This is a study guide for the latest Azure exam, Exam AZ-500: Microsoft Azure Security Technologies. You can read more about the xam here –> https://www.microsoft.com/en-us/learning/exam-az-500.aspx by pasing this exam you get the certification (Microsoft Certified: Azure Security Engineer Associate)
Manage identity and access (20-25%)
Configure Microsoft Azure Active Directory for workloads
- create App registration (https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal)
- configure App registration permission scopes (https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent)
- manage App registration permission consent (https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent)
- configure multi-factor authentication settings (https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings)
- manage Microsoft Azure AD directory groups (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal)
- manage Microsoft Azure AD users (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory)
- install and configure Microsoft Azure AD Connect (https://msandbu.org/building-a-highly-available-azure-ad-connect/)
- implement conditional access policies (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access)
- configure Microsoft Azure AD identity protection (https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/enable)
- monitor privileged access (https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-use-audit-log)
- configure access reviews (https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview)
- activate Privileged Identity Management (https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan)
- transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory)
- manage API access to Microsoft Azure subscriptions and resources (https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal)
Implement platform protection (35-40%)
- configure virtual network connectivity (https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview)
- configure Network Security Groups (NSGs) (https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group)
- create and configure Microsoft Azure firewall (https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal)
- create and configure application security groups (https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic#associate-network-interfaces-to-an-asg)
- configure remote access management (https://docs.microsoft.com/en-us/azure/security/azure-security-management)
- configure baseline (https://docs.microsoft.com/en-us/azure/security-center/security-center-network-recommendations)
- configure resource firewall (https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-hybrid)
- configure endpoint security within the VM (https://docs.microsoft.com/en-us/azure/security-center/security-center-install-endpoint-protection)
- configure VM security (https://docs.microsoft.com/en-us/azure/security/azure-security-iaas)
- harden VMs in Microsoft Azure (https://docs.microsoft.com/en-us/azure/security/azure-security-iaas)
- configure system updates for VMs in Microsoft Azure (https://docs.microsoft.com/en-us/azure/security/azure-security-iaas#manage-your-vm-updates)
- configure container isolation (https://azure.microsoft.com/mediahandler/files/resourcefiles/container-security-in-microsoft-azure/Open%20Container%20Security%20in%20Microsoft%20Azure.pdf)
- configure AKS security (https://docs.microsoft.com/en-us/azure/aks/concepts-security)
- configure container registry (https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal)
- configure container instance security (https://docs.microsoft.com/en-us/azure/container-instances/container-instances-vnet)
- implement vulnerability management (https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations)
- create Microsoft Azure resource locks (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources)
- manage resource group security (https://docs.microsoft.com/en-us/azure/role-based-access-control/overview)
- configure Microsoft Azure policies (https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage)
- configure custom RBAC roles (https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles)
- configure subscription and resource permissions (https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal)
Secure data and applications (30-35%)
- configure data classification (https://docs.microsoft.com/en-us/azure/information-protection/infoprotect-quick-start-tutorial)
- configure data retention (https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Consistent-labeling-and-protection-policies-coming-to-Office-365/ba-p/161553)
- enable database authentication (https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication)
- enable database auditing (https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing)
- configure Microsoft Azure SQL Database threat detection (https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection)
- configure access control for storage accounts (https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide)
- configure key management for storage accounts (https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption-customer-managed-keys)
- create and manage Shared Access Signatures (SAS) (https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1)
- configure security for HDInsights (https://docs.microsoft.com/en-us/azure/hdinsight/domain-joined/apache-domain-joined-introduction)
- configure security for Cosmos DB (https://docs.microsoft.com/en-us/azure/cosmos-db/database-security)
- configure security for Microsoft Azure Data Lake (https://docs.microsoft.com/en-us/azure/storage/common/storage-data-lake-storage-security-guide)
- implement Microsoft Azure SQL Database Always Encrypted (https://docs.microsoft.com/en-us/azure/sql-database/sql-database-always-encrypted)
- implement database encryption (https://docs.microsoft.com/en-us/azure/sql-database/transparent-data-encryption-azure-sql)
- implement Storage Service Encryption (https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption)
- implement disk encryption (https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview)
- implement backup encryption (https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq#encryption)
- implement security validations for application development (https://docs.microsoft.com/en-us/azure/security/security-paas-deployments)
- configure synthetic security transactions (https://docs.microsoft.com/en-us/azure/azure-monitor/app/monitor-web-app-availability)
- configure SSL/TLS certs (https://docs.microsoft.com/en-us/azure/app-service/web-sites-purchase-ssl-web-site)
- configure Microsoft Azure services to protect web apps (https://docs.microsoft.com/nb-no/Azure/application-gateway/create-web-app)
- create an application security baseline (https://docs.microsoft.com/en-us/azure/app-service/overview-security)
- manage access to Key Vault (https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault)
- manage certificates https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates
- configure key rotation (https://docs.microsoft.com/en-us/azure/key-vault/key-vault-key-rotation-log-monitoring)
Manage security operations (15-20%)
- configure Microsoft Azure monitor (https://docs.microsoft.com/en-us/azure/azure-monitor/azure-management)
- configure Microsoft Azure log analytics (https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access)
- configure diagnostic logging and log retention (https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-logs-overview)
- configure vulnerability scanning (https://docs.microsoft.com/en-us/azure/security-center/security-center-vulnerability-assessment-recommendations)
- configure centralized policy management by using Microsoft Azure Security Center (https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy)
- configure Just in Time VM access by using Microsoft Azure Security Center (https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time)
- create and customize alerts (https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert)
- review and respond to alerts and recommendations (https://docs.microsoft.com/en-us/azure/security-center/security-center-managing-and-responding-alerts)
- configure a playbook for a security event by using Microsoft Azure Security Center (https://docs.microsoft.com/en-us/azure/security-center/security-center-playbooks)
- investigate escalated security incidents (https://docs.microsoft.com/en-us/azure/security-center/security-center-investigation)
thank you for this guide!!! Have you taken the Beta yet?
Taking the beta tommorow 🙂