AZ-500

Microsoft Azure
Security Technologies
Course agenda
 M01: Manage identity and access
 L01: Configure Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
 L02: Configure Azure AD for Azure workloads and subscriptions
 L03: Configure security for an Azure subscription

 M02: Implement platform protection

 L01: Understand cloud security
 L02: Build a network
 L03: Secure the network
 L04: Implementing host security
 L05: Implementing platform security enhancements
 L06: Implement subscription security
Course agenda (continued)
 M03: Secure data and applications
 L01: Configure security policies to manage data
 L02: Configure security for data infrastructure
 L03: Configure encryption for data at rest
 L04: Understand application security
 L05: Implement security for application lifecycle
 L06: Secure applications
 L07: Configure and manage Azure Key Vault

 M04: Manage security operations

 L01: Configure security services
 L02: Configure security policies by using Azure Security Center
 L03: Manage security alerts
 L04: Respond to and remediate security issues
 L05: Create security baselines
Azure Security Engineer role
• The Azure Security Engineer implements security controls, maintains the security
posture, and identifies and remediates vulnerabilities by using a variety of security
tools
• Responsibilities include protecting data and applications, protecting networks,
managing identity and access, implementing threat protection, and responding to
security incident escalations
• The Azure Security Engineer often serves as part of a larger team dedicated to cloud-
based management and security, and might also secure hybrid environments as part of
an end-to-end infrastructure
• Successful Azure Security Engineers start this role with experience in operating
systems, virtualization, cloud infrastructure, storage structures, and networking
Certification areas (AZ-500)
Study area Percentage
Manage identity and access 20-25%
Implement platform protection 35-40%
Manage security operations 15-20%
Secure data and applications 30-35%
• Percentages indicate the relative weight of each area on the exam
• The higher the percentage, the more questions you are likely to encounter
in that area
Microsoft Azure security technologies
 Manage identity and access
 Topics may include but are not limited to: create app registration, configure app registration permission
scopes, manage app registration permission consent, configure Multi-Factor Authentication settings,
manage Azure AD directory groups, manage Azure AD users, install and configure Azure AD Connect,
configure authentication methods, implement conditional access policies, configure Azure AD identity
protection, monitor privileged access, configure access reviews, activate Privileged Identity Management,
transfer Azure subscriptions between Azure AD tenants, manage application programming interface
(API) access to Azure subscriptions and resources
 Implement platform protection
 Topics may include but are not limited to: configure virtual network connectivity, configure Network
Security Groups (NSGs), create and configure Azure Firewall, create and configure application security
groups, configure remote access management, configure baseline, configure resource firewall, configure
endpoint security within the virtual machine (VM), configure VM security, harden VMs in Azure, configure
system updates for VMs in Azure, configure network, configure authentication, configure container
isolation, configure Azure Kubernetes Service (AKS) security, configure container registry, configure
container instance security, implement vulnerability management, create Azure resource locks, manage
resource group security, configure Azure policies, configure custom role-based access control (RBAC)
roles, configure subscription and resource permissions
Microsoft Azure security technologies (continued)
 Secure data and applications
 Topics may include but are not limited to: configure data classification, configure data retention,
configure data sovereignty, enable database authentication, enable database auditing, configure Azure
SQL Database threat detection, configure access control for storage accounts, configure key
management for storage accounts, create and manage Shared Access Signatures (SAS), configure
security for Azure HDInsight, configure security for Azure Cosmos DB, configure security for Azure Data
Lake, implement Azure SQL Database Always Encrypted, implement database encryption, implement
Storage Service Encryption, implement disk encryption, implement backup encryption, manage access to
Key Vault, manage permissions to secrets, certificates, and keys, manage certificates, manage secrets,
configure key rotation
 Manage security operations
 Topics may include but are not limited to: configure Azure Monitor, configure Azure Monitor logs,
configure diagnostic logging and log retention, configure vulnerability scanning, configure centralized
policy management by using Azure Security Center, configure just-in-time VM access by using Azure
Security Center, create and customize alerts, review and respond to alerts and recommendations,
configure a playbook for a security event by using Azure Security Center, investigate escalated security
incidents
Exercises: Azure security technologies
Exercises are provided throughout the course. The exercises are either inline
in the course module or a link is provided for the lab.
To complete the labs, you will need:
• An internet connection to the Azure portal
• An Azure subscription. To complete certain labs, as noted in the lab
instructions, you must use a Microsoft account that has the Owner role.
• Some exercises will require additional setup before the start of the lab
• The next slides list the exercises for this course
© Copyright Microsoft Corporation. All rights reserved.