Microsoft Certified: Azure Security Engineer Associate (AZ500)

This four-day Microsoft certified course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities. This course includes security for identity and access, platform protection, data and applications, and security operations.

This training is a comprehensive preparation for the AZ-500: Microsoft Azure Security Technologies exam to earn the Microsoft Certified: Azure Security Engineer Associate certification.


Public class

Virtual classroom
Planned datePlanned date
October 2 2023
Virtual classroom
Planned datePlanned date
November 6 2023
Virtual classroom
Guaranteed to runGuaranteed to run
December 18 2023
Virtual classroom
Planned datePlanned date
January 22 2024
4 days / 28 hours

Private class

On site / Virtual classroom
Minimum no. of participants: 5
4 days / 28 hours
Price on request
English or French
Training plan: 

Microsoft Azure Security Technologies (AZ-500T00)

Module 1: Secure Azure solutions with Azure Active Directory

  • Explore Azure Active Directory features
  • Compare Azure AD vs Active Directory Domain Services
  • Investigate roles in Azure AD
  • Deploy Azure AD Domain Services
  • Create and manage Azure AD users
  • Manage users with Azure AD groups
  • Configure Azure AD administrative units
  • Implement passwordless authentication

Module 2: Implement Hybrid identity

  • Deploy Azure AD connect
  • Explore authentication options
  • Configure Password Hash Synchronization (PHS)
  • Implement Pass-through Authentication (PTA)
  • Deploy Federation with Azure AD
  • Explore the authentication decision tree
  • Configure password writeback

Module 3: Deploy Azure AD identity protection

  • Explore Azure AD identity protection
  • Configure risk event detections
  • Implement user risk policy
  • Implement sign-in risk policy
  • Deploy multifactor authentication in Azure
  • Explore multifactor authentication settings
  • Enable multifactor authentication
  • Implement Azure AD conditional access
  • Configure conditional access conditions
  • Implement access reviews

Module 4: Configure Azure AD privileged identity management

  • Explore the zero trust model
  • Review the evolution of identity management
  • Deploy Azure AD privileged identity management
  • Configure privileged identity management scope
  • Implement privileged identity management onboarding
  • Explore privileged identity management configuration settings
  • Implement a privileged identity management workflow

Module 5: Design an enterprise governance strategy

  • Review the shared responsibility model
  • Explore the Azure cloud security advantages
  • Review Azure hierarchy of systems
  • Configure Azure policies
  • Enable Azure role-based access control (RBAC)
  • Compare and contrast Azure RBAC vs Azure policies
  • Configure built-in roles
  • Enable resource locks
  • Deploy Azure blueprints
  • Design an Azure subscription management plan

Module 6: Implement perimeter security

  • Define defense in depth
  • Explore virtual network security
  • Enable Distributed Denial of Service (DDoS) Protection
  • Configure a distributed denial of service protection implementation
  • Explore Azure Firewall features
  • Deploy an Azure Firewall implementation
  • Configure VPN forced tunneling
  • Create User Defined Routes and Network Virtual Appliances
  • Explore hub and spoke topology

Module 7: Configure network security

  • Explore Network Security Groups (NSG)
  • Deploy a Network Security Groups implementation
  • Create Application Security Groups
  • Enable service endpoints
  • Configure service endpoint services
  • Deploy private links
  • Implement an Azure application gateway
  • Deploy a web application firewall
  • Configure and manage Azure front door
  • Review ExpressRoute

Module 8: Configure and manage host security

  • Enable endpoint protection
  • Define a privileged access device strategy
  • Deploy privileged access workstations
  • Create virtual machine templates
  • Enable and secure remote access management
  • Configure update management
  • Deploy disk encryption
  • Deploy and configure Windows Defender
  • Explore Microsoft Defender for Cloud recommendations
  • Secure Azure workloads with Azure Security Benchmarks

Module 9: Enable Containers security

  • Explore containers
  • Configure Azure Container Instances security
  • Manage security for Azure Container Instances (ACI)
  • Explore the Azure Container Registry (ACR)
  • Enable Azure Container Registry authentication
  • Review Azure Kubernetes Service (AKS)
  • Implement an Azure Kubernetes Service architecture
  • Configure Azure Kubernetes Service networking
  • Deploy Azure Kubernetes Service storage
  • Secure authentication to Azure Kubernetes Service with Active Directory
  • Manage access to Azure Kubernetes Service using Azure role-based access controls

Module 10: Deploy and secure Azure Key Vault

  • Explore Azure Key Vault
  • Configure Key Vault access
  • Review a secure Key Vault example
  • Deploy and manage Key Vault certificates
  • Create Key Vault keys
  • Manage customer managed keys
  • Enable Key Vault secrets
  • Configure key rotation
  • Manage Key Vault safety and recovery features
  • Explore the Azure Hardware Security Module

Module 11: Configure application security features

  • Review the Microsoft identity platform
  • Explore Azure AD application scenarios
  • Register an application with App Registration
  • Configure Microsoft Graph permissions
  • Enable managed identities
  • Deploy web app certificates

Module 12: Implement storage security

  • Define data sovereignty
  • Configure Azure storage access
  • Deploy shared access signatures
  • Manage Azure AD storage authentication
  • Implement storage service encryption
  • Configure blob data retention policies
  • Configure Azure files authentication
  • Enable the secure transfer required property

Module 13: Configure and manage SQL database security

  • Enable SQL database authentication
  • Configure SQL database firewalls
  • Enable and monitor database auditing
  • Implement data discovery and classification
  • Explore vulnerability assessment
  • Enable Defender for SQL (advanced threat protection)
  • Configure dynamic data masking
  • Implement transparent data encryption
  • Deploy always encrypted features
  • Deploy an always encrypted implementation

Module 14: Configure and manage Azure Monitor

  • Explore Azure Monitor
  • Configure and monitor metrics and logs
  • Enable Log Analytics
  • Manage connected sources for log analytics
  • Enable Azure monitor Alerts
  • Configure properties for diagnostic logging

Module 15: Enable and manage Microsoft Defender for Cloud

  • Review the cyber kill chain
  • Implement Microsoft Defender for Cloud
  • Configure security center policies
  • Manage and implement security center recommendations
  • Explore secure score
  • Deploy Microsoft Defender for Cloud
  • Define brute force attacks
  • Implement Just-in-time VM access

Module 16: Configure and monitor Microsoft Sentinel

  • Enable Microsoft Sentinel
  • Configure data connections to Sentinel
  • Create workbooks for explore Sentinel data
  • Enable rules to create incidents
  • Configure playbooks
  • Hunt and investigate potential breaches
  • One FREE attendance to the Microsoft 365 Certified: Fundamentals (MS900) training
  • One year access to the class recording
  • 180 days access to the lab environment after class
  • One voucher to take the exam
  • Up to date courseware with Microsoft Learn
  • Microsoft course achievement badge

Successful learners will have prior knowledge and understanding of:

  • Security best practices and industry security requirements such as defense in depth, least privileged access, role-based access control, multi-factor authentication, shared responsibility, and zero trust model.
  • Be familiar with security protocols such as Virtual Private Networks (VPN), Internet Security Protocol (IPSec), Secure Socket Layer (SSL), disk and data encryption methods.
  • Have some experience deploying Azure workloads. This course does not cover the basics of Azure administration, instead the course content builds on that knowledge by adding security specific information.
  • Have experience with Windows and Linux operating systems and scripting languages. Course labs may use PowerShell and the CLI.
Certification information: 

Exam characteristics:

  • Exam code: AZ-500
  • Cost: $0 (included in your training)
  • Skills measured
    • Manage identity and access
    • Implement platform protection
    • Manage security operations
    • Secure data and applications
  • All details... 

Contact us for more information on pricing::

Office: 1-888-718-9732
E-mail: info@eccentrix.ca

130, King Street West, Suite 1800
Toronto, Ontario M5X 1E3