AZ-500 Training: Microsoft Azure Security Technologies

Course: 2207

Build practical skills to secure Azure identities, networks, compute resources, storage, databases, and cloud applications. Gain  hands-on experience with Microsoft Entra ID, Azure RBAC, Conditional Access, Azure Firewall, Key Vault, Microsoft Defender for Cloud, Microsoft Sentinel, monitoring, and threat protection. AZ-500 helps  prepare Azure Security Engineer Associate certification exam.  Demonstrate job-ready skills for protecting Azure and hybrid cloud environments.

Download PDF
  • Duration: 4 days
  • Price: $2,395.00
Get This Course $2,395.00
August 17 - 20, 2026

Tentative
9:00 AM – 4:00 PM CST

September 21 - 24, 2026

Tentative
9:00 AM – 4:00 PM CST

Scroll to view additional course dates

Reserve Your Seat

  • Virtual instructor Led Training
  • Complete Hands-on Labs
  • Softcopy of Courseware
  • Learning Labs
  • Virtual instructor Led Training
  • Complete Hands-on Labs
  • Softcopy of Courseware
  • Learning Labs
  • You can use your Purchase Card and checkout
  • The GSA Contract Number: 47QTCA20D000D
  • Call 800-453-5961 for details
  • Customize your class
  • Delivery Onsite or Online for your organization
  • Choice of Dates when and where you want
  • Guidance in choosing and customizing your class

Question About this Course?

AZ-500 Microsoft Azure Security Technologies
AZ-500 Microsoft Azure Security Technologies

AZ-500T00-A: Secure Cloud Resources with Microsoft Security Technologies

AZ-500 training

AZ-500T00-A: Secure Cloud Resources with Microsoft Security Technologies is an instructor-led course for Azure security engineers and IT security professionals who implement security controls, maintain cloud security posture, and identify and remediate security vulnerabilities in Microsoft Azure.

Students learn how to secure identity and access, protect networks, secure compute, storage, and databases, manage cloud governance, configure Microsoft Defender for Cloud, monitor security events, and automate security operations with Microsoft Sentinel.

Certification: Microsoft Certified: Azure Security Engineer Associate
Exam: AZ-500: Microsoft Azure Security Technologies
Duration: 4 days
Audience: Azure security engineers, Azure administrators, cloud security engineers, infrastructure engineers, security operations professionals, compliance engineers, and IT professionals responsible for securing Azure and hybrid cloud environments.

Why choose Dynamics Edge for AZ-500T00-A training?

Dynamics Edge delivers AZ-500 training with practical Azure security examples, hands-on labs, certification review, and implementation-focused discussion. The course helps students understand how to secure Azure identities, networks, workloads, data, applications, and security operations using Microsoft security technologies.

  • Learn how to secure Microsoft Entra ID, Azure RBAC, Conditional Access, MFA, PIM, and application access.
  • Practice securing virtual networks, Azure Firewall, storage, Azure SQL, containers, Kubernetes, and Key Vault.
  • Configure Microsoft Defender for Cloud, Azure Monitor, Log Analytics, JIT VM access, and Microsoft Sentinel.
  • Prepare for AZ-500 exam objectives through structured review and lab reinforcement.
  • Request private team delivery for Azure security readiness, cloud compliance, security operations, CMMC preparation, or enterprise security engineering teams.

What will you learn in AZ-500T00-A training?

Students learn how to implement and manage Azure security controls across identity, access, networking, compute, storage, databases, governance, monitoring, and security operations.

  • Secure identity and access using Microsoft Entra ID, Azure RBAC, MFA, Conditional Access, Identity Protection, PIM, and managed identities.
  • Secure Azure networking using NSGs, ASGs, UDRs, service endpoints, private endpoints, Azure Firewall, Application Gateway, WAF, and DDoS protection.
  • Secure compute, containers, storage, and databases using Azure Bastion, AKS security, ACR access, storage security, Azure SQL security, and Key Vault.
  • Manage cloud security posture using Azure Policy, Microsoft Defender for Cloud, secure score, regulatory compliance, and security recommendations.
  • Monitor and respond to threats using Azure Monitor, Log Analytics, data collection rules, Microsoft Defender for Cloud, JIT VM access, and Microsoft Sentinel.

Microsoft Azure Security Technologies AZ-500 Course Outline

Module 1: Manage identities in Microsoft Entra ID

Students learn how Microsoft Entra ID supports identity security for Azure resources and cloud applications. They review users, groups, tenants, identity types, administrative roles, and identity lifecycle management.

Topics include:

  • Manage Microsoft Entra users and groups.
  • Configure administrative roles and role assignments.
  • Review tenant-level identity settings.
  • Manage internal and external identities.
  • Apply identity security best practices.

Module 2: Manage authentication by using Microsoft Entra ID

Students learn how to strengthen authentication for Azure resources and cloud services. They configure MFA, Conditional Access, Identity Protection, and sign-in risk controls.

Topics include:

  • Implement Microsoft Entra multifactor authentication.
  • Configure Conditional Access policies.
  • Configure Microsoft Entra Identity Protection.
  • Review user risk and sign-in risk.
  • Test authentication and access policies.

Module 3: Manage authorization by using Azure RBAC and PIM

Students learn how to control access to Azure resources using role-based access control and privileged access management. They review built-in roles, custom roles, scope, assignments, PIM activation, approvals, and access reviews.

Topics include:

  • Assign Azure built-in roles.
  • Create and manage custom roles.
  • Configure Azure resource access by scope.
  • Configure Microsoft Entra Privileged Identity Management.
  • Review access reviews and PIM audit activity.

Module 4: Manage application access and managed identities

Students learn how to secure access for applications and workloads. They review app registrations, service principals, OAuth permissions, consent, managed identities, and enterprise application access.

Topics include:

  • Manage Microsoft Entra app registrations.
  • Configure service principals and permission scopes.
  • Manage consent and enterprise application access.
  • Configure managed identities for Azure resources.
  • Secure application access to cloud resources.

Module 5: Plan and implement security for virtual networks

Students learn how to secure Azure virtual networks and control traffic flow. They review virtual networks, subnets, network security groups, application security groups, user-defined routes, peering, VPN, and Network Watcher.

Topics include:

  • Configure network security groups and application security groups.
  • Configure user-defined routes.
  • Plan VNet peering and VPN connectivity.
  • Monitor network traffic with Network Watcher.
  • Secure traffic between Azure resources and networks.

Module 6: Secure private and public access to Azure resources

Students learn how to protect access to Azure services over private and public endpoints. They review service endpoints, private endpoints, Private Link, Azure Firewall, Application Gateway, Web Application Firewall, Azure Front Door, and DDoS Protection.

Topics include:

  • Implement service endpoints and private endpoints.
  • Configure Private Link for Azure resources.
  • Configure Azure Firewall and firewall policies.
  • Configure Application Gateway and Web Application Firewall.
  • Evaluate Azure Front Door and DDoS Protection scenarios.

Module 7: Secure compute and container workloads

Students learn how to secure Azure compute services and container platforms. They review secure VM access, Azure Bastion, just-in-time access, AKS network isolation, ACR access, container monitoring, and Defender for Containers.

Topics include:

  • Secure remote access to virtual machines.
  • Configure Azure Bastion and JIT VM access.
  • Secure Azure Container Registry access.
  • Configure AKS authentication and network isolation.
  • Monitor and protect container workloads.

Module 8: Secure Azure storage

Students learn how to secure Azure Storage accounts and file shares. They review network access controls, service endpoints, private endpoints, shared access signatures, encryption, access keys, Azure Files, and storage monitoring.

Topics include:

  • Configure storage account network security.
  • Configure service endpoints and private endpoints.
  • Manage storage access keys and shared access signatures.
  • Secure Azure file shares.
  • Validate storage access from approved networks.

Module 9: Secure Azure SQL Database and data platforms

Students learn how to secure Azure SQL Database and related data services. They configure Microsoft Defender for SQL, auditing, data classification, encryption, private access, and database security controls.

Topics include:

  • Configure Azure SQL security settings.
  • Enable Microsoft Defender for SQL.
  • Configure data discovery and classification.
  • Configure database auditing.
  • Implement encryption and secure access controls.

Module 10: Implement secure data with Azure Key Vault

Students learn how Azure Key Vault protects secrets, keys, certificates, and encryption keys. They review vault permissions, access policies, RBAC, managed identities, Always Encrypted, and application integration.

Topics include:

  • Create and configure Azure Key Vault.
  • Store and manage keys and secrets.
  • Configure permissions and access control.
  • Integrate Key Vault with applications.
  • Implement Always Encrypted with Azure SQL Database.

Module 11: Manage cloud governance and security posture

Students learn how to enforce cloud governance and improve security posture. They review Azure Policy, initiatives, regulatory compliance, Microsoft Cloud Security Benchmark, Microsoft Defender for Cloud, recommendations, and secure score.

Topics include:

  • Configure Azure Policy and initiatives.
  • Review regulatory compliance controls.
  • Use Microsoft Defender for Cloud recommendations.
  • Review and improve secure score.
  • Implement security posture management.

Module 12: Manage security monitoring and automation

Students learn how to collect, monitor, analyze, and respond to security events. They review Azure Monitor, Log Analytics, data collection rules, Microsoft Defender for Cloud, Microsoft Sentinel, analytics rules, incidents, workbooks, and playbooks.

Topics include:

  • Configure Log Analytics workspaces.
  • Collect VM telemetry and security logs.
  • Configure Microsoft Defender for Cloud threat protection.
  • Connect data sources to Microsoft Sentinel.
  • Automate incident response with playbooks.

Hands-on labs

The AZ-500 labs support hands-on practice for Azure security engineers. This single consolidated lab list is based on the official MicrosoftLearning AZ-500 hosted labs and the most important lab, exercise, and speaker-note topics found in the AZ-500 PowerPoint deck.

  • Lab 1: Create Microsoft Entra users and security groups for Azure administration.
  • Lab 2: Assign Azure RBAC permissions to groups by using the portal, PowerShell, and Azure CLI.
  • Lab 3: Implement and test Microsoft Entra multifactor authentication.
  • Lab 4: Implement and test Microsoft Entra Conditional Access policies.
  • Lab 5: Implement and test Microsoft Entra Identity Protection.
  • Lab 6: Configure Microsoft Entra Privileged Identity Management, role activation, approvals, access reviews, and auditing.
  • Lab 7: Create application security groups and secure traffic with network security groups.
  • Lab 8: Configure NSG rules so management servers allow RDP while web servers allow only web access.
  • Lab 9: Deploy Azure Firewall with workload and jump subnets.
  • Lab 10: Configure custom routes, firewall application rules, and firewall network rules.
  • Lab 11: Create an Azure Container Registry and build a container image from a Dockerfile.
  • Lab 12: Create an Azure Kubernetes Service cluster and grant AKS access to Azure Container Registry.
  • Lab 13: Deploy and test external and internal containerized services on AKS.
  • Lab 14: Secure Azure SQL Database with Microsoft Defender for SQL, data classification, and auditing.
  • Lab 15: Configure service endpoints and secure Azure Storage access from an approved subnet.
  • Lab 16: Create a storage account and file share, then validate allowed and denied storage access.
  • Lab 17: Configure Azure Key Vault with keys, secrets, permissions, and application access.
  • Lab 18: Implement Always Encrypted with Azure SQL Database and Azure Key Vault.
  • Lab 19: Create a Log Analytics workspace, configure data collection, and query VM performance and event data.
  • Lab 20: Configure Microsoft Defender for Cloud, JIT VM access, Microsoft Sentinel, analytics rules, incidents, and automated response playbooks.

Certification alignment

This course supports preparation for Exam AZ-500: Microsoft Azure Security Technologies. The exam validates the ability to secure identity and access, secure networking, secure compute, storage, and databases, and secure Azure environments using Microsoft Defender for Cloud and Microsoft Sentinel.

AZ-500 skills measured

  • Secure identity and access.
  • Secure networking.
  • Secure compute, storage, and databases.
  • Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel.

Course review

Students should leave the course able to implement security controls, maintain Azure security posture, and identify and remediate security vulnerabilities. The course review should reinforce Microsoft Entra ID, MFA, Conditional Access, Identity Protection, RBAC, PIM, NSGs, ASGs, Azure Firewall, private access, secure storage, Azure SQL security, Key Vault, Defender for Cloud, Azure Monitor, Log Analytics, JIT VM access, and Microsoft Sentinel.

Certification exam review

Exam review should focus on scenario-based Azure security implementation decisions. Priority review areas should include Microsoft Entra ID, RBAC, custom roles, managed identities, app registrations, MFA, Conditional Access, Identity Protection, PIM, NSGs, ASGs, UDRs, service endpoints, private endpoints, Azure Firewall, Application Gateway, WAF, DDoS Protection, Azure Bastion, JIT VM access, AKS security, ACR access, storage network controls, Azure SQL security, Key Vault, Azure Policy, Defender for Cloud, secure score, regulatory compliance, Log Analytics, Microsoft Sentinel, analytics rules, incidents, and playbooks.

Question About this Course?

Need help picking the right course?

Contact Us

Call Now

Call Now800-453-5961