AZ-500 Azure Security Engineer Bootcamp
Bootcamp Certificate Track
Hands-on security labs and incident scenarios. Estimated effort: 60–90 hours.
🔗 Official Certification PageWho This Is For?
- Azure administrators and engineers
- Professionals entering cloud security roles
What You'll Achieve
- Practical Azure security implementation skills
- Confidence securing real Azure workloads
Start Date
Rolling Enrollment
New cohorts start every month
Duration
5 Weeks
Expert security training
Instructor
CloudeGree Academy
Learn from industry-expert security engineers with years of real-world Azure security experience. Our academy provides hands-on, exam-focused training designed to get you certified faster.
What You'll Learn
Identity & Access Management
Secure Azure AD, MFA, Conditional Access, and PIM
Platform Protection
Implement network security, host security, and container protection
Security Operations
Monitor threats, respond to incidents, and leverage Sentinel
Data & Application Security
Secure databases, Key Vault, and application security controls
Full Curriculum Outline (Exam-Aligned)
Comprehensive coverage of all exam objectives with hands-on practice
5-Week Bootcamp Curriculum
Intensive security training with hands-on labs and real-world scenarios
Week 1 - Secure Identity & Access
Skills Area: Secure identity and access (15–20%)
What You'll Learn
- Manage Azure built-in and custom role assignments
- Design and manage Microsoft Entra roles
- Plan and manage Privileged Identity Management (PIM): Role settings, Eligible and active assignments
- Implement Multi-Factor Authentication (MFA)
- Design and implement Conditional Access policies
- Manage access to enterprise applications: OAuth permission grants
- Manage app registrations: Permission scopes, Admin and user consent
- Manage service principals and managed identities
Hands-On Labs
- Configure RBAC and custom roles
- Implement PIM for privileged roles
- Deploy Conditional Access policies
- Secure application access using managed identities
- Configure and validate app registration permissions
Week 2 - Secure Networking
Skills Area: Secure networking (20–25%)
What You'll Learn
- Design security for virtual networks: NSGs and ASGs, Azure Virtual Network Manager
- Implement UDRs and routing controls
- Design VNet peering and VPN Gateway connectivity
- Design and implement Virtual WAN and secured hubs
- Secure VPN connectivity: Point-to-site, Site-to-site
- Implement encryption over ExpressRoute
- Configure firewall settings on Azure resources
- Monitor network security using Network Watcher
Hands-On Labs
- Design and implement NSGs and ASGs
- Configure UDRs and VNet peering
- Secure connectivity using VPN Gateway and Virtual WAN
- Implement Network Watcher flow logs and diagnostics
Week 3 - Private & Public Access Security
Skills Area: Secure networking (continued)
What You'll Learn
- Secure private access to Azure resources: Service Endpoints, Private Endpoints, Private Link services
- Implement network integration for Azure App Service and Azure Functions
- Secure App Service Environment (ASE)
- Secure Azure SQL Managed Instance networking
- Secure public access to Azure resources: TLS for App Service and API Management, Azure Firewall and Firewall Manager, Application Gateway, Azure Front Door and CDN, Web Application Firewall (WAF)
- Recommend Azure DDoS Protection Standard
Hands-On Labs
- Implement Private Endpoints and Private Link
- Secure App Service with VNet integration
- Deploy Azure Firewall with policies
- Configure Application Gateway with WAF
- Protect public endpoints with Front Door and DDoS Protection
Week 4 - Secure Compute, Storage & Databases
Skills Area: Secure compute, storage, and databases (20–25%)
What You'll Learn
- Secure compute: Azure Bastion, Just-In-Time (JIT) VM access
- Secure containers: AKS network isolation, AKS authentication and monitoring, ACI and Azure Container Apps security, Azure Container Registry (ACR) access
- Configure disk encryption: Azure Disk Encryption (ADE), Encryption at host, Confidential disk encryption
- Secure storage: Access control and keys, Azure Files and Blob access methods, Soft delete, backups, versioning, immutable storage, Bring Your Own Key (BYOK), Double encryption
- Secure databases: Entra authentication, Auditing, Dynamic data masking, Transparent Data Encryption (TDE), Always Encrypted
Hands-On Labs
- Implement Bastion and JIT access
- Secure AKS and container workloads
- Configure disk and storage encryption
- Secure Azure SQL with auditing and TDE
- Implement BYOK and immutable storage
Week 5 - Defender for Cloud, Sentinel & Security Operations
Skills Area: Secure Azure using Defender for Cloud & Sentinel (30–35%)
What You'll Learn
- Implement cloud governance using Azure Policy: Policies, Initiatives
- Secure Azure Key Vault: Network settings, RBAC and access policies, Secrets, keys, certificates, Key rotation and backups
- Manage security posture with Microsoft Defender for Cloud: Secure Score, Inventory, Compliance frameworks, Custom standards
- Connect hybrid and multi-cloud environments: AWS, GCP
- Implement Defender External Attack Surface Management (EASM)
- Configure workload protection: Defender for Servers, Defender for Databases, Defender for Storage
- Implement agentless scanning and vulnerability management
- Integrate Defender for Cloud DevOps Security: GitHub, Azure DevOps, GitLab
- Implement Microsoft Sentinel: Data connectors, Analytics rules, Automation and playbooks
- Monitor security events using Azure Monitor and DCRs
Hands-On Labs
- Deploy Azure Policy initiatives
- Secure and configure Azure Key Vault
- Analyze Secure Score and remediate risks
- Enable Defender workload protection plans
- Configure Sentinel data connectors and analytics rules
- Automate incident response with Sentinel playbooks
Certification Outcome
By completing this bootcamp, learners will be able to:
- Secure identity, networking, compute, storage, and databases in Azure
- Operate Defender for Cloud and Microsoft Sentinel effectively
- Respond to real-world cloud security threats
- Confidently sit the AZ-500 certification exam
- Perform effectively in Azure Security Engineer roles
Need a Custom Learning Path?
If you are new to cloud or Azure fundamentals, we recommend starting with Cloud Foundation - Live Bootcamp before AZ-500.
You can book a free consultation to receive a personalized learning curriculum.
Begin Your Azure Security Journey
This comprehensive bootcamp provides practical Azure security implementation skills for securing real-world workloads.