AZ-500 Exam Study Guide (Microsoft Azure Security Technologies)

AZ-500 Microsoft Azure Security Technologies Exam Certificate Study Guide-02

AZ-500 Preparation Details

Preparing for the AZ-500 Microsoft Azure Security Technologies exam? Don’t know where to start? This post is the AZ-500 Certificate Study Guide (with links to each exam objective).

I have curated a list of articles from Microsoft documentation for each objective of the AZ-500 exam. Hope this article will be your AZ-500 Study Guide.

Also, please share the post within your circles so it helps them to prepare for the exam.

Exam Voucher for AZ-500 with 1 Retake

Get 40% OFF with the combo

AZ-500 Azure Security Technologies Course

LinkedIn Learning (Free trial) Microsoft Azure Certification Learning Path
Pluralsight (Learning Path)Microsoft Azure Security Engineer Course
Whizlabs Microsoft Azure Security Technologies Course
Udemy A Certificate Course on Security in Azure

AZ-500 Azure Security Tech. Practice Test

Whizlabs Exam Questions 165 Practice questions & [Online Course]
Udemy Practice Tests Security Technologies Practice Questions

Other Materials Related to Azure Security

Coursera Cloud Security Basics [Univ. of Minnesota]
Amazon e-book (PDF) Exam Reference Azure Security Technologies
Labs on GitHubLabs resources on Security topics

AZ-500 Sample Exam Questions

AZ-500 Microsoft Azure Security Technologies Sample Practice Tests

Looking for AZ-500 Security Dumps? Read This!

Using az-500 exam dumps can get you permanently banned from taking any future Microsoft certificate exam. Read the FAQ page for more information. However, I strongly suggest you validate your understanding with practice questions.

Check out all the other Azure certificate study guides

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Manage Identity and Access (30-35%)

Manage Azure Active Directory Identities

Configure security for service principals

Application & service principal objects in Azure AD

Create an Azure AD app & service principal to access resources

Manage Azure AD directory groups

Create a basic group & add members using Azure AD

Manage access with Azure Active Directory groups

Manage Azure AD users

Add or delete users using Azure Active Directory

Create and manage users

Manage administrative units

Administrative units in Azure Active Directory

Configure password writeback

Enable Azure AD self-service password reset writeback

Configure authentication methods including password hash and Pass-Through
Authentication (PTA), OAuth, and passwordless

What is password hash synchronization with Azure AD?

Implement password hash synchronization with Azure AD Connect sync

Sign-in with Azure AD Pass-through Authentication

Azure Active Directory Pass-through Authentication: Quickstart

Configure an OAuth application from the Azure AD app gallery

Passwordless authentication options for Azure Active Directory

Enable passwordless sign-in with the Microsoft Authenticator app

Transfer Azure subscriptions between Azure AD tenants

Transfer an Azure subscription to a different Azure AD directory

Associate a subscription to a directory

Configure Secure Access by Using Azure AD

Monitor privileged access for Azure AD Privileged Identity Management (PIM)

LinkedIn: Monitor privileged access for Azure AD PIM

Configure Access Reviews

What are Azure AD access reviews?

Manage user access with Azure AD access reviews

Configure PIM

Start using Privileged Identity Management

Activate my Azure AD roles in PIM

Implement Conditional Access policies including Multi-Factor Authentication (MFA)

What is Conditional Access in Azure Active Directory?

Conditional Access: Require MFA for all users

Secure user sign-in events with Azure Multi-Factor Authentication

Configure Azure AD identity protection

What is Identity Protection?

Configure Azure MFA registration policy in Identity Protection

Configure and enable risk policies

Manage Application Access

Create App Registration

Register an application with the Microsoft identity platform

Register an application with the Microsoft identity platform

Configure App Registration permission scopes

Permissions and consent in the Microsoft identity platform endpoint

Configure an application to expose a web API

Manage App Registration permission consent

Azure Active Directory consent framework

Permissions and consent in the Microsoft identity platform endpoint

Managing consent to applications and evaluating consent requests

Manage API access to Azure subscriptions and resources

Managing API Access to Microsoft Azure Subscriptions and Resources

How to use Role-Based Access Control in Azure API Management

Manage Access Control

Configure subscription and resource permissions

Add or change Azure subscription administrators

Add or remove Azure role assignments using the Azure portal

Configure resource group permissions

Grant group access to Azure resources with PowerShell

Configure custom RBAC roles

Azure custom roles

Create & assign a custom role in Azure AD

Create Azure custom roles using the portal

Identify the appropriate role

LinkedIn: Identify the appropriate role

Interpret permissions

List Azure role assignments to understand the access level

Implement Platform Protection (15-20%)

Implement Advanced Network Security

Secure the connectivity of virtual networks (VPN authentication, Express Route
encryption)

Azure network security overview

Create a Site-to-Site VPN connection in the Azure portal

Configure a VPN connection using native Azure certificate authentication

Concepts on ExpressRoute encryption

ExpressRoute encryption: IPsec over ExpressRoute for Virtual WAN

Configure Network Security Groups (NSGs) and Application Security Groups (ASGs)

Create, change, or delete a network security group

Create application security groups

Associate network interfaces to an ASG

Create and configure Azure Firewall

What is Azure Firewall?

Deploy and configure Azure Firewall

Implement Azure Firewall Manager

What is Azure Firewall Manager?

Secure your virtual hub with Azure Firewall Manager

Configure Azure Front Door service as an Application Gateway

Create and configure Azure Front Door service as an application gateway

Load-balancing with Azure’s application delivery suite

Configure a Web Application Firewall (WAF) on Azure Application Gateway

Create an application gateway with a Web Application Firewall

Create an Azure WAF v2 on Application Gateway using an ARM template

FAQs for Azure Web Application Firewall on Application Gateway

Configure Azure Bastion

Create an Azure Bastion host using the portal

Configure a firewall on a storage account, Azure SQL, KeyVault, or App Service

Configure Azure Storage firewalls and virtual networks

Create a server-level firewall rule in Azure SQL Database

Configure Azure Key Vault firewalls and virtual networks

Configuring Azure Firewall with your App Service Environment

Implement Service Endpoints

Azure Virtual Network service endpoints

Restrict network access with service endpoints

Implement DDoS protection

Azure DDoS Protection Standard overview

Manage Azure DDoS Protection using the Azure portal

Configure Advanced Security for Compute

Configure endpoint protection

Microsoft Endpoint Protection for Azure

Supported endpoint protection solutions

Endpoint protection in Microsoft Azure

Configure and monitor system updates for VMs

Manage updates and patches for your VMs

How to deploy updates and review results?

Managing updates for your Azure VM

Configure authentication for Azure Container Registry

Authenticate with an Azure container registry

Use Azure managed identity to authenticate to Azure container registry

Authenticate with ACR from Azure Kubernetes Service

Configure security for different types of containers

Container security in Azure Security Center

Implement Azure Disk Encryption

Azure Disk Encryption for Windows VMs

Azure Disk Encryption for Linux VMs

Azure Disk Encryption for Windows VMs FAQ

Configure authentication and security for Azure App Service

Authentication and authorization in Azure App Service

Configure your App Service app to use Azure AD login

Advanced usage of authentication in Azure App Service

Authenticate users end-to-end in Azure App Service

Azure Security AZ-500

Amazon link (affiliate)

Manage Security Operations (25-30%)

Monitor Security by Using Azure Monitor

Create and customize alerts

PS Course Module: Create and customize alerts in Azure

Create, view, and manage metric alerts using Azure Monitor

Quickstart: Create custom alerts

Monitor security logs by using Azure Monitor

Analyze and review Logs for anomalous behavior

Security Logging and Audit Log Collection within Azure

Configure diagnostic logging and log retention

Enable diagnostics logging for apps in Azure App Service

Configure the data retention period of logs

Monitor Security by Using Azure Security Center

Evaluate vulnerability scans from Azure Security Center

Integrated vulnerability assessment solution for Azure virtual machines

Configure Just in Time VM access by using Azure Security Center

Understanding just-in-time (JIT) VM access

Azure Security Center – Just-in-Time Network Access

Secure your management ports with just-in-time access

Configure centralized policy management by using Azure Security Center

Working with security policies in the Security Center

Configure a security policy in Azure Policy using the REST API

Configure compliance policies and evaluate for compliance by using Azure Security Center

Working with security policies

Assess your regulatory compliance in Security Center

Configure workflow automation by using Azure Security Center

Automate responses to Security Center triggers

AZ-500 Exam details and tips

Monitor Security by Using Azure Sentinel

Create and customize alerts

Create custom analytics rules to detect threats

Configure data sources to Azure Sentinel

Connect data sources to Azure Sentinel

On-board Azure Sentinel: Connect data sources

Evaluate results from Azure Sentinel

Investigate incidents with Azure Sentinel

Visualize and monitor your data

Configure a playbook

Use playbooks with automation rules in Azure Sentinel

Configure Security Policies

Configure security settings by using Azure Policy

Working with security policies

Configure security settings by using Azure Blueprint

Configure your environment for a Blueprint Operator

Secure Data and Applications (20-25%)

Configure Security for Storage

Configure access control for storage accounts

Assign an Azure role for access to blob and queue data

Authorize access to blobs and queues using Azure Active Directory

Configure key management for storage accounts

Manage storage account access keys

Manage storage account keys with Key Vault & CLI

Configure Azure AD authentication for Azure Storage

Azure AD Authentication for Azure Blobs and Queues

Authorize access to blobs and queues using Azure Active Directory

Configure Azure AD Domain Services authentication for Azure Files

Enable Azure AD DS authentication on Azure Files

Create and Manage Shared Access Signatures (SAS)

Getting Started with Shared Access Signatures (SAS)

Grant limited access to Storage with Shared Access Signatures

Create a shared access policy for a blob or blob container

Define a stored access policy

Create a stored access policy with .NET

Configure Storage Service Encryption

Azure Storage Service Encryption for Managed Disks

Azure Storage Service Encryption for data at rest

Configure Azure Defender for Storage

Configure Azure Defender for Storage

Azure certification Frequently Asked Questions

Configure Security for Databases

Enable database authentication

Use Azure Active Directory authentication for SQL databases

Enable database auditing

Auditing for Azure SQL Database and Azure Synapse Analytics

Configure Azure Defender for SQL

Azure Defender for SQL

Enable Azure Defender for SQL servers on VM

Implement database encryption

Transparent data encryption for SQL Database

Configure and Manage Key Vault

Manage access to Key Vault

Secure access to Azure key vault

Manage permissions to secrets, certificates, and keys

About keys, secrets, and certificates

Azure RBAC secret, key, & certificate permissions with Key Vault

Manage certificates

Manage certificates via Azure Key Vault

Manage secrets

Configure and manage secrets in Azure Key Vault

Manage keys and secrets

Configure key rotation

Automate the rotation of a secrets

Backup and restore of Key Vault items

Back up & restore individual key vault objects

Configure Azure Defender for Key Vault

Azure Defender for Key Vault

This brings us to the end of the AZ-500 Microsoft Azure Security Technologies Study Guide

What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!

In case you are preparing for other Azure certification exams, check out the Azure study guide for those exams.

Follow Me to Receive Updates on AZ-500 Exam


Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the AZ-500 Study Guide in Your Network

You may also like