Review a compact Microsoft AZ-500 cheat sheet for Azure Security Technologies, including identity, network security, workload protection, data security, monitoring, and SC-500 comparison cues.
Use this cheat sheet before AZ-500 sample questions. The route rewards Azure security-control judgment: identify the risk, choose the right control layer, and avoid confusing identity, network, workload, data, and monitoring responsibilities.
Use this as an Azure security review. Review the AZ-500 control map, then compare SC-500 if your target has moved toward Microsoft cloud and AI security.
| Field | Detail |
|---|---|
| Issuer | Microsoft |
| Exam code | AZ-500 |
| Official exam name | Microsoft Azure Security Technologies |
| Certification route | Microsoft Certified: Azure Security Engineer Associate |
| Status note | Microsoft Learn lists retirement on August 31, 2026; verify before scheduling |
| Adjacent Microsoft route | SC-500 Cloud and AI Security Engineer Associate |
| IT Mastery status | Sample questions available |
| AZ-500 area | What to know | Common trap |
|---|---|---|
| Identity and access | Microsoft Entra ID, Conditional Access, RBAC, PIM, managed identities, access reviews, and least privilege | Fixing a sign-in or authorization issue with only a network control |
| Network security | NSGs, Azure Firewall, Bastion, private endpoints, service endpoints, routing, segmentation, and secure admin paths | Treating network reachability as proof of permission |
| Workload protection | Defender for Cloud, VM security, container security, secure configuration, endpoint posture, backup, and update controls | Hardening compute while leaving identity or secrets broad |
| Data and key security | Storage access, SQL protection, Key Vault, encryption, soft delete, purge protection, audit, and sensitive-data boundaries | Encrypting data but losing control of keys or data-plane access |
| Security operations | Recommendations, alerts, incidents, log retention, Sentinel, evidence preservation, and remediation tracking | Deleting resources before preserving investigation evidence |
| Distinction | How to decide |
|---|---|
| AZ-500 vs SC-500 | AZ-500 focuses on Azure Security Technologies; SC-500 broadens into Microsoft cloud and AI security. Verify which route your exam date or employer requires. |
| RBAC vs Conditional Access | RBAC authorizes actions against resources; Conditional Access evaluates sign-in and access conditions. |
| NSG vs Azure Firewall | NSGs filter traffic at subnet or NIC scope; Azure Firewall provides centralized, stateful filtering and policy control. |
| Private endpoint vs public endpoint restriction | Private endpoints place service access on private IP paths; public endpoint restrictions still require careful firewall and identity design. |
| Managed identity vs stored secret | Managed identity removes credential storage for supported Azure workload-to-service access. |
| Defender alert vs recommendation | Alerts indicate observed suspicious behavior; recommendations identify configuration or posture risk. |
| Backup vs high availability | Backups support recovery after data loss; high availability reduces service interruption during failures. |
| Key encryption vs key governance | Encryption protects data; key governance controls ownership, permissions, deletion protection, rotation, and audit. |
Use the AZ-500 exam page for Azure security sample questions, then classify every miss by control layer: identity, network, workload, data, or security operations. If the miss is about AI workload security or newer Microsoft cloud-security scope, compare SC-500 before continuing.