Microsoft Azure Security Technologies (AZ-500)

Provided by

Enquire about this course


In this course students will gain the knowledge and skills needed to implement security controls, maintain the security posture, and identify and remediation of vulnerabilities by using a variety of security tools. The course covers configuring and deploying security solutions for cloud N-tier architecture.
Audience profile

Students should have at least one year of hands-on experience securing Azure workloads and experience with security controls for workloads on Azure.
Accessing your courseware and registering attendance with Microsoft

To access your Official Curriculum (MOC) course materials you will need a account. In Learn you will also be able to register your completion of the event and receive your achievement badge. You will be issued with a unique code during your event.



Before attending this course, students must have knowledge of:

Microsoft Azure Administrator (AZ-104) (MAZ104)

Please note: In order to access the Azure labs for this course you will need to have a Microsoft Outlook account that has/will not be used to associate with any other corporate Azure subscription. You can set up a new Outlook account here


Learning Outcomes

After completing this course, students will be able to:
  • Describe specialized data classifications on Azure
  • Identify Azure data protection mechanisms
  • Implement Azure data encryption methods
  • Secure Internet protocols and how to implement them on Azure
  • Describe Azure security services and features

Course Outline

MODULE 1: Secure Azure solutions with Microsoft Entra ID

Explore how to securely configure and administer your Microsoft Entra instance.

By the end of this module, you will be able to:
  • Configure Microsoft Entra ID and Microsoft Entra Domain Services for security
  • Create users and groups that enable secure usage of your tenant
  • Use MFA to protect user's identities
  • Configure passwordless security options
  • Introduction
  • Explore Microsoft Entra features
  • Self-managed Active Directory Domain Services, Microsoft Entra ID, and managed Microsoft Entra Domain Services
  • Microsoft Entra Domain Services and self-managed AD DS
  • Microsoft Entra Domain Services and Microsoft Entra ID
  • Investigate roles in Microsoft Entra ID
  • Microsoft Entra built-in roles
  • Deploy Microsoft Entra Domain Services
  • Create and manage Microsoft Entra users
  • Manage users with Microsoft Entra groups
  • Configure Microsoft Entra administrative units
  • Implement passwordless authentication
  • Explore Try-This exercises
  • Knowledge check
  • Summary
MODULE 2: Implement Hybrid identity

Explore how to deploy and configure Microsoft Entra Connect to create a hybrid identity solution for your company.

By the end of this module, you'll be able to:
  • Deploy Microsoft Entra Connect
  • Pick and configure that best authentication option for your security needs
  • Configure password writeback
  • Introduction
  • Deploy Microsoft Entra Connect
  • Explore authentication options
  • Configure Password Hash Synchronization (PHS)
  • Implement Pass-through Authentication (PTA)
  • Deploy Federation with Microsoft Entra ID
  • Explore the authentication decision tree
  • Configure password writeback
  • Knowledge check
  • Summary
MODULE 3: Deploy Microsoft Entra ID Protection

Protect identities in Microsoft Entra ID using Conditional Access, MFA, access reviews, and other capabilities.

By the end of this module, you will be able to:
  • Deploy and configure Identity Protection
  • Configure MFA for users, groups, and applications
  • Create Conditional Access policies to ensure your security
  • Create and follow an access review process
  • Introduction
  • Explore Microsoft Entra ID Protection
  • Configure risk event detections
  • Implement user risk policy
  • Implement sign-in risk policy
  • Deploy multifactor authentication in Azure
  • Explore multifactor authentication settings
  • Enable multifactor authentication
  • Implement Microsoft Entra Conditional Access
  • Configure conditional access conditions
  • Implement access reviews
  • Explore try-this exercises
  • Knowledge check
  • Summary
MODULE 4: Configure Microsoft Entra Privileged Identity Management

Ensure that your privileged identities have extra protection and are accessed only with the least amount of access needed to do the job.

By the end of this module, you'll be able to:
  • Describe Zero Trust and how it impacts security
  • Configure and deploy roles using Privileged Identity Management (PIM)
  • Evaluate the usefulness of each PIM setting as it relates to your security goals
  • Introduction
  • Explore the zero trust model
  • Review the evolution of identity management
  • Deploy Microsoft Entra Privileged Identity Management
  • Configure privileged identity management scope
  • Implement privileged identity management onboarding
  • Explore privileged identity management configuration settings
  • Implement a privileged identity management workflow
  • Explore Try-This exercises
  • Knowledge check
  • Summary
MODULE 5: Design an enterprise governance strategy

Learn to use RBAC and Azure Policy to limit access to your Azure solutions, and determine which method is right for your security goals.

By the end of this module, you will be able to:
  • Explain the shared responsibility model and how it impacts your security configuration
  • Create Azure policies to protect your solutions
  • Configure and deploy access to services using RBAC
  • Introduction
  • Review the shared responsibility model
  • Explore the Azure cloud security advantages
  • Review Azure hierarchy of systems
  • Configure Azure policies
  • Enable Azure role-based access control (RBAC)
  • Compare and contrast Azure RBAC vs Azure policies
  • Configure built-in roles
  • Enable resource locks
  • Deploy Azure blueprints
  • Design an Azure subscription management plan
  • Explore Try-This exercises
  • Knowledge check
  • Summary
MODULE 6: Implement perimeter security

By the end of this module, you will be able to:
  • Define defense in depth
  • Protect your environment from denial-of-service attacks
  • Secure your solutions using firewalls and VPNs
  • Explore your end-to-end perimeter security configuration based on your security posture
  • Introduction
  • Define defense in depth
  • Explore virtual network security
  • Enable Distributed Denial of Service (DDoS) Protection
  • Configure a distributed denial of service protection implementation
  • Explore Azure Firewall features
  • Deploy an Azure Firewall implementation
  • Configure VPN forced tunneling
  • Create User Defined Routes and Network Virtual Appliances
  • Explore hub and spoke topology
  • Perform try-this exercises
  • Knowledge check
  • Summary
MODULE 7: Configure network security

Use Azure network capabilities to secure your network and applications from external and internal attacks.

By the end of this module, you will be able to:
  • Deploy and configure network security groups to protect your Azure solutions
  • Configure and lockdown service endpoints and private links
  • Secure your applications with Application Gateway, Web App Firewall, and Front Door
  • Configure ExpressRoute to help protect your network traffic
  • Introduction
  • Explore Network Security Groups (NSG)
  • Deploy a Network Security Groups implementation
  • Create Application Security Groups
  • Enable service endpoints
  • Configure service endpoint services
  • Deploy private links
  • Implement an Azure application gateway
  • Deploy a web application firewall
  • Configure and manage Azure front door
  • Review ExpressRoute
  • Perform try-this exercises
  • Knowledge check
  • Summary
MODULE 8: Configure and manage host security

Learn to lock down the devices, virtual machines, and other components that run your applications in Azure.

By the end of this module, you will be able to:
  • Configure and deploy Endpoint Protection
  • Deploy a privileged access strategy for devices and privileged workstations
  • Secure your virtual machines and access to them
  • Deploy Windows Defender
  • Practice layered security by reviewing and implementing Security Center and Security Benchmarks
  • Introduction
  • Enable endpoint protection
  • Define a privileged access device strategy
  • Deploy privileged access workstations
  • Create virtual machine templates
  • Enable and secure remote access management
  • Configure update management
  • Deploy disk encryption
  • Managed disk encryption options
  • Deploy and configure Windows Defender
  • Microsoft cloud security benchmark in Defender for Cloud
  • Explore Microsoft Defender for Cloud recommendations
  • Perform Try-This exercises
  • Knowledge check
  • Summary
MODULE 9: Enable Containers security

Explore how to secure your applications running within containers and how to securely connect to them.

By the end of this module, you will be able to:
  • Define the available security tools for containers in Azure
  • Configure security settings for containers and Kubernetes services
  • Lock down network, storage, and identity resources connected to your containers
  • Deploy RBAC to control access to containers
  • Introduction
  • Explore containers
  • Configure Azure Container Instances security
  • Manage security for Azure Container Instances (ACI)
  • Explore the Azure Container Registry (ACR)
  • Enable Azure Container Registry authentication
  • Review Azure Kubernetes Service (AKS)
  • Implement an Azure Kubernetes Service architecture
  • Configure Azure Kubernetes Service networking
  • Deploy Azure Kubernetes Service storage
  • Secure authentication to Azure Kubernetes Service with Active Directory
  • Manage access to Azure Kubernetes Service using Azure role-based access controls
  • Knowledge check
  • Summary
MODULE 10: Deploy and secure Azure Key Vault

Protect your keys, certificates, and secrets in Azure Key Vault. Learn to configure key vault for the most secure deployment.

By the end of this module, you will be able to:
  • Define what a key vault is and how it protects certificates and secrets
  • Deploy and configure Azure Key Vault
  • Secure access and administration of your key vault
  • Store keys and secrets in your k


Start date Location / delivery
22 Oct 2024 QA Attend From Anywhere Book now
01132207150 01132207150

Related article

The Cyber Pulse is QA's new portal to free Cyber content, including on-demand webinars, articles written by leading experts,