Reading Time: 3 minutes

Microsoft has been changing up the Azure exams recently, and the other day I noticed new one. The AZ-500. This exam is a security-focused one. If you take the AZ-500 Microsoft Azure Security Technologies exam you will earn the Microsoft certified: Azure Security Enginer Associate certification.

Below you will find a list of what is going to be tested in the new AZ-500 Azure Security Engineer exam and a link to a resource that I think will help you learn and pass the exam. It is a work in progress at the moment and I will keep updating it. If you do find a link that is not working, or I have linked to the wrong resource. Please let me know.

Another good resource to learn about Azure Security is the Microsoft Learn site. you can reach the Secure your cloud data path using this link
https://docs.microsoft.com/en-us/learn/paths/secure-your-cloud-data/

Skills measured from AZ-500: Microsoft Azure Security Technologies

Manage Identity and Access (20-25%)

Configure Microsoft Azure Active Directory for workloadsA

Create App Registration, configure App Registration permission scopes, manage App Registration permission consent

• https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-add-azure-ad-app
• https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-permissions-and-consent
• https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

Configure Multi-Factor Authentication settings

• https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

Manage Microsoft Azure AD directory groups

• https://docs.microsoft.com/en-us/microsoft-365/enterprise/identity-self-service-group-management

Manage Microsoft Azure AD users

• https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/

Install and configure Microsoft Azure AD Connect, configure authentication methods

• https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
• https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn

Implement Conditional Access policies

• https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/best-practices

Configure Microsoft Azure AD identity protection

• https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/enable

Configure Microsoft Azure AD Privileged Identity Management

Monitor privileged access, configure Access Reviews, activate Privileged Identity Management

• https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started
• https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan
• https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

Configure Microsoft Azure tenant security

ransfer Microsoft Azure subscriptions between Microsoft Azure AD tenants, manage API access to Microsoft Azure subscriptions and resources

• https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
• https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-aad
• https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-api-authentication
• https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api

Implement Platform Protection (35-40%)

Implement network security

Configure virtual network connectivity

• https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview

Configure Network Security Groups (NSGs)

• https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group

Create and configure Microsoft Azure Firewall

• https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

Create and configure application security groups

• https://azure.microsoft.com/en-gb/blog/applicationsecuritygroups/

Configure remote access management

• https://docs.microsoft.com/en-us/azure/security/azure-security-management

Configure baseline

• https://docs.microsoft.com/en-us/azure/security-center/security-center-network-recommendations

Configure resource firewall

• https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security
• https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure

Implement host security

Configure endpoint security within the VM

• https://docs.microsoft.com/en-us/azure/security/azure-security-antimalware

Configure VM security

• https://docs.microsoft.com/en-us/azure/security/azure-security-iaas

Harden VMs in Microsoft Azure

• https://blogs.msdn.microsoft.com/mvpawardprogram/2018/01/09/just-in-time-access-azure-vms/

Configure system updates for VMs in Microsoft Azure

• https://docs.microsoft.com/en-us/azure/automation/automation-tutorial-update-management

Configure Baseline

• https://docs.microsoft.com/en-us/azure/security-center/security-center-customize-os-security-config

Configure container security

Configure network

• https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview

Configure authentication

• https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

Configure container isolation

• https://azure.microsoft.com/mediahandler/files/resourcefiles/container-security-in-microsoft-azure/Open%20Container%20Security%20in%20Microsoft%20Azure.pdf

Configure AKS security

• https://docs.microsoft.com/en-us/azure/aks/concepts-security

Configure container registry

• https://docs.microsoft.com/en-us/azure/container-registry/

Configure container instance security

• https://docs.microsoft.com/en-us/azure/container-instances/

Implement vulnerability management

• https://www.aquasec.com/solutions/azure-container-security/

Implement Microsoft Azure Resource management security

Create Microsoft Azure resource locks

• https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

Manage resource group security

• https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

Configure Microsoft Azure policies

• https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage

Configure custom RBAC roles

• https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

Configure subscription and resource permissions

• https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

Manage Security Operations (15-20%)

Configure security services

Configure Microsoft Azure Monitor

• https://docs.microsoft.com/en-us/azure/azure-monitor/azure-management

Configure Microsoft Azure Log Analytics

• https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access

Configure diagnostic logging and log retention

• https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-logs-overview

Configure vulnerability scanning

• https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations

Configure security policies

Configure centralized policy management by using Microsoft Azure Security Center

• https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy

Configure Just in Time VM access by using Microsoft Azure Security Center

• https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time

Manage security alerts

Create and customize alerts

• https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert

Review and respond to alerts and recommendations

• https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts
• https://docs.microsoft.com/en-us/azure/security-center/security-center-recommendations

Configure a playbook for a security event by using Microsoft Azure Security Center

• https://docs.microsoft.com/en-us/azure/security-center/security-center-playbooks

Investigate escalated security incidents

• https://docs.microsoft.com/en-us/azure/security-center/security-center-investigation

Secure Data and Applications (30-35%)

Configure security policies to manage data

Configure data classification

• https://docs.microsoft.com/en-us/azure/information-protection/infoprotect-settings-tutorial

Configure data retention

• https://docs.microsoft.com/en-us/rest/api/storageservices/setting-a-storage-analytics-data-retention-policy
• https://docs.microsoft.com/en-us/azure/kusto/management/retention-policy

Configure data sovereignty

• https://docs.microsoft.com/en-us/azure/governance/policy/samples/allowed-locations

Configure security for data infrastructure

Enable database authentication

• https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication

Enable database auditing

• https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing

Configure Microsoft Azure SQL Database threat detection

• https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection

Configure access control for storage accounts

• https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide

Configure key management for storage accounts

• https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption-customer-managed-keys

Create and manage Shared Access Signatures (SAS)

• https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1

Configure security for HDInsights

• https://docs.microsoft.com/en-us/azure/hdinsight/domain-joined/apache-domain-joined-configure-using-azure-adds

Configure security for Cosmos DB

• https://docs.microsoft.com/en-us/azure/cosmos-db/database-security

Configure security for Microsoft Azure Data Lake

• https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-network-security
• https://docs.microsoft.com/en-us/azure/storage/common/storage-data-lake-storage-security-guide

Configure encryption for data at rest

Implement Microsoft Azure SQL Database Always Encrypted

• https://docs.microsoft.com/en-us/azure/sql-database/sql-database-always-encrypted

Implement database encryption

• https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-2017

Implement Storage Service Encryption

• https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption

Implement disk encryption

• https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview

Implement backup encryption

• https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq#encryption

Implement security for application delivery

Implement security validations for application development

• https://docs.microsoft.com/en-us/azure/security/security-paas-deployments

Configure synthetic security transactions

• https://docs.microsoft.com/en-us/azure/azure-monitor/app/transaction-diagnostics

Configure application security

Configure SSL/TLS certs

• https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl

Configure Microsoft Azure services to protect web apps

• https://docs.microsoft.com/en-us/azure/application-gateway/create-web-app

Create an application security baseline

• https://docs.microsoft.com/en-us/azure/security/security-paas-deployments

Configure and manage Key Vault

Manage access to Key Vault

• https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

Manage permissions to secrets, certificates, and keys

• https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates

Manage certificates, manage secrets, configure key rotation

• https://docs.microsoft.com/en-us/azure/key-vault/key-vault-key-rotation-log-monitoring

I hope you found this helpful and Good Luck in your exams!