AZ-500
Microsoft Certified: Azure Security Engineer Associate
Azure-native security engineering: Entra ID, network controls, Defender, Sentinel.
› Quality score
Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.
› Market signals
public, citable inputs to the recognition scoreMicrosoft doesn't publish per-cert counts. AZ-500 is the default Azure security signal in Microsoft-stack hiring.
› Built for these roles
› Exam format
40–60 questions (case studies + MCQ + scenario) over 100 minutes, English plus several other languages. Online proctored or test center.
24-hour wait after first fail; 14 days between attempts 2–4. Microsoft caps at 5 attempts per 12-month window.
› Recertification
Free online renewal assessment available 6 months before expiry. Pass the assessment to extend by another year — no exam fee, no CPE program.
› NICE Framework work roles
The NIST NICE work-role IDs this cert maps to. NICCS lookup.
› Core domains covered
The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.
AWS/Azure/GCP security controls, IAM policies, CSPM, container security, shared responsibility model.
AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.
SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.
› Also touched
Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.
SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.
Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.
Data classification, encryption-at-rest/in-transit, DLP, tokenization, privacy-by-design, plus the regulatory stack (GDPR, CCPA, HIPAA) that sets the bar.
› Prerequisites
Intermediate Azure experience; familiarity with scripting and identity governance helps.
- Entra ID / Azure AD
- Azure networking and security services (Defender, Sentinel)
- Virtual machine and container hardening
› Progression
requiredrecommendedWhere this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.
No vendor-gated prereqs.
No certs require this one.
› Study materials
Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.
- Microsoft Learn AZ-500 Learning Path (FREE) — Microsoft
- Exam Ref AZ-500 Microsoft Azure Security Technologies — Microsoft Press
- Microsoft Learn (free)
- John Savill AZ-500 Study Cram (YouTube)
- Tim Warner AZ-500 (Pluralsight)
- MeasureUp Official AZ-500 Practice Test
- Whizlabs AZ-500 Practice Exams
› Version & lifecycle
Microsoft updates the AZ-500 objectives roughly every 6 months as Azure security services evolve.
› Salary signal
Azure security engineer, US, 3–5 years.
Robert Half Salary Guide + Glassdoor 'Azure Security Engineer' aggregations · 2024 · US base only · p25–p75 range
› How it compares
SC-100 is the architect-tier above AZ-500 — multi-product / Zero-Trust-strategy focused.
↔ Compare side-by-side› Careers that commonly pursue this cert
Secure cloud infrastructure across AWS, Azure, and GCP. Specialize in the shared responsibility model and cloud-native controls.
› Common exam traps to study
Cybersecurity cert exams reuse the same 25 distractor patterns over and over — category confusion, RTO vs RPO, IDS vs IPS, MD5 vs SHA-256, and more. Once you can name the trap, you stop falling for it. Each archetype page covers what it is, the specific pairs candidates confuse, and how to avoid it.
See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.