CheapestExamDumps!

Microsoft Exam Syllabus

AZ-500 syllabus, skills measured, and exam topics

The AZ-500 exam measures Secure identity and access, Secure networking, and Secure compute, storage, and databases. Use this page to review the current official syllabus, major domains, and source links before exam day.

Open the practice page

Skills measured by domain

Use the weighting table to decide where to spend the most study time.

Domain Weight
Secure identity and access 15–20%
Secure networking 20–25%
Secure compute, storage, and databases 20–25%
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel 30–35%

What to know before you study

These sections explain the role, audience, and exam framing behind the outline.

Purpose of this document

  • This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
  • Useful links: Description
  • How to earn the certification: Some certifications only require passing one exam, while others require passing multiple exams.
  • Certification renewal: Microsoft associate, expert, and specialty certifications expire annually. You can renew by passing a free online assessment on Microsoft Learn.
  • Your Microsoft Learn profile: Connecting your certification profile to Microsoft Learn allows you to schedule and renew exams and share and print certificates.
  • Exam scoring and score reports: A score of 700 or greater is required to pass.
  • Exam sandbox: You can explore the exam environment by visiting our exam sandbox.
  • Request accommodations: If you use assistive devices, require extra time, or need modification to any part of the exam experience, you can request an accommodation.
  • Take a free Practice Assessment: Test your skills with practice questions to help you prepare for the exam.

Updates to the exam

  • We always update the English language version of the exam first. Some exams are localized into other languages, and those are updated approximately eight weeks after the English version is updated. Other available languages are listed in the Schedule Exam section of the Exam Details webpage. If the exam isn't available in your preferred language, you can request an additional 30 minutes to complete the exam.
  • The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. Related topics may be covered in the exam.
  • Most questions cover features that are general availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Audience profile

  • As the Azure security engineer, you implement, manage, and monitor security for resources in Azure, multi-cloud, and hybrid environments as part of an end-to-end infrastructure. You implement and manage security components and configurations by using Microsoft Defender for Cloud and other tools. You ensure that the infrastructure aligns with standards and best practices such as the Microsoft Cloud Security Benchmark (MCSB).
  • Your responsibilities as an Azure security engineer include:
  • Managing the security posture.
  • Implementing threat protection.
  • Identifying and remediating vulnerabilities.
  • You are responsible for implementing regulatory compliance controls for Azure infrastructure including identity and access, network, compute, storage, data, applications, asset management, backup and recovery, and devops security.
  • As an Azure security engineer, you work with architects, administrators, and developers to plan and implement solutions that meet security and compliance requirements. You may also collaborate with security operations in responding to security incidents in Azure.
  • Practical experience in administration of Microsoft Azure and hybrid environments.
  • Strong familiarity with Microsoft Entra ID, as well as compute, network, and storage in Azure.

Detailed outline

Scan each section as a working study checklist instead of one long wall of text.

Secure identity and access (15–20%)

  • Manage Azure built-in role assignments
  • Manage custom roles, including Azure roles and Microsoft Entra roles
  • Plan and manage Azure resources in Microsoft Entra Privileged Identity Management, including settings and assignments
  • Implement multi-factor authentication (MFA) for access to Azure resources
  • Implement Conditional Access policies for cloud resources in Azure
  • Manage access to enterprise applications in Microsoft Entra ID, including OAuth permission grants
  • Manage Microsoft Entra app registrations
  • Configure app registration permission scopes
  • Manage app registration permission consent
  • Manage and use service principals
  • Manage managed identities

Secure networking (20–25%)

  • Plan and implement Network Security Groups (NSGs) and Application Security Groups (ASGs)
  • Manage virtual networks by using Azure Virtual Network Manager
  • Plan and implement user-defined routes (UDRs)
  • Plan and implement Virtual Network peering or VPN gateway
  • Plan and implement Virtual WAN, including secured virtual hub
  • Secure VPN connectivity, including point-to-site and site-to-site
  • Implement encryption over ExpressRoute
  • Configure firewall settings on Azure resources
  • Monitor network security by using Network Watcher
  • Plan and implement virtual network Service Endpoints
  • Plan and implement Private Endpoints
  • Plan and implement Private Link services

Secure compute, storage, and databases (20–25%)

  • Plan and implement remote access to virtual machines, including Azure Bastion and just-in-time (JIT) VM access
  • Configure network isolation for Azure Kubernetes Service (AKS)
  • Secure and monitor AKS
  • Configure authentication for AKS
  • Configure security monitoring for Azure Container Instances (ACIs)
  • Configure security monitoring for Azure Container Apps (ACAs)
  • Manage access to Azure Container Registry (ACR)
  • Configure disk encryption, including Azure Disk Encryption (ADE), encryption at host, and confidential disk encryption
  • Recommend security configurations for Azure API Management
  • Configure access control for storage accounts
  • Manage storage account access keys
  • Select and configure an appropriate method for access to Azure Files

Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel (30–35%)

  • Create, assign, and interpret policies and initiatives in Azure Policy
  • Configure Azure Key Vault network settings
  • Configure access to Key Vault, including vault access policies and Azure Role Based Access Control
  • Manage certificates, secrets, and keys
  • Configure key rotation
  • Perform backup and recovery of certificates, secrets, and keys
  • Implement security controls to protect backups
  • Implement security controls for asset management
  • Identify and remediate security risks by using the Microsoft Defender for Cloud Secure Score and Inventory
  • Assess compliance against security frameworks by using Microsoft Defender for Cloud
  • Manage compliance standards in Microsoft Defender for Cloud
  • Add custom standards to Microsoft Defender for Cloud