The Microsoft Certified: Cloud and AI Security Engineer Associate (SC-500) course is a structured training program designed to help you confidently secure modern cloud and AI-driven environments while preparing for the SC-500 certification. You’ll build a strong foundation in cloud security across identity, networking, compute, data, and governance, while also developing specialized skills for securing AI workloads, including Azure OpenAI and AI-integrated applications.
Overview
COURSE INSTRUCTOR
COURSE DIFFICULTY
COURSE DURATION
9h 35m
Skills Learned
After completing this online training course, students will be able to:
Design and implement secure identity and access controls using RBAC, PIM, MFA, and Conditional Access
Secure applications and workload identities, including service principals and managed identities
Architect and protect network security and access patterns, including private endpoints, firewalls, and secure ingress/egress
Secure compute platforms and containers, including VMs, AKS, and API-based workloads
Protect data, storage, and encryption workflows, including Key Vault and advanced data protection strategies
Implement threat protection and security operations using Microsoft Defender for Cloud and Microsoft Sentinel
Secure AI workloads end-to-end, including model access, data pipelines, AI threats, and Responsible AI controls
This course is intended for:
- Azure and Microsoft server security professionals
- Those who are looking to take and pass the SC 500 exam
None but we recommend that students have previously taken and passed the AZ-104 course and exam.
01. Identity and Access Management
- Azure RBAC Built-in Roles and Role Assignments
- Custom Roles in Azure and Microsoft Entra
- Privileged Identity Management (PIM)
- Multi-Factor Authentication (MFA)
- Conditional Access Policies
- Identity Controls for AI Workloads
02. Application and Workload Identity
- Service Principals and Managed Identities
- App Registrations, Permission Scopes, and Consent
- Enterprise Application Access
- Securing AI Application Authentication and API Access
03. Virtual Network Security
- Network Security Groups (NSGs) and Application Security Groups (ASGs)
- User-Defined Routes and Hub-Spoke Networking
- VNet Connectivity Peering, VPN Gateways, and ExpressRoute
- Monitoring Network Security with Network Watcher
04. Securing Public and Private Access
- Azure Firewall and Firewall Policies
- Application Gateway, Azure Front Door, WAF, and DDoS Protection
- Implementing TLS for Azure Applications
- Private Access Service Endpoints, Private Endpoints, and Private Link
- Network Isolation for AI Services
05. Compute and Container Security
- Secure VM Access Azure Bastion and Just-in-Time (JIT)
- Disk Encryption for Virtual Machines
- Container Security Isolation and Monitoring
- Container Security ACR, ACIs, ACAs, and API Management
06. Storage and Database Security
- Storage Account Access Control and Key Management
- Securing Azure Files
- Data Protection Encryption and BYOK
- Azure SQL Security Authentication, Auditing, and Encryption
07. Governance, Policy, and Key Management
- Azure Policy Policies, Initiatives, and Compliance
- Azure Key Vault Access Control and Network Security
- Managing Certificates, Secrets, Keys, and Rotation
- Backup Security and Asset Management
- AI Governance and Policy Enforcement
08. Threat Protection and Security Operations
- Microsoft Defender for Cloud Security Posture and Secure Score
- External Attack Surface Management (EASM)
- Workload Protection Plans and Defender Services
- Vulnerability Management, Agentless Scanning, and DevOps Security
- Alerts, Workflow Automation, and Azure Monitor
- Microsoft Sentinel Connectors, Analytics Rules, and Automation
- Security Operations for AI Workloads
09. AI-Specific Security: Threats, Content Safety, and Responsible AI
- AI Threat Landscape and Threat Modeling
- Securing Azure OpenAI Deployments
- Content Filtering and Azure AI Content Safety
- Securing RAG Architectures and AI Agents
- Microsoft Responsible AI Framework and AI Compliance
SKILLS LEARNED
Skills Learned
After completing this online training course, students will be able to:
Design and implement secure identity and access controls using RBAC, PIM, MFA, and Conditional Access
Secure applications and workload identities, including service principals and managed identities
Architect and protect network security and access patterns, including private endpoints, firewalls, and secure ingress/egress
Secure compute platforms and containers, including VMs, AKS, and API-based workloads
Protect data, storage, and encryption workflows, including Key Vault and advanced data protection strategies
Implement threat protection and security operations using Microsoft Defender for Cloud and Microsoft Sentinel
Secure AI workloads end-to-end, including model access, data pipelines, AI threats, and Responsible AI controls
WHO SHOULD ATTEND
This course is intended for:
- Azure and Microsoft server security professionals
- Those who are looking to take and pass the SC 500 exam
PREREQUISITES
None but we recommend that students have previously taken and passed the AZ-104 course and exam.
COURSE OUTLINE
01. Identity and Access Management
- Azure RBAC Built-in Roles and Role Assignments
- Custom Roles in Azure and Microsoft Entra
- Privileged Identity Management (PIM)
- Multi-Factor Authentication (MFA)
- Conditional Access Policies
- Identity Controls for AI Workloads
02. Application and Workload Identity
- Service Principals and Managed Identities
- App Registrations, Permission Scopes, and Consent
- Enterprise Application Access
- Securing AI Application Authentication and API Access
03. Virtual Network Security
- Network Security Groups (NSGs) and Application Security Groups (ASGs)
- User-Defined Routes and Hub-Spoke Networking
- VNet Connectivity Peering, VPN Gateways, and ExpressRoute
- Monitoring Network Security with Network Watcher
04. Securing Public and Private Access
- Azure Firewall and Firewall Policies
- Application Gateway, Azure Front Door, WAF, and DDoS Protection
- Implementing TLS for Azure Applications
- Private Access Service Endpoints, Private Endpoints, and Private Link
- Network Isolation for AI Services
05. Compute and Container Security
- Secure VM Access Azure Bastion and Just-in-Time (JIT)
- Disk Encryption for Virtual Machines
- Container Security Isolation and Monitoring
- Container Security ACR, ACIs, ACAs, and API Management
06. Storage and Database Security
- Storage Account Access Control and Key Management
- Securing Azure Files
- Data Protection Encryption and BYOK
- Azure SQL Security Authentication, Auditing, and Encryption
07. Governance, Policy, and Key Management
- Azure Policy Policies, Initiatives, and Compliance
- Azure Key Vault Access Control and Network Security
- Managing Certificates, Secrets, Keys, and Rotation
- Backup Security and Asset Management
- AI Governance and Policy Enforcement
08. Threat Protection and Security Operations
- Microsoft Defender for Cloud Security Posture and Secure Score
- External Attack Surface Management (EASM)
- Workload Protection Plans and Defender Services
- Vulnerability Management, Agentless Scanning, and DevOps Security
- Alerts, Workflow Automation, and Azure Monitor
- Microsoft Sentinel Connectors, Analytics Rules, and Automation
- Security Operations for AI Workloads
09. AI-Specific Security: Threats, Content Safety, and Responsible AI
- AI Threat Landscape and Threat Modeling
- Securing Azure OpenAI Deployments
- Content Filtering and Azure AI Content Safety
- Securing RAG Architectures and AI Agents
- Microsoft Responsible AI Framework and AI Compliance
