This week I took - and passed - the Microsoft Exam AZ-500: Microsoft Azure Security Technologies, which if you pass, leads to the Microsoft Certification Azure Security Engineer Associate.

View my badge on Acclaim:

I'm not going to lie - it was a challenging exam. I didn't pass with 1000/1000 points, but I did pass. I come from a developer and solution architect background, and this exam focuses on more IT topics than dev ones for obvious reasons, so I had to push myself to get myself prepared for it.

In the last couple of weeks I've studied, walked through things myself and tested a lot of things out in practice, and then studied some more. It was a lot of hours and a lot of work which was challenging but very rewarding in the end.

There's already a lot of good insights and tips online for this exam, so instead of repeating what others have already summarized, I'm linking to the sources I found useful in case there's someone else who's lining up to do this exam - find them in the bottom of this post.

Expectations vs Reality

I had some expectations beforehand that this would be tough, but in reality it was even trickier than I thought. Coming from a dev background, and having a strong emphasis on security in both code and operations I considered myself fairly aware of security topics in Azure - but this exam touches on a lot of things I didn't put as much effort into in the past, and made me aware of gaps in my knowledge that I'm now taking time to fill.

If I were going to give my previous self a recommendation, it would be to learn more in-depth about these topics before taking the exam:

  • VNet connectivity and security, subnets, Site-to-Site VPN, etc. Networking and network security in general.
  • Policies
  • Firewalls

Skills measured

There's four main pillars measured in the exam:

  • Manage identity and access (20-25%)
  • Implement platform protection (35-40%)
  • Manage security operations (15-20%)
  • Secure data and applications (30-35%)

I got the feeling that I got the higher percentages of "Implement platform protection" questions around Azure Firewall, managing and configuring application security groups, configuring remote access management, virtual network connectivity, network security groups etc; Although I've worked with these things, I wouldn't consider myself an expert in all of those areas.

If I were to do it again?

I would definitely take more careful time to walk through all the "Skills measured" on the exam website, and ensure that I fully understand each of these major headlines and what's being covered - and not neglect my weak spots.

Scenarios and questions

There's a some quite long scenarios that you should be carefully reading though. In some of them, there's some fairly tricky questions I would dare to say.

Be sure to read both scenarios and questions thoroughly. In some cases there were a couple of appropriate responses, but some were more appropriate than others due to the factors in the scenario. Read them twice to be sure.

Taking an exam Online

I took my exam from the convenience of my own home, while being contantly monitored online by a remote proctor. This is a convenient way to get exams done, but requires you to prepare your office/room quite a bit to meet the rigid requirements from Microsoft. If you decide to take an exam from home, please ensure you meet the requirements


As promised, and in order to avoid repeating the same links everyone else already posted, here's some blogs with preparation guides below, which walks through each area and links to its corresponding documentation. It's convenient to dig deeper into the areas you feel you may need to work a bit more on before taking the exam.

Someone asked me if I remembered the questions and scenarios, but due to confidentiality, and the fact that the test is meant to measure our skills, I don't see a valid point in posting those details.

Microsoft resources:

Preparation guides:

Good luck.