Preparing for the AZ-500 Course

Profile

Become an Azure Security Engineer! This course will provide you with the knowledge and skills for a security specialist to implement security controls through from identity configuration and security monitoring.

You can book virtual courses https://docs.microsoft.com/en-us/learn/certifications/courses/az-500t00 or go through the course yourself in training sites such as Pluralsight or ACloudGuru (there are a few others out there but I am a fan of these).

Once you're ready you can book your exam through here - https://docs.microsoft.com/en-us/learn/certifications/exams/az-500

Find URLs to the lab modules here https://www.cyber.engineer/azure-az-500-modules/

Course Syllabus

Module 01: Manage Identity and Access

In this module, you will learn about Azure security features for identity and access.

Identity Security

• Azure Active Directory (AD). Implement an Azure AD infrastructure including users, groups, and multi-factor authentication.
• Azure Identity Protection. Implement Azure AD Identity Protection including risk policies, conditional access, and access reviews.
• Labs: Identity Security (MFA, Conditional Access, Identity Protection)

Access Security

• Enterprise Governance. Implement enterprise governance strategies including role-based access control, Azure policies, and resource locks.
• Azure AD Privileged Identity Management. Implement Azure AD Privileged Identity Management including Azure AD roles and Azure resources.
• Hybrid Identity. Implement Azure AD Connect including authentication methods and on-premises directory synchronization.
• Labs: RBAC, Azure Policy, Resource Manager Locks, Privileged Identity Management, Implement Directory Synchronization

Module 02: Implement Platform Protection

In this module, you will learn about virtual networking and compute security strategies.

Virtual Networking Security

• Perimeter Security. Implement perimeter security strategies including Azure Firewall.
• Network Security. Implement network security strategies including Network Security Groups and Application Security Groups.
• Labs: Azure Firewall, Network and Application Security Groups

Compute Security

• Host Security. Implement host security strategies including endpoint protection, remote access management, update management, and disk encryption.
• Container Security. Implement container security strategies including Azure Container Instances, Azure Container Registry, and Azure Kubernetes.
• Lab: Azure Container Registry and Azure Kubernetes Service

Module 03: Secure Data and Applications

In this module, you will learn about application and data security.

Application security

• Key Vault. Implement Azure Key Vault including certificates, keys, and secretes.
• App security. Implement application security strategies including app registration, managed identities, and service endpoints.
• Lab: Key Vault and App registration

Data Security

• Storage Security. Implement storage security strategies including shared access signatures, blob retention policies, and Azure Files authentication.
• Database Security. Implement database security strategies including authentication, data classification, dynamic data masking, and always encrypted.
• Labs: Storage Security, Database Security

Module 04: Manage Security Operations

In this module, you will learn about monitoring and threat assessment.

Monitoring

• Azure Monitor. Implement Azure Monitor including connected sources, log analytics, and alerts.
• Azure Security Center. Implement Azure Security Center including policies, recommendations, and just in time virtual machine access.
• Labs: Azure Monitor, Azure Security Center

Threat assessment

• Sentinel. Implement Azure Sentinel including workbooks, incidents, and playbooks
• Lab: Sentinel