//Cyber.Engineer

Preparing for the AZ-500 Course

The syllabus for the Azure AZ-500 course. This is what you need to get through in order to complete the exam.

Azure Active Directory: Threat Hunting - SPN Key Count

Azure Service Principals in your tenant should be periodically reviewed just as app registration secrets and passwords should be, see post https://www.cyber.engineer/azure-active-directory-threat-hunting-app-registration-key-count as they both work hand-in-hand. What is a service principal? To access resources that are secured by an Azure AD tenant, the entity that

Azure Active Directory: Threat Hunting - App Reg Key Count

As part of your organisation's proactive threat hunting, app registrations with secrets and passwords configured should be reviewed to look for any suspicious entries. The following Powershell script which I like to run in CloudShell will give you an overview within your tenant. Service principals work hand-in-hand with app registrations,

Azure Defender: Unusual unauthenticated access to your storage account

Investigating Azure Defender Unusual unauthenticated access to your storage account. What is the $web container?

Azure Sentinel: Adding Threat Indicators Manually

You can either have an automated Cyber Threat Intelligence feed (STIX/TAXII) or your threat indicators can be added manually in the form of IP, Domain, URL File hash. Let's run through the manual process.

//Cyber.Engineer © 2026