Microsoft Azure Security Engineer Associate Certification

Advance your career with Microsoft Azure Security Engineer Associate Certification. Candidates for the Azure Security Engineer certification should have subject matter expertise implementing security controls and threat protection, managing identity and access, and protecting data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.

Responsibilities for this role include maintaining the security posture, identifying, and remediating vulnerabilities by using a variety of security tools, implementing threat protection, and responding to security incident escalations.

Azure Security Engineers often serve as part of a larger team dedicated to cloud-based management and security or hybrid environments as part of an end-to-end infrastructure.

A candidate for this certification should have strong skills in scripting and automation; a deep understanding of networking, virtualization, and cloud N-tier architecture; and a strong familiarity with cloud capabilities and products and services for Azure, plus other Microsoft products and services.

Azure Security Engineer Associate average salary: $136,500 per annum

Microsoft Certified: Azure Security Engineer Associate – Skills Measured

This exam measures your ability to accomplish the following technical tasks: manage identity and access; implement platform protection; manage security operations; and secure data and applications.

Certification Exam AZ-500: Microsoft Azure Security Technologies

Manage identity and access (30-35%) 

Configure Azure Active Directory for workloads 

• create App Registration 
• configure App Registration permission scopes 
• manage App Registration permission consent 
• configure Multi-Factor Authentication settings 
• manage Azure AD directory groups 
• manage Azure AD users 
• install and configure Azure AD Connect 
• configure authentication methods 
• implement Conditional Access policies 
• configure Azure AD identity protection 

Manage Azure Active Directory identities 

• configure security for service principals 
• manage Azure AD directory groups 
• manage Azure AD users 
• configure password writeback 
• configure authentication methods including password hash and Pass Through Authentication (PTA), OAuth, and passwordless 
• transfer Azure subscriptions between Azure AD tenants 

Configure secure access by using Azure AD 

• monitor privileged access for Azure AD Privileged Identity Management (PIM) 
• configure Access Reviews 
• activate and configure PIM 
• implement Conditional Access policies including Multi-Factor Authentication (MFA) 
• configure Azure AD identity protection 

Manage application access 

• create App Registration 
• configure App Registration permission scopes 
• manage App Registration permission consent 
• manage API access to Azure subscriptions and resources 

Manage access control 

• configure subscription and resource permissions 
• configure resource group permissions 
• configure custom RBAC roles 
• identify the appropriate role 
• apply principle of least privilege 
• interpret permissions 
• check access 

Implement platform protection (15-20%) 

Implement advanced network security 

• secure the connectivity of virtual networks (VPN authentication, Express Route encryption) 
• configure Network Security Groups (NSGs) and Application Security Groups (ASGs) 
• create and configure Azure Firewall 
• configure Azure Front Door service as an Application Gateway 
• configure a Web Application Firewall (WAF) on Azure Application Gateway 
• configure Azure Bastion 
• configure a firewall on a storage account, Azure SQL, KeyVault, or App Service 
• implement Service Endpoints 
• implement DDoS 

Configure advanced security for compute 

• configure endpoint protection 
• configure and monitor system updates for VMs 
• configure authentication for Azure Container Registry 
• configure security for different types of containers 
• implement vulnerability management 
• configure isolation for AKS 
• configure security for container registry 
• implement Azure Disk Encryption 
• configure authentication and security for Azure App Service 
• configure SSL/TLS certs 
• configure authentication for Azure Kubernetes Service 
• configure automatic updates 

Manage security operations (25-30%) 

Monitor security by using Azure Monitor 

• create and customize alerts 
• monitor security logs by using Azure Monitor 
• configure diagnostic logging and log retention 

Monitor security by using Azure Security Center 

• evaluate vulnerability scans from Azure Security Center 
• configure Just in Time VM access by using Azure Security Center 
• configure centralized policy management by using Azure Security Center 
• configure compliance policies and evaluate for compliance by using Azure Security Center 

Monitor security by using Azure Sentinel 

• create and customize alerts 
• configure data sources to Azure Sentinel 
• evaluate results from Azure Sentinel 
• configure a playbook for a security event by using Azure Sentinel 

Configure security policies 

• configure security settings by using Azure Policy 
• configure security settings by using Azure Blueprint 

Secure data and applications (20-25%) 

Configure security for storage 

• configure access control for storage accounts 
• configure key management for storage accounts 
• configure Azure AD authentication for Azure Storage 
• configure Azure AD Domain Services authentication for Azure Files 
• create and manage Shared Access Signatures (SAS) 
• create a shared access policy for a blob or blob container 
• configure Storage Service Encryption 

Configure security for databases 

• enable database authentication 
• enable database auditing 
• configure Azure SQL Database Advanced Threat Protection 
• implement database encryption 
• implement Azure SQL Database Always Encrypted 

Configure and manage Key Vault 

• manage access to Key Vault 
• manage permissions to secrets, certificates, and keys 
• configure RBAC usage in Azure Key Vault 
• manage certificates 
• manage secrets 
• configure key rotation 
• backup and restore of Key Vault items

Microsoft Azure Security Engineer Associate Certification free training

Find below free trainings from Microsoft to gain the skills needed to become certified.

• Secure your cloud applications in Azure: Learn how to secure your Azure apps and associated data with encryption, certificates, and policy. This learning path can help you prepare for the Microsoft Certified: Azure Security Engineer Associate certification.
• Implement resource management security in Azure: Learn how to secure resources using policy, role-based access control, and other Azure services.
• Implement network security in Azure: Learn how to configure, protect, and isolate your networks in Azure.
• Implement virtual machine host security in Azure: Learn how to protect and harden your virtual machines in Azure.
• Manage identity and access in Azure Active Directory: Learn how to work with subscriptions, users, and groups by configuring Microsoft Azure Active Directory for workloads.

Get Certified

You may also like

Google’s IT Support Professional Certificate

Alibaba Cloud Certification Courses (Almost Free)

Google IT Automation with Python Professional Certificate

Oracle Cloud Infrastructure Architect Associate