AZ-500 Training: Microsoft Azure Security Technologies

Certification: Microsoft Certified: Azure Security Engineer Associate

Dynamics Edge courses and labs are enhanced Instructor-Led Training (ILT) materials, purpose-built for live, guided instruction, structured learning and practical, work-ready skills development.

Unlike Microsoft Learn paths—which are designed for self-paced study—our ILT content follows a carefully crafted curriculum tailored for real-time engagement, interactive Q&A, The structure and flow of our materials are intentionally different to support deeper learning and immediate application.

AZ-500 Microsoft Azure Security Technologies

Course Overview

This course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities. This course includes security for identity and access, platform protection, data and applications, and security operations.

You will learn:

• Implement Identity and Access Management.
• Secure Azure Network Infrastructure
• Secure Azure Compute Resources
• Manage Security Operations with Microsoft Defender for Cloud
• Implement Platform Protection
• Manage and Secure Azure Storage
• Secure Data and Azure SQL Resources
• Automate Security Monitoring with Microsoft Sentinel
• Manage Application and API Security
• Understand Zero Trust and Defense-in-Depth Principles

Microsoft Azure Security Technologies AZ-500- Course outline

Module 1, Manage security controls for identity and access

1. Microsoft Entra ID – Core identity service for authentication and user/group management.
2. Implement multifactor authentication (MFA) – Strengthens authentication beyond passwords.
3. Conditional Access policies – Control access based on user risk, location, or device state.
4. Role-Based Access Control (RBAC) – Assign granular permissions across Azure resources.
5. Privileged Identity Management (PIM) – Just-in-time access to elevate privileges securely.
6. Identity Protection – Detect and respond to identity-based risks like leaked credentials.
7. Passwordless authentication – Improve security and UX via FIDO2, biometrics, etc.

Module 2. Manage Microsoft Entra application access

1. Manage access to enterprise apps – Use OAuth and Entra roles to restrict access.
2. App registration and permission scopes – Define app identities and their access levels.
3. Consent management – Administer user and admin consent for app permissions.
4. Service principals – Enable apps and services to authenticate and access resources.
5. Managed identities – Securely connect services without storing secrets.
6. Microsoft Entra Application Proxy – Provide secure remote access to on-prem apps.
7. Authentication configurations – Choose appropriate methods (e.g., token-based).

Module 3. Plan and implement security for virtual networks

1. Azure Virtual Network – Foundation for isolating and securing resources.
2. Network Security Groups (NSGs) – Control inbound/outbound traffic at NIC/subnet levels.
3. Virtual Network Peering & Gateways – Secure cross-network communication.
4. User-Defined Routes (UDRs) – Customize traffic routing for security/enforcement.
5. Azure Firewall – Centralized stateful firewall with threat intelligence.
6. ExpressRoute with encryption – Private, secure connection to Azure with optional encryption.
7. Monitor with Network Watcher – Track and diagnose network issues and threats.

Module 4. Plan and implement security for private access to Azure resources

1. Private Endpoints – Secure connections to Azure PaaS without public IP exposure.
2. Private Link – Access services over a private IP in your VNet.
3. Service Endpoints – Extend VNet to Azure services directly.
4. App Service & Functions integration – Secure traffic via private network access.
5. App Service Environment (ASE) – Isolated, scalable, and secure hosting for apps.
6. Private network security configurations – Enforce NSGs and UDRs for private services.
7. Azure SQL Managed Instance integration – Secure access via private networking.

Module 5. Plan and implement security for public access to Azure resources

1. TLS encryption – Secure data in transit for apps and APIs.
2. Azure Firewall & Firewall Manager – Define and enforce network security policies.
3. Azure Application Gateway – Layer 7 load balancer with WAF integration.
4. Web Application Firewall (WAF) – Protect web apps from common threats.
5. Azure Front Door + CDN – Global edge delivery and app acceleration with security.
6. DDoS Protection Standard – Protect against volumetric and protocol attacks.
7. Security diagnostics and logging – Enable insights for public endpoints.

Module 6. Plan and implement advanced security for compute

1. Azure Bastion & JIT Access – Secure VM access without public IPs.
2. Azure Kubernetes Service (AKS) – Secure, isolate, and monitor containers.
3. Authentication & RBAC for AKS – Control who can manage clusters.
4. Azure Container Apps & ACR – Secure deployment and image access.
5. Disk encryption (ADE, Confidential Disks) – Protect data at rest.
6. Azure API Management – Apply rate limiting, authentication, and security policies.
7. Isolation for AKS/ACI environments – Use private clusters and VNET integration.

Module 7. Plan and implement security for storage

1. Access control for storage accounts – Use RBAC and Shared Access Signatures (SAS).
2. Manage access keys & lifecycle – Rotate and monitor keys securely.
3. Azure Blobs, Files, Tables, Queues – Implement appropriate access methods.
4. Data protection features – Enable soft delete, versioning, and immutable storage.
5. Bring Your Own Key (BYOK) – Enhance encryption control.
6. Double encryption – Add an extra layer of protection for sensitive data.
7. Secure transport (TLS, HTTPS) – Protect data in transit.

Module 8. Plan and implement security for Azure SQL Database and Azure SQL Managed Instance

1. Microsoft Entra authentication – Centralize access control.
2. Transparent Data Encryption (TDE) – Encrypt databases at rest.
3. Always Encrypted – Protect sensitive data during processing.
4. SQL audit – Monitor and log database activities.
5. Purview integration – Classify and govern sensitive data.
6. Dynamic data masking – Limit exposure of sensitive fields.
7. SQL security best practices – Use firewalls, VNETs, and identity-based access.

Module 9. Implement and manage enforcement of cloud governance policies

1. Azure Policy – Enforce compliance via policies and initiatives.
2. Azure Blueprints – Deploy pre-configured environments securely.
3. Landing zones – Build secure, scalable, and compliant foundations.
4. Azure Key Vault – Secure secrets, keys, and certificates.
5. Key Vault access controls – Use RBAC and access policies.
6. Backup & key rotation – Automate and secure key lifecycle management.
7. Security benchmark adoption – Follow Microsoft Cloud Security Benchmark standards.

Module 10. Manage security posture by using Microsoft Defender for Cloud

1. Defender for Cloud Secure Score – Identify and track posture improvements.
2. Security recommendations & Inventory – Proactive risk assessment.
3. Compliance assessment – Map controls to regulatory frameworks.
4. Connect hybrid/multicloud – Extend visibility beyond Azure.
5. Custom initiatives – Tailor security posture tracking.
6. Defender External Attack Surface Management – Discover and reduce external risks.
7. Automated hardening recommendations – Guided remediation steps.

Module 11. Configure and manage threat protection by using Microsoft Defender for Cloud

1. Enable Defender plans – For Servers, Storage, Containers, Databases.
2. Malware scanning for storage – Detect malicious uploads.
3. Just-in-time access (JIT) – Secure remote access to VMs.
4. Vulnerability management – Prioritize and remediate threats on VMs.
5. Defender for Containers – Monitor and secure AKS workloads.
6. Security DevOps (GitHub, Azure DevOps) – Integrate security into CI/CD.
7. Data collection with Azure Monitor Agent – Centralize and transform telemetry.

Module 12. Configure and manage security monitoring and automation solutions

1. Microsoft Sentinel alerts/incidents – Centralize threat detection and response.
2. Configure Sentinel connectors – Ingest logs from various sources.
3. Analytics rules – Automate threat detection.
4. Sentinel playbooks & automation – Trigger responses with Logic Apps.
5. Log retention & cost management – Optimize storage and compliance.
6. Threat response with automation – React quickly with custom workflows.
7. Integration with Defender for Cloud – Unify visibility across the platform.