TechWithUtsav

AZ-104 Hands-on Lab Guide

IntermediateLab5 hours4 min read2 May 2026Azure

A practical AZ-104 lab roadmap covering identities, governance, compute, storage, networking, monitoring, and recovery.

What you'll learn

  • Follow a safe sequence of AZ-104 hands-on labs
  • Create and manage common Azure administrator resources
  • Practice the portal, Cloud Shell, Azure CLI, and PowerShell workflows
  • Clean up lab resources to avoid unexpected cost

Relevant for certifications

AZ-104
#azure#az-104#hands-on#labs#administrator

Lab Safety Setup

Use a dedicated sandbox subscription or lab resource group. Before creating resources, set a consistent naming pattern:

Resource group: az104-lab-rg
Region: eastus or your nearest low-cost region
Prefix: az104
Owner tag: your-name
Environment tag: lab

Create the resource group:

az group create \
  --name az104-lab-rg \
  --location eastus \
  --tags Environment=lab Owner=utsav

Warning

Many AZ-104 demos create billable resources. Delete the lab resource group when finished unless you intentionally need the resources for later practice.

  1. Identity and governance: users, groups, RBAC, locks, tags, policy.
  2. Administration tools: portal, Cloud Shell, Azure CLI, PowerShell, ARM/Bicep.
  3. Compute: virtual machines, disks, availability, extensions, containers, App Service.
  4. Storage: storage accounts, blob containers, lifecycle, replication, Azure Files, AzCopy.
  5. Networking: VNets, subnets, NSGs, peering, Bastion, load balancers, DNS, private endpoints.
  6. Monitoring and maintenance: Log Analytics, alerts, action groups, VM insights, backup.

Lab 1: Governance Foundation

  1. Create a resource group named az104-lab-rg.
  2. Add tags: Environment = lab, CostCenter = learning.
  3. Create a Microsoft Entra security group named AZ104-Lab-Operators.
  4. Assign Reader on the subscription to the group.
  5. Assign Contributor on az104-lab-rg to the group.
  6. Create a CanNotDelete lock on the resource group.
  7. Try deleting the resource group and confirm the lock blocks deletion.
  8. Remove the lock before cleanup.

Lab 2: Deploy a Linux VM

  1. Create a VNet az104-vnet with address space 10.40.0.0/16.
  2. Create subnet workload-subnet with prefix 10.40.1.0/24.
  3. Create a Linux VM named az104-linux-01.
  4. Use SSH key authentication.
  5. Allow SSH only from your public IP.
  6. Connect with SSH or Cloud Shell.
  7. Install nginx and verify the local service.
  8. Stop the VM, then deallocate it to stop compute billing.

Lab 3: Attach and Resize a Managed Disk

  1. Create a 32 GiB Premium SSD managed disk in the same region and zone as the VM.
  2. Attach it to az104-linux-01.
  3. On the VM, identify the disk with lsblk.
  4. Partition, format, and mount it to /data.
  5. Add an /etc/fstab entry using the disk UUID.
  6. Resize the managed disk to 64 GiB.
  7. Extend the partition and filesystem.
  8. Reboot and confirm /data still mounts.

Lab 4: Storage Account and Blob Lifecycle

  1. Create a storage account with Standard performance and LRS redundancy.
  2. Create a private container named logs.
  3. Upload test files to logs/.
  4. Enable blob versioning and soft delete.
  5. Create a lifecycle rule that moves blobs under logs/ to Cool after 30 days.
  6. Add a second rule to delete old versions after 90 days.
  7. Test access using the Azure portal and Azure CLI.

Lab 5: Azure Files Share

  1. Create an Azure Files share named shared.
  2. Upload a small test file.
  3. Copy the SMB mount command from the portal.
  4. Mount the share from a Windows VM or Linux VM.
  5. Create a file from the VM and confirm it appears in the portal.
  6. Review share quota and snapshot options.

Lab 6: Secure Networking

  1. Create two subnets: web-subnet and app-subnet.
  2. Create an NSG for each subnet.
  3. Allow HTTP 80 to the web subnet from the internet.
  4. Allow app traffic from the web subnet to the app subnet.
  5. Deny direct inbound app access from the internet.
  6. Use effective security rules on a NIC to validate the final rule set.

Lab 7: Load Balancer

  1. Create two Linux VMs in the same availability set or VM scale set.
  2. Install nginx on both.
  3. Create a Standard public Load Balancer.
  4. Create a backend pool and add both VMs.
  5. Add a health probe on HTTP 80.
  6. Add a load balancing rule for frontend TCP 80 to backend TCP 80.
  7. Browse to the public IP.
  8. Stop nginx on one VM and confirm the health probe removes it from rotation.

Lab 8: Monitoring and Backup

  1. Create a Log Analytics workspace.
  2. Enable VM insights for a test VM.
  3. Create an action group with email notification.
  4. Create a CPU alert for the VM.
  5. Create a Recovery Services vault.
  6. Enable backup for the VM.
  7. Run an on-demand backup.
  8. Confirm the restore point appears in the vault.

Cleanup Checklist

  1. Remove resource locks.
  2. Stop and deallocate VMs.
  3. Delete public IPs, load balancers, NAT gateways, and Bastion hosts.
  4. Delete snapshots, disks, storage accounts, Recovery Services vault items, and backups you no longer need.
  5. Delete az104-lab-rg after confirming nothing important remains.
  1. Creating and Managing Virtual Machines
  2. Managing Virtual Machine Disks
  3. Understanding Azure Storage Accounts
  4. Creating Virtual Networks
  5. Introducing Azure Load Balancer
  6. Azure Monitor

More in Microsoft Azure

AZ-305: Azure Solutions Architect Expert — Study Guide

10-12 weeks

AZ-400: Azure DevOps Engineer Expert — Study Guide

8-10 weeks

AZ-500: Azure Security Engineer Associate — Study Guide

8-10 weeks

Back to Microsoft Azure