Back to Bootcamps
AZ-500 — Microsoft Certified: Azure Security Engineer Associate
Bootcamp Certificate Track
Associate Level
€699 + €10/session
Hands-on security labs and incident scenarios. Estimated effort: 60–90 hours.
🔗 Official Certification PageWho This Is For?
- Azure administrators and engineers
- Professionals entering cloud security roles
What You'll Achieve
- Practical Azure security implementation skills
- Confidence securing real Azure workloads
Full Curriculum Outline (Exam-Aligned)
Comprehensive coverage of all exam objectives with hands-on practice
5-Week Bootcamp Curriculum
Intensive security training with hands-on labs and real-world scenarios
Week 1 — Secure Identity & Access
Skills Area: Secure identity and access (15–20%)
What You'll Learn
- Manage Azure built-in and custom role assignments
- Design and manage Microsoft Entra roles
- Plan and manage Privileged Identity Management (PIM): Role settings, Eligible and active assignments
- Implement Multi-Factor Authentication (MFA)
- Design and implement Conditional Access policies
- Manage access to enterprise applications: OAuth permission grants
- Manage app registrations: Permission scopes, Admin and user consent
- Manage service principals and managed identities
Hands-On Labs
- Configure RBAC and custom roles
- Implement PIM for privileged roles
- Deploy Conditional Access policies
- Secure application access using managed identities
- Configure and validate app registration permissions
Week 2 — Secure Networking
Skills Area: Secure networking (20–25%)
What You'll Learn
- Design security for virtual networks: NSGs and ASGs, Azure Virtual Network Manager
- Implement UDRs and routing controls
- Design VNet peering and VPN Gateway connectivity
- Design and implement Virtual WAN and secured hubs
- Secure VPN connectivity: Point-to-site, Site-to-site
- Implement encryption over ExpressRoute
- Configure firewall settings on Azure resources
- Monitor network security using Network Watcher
Hands-On Labs
- Design and implement NSGs and ASGs
- Configure UDRs and VNet peering
- Secure connectivity using VPN Gateway and Virtual WAN
- Implement Network Watcher flow logs and diagnostics
Week 3 — Private & Public Access Security
Skills Area: Secure networking (continued)
What You'll Learn
- Secure private access to Azure resources: Service Endpoints, Private Endpoints, Private Link services
- Implement network integration for Azure App Service and Azure Functions
- Secure App Service Environment (ASE)
- Secure Azure SQL Managed Instance networking
- Secure public access to Azure resources: TLS for App Service and API Management, Azure Firewall and Firewall Manager, Application Gateway, Azure Front Door and CDN, Web Application Firewall (WAF)
- Recommend Azure DDoS Protection Standard
Hands-On Labs
- Implement Private Endpoints and Private Link
- Secure App Service with VNet integration
- Deploy Azure Firewall with policies
- Configure Application Gateway with WAF
- Protect public endpoints with Front Door and DDoS Protection
Week 4 — Secure Compute, Storage & Databases
Skills Area: Secure compute, storage, and databases (20–25%)
What You'll Learn
- Secure compute: Azure Bastion, Just-In-Time (JIT) VM access
- Secure containers: AKS network isolation, AKS authentication and monitoring, ACI and Azure Container Apps security, Azure Container Registry (ACR) access
- Configure disk encryption: Azure Disk Encryption (ADE), Encryption at host, Confidential disk encryption
- Secure storage: Access control and keys, Azure Files and Blob access methods, Soft delete, backups, versioning, immutable storage, Bring Your Own Key (BYOK), Double encryption
- Secure databases: Entra authentication, Auditing, Dynamic data masking, Transparent Data Encryption (TDE), Always Encrypted
Hands-On Labs
- Implement Bastion and JIT access
- Secure AKS and container workloads
- Configure disk and storage encryption
- Secure Azure SQL with auditing and TDE
- Implement BYOK and immutable storage
Week 5 — Defender for Cloud, Sentinel & Security Operations
Skills Area: Secure Azure using Defender for Cloud & Sentinel (30–35%)
What You'll Learn
- Implement cloud governance using Azure Policy: Policies, Initiatives
- Secure Azure Key Vault: Network settings, RBAC and access policies, Secrets, keys, certificates, Key rotation and backups
- Manage security posture with Microsoft Defender for Cloud: Secure Score, Inventory, Compliance frameworks, Custom standards
- Connect hybrid and multi-cloud environments: AWS, GCP
- Implement Defender External Attack Surface Management (EASM)
- Configure workload protection: Defender for Servers, Defender for Databases, Defender for Storage
- Implement agentless scanning and vulnerability management
- Integrate Defender for Cloud DevOps Security: GitHub, Azure DevOps, GitLab
- Implement Microsoft Sentinel: Data connectors, Analytics rules, Automation and playbooks
- Monitor security events using Azure Monitor and DCRs
Hands-On Labs
- Deploy Azure Policy initiatives
- Secure and configure Azure Key Vault
- Analyze Secure Score and remediate risks
- Enable Defender workload protection plans
- Configure Sentinel data connectors and analytics rules
- Automate incident response with Sentinel playbooks
Certification Outcome
By completing this bootcamp, learners will be able to:
- Secure identity, networking, compute, storage, and databases in Azure
- Operate Defender for Cloud and Microsoft Sentinel effectively
- Respond to real-world cloud security threats
- Confidently sit the AZ-500 certification exam
- Perform effectively in Azure Security Engineer roles
Need a Custom Learning Path?
If you are new to cloud or Azure fundamentals, we recommend starting with Cloud Foundation — Live Bootcamp before AZ-500.
You can book a free consultation to receive a personalized learning curriculum.
Begin Your Azure Security Journey
This comprehensive bootcamp provides practical Azure security implementation skills for securing real-world workloads.