Updated – 30/05/2020 – The exam guide below shows the changes that will be implemented starting on July 29, 2020. This article has been updated to reflect the new exam objectives added by Microsoft.
Microsoft is keeping evolving their learning programs to help you and your career keep pace with today’s demanding IT environments. At Ignite in September 2018, Microsoft announced new role-based certifications to help you and your career keep pace with today’s business requirements. They are evolving their learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities—you’ve earned. Check the following document to have a complete overview of the new Microsoft certification program published on September 24, 2018. Microsoft is planning to announce more role-based certifications in 2019.
After passing the Microsoft Azure Solutions Expert exam, as well as the Azure Developer Associate exam, the Microsoft Azure Administrator certification, and the Microsoft Azure Fundamentals exam. I decided to sit for the Microsoft Azure Security Engineer exam.
I am so happy and grateful now that I passed the AZ-500 Microsoft Certified: Azure Security Engineer Associate. I figured that I would share my experience in this post to help you prepare and tackle this exam successfully.
In this exam, I got around 41 questions in total with 1 case study, and the total time for this exam is 180 minutes. The questions do pretty much match the list of skills measured below.
Exam Profile Audience
The Azure Security Engineer implements security controls, maintains the security posture, and finds and remediates vulnerabilities by using a variety of security tools. Responsibilities include helping protect data, applications, and networks; managing identity and access; implementing threat protection, and responding to security incident escalations. The Azure Security Engineer often serves as part of a larger team dedicated to cloud-based management and security. The Azure Security Engineer might also help secure hybrid environments as part of an end-to-end infrastructure.
Candidates for this exam should have strong skills in scripting and automation; a deep understanding of networking, virtualization, and cloud n-tier architecture; and a strong familiarity with cloud capabilities in general and Microsoft Azure products and services in particular. The Azure Security Engineer should also be familiar with other Microsoft products and services.
Please note that the Azure Security Engineer role does NOT focus on helping secure Microsoft 365 and remains separate from the M365 Security and Compliance Administrator role.
Skills measured on this exam
This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft.
Links to relevant reading from the official Microsoft documentation for each skill tested are listed below to help you prepare:
Manage Identity and Access (20-25%)
Configure Azure AD for workloads
- Create App Registration
- Configure App Registration permission scopes
- Manage App Registration permission consent
- Configure multi-factor authentication settings
- Manage Microsoft Azure AD Groups
- Manage Microsoft Azure AD Users
- Install and Configure Azure AD Connect
- Configure Authentication Methods
- Implement Conditional Access Policies
- Configure Microsoft Azure AD Identity Protection
Configure Privileged Identity
Configure Azure Tenant Security
Implement Platform Protection (35-40%)
Implement Network Security
- Configure virtual network connectivity
- Configure Network Security Groups (NSGs)
- Create and Configure Microsoft Azure firewall
- Create and configure Azure Front Door service
- Create and Configure application security groups
- Configure remote access management
- Configure baseline
Configure resource firewall
Implement Host Security
Configure Container Security
Implement Azure Resource Manager Security
Manage Security Operations (15-20%)
Configure Security Services
- Configure Azure Monitor
- Configure diagnostic logging and log retention
- Configure vulnerability scanning
Configure Security Policies
Manage Security Alerts
Secure Data and Applications (30-35%)
Configure security services
Configure security policies
- Enable database authentication
- Enable database auditing
- Configure Azure SQL Database Advanced Threat Protection
- Configure access control for storage accounts
- Configure key management for storage accounts
- Configure Azure AD authentication for Azure Storage
- Configure Azure AD Domain Services authentication for Azure Files
- Create and Manage Shared Access Signatures (SAS)
- Configure security for HDInsight
- Configure security for Cosmos DB
- Configure security for Azure Data Lake
Configure encryption for data at rest
Configure application security
- Configure SSL/TLS certs
- Configure Azure services to protect web apps
- Create an application security baseline
Configure and manage Key Vault
- Manage access to Key Vault
- Manage permissions to secrets, certificates, and keys
- Configure RBAC usage in Azure Key Vault
- Manage certificates (get started with Key Vault certificates)
- Manage secrets
- Configure key rotation (set up Azure Key Vault with key rotation and auditing)
Lessons Learned and Exam Preparation
Practice, practice and read… I cannot stress enough that hands-on experience and understanding all the security concepts will help you to pass this exam. The key success to pass this exam is to work with Microsoft Azure on a daily basis, and especially cloud governance and security.
Based on my experience to get the most from this preparation you need the following trial subscriptions or equivalent access:
- An Azure subscription – you can create your free Azure account today and start practicing the latest and greatest security features.
- An EMS E5
- Azure Security Center (Standard Tier)
- Azure Sentinel
I usually use Microsoft Azure Security Documentation which is a great resource to dive deep in each topic, and I use Microsoft Learn the new learning approach which is more structured to learn all the topics required for the exam. I highly recommend to go through the free learning modules below on Microsoft Learn to prepare for the AZ-500 exam:
- Secure your cloud applications in Azure (6 modules)
- Implement resource management security in Azure (6 modules)
- Implement network security in Azure (5 modules)
- Implement virtual machine host security in Azure (6 modules)
- Manage identity and access in Azure Active Directory (9 modules)
- Manage security operations in Azure (8 modules)
You can watch the free Azure Security Expert Series videos provided by Microsoft to get you prepared. Pluralsight also offers a great learning path for the Microsoft Azure Security Engineer preparation, you can check it out here.
You can also go through the following free Azure Security AZ-500 course from Microsoft to get prepared for this exam:
If you have access to a LinkedIn learning platform, then I highly recommend to go through the following fast preparation path in just 6 hours:
- Manage Identity and Access (Domain 1)
- Implement Platform Protection (Domain 2)
- Manage Security Operations (Domain 3)
- Secure Data and Applications (Domain 4)
I also recommend the comprehensive course on Azure Cloud Security on udemy to learn how to implement security controls across the board.
Additionally, Skillmeup.com offered a great path for AZ-500 Exam preparation, and Skylinesacademy.com just released the AZ-500 course at a low cost, I highly recommend to check them out.
At the time of this writing (May 30, 2020), Microsoft is working on releasing the Exam Reference AZ-500 Microsoft Azure Security Technologies book which is due for release in August 2020, you can place the pre-order today here.
Last but not least, if you prefer instructor-led training, you can find a classroom from Microsoft Learning Partners here.
By passing the AZ-500 Microsoft Azure Security Technologies, you will earn the Microsoft Azure Security Engineer Associate certificate.
If you are planning to take this exam… I wish you all the best and Happy Studying!!!
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.