You dont have javascript enabled! Please enable it!

Passed AZ-500 Exam: Microsoft Certified Azure Security Engineer

11 Min. Read

Updated – 25/11/2021 – This study guide has been updated to reflect the new lab questions added by Microsoft. Please check the following hands-on lab section that will help you prepare and gain more practical experience.

Updated – 29/09/2021 – The AZ-500 exam guide below shows the changes that will be implemented starting on September 29, 2021.

Updated – 09/02/2021 – The AZ-500 exam guide below shows the changes that will be implemented starting on January 27, 2021. This article has been updated to reflect the new exam objectives added by Microsoft and new study references to help you prepare successfully. Please check the following section where you can download the appendix that covers the new additions per skill measure.


Microsoft is keeping evolving its learning programs to help you and your career keep pace with today’s demanding IT environments. At Ignite in September 2018, Microsoft announced new role-based certifications to help you and your career keep pace with today’s business requirements. They are evolving their learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities—you’ve earned.

After passing the Microsoft Azure Solutions Expert exam, the Azure Developer Associate exam, the Microsoft Azure Administrator certification, and the Microsoft Azure Fundamentals exam. I decided to sit for the Microsoft Azure Security Engineer exam.

I am so happy and grateful now that I passed the AZ-500 Microsoft Certified: Azure Security Engineer Associate. I figured that I would share my experience in this post to help you prepare and tackle this exam successfully.

Updated on 09/11/2021 In this exam, I got around 44 questions with 2 massive case studies and a lab with 10 practical tasks, and only 120 MINUTES (2 hours). Microsoft started introducing performance-lab questions. The practical lab also wasted valuable seconds because it was slow. As you can see, the exam is getting a bit tough, you need to well prepare. The questions do pretty much match the list of skills measured below.

Updated on 29/03/2022  For the renewal assessment, I got 26 questions in total without any case study. The performance assessment is based on the following topics:

> Plan and implement privileged access.
> Plan, implement, and manage access review.
> Enable identity protection in Azure Active Directory.
> Secure your Azure resources with role-based access control (RBAC).
> Secure and isolate access to Azure resources by using network security groups and service endpoints.
> Design a holistic monitoring strategy on Azure.
> Secure your Azure Storage account.
> Manage user authentication.
> Protect data in transit and at rest.
> Secure your Azure virtual machine disks.

Renewal assessment results for Microsoft Certified: Azure Security Engineer Associate
Renewal assessment results for Microsoft Certified: Azure Security Engineer Associate

Exam Profile Audience

This exam is for Azure Security Engineers or IT Administrators with a security focus or wanting to focus on security. The security engineer focuses on implementing Azure security controls that protect identity, access, data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.

Responsibilities for an Azure security engineer include managing the security posture, identifying, and remediating vulnerabilities, performing threat modeling, implementing threat protection, and responding to security incident escalations.

Candidates for this exam should have strong skills in scripting and automation; a deep understanding of networking, virtualization, and cloud n-tier architecture; and a strong familiarity with cloud capabilities in general and Microsoft Azure products and services in particular. The Azure Security Engineer should also be familiar with other Microsoft products and services.

Please note that the Azure Security Engineer role does NOT focus on helping secure Microsoft 365 and remains separate from the M365 Security and Compliance Administrator role.

Prerequisites study guide

If you are new to the Azure Security Engine role, please check the following references that will help you to understand security fundamentals:

> Introduction to Azure security

> Azure security technical capabilities

> Azure identity management security overview

> Azure network security overview

> Fundamentals of Network Security

> Microsoft Azure Well-Architected Framework Security

Skills measured on this exam

This exam measures your ability to accomplish the technical topics listed below based on the latest update from Microsoft. Please note that most questions cover features that are General Availability (GA). However, the exam may contain questions on Preview features if those features are commonly used by users.

Links to relevant reading from the official Microsoft documentation for each skill tested are listed below to help you prepare:

Manage Identity and Access (30-35%)

Manage Azure Active Directory (Azure AD) Identities

Manage secure access by using Azure AD

Manage application access

Manage access control

Implement Platform Protection (15-20%)

Implement advanced network security

Configure advanced security for compute

Manage Security Operations (25-30%)

Configure centralized policy management

Configure and manage threat protection

Configure and manage security monitoring solutions

Secure Data and Applications (25-30%)

Configure security for storage

Configure security for data

Configure and manage Azure Key Vault

Lessons Learned and Exam Preparation

Practice, practice, and read… I cannot stress enough that hands-on experience and understanding of all the security concepts will help you to pass this exam. The key to success in passing this exam is to work with Microsoft Azure daily, especially cloud governance and security.

Based on my experience to get the most from this preparation you need the following trial subscriptions or equivalent access:

> An Azure subscription – you can create your free Azure account today and start practicing the latest and greatest security features.

> Microsoft M365 E5.

> Microsoft Defender for Cloud with Defender plan enabled (free for 30 days).

> Microsoft Sentinel.

I usually use Microsoft Azure Security Documentation which is a great resource to dive deep into each topic, and I use Microsoft Learn the new learning approach which is more structured to learn all the topics required for the exam. I highly recommend going through the free learning modules below on Microsoft Learn to prepare for the AZ-500 exam:

You can watch the free Azure Security Expert Series videos provided by Microsoft to get you prepared. Pluralsight also offers a great learning path for the Microsoft Azure Security Engineer preparation, you can check it out here.

You can also go through the following free Azure Security AZ-500 course from Microsoft to get prepared for this exam:

If you have access to a LinkedIn Learning platform, then I highly recommend going through the following fast preparation path in just 6 hours:

I also recommend the comprehensive course on Azure Cloud Security on udemy to learn how to implement security controls across the board.

Additionally, offered a great path for AZ-500 Exam preparation, and just released the AZ-500 course at a low cost, I highly recommend checking them out.


As of December 10, 2020, Microsoft released the Exam Reference AZ-500 Book – Microsoft Azure Security Technologies (1st Edition) which you can place the order today here. I highly recommend this book to prepare and pass this exam.

Exam Reference AZ-500 Book - Microsoft Azure Security Technologies

As of April 21st, 2022, you can order the updated Exam Ref AZ-500 Microsoft Azure Security Technologies with Practice Test (2nd Edition). I highly recommend this book to prepare and pass the new version of the AZ-500 exam.

Appendix January 2021 Exam Update

On January 27, 2021, Microsoft updated the AZ-500 Exam objectives to add new topics to the existing areas of the exam. This appendix covers the new additions per the skill measure section. You can download the appendix from here to help you prepare for the latest exam questions.

Training Labs

Recently, Microsoft has added lab questions to the AZ-500 exam. Please make sure to check the following step-by-step hands-on labs that will help you to gain more practical experience and pass this exam:

> LAB 01 Role-Based Access Control.
> LAB 02 Azure Policy.
> LAB 03 Resource Manager Locks.
> LAB 04 MFA, Conditional Access, and AAD Identity Protection.
> LAB 05 Azure AD Privileged Identity Management.
> LAB 06 Implement Directory Synchronization.
> LAB 07 Network Security Groups and Application Security Groups.
> LAB 08 Azure Firewall.
> LAB 09 Configuring and Securing ACR and AKS.
> LAB 10 Key Vault (Implementing Secure Data by setting up Always Encrypted).
> LAB 11 Securing Azure SQL Database.
> LAB 12 Service Endpoints and Securing Storage.
> LAB 13 Azure Monitor.
> LAB 14 Microsoft Defender for Cloud.
> LAB 15 Microsoft Sentinel.

Instructor-led virtual training

Last but certainly not least, if you prefer an instructor-led training course, Microsoft released the AZ-500T00-A (4 days) course. This course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities.

This course includes security for identity and access, platform protection, data and applications, and security operations. If you prefer to prepare for this exam with Microsoft MCT instructor-led virtual training, you can contact me here.


Bypassing the AZ-500 Microsoft Azure Security Technologies, you will earn the Microsoft Azure Security Engineer Associate certificate.

Azure Security Engineer Associate certificate
Azure Security Engineer Associate certificate

If you are planning to take the AZ-500 exam… I wish you all the best and Happy Studying!!!

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect, Swiss Certified ICT Security Expert, Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT). He has over 20 years of broad IT experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems with extensive practical knowledge of complex systems build, network design, business continuity, and cloud security.

Related Posts


How To Reset Network Adapter Advanced Properties With PowerShell

How to Copy Files From One Azure Storage Account to Another


4 thoughts on “Passed AZ-500 Exam: Microsoft Certified Azure Security Engineer”

Leave a comment...

  1. I didn’t know that you get lab practical tests as well.
    Do they still come now?
    How do I prepare for those, are they tough?

  2. Hello Nikita, thanks for the comment!
    Yes, Microsoft started to add lab practical questions in the AZ-500 exam.
    I have updated the study guide to include Training Labs.
    Please make sure to check the following hands-on lab section that will help you prepare and gain more practical experience.
    Good Luck!

  3. Hello Mark, thanks for the comment!
    There are 10 practical questions in the AZ-500 exam. But please note that this might change.
    Good luck!

Let me know what you think, or ask a question...

error: Alert: The content of this website is copyrighted from being plagiarized! You can copy from the \'Code Blocks\' in \'Black\' by selecting the Code. Thank You!