an Application Gateway
• LAB EXERCISE - Test your Application Gateway

AZ-104 Exam Prep Back to ToC 15 | P a g e

 2. Configure an internal load balancer

• Configure an application gateway with an internal load balancer (ILB) endpoint

• Quickstart: Create an internal load balancer to load balance VMs using the Azure portal

3. Configure load balancing rules

• Add load-balancing rule for distributed availability group

• Outbound rules Azure Load Balancer
4. Configure a public load balancer

• Quickstart: Create a public load balancer to load balance VMs using the Azure portal

5. Troubleshoot load balancing

• Troubleshoot Azure Load Balancer

5. Monitor and troubleshoot virtual networking

1. Monitor on-premises connectivity

• Create a monitor in Connection Monitor by using the Azure portal

• Network Connectivity Monitoring with Connection Monitor

2. Use Network Performance Monitor

• Network Performance Monitor solution: Performance monitoring

• Network Performance Monitor solution in Azure

3. Use Network Watcher

• What is Azure Network Watcher?

• LAB EXERCISE - Troubleshoot a network by using Network Watcher monitoring and
diagnostic tools
• LAB EXERCISE - Troubleshoot a network by using Network Watcher metrics and logs

4. Troubleshoot external networking

• Azure VM cannot connect to the internet

• Troubleshooting: An Azure site-to-site VPN connection cannot connect and stops working

AZ-104 Exam Prep Back to ToC 16 | P a g e

 5. Troubleshoot virtual network connectivity

• Troubleshooting connectivity problems between Azure VMs

• Troubleshoot connections with Azure Network Watcher using the Azure portal

6. Integrate an on-premises network with an Azure virtual network

1. Create and configure Azure VPN Gateway

• Tutorial: Create and manage a VPN gateway using Azure portal

• LAB EXERCISE - Create an Azure VPN gateway
• LAB EXERCISE - Create a site-to-site VPN gateway by using Azure CLI commands

2. Create and configure VPNs

• Tutorial: Create a Site-to-Site connection in the Azure portal

3. Configure ExpressRoute

• ExpressRoute connectivity models

• Quickstart: Create and modify an ExpressRoute circuit

4. Configure Azure Virtual WAN

• Tutorial: Create a Site-to-Site connection using Azure Virtual WAN

• How to configure virtual hub routing

AZ-104 Exam Prep Back to ToC 17 | P a g e

Domain 5: Monitor and back up Azure resources (10-15%)
Back to ToC

This domain is focuses on Azure virtual network configuration and troubleshooting, including Azure DNS
for name resolution.

1. Monitor resources by using Azure Monitor

1. Configure and interpret metrics

• Getting started with Azure Metrics Explorer
• Troubleshooting metrics charts

2. Configure Log Analytics

• Create a Log Analytics workspace in the Azure portal
• Tutorial: Configure the log analytics wizard

3. Query and analyze logs

• Log Analytics tutorial

4. Set up alerts and actions

• Respond to events with Azure Monitor Alerts

• Create, view, and manage log alerts using Azure Monitor

5. Configure Application Insights

• What is Application Insights?

• What does Application Insights monitor?
• Get started with Application Insights

2. Implement backup and recovery

1. Configure and review backup reports

• Configure Azure Backup reports

2. Perform backup and restore operations by using Azure Backup

• Back up a virtual machine in Azure

AZ-104 Exam Prep Back to ToC 18 | P a g e

 • Restore files to a virtual machine in Azure

3. Create a Recovery Services Vault

• Create and configure a Recovery Services vault

4. Create and configure backup policy

• Create a new backup policy

5. Perform site-to-site recovery using Azure Site Recovery

• Fail over and fail back physical servers replicated to Azure

• Do a test failover and failover

Conclusion
I hope you have found this guide valuable. Have an exam tip you’d like to see included in this
document? Provide feedback on LinkedIn or connect with me on Twitter at @pzerger.

AZ-104 Exam Prep Back to ToC 19 | P a g e