Complete AZ-500 study guide — identity, compute, storage, networking security, and security operations on Azure.
This guide works best as a loop: read a chapter, test yourself with practice questions, look up unfamiliar terms in the glossary, then move to the next chapter.
103 chapters covering every exam objective. Each chapter includes key concepts, exam tips, common traps, comparison tables, and a 5-question quiz at the end.
Start Chapter 1Free timed and untimed practice with instant feedback and full explanations. Pick 10–120 questions per session. Filter by domain to drill your weak areas.
Go to practice testEvery AZ-500term defined and searchable. Use it when a chapter mentions a concept you haven't seen before or want a quick refresher on.
Browse glossaryExam blueprint, domain weights, passing score, duration, cost, and registration links. Start here if you're new to this certification.
View exam guide22 chapters
Securing Microsoft Entra ID
Objective 1.1 · Identity Access
Privileged Identity Management (PIM)
Objective 1.2 · Identity Access
Managed Identities for Azure Resources
Objective 1.3 · Identity Access
Conditional Access Policies
Objective 1.4 · Identity Access
Just-In-Time (JIT) VM Access
Objective 1.2 · Identity Access
Managed Identities vs Service Principals
Objective 1.3 · Identity Access
Privileged Identity Management for AZ-500
Objective 1.2 · Identity Access
Access Reviews and Governance
Objective 1.4 · Identity Access
Zero Trust Architecture in Azure
Objective 1.4 · Identity Access
Microsoft Entra Identity Protection
Objective 1.4 · Identity Access
Workload Identity and Federated Credentials
Objective 1.3 · Identity Access
App Registrations and Service Principals
Objective 1.3 · Identity Access
Subscription Security and Management Group Policy
Objective 1.4 · Identity Access
Entra ID Named Locations and Conditional Access
Objective 1.4 · Identity Access
Azure Lighthouse for Managed Security Services
Objective 1.2 · Identity Access
Guest User Policies and External Collaboration
Objective 1.1 · Identity Access
Entra ID Built-In Directory Roles
Objective 1.1 · Identity Access
Azure RBAC Role Assignments at Scale
Objective 1.1 · Identity Access
Custom RBAC Roles in Azure
Objective 1.1 · Identity Access
Microsoft Entra External ID Security
Objective 1.1 · Identity Access
OAuth 2.0 and OpenID Connect in Azure
Objective 1.1 · Identity Access
Microsoft Entra Identity Secure Score
Objective 1.4 · Identity Access
25 chapters
Azure VM Security
Objective 2.1 · Compute Security
Container Registry and AKS Security
Objective 2.2 · Compute Security
Azure Storage Security
Objective 2.4 · Compute Security
Azure SQL Database Security
Objective 2.5 · Compute Security
Azure Key Vault
Objective 2.3 · Compute Security
Encryption at Rest in Azure
Objective 2.3 · Compute Security
Encryption in Transit: TLS and HTTPS
Objective 2.3 · Compute Security
Shared Access Signatures (SAS) for Storage
Objective 2.4 · Compute Security
Azure SQL Auditing and Advanced Threat Protection
Objective 2.5 · Compute Security
Customer-Managed Keys (CMK) in Key Vault
Objective 2.3 · Compute Security
Azure Disk Encryption with Azure Key Vault
Objective 2.1 · Compute Security
Azure Container Security Best Practices
Objective 2.2 · Compute Security
AKS Security: RBAC, Network Policies, Pod Identity
Objective 2.2 · Compute Security
App Service Security and Authentication
Objective 2.1 · Compute Security
Cognitive Services and AI Security
Objective 2.5 · Compute Security
Azure SQL Advanced Threat Protection
Objective 2.5 · Compute Security
Dynamic and Static Data Masking in Azure SQL
Objective 2.5 · Compute Security
TDE with Customer-Managed Keys in Key Vault
Objective 2.3 · Compute Security
Key Vault Access Policies vs RBAC
Objective 2.3 · Compute Security
Key Vault Soft Delete and Purge Protection
Objective 2.3 · Compute Security
Key Vault Firewall and Private Endpoint
Objective 2.3 · Compute Security
Container Registry Security Scanning
Objective 2.2 · Compute Security
Azure Managed HSM vs Key Vault Standard
Objective 2.3 · Compute Security
Storage Threat Detection and Defender for Storage
Objective 2.4 · Compute Security
Azure Functions Security
Objective 2.1 · Compute Security
17 chapters
Virtual Network Security
Objective 3.1 · Network Security
Azure Firewall and DDoS Protection
Objective 3.2 · Network Security
Private Endpoints and Service Endpoints
Objective 3.3 · Network Security
NSG Flow Logs and Network Watcher
Objective 3.1 · Network Security
Application Security Groups (ASGs)
Objective 3.1 · Network Security
Web Application Firewall (WAF)
Objective 3.2 · Network Security
Azure Bastion for Secure Access
Objective 3.3 · Network Security
Azure DDoS Protection: Basic vs Standard Tiers
Objective 3.2 · Network Security
Azure Network Security Perimeter
Objective 3.1 · Network Security
Azure Private Link Service
Objective 3.3 · Network Security
Azure DDoS Protection Tiers and Policies
Objective 3.2 · Network Security
Azure Firewall Premium: IDPS and TLS Inspection
Objective 3.2 · Network Security
Private Endpoints and DNS Resolution
Objective 3.3 · Network Security
Service Tags in Network Security Groups
Objective 3.1 · Network Security
Azure API Management Security Policies
Objective 3.3 · Network Security
Azure DDoS Telemetry and Diagnostics
Objective 3.2 · Network Security
VNet Peering Security Considerations
Objective 3.1 · Network Security
39 chapters
Microsoft Defender for Cloud
Objective 4.1 · Security Operations
Microsoft Sentinel SIEM
Objective 4.2 · Security Operations
Security Policies and Benchmarks
Objective 4.3 · Security Operations
Incident Response in Azure
Objective 4.4 · Security Operations
Azure Policy for Security Compliance
Objective 4.3 · Security Operations
Azure Blueprints for Regulatory Compliance
Objective 4.3 · Security Operations
Microsoft Defender for Servers
Objective 4.1 · Security Operations
Microsoft Defender for SQL
Objective 4.1 · Security Operations
Microsoft Defender for Containers and AKS
Objective 4.1 · Security Operations
Log Analytics Workspace for Security
Objective 4.2 · Security Operations
Microsoft Cloud Security Benchmark
Objective 4.3 · Security Operations
Regulatory Compliance Dashboard in Defender
Objective 4.3 · Security Operations
Microsoft Defender for Endpoint Integration
Objective 4.1 · Security Operations
Microsoft Defender for Identity
Objective 4.1 · Security Operations
Microsoft Defender for Cloud Apps (MCAS)
Objective 4.1 · Security Operations
Sentinel Analytics Rules and Incidents
Objective 4.2 · Security Operations
Sentinel Playbooks and Logic Apps Automation
Objective 4.2 · Security Operations
KQL Queries for Security Operations
Objective 4.2 · Security Operations
UEBA in Microsoft Sentinel
Objective 4.2 · Security Operations
Threat Hunting in Microsoft Sentinel
Objective 4.2 · Security Operations
MITRE ATT&CK Mapping in Defender
Objective 4.2 · Security Operations
Security Alerts and Smart Alert Groups
Objective 4.1 · Security Operations
Microsoft Defender for DevOps
Objective 4.1 · Security Operations
Securing GitHub Actions Pipelines
Objective 4.1 · Security Operations
Azure DevOps Security Controls
Objective 4.1 · Security Operations
Azure Policy Exemptions and Compliance Scoring
Objective 4.3 · Security Operations
Defender for APIs
Objective 4.1 · Security Operations
Software Supply Chain Security on Azure
Objective 4.1 · Security Operations
Azure Policy Effects: Deny, Audit, DeployIfNotExists
Objective 4.3 · Security Operations
Microsoft Secure Score Strategy
Objective 4.3 · Security Operations
Sentinel Security Workbooks and Dashboards
Objective 4.2 · Security Operations
Log Analytics Workspace Design for Security
Objective 4.2 · Security Operations
NIST, CIS, PCI-DSS Compliance in Azure
Objective 4.3 · Security Operations
Defender for Cloud Attack Path Analysis
Objective 4.1 · Security Operations
Entra ID Audit Logs and Sign-In Logs
Objective 4.2 · Security Operations
Defender for Cloud Alert Rules and Suppression
Objective 4.1 · Security Operations
Sentinel Threat Maps and Security Dashboards
Objective 4.2 · Security Operations
Policy as Code with Bicep and Terraform
Objective 4.3 · Security Operations
Azure Monitor Diagnostic Settings for Security
Objective 4.2 · Security Operations
Free AZ-500 practice questions with full explanations. Test what you learn chapter by chapter.
AZ-500 Practice Questions