If you are looking to gain today’s security skills and pass the AZ-500 Microsoft Azure Security Engineer Exam, then I am going to teach you how I did it, what to expect in this exam and share my personal experience that can help you pass it from the first time.
The New Microsoft Cloud Security Certifications.
Early this year I was aiming to take all security certifications in Microsoft cloud technologies and I was so excited when Microsoft launched the new Role-Based certifications for Azure and Microsoft 365.
What this means is you can choose which certification path to take depending on you job role and years of experience. I already blogged about how to become a Microsoft 365 Enterprise Administrator Expert and I published a YouTube video explaining the idea of role-based certifications.
Now for both Azure and Microsoft 365, there is a new security role that comes with an Associate level certification. If your job role is to manage security for Microsoft 365, then you can take the MS-500 Microsoft 365 Security Administration Exam and by taking that exam, you become a Microsoft 365 Certified: Security Administrator Associate which brings you one step close to become Microsoft 365 Enterprise Administrator Expert.
If your job role is to manage security for Azure, then you can take the Exam AZ-500: Microsoft Azure Security Technologies which makes you certified Azure Security Engineer Associate. However, the AZ-500 exam does not get you closer of getting any expert level certification in Azure. Currently, it is a dead end exam and does not get you closer to any expert level certification.
For me, I took both exams as my job is to to manage security for both Microsoft 365 and Azure technologies, which is great to test your skills in security for both Microsoft 365 and Azure.
What Does It Take To Take the AZ-500 Azure Security Engineer Exam?
The AZ-500 Azure Security Engineer Exam, like the MS-500 exam, covers a wide range of topics and technologies. Before considering taking this exam, you should first have good knowledge in the Azure technologies themselves which makes sense. You should learn what are the different Azure platform technologies in order to learn how to secure them.
So a good way to do that is to take the Azure AZ-900 (Azure Fundamentals) or the AZ-103 (Azure Administrator) exam first to learn more about Azure technologies. Now this is not a requirement for taking the AZ-500 exam, but it is a good start. If you are familiar with Azure technologies, then you can go and take the AZ-500 Azure Security Engineer Exam right away.
When I first planned to take the AZ-500 Azure Security Engineer Exam, I already had 60% hands-on experience on all topics that the AZ-500 covers, which is a good start for me. Likewise, to take this exam, you should have at least 30% hands-on experience on the exam topics, or you have to study more to pass this exam.
As expected, the AZ-500 Azure Security Engineer Exam expects you to know how to implement security controls, maintain the security posture, manages identity and access, and protects data, applications, and networks.
As per the AZ-500 Azure Security Engineer Exam official documentation “Candidates identify and remediate vulnerabilities by using a variety of security tools, implements threat protection, and responds to security incident escalations. As a Microsoft Azure security engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure“.
Skills measured & How To Prepare For The Exam
The first skill area is (Manage identity and access (20-25%)) and here you should learn about Azure Active Directory, Azure AD PIM or Privileged Identity Management, and Azure tenant security. I already published a course at Pluralsight that can help you master Azure PIM, which can save you a lot of time preparing for the AZ-500 Azure Security Engineer Exam.
At Pluralsight, you can also find good courses about Azure subscription security and Azure RBAC.
The second skill area is (Implement platform protection (35-40%)) and here you should learn about:
- Azure Network Security
- Azure Host Security
- Azure Containers Security
- Azure Resource Management Security
Make sure you understand how Azure security groups work, Azure Firewall, Azure policies, VM system updates and how Azure networking works. To speed up your preparation for this section of the exam, consider taking one of these Pluralsight courses:
- Implementing and Managing Microsoft Azure Multi-factor Authentication
- Implementing Microsoft Azure Subscription Security
- Microsoft Azure Security – Getting Started
- Securing Microsoft Azure Subscriptions
- Securing Microsoft Azure Networks
- Managing Microsoft Azure Security
- Implementing Host Security in Microsoft Azure
The third exam skills area is the (Manage security operations (15-20%)) and here you should learn about:
- Configure security services.
- Configure security policies.
- Manage security alerts
I already authored a Pluralsight course about [Managing and Responding to Microsoft Azure Security Alerts] that can help you prepare for this section.
The final skills section is the (Secure data and applications (30-35%)) and here you should learn about:
- Configure security policies to manage data.
- Configure security for data infrastructure.
- Implement security for application delivery.
- Configure application security.
- Configure and manage Key Vault
To speed up your preparation for this section of the exam, consider taking one of these Pluralsight courses:
- Securing Virtual Machines with Azure Key Vault
- Configuring Encryption for Data at Rest in Microsoft Azure
- Managing Microsoft Azure Information Protection
- Securing Access to Microsoft Azure Databases
- Securing Access to Microsoft Azure Storage
- Securing Microsoft Azure Data Access Endpoints
- Managing Data Security and Policy in Microsoft Azure
- Configuring Encryption for Data at Rest in Microsoft Azure
- Design a Data Protection Strategy with Microsoft Azure
The AZ-500 Azure Security Engineer Exam Experience
The AZ-500 Azure Security Engineer Exam is definitely not an easy one to pass and it challenges you with long business scenarios that you should read through and pick the right answer. It took me three weeks of preparation with 3 hours a day of studying each day.
Some fellow MVPs also published some blog posts about how to prepare for this exam like this one by Joe Carlyle which provides links to documents covering all AZ-500 Azure Security Engineer Exam objectives.
Share Your Feedback
I want to wish you luck in your AZ-500 Azure Security Engineer Exam certification journey. Please comment below if you find this blog post helpful and share it with your friends and social media to help others prepare for the exam. Remember to come back and post a comment if you take this exam and please share your experience. At least this is what I expect you to do to help others pass the exam too.
And finally, to prove I already took the exam and pass, here is my a link to my badge at Acclaim.