Microsoft Azure Security Engineer Associate Certification

Advance your career with Microsoft Azure Security Engineer Associate Certification. Candidates for the Azure Security Engineer certification should have subject matter expertise implementing security controls and threat protection, managing identity and access, and protecting data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.

Responsibilities for this role include maintaining the security posture, identifying, and remediating vulnerabilities by using a variety of security tools, implementing threat protection, and responding to security incident escalations.

Azure Security Engineers often serve as part of a larger team dedicated to cloud-based management and security or hybrid environments as part of an end-to-end infrastructure.

A candidate for this certification should have strong skills in scripting and automation; a deep understanding of networking, virtualization, and cloud N-tier architecture; and a strong familiarity with cloud capabilities and products and services for Azure, plus other Microsoft products and services.

The average salary for Azure Security Engineer Associate in the United States is $136,500 per annum.

Microsoft Certified: Azure Security Engineer Associate – Skills Measured

This exam measures your ability to accomplish the following technical tasks: manage identity and access; implement platform protection; manage security operations; and secure data and applications.

Certification Exam AZ-500: Microsoft Azure Security Technologies

Manage identity and access (30-35%)

Configure Azure Active Directory for workloads

create App Registration
configure App Registration permission scopes
manage App Registration permission consent
configure Multi-Factor Authentication settings
manage Azure AD directory groups
manage Azure AD users
install and configure Azure AD Connect
configure authentication methods
implement Conditional Access policies
configure Azure AD identity protection

Manage Azure Active Directory identities

configure security for service principals
manage Azure AD directory groups
manage Azure AD users
configure password writeback
configure authentication methods including password hash and Pass Through Authentication (PTA), OAuth, and passwordless
transfer Azure subscriptions between Azure AD tenants

Configure secure access by using Azure AD

monitor privileged access for Azure AD Privileged Identity Management (PIM)
configure Access Reviews
activate and configure PIM
implement Conditional Access policies including Multi-Factor Authentication (MFA)
configure Azure AD identity protection

Manage application access

create App Registration
configure App Registration permission scopes
manage App Registration permission consent
manage API access to Azure subscriptions and resources

Manage access control

configure subscription and resource permissions
configure resource group permissions
configure custom RBAC roles
identify the appropriate role
apply principle of least privilege
interpret permissions
check access

Implement platform protection (15-20%)

Implement advanced network security

secure the connectivity of virtual networks (VPN authentication, Express Route encryption)
configure Network Security Groups (NSGs) and Application Security Groups (ASGs)
create and configure Azure Firewall
configure Azure Front Door service as an Application Gateway
configure a Web Application Firewall (WAF) on Azure Application Gateway
configure Azure Bastion
configure a firewall on a storage account, Azure SQL, KeyVault, or App Service
implement Service Endpoints
implement DDoS

Configure advanced security for compute

configure endpoint protection
configure and monitor system updates for VMs
configure authentication for Azure Container Registry
configure security for different types of containers
implement vulnerability management
configure isolation for AKS
configure security for container registry
implement Azure Disk Encryption
configure authentication and security for Azure App Service
configure SSL/TLS certs
configure authentication for Azure Kubernetes Service
configure automatic updates

Manage security operations (25-30%)

Monitor security by using Azure Monitor

create and customize alerts
monitor security logs by using Azure Monitor
configure diagnostic logging and log retention

Monitor security by using Azure Security Center

evaluate vulnerability scans from Azure Security Center
configure Just in Time VM access by using Azure Security Center
configure centralized policy management by using Azure Security Center
configure compliance policies and evaluate for compliance by using Azure Security Center

Monitor security by using Azure Sentinel

create and customize alerts
configure data sources to Azure Sentinel
evaluate results from Azure Sentinel
configure a playbook for a security event by using Azure Sentinel

Configure security policies

configure security settings by using Azure Policy
configure security settings by using Azure Blueprint

Secure data and applications (20-25%)

Configure security for storage

configure access control for storage accounts
configure key management for storage accounts
configure Azure AD authentication for Azure Storage
configure Azure AD Domain Services authentication for Azure Files
create and manage Shared Access Signatures (SAS)
create a shared access policy for a blob or blob container
configure Storage Service Encryption

Configure security for databases

enable database authentication
enable database auditing
configure Azure SQL Database Advanced Threat Protection
implement database encryption
implement Azure SQL Database Always Encrypted

Configure and manage Key Vault

manage access to Key Vault
manage permissions to secrets, certificates, and keys
configure RBAC usage in Azure Key Vault
manage certificates
manage secrets
configure key rotation
backup and restore of Key Vault items