Azure Security: AZ-500

Update April 2025

Welcome to Azure Security: AZ-500 course!

In this course you will learn how to provide a high level of security to the entire Azure platform, which is currently one of the most in-demand skill sets as cyber security threats continue to rise and target cloud based resources.

May 2024 updates:

8: Entra ID Overview

9: Demo: Entra ID Overview

10: Entra ID Users

11: Demo: Entra ID Users

12: Demo: Entra ID External Users

13: Demo: Creating an Admin Entra ID User Account

14: Demo: Entra ID Premium 2 (P2 ) Activation

15: Entra ID Groups

16: Entra ID Group Expiration

17: Demo: Creating a New Entra ID Group

18: Demo: Entra ID Group Expiration

19: Self-Service Password Reset (SSPR)

20: Demo: Self-Service Password Reset (SSPR)

21: Planning for Role Based Access Control (RBAC)22: Demo: Entra ID Roles

23: Management Groups

24: Demo: Azure Roles

25: Custom Roles Based Access Control (RBAC)

26: Demo: Custom Roles Based Access Control (RBAC)

37 Demo: Conditional Access

28: Privileged Identity Management (PIM) Scenario

29: Demo: Privileged Identity Management (PIM) Scenario

31: Identity Protection

32: Identity Protection Roles

33: Demo: Identity Protection Roles

34: Security Defaults

35: Demo: Security Defaults

36: Conditional Access

37: Demo: Conditional Access

43: Demo: Azure Key Vault

45: Demo: MFA Configuration

46: Demo: Enable MFA

72: Demo: Just In Time (JIT)

74: Azure Firewall Deployment scenario

75: Demo: Deploying Infrastructure using a Custom Template

76: Azure Firewall Deployment

77: Demo: Azure Firewall Deployment

78: Adding Default Routes for the Azure Firewall

79: Demo: Adding a Default Route

80: Adding Application Rule Collections and Network Rule Collections

81: Demo: Application Rules Collection and Network Rules Collection

82: Configuring DNS settings and testing the Azure Firewall Deployment

83: Demo: Testing the Azure Firewall

85: Demo: DDoS Protection Settings

94: Demo: Connecting to Linux Virtual Machines using SSH

July 2023 updates:

This is a list of the skills you will acquire from this course:

Manage Azure Active Directory (Azure AD) identities

• Create and manage a managed identity for Azure resources

• Manage Azure AD groups

• Manage Azure AD users

• Manage external identities by using Azure AD

• Manage administrative units

Manage secure access by using Azure AD

• Configure Azure AD Privileged Identity Management (PIM)

• Implement Conditional Access policies, including multifactor authentication

• Implement Azure AD Identity Protection

• Implement passwordless authentication

• Configure access reviews

Manage application access

• Integrate single sign-on (SSO) and identity providers for authentication

• Create an app registration

• Configure app registration permission scopes

• Manage app registration permission consent

• Manage API permissions to Azure subscriptions and resources

• Configure an authentication method for a service principal

Manage access control

• Configure Azure role permissions for management groups, subscriptions, resource groups, and Resources

• Assign built-in Azure AD roles

• Create and assign custom roles, including Azure roles and Azure AD roles

Implement advanced network security

• Secure the connectivity of hybrid networks

• Secure the connectivity of virtual networks

• Create and configure Azure Firewall

• Create and configure Azure Firewall Manager

• Create and configure Azure Application Gateway

• Create and configure Azure Front Door

• Create and configure Web Application Firewall (WAF)

• Configure a resource firewall, including storage account, Azure SQL, Azure Key Vault, or Azure App Service

• Configure network isolation for Web Apps and Azure Functions

• Implement Azure Service Endpoints

• Implement Azure Private Endpoints, including integrating with other services

• Implement Azure Private Links

• Implement Azure DDoS Protection

Configure advanced security for compute

• Configure Endpoint Protection for virtual machines (VMs)

• Implement and manage security updates for VMs

• Configure security for container services

• Manage access to Azure Container Registry

• Configure security for serverless compute

• Configure security for an Azure App Service

• Configure encryption at rest

• Configure encryption in transit

Configure centralized policy management

• Configure a custom security policy

• Create a policy initiative

• Configure security settings and auditing by using Azure Policy

Configure and manage threat protection

• Configure Microsoft Defender for Servers

• Configure Microsoft Defender for SQL

Configure and manage security monitoring solutions

• Create and customize alert rules by using Azure Monitor

• Configure diagnostic logging and log retention by using Azure Monitor

• Monitor security logs by using Azure Monitor

• Create and customize alert rules in Microsoft Sentinel

• Configure connectors in Microsoft Sentinel

• Evaluate alerts and incidents in Microsoft Sentinel

Configure security for storage

• Configure access control for storage accounts

• Configure storage account access keys

• Configure Azure AD authentication for Azure Storage and Azure Files

• Configure delegated access

Configure security for data

• Enable database authentication by using Azure AD

• Enable database auditing

• Configure dynamic masking on SQL workloads

• Implement database encryption for Azure SQL Database

• Implement network isolation for data solutions, including Azure Synapse Analytics and Azure Cosmos DB

Configure and manage Azure Key Vault

• Create and configure Key Vault

• Configure access to Key Vault

• Manage certificates, secrets, and keys

• Configure key rotation

• Configure backup and recovery of certificates, secrets, and keys