Skip to content
Azure Security Engineer
AZ-500 Intermediate

Become an Azure Security Engineer

Full AZ-500 exam prep — network security, identity management, platform protection, and security operations.

Start Learning Hands-on labs + AZ-500 exam prep
About

About This Course

The AZ-500 is the certification that proves you can actually secure Azure infrastructure. This course covers every exam objective in depth — network security, identity management, platform protection, and security operations. You will configure NSGs, Azure Firewall, and Private Endpoints. You will set up Privileged Identity Management, Conditional Access, and Key Vault. You will enable Defender for Cloud across subscriptions and build Azure Policy assignments that enforce your security baseline.

This is a 14-hour course because Azure security engineering is not simple, and shortcuts here create real risk. Every topic includes portal walkthroughs, ARM template examples, and configuration patterns you will actually use in production environments. The course follows the official exam objectives but goes beyond memorization — you will understand why each control exists and when to apply it.

If you already hold the AZ-104 or have hands-on Azure experience, this is your next step. The AZ-500 validates that you can design and implement security controls across the entire Azure platform, and this course prepares you to do exactly that.

Outcomes

What You'll Learn

01

Configure network security groups, Azure Firewall, and Private Endpoints for workload isolation

02

Implement identity management with Entra ID, Privileged Identity Management, and Conditional Access

03

Secure Azure compute, storage, and database resources with encryption and access controls

04

Monitor security posture using Microsoft Defender for Cloud and Azure Policy

Before You Start

Prerequisites

  • Working experience with Azure resource deployment, networking, and identity
  • An Azure subscription for hands-on labs — a free trial works
Audience

Who Is This Course For

This course is designed for Azure administrators and cloud engineers who are responsible for implementing security controls in Azure environments. You should have working experience with Azure resource deployment, networking, and identity. If you are preparing for the AZ-500 exam or moving into a dedicated cloud security role, this course gives you the technical depth and hands-on practice you need.

Curriculum

What's Inside

01

Identity and Access Management

  • Microsoft Entra ID roles, PIM, and access reviews
  • Conditional Access policies and authentication strength
  • Managed identities and service principals
  • External identity providers and B2B access
02

Network Security

  • Virtual network security with NSGs and ASGs
  • Azure Firewall, WAF, and DDoS Protection
  • Private Endpoints and Service Endpoints
  • VPN Gateway and ExpressRoute security
03

Platform Protection

  • Azure Key Vault for secrets, keys, and certificates
  • Storage account encryption and access controls
  • Compute security including disk encryption and VM hardening
  • Container security with AKS and ACR
04

Security Operations and Monitoring

  • Microsoft Defender for Cloud plans and recommendations
  • Azure Policy and regulatory compliance
  • Log Analytics workspace and diagnostic settings
  • Security alerts, automation, and incident response