The AZ-500 exam objectives just received a major restructure, including some objectives being added and removed. Let’s take a look at what’s been removed, then we can move on to what’s been added.

Most of the removed objectives are focused on virtual machine endpoint protection and security updates. What’s happened here is that the focus has shifted towards protecting VMs with Defender for Servers. There are other items that have been removed but what I found was that they were still covered by other objectives to some degree so aren’t really worth focusing on.

What has been added or expanded is definitely the more interesting topic this time round, and I’ll provide these as a list

  • Entra Verfified ID
  • Passwordless authentication
  • SSO
  • Entra Permissions Management
  • AAD Application Proxy
  • User Defined Routes
  • Virtual WAN
  • Virtual Secured Hub
  • Network Watcher, including NSQ flow logging.
  • SQL Managed Instance
  • Azure Container Apps
  • API Management
  • Double Encryption
  • Purview
  • Dedicated HSM
  • Landing Zne
  • Defender for Cloud workflow automation
  • Defender for Cloud vulnerability scans

As you can see, there are some major additions to previous versions of the exams, so make sure you adjust your study plans to take these into account. Otherwise, continue reading for some other advice on your exam preparation.

If you are already familiar with Azure Active Directory (AAD) Premium P2 functionality, whether through Azure of through Microsoft 365 related services, you should be in pretty good shape for this exam. There is an exception here though – make sure you spend extra time in the managing application access section, this isn’t something you may have had exposure to. If you don’t have much AAD experience, then you will need to spend time here understanding the capabilities of AAD Premium P2, not just the free edition that’s included with Azure subscriptions by default.

If you are approaching this exam with a fairly solid understanding of networking concepts including subnets, routing, appliances etc. you are off to a strong start with the advanced network security section. The most important thing here is for you to understand how the Azure native versions of the services may differ from those of other solutions from other vendors. If you don’t have much or any networking in your prior experiences, make sure you spend some time going through some basics of TCP/IP and networking including what’s mentioned earlier in this paragraph, and then focus on the technologies in the exam objectives.

During the early days of this exam, understanding how to protect Azure virtual machines worked would have covered you quite well in the advanced security for compute section, but now you can’t just know what acronyms like ACI, ACR, AKS etc. stand for, you also need to how to secure them, including their networking configuration. At this stage it’s most likely you’re familiar with these container related technologies if you have Linux experience, but over the last few years I’ve seen more Windows centric exam takers having some exposure to these technologies as well. This update has had some major changes in the container and serverless related objectives so expect to see more questions on those.

The final thing here is to make sure you have an understanding of what’s in Microsoft Defender for Cloud, and the additional features you get when you move up to workload protections in Microsoft Defender for Cloud. Use the additional workload protections to help drive your understanding of the workloads that you aren’t familiar with. Defender for Servers and Defender for SQL do get mentioned specifically, so they are the ones to focus on.

The examples I’ve just provided don’t cover all of the different combinations of exam preparation scenarios based on your skills, but hopefully they give you some idea of what I see catch people out.

Manage identity and access (25-30%)

Manage identities in Azure AD

Manage authentication by using Azure AD

Manage authorization by using Azure AD

Manage application access in Azure AD

Secure Networking (20-25%)

Plan and implement security for virtual network

Plan and implement security for private access to Azure resources

Plan and implement security for public access to Azure resources

Secure compute, storage, and databases (20–25%)

Plan and implement advanced security for compute

Plan and implement security for storage

Plan and implement security for Azure SQL Database and Azure SQL Managed

Manage security operations (25–30%)

Plan, implement, and manage governance for security

Configure and manage threat protection by using Microsoft Defender for

Configure and manage security monitoring and automation solutions