AZ-500: Microsoft Azure Security Technologies

AZ-500 Course: Microsoft Azure Security Technologies

This course provides IT security professionals with the knowledge and skills necessary to implement security controls, maintain an organization's security posture, and identify and remediate security vulnerabilities. This course covers identity and access security, platform, data, and application protection, and security operations.

The course includes a certification exam and a bonus opportunity for a virtual gift! *Promotion valid until August 31st, for customers in Spain only. Does not apply to self-learning.

Level: Intermediate - Product: Azure - Role: Security Engineer

Course aimed at

This course is intended for Azure security engineers planning to take the associated certification exam or who perform security tasks in their daily work. This course would also be useful for an engineer who wants to specialize in providing security for Azure-based digital platforms and play an integral role in protecting an organization's data.

AZ-500 Course Objectives

• Implement security controls: You'll learn how to configure and manage security controls to protect resources in Azure, including identity and access protection, platform security, data security, and application security.
  
• Maintaining a Security Posture: You'll develop skills to maintain and improve your organization's security posture, ensuring that systems and data are protected against threats.
  
• Identify and Remediate Vulnerabilities: You'll learn how to identify and remediate security vulnerabilities using tools like Microsoft Defender for Cloud.
  
• Implement Threat Protection: You will configure and manage threat protection solutions to detect and respond to security incidents in Azure, multi-cloud, and hybrid environments.

Elements of the Microsoft Learn AZ-500 training

• Virtual Network Security Planning and Implementation (13 Units)
• Planning and Implementing Private Access Security for Azure Resources (9 units)
• Planning and Implementing Security for Public Access to Azure Resources (9 Units)
• Planning and Implementing Advanced Process Security (13 Units)
• Storage Security Planning and Implementation (13 Units)
• Planning and Implementing Security for Azure SQL Database and Azure SQL Managed Instance (11 Units)

AZ-500 Microsoft Azure Security Technologies Course Content

Module 1. Managing Identity and Access

Lessons

• Managing security controls for identity and access
  
• Managing application access in Microsoft Access

Lab 01: Role-Based Access Control

After completing this module, students will be able to:

• Effectively manage identities with Microsoft Sign In ID to ensure secure access and identity governance.
  
• Manage authentication processes effectively with Microsoft Sign In ID to protect user access and verify identities.
  
• Deploy and manage authorization settings with Microsoft Sign-in ID to securely control access rights and permissions.
  
• Effectively manage and secure access to applications with Microsoft Sign-in ID to ensure proper user authorization and authentication.

Module 2. Network Protection

Lessons

• Planning and implementing virtual network security
  
• Planning and implementing security for private access to Azure resources
  
• Planning and implementing security for public access to Azure resources
  

Lab 02: Network Security Groups and Application Security Groups

Lab 03: Azure Firewall

After completing this module, students will be able to:

• Plan and implement security measures for virtual networks, including NSGs, ASGs, UDRs, VNET peering, VPN Gateway instances, Virtual WAN, and network monitoring using Network Watcher.
  
• Establish private access to Azure resources using service endpoints, private endpoints, Private Link services, and secure configurations for App Service, Azure Functions, and Azure SQL Managed Instance.
  
• Implement security for Azure public access, including TLS application integration, Azure Firewall, Application Gateway, Front Door, WAF, and recommendations for Azure DDoS Protection.
  

Module 3. Process, storage, and database protection

Lessons

• Planning and implementing advanced process security
  
• Storage Security Planning and Implementation
  
• Planning and implementing security for Azure SQL Database and Azure SQL Managed Instance
  

Lab 04: Configuring and Securing ACR and AKS

Lab 05: Securing Azure SQL Database

Lab 06: Service Connection Points and Secure Storage

After completing this module, students will be able to:

• Strengthen process security with Azure Bastion, AKS configurations, container monitoring, and advanced encryption techniques.
  
• Enhance storage security with customized access controls, threat protection measures, and multiple encryption strategies.
  
• Strengthen Azure SQL Database security with authentication, auditing, data classification, and advanced encryption recommendations.
  

Module 4. Securing Azure with Microsoft Defender for Cloud and Microsoft Sentinel

Lessons

• Implementing and managing compliance with cloud governance policies
  
• Managing your security posture with Microsoft Defender for Cloud
  Configuring and managing threat protection using Microsoft Defender for Cloud
  
• Configuring and managing security monitoring and automation solutions
  

Lab 07: Keystore

Lab 08: Creating a Log Analytics Workspace, Azure Storage Account, and Data Collection Rule (DCR)

Lab 09: Configuring Microsoft Defender for Cloud Enhanced Security Features for Servers

Lab 10: Enabling Just-In-Time Access on Virtual Machines

Lab 11: Microsoft Sentinel

After completing this module, students will be able to:

• Implement security operations, establish governance, and implement Azure policies and infrastructure, while protecting keys and certificates.
  
• Improve Defender's security posture, ensure compliance, and monitor external threats.
  
• Configure Defender for a variety of threats, manage alerts, and leverage Sentinel for advanced security strategies.

Prerequisites

Students who pass the test will have prior knowledge and understanding of:

• Industry security best practices and requirements, such as defense in depth, least privilege access, role-based access control, multi-factor authentication, shared responsibility, and a zero-trust model.
• Security protocols, such as virtual private networks (VPNs), Internet Protocol Security (IPSec), Secure Sockets Layer (SSL), and disk and data encryption methods.
• Have some experience deploying Azure workloads This course does not cover the basics of Azure administration, but rather builds on that knowledge by adding security-specific information.
• Have experience with Windows and Linux systems, as well as scripting languages.
• Course labs can use PowerShell and the CLI.

Language

• Course: English / Spanish

• Labs: English / Spanish

Microsoft Associate Certification: Azure Security Engineer Associate

Microsoft Certified: Azure Security Engineer Associate

Demonstrates the skills necessary to implement security controls, maintain an organizational security posture, and identify and correct security vulnerabilities.

Level: Intermediate
Role: Security Engineer
Product: Azure
Subject: Security