AZ-500
Microsoft Certified: Azure Security Engineer Associate
Azure-native security engineering: Entra ID, network controls, Defender, Sentinel.
› Quality score
Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.
› Market signals
public, citable inputs to the recognition scoreMicrosoft doesn't publish per-cert counts. AZ-500 is the default Azure security signal in Microsoft-stack hiring.
› Built for these roles
› Exam format
40–60 questions (case studies + MCQ + scenario) over 100 minutes, English plus several other languages. Online proctored or test center.
24-hour wait after first fail; 14 days between attempts 2–4. Microsoft caps at 5 attempts per 12-month window.
› Recertification
Free online renewal assessment available 6 months before expiry. Pass the assessment to extend by another year — no exam fee, no CPE program.
› NICE Framework work roles
The NIST NICE work-role IDs this cert maps to. NICCS lookup.
› Core domains covered
The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.
AWS/Azure/GCP security controls, IAM policies, CSPM, container security, shared responsibility model.
AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.
SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.
› Also touched
Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.
SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.
Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.
Data classification, encryption-at-rest/in-transit, DLP, tokenization, privacy-by-design, plus the regulatory stack (GDPR, CCPA, HIPAA) that sets the bar.
› Prerequisites
Intermediate Azure experience; familiarity with scripting and identity governance helps.
- Entra ID / Azure AD
- Azure networking and security services (Defender, Sentinel)
- Virtual machine and container hardening
› Progression
requiredrecommendedWhere this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.
No vendor-gated prereqs.
No certs require this one.
› Study materials
Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.
- Microsoft Learn AZ-500 Learning Path (FREE) — Microsoft
- Exam Ref AZ-500 Microsoft Azure Security Technologies — Microsoft Press
- Microsoft Learn (free)
- John Savill AZ-500 Study Cram (YouTube)
- Tim Warner AZ-500 (Pluralsight)
- MeasureUp Official AZ-500 Practice Test
- Whizlabs AZ-500 Practice Exams
› Version & lifecycle
Microsoft updates the AZ-500 objectives roughly every 6 months as Azure security services evolve.
› Salary signal
Azure security engineer, US, 3–5 years.
Robert Half Salary Guide + Glassdoor 'Azure Security Engineer' aggregations · 2024 · US base only · p25–p75 range
› How it compares
SC-100 is the architect-tier above AZ-500 — multi-product / Zero-Trust-strategy focused.
↔ Compare side-by-side› Careers that commonly pursue this cert
Secure cloud infrastructure across AWS, Azure, and GCP. Specialize in the shared responsibility model and cloud-native controls.
See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.