Badge
NEW

Microsoft Certified: Azure Security Engineer Associate

Azure Security Engineers implement security controls and threat protection, manage identity and access, and protect data, applications, and networks in cloud and hybrid environments as part of end-to-end infrastructure.

Required exam: Exam AZ-500

Optional prerequisite: 1 exam | See details

Skills measured

Manage identity and access

Configure Microsoft Azure Active Directory for workloads

  • create App registration
  • configure App registration permission scopes
  • manage App registration permission consent
  • configure multi-factor authentication settings
  • manage Microsoft Azure AD directory groups
  • manage Microsoft Azure AD users
  • install and configure Microsoft Azure AD Connect
  • configure authentication methods
  • implement conditional access policies
  • configure Microsoft Azure AD identity protection

Configure Microsoft Azure AD Privileged Identity Management

  • monitor privileged access
  • configure access reviews
  • activate Privileged Identity Management

Configure Microsoft Azure tenant security

  • transfer Microsoft Azure subscriptions between Microsoft Azure AD tenants
  • manage API access to Microsoft Azure subscriptions and resources

Implement platform protection

Implement network security

  • configure virtual network connectivity
  • configure Network Security Groups (NSGs)
  • create and configure Microsoft Azure firewall
  • create and configure application security groups
  • configure remote access management
  • configure baseline
  • configure resource firewall

Implement host security

  • configure endpoint security within the VM
  • configure VM security
  • harden VMs in Microsoft Azure
  • configure system updates for VMs in Microsoft Azure
  • configure baseline

Configure container security

  • configure network
  • configure authentication
  • configure container isolation
  • configure AKS security
  • configure container registry
  • configure container instance security
  • implement vulnerability management

Implement Microsoft Azure Resource management security

  • create Microsoft Azure resource locks
  • manage resource group security
  • configure Microsoft Azure policies
  • configure custom RBAC roles
  • configure subscription and resource permissions

Manage security operations

Configure security services

  • configure Microsoft Azure monitor
  • configure Microsoft Azure log analytics
  • configure diagnostic logging and log retention
  • configure vulnerability scanning

Configure security policies

  • configure centralized policy management by using Microsoft Azure Security Center
  • configure Just in Time VM access by using Microsoft Azure Security Center

Manage security alerts

  • create and customize alerts
  • review and respond to alerts and recommendations
  • configure a playbook for a security event by using Microsoft Azure Security Center
  • investigate escalated security incidents

Secure data and applications

Configure security policies to manage data

  • configure data classification
  • configure data retention
  • configure data sovereignty

Configure security for data infrastructure

  • enable database authentication
  • enable database auditing
  • configure Microsoft Azure SQL Database threat detection
  • configure access control for storage accounts
  • configure key management for storage accounts
  • create and manage Shared Access Signatures (SAS)
  • configure security for HDInsights
  • configure security for Cosmos DB
  • configure security for Microsoft Azure Data Lake

Configure encryption for data at rest

  • implement Microsoft Azure SQL Database Always Encrypted
  • implement database encryption
  • implement Storage Service Encryption
  • implement disk encryption
  • implement backup encryption

Implement security for application delivery

  • implement security validations for application development
  • configure synthetic security transactions

Configure application security

  • configure SSL/TLS certs
  • configure Microsoft Azure services to protect web apps
  • create an application security baseline

Configure and manage Key Vault

  • manage access to Key Vault
  • manage permissions to secrets, certificates, and keys
  • manage certificates
  • manage secrets
  • configure key rotation

Optional prerequisite

A helpful starting point for individuals just starting in technology or thinking about a career change.

Microsoft Certified: Azure Fundamentals

Prove that you understand cloud concepts, core Azure Services, Azure pricing and support, and the fundamentals of cloud security, privacy, compliance and trust.

Prepare for certification

Self-paced

Free
Microlearning
Interactive
In-browser access
Start learning

Instructor-led

Paid
Personalized
In-person
On-demand
Explore courses

Exam AZ-500

Exam AZ-500: Microsoft Azure Security Technologies

This exam measures your ability to accomplish the following technical tasks: manage identity and access; implement platform protection; manage security operations; and secure data and applications. Learn more.

Schedule exam

Additional resources

Guides to Training and Certifications

Explore all certifications in a concise training and certifications guide or the Training and Certifications poster.

Exam Replay

See two great offers to help boost your odds of success.