In September 2019 I took the AZ-500 exam, and passed. The Microsoft Exam AZ-500: Microsoft Azure Security Technologies, which if you pass, leads to the Microsoft Certification Azure Security Engineer Associate.

Update September 24th 2020:
Microsoft have updated the exam. There are a few changes from the previous skills measured. You'll find them all below, with links to resources where you can learn more.

I originally wrote this post in September 2019. It has been updated in October 2020 to reflect the latest changes in the exam.

I'm not going to lie - it was a challenging exam.

Who is this exam for?

  • You're an SME (Subject Matter Expert) in implementing security controls, threat protection, managing identity and access, protecting data, applications and networks in cloud and hybrid environments.
  • You're interested in your organization's and customers' security posture.
  • You are familiar with scripting, automation and understands networking and virtualization. Specifically in cloud environments.
  • A rigid understanding about Azure products and services, and other major Microsoft tech.

Top job titles where the AZ-500 is relevant:

  • Software Engineer
  • DevOps Engineer
  • Data Engineer
  • Cloud Engineer
  • Cloud Security Engineer
  • Manager in Information Security

Source:

Expectations vs Reality

I had some expectations beforehand that this would be tough. Coming from a dev background, and having a strong emphasis on security in both code and operations I considered myself fairly aware of security topics in Azure - but this exam touches on a lot of things I didn't put as much effort into in the past, and made me aware of gaps in my knowledge that I'm now taking time to fill.

A few topics I would have given more thought before the exam, should I do it again, are:

  • VNet connectivity and security, subnets, Site-to-Site VPN. Networking and network security in general, and specifically in Azure with regards to VMs.
  • Dive deeper into Policies in Azure.
  • Dive deeper into the general practices and capabilities of Firewalls in Azure.

Taking an exam Online

I took my exam from the convenience of my own home, while being constantly monitored online by a remote proctor. This is a convenient way to get exams done, but requires you to prepare your office/room a bit to meet the rigid requirements from Microsoft. If you decide to take an exam from home, please ensure you meet the requirements.

Update 2020: With the COVID-19 pandemic, the norm today is to take the exams at your home/online, and there's great guidance from Microsoft how to make this a successful experience.

Skills measured

There's four main pillars measured in the exam.

With the September 2020 update, the weight of each pillar has shifted. The below percentages are the updated weight.

The links will help you better ramp up for your exam. My recommendation is to open each link, review if you already know and are familiar with it or not, then save the links you need to brush up on. When you have created your links, it's easier to create a study plan to push through.

I always recommend using the official Microsoft Docs documentation for the exam preparations, as it always contains updated material.

Manage identity and access (30-35%)

Manage Azure Active Directory identities

Configure secure access by using Azure AD

Manage application access

Manage access control

Implement platform protection (15-20%)

Implement advanced network security

Configure advanced security for compute

Manage security operations (25-30%)

Monitor security by using Azure Monitor

Monitor security by using Azure Security Center

Monitor security by using Azure Sentinel

Configure security policies

Secure data and applications (20-25%)

Configure security for storage

Configure security for databases

Configure and manage Key Vault

Free AZ-500 training from Microsoft

Microsoft does a great job in providing free online material to prepare. Here are the relevant parts from Microsoft Learn. On-demand, at your fingertips.

Summary

More information about the skills measured from Microsoft (without links), and more information about taking certifications online can be found here:

Good luck.