AZ-500 : Microsoft Azure Security technologies
- Administrators IT Professionals Security Managers
Training Overview
This training teaches you how to implement security controls and threat protection, manage identities and access, and secure data, applications, and networks in cloud and hybrid environments, within an end-to-end infrastructure.
AZ-500 : Azure Security Engineer AssociateLearning Objectives
Trainees will be able to:
- Secure identity and access
- Secure networking
- Secure compute, storage, and databases
- Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel.
Manage security controls for identity and access
- Secure user identities in Microsoft Entra ID by implementing strong authentication and access management controls.
- Protect groups and access management by enforcing security measures to prevent unauthorized changes or abuse.
- Manage external identities securely by defining policies that ensure confidentiality, integrity, and appropriate access control.
- Implement Microsoft Entra ID Protection to detect, investigate, and mitigate identity-related security threats.
- Apply Conditional Access policies to enforce security controls based on user behavior, device compliance, and contextual risks.
Manage access to apps in Microsoft Entra ID
- Manage access to corporate apps in Microsoft Entra ID, including granting OAuth permissions for access control.
- Administer application integration with identity platforms through Microsoft Entra ID application registrations.
- Configure app registration permission scopes for the appropriate resource access levels.
- Manage application registration consent and use service principals and managed identities for automated management and enhanced security.
Plan and implement security for virtual networks
- Implement security measures for Azure virtual networks to protect data and resources.
- Use network security groups (NSGs) and application security groups (ASGs) for network traffic security, and manage UDRs for optimal traffic routing.
- Establish secure network connectivity through virtual network peering, VPN gateways, and Virtual WAN.
- Improve network security with VPN configurations, ExpressRoute encryption, PaaS firewall settings, and Network Watcher monitoring.
Plan and implement security for private access to Azure resources
- Develop security policies for private access to Azure resources to protect sensitive data.
- Use virtual network service endpoints and private endpoints to secure access to the Azure service.
- Manage Private Link services to secure resource exposure and integrate Azure App Service and Functions with virtual networks.
- Configure network security for App Service Environment and Azure SQL Managed Instance to protect web apps and databases.
Plan and implement security for public access to Azure resources
- Develop policies to secure public access to Azure resources, which prevents unauthorized access and breaches.
- Implement TLS for Azure App Service and API Management to encrypt data in transit.
- Protect network traffic with Azure Firewall and Application Gateway to optimize web application security and delivery.
- Improve web application performance with Azure Front Door and CDN, and deploy WAF and DDoS Protection for robust defense against attacks.
Plan and implement advanced security for compute
- Improve the security of Azure compute resources against vulnerabilities and attacks using advanced measures.
- Secure remote access through Azure Bastion and access to JIT VMs and implement network isolation for AKS.
- Strengthen AKS cluster security, monitor Azure Container Instances and Azure Container Apps, and manage access to Azure Container Registry.
- Implement disk encryption methods like ADE and manage API access securely in Azure API Management.
Plan and implement security for storage
- Develop security policies for Azure storage resources, which enable data protection during rest and transit.
- Manage access to the storage account with effective access control and secure key lifecycle management.
- Tailor access methods for Azure Files, Blob Storage, Tables, and Queues to specific use cases.
- Strengthen data security with soft delete, backups, version control, immutable storage, BYOK, and dual encryption.
Plan and implement security for Azure SQL Database and Azure SQL Managed Instance
- Implement security for Azure SQL Managed Instance to protect sensitive data.
- Use Microsoft Enterprise Identity for database authentication and perform a database audit for compliance.
- Use Microsoft Purview for data governance and classification to protect sensitive information.
- Apply dynamic masking and Transparent Data Encryption (TDE), and recommend Always Encrypted for client-side data protection.
Implement and manage the enforcement of cloud governance policies
- Enforce compliance by using Azure Policy to create and manage security policies.
- Simplify secure infrastructure deployment with Azure Blueprint.
- Use landing zones for consistent Azure security and manage sensitive data with Azure Key Vault.
- Improve key security with HSM recommendations, effective access control, and regular key rotation and backup processes.
Manage security posture using Microsoft Defender for Cloud
- Use Microsoft Defender for Cloud Security Score and inventory to identify and mitigate security risks, which improves overall security posture.
- Assess and align with security frameworks using Microsoft Defender for Cloud to ensure adherence to security standards and best practices.
- Integrate industry and regulatory standards specific to Microsoft Defender for Cloud for the right compliance.
- Connect hybrid and multicloud environments to Microsoft Defender for Cloud for centralized security management and monitor external resources to protect against external threats.
Configure and manage threat protection using Microsoft Defender for Cloud
- Be proficient in configuring Microsoft Defender for Cloud to effectively monitor and protect cloud resources.
- Implement advanced threat detection policies using the built-in capabilities of Microsoft Defender for Cloud.
- Use threat intelligence from Microsoft Defender for Cloud to proactively identify and mitigate security risks.
- Configure and tune security policies within Microsoft Defender for Cloud to align with the organization’s security requirements.
- Develop incident response and remediation expertise using Microsoft Defender for Cloud’s built-in tools and capabilities.
Configure and manage security monitoring and automation solutions
- Use Azure Monitor for effective monitoring of security events in cloud environments.
- Implement data connectors in Microsoft Sentinel for comprehensive security data collection.
- Develop custom analytics rules in Microsoft Sentinel for targeted threat detection.
- Assess and automate security incident responses in Microsoft Sentinel to improve workflow efficiency.
Updated on 02/20/2025
Certification Title and Code: Ensuring Security for Microsoft Azure Cloud Infrastructure – RS5308
Certifying Body: Microsoft France
Date of Registration: 18/11/2020
In this training, we mix theory with technical workshops to quickly make you operational. Additionally, each participant receives course materials at the end of the training.
One of our consultant trainers conducts the training. With solid field experience, they make the learning process both interactive and enriching.
For assessment, the trainer regularly asks questions and uses various methods to continuously measure your progress. This approach promotes a dynamic and engaging learning experience.
After the training, we ask you to complete a satisfaction questionnaire. Your feedback helps us to maintain and constantly improve the quality of our training.
Finally, we offer the flexibility to deliver this training both in-person and remotely, and it can be customized to meet your company’s specific needs upon request.
To attend this training, you must have an understanding and knowledge of:
- Industry Security Best Practices and Requirements: Such as defense in depth, least privilege access, role-based access control, multi-factor authentication, shared responsibility, and zero trust model.
- Security Protocols: Such as Virtual Private Networks (VPNs), Internet Protocol Security (IPSec), Secure Socket Layer (SSL), and disk and data encryption methods.
- Deployment of Azure Workloads.
- Operating Systems: Both Windows and Linux, and scripting languages.
- Hands-on labs in this training may use PowerShell and the command-line interface. This course does not cover the basics of Azure administration, but builds upon those foundational skills with additional security-specific information.
You must have completed the “AZ-900 Azure Fundamentals” training and, importantly, the “AZ-104: Azure Administrator” training, or have equivalent Azure experience, to understand the course content.
It is strongly recommended to take this course on a computer with a dual monitor setup for added comfort.
You can register for one of our training courses up to two business days before it starts, if there are still available places and you signed quote.
If you have specific needs related to a disability, please do not hesitate to make a request; we are happy to adjust our services according to the type of disability.
This training prepares you for the Microsoft “AZ-500 – Azure Security Technologies” certification. We recommend scheduling your exam approximately one month after completing the training. The course materials and labs provided during the training will help you review effectively for your certification.
You can register for certification on the Microsoft site. If you would like to buy a certification voucher from us, or if you would like us to support you in this process, please contact us