Preparing for the AZ-500 Course

Daniel -

Profile

Become an Azure Security Engineer! This course will provide you with the knowledge and skills for a security specialist to implement security controls through from identity configuration and security monitoring.

You can book virtual courses https://docs.microsoft.com/en-us/learn/certifications/courses/az-500t00 or go through the course yourself in training sites such as Pluralsight or ACloudGuru (there are a few others out there but I am a fan of these).

Once you're ready you can book your exam through here - https://docs.microsoft.com/en-us/learn/certifications/exams/az-500

Find URLs to the lab modules here https://www.cyber.engineer/azure-az-500-modules/

Course Syllabus

Module 01: Manage Identity and Access

In this module, you will learn about Azure security features for identity and access.

Identity Security

  • Azure Active Directory (AD). Implement an Azure AD infrastructure including users, groups, and multi-factor authentication.
  • Azure Identity Protection. Implement Azure AD Identity Protection including risk policies, conditional access, and access reviews.
  • Labs: Identity Security (MFA, Conditional Access, Identity Protection)

Access Security

  • Enterprise Governance. Implement enterprise governance strategies including role-based access control, Azure policies, and resource locks.
  • Azure AD Privileged Identity Management. Implement Azure AD Privileged Identity Management including Azure AD roles and Azure resources.
  • Hybrid Identity. Implement Azure AD Connect including authentication methods and on-premises directory synchronization.
  • Labs: RBAC, Azure Policy, Resource Manager Locks, Privileged Identity Management, Implement Directory Synchronization

Module 02: Implement Platform Protection

In this module, you will learn about virtual networking and compute security strategies.

Virtual Networking Security

  • Perimeter Security. Implement perimeter security strategies including Azure Firewall.
  • Network Security. Implement network security strategies including Network Security Groups and Application Security Groups.
  • Labs: Azure Firewall, Network and Application Security Groups

Compute Security

  • Host Security. Implement host security strategies including endpoint protection, remote access management, update management, and disk encryption.
  • Container Security. Implement container security strategies including Azure Container Instances, Azure Container Registry, and Azure Kubernetes.
  • Lab: Azure Container Registry and Azure Kubernetes Service

Module 03: Secure Data and Applications

In this module, you will learn about application and data security.

Application security

  • Key Vault. Implement Azure Key Vault including certificates, keys, and secretes.
  • App security. Implement application security strategies including app registration, managed identities, and service endpoints.
  • Lab: Key Vault and App registration

Data Security

  • Storage Security. Implement storage security strategies including shared access signatures, blob retention policies, and Azure Files authentication.
  • Database Security. Implement database security strategies including authentication, data classification, dynamic data masking, and always encrypted.
  • Labs: Storage Security, Database Security

Module 04: Manage Security Operations

In this module, you will learn about monitoring and threat assessment.

Monitoring

  • Azure Monitor. Implement Azure Monitor including connected sources, log analytics, and alerts.
  • Azure Security Center. Implement Azure Security Center including policies, recommendations, and just in time virtual machine access.
  • Labs: Azure Monitor, Azure Security Center

Threat assessment

  • Sentinel. Implement Azure Sentinel including workbooks, incidents, and playbooks
  • Lab: Sentinel