The content of the AZ-500 Microsoft Azure Security Technologies exam was just updated in January 2021. That is why I want to share my new updated AZ-500: Microsoft Azure Security Technologies Certification Exam Study Guide for 2021 with you. If you are passing the AZ-500 exam, you will earn the Microsoft Certified: Azure Security Engineer Associate certification, that you understand how to implement security controls and threat protection; manage identity and access; and protect data, applications, and networks in cloud and hybrid environments as part of end-to-end infrastructure.
To learn and prepare for the exam, I usually use a couple of online resources, mainly Microsoft Docs and Microsoft Learn, which I am going to share with you. You can find more information about how I prepare for a Microsoft Certification exam on my blog post: How to prepare and pass Microsoft Certification Exam.
Also, check out other Microsoft Azure Certification Exam Study Guides:
- Exam AZ-900: Microsoft Azure Fundamentals Exam Study Guide
- Exam AZ-104: Microsoft Azure Administrator Exam Study Guide
- Exam AZ-204: Developing Solutions for Microsoft Azure Exam Study Guide
- Exam AZ-303: Microsoft Azure Architect Technologies Exam Study Guide
- Exam AZ-304: Microsoft Azure Architect Design Certification Exam Study Guide
- Exam AZ-305: Microsoft Azure Solutions Architect Certification Exam Study Guide
- Exam AZ-600: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub Exam Study Guide
- Exam AZ-700: Microsoft Azure Network Engineer Exam Study Guide
- Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals Exam Study Guide
- Exam DP-300: Azure Database Administrator Exam Study Guide
Here is my AZ-500 Microsoft Azure Security Technologies
It is essential to get familiar with the exam objectives and skills measured first. That is why I recommend reading the description of the exam and the skills measured.
Exam AZ-500: Microsoft Azure Security Technologies
Candidates for this exam should have subject matter expertise implementing security controls and threat protection, managing identity and access, and protecting data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.
Responsibilities for an Azure Security Engineer include maintaining the security posture, identifying and remediating vulnerabilities by using a variety of security tools, implementing threat protection, and responding to security incident escalations.
Azure Security Engineers often serve as part of a larger team dedicated to cloud-based management and security or hybrid environments as part of an end-to-end infrastructure.
A candidate for this exam should be familiar with scripting and automation, should have a deep understanding of networking and virtualization. A candidate should also have a strong familiarity with cloud capabilities, Azure products and services, and other Microsoft products and services.
The high-level view of the skills measured in the exam:
- Manage identity and access (30-35%)
- Implement platform protection (15-20%)
- Manage security operations (25-30%)
- Secure data and applications (20-25%)
You can find more information on the exam website.
Free Online Microsoft Learn AZ-500 Exam Study Guide resources
Microsoft Learn provides you with free online training and learning paths for different Microsoft technologies. They not just offer reading material, but also control questions and free online labs. Here are some relevant Microsoft Learn modules and learning paths for the AZ-500 Microsoft Azure Security Technologies Certification Exam. Microsoft Learn is an important part of my AZ-500 exam study guide.
- Secure your cloud applications in Azure (6 modules)
- Implement resource management security in Azure (6 modules)
- Implement network security in Azure (5 modules)
- Implement virtual machine host security in Azure (6 modules)
- Manage identity and access in Azure Active Directory (9 modules)
- Manage security operations in Azure (8 modules)
Microsoft Docs AZ-500 study guide resources
One thing I always used to prepare for my Microsoft exams is Microsoft Docs. Here are the relevant Microsoft Docs which I used to prepare and study for the AZ-500 exam.
Manage Identity and Access (30-35%)
Manage Azure Active Directory identities
- configure security for service principals
- manage Azure AD directory groups
- manage Azure AD users
- configure password writeback
- configure authentication methods including password hash and Pass Through
Authentication (PTA), OAuth, and passwordless - transfer Azure subscriptions between Azure AD tenants
- implement Conditional Access policies
Configure secure access by using Azure AD
- monitor privileged access for Azure AD Privileged Identity Management (PIM)
- configure Access Reviews
- activate and configure PIM Privileged Identity Management
- implement Conditional Access policies including Multi-Factor Authentication (MFA)
- configure Azure AD identity protection
Manage application access
- create App Registration
- configure App Registration permission scopes
- manage App Registration permission consent
- manage API access to Azure subscriptions and resources
Manage access control
- configure subscription and resource permissions
- configure resource group permissions
- configure custom RBAC roles
- identify the appropriate role
- apply principle of least privilege
- interpret permissions
- check access
Implement Platform Protection (15-20%)
Implement advanced network security
- secure the connectivity of virtual networks (VPN authentication, Express Route
encryption) - configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
- create and configure Azure Firewall
- implement Azure Firewall Manager
- create and configure Azure Front Door service as an Application Gateway
- configure a Web Application Firewall (WAF) on Azure Application Gateway
- configure Azure Bastion
- configure a firewall on a storage account, Azure SQL, KeyVault, or App Service
- implement Service Endpoints
- implement DDoS protection
Configure advanced security for compute
- configure endpoint protection
- configure and monitor system updates for VMs
- configure authentication for Azure Container Registry
- configure security for different types of containers
- implement vulnerability management
- configure isolation for AKS
- configure security for container registry
- implement Azure Disk Encryption
- configure authentication and security for Azure App Service
- configure SSL/TLS certs
- configure authentication for Azure Kubernetes Service
- configure automatic updates
Manage Security Operations (25-30%)
Monitor security by using Azure Monitor
- create and customize alerts
- monitor security logs by using Azure Monitor
- configure diagnostic logging and log retention
Monitor security by using Azure Security Center
- evaluate vulnerability scans from Azure Security Center
- configure Just in Time VM access by using Azure Security Center
- configure centralized policy management by using Azure Security Center
- configure compliance policies and evaluate for compliance by using Azure Security
Center
Monitor security by using Azure Sentinel
- create and customize alerts
- configure data sources to Azure Sentinel
- evaluate results from Azure Sentinel
- configure workflow automation by using Azure Sentinel
Configure security policies
- configure security settings by using Azure Policy
- configure security settings by using Azure Blueprint
- configure a playbook by using Azure Sentinel
Secure Data and Applications (20-25%)
Configure security for storage
- configure access control for storage accounts
- configure key management for storage accounts
- configure Azure AD authentication for Azure Storage
- configure Azure AD Domain Services authentication for Azure Files
- create and manage Shared Access Signatures (SAS)
- create a shared access policy for a blob or blob container
- implement Storage Service Encryption
Configure security for databases
- enable database authentication
- enable database auditing
- configure Azure SQL Database Advanced Threat Protection
- implement database encryption
- implement Azure SQL Database Always Encrypted
Configure and manage Key Vault
- manage access to Key Vault
- manage permissions to secrets, certificates, and keys
- configure RBAC usage in Azure Key Vault
- manage certificates
- manage secrets
- configure key rotation
- backup and restore of Key Vault items
AZ-500 Study Guide Microsoft Azure Security Technologies Additional Tips and Resources
I hope this AZ-500 Microsoft Azure Security Technologies Certification Exam Study Guide helps you pass the exam and get the Microsoft Certified: Azure Security Engineer Associate certification. I also recommend that you open a free Azure account if you don’t have one yet. You can create your free Azure account here. Also, check out my blog posts about Microsoft Azure Certification:
- Why you should become Microsoft Azure certified
- How to pick the right Azure exam certification path
- How to prepare and pass a Microsoft Azure exam
- Learn Microsoft Azure in 2020
I hope you enjoyed my AZ-500 Microsoft Azure Security Technologies Study Guide. Did I miss any link, or do you have any recommended AZ-500 Microsoft Azure Security Technologies Certification Exam Study resources? Let me know in the comments.
Tags: AZ-500, Azure, Azure Security, Certification, Certified, Engineer, Exam, guide, Microsoft, Microsoft Azure, Prep, Security, Study, Study Guide, Technologies Last modified: October 13, 2021
GOOD INFO THANK VERY MUCH THOMAS
You’re welcome :)
Good material
thank you :)
I was waiting for this post.
Thanks Mr. Thomas to provide us the best of your your willing power!
I took the AZ-103 exam back in May and passed (many thanks to your helpful az-104 study guide). I’ve been on a little bit of an azure hiatus to focus on some other things but would like to get back into the swing of things with the AZ-500. Would you say this is a good next step versus the expert level 300/301 exams? I’d like to knock this out by the end of the summer then perhaps jump into 303/304. Does this seem achievable having completed 103 recently?
Thanks in advance and I’m looking forward to looking through this guide either way!!
Mike
Hi Thomas,
Thank you for your detailed guide for AZ-500 exam prep. I took the AZ-900 exam a week ago. I am new to Azure certifications, however, strongly believe Security Consultant without some knowledge of Azure Security is not complete. Your guide for az-500 will definitely help me to achieve the certification in 5 weeks. Thank you again for the guide.
Thank you that is great to hear!
Is this study guide has the latest changes to AZ-500 exam?
Thank you for sharing this information! I’ve been through the Microsoft Learn modules and knew they wouldn’t be enough. Thanks for picking out these specific Microsoft Document guides.
Please update to match new layout thanks
Can I have detail and documentation for AZ 104
Hi Balaji, I think the is a link at the beginning of this blog post, linking to the specific study guides for other exams like the AZ-104. However, here you go: https://www.thomasmaurer.ch/2020/03/az-104-study-guide-azure-administrator/
The following two links are broken in the Microsoft Docs AZ-500 study guide resources section:
Update Management overview
Manage updates and patches for your Azure VMs
I will have a look and fix it :)
Hello Thomas,
Thank you for this resource! Because some of the titles in the exam blueprint have changed I was wondering if your study guide is still up to date? Or is it simply that certain titles of resources have changed?
Thank you for your response.