WSQ - Microsoft Azure Security Engineer Associate (AZ-500)

Topic 1: Secure Azure solutions with Azure Active Directory

• Explore Azure Active Directory features
• Self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services
• Azure AD DS and self-managed AD DS
• Azure AD DS and Azure AD
• Investigate roles in Azure AD
• Azure AD built-in roles
• Deploy Azure AD Domain Services
• Create and manage Azure AD users
• Manage users with Azure AD groups
• Configure Azure AD administrative units
• Implement passwordless authentication

Topic 2: Implement Hybrid identity 

• Deploy Azure AD connect
• Explore authentication options
• Configure Password Hash Synchronization (PHS)
• Implement Pass-through Authentication (PTA)
• Deploy Federation with Azure AD
• Explore the authentication decision tree
• Configure password writeback

Topic 3: Deploy Azure AD identity protection 

• Explore Azure AD identity protection
• Configure risk event detections
• Implement user risk policy
• Implement sign-in risk policy
• Deploy multifactor authentication in Azure
• Explore multifactor authentication settings
• Enable multifactor authentication
• Implement Azure AD conditional access
• Configure conditional access conditions
• Implement access reviews

Topic 4: Configure Azure AD privileged identity management 

• Explore the zero trust model
• Review the evolution of identity management
• Deploy Azure AD privileged identity management
• Configure privileged identity management scope
• Implement privileged identity management onboarding
• Explore privileged identity management configuration settings
• Implement a privileged identity management workflow

Topci 5: Design an enterprise governance strategy 

• Review the shared responsibility model
• Explore the Azure cloud security advantages
• Review Azure hierarchy of systems
• Configure Azure policies
• Enable Azure role-based access control (RBAC)
• Compare and contrast Azure RBAC vs Azure policies
• Configure built-in roles
• Enable resource locks
• Deploy Azure blueprints
• Design an Azure subscription management plan

Topic 6: Implement perimeter security 

• Define defense in depth
• Explore virtual network security
• Enable Distributed Denial of Service (DDoS) Protection
• Configure a distributed denial of service protection implementation
• Explore Azure Firewall features
• Deploy an Azure Firewall implementation
• Configure VPN forced tunneling
• Create User Defined Routes and Network Virtual Appliances
• Explore hub and spoke topology

Topic 7: Configure network security 

• Explore Network Security Groups (NSG)
• Deploy a Network Security Groups implementation
• Create Application Security Groups
• Enable service endpoints
• Configure service endpoint services
• Deploy private links
• Implement an Azure application gateway
• Deploy a web application firewall
• Configure and manage Azure front door

Topic 8: Configure and manage host security

• Enable endpoint protection
• Define a privileged access device strategy
• Deploy privileged access workstations
• Create virtual machine templates
• Enable and secure remote access management
• Configure update management
• Deploy disk encryption
• Managed disk encryption options
• Deploy and configure Windows Defender
• Microsoft cloud security benchmark in Defender for Cloud
• Explore Microsoft Defender for Cloud recommendations

Topic 9: Enable Containers security 

• Explore containers
• Configure Azure Container Instances security
• Manage security for Azure Container Instances (ACI)
• Explore the Azure Container Registry (ACR)
• Enable Azure Container Registry authentication
• Review Azure Kubernetes Service (AKS)
• Implement an Azure Kubernetes Service architecture
• Configure Azure Kubernetes Service networking
• Deploy Azure Kubernetes Service storage
• Secure authentication to Azure Kubernetes Service with Active Directory
• Manage access to Azure Kubernetes Service using Azure role-based access controls

Topic 10: Deploy and secure Azure Key Vault 

• Explore Azure Key Vault
• Configure Key Vault access
• Review a secure Key Vault example
• Deploy and manage Key Vault certificates
• Create Key Vault keys
• Manage customer managed keys
• Enable Key Vault secrets
• Configure key rotation
• Manage Key Vault safety and recovery features
• Perform Try-This exercises
• Explore the Azure Hardware Security Module

Topic 11: Configure application security features 

• Review the Microsoft identity platform
• Explore the Application model
• Register an application with App Registration
• Configure Microsoft Graph permissions
• Enable managed identities
• Azure App Services
• App Service Environment
• Azure App Service plan
• App Service Environment networking
• Availability Zone Support for App Service Environments
• App Service Environment Certificates

Topic 12: Implement storage security 

• Define data sovereignty
• Configure Azure storage access
• Deploy shared access signatures
• Manage Azure AD storage authentication
• Implement storage service encryption
• Configure blob data retention policies
• Configure Azure files authentication
• Enable the secure transfer required property

Topic 13: Configure and manage SQL database security 

• Enable SQL database authentication
• Configure SQL database firewalls
• Enable and monitor database auditing
• Implement data discovery and classification
• Microsoft Defender for SQL
• Vulnerability assessment for SQL Server
• SQL Advanced Threat Protection
• Explore detection of a suspicious event
• SQL vulnerability assessment express and classic configurations
• Configure dynamic data masking
• Implement transparent data encryption
• Deploy always encrypted features
• Deploy an always encrypted implementation

Topic 14: Configure and manage Azure Monitor 

• Explore Azure Monitor
• Configure and monitor metrics and logs
• Enable Log Analytics
• Manage connected sources for log analytics
• Enable Azure monitor Alerts
• Configure properties for diagnostic logging

Topic 15: Enable and manage Microsoft Defender for Cloud 

• MITRE Attack matrix
• Implement Microsoft Defender for Cloud
• Security posture
• Workload protections
• Deploy Microsoft Defender for Cloud
• Azure Arc
• Azure Arc capabilities
• Microsoft cloud security benchmark
• Configure Microsoft Defender for Cloud security policies
• View and edit security policies
• Manage and implement Microsoft Defender for Cloud recommendations
• Explore secure score
• Define brute force attacks
• Understand just-in-time VM access
• Implement just-in-time VM access

Topic 16: Configure and monitor Microsoft Sentinel 

• Enable Microsoft Sentinel
• Configure data connections to Sentinel
• Create workbooks to monitor Sentinel data
• Enable rules to create incidents
• Configure playbooks
• Hunt and investigate potential breaches

Final Assessment

• Written Assessment - Short Answer Questions (WA-SAQ)
• Practical Performance (PP)

Promotion Code

Promo or discount cannot be applied to WSQ courses

Minimum Entry Requirement

Knowledge and Skills

• Able to operate using computer functions with minimum Computer Literacy Level 2 based on ICAS Computer Skills Assessment Framework
• Minimum 3 GCE ‘O’ Levels Passes including English or WPL Level 5 (Average of Reading, Listening, Speaking & Writing Scores)

Attitude

• Positive Learning Attitude
• Enthusiastic Learner

Experience

• Minimum of 1 year of working experience.

Target Year Group : 21-65 years old

Minimum Software/Hardware Requirement

Software:

You need to sign up a Azure account (Credit Card is required).

Hardware: Windows and Mac Laptops

About Progressive Wage Model (PWM)

The Progressive Wage Model (PWM) helps to increase wages of workers through upgrading skills and improving productivity. 

Employers must ensure that their Singapore citizen and PR workers meet the PWM training requirements of attaining at least 1 Workforce Skills Qualification (WSQ) Statement of Attainment, out of the list of approved WSQ training modules.

For more information on PWM, please visit MOM site.

Funding Eligility Criteria

Steps to Apply Skills Future Claim

• The staff will send you an invoice with the fee breakdown.
• Login to the MySkillsFuture portal, select the course you’re enrolling on and enter the course date and schedule.
• Enter the course fee payable by you (including GST) and enter the amount of credit to claim.
• Upload your invoice and click ‘Submit’

SkillsFuture Level-Up Program

The  SkillsFuture Level-Up Programme provides greater structural support for mid-career Singaporeans aged 40 years and above to pursue a substantive skills reboot and stay relevant in a changing economy. For more information, visit SkillsFuture Level-Up Programme

Get Additional Course Fee Support Up to $500 under UTAP

The Union Training Assistance Programme (UTAP) is a training benefit provided to NTUC Union Members with an objective of encouraging them to upgrade with skills training. It is provided to minimize the training cost. If you are a NTUC Union Member then you can get 50% funding (capped at $500 per year) under Union Training Assistance Programme (UTAP).

For more information visit NTUC U Portal – Union Training Assistance Program (UTAP)

Steps to Apply UTAP

• Log in to your U Portal account to submit your UTAP application upon completion of the course.

Note

• SSG subsidy is available for Singapore Citizens, Permanent Residents, and Corporates.
• All Singaporeans aged 25 and above can use their SkillsFuture Credit to pay. For more details, visit www.skillsfuture.gov.sg/credit
• An unfunded course fee can be claimed via SkillsFuture Credit or paid in cash.
• UTAP funding for NTUC Union Members is capped at $250 for 39 years and below and at $500 for 40 years and above.
• UTAP support amount will be paid to training provider first and claimed after end of class by learner.

Appeal Process

1. The candidate has the right to disagree with the assessment decision made by the assessor.
2. When giving feedback to the candidate, the assessor must check with the candidate if he agrees with the assessment outcome.
3. If the candidate agrees with the assessment outcome, the assessor & the candidate must sign the Assessment Summary Record.
4. If the candidate disagrees with the assessment outcome, he/she should not sign in the Assessment Summary Record.
5. If the candidate intends to appeal the decision, he/she should first discuss the matter with the assessor/assessment manager.
6. If the candidate is still not satisfied with the decision, the candidate must notify the assessor of the decision to appeal. The assessor will reflect the candidate’s intention in the Feedback Section of the Assessment Summary Record.
7. The assessor will notify the assessor manager about the candidate’s intention to lodge an appeal.
8. The candidate must lodge the appeal within 7 days, giving reasons for appeal 
9. The assessor can help the candidate with writing and lodging the appeal.
10. he assessment manager will collect information from the candidate & assessor and give a final decision.
11. A record of the appeal and any subsequent actions and findings will be made.
12. An Assessment Appeal Panel will be formed to review and give a decision.
13. The outcome of the appeal will be made known to the candidate within 2 weeks from the date the appeal was lodged.
14. The decision of the Assessment Appeal Panel is final and no further appeal will be entertained.
15. Please click the link below to fill up the Candidates Appeal Form.

• Security Engineer
• Cloud Security Analyst
• Systems Administrator
• Network Administrator
• IT Security Specialist
• DevOps Engineer
• Solutions Architect
• Security Consultant
• Cybersecurity Analyst
• Infrastructure Architect
• IT Manager
• Cloud Solutions Architect
• Security Compliance Analyst
• Security Auditor
• Incident Responder

Sivanesan Sivakaruniam:
Sivanesan Sivakaruniam is a cybersecurity and cloud infrastructure specialist with over 20 years of experience in IT governance, risk management, and information security. A CISSP and Azure Certified Professional, he has managed enterprise-level security operations across financial, telecommunications, and government sectors. His expertise includes cloud security architecture, identity and access management, and compliance frameworks such as ISO 27001 and NIST. As a corporate trainer, Sivanesan is known for translating complex security principles into practical, actionable knowledge for IT professionals.

In “Microsoft Azure Security Engineer Associate (AZ-500),” Sivanesan provides learners with deep insights into designing and implementing secure Azure environments. His sessions cover topics such as threat protection, network security, and identity governance. By integrating real-world cybersecurity practices with Azure security capabilities, he enables learners to confidently configure, manage, and monitor cloud security solutions aligned with enterprise and certification standards.

Achim Ludwig Dietzenbach: Achim Ludwig Dietzenbach is an information security consultant and infrastructure engineer with more than 25 years of global experience in systems administration, cloud migration, and enterprise network security. He has led large-scale infrastructure and security transformation projects for multinational corporations, focusing on secure cloud adoption, vulnerability management, and compliance automation. Achim’s expertise spans Microsoft Azure, AWS, and hybrid environments, making him a trusted professional in multi-cloud security management.

In “Microsoft Azure Security Engineer Associate (AZ-500),” Achim trains participants on implementing and maintaining robust Azure security controls. His sessions emphasize securing virtual networks, managing identities, and automating security responses using Azure Security Center and Sentinel. With a focus on hands-on learning, he guides learners in applying defense-in-depth strategies and modern DevSecOps practices to real-world Azure environments.

Agus Salim: Agus Salim is an experienced IT systems engineer and cloud computing specialist with over 15 years of experience in network security, system administration, and IT infrastructure. A WSQ-accredited trainer and Microsoft Certified Professional, he has trained and mentored hundreds of IT professionals in cloud security, automation, and server management. His strong technical foundation and clear instructional approach make him an effective educator for learners advancing their cloud security expertise.

In “Microsoft Azure Security Engineer Associate (AZ-500),” Agus focuses on building learners’ proficiency in Azure’s security frameworks, including access management, encryption, and workload protection. His sessions combine conceptual understanding with practical demonstrations of threat detection, identity management, and security policy implementation. Through guided exercises, he helps participants develop the hands-on skills needed to design and maintain secure Azure-based solutions.

Danny Teo Yong Song: Danny Teo is a cybersecurity practitioner and digital forensics expert with more than 18 years of experience in IT security, risk assessment, and cloud-based defense systems. He has worked extensively with tools such as Microsoft Defender, Azure Security Center, and SIEM/SOAR platforms to secure enterprise infrastructures. Danny’s career spans consulting, system integration, and cybersecurity training, and he is recognized for his practical, scenario-based approach to teaching.

In “Microsoft Azure Security Engineer Associate (AZ-500),” Danny equips learners with essential skills to protect cloud environments from evolving threats. His sessions cover security monitoring, governance, compliance management, and automation of security operations in Azure. By blending theoretical concepts with real-world simulations, he ensures that participants are fully prepared to safeguard enterprise cloud systems and achieve success in the AZ-500 certification.

Truman Ng: Truman Ng is a senior cloud infrastructure and cybersecurity architect with over two decades of experience in enterprise network security, DevOps automation, and AI-enabled monitoring systems. A PMP, ACTA, and Huawei HCIE-certified professional, he has led multiple cybersecurity and cloud deployment projects across Asia. His expertise lies in integrating secure architectures into hybrid environments, ensuring resilience, scalability, and compliance in enterprise operations.

In “Microsoft Azure Security Engineer Associate (AZ-500),” Truman teaches learners how to design and implement enterprise-grade cloud security solutions using Azure tools and best practices. His sessions focus on identity protection, threat mitigation, and automated defense mechanisms. Through case studies and practical labs, he empowers participants to deploy secure Azure infrastructures and effectively manage cloud security operations at scale.