Reading Time: 3 minutes
Follow by Email

Microsoft has been changing up the Azure exams recently, and the other day I noticed new one. The AZ-500. This exam is a security-focused one. If you take the AZ-500 Microsoft Azure Security Technologies exam you will earn the Microsoft certified: Azure Security Enginer Associate certification.

Below you will find a list of what is going to be tested in the new AZ-500 Azure Security Engineer exam and a link to a resource that I think will help you learn and pass the exam. It is a work in progress at the moment and I will keep updating it. If you do find a link that is not working, or I have linked to the wrong resource. Please let me know.

Another good resource to learn about Azure Security is the Microsoft Learn site. you can reach the Secure your cloud data path using this link


At the time of writing this exam it is not live.

Skills measured from AZ-500: Microsoft Azure Security Technologies

Manage Identity and Access (20-25%)

Configure Microsoft Azure Active Directory for workloadsA

Create App Registration, configure App Registration permission scopes, manage App Registration permission consent

Configure Multi-Factor Authentication settings

Manage Microsoft Azure AD directory groups

Manage Microsoft Azure AD users

Install and configure Microsoft Azure AD Connect, configure authentication methods

Implement Conditional Access policies

Configure Microsoft Azure AD identity protection

Configure Microsoft Azure AD Privileged Identity Management

Monitor privileged access, configure Access Reviews, activate Privileged Identity Management

Configure Microsoft Azure tenant security

ransfer Microsoft Azure subscriptions between Microsoft Azure AD tenants, manage API access to Microsoft Azure subscriptions and resources

Implement Platform Protection (35-40%)

Implement network security

Configure virtual network connectivity

Configure Network Security Groups (NSGs)

Create and configure Microsoft Azure Firewall

Create and configure application security groups

Configure remote access management

Configure baseline

Configure resource firewall

Implement host security

Configure endpoint security within the VM

Configure VM security

Harden VMs in Microsoft Azure

Configure system updates for VMs in Microsoft Azure

Configure Baseline

Configure container security

Configure network

Configure authentication

Configure container isolation

Configure AKS security

Configure container registry

Configure container instance security

Implement vulnerability management

Implement Microsoft Azure Resource management security

Create Microsoft Azure resource locks

Manage resource group security

Configure Microsoft Azure policies

Configure custom RBAC roles

Configure subscription and resource permissions

Manage Security Operations (15-20%)

Configure security services

Configure Microsoft Azure Monitor

Configure Microsoft Azure Log Analytics

Configure diagnostic logging and log retention

Configure vulnerability scanning

Configure security policies

Configure centralized policy management by using Microsoft Azure Security Center

Configure Just in Time VM access by using Microsoft Azure Security Center

Manage security alerts

Create and customize alerts

Review and respond to alerts and recommendations

Configure a playbook for a security event by using Microsoft Azure Security Center

Investigate escalated security incidents

Secure Data and Applications (30-35%)

Configure security policies to manage data

Configure data classification

Configure data retention

Configure data sovereignty

Configure security for data infrastructure

Enable database authentication

Enable database auditing

Configure Microsoft Azure SQL Database threat detection

Configure access control for storage accounts

Configure key management for storage accounts

Create and manage Shared Access Signatures (SAS)

Configure security for HDInsights

Configure security for Cosmos DB

Configure security for Microsoft Azure Data Lake

Configure encryption for data at rest

Implement Microsoft Azure SQL Database Always Encrypted

Implement database encryption

Implement Storage Service Encryption

Implement disk encryption

Implement backup encryption

Implement security for application delivery

Implement security validations for application development

Configure synthetic security transactions

Configure application security

Configure SSL/TLS certs

Configure Microsoft Azure services to protect web apps

Create an application security baseline

Configure and manage Key Vault

Manage access to Key Vault

Manage permissions to secrets, certificates, and keys

Manage certificates, manage secrets, configure key rotation

I hope you found this helpful and Good Luck in your exams!

Follow by Email

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.


Paul Bendall · March 27, 2019 at 9:18 pm

Thanks for sharing this information once again, as well as providing links to the associated documentation, super useful!

Trying to keep up with the Microsoft certification and exams is becoming as challenging as keeping up with Azure and Office 365 ever changing features.


Deiva · April 3, 2019 at 5:38 am

Thanks, Richard.

Gerrit · June 20, 2019 at 8:13 am

Thanks for the information.

muhammad sikander · January 6, 2020 at 3:01 pm

Thanks a lot for your work and helped me a lot.

Dan · August 24, 2020 at 3:10 am

There is a typo in the yellow header block just fyi. “clod” should be “cloud” Otherwise great content and thanks for contributing to help others!

    Pixel Robots. · August 25, 2020 at 12:29 pm

    Thanks for That. Good spot. Updated now.

Leave a Reply

Avatar placeholder

Your email address will not be published.