AZ-500 has been a course I’ve had to run a few times recently, and have a few bookings over the next year, so it’s time it gets some attention from me. In many ways AZ-500 is similar to MS-500, not just because they are both security focused, but because they assume an existing level of knowledge and exposure that other courses and exams would cover prior to attempting them. Because they are both single exams that give a certification, it also means that people often sit them when they may not have done the helpful, but not formally required courses that provide some of the prerequisite knowledge.

Manage identity and access (30-35%)

Manage Azure Active Directory identities 

Configure secure access by using Azure AD

Manage application access

Manage access control

Implement platform protection (15-20%)

Implement advanced network security

Configure advanced security for compute

Manage security operations (25-30%)

Monitor security by using Azure Monitor

Monitor security by using Azure Security Center

Monitor security by using Azure Sentinel

Configure security policies

Secure data and applications (20-25%)

Configure security for storage

Configure security for databases

Configure and manage Key Vault