How I pass the Azure Security Exam Az-500

In the past I have taken several Azure exams, and yesterday I took the Azure Security exam Az-500. I am really glad that I passed the exam. In this article I will give you a brief overview of the topics I saw in the exam and what materials I used to prepare for the exam. I can say directly that the best way to succeed in the exam is practice.


The Azure Security exam covers a broad range of Azure topics and this makes the exam so difficult. You need a wide range of understanding how Azure works and which security features Azure has. But the exam doesn`t focus on Azure. There are some additional areas that the exam cover for instance Intune.

Which areas are in my exam?

Here are a list of areas that are covered in my exam and some additional infos in the brackets.

  • Azure AD
    • How Azure AD works
    • RBAC concept (Admin, contributor, etc.)
    • What are App registrations
    • Difference between PTA and PHS (AAD Connect)
    • Conditional Access rules (How they work and how they interact)
    • Identiy Protection (difference to PIM)
    • Privileged Identity Management
  • Network
    • Network Security Groups
    • Application Security Groups
    • Azure Firewall
    • Network concepts (Hub and spoke)
  • Container
    • Kubernetes security with ASC
    • Network design
    • Threat protection possibilities
  • Deployment
    • Completing ARM Templates
  • Various topics
    • Azure Monitor (generate alerts, data store, etc.)
    • Azure Policy
    • Management Groups
    • Azure Blueprints
    • Subscription movement
    • Intune baseline management
    • Just-in-time VM access
    • Azure Security Center
    • Storage Account (SAS, Keys, etc.)
    • Difference between ER and S2S
    • Resource locks

This are a overview of the different topics that are adressed in my exam.

Some questions

  • Which license did you need for PIM?
  • Which modes are valid for resource locks?
  • Can you use tags for NSGs?
  • Which are valid Azure monitor data sources?
  • What are Azure policy initiatives?
  • Which event will create an alert from SQL ATP?

Which resources I use to practice?

For exam preperation there are a lots of materials available in the Internet.

Mainly I focused on practice the different exam topics and used study guides from different MVPs. Additional I booked a course from OpenEDX. Here`s a list of used ressources:

The best way to take the exam succesfully is practice. Use the study guides and focus on each area with Microsoft docs and try the demo to get a unterstanding of each area and how they work together.

When you have questions please feel free to reach me via the comment or twitter.

Happy studying 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *