Suppose you are concerned about security or working in information security around Azure and would like to improve your Azure Security skills and pass the AZ-500 exam. In that case, the following article is for you and concentrates on all the essential highlights, tips, and essential points for Azure Security Engineer Associate (AZ-500) exam.

Microsoft Security Certifications

I recently passed the Microsoft exam security for Microsoft 365 Security and Azure Security Engineer Associate (AZ-500). Microsoft 365 Security and Azure Security bring to the table many topics alongside the fact that you need a lot of hands-on experience.
The existing Microsoft Role-based Certification means you can choose which certification path to take depending on your job role and years of experience, and I must say that even with all knowledge you’ve got, you can learn a lot from the exam topics.

Azure Security and Microsoft 365 Security roles come with an Associate level certification. If your job role is to manage security for Microsoft 365, you’ve got Exam MS-500: Microsoft 365 Security Administration. You become a Microsoft 365 Certified: Security Administrator Associate by taking that exam.

If your job role is to manage Azure security, you can take the Exam AZ-500: Microsoft Azure Security Technologies, making you certified for Azure Security Engineer Associate.

Note: The AZ-500: Microsoft Azure Security Technologies exam does not get you to any Azure expert-level certification. 

Azure Security Engineer Associate

Azure Security Engineers implement security controls and threat protection, manage identity and access, and protect data, applications, and networks in cloud and hybrid environments as part of the end-to-end infrastructure.
The attention on Azure cloud security has improved over the years with many security incidents. System downtime, loss of essential data, and many other issues increase security incidents’ overall impact.

Candidates should always focus on basic Azure security engineer skills before starting their preparations for the AZ-500 exam.

Here are the essential skills you need to become a security engineer on Azure.

• Understanding of the basics of implementing security controls
• Basic knowledge of cloud security and infrastructure management
• Expertise in maintaining security posture
• Skills in identity and access management
• Ability to know how to protect data, networks, and applications

These skills validate the primary principles for seeking a career in Azure security engineering. 

It is important to emphasize that the AZ-500 exam is focused on information security, but is based on Azure infrastructure and technologies, so you should have good knowledge in the Azure technologies, and it’s highly recommended to take Exam AZ-900: Microsoft Azure Fundamentals and Exam AZ-103: Microsoft Azure Administrator before.
Tip: in a nutshell, before considering taking the exam AZ-500, you should first have good (or better) knowledge of Azure technologies.
 

Skills Measured by Microsoft

The skills measured by Microsoft provide all the topics, sub-topics, and information from the AZ-500 exam.

Manage identity and access (20-25%)

Configure Azure Active Directory for workloads

• Create App Registration
• Configure App Registration permission scopes
• Manage App Registration permission consent
• Configure Multi-Factor Authentication settings
• Manage Azure AD directory groups
• Manage Azure AD users
• Install and configure Azure AD Connect
• Configure authentication methods
• Implement Conditional Access policies
• Configure Azure AD identity protection

Configure Azure AD Privileged Identity Management

• Monitor privileged access
• Configure Access Reviews
• Activate Privileged Identity Management

Configure Azure tenant security

• Transfer Azure subscriptions between Azure AD tenants
• Manage API access to Azure subscriptions and resources

Implement platform protection (35-40%)

Implement network security

• Configure virtual network connectivity
• Configure Network Security Groups (NSGs)
• Create and configure Azure Firewall
• Create and configure Azure Front Door service
• Create and configure application security groups
• Configure remote access management
• Configure baseline
• Configure resource firewall

Implement host security

• Configure endpoint security within the VM
• Configure VM security
• Harden VMs in Azure
• Configure system updates for VMs in Azure
• Configure baseline

Configure container security

• Configure network
• Configure authentication
• Configure container isolation
• Configure AKS security
• Configure container registry
• Implement vulnerability management

Implement Azure Resource management security

• Create Azure resource locks
• Manage resource group security
• Configure Azure policies
• Configure custom RBAC roles
• Configure subscription and resource permissions

Manage security operations (15-20%)

Configure security services

• Configure Azure Monitor
• Configure diagnostic logging and log retention
• Configure vulnerability scanning

Configure security policies

• Configure centralized policy management by using Azure Security Center
• Configure Just in Time VM access by using Azure Security Center

Manage security alerts

• Create and customize alerts
• Review and respond to signals and recommendations
• Configure a playbook for a security event by using Azure Security Center
• Investigate escalated security incidents

Secure data and applications (25-30%)

Configure security policies to manage data

• Configure data classification
• Configure data retention
• Configure data sovereignty

Configure security for data infrastructure

• Enable database authentication
• Enable database auditing
• Configure Azure SQL Database Advanced Threat Protection
• Configure access control for storage accounts
• Configure key management for storage accounts
• Configure Azure AD authentication for Azure Storage
• Configure Azure AD Domain Services authentication for Azure Files
• Create and Manage Shared Access Signatures (SAS)
• Configure security for HDInsight
• Configure security for Cosmos DB
• Configure security for Azure Data Lake

Configure encryption for data at rest

• Implement Azure SQL Database Always Encrypted
• Implement database encryption
• Implement Storage Service Encryption
• Implement disk encryption

Configure application security

• Configure SSL/TLS certs
• Configure Azure services to protect web apps
• Create an application security baseline

Configure and manage Key Vault

• Manage access to Key Vault
• Manage permissions to secrets, certificates, and keys
• Configure RBAC usage in Azure Key Vault
• Manage certificates
• Manage secrets
• Configure key rotation

Note: The skills measured above are based on the Exam AZ-500: Microsoft Azure Security Technologies – Skills Measured

Notes from the Field

The theory is essential, and it is necessary to stick to the information in each area and topic. Still, alongside the view, it is more important to come with hands-on experience. Here are some essential points for Azure Security’s real-life and notes from the field.

Skills Measured from the Field

Many topics and information in skill measured are measured, but the important and focused ones are described below.
The skill Measured divided into four main areas, and the first skill area is Manage identity and access (20-25%) with topics such as:

• Azure AD
• Azure AD PIM
• Azure Tenant Security

The second skill area is to Implement platform protection (35-40%) comes with topics such as:

• Azure Network Security
• Azure Containers Security
• Azure Resource Management Security

The third exam skills area is Manage security operations (15-20%) comes with topics such as:

• Configure security services
• Configure security policies
• Manage security alerts

The third exam skills area is Manage security operations (15-20%) comes with topics such as:

• Configure security services.
• Configure security policies.
• Manage security alerts

Expectations and Reality

When you prepare for the AZ-500 exam, it matters which technological background you’re coming from, when architects and those who understand the Azure infrastructure at the screw level will have better accessibility than experts with a Development background.

As the complexity of Azure products and services increases, the demands of security on Azure also increase alongside, and candidates can build upon their existing knowledge of system security to learn more about cloud security.

You can get the opportunity to learn about new Azure services and features by opting for a role-based certification. So, the first reason to become an Azure security engineer is the constantly changing Azure services landscape.

The role of security engineers in these teams is generally a managerial one. As a result, candidates could find better job positions in an organization as security engineers.

It is important to emphasize that taking the right resources can bounce your knowledge and proceed more correctly with the theoretical knowledge gained during exam preparation.

Scenarios and Questions

The AZ-500 exam is based on several different questions, such as case study questions, complex questions, and objectionable questions.
Sample question
There are some pretty long scenarios that you should be carefully reading through, and some of them are tricky questions and some of the appropriate responses. Still, some were more appropriate than others due to the factors in the scenario.
Sample question

The AZ-500 Exam Structure

How to prepare

There are many and valuable ways to prepare for the AZ-500 exam, here are some points from my preparation:
Microsoft Learn from AZ-500 exam main page with few modules.

Pluralsight courses with Microsoft Azure Security Engineer (AZ-500) Path

The Skills measured from AZ-500 exam main page.
In a nutshell

Tips 

• Deploy the features using the links provided throughout the session
• Know how to carry out the actions in the Portal / PowerShell / CLI
• Understand the features and parameters
• Know the levels, tiers, and scales of things.
• Use the Microsoft Learn labs as you can
• Don’t overthink the complex questions.

Good Luck!