AZ-500T00 Microsoft Azure Security Technologies

1. Microsoft Entra ID Management

   – Introduction to Microsoft Entra ID

   – Securing Microsoft Entra ID Users

   – Creating and Managing Users in Microsoft Entra ID

   – Securing Microsoft Entra ID Groups

   – External Identities Usage Recommendations

   – Securing External Identities

   – Implementation of Microsoft Entra Identity Protection

2. Authentication Management with Microsoft Entra ID

   – Microsoft Entra Connect and Cloud Sync

   – Authentication Options Overview

   – Password Synchronization with Microsoft Entra ID

   – Pass-through Authentication in Microsoft Entra

   – Federation with Microsoft Entra ID

   – Multifactor Authentication (MFA) Implementation

   – Passwordless Authentication for Microsoft Entra ID

   – Password Protection and Single Sign-On (SSO) for Microsoft Entra ID

   – Integration of SSO with Identity Providers

   – Configuring Microsoft Entra Verified ID

   – Modern Authentication Protocols Enforcement

3. Authorization Management using Microsoft Entra ID

   – Azure Management Groups

   – Configuration of Azure Role Permissions

   – Azure Role-Based Access Control (RBAC)

   – Assigning Permissions and Roles in Microsoft Entra ID

   – Custom Role Creation and Assignment

   – Microsoft Entra Permissions Management

   – Zero Trust Security Implementation

   – Privileged Identity Management

   – Microsoft Entra ID Governance

   – Entitlement Management and Identity Lifecycle Management

   – Conditional Access Policies Implementation

4. Application Access Management in Microsoft Entra ID

   – Enterprise Application Access Management

   – Managing App Registrations and Permissions

   – Service Principals and Managed Identities

   – Microsoft Entra Application Proxy Usage

   – Security Planning for Virtual Networks

   – Azure Virtual Network Overview

   – Network Security Groups (NSGs) and Application Security Groups (ASGs)

   – Virtual Network Peering and Gateway Implementation

   – VPN Connectivity and Azure ExpressRoute

   – Network Security Monitoring using Network Watcher

5. Security for Private Access to Azure Resources

   – Virtual Network Service Endpoints

   – Private Endpoints and Private Link Services

   – Network Integration for Azure App Service and Azure Functions

   – Network Security Configurations for App Service Environment (ASE)

   – Network Security Configurations for Azure SQL Managed Instance

6. Security for Public Access to Azure Resources

   – Transport Layer Security (TLS) Implementation

   – Azure Firewall, Application Gateway, and Web Application Firewall (WAF)

   – Azure Front Door and Content Delivery Network (CDN)

   – Azure DDoS Protection Standard Usage Recommendation

7. Advanced Security for Compute

   – Remote Access to Public Endpoints

   – Azure Bastion and Just-in-Time (JIT) Virtual Machine (VM) Access

   – Azure Kubernetes Service (AKS) Overview

   – Azure Kubernetes Service (AKS) Security and Monitoring

   – Security Configurations for Azure Container Instances and Apps

   – Access Management for Azure Container Registry (ACR)

   – Disk Encryption and Security Configurations for Azure API Management

8. Security for Azure Storage

   – Azure Storage Access Control

   – Lifecycle Management for Storage Account Access Keys

   – Methods for Access to Azure Files, Blobs, Tables, and Queues

   – Data Security Threat Protection Methods

   – Bring Your Own Key (BYOK) and Double Encryption

9. Security for Azure SQL Database and Managed Instance

   – Database Authentication using Microsoft Entra ID

   – Database Audit and Governance with Microsoft Purview

   – Dynamic Mask and Transparent Data Encryption

   – Azure SQL Database Always Encrypted Usage Recommendation

10. Governance for Security

    – Security Policies and Initiatives in Azure Policy

    – Security Settings Configuration using Azure Blueprint

    – Secure Infrastructures Deployment using a Landing Zone

    – Azure Key Vault Security and Management

    – Dedicated Hardware Security Module (HSM) Usage Recommendation

11. Microsoft Defender for Cloud

    – Security Risk Identification and Remediation

    – Compliance Assessment against Security Frameworks

    – External Assets Monitoring using Microsoft Defender External Attack Surface Management

12. Threat Protection with Microsoft Defender for Cloud

    – Workload Protection Services Configuration

    – Server, Azure SQL Database, and Container Security Configurations

    – Vulnerability Assessments and Malware Scanning

    – Threat Detection for Sensitive Data

13. Security Monitoring and Automation Solutions

    – Security Event Monitoring with Azure Monitor

    – Data Connectors Configuration in Microsoft Sentinel

    – Analytics Rules Creation and Customization

    – Alert Evaluation and Incident Management