Preparation Guide for Microsoft AZ-500 Microsoft Azure Security Technologies Certification
I just get my AZ-500 Microsoft Azure Security Technologies Certification (and a new badge : Microsoft Certified: Azure Security Engineer Associate) and it is time now to share my preparation notes for those who are interested to pass this exam and get certified too.
This article is just one another preparation guide to Microsoft exam AZ-500 but I hope it will be useful 🙂
Even you don’t plan to take the exam, all this content is really interesting to read and understand if you want to discover and improve your knowledge on security on Azure.
Before starting studying, you must know very well what this certification is about and what are the prerequisites.
The topics included in this exam are the following :
- Manage identity and access (20-25%)
- Implement platform protection (35-40%)
- Manage security operations (15-20%)
- Secure data and applications (30-35%)
More details :
Important update (15 sept 19) : apparently now there is a live labs in the exam : https://www.reddit.com/r/AZURE/comments/d4d38w/passed_the_az500_exam_today_the_exam_now_has_live/
Manage identity and access (20-25%)
— Configure Microsoft Azure Active Directory for workloads —
How to: Use the portal to create an Azure AD application and service principal that can access resources
Permissions and consent in the Azure Active Directory v2.0 endpoint
Configure Multi-Factor Authentication settings
Enterprise user management documentation – Azure Active Directory
Manage Microsoft Azure AD directory groups
Create a basic group and add members using Azure Active Directory
What is guest user access in Azure Active Directory B2B?
— Configure Microsoft Azure AD Privileged Identity Management —
Configure Microsoft Azure AD identity protection
What is Azure Active Directory Identity Protection?
Vulnerabilities detected by Azure Active Directory Identity Protection
Configure Microsoft Azure AD Privileged Identity Management
Monitor privileged access, configure Access Reviews, activate Privileged Identity Management
— Configure Microsoft Azure tenant security —
Transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants, manage API access to Microsoft Azure subscriptions and resources
Transfer ownership of an Azure subscription to another account
Implement platform protection (35-40%)
— Implement network security —
What is Azure Virtual Network?
Configure Network Security Groups (NSGs)
Understanding Application Security Groups in the Azure Portal
Create and configure application security groups
What is Azure Firewall ?
Tutorial: Deploy and configure Azure Firewall using the Azure portal
Configure remote access management – Security management in Azure
Configure baseline – Protect your network resources in Azure Security Center
Configure Azure Storage firewalls and virtual networks
Azure SQL Database and SQL Data Warehouse IP firewall rules
— Implement host security —
configure VM Security – Security best practices for IaaS workloads in Azure
Manage endpoint protection issues with Azure Security Center
Manage virtual machine access using just-in-time
Manage Windows updates by using Azure Automation
Automate resources in your datacenter or cloud by using Hybrid Runbook Worker
Configure Baseline – Customize OS security configurations in Azure Security Center
— Configure container security —
Container Security in Azure
Configure network – Enable containers to use Azure Virtual Network capabilities
Configure authentication – Service principals with Azure Kubernetes Service (AKS)
Secure traffic between pods using network policies in Azure Kubernetes Service (AKS)
Configure AKS security – Security concepts for applications and clusters in Azure Kubernetes Service (AKS)
Configure container registry
Best practices for Azure Container Registry
Configure container instance security
Implement vulnerability management
— Implement Microsoft Azure Resource management security —
Create Microsoft Azure resource locks
Manage resource group security with Azure RBAC
Built-in roles for Azure resources
Configure custom RBAC roles
Configure Microsoft Azure policies
Configure subscription and resource permissions
Manage security operation (15-20%)
— Configure Security Services —
Configure Microsoft Azure Monitor
Azure Monitor overview
Configure Azure Log Analytics for data security
Configure Azure diagnostic logs
Configure Microsoft Azure Log Analytics
Configure diagnostic logging and log retention
Configure vulnerability scanning
— Configure Security Policies —
Working with security policies
Azure security policies monitored by Security Center
Configure centralized policy management by using Microsoft Azure Security Center
Configure Just in Time VM access by using Microsoft Azure Security Center
— Managed Security Alerts —
Create and customize alerts
Custom Alert Rules in Azure Security Center (Preview)
Review and respond to alerts and recommendations
Configure a playbook for a security event by using Microsoft Azure Security Center
Investigate escalated security incidents
Secure Data and Applications (30-35%)
— Configure security policies to manage data —
Achieving Compliant Data Residency and Security with Azure
Configure data sovereignty using Azure Policy
Configure Data Retention
Configure data retention (Storage Analytics)
Azure Data Explorer (Retention)
Configure data classification
— Configure security for data infrastructure —
Enable database authentication
Configure and manage Azure Active Directory authentication with SQL
Get started with SQL database auditing
Azure SQL Database threat detection for single or pooled databases
Azure Storage security guide
Configure key management for storage accounts
Create and manage Shared Access Signatures (SAS)
An introduction to Apache Hadoop security with Enterprise Security Package
Configure security for HDInsights
Security in Azure Cosmos DB – overview
Secure access to data in Azure Cosmos DB
Data encryption in Azure Cosmos DB
High availability with Azure Cosmos DB
Online backup and on-demand data restore in Azure Cosmos DB
Configure security for Microsoft Azure Data Lake
— Configure encryption for data at rest —-
Implement Microsoft Azure SQL Database Always Encrypted
Implement database encryption
Transparent data encryption for SQL Database and Data Warehouse
Azure SQL Transparent Data Encryption with customer-managed keys in Azure Key Vault: Bring Your Own Key support
How to use Key Vault soft-delete with PowerShell
Azure Storage Service Encryption for data at rest
Storage Service Encryption using customer-managed keys in Azure Key Vault
Azure Disk Encryption for IaaS VMs
Implement backup encryption
— Implement security for application delivery —
Securing PaaS deployments
Monitor availability and responsiveness of any web site
—- Configure application security —
App Service and Functions hosted apps can now update TLS versions!
Configure SSL/TLS certs
Tutorial: Bind an existing custom SSL certificate to Azure App Service
Configure Microsoft Azure services to protect web apps
Create an application security baseline
— Configure and manage Key Vault —
About keys, secrets, and certificates
Secure access to a key vault
Manage certificates, manage secrets, configure key rotation
Azure Storage account key management
Azure Key Vault managed storage account – CLI
Azure Storage Account Keys Automatic Rotation
Hope this preparation guide will be useful for you. Don’t hesitate to post a comment or send me a message on Twitter @squastana or on LinkedIn
Last but not least, don’t forget to spend time on http://microsoft.com/learn where you can find additional materials to prepare your certification.
30 thoughts on “Preparation Guide for Microsoft AZ-500 Microsoft Azure Security Technologies Certification”
Man this is a very good job right here. You made my preparations easier with this. I’ve got the exam scheduled less than 48 and I’m sure this will help me brush up.
Hi James, How your exam went? I’m also preparing to appear for this exam if you could help with guiding me.
Below are my contact details, it would be really helpful if you can share your experience.
Email – email@example.com
WhatsApp Contact – +91-9643895235
Top les powerpoint, ca m’évite de tout lire 😀
Thanks For sharing such great information.
Great job! The PowerPoints are very useful tools
Thanks appreciate 🙂
Thannk a lot… do we have any video course available for AZ-500?
No, just slides & urls
Many thanks for gathering all these useful links into a single page along with the clear slides. It was of a great help for passing this test this morning !
I’m now looking fordward to seeing the same for AZ-400 🙂
AZ 400 preparation guide will be published very soon 😉 stay tuned
Wonderful job here mate. This helped me cover some topics missing in my prep plan. And I passed the exam. Great Job!!!
Thank you so much for the generous sharing, is there any pre-requisite for AZ-500?
No pre-requisite except a good preparation 😉
This is very helpful. Thank you. I have 2 questions, I just passed the AZ-900 and want to take AZ-500.
1. Does the AZ-500 have hands on labs or just questions?
2. Should I just read all of the PowerPoints and then take it or should I also try doing some of exercises within the Azure Portal as well?
There was no labs when I took the AZ 500 exam but it can change. Read all slides and practice a little (I tried to put as much screenshots I can but practice is better)
Will 2 weeks be enough to complete this certification?
Yes if you spend few hours every day. Less if you already works with those services
hi all ; pls. is this exam have labs and how many ?
Yes there are labs
Hi Stanislas, can you please re-share your notes/PPT?
Link from onedrive is down.
How much score required to pass AZ-500 ??
For AZ-500, did you attend any online classes like Linux Academy or A Cloud Guru? Or just Microsoft resources available online/mentioned above should be fine?
All the resources I provide in this article are enough to get a got score 😉
Thanks very much
I received mine in December and used this site along with this training: https://www.udemy.com/course/a-to-z-of-azure-security-covers-az-500-and-more/
this is really good work and thank you
Amazing content, thanks so much for collating and sharing. I found the slides very useful.
FYI – all slides will be a little out of date as the exam content is changing on July 29 2020.
The Web Factory
You have put all the links to important information here. It’s very helpful you have done a great job. Well done