AZ-500: Microsoft Azure Security Technologies
Posted in Azure Security Engineer Associate
AZ-500: Microsoft Azure Security Technologies is part of the requirements for the Microsoft Certified: Azure Security Engineer Associate
Exam requirements
The official exam document are published here: https://www.microsoft.com/en-us/learning/exam-AZ-500.aspx
Exam preparation
No exam preparation video added yet.
Books covering the exam
No book added yet.
Video training for the exam
Microsoft Partner Network
- AZ-500: Microsoft Azure Security Technologies
https://partner.microsoft.com/en-us/training/assets/collection/az-500-microsoft-azure-security-technologies#/
PluralSight
- AZ-500: Microsoft Azure Security Engineer
https://app.pluralsight.com/paths/skills/microsoft-azure-security-engineer-az-500 - Managing Identities in Microsoft Azure Active Directory
https://www.pluralsight.com/courses/microsoft-azure-active-directory-managing-identities - Microsoft Azure Hybrid Identity – Overview
https://www.pluralsight.com/courses/microsoft-azure-hybrid-identity-overview - Implementing Managed Identities for Microsoft Azure Resources
https://www.pluralsight.com/courses/microsoft-azure-resources-managed-identities-implementing - Implementing and Managing Microsoft Azure Multi-factor Authentication
https://www.pluralsight.com/courses/microsoft-azure-multi-factor-authentication-implementing-managing - Implementing Microsoft Azure Privileged Identity Management
https://www.pluralsight.com/courses/microsoft-azure-privileged-identity-management-implementing - Managing Microsoft Azure Role Based Access Control
https://www.pluralsight.com/courses/microsoft-azure-role-based-access-control-managing - Securing Microsoft Azure Data Access Endpoints
https://www.pluralsight.com/courses/microsoft-azure-data-access-endpoints-securing - Securing Access to Microsoft Azure Databases
https://www.pluralsight.com/courses/microsoft-azure-databases-access-securing - Securing Access to Microsoft Azure Storage
https://www.pluralsight.com/courses/microsoft-azure-access-storage-securing - Managing Data Security and Policy in Microsoft Azure
https://www.pluralsight.com/courses/microsoft-azure-data-security-policy-managing - Microsoft Azure Developer: Securing Data
https://www.pluralsight.com/courses/microsoft-azure-data-securing - Microsoft Azure Authentication Scenarios for Developers
https://www.pluralsight.com/courses/microsoft-azure-authentication-scenarios-developers - Microsoft Azure Developer: Deploying and Managing Containers
https://www.pluralsight.com/courses/microsoft-azure-containers-deploying-managing
Udemy
- AZ-500: Azure Security Technologies
by Nick Colyer, Skylines Academy
https://www.udemy.com/course/az-500-course/
Online training
Microsoft Learn (free)
- Secure your cloud applications in Azure
https://docs.microsoft.com/learn/paths/secure-your-cloud-apps/ - Implement resource management security in Azure
https://docs.microsoft.com/learn/paths/implement-resource-mgmt-security/ - Implement network security in Azure
https://docs.microsoft.com/learn/paths/implement-network-security/ - Implement virtual machine host security in Azure
https://docs.microsoft.com/learn/paths/implement-host-security/ - Manage identity and access in Azure Active Directory
https://docs.microsoft.com/learn/paths/manage-identity-and-access/ - Manage security operations in Azure
https://docs.microsoft.com/learn/paths/manage-security-operations/
Open edX (free)
- Microsoft Azure Security Technologies
https://aka.ms/openedx-az-500.0-about
Instructor-led training
Microsoft Learning Partner
- Course AZ-500T00-A: Microsoft Azure Security Technologies
https://docs.microsoft.com/en-us/learn/certifications/courses/az-500t00
Exam Objectives
Manage identity and access (20-25%)
- Configure Microsoft Azure Active Directory for workloads
- Create App registration
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal - Configure App registration permission scopes
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent - Manage App registration permission consent
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent - Configure multi-factor authentication settings
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings - Manage Microsoft Azure AD directory groups
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal - Manage Microsoft Azure AD users
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory - Install and configure Microsoft Azure AD Connect
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect - Configure authentication methods
- Implement conditional access policies
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access - Configure Microsoft Azure AD identity protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/enable
- Create App registration
-
Configure Microsoft Azure AD Privileged Identity Management
- Monitor privileged access
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-use-audit-log - Configure access reviews
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview - Activate Privileged Identity Management
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan
- Monitor privileged access
-
Configure Microsoft Azure tenant security
- Transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory - Manage API access to Microsoft Azure subscriptions and resources
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
- Transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants
Implement platform protection (35-40%)
-
Implement network security
- Configure virtual network connectivity
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview - Configure Network Security Groups (NSGs)
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group - Create and configure Microsoft Azure firewall
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal - Create and configure application security groups
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic#associate-network-interfaces-to-an-asg - Configure remote access management
https://docs.microsoft.com/en-us/azure/security/azure-security-management - Configure baseline
https://docs.microsoft.com/en-us/azure/security-center/security-center-network-recommendations - Configure resource firewall
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-hybrid
- Configure virtual network connectivity
-
Implement host security
- Configure endpoint security within the VM
https://docs.microsoft.com/en-us/azure/security-center/security-center-install-endpoint-protection - Configure VM security
https://docs.microsoft.com/en-us/azure/security/azure-security-iaas - Harden VMs in Microsoft Azure
https://docs.microsoft.com/en-us/azure/security/azure-security-iaas - Configure system updates for VMs in Microsoft Azure
https://docs.microsoft.com/en-us/azure/security/azure-security-iaas#manage-your-vm-updates - Configure baseline
https://docs.microsoft.com/en-us/azure/security-center/security-center-network-recommendations
- Configure endpoint security within the VM
-
Configure container security
- Configure network
https://docs.microsoft.com/en-us/azure/virtual-network/quick-create-portal - Configure authentication
https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-auth-aad
https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-microsoft
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization - Configure container isolation
https://docs.microsoft.com/en-us/azure/security/fundamentals/isolation-choices
https://azure.microsoft.com/mediahandler/files/resourcefiles/container-security-in-microsoft-azure/Open%20Container%20Security%20in%20Microsoft%20Azure.pdf - Configure AKS security
https://docs.microsoft.com/en-us/azure/aks/concepts-security - Configure container registry
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal - Configure container instance security
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-vnet - Implement vulnerability management
https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations
- Configure network
-
Implement Microsoft Azure Resource management security
- Create Microsoft Azure resource locks
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources - Manage resource group security
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview - Configure Microsoft Azure policies
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage - Configure custom RBAC roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles - Configure subscription and resource permissions
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
- Create Microsoft Azure resource locks
Manage security operations (15-20%)
-
Configure security services
- Configure Microsoft Azure monitor
https://docs.microsoft.com/en-us/azure/azure-monitor/azure-management - Configure Microsoft Azure log analytics
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access - Configure diagnostic logging and log retention
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-logs-overview - Configure vulnerability scanning
https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations
- Configure Microsoft Azure monitor
-
Configure security policies
- Configure centralized policy management by using Microsoft Azure Security Center
https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy - Configure Just in Time VM access by using Microsoft Azure Security Center
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time
- Configure centralized policy management by using Microsoft Azure Security Center
-
Manage security alerts
- Create and customize alerts
https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert - Review and respond to alerts and recommendations
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts - Configure a playbook for a security event by using Microsoft Azure Security Center
https://docs.microsoft.com/en-us/azure/security-center/security-center-playbooks - Investigate escalated security incidents
https://docs.microsoft.com/en-us/azure/security-center/security-center-investigation
- Create and customize alerts
Secure data and applications (30-35%)
-
Configure security policies to manage data
- Configure data classification
https://docs.microsoft.com/en-us/azure/information-protection/infoprotect-quick-start-tutorial - Configure data retention
https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Consistent-labeling-and-protection-policies-coming-to-Office-365/ba-p/161553 - Configure data sovereignty
- Configure data classification
-
Configure security for data infrastructure
- Enable database authentication
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication - Enable database auditing
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing - Configure Microsoft Azure SQL Database threat detection
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection - Configure access control for storage accounts
https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide - Configure key management for storage accounts
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption-customer-managed-keys - Create and manage Shared Access Signatures (SAS)
https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1 - Configure security for HDInsights
https://docs.microsoft.com/en-us/azure/hdinsight/domain-joined/apache-domain-joined-introduction - Configure security for Cosmos DB
https://docs.microsoft.com/en-us/azure/cosmos-db/database-security - Configure security for Microsoft Azure Data Lake
https://docs.microsoft.com/en-us/azure/storage/common/storage-data-lake-storage-security-guide
- Enable database authentication
-
Configure encryption for data at rest
- Implement Microsoft Azure SQL Database Always Encrypted
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-always-encrypted - Implement database encryption
https://docs.microsoft.com/en-us/azure/sql-database/transparent-data-encryption-azure-sql - Implement Storage Service Encryption
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption - Implement disk encryption
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview - Implement backup encryption
https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq#encryption
- Implement Microsoft Azure SQL Database Always Encrypted
-
Implement security for application delivery
- Implement security validations for application development
https://docs.microsoft.com/en-us/azure/security/security-paas-deployments - Configure synthetic security transactions
https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability
- Implement security validations for application development
-
Configure application security
- Configure SSL/TLS certs
https://docs.microsoft.com/en-us/azure/app-service/web-sites-purchase-ssl-web-site - Configure Microsoft Azure services to protect web apps
https://docs.microsoft.com/en-us/Azure/application-gateway/create-web-app - Create an application security baseline
https://docs.microsoft.com/en-us/azure/app-service/overview-security
- Configure SSL/TLS certs
-
Configure and manage Key Vault
- Manage access to Key Vault
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault - Manage permissions to secrets, certificates, and keys
https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates - Manage certificates
https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates - Manage secrets
https://docs.microsoft.com/en-us/azure/key-vault/quick-create-powershell
https://docs.microsoft.com/en-us/azure/key-vault/quick-create-portal - Configure key rotation
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-key-rotation-log-monitoring
- Manage access to Key Vault
