Welcome to the training hub for preparing for the AZ-500 Microsoft Azure Security Technologies Exam. Whether you're aiming for certification or deepening your Azure security knowledge, this guide is packed with the best tools, links, and tips to set you up for success.
π New to this repo? Check out the Getting Started Guide for navigation help!
π Looking for the course plan? View the AZ-500 Crash Course Plan!
Last updated: March 18, 2025
This crash course is structured into 4 segments, each approximately 1 hour:
-
Secure Identity and Access (15-20%)
- Microsoft Entra ID management, MFA, Conditional Access
- Role assignments, custom roles, Privileged Identity Management
- Application access and managed identities
-
Secure Networking (20-25%)
- NSGs, ASGs, Virtual Network Manager, UDRs
- Private access via Service Endpoints and Private Link
- Public access security with Azure Firewall, Front Door, WAF
-
Secure Compute, Storage, and Databases (20-25%)
- VM and container security (AKS, ACI, ACA)
- Storage security, access control, and encryption
- SQL Database and Managed Instance security
-
Defender for Cloud and Microsoft Sentinel (30-35%)
- Cloud governance policies and Key Vault
- Security posture management with Defender for Cloud
- Threat protection and security monitoring
π‘ See the full detailed course plan for complete information!
Skills measured as of January 31, 2025
- Secure identity and access (15β20%)
- Secure networking (20β25%)
- Secure compute, storage, and databases (20β25%)
- Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel (30β35%)
As an Azure security engineer, you implement, manage, and monitor security for resources in Azure, multi-cloud, and hybrid environments as part of an end-to-end infrastructure. You implement and manage security components and configurations using Microsoft Defender for Cloud and other tools, ensuring infrastructure aligns with standards and best practices such as the Microsoft Cloud Security Benchmark (MCSB).
- Managing security posture
- Implementing threat protection
- Identifying and remediating vulnerabilities
- Implementing regulatory compliance controls
- Practical experience in administration of Microsoft Azure and hybrid environments
- Strong familiarity with Microsoft Entra ID, as well as compute, network, and storage in Azure
- Manage Azure built-in role assignments
- Manage custom roles, including Azure roles and Microsoft Entra roles
- Implement and manage Microsoft Entra Permissions Management
- Plan and manage Azure resources in Microsoft Entra Privileged Identity Management, including settings and assignments
- Implement multi-factor authentication (MFA) for access to Azure resources
- Implement Conditional Access policies for cloud resources in Azure
- Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants
- Manage Microsoft Entra app registrations
- Configure app registration permission scopes
- Manage app registration permission consent
- Manage and use service principals
- Manage managed identities
- Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs)
- Manage virtual networks by using Azure Virtual Network Manager
- Plan and implement user-defined routes (UDRs)
- Plan and implement Virtual Network peering or VPN gateway
- Plan and implement Virtual WAN, including secured virtual hub
- Secure VPN connectivity, including point-to-site and site-to-site
- Implement encryption over ExpressRoute
- Configure firewall settings on Azure resources
- Monitor network security by using Network Watcher
- Plan and implement virtual network Service Endpoints
- Plan and implement Private Endpoints
- Plan and implement Private Link services
- Plan and implement network integration for Azure App Service and Azure Functions
- Plan and implement network security configurations for an App Service Environment (ASE)
- Plan and implement network security configurations for an Azure SQL Managed Instance
- Plan and implement Transport Layer Security (TLS) to applications, including Azure App Service and API Management
- Plan, implement, and manage an Azure Firewall, including Azure Firewall Manager and firewall policies
- Plan and implement an Azure Application Gateway
- Plan and implement an Azure Front Door, including Content Delivery Network (CDN)
- Plan and implement a Web Application Firewall (WAF)
- Recommend when to use Azure DDoS Protection Standard
- Plan and implement remote access to virtual machines, including Azure Bastion and just-in-time (JIT)
- Configure network isolation for Azure Kubernetes Service (AKS)
- Secure and monitor AKS
- Configure authentication for AKS
- Configure security monitoring for Azure Container Instances (ACIs)
- Configure security monitoring for Azure Container Apps (ACAs)
- Manage access to Azure Container Registry (ACR)
- Configure disk encryption, including Azure Disk Encryption (ADE), encryption at host, and confidential disk encryption
- Recommend security configurations for Azure API Management
- Configure access control for storage accounts
- Manage storage account access keys
- Select and configure an appropriate method for access to Azure Files
- Select and configure an appropriate method for access to Azure Blob Storage
- Select and configure appropriate methods for protecting against data security threats, including soft delete, backups, versioning, and immutable storage
- Configure Bring your own key (BYOK)
- Enable double encryption at the Azure Storage infrastructure level
- Enable Microsoft Entra database authentication
- Enable database auditing
- Plan and implement dynamic masking
- Implement Transparent Data Encryption (TDE)
- Recommend when to use Azure SQL Database Always Encrypted
- Create, assign, and interpret policies and initiatives in Azure Policy
- Configure Azure Key Vault network settings
- Configure access to Key Vault, including vault access policies and Azure Role Based Access Control
- Manage certificates, secrets, and keys
- Configure key rotation
- Perform backup and recovery of certificates, secrets, and keys
- Implement security controls to protect backups
- Implement security controls for asset management
- Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory
- Assess compliance against security frameworks by using Microsoft Defender for Cloud
- Manage compliance standards in Microsoft Defender for Cloud
- Add custom standards to Microsoft Defender for Cloud
- Connect hybrid cloud and multi-cloud environments to Microsoft Defender for Cloud, including Amazon Web Services (AWS) and Google Cloud Platform (GCP)
- Implement and use Microsoft Defender External Attack Surface Management (EASM)
- Enable workload protection services in Microsoft Defender for Cloud
- Configure Microsoft Defender for Servers, Microsoft Defender for Databases, and Microsoft Defender for Storage
- Implement and manage agentless scanning for virtual machines in Microsoft Defender for Servers
- Implement and manage Microsoft Defender Vulnerability Management for Azure virtual machines
- Connect to and configure settings in Microsoft Defender for Cloud DevOps Security, including GitHub, Azure DevOps, and GitLab
- Manage and respond to security alerts in Microsoft Defender for Cloud
- Configure workflow automation by using Microsoft Defender for Cloud
- Monitor network security events and performance data by configuring data collection rules (DCRs) in Azure Monitor
- Configure data connectors in Microsoft Sentinel
- Enable analytics rules in Microsoft Sentinel
- Configure automation in Microsoft Sentinel
- AZ-500 Exam Page
- AZ-500 Study Guide (2025)
- Exam Registration (Microsoft/Pearson VUE)
- AZ-500 Free Practice Assessment
- Microsoft Learning AZ-500 Labs
- Official Microsoft Learning Path
- MeasureUp AZ-500 Practice Exams
Structured learning paths to master all exam skills:
- Manage identity and access
- Implement platform protection
- Manage security operations
- Secure Azure services and workloads
- Configure security for hybrid environments
- Microsoft Defender for Cloud Implementation
Expert guidance for implementing robust Azure security:
Essential tools to follow along and practice efficiently:
Learn through hands-on experience:
- Lab Environment Setup Guide - Start here to prepare for labs!
- Microsoft Security Assessment
- Microsoft Defender for Cloud Workflow Automation
- Microsoft Secure Score
- Attack Surface Reduction Rules
- Azure Free Account
- Microsoft Learn Sandbox Environments
Validate your knowledge before the real exam:
Expand your Microsoft security credentials:
- SC-100: Microsoft Cybersecurity Architect
- SC-200: Microsoft Security Operations Analyst
- SC-300: Microsoft Identity and Access Administrator
- SC-400: Microsoft Information Protection Administrator
- CompTIA Security+
- CISSP (Certified Information Systems Security Professional)
- CCSP (Certified Cloud Security Professional)
- CISM (Certified Information Security Manager)
- Microsoft Zero Trust Implementation Guide
- Azure Zero Trust Network Architecture
- Zero Trust Deployment Center
Connect with security professionals:
- Microsoft Security Community
- Azure Security Podcast
- Microsoft Security Blog
- Microsoft Defender for Cloud GitHub Repository
- Microsoft Security YouTube Channel
This README is designed for maximum utility and easy navigation. If you have suggestions or corrections, feel free to reach out via the contact information above. Best of luck on your AZ-500 journey!