Preparation Guide for Microsoft AZ-500 Microsoft Azure Security Technologies Certification
I just get my AZ-500 Microsoft Azure Security Technologies Certification (and a new badge : Microsoft Certified: Azure Security Engineer Associate) and it is time now to share my preparation notes for those who are interested to pass this exam and get certified too.
This article is just one another preparation guide to Microsoft exam AZ-500 but I hope it will be useful 🙂

Even you don’t plan to take the exam, all this content is really interesting to read and understand if you want to discover and improve your knowledge on security on Azure.
Before starting studying, you must know very well what this certification is about and what are the prerequisites.
The topics included in this exam are the following :
- Manage identity and access (20-25%)
- Implement platform protection (35-40%)
- Manage security operations (15-20%)
- Secure data and applications (30-35%)
More details :
https://www.microsoft.com/en-us/learning/exam-az-500.aspx
Important update (15 sept 19) : apparently now there is a live labs in the exam : https://www.reddit.com/r/AZURE/comments/d4d38w/passed_the_az500_exam_today_the_exam_now_has_live/
Manage identity and access (20-25%)
— Configure Microsoft Azure Active Directory for workloads —
How to: Use the portal to create an Azure AD application and service principal that can access resources
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
Permissions and consent in the Azure Active Directory v2.0 endpoint
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent
Configure Multi-Factor Authentication settings
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
Enterprise user management documentation – Azure Active Directory
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/
Manage Microsoft Azure AD directory groups
Create a basic group and add members using Azure Active Directory
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal
What is guest user access in Azure Active Directory B2B?
https://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2b
— Configure Microsoft Azure AD Privileged Identity Management —
Configure Microsoft Azure AD identity protection
What is Azure Active Directory Identity Protection?
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview
Vulnerabilities detected by Azure Active Directory Identity Protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/vulnerabilities
Configure Microsoft Azure AD Privileged Identity Management
Monitor privileged access, configure Access Reviews, activate Privileged Identity Management
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan
— Configure Microsoft Azure tenant security —
Transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants, manage API access to Microsoft Azure subscriptions and resources
Transfer ownership of an Azure subscription to another account
https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-aad
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-api-authentication
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api
Implement platform protection (35-40%)
— Implement network security —
What is Azure Virtual Network?
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
Security Group
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Configure Network Security Groups (NSGs)
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group
Understanding Application Security Groups in the Azure Portal
https://www.petri.com/understanding-application-security-groups-in-the-azure-portal
Create and configure application security groups
https://azure.microsoft.com/en-gb/blog/applicationsecuritygroups/
Services Tags
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#service-tags
What is Azure Firewall ?
https://docs.microsoft.com/en-us/azure/firewall/overview
Tutorial: Deploy and configure Azure Firewall using the Azure portal
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
Configure remote access management – Security management in Azure
https://docs.microsoft.com/en-us/azure/security/azure-security-management
Configure baseline – Protect your network resources in Azure Security Center
https://docs.microsoft.com/en-us/azure/security-center/security-center-network-recommendations
Configure Azure Storage firewalls and virtual networks
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
Azure SQL Database and SQL Data Warehouse IP firewall rules
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure
— Implement host security —
configure VM Security – Security best practices for IaaS workloads in Azure
https://docs.microsoft.com/en-us/azure/security/azure-security-iaas
Manage endpoint protection issues with Azure Security Center
https://docs.microsoft.com/en-us/azure/security-center/security-center-install-endpoint-protection
Manage virtual machine access using just-in-time
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time
Manage Windows updates by using Azure Automation
https://docs.microsoft.com/en-us/azure/automation/automation-tutorial-update-management
Automate resources in your datacenter or cloud by using Hybrid Runbook Worker
https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker
Configure Baseline – Customize OS security configurations in Azure Security Center
https://docs.microsoft.com/en-us/azure/security-center/security-center-customize-os-security-config
— Configure container security —
Container Security in Azure
https://azure.microsoft.com/mediahandler/files/resourcefiles/container-security-in-microsoft-azure/Open%20Container%20Security%20in%20Microsoft%20Azure.pdf
Configure network – Enable containers to use Azure Virtual Network capabilities
https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview
Configure authentication – Service principals with Azure Kubernetes Service (AKS)
https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal
Secure traffic between pods using network policies in Azure Kubernetes Service (AKS)
https://docs.microsoft.com/en-us/azure/aks/use-network-policies
Configure AKS security – Security concepts for applications and clusters in Azure Kubernetes Service (AKS)
https://docs.microsoft.com/en-us/azure/aks/concepts-security
Configure container registry
https://docs.microsoft.com/en-us/azure/container-registry/
Best practices for Azure Container Registry
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-best-practices
Configure container instance security
https://docs.microsoft.com/en-us/azure/container-instances/
Implement vulnerability management
https://www.aquasec.com/solutions/azure-container-security/
— Implement Microsoft Azure Resource management security —
Create Microsoft Azure resource locks
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Manage resource group security with Azure RBAC
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Built-in roles for Azure resources
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Configure custom RBAC roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
Configure Microsoft Azure policies
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage
Configure subscription and resource permissions
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
Manage security operation (15-20%)
— Configure Security Services —
Configure Microsoft Azure Monitor
Azure Monitor overview
https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Configure Azure Log Analytics for data security
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-security
Configure Azure diagnostic logs
https://docs.microsoft.com/en-us/azure/security/azure-log-audit#azure-diagnostics-logs
Configure Microsoft Azure Log Analytics
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access
Configure diagnostic logging and log retention
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-logs-overview
Configure vulnerability scanning
https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations
— Configure Security Policies —
Working with security policies
https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy
Azure security policies monitored by Security Center
https://docs.microsoft.com/en-us/azure/security-center/security-center-policy-definitions
Configure centralized policy management by using Microsoft Azure Security Center
https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy
Configure Just in Time VM access by using Microsoft Azure Security Center
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time
— Managed Security Alerts —
Create and customize alerts
Custom Alert Rules in Azure Security Center (Preview)
https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert
Review and respond to alerts and recommendations
https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts
https://docs.microsoft.com/en-us/azure/security-center/security-center-recommendations
Configure a playbook for a security event by using Microsoft Azure Security Center
https://docs.microsoft.com/en-us/azure/security-center/security-center-playbooks
Investigate escalated security incidents
https://docs.microsoft.com/en-us/azure/security-center/security-center-investigation
Secure Data and Applications (30-35%)
— Configure security policies to manage data —
Achieving Compliant Data Residency and Security with Azure
https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Achieving_Compliant_Data_Residency_and_Security_with_Azure.pdf
Configure data sovereignty using Azure Policy
https://docs.microsoft.com/en-us/azure/governance/policy/samples/allowed-locations
Configure Data Retention
https://www.microsoft.com/en-us/trustcenter/privacy/data-management
Configure data retention (Storage Analytics)
https://docs.microsoft.com/en-us/rest/api/storageservices/setting-a-storage-analytics-data-retention-policy
Azure Data Explorer (Retention)
https://docs.microsoft.com/en-us/azure/kusto/management/retention-policy
https://docs.microsoft.com/en-us/azure/kusto/concepts/retentionpolicy
Configure data classification
https://docs.microsoft.com/en-us/azure/information-protection/infoprotect-settings-tutorial
— Configure security for data infrastructure —
Enable database authentication
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication
Configure and manage Azure Active Directory authentication with SQL
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure
Get started with SQL database auditing
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
Azure SQL Database threat detection for single or pooled databases
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection
Azure Storage security guide
https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide
Configure key management for storage accounts
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption-customer-managed-keys
Create and manage Shared Access Signatures (SAS)
https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
An introduction to Apache Hadoop security with Enterprise Security Package
https://docs.microsoft.com/en-us/azure/hdinsight/domain-joined/apache-domain-joined-introduction
Configure security for HDInsights
https://docs.microsoft.com/en-us/azure/hdinsight/domain-joined/apache-domain-joined-configure-using-azure-adds
Security in Azure Cosmos DB – overview
https://docs.microsoft.com/en-us/azure/cosmos-db/database-security
Secure access to data in Azure Cosmos DB
https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data
Data encryption in Azure Cosmos DB
https://docs.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest
High availability with Azure Cosmos DB
https://docs.microsoft.com/en-us/azure/cosmos-db/high-availability
Online backup and on-demand data restore in Azure Cosmos DB
https://docs.microsoft.com/en-us/azure/cosmos-db/online-backup-and-restore
Configure security for Microsoft Azure Data Lake
https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-network-security
https://docs.microsoft.com/en-us/azure/storage/common/storage-data-lake-storage-security-guide
— Configure encryption for data at rest —-
Implement Microsoft Azure SQL Database Always Encrypted
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-always-encrypted
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-always-encrypted-azure-key-vault
Implement database encryption
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-2017
Transparent data encryption for SQL Database and Data Warehouse
https://docs.microsoft.com/en-us/azure/sql-database/transparent-data-encryption-azure-sql?view=sql-server-2017
Azure SQL Transparent Data Encryption with customer-managed keys in Azure Key Vault: Bring Your Own Key support
https://docs.microsoft.com/en-us/azure/sql-database/transparent-data-encryption-byok-azure-sql?view=sql-server-2017
How to use Key Vault soft-delete with PowerShell
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-soft-delete-powershell
Azure Storage Service Encryption for data at rest
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
Storage Service Encryption using customer-managed keys in Azure Key Vault
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption-customer-managed-keys
Azure Disk Encryption for IaaS VMs
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview
Implement backup encryption
https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq#encryption
— Implement security for application delivery —
Securing PaaS deployments
https://docs.microsoft.com/en-us/azure/security/security-paas-deployments
Monitor availability and responsiveness of any web site
https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability
—- Configure application security —
App Service and Functions hosted apps can now update TLS versions!
https://blogs.msdn.microsoft.com/appserviceteam/2018/04/17/app-service-and-functions-hosted-apps-can-now-update-tls-versions/
Configure SSL/TLS certs
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl
Tutorial: Bind an existing custom SSL certificate to Azure App Service
https://docs.microsoft.com/fr-fr/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-1112
Configure Microsoft Azure services to protect web apps
https://docs.microsoft.com/en-us/azure/application-gateway/create-web-app
Create an application security baseline
https://docs.microsoft.com/en-us/azure/security/security-paas-deployments
— Configure and manage Key Vault —
About keys, secrets, and certificates
https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates
Secure access to a key vault
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
Manage certificates, manage secrets, configure key rotation
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-key-rotation-log-monitoring
Azure Storage account key management
https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates#azure-storage-account-key-management
Azure Key Vault managed storage account – CLI
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-storage-keys
Azure Storage Account Keys Automatic Rotation
http://www.wahidsaleemi.com/2017/08/azure-storage-account-keys-automatic-rotation/
Hope this preparation guide will be useful for you. Don’t hesitate to post a comment or send me a message on Twitter @squastana or on LinkedIn
https://www.linkedin.com/in/stanislasquastana/
Last but not least, don’t forget to spend time on http://microsoft.com/learn where you can find additional materials to prepare your certification.
Noah James
Man this is a very good job right here. You made my preparations easier with this. I’ve got the exam scheduled less than 48 and I’m sure this will help me brush up.
Ankit Sharma
Hi James, How your exam went? I’m also preparing to appear for this exam if you could help with guiding me.
Below are my contact details, it would be really helpful if you can share your experience.
Email – ankit1767@gmail.com
WhatsApp Contact – +91-9643895235
LG
Top les powerpoint, ca m’évite de tout lire 😀
gaikwadhemantkumaremant
Thanks For sharing such great information.
Gary Bushey
Great job! The PowerPoints are very useful tools
squastana
Thanks appreciate 🙂
Sankar
Thannk a lot… do we have any video course available for AZ-500?
squastana
No, just slides & urls
GARY HARDY
Many thanks for gathering all these useful links into a single page along with the clear slides. It was of a great help for passing this test this morning !
I’m now looking fordward to seeing the same for AZ-400 🙂
squastana
AZ 400 preparation guide will be published very soon 😉 stay tuned
Vasisht
Wonderful job here mate. This helped me cover some topics missing in my prep plan. And I passed the exam. Great Job!!!
Pasle
Thank you so much for the generous sharing, is there any pre-requisite for AZ-500?
squastana
No pre-requisite except a good preparation 😉
Brandon Baxley
This is very helpful. Thank you. I have 2 questions, I just passed the AZ-900 and want to take AZ-500.
1. Does the AZ-500 have hands on labs or just questions?
2. Should I just read all of the PowerPoints and then take it or should I also try doing some of exercises within the Azure Portal as well?
Thanks.
squastana
There was no labs when I took the AZ 500 exam but it can change. Read all slides and practice a little (I tried to put as much screenshots I can but practice is better)
Aatish Kunal
Will 2 weeks be enough to complete this certification?
squastana
Yes if you spend few hours every day. Less if you already works with those services
Baker
hi all ; pls. is this exam have labs and how many ?
squastana
Yes there are labs
d656711@urhen.com
Hi Stanislas, can you please re-share your notes/PPT?
Link from onedrive is down.
Thanks!
Mohamed Osman
How much score required to pass AZ-500 ??
squastana
700 points
SR
Hi guys,
For AZ-500, did you attend any online classes like Linux Academy or A Cloud Guru? Or just Microsoft resources available online/mentioned above should be fine?
Regards,
SR
squastana
All the resources I provide in this article are enough to get a got score 😉
SR
Thanks very much
Brandon Baxley
I received mine in December and used this site along with this training: https://www.udemy.com/course/a-to-z-of-azure-security-covers-az-500-and-more/
Balakrishna Jupudi
this is really good work and thank you
SecKingKong
Amazing content, thanks so much for collating and sharing. I found the slides very useful.
FYI – all slides will be a little out of date as the exam content is changing on July 29 2020.
The Web Factory
You have put all the links to important information here. It’s very helpful you have done a great job. Well done