Azure Security Engineer Associate AZ-500 (Practical)
excl.
Training program facts
Key learnings
- Identity and Access Management (IAM)
- Secure Access to Azure Resources
- Platform Protection & Network Security
- End-to-end protection
- Data & Application Security
- Secure cloud workloads and endpoints
- Threat Detection, Monitoring & SOC Integration
- Encryption, Key Management & Secrets
- Security Governance, Compliance & Policies
- Practical, Hands-On Cloud Security
- Exam and Real-World Readiness
Summary
AZ-500 teaches professionals to secure Azure identities, infrastructure, data, and applications using
Microsoft's advanced security services, governance, and monitoring capabilities — through
hands-on configuration and defense-in-depth practices.
Requirements
Requirements:
Required Experience:
- 6+ months of hands-on Azure administration experience
- Strong understanding of:
- Azure administration (Equivalent to AZ-104)
- Networking concepts (VPN, firewall, DNS)
- Identity management (Azure AD / Entra)
- Security concepts (encryption, threat protection)
Recommended Prerequisites:
- AZ-104 Azure Administrator certification
- SC-900 Security Fundamentals (helpful)
- Experience with PowerShell/CLI scripting
- Comprehension of regulatory compliance
Program content
| Modules of the Live Training | |
| 1. | Identity and access in Azure
· Microsoft Entra and users and groups · Azure built-in and custom role assignments · Microsoft Entra roles and Azure roles · Microsoft Entra Privileged Identity Management (PIM) · Multi-factor authentication (MFA) for Azure resources · Conditional access policies · Enterprise application access management · App registrations and permission scopes · Service principals and managed identities |
| 2. | Secure network infrastructure in Azure
· Network Security Groups (NSGs) and Application Security Groups (ASGs) · User-defined routes (UDRs) · Virtual network peering and VPN gateway · Overview of Virtual WAN and secured virtual hub · VPN connectivity (point-to-site and site-to-site) · Azure ExpressRoute details · Network Watcher monitoring · Private endpoints and service endpoints · Azure Firewall, Firewall Manager, and policies · Azure Application Gateway · Azure Front Door and CDN · Web Application Firewall (WAF) · Azure DDoS Protection
|
| 3. | Secure Compute, Storage, and Databases
· Remote access to VMs (Azure Bastion, just-in-time) · Azure Kubernetes Service (AKS) security · Azure Container Instances (ACIs) and Container Apps (ACAs) monitoring · Azure Container Registry (ACR) access management · Disk encryption (ADE, encryption at host, confidential disk encryption) · Azure API Management security · Storage account access control · Azure Files and Blob Storage access methods · Data protection (soft delete, backups, versioning, immutable storage) · Bring your own key (BYOK) · Database auditing · Microsoft Entra database authentication · Azure SQL Database Always Encrypted |
| 4. | Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
· Azure Policy creation and management · Azure Key Vault network settings and access · Certificate, secret, and key management · Key rotation and backup/recovery · Security controls for backups and asset management · Microsoft Defender for Cloud and Secure Score · Workload Defender protection services (servers, databases, storage) · Overview of Microsoft Defender Vulnerability Management · Compliance assessment and management · Defender for Cloud DevOps Security (GitHub, Azure DevOps, GitLab) · Hybrid and multi-cloud connections (AWS, GCP) · Microsoft Defender External Attack Surface Management (EASM)
· Log Analytics workspace and managing · Microsoft Sentinel and data connectors overview · Security alert management and workflow automation
|
Questions about the program?
Do you have questions about the program?
I would like to book this program as a corporate program
Azure Security Engineer Associate AZ-500 (Practical)
Register now
Azure Security Engineer Associate AZ-500 (Practical)
04.05.2026
08.05.2026
excl.
Zurich Airport