AZ-500 includes identity and access security topics such as configuring Azure AD PIM, configuring and managing Azure Key Vault, and configuring Azure AD for Azure workloads. It also references security considerations for an Azure subscription.
Identity and access is covered as a dedicated module in AZ-500, reflecting how access control is central to cloud security. The module is framed around modern security posture principles, including the idea of assuming breach and using a Zero Trust model, where access must be managed consistently regardless of where requests originate.The program topics listed include configuring Azure AD Privileged Identity Management (PIM). PIM is commonly used to manage privileged roles and reduce standing administrative access by enabling controlled, time-bound elevation. Understanding this capability helps security engineers reduce risk associated with long-lived permissions.The module also includes configuring and managing Azure Key Vault. Key Vault is used for managing secrets, keys, and related sensitive material, which is closely tied to both identity and application security controls. Managing Key Vault correctly is a practical requirement in many environments where credentials and encryption keys must be protected and audited.Another topic listed is configuring Azure AD for Azure workloads. This points to workload identity considerations, where applications and services need secure identity integration for access to resources. Security engineers often need to ensure that workloads follow least privilege and that identity configuration supports secure access patterns.Finally, the module references security for an Azure subscription. Subscription-level security includes governance and access boundaries that define how resources are controlled, and it influences what identity and access configurations are possible and enforceable.In combination, these identity and access topics aim to equip you with the controls needed to manage privileged access, protect secrets and keys, and ensure that both users and workloads authenticate and authorize safely in Azure.
Identity is the control plane for cloud security. If you get privileged access and workload identity wrong, no amount of network segmentation will compensate. AZ-500’s identity module is useful because it includes both human privilege controls and the tooling used to protect secrets and keys.Approach the topics with an audit mindset. Ask what can grant access, how that access is approved, and how you can verify it later. PIM matters because it changes how privilege is held over time. Key Vault matters because many breaches start with exposed secrets, not exposed ports.Also remember that subscription security is a boundary. Permissions and policies at that level shape how identities can interact with resources, and they often determine whether least-privilege designs are enforceable.
“Configure Azure AD PIM and configure and manage Azure Key Vault.”
Expert Trainer
Expert Trainer
SC-300 develops skills in Azure AD identity management, authentication controls, application access, and identity governance.
SC-300 covers identity governance through entitlements, access reviews, and privileged access management.
AZ-500 teaches how to implement Azure security controls, maintain security posture, and identify and remediate vulnerabilities. The scope spans identity and access, platform protection, data and applications, and security operations.
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.