Strong expertise with implementing security controls and threat protection, managing identity and access, and protecting data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure; that is what one can (and should) expect about the level of expertise of every self-respecting Security Engineer.

The Microsoft Azure Security Engineer Associate certification may be for candidates who are just starting to work with security technologies or are new to Azure, but experts may also benefit from this certification. After all, you can never have enough knowledge about security technologies.

Azure Security Engineer Associate certification covers cloud concepts, Azure services, Azure workloads, security and privacy in Azure, as well as Azure pricing and support. Microsoft states that candidates should have strong skills in scripting and automation; a deep understanding of networking, virtualization, and cloud N-tier architecture; and a strong familiarity with cloud capabilities and products and services for Azure, plus other Microsoft products and services.

Azure Security Engineer Associate may be useful to prepare you for other Azure role-based or specialty certifications but is not a prerequisite for any of them. In this blog article, I share available learning materials (free and paid) that prepare you for the Azure Security Technologies exam from Microsoft, but more importantly, these learning materials provide you with the knowledge about security technologies and Microsoft Azure security services in particular.

Before we dive into the learning materials

You want an Azure environment to build things yourself. I cannot say and emphasize this enough. Think of it as learning to drive: you can’t do that without being in a car. So, the first thing you’ll do is create your Azure environment. Via this link you can use various Azure services free of charge for 12 months.

Virtual training courses

There are various virtual training courses to follow, based on registration or on-demand. Below is an overview of the recommended virtual training events:

• Azure Security AZ-500 Certification Training Course by Cloudskills.io. Within less than 16 hours (!) of video training, Microsoft MVPs Tim Warner and Mike Pfeiffer prepare you for the Azure Security Engineer Associate (AZ-500) certification exam.
• Microsoft Azure Security Technologies (AZ-500) by Pluralsight. This learning path (consisting of 16 courses, each about an hour long) is intended to help learners start their preparation to take the Microsoft Azure Security Technologies (AZ-500) certification exam.
• Microsoft Azure Security Technologies by Technofocus. Technofocus is a Microsoft training partner. Microsoft regularly offers free training courses (including virtual labs and a voucher for a free exam) for Microsoft (Gold) partners. This 5-day training is an excellent preparation for the exam.

Microsoft Learn

Microsoft Learn provides you with free online training and learning paths for different Microsoft technologies. Here are the relevant Microsoft Learn modules and learning paths for the AZ-500 Exam:

• Secure your cloud applications in Azure - Learn | Microsoft Docs
• Implement resource management security in Azure - Learn | Microsoft Docs
• Implement network security in Azure - Learn | Microsoft Docs
• Implement virtual machine host security in Azure - Learn | Microsoft Docs
• Manage identity and access in Azure Active Directory - Learn | Microsoft Docs
• Manage security operations in Azure - Learn | Microsoft Docs

Links to Microsoft articles on the specific topics

Below are several links to articles on topics that may come up in the exam. To prepare for the exam, you’d be wise to go through these articles and, where necessary, build the components yourself in your Azure environment.

Manage identity and access

Manage Azure Active Directory identities

• configure security for service principals
  • Apps & service principals in Azure AD - Microsoft identity platform | Microsoft Docs
• manage Azure AD directory groups
  • Add or delete users - Azure Active Directory | Microsoft Docs
  • Manage app & resource access using groups - Azure AD | Microsoft Docs
• manage Azure AD users
  • Assign or remove licenses - Azure Active Directory | Microsoft Docs
  • Add or delete users - Azure Active Directory | Microsoft Docs
• configure password writeback
  • Enable Azure Active Directory password writeback | Microsoft Docs
• configure authentication methods including password hash and Pass Through Authentication (PTA), OAuth, and passwordless
  • Authentication methods and features - Azure Active Directory | Microsoft Docs
• transfer Azure subscriptions between Azure AD tenants
  • Transfer billing ownership of an Azure subscription | Microsoft Docs
  • Add an existing Azure subscription to your tenant - Azure AD | Microsoft Docs
  • Transfer Azure subscriptions between subscribers and CSPs | Microsoft Docs

Configure secure access by using Azure AD

• monitor privileged access for Azure AD Privileged Identity Management (PIM)
  • Deploy Privileged Identity Management (PIM) - Azure AD | Microsoft Docs
  • Assign Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
  • What is Privileged Identity Management? - Azure AD | Microsoft Docs
• configure Access Reviews
  • Review access to Azure AD roles in PIM - Azure AD | Microsoft Docs
  • Resource dashboards for access reviews in PIM - Azure AD | Microsoft Docs
  • Review access to Azure AD roles in PIM - Azure AD | Microsoft Docs
• activate and configure PIM
  • Activate my Azure AD roles in PIM - Azure Active Directory | Microsoft Docs
• implement Conditional Access policies including Multi-Factor Authentication (MFA)
  • Change your two-factor verification method and settings - Azure Active Directory | Microsoft Docs
  • Configure Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs
• configure Azure AD identity protection
  • Configure the MFA registration policy - Azure Active Directory Identity Protection | Microsoft Docs
  • What is Azure Active Directory Identity Protection? | Microsoft Docs

Manage application access

• create App Registration
  • Create an Azure AD app & service principal in the portal - Microsoft identity platform | Microsoft Docs
  • Quickstart: Register an app in the Microsoft identity platform | Microsoft Docs
• configure App Registration permission scopes
  • Microsoft identity platform scopes, permissions, & consent | Microsoft Docs
• manage App Registration permission consent
  • Microsoft identity platform scopes, permissions, & consent | Microsoft Docs
• manage API access to Azure subscriptions and resources
  • Microsoft identity platform authentication flows & app scenarios | Microsoft Docs
  • Assign Azure roles using the REST API - Azure RBAC | Microsoft Docs

Manage access control

• configure subscription and resource permissions
  • Tutorial: Grant a user access to Azure resources using the Azure portal - Azure RBAC | Microsoft Docs
• configure resource group permissions
  • Manage resource groups - Azure portal - Azure Resource Manager | Microsoft Docs
• configure custom RBAC roles
  • Azure custom roles - Azure RBAC | Microsoft Docs
  • What is Azure role-based access control (Azure RBAC)? | Microsoft Docs
• identify the appropriate role
  • Azure identity & access security best practices | Microsoft Docs
  • List Azure role definitions - Azure RBAC | Microsoft Docs
• apply principle of least privilege
  • Azure identity & access security best practices | Microsoft Docs
• interpret permissions
  • List Azure role assignments using the Azure portal - Azure RBAC | Microsoft Docs
• check access
  • Quickstart - Check access for a user to Azure resources - Azure RBAC | Microsoft Docs

Implement platform protection

Implement advanced network security

• secure the connectivity of virtual networks (VPN authentication, Express Route encryption)
  • Configure Azure AD authentication for User VPN connection: Virtual WAN | Microsoft Docs
  • About Azure VPN Gateway | Microsoft Docs
  • Azure ExpressRoute Overview: Connect over a private connection | Microsoft Docs
  • Azure ExpressRoute: About Encryption | Microsoft Docs
• configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
  • Create, change, or delete an Azure network security group | Microsoft Docs
  • Azure application security groups overview | Microsoft Docs
• create and configure Azure Firewall
  • Tutorial: Deploy & configure Azure Firewall using the Azure portal | Microsoft Docs
  • What is Azure Firewall? | Microsoft Docs
• implement Azure Firewall Manager
  • Tutorial: Secure your virtual hub using Azure Firewall Manager | Microsoft Docs
  • What is Azure Firewall Manager? | Microsoft Docs
• configure Azure Front Door service as an Application Gateway
  • Quickstart: Set up high availability with Azure Front Door Service - Azure portal | Microsoft Docs
  • Azure Front Door | Microsoft Docs
• configure a Web Application Firewall (WAF) on Azure Application Gateway
  • What is Azure Web Application Firewall on Azure Application Gateway? - Azure Web Application Firewall | Microsoft Docs
• configure Azure Bastion
  • Enhance remote management security in Azure | Microsoft Docs
  • Azure Bastion | Microsoft Docs
• configure a firewall on a storage account, Azure SQL, KeyVault, or App Service
  • Configure Azure Storage firewalls and virtual networks | Microsoft Docs
  • Configure Azure Firewall application rules with SQL FQDNs | Microsoft Docs
  • Configure Azure Key Vault firewalls and virtual networks - Azure Key Vault | Microsoft Docs
  • Azure App Service access restrictions - Azure App Service | Microsoft Docs
  • Lock down outbound traffic - Azure App Service Environment | Microsoft Docs
• implement Service Endpoints
  • Azure virtual network service endpoints | Microsoft Docs
• implement DDoS protection
  • Azure DDoS Protection Standard Overview | Microsoft Docs

Configure advanced security for compute

• configure endpoint protection
  • Security features used with Azure VMs - Azure security | Microsoft Docs
  • Microsoft Antimalware for Azure | Microsoft Docs
• configure and monitor system updates for VMs
  • Azure Automation Update Management overview | Microsoft Docs
  • Manage updates and patches for your VMs in Azure Automation | Microsoft Docs
• configure authentication for Azure Container Registry
  • Registry authentication options - Azure Container Registry | Microsoft Docs
  • Authenticate with managed identity - Azure Container Registry | Microsoft Docs
• configure security for different types of containers
  • Container Security in Azure Security Center | Microsoft Docs
  • Concepts - Security in Azure Kubernetes Services (AKS) - Azure Kubernetes Service | Microsoft Docs
  • Security considerations for container instances - Azure Container Instances | Microsoft Docs
• implement vulnerability management
  • Azure Security Control - Vulnerability Management | Microsoft Docs
• configure isolation for AKS
  • Secure pod traffic with network policy - Azure Kubernetes Service | Microsoft Docs
• configure security for container registry
  • Container Security in Azure Security Center | Microsoft Docs
• implement Azure Disk Encryption
  • Azure Disk Encryption for virtual machines and virtual machine scale sets | Microsoft Docs
• configure authentication and security for Azure App Service
  • Authentication and authorization - Azure App Service | Microsoft Docs
  • Azure security baseline for App Service - Azure App Service | Microsoft Docs
• configure SSL/TLS certs
  • Use a TLS/SSL certificate in code - Azure App Service | Microsoft Docs
• configure authentication for Azure Kubernetes Service
  • Use managed identities in Azure Kubernetes Service - Azure Kubernetes Service | Microsoft Docs
  • Service principals for Azure Kubernetes Services (AKS) - Azure Kubernetes Service | Microsoft Docs
• configure automatic updates
  • Concepts - Security in Azure Kubernetes Services (AKS) - Azure Kubernetes Service | Microsoft Docs
  • Use pod security policies in Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Docs
  • Security hardening in AKS virtual machine hosts - Azure Kubernetes Service | Microsoft Docs

Manage security operations

Monitor security by using Azure Monitor

• create and customize alerts
  • Azure security baseline for Azure Monitor - Azure Monitor | Microsoft Docs
  • Respond to events with Azure Log Analytics Alerts - Azure Monitor | Microsoft Docs
  • Manage security alerts in Azure Security Center | Microsoft Docs
  • Security alerts in Azure Security Center | Microsoft Docs
• monitor security logs by using Azure Monitor
  • Azure security logging and auditing | Microsoft Docs
  • Azure Monitor Logs - Azure Monitor | Microsoft Docs
• configure diagnostic logging and log retention
  • Create diagnostic settings to send platform logs and metrics to different destinations - Azure Monitor | Microsoft Docs
  • Log queries in Azure Monitor - Azure Monitor | Microsoft Docs
  • Overview of Azure platform logs - Azure Monitor | Microsoft Docs

Monitor security by using Azure Security Center

• evaluate vulnerability scans from Azure Security Center
  • Security Center’s integrated vulnerability assessment solution for Azure and hybrid machines | Microsoft Docs
  • Security Center’s integrated vulnerability assessment solution for Azure and hybrid machines | Microsoft Docs
• configure Just in Time VM access by using Azure Security Center
  • Just-in-time virtual machine access in Azure Security Center | Microsoft Docs
• configure centralized policy management by using Azure Security Center
  • Centralized Policy Management in Azure Security Center using Management Groups - Microsoft Tech Community
  • Working with security policies | Microsoft Docs
  • Built-in policy definitions for Azure Security Center | Microsoft Docs
• configure compliance policies and evaluate for compliance by using Azure Security Center
  • Using the regulatory compliance dashboard in Azure Security Center | Microsoft Docs

Monitor security by using Azure Sentinel

• create and customize alerts
  • Investigate alerts with Azure Sentinel | Microsoft Docs
  • Tutorial: Run a playbook in Azure Sentinel | Microsoft Docs
• configure data sources to Azure Sentinel
  • Connect data sources to Azure Sentinel | Microsoft Docs
  • What is Azure Sentinel? | Microsoft Docs
• evaluate results from Azure Sentinel
  • Visualize your data using Azure Monitor Workbooks in Azure Sentinel | Microsoft Docs
  • Investigate incidents with Azure Sentinel | Microsoft Docs
• configure workflow automation by using Azure Sentinel
  • Tutorial: Run a playbook in Azure Sentinel | Microsoft Docs
  • Azure security baseline for Azure Sentinel | Microsoft Docs

Configure security policies

• configure security settings by using Azure Policy
  • Quickstart: New policy assignment with portal - Azure Policy | Microsoft Docs
  • Overview of Azure Policy - Azure Policy | Microsoft Docs
• configure security settings by using Azure Blueprint
  • Security compliance with Azure Policy and Azure Blueprints | Microsoft Docs
• configure a playbook by using Azure Sentinel
  • Tutorial: Run a playbook in Azure Sentinel | Microsoft Docs

Secure data and applications

Configure security for storage

• configure access control for storage accounts
• configure key management for storage accounts
• configure Azure AD authentication for Azure Storage
• configure Azure AD Domain Services authentication for Azure Files
• create and manage Shared Access Signatures (SAS)
• create a shared access policy for a blob or blob container
• configure Storage Service Encryption
• configure Azure Defender for Storage

Configure security for databases

• enable database authentication
  • Tutorial: Access data with managed identity - Azure App Service | Microsoft Docs
  • Configure Azure Active Directory authentication - Azure SQL Database & SQL Managed Instance & Azure Synapse Analytics | Microsoft Docs
  • Azure Active Directory authentication - Azure SQL Database | Microsoft Docs
• enable database auditing
  • Azure SQL Auditing for Azure SQL Database and Azure Synapse Analytics - Azure SQL Database | Microsoft Docs
• configure Azure Defender for SQL
  • Azure Defender for SQL - the benefits and features | Microsoft Docs
• configure Azure SQL Database Advanced Threat Protection
  • Advanced Threat Protection - Azure SQL Database, SQL Managed Instance, & Azure Synapse Analytics | Microsoft Docs
• implement database encryption
  • Security Overview - Azure SQL Database & Azure SQL Managed Instance | Microsoft Docs
  • Transparent data encryption - Azure SQL Database & SQL Managed Instance & Azure Synapse Analytics | Microsoft Docs
• implement Azure SQL Database Always Encrypted
  • Configure Always Encrypted by using Azure Key Vault - Azure SQL Database | Microsoft Docs
  • Always Encrypted - SQL Server | Microsoft Docs

Configure and manage Key Vault

• manage access to Key Vault
  • Assign an Azure Key Vault access policy (Portal) | Microsoft Docs
  • Assign an Azure Key Vault access policy (CLI) | Microsoft Docs
  • Secure access to a key vault | Microsoft Docs
• manage permissions to secrets, certificates, and keys
  • Azure Key Vault Keys, Secrets, and Certificates Overview | Microsoft Docs
• configure RBAC usage in Azure Key Vault
  • Secure access to a key vault | Microsoft Docs
• manage certificates
  • Get started with Key Vault certificates | Microsoft Docs
• manage secrets
  • Manage secrets in your server apps with Azure Key Vault - Learn | Microsoft Docs
  • Configure and manage secrets in Azure Key Vault - Learn | Microsoft Docs
• configure key rotation
  • Tutorial - Updating certificate auto-rotation frequency in Key Vault | Microsoft Docs
  • Rotation tutorial for resources with two sets of credentials | Microsoft Docs
• backup and restore of Key Vault items
  • Back up a secret, key, or certificate stored in Azure Key Vault | Microsoft Docs
• configure Azure Defender for Key Vault
  • Azure Defender for Key Vault - the benefits and features | Microsoft Docs

Books and other reading material

Due to the rapid renewal and innovative nature of cloud and Microsoft, there is no book I would advise you. Mainly because these are quickly becoming outdated and the fact that there are much better alternatives. If you still like to use a book for studying, then there is only one suitable book: the Exam Ref AZ-500 Microsoft Azure Security Technologies by Yuri Diogenes.

Practice exams

Practice exams are useful for getting a feel for the exam questions and topics. My personal experience with practice exams is that they are often outdated, incomplete, or that the answers marked as correct in practice exams are actually incorrect. I advise everyone not to use practice exams to memorize questions and the corresponding answers, but mainly to use them to get a feel for the real exam. Below are some practice exams for the AZ-500 exam:

• Microsoft Azure Security Technologies (AZ-500) by Whizlabs.
• Microsoft AZ-500 Exam by ExamTopics.

Good luck!

Now that we have come to the end of this article, hopefully you have discovered enough learning materials to take the AZ-500 exam with confidence. All I can do now is wish you the best of luck. Goodluck!