CertPrepNow
MicrosoftSC-500Updated 2026-06-13

SC-500 Study Guide

Everything you need to pass the Microsoft Certified: Cloud and AI Security Engineer Associate exam. Structured study plans, key services, common traps, and practice questions.

You Can Pass This Exam For Free

The SC-500 exam is passable with free resources alone if you study consistently for 8-14 weeks:

  • Microsoft Learn official SC-500 study guide and learning paths (free)
  • Microsoft Learn documentation for Entra ID, Defender for Cloud, Sentinel, and Security Copilot (free)
  • Azure free-tier account for hands-on labs with Defender for Cloud and Sentinel (free)
  • Microsoft Security Best Practices documentation (free)
  • Microsoft Learn modules for AI security and Copilot Studio (free)
  • 500+ free practice questions on this site

SC-500 replaces the retiring AZ-500 (August 31, 2026) and adds significant AI security content. Microsoft Learn documentation is the single best free resource since the exam is based entirely on Microsoft services. Hands-on experience with an Azure free account is strongly recommended.

Choose Your Study Path

Limited Azure or cloud security experience. You need to build foundational knowledge in Azure services, identity, and networking before tackling AI security.

Week 1-2Learn Azure fundamentals: resource groups, subscriptions, management groups, RBAC basics, and the Azure portal. Set up a free Azure account for labs
Week 3-4Study Microsoft Entra ID deeply: authentication methods (MFA, passwordless), conditional access policies, PIM, managed identities, and enterprise application registration
Week 5Learn Azure Key Vault: deployment, access policies, firewall settings, key/secret/certificate management, and Defender for Key Vault
Week 6-7Study networking security: NSGs, ASGs, Azure Firewall, Private Link, Private Endpoints, VPN, Virtual WAN, and Network Watcher diagnostics
Week 8Cover storage and database security: storage account security, Azure SQL platform security, database auditing, Defender for Storage, and Defender for Databases
Week 9-10Study compute security: VM encryption, Azure Bastion, JIT access, Azure Arc, Defender for Servers, Defender for Containers, AKS security, and App Service security
Week 11Focus on AI security: Purview DSPM for AI, Copilot Studio real-time protection, Entra Agent ID conditional access, Defender for AI Service, AI Gateway in API Management, and Foundry guardrails
Week 12Study security posture management: Defender for Cloud, Defender CSPM, EASM, Microsoft Sentinel (workspaces, data connectors, automation rules, playbooks)
Week 13Learn Microsoft Security Copilot: workspace configuration, permissions, plugins, and agents. Practice with Sentinel KQL queries
Week 14Take full practice exams, review weak areas, focus on domains where you score below 75%. Schedule your real exam when scoring 80%+

Exam Overview

Format

40-60 questions, 120 minutes. Multiple choice, drag-and-drop, and case study questions.

Scoring

Scaled score 100-1000. Passing: 700. No penalty for wrong answers -- always guess if unsure.

Domains & Weights

  • Manage Identity, Access, and Governance22%
  • Secure Storage, Databases, and Networking28%
  • Secure Compute25%
  • Manage and Monitor Security Posture25%

Registration

$165 USD. Available at Pearson VUE testing centers or online proctored from home. Exam fee is $165 USD. Beta exam was released May 2026.

Topic Priority Table

Not all topics are tested equally. Focus your study time on Tier 1 first, then Tier 2. Tier 3 topics rarely appear — just recognize what they do.

Tier 1: Must KnowYou must understand these services deeply, know their configuration options, and be able to apply them in scenario-based questions. These appear across multiple domains and questions.
Tier 2: Should KnowUnderstand what these services do and their key configuration options. May appear in 2-5 questions each.
Tier 3: Recognize OnlyKnow what these are at a high level. Rarely more than 1-2 questions each.
Domain 122% of exam

Manage Identity, Access, and Governance

This domain covers securing access using Microsoft Entra ID (conditional access, PIM, MFA, managed identities), managing secrets with Azure Key Vault, and enforcing governance through Azure Policy, RBAC, and compliance controls. Identity is the foundation of Zero Trust architecture and underpins all other security domains.

Key Topics

Microsoft Entra IDAzure Key VaultPIMConditional AccessAzure PolicyRBACManaged IdentitiesAzure Backup

Must-Know Concepts

  • PIM: eligible vs active role assignments, activation workflows, approval requirements, access reviews, and time-bound assignments
  • Conditional access: policy components (assignments, conditions, grant controls, session controls), named locations, device compliance, and risk-based policies
  • Authentication methods: MFA configuration, passwordless options (FIDO2, Windows Hello, Microsoft Authenticator), and authentication strength policies
  • Application identity: enterprise app registration, OAuth permission grants, consent settings (user vs admin consent), and API permissions
  • Managed identities: system-assigned vs user-assigned, when to use each, and how they authenticate to Azure services without credentials
  • Key Vault: deployment, access policies vs RBAC, firewall and VNet rules, key/secret/certificate lifecycle management, and Defender for Key Vault alerts
  • Azure Policy: built-in vs custom policy definitions, policy initiatives, effects (deny, audit, append, deployIfNotExists), remediation tasks, and exemptions
  • RBAC: built-in roles vs custom roles (Azure and Entra), role assignment scope (management group, subscription, resource group, resource), and least privilege
  • Resource locks: CanNotDelete vs ReadOnly, inheritance, and how they interact with RBAC permissions
  • Infrastructure as code security: securing ARM templates, Bicep, and Terraform deployments with policy and RBAC

Common Exam Traps

PIM eligible assignments do NOT grant active access. Users must activate the role, which can require approval and MFA. Active assignments grant immediate access
Key Vault access can be controlled by access policies OR RBAC, but not both simultaneously for the same vault. Know which model the scenario uses
System-assigned managed identities are deleted when the resource is deleted. If a scenario needs identity persistence beyond resource lifecycle, use user-assigned
Custom Azure roles and custom Entra roles are different. Azure roles control Azure resource access; Entra roles control directory operations
Defender CSPM scans Key Vault for exposed secrets. This is separate from Defender for Key Vault, which detects suspicious access patterns
Quick Check: Manage Identity, Access, and Governance

Question 1 of 3

A security engineer needs to ensure that a global admin role can only be used for a maximum of 8 hours and requires approval from a designated approver before activation. Which feature should be configured?

Domain 228% of exam

Secure Storage, Databases, and Networking

The heaviest domain at 28%. Covers securing Azure Storage accounts, Azure SQL databases, and the full range of Azure networking security services including NSGs, Azure Firewall, Private Link, VPN, Virtual WAN, and Entra Private Access. Master network security fundamentals and database protection or you will struggle on nearly a third of the exam.

Key Topics

Azure StorageAzure SQLNSGsASGsAzure FirewallPrivate LinkPrivate EndpointsVPNVirtual WANNetwork WatcherEntra Private Access

Must-Know Concepts

  • Storage account security: shared access signatures (SAS), stored access policies, storage firewalls, service endpoints, private endpoints, and Microsoft Entra authorization
  • Defender for Storage: threat protection configurations including malware scanning, sensitive data detection, and anomalous access alerts
  • Azure SQL platform-level security: server-level firewall rules, VNet service endpoints, private endpoints, Microsoft Entra authentication, and transparent data encryption (TDE)
  • Database auditing for Azure SQL Database and Azure SQL Managed Instance: configuring audit logs to storage, Log Analytics, or Event Hubs
  • Defender for Databases: protection across Azure SQL, Cosmos DB, PostgreSQL, MySQL, and MariaDB with vulnerability assessment and threat detection
  • NSG and ASG: inbound/outbound rules, priority-based evaluation, ASG for logical grouping, and effective security rules analysis using Network Watcher
  • Azure Virtual Network Manager: centralized network access policies, connectivity configurations, and security admin rules across multiple VNets
  • Azure Virtual WAN: secure hub configuration, routing, integrated firewall, and branch connectivity security
  • VPN connections: site-to-site, point-to-site, and VNet-to-VNet configurations with IPsec/IKE security policies
  • Microsoft Entra Private Access: ZTNA replacement for VPN using identity-based policies for private resource access
  • Private endpoints and Private Link: securing PaaS resources with private network connectivity and Private Link services for custom services
  • Azure Firewall: deployment modes, rule types (application, network, DNAT), threat intelligence, and DNS proxy configuration
  • Network Watcher: NSG flow logs, connection troubleshoot, effective security rules, and IP flow verify diagnostics

Common Exam Traps

Storage account firewalls and NSGs are DIFFERENT controls. Storage firewalls control access to the storage service endpoint. NSGs control traffic at the subnet/NIC level
Private endpoints and service endpoints are NOT the same. Private endpoints assign a private IP to the PaaS service. Service endpoints keep the public IP but route traffic through the Azure backbone
Azure SQL Database and Azure SQL Managed Instance have different auditing configuration options. Know which audit destinations each supports
Defender for Storage malware scanning is a separate feature from Defender for Storage anomalous access detection. Both must be enabled independently
NSG rules are evaluated by priority (lowest number = highest priority). If a lower-priority deny rule exists after a higher-priority allow rule, the allow rule takes precedence
Quick Check: Secure Storage, Databases, and Networking

Question 1 of 3

An organization wants to ensure that their Azure Storage account can only be accessed from resources within a specific VNet subnet, while blocking all public internet access. Which combination of settings should be configured?

Domain 325% of exam

Secure Compute

This domain covers three major areas: AI security (the SC-500 differentiator), server and VM protection, and application platform security. AI security is the primary new content area compared to AZ-500 and includes Entra Agent ID, Purview DSPM for AI, Copilot Studio protection, Defender for AI, and Foundry guardrails. Expect significant AI security coverage despite the modest domain weight.

Key Topics

Entra Agent IDPurview DSPM for AICopilot StudioDefender for AIAI GatewayFoundryDefender for ServersDefender for ContainersAzure BastionJIT VM AccessDisk EncryptionAKSApp ServiceAzure Functions

Must-Know Concepts

  • AI security: identify data overexposure in SharePoint used by Copilot, identify risks from Copilot and AI apps using Purview DSPM, and configure data protection policies
  • Copilot Studio: enable and configure real-time protection for Copilot Studio agents to detect and prevent security threats during agent operation
  • Entra Agent ID: implement conditional access policies for AI agents, analyze blast radius for agent security risks using Defender XDR, and manage agent access
  • AI Gateway: configure and deploy AI Gateway in Azure API Management for Microsoft Foundry with token limits, rate limiting, and cost controls
  • Defender for AI Service: enable in Cloud Workload Protection, monitor AI security using the Data and AI security dashboard in Defender for Cloud
  • Foundry guardrails: configure guardrails for agent security in Microsoft Foundry to constrain agent behavior and outputs
  • Agent management: manage agents in Microsoft 365 admin center for enterprise governance
  • Disk encryption: Azure Disk Encryption (ADE) using BitLocker/DM-Crypt, server-side encryption (SSE) with platform-managed or customer-managed keys
  • Azure Bastion: secure RDP/SSH without public IPs, deployment in VNet, and SKU selection
  • JIT VM access: time-limited NSG rule creation, approval workflows, and Defender for Servers requirement
  • Azure Arc: onboarding hybrid and multi-cloud servers, extending security controls, and Defender for Servers integration
  • Defender for Servers: onboarding, vulnerability scanning, EDR integration, agentless scanning, and security configuration with Machine Configuration
  • VM security features: secure boot, virtual TPM (vTPM), integrity monitoring, and trusted launch security type
  • Defender for Containers: runtime risk detection, image vulnerability scanning, and Kubernetes policy enforcement
  • AKS security: network policies, pod security, Azure AD integration, and secrets management
  • Container security: Azure Container Registry scanning, Container Instances isolation, Container Apps security
  • App Service and Functions: authentication, network access restrictions, managed identity integration
  • Azure Logic Apps: security controls for workflow automation including managed identity auth, network isolation, and access control
  • WAF: deployment with Application Gateway, Front Door, or CDN for web application protection
  • API Management: security policies for backend API protection, rate limiting, and authentication

Common Exam Traps

AI security content represents a disproportionately large portion of actual exam questions relative to its position within Domain 3. Do not underestimate this topic
Entra Agent ID is NOT the same as managed identity. Agent ID is for AI agents; managed identity is for Azure resources. The exam explicitly tests this distinction
Purview DSPM for AI protects DATA used by AI (overexposure). Defender for AI protects AI WORKLOADS (threat detection). Different protection targets
JIT VM access requires Defender for Servers to be enabled. It creates temporary NSG rules -- it does not replace Azure Bastion, which provides the actual connection method
ADE (Azure Disk Encryption) uses BitLocker for Windows and DM-Crypt for Linux. Server-side encryption (SSE) is different -- it encrypts the physical disk at the storage layer
Quick Check: Secure Compute

Question 1 of 3

A security team discovers that Microsoft Copilot users have been accessing sensitive financial data stored in SharePoint sites that were not intended for AI consumption. Which Microsoft tool should be used to identify and remediate this data overexposure?

Domain 425% of exam

Manage and Monitor Security Posture

This domain covers proactive security posture management with Defender for Cloud, threat detection and response with Microsoft Sentinel, and AI-powered investigation with Security Copilot. Includes multi-cloud integration (AWS and GCP), external attack surface management, and the full Sentinel data pipeline from ingestion through automation.

Key Topics

Defender for CloudDefender CSPMMicrosoft SentinelSecurity CopilotDefender EASMDefender Vulnerability ManagementPurview Audit

Must-Know Concepts

  • Defender CSPM: identify security risks, attack path analysis, cloud security graph, compliance evaluation against security frameworks, and security recommendations
  • Defender for Cloud workload protection plans: enabling and configuring plans for Servers, Containers, Storage, Databases, Key Vault, AI, and App Services
  • Multi-cloud integration: connecting AWS and GCP environments to Defender for Cloud using connectors, extending CSPM and threat protection to non-Azure clouds
  • Defender Vulnerability Management: configuring vulnerability scanning for Azure VMs, prioritizing vulnerabilities by severity and exploitability
  • Defender EASM: discovering unprotected external-facing assets, mapping the attack surface, and identifying shadow IT resources
  • Microsoft Sentinel workspace: creation, role assignments (Sentinel Reader, Responder, Contributor), and workspace architecture decisions
  • Sentinel content hub: installing and using packaged solutions for specific data sources and threat scenarios
  • Data connectors: configuring Microsoft data connectors for Azure resources, syslog and CEF event collection, and Windows Security event collection using data collection rules (DCR)
  • Custom log tables: creating custom tables in the Log Analytics workspace for ingesting non-standard data sources
  • Sentinel automation: automation rules for incident handling and playbooks (Logic Apps) for response orchestration
  • Data retention: configuring retention policies for different data tables in Sentinel
  • Purview Audit: querying Microsoft Purview Audit logs in Defender XDR for compliance and investigation
  • Security Copilot: configuring workspaces, managing permissions and roles, enabling and configuring plugins, and deploying Microsoft agents and Security Store agents

Common Exam Traps

Defender CSPM (posture) and Defender workload protection (threats) are separate capabilities that can be enabled independently. CSPM finds misconfigurations; workload protection detects active threats
Sentinel automation rules and playbooks are different. Automation rules handle simple actions (severity changes, owner assignment). Playbooks are Logic Apps that perform complex orchestrated responses
Security Copilot plugins must be explicitly enabled. The built-in capabilities are limited without plugins for specific products like Sentinel, Defender XDR, Intune, and Purview
Windows Security event collection in Sentinel uses data collection rules (DCR), not the legacy agent approach. Know DCR configuration
Defender EASM discovers EXTERNAL assets. Defender CSPM assesses INTERNAL posture. Both are in Domain 4 but serve different purposes
Quick Check: Manage and Monitor Security Posture

Question 1 of 3

A company operates in Azure, AWS, and GCP. They want a single pane of glass to evaluate security posture and compliance across all three clouds. Which service should be configured?

Services and Concepts You Must Not Confuse

These pairs appear on nearly every exam. Learn the difference and you'll avoid the most common traps.

Private Endpoints vs Private Link Services

Use Private Endpoints when…

Consumer-side connection. Creates a network interface in your VNet with a private IP that connects to a specific Azure PaaS service (e.g., Storage, SQL), keeping traffic on the Microsoft backbone.

Use Private Link Services when…

Provider-side configuration. Enables your own service (behind a Standard Load Balancer) to be accessed via Private Link by consumers in other VNets or subscriptions.

Exam trap

Private Endpoints connect TO services. Private Link Services expose YOUR services. The exam tests whether you know which side each operates on. Private Endpoints are far more commonly tested.

System-Assigned Managed Identity vs User-Assigned Managed Identity

Use System-Assigned Managed Identity when…

Created and tied to a specific Azure resource. When the resource is deleted, the identity is automatically deleted. One identity per resource, cannot be shared.

Use User-Assigned Managed Identity when…

Created as a standalone Azure resource with independent lifecycle. Can be assigned to multiple resources simultaneously. Persists even if resources are deleted.

Exam trap

System-assigned = one-to-one with resource, auto-deleted. User-assigned = standalone, shareable, persists independently. If a scenario requires the same identity across multiple VMs, the answer is user-assigned.

NSG (Network Security Group) vs Azure Firewall

Use NSG (Network Security Group) when…

Stateful packet filtering at the subnet or NIC level using 5-tuple rules (source/destination IP, port, protocol). Free with Azure. Basic allow/deny rules.

Use Azure Firewall when…

Fully managed, stateful firewall service with built-in high availability. Supports application FQDN filtering, threat intelligence, TLS inspection, and centralized logging. Paid service.

Exam trap

NSGs are free, simple L3/L4 filtering at subnet/NIC. Azure Firewall is a paid, centralized L3-L7 service with advanced features. The exam may present scenarios where both are needed together -- NSGs for micro-segmentation, Azure Firewall for centralized egress filtering.

Defender CSPM vs Defender for Cloud Workload Protection

Use Defender CSPM when…

Cloud Security Posture Management. Identifies security risks, evaluates compliance against frameworks, provides attack path analysis, and generates security recommendations across your environment.

Use Defender for Cloud Workload Protection when…

Threat protection plans for specific workload types (Servers, Containers, Storage, Databases, Key Vault, AI). Detects active threats and provides real-time security alerts.

Exam trap

CSPM is proactive posture assessment (misconfigurations, compliance gaps). Workload Protection is reactive threat detection (active attacks, anomalies). The exam tests whether you know which to use: compliance gaps = CSPM, active threats = workload protection plans.

Microsoft Sentinel vs Microsoft Security Copilot

Use Microsoft Sentinel when…

Cloud-native SIEM/SOAR platform that collects security data via data connectors, detects threats with analytics rules, investigates incidents, and automates response with playbooks and automation rules.

Use Microsoft Security Copilot when…

AI-powered security assistant that uses natural language to help analysts investigate incidents, summarize threats, generate reports, and query security data across Microsoft products.

Exam trap

Sentinel is the SIEM/SOAR platform that collects, detects, and responds. Security Copilot is the AI assistant that helps analysts work faster within Sentinel and other tools. They complement each other -- Copilot does not replace Sentinel.

Azure Bastion vs Just-in-Time (JIT) VM Access

Use Azure Bastion when…

Provides secure RDP/SSH access to VMs through the Azure portal without exposing VM public IP addresses. Always-on PaaS service deployed in your VNet.

Use Just-in-Time (JIT) VM Access when…

Locks down inbound traffic to VM management ports (RDP/SSH) until access is requested and approved. Creates time-limited NSG rules. Part of Defender for Servers.

Exam trap

Bastion eliminates public IP exposure for remote access. JIT controls WHEN management ports are open. They solve different problems and can be used together: Bastion for how you connect, JIT for when ports are accessible.

Entra Agent ID vs Managed Identity

Use Entra Agent ID when…

First-class identity for AI agents in Microsoft Entra. Enables conditional access, blast radius analysis, and governance specifically for autonomous AI agents operating in the enterprise.

Use Managed Identity when…

Identity for Azure resources (VMs, App Services, Functions) to authenticate to other Azure services without storing credentials. System-assigned or user-assigned.

Exam trap

Entra Agent ID is for AI AGENTS (Copilot, autonomous agents). Managed Identity is for Azure RESOURCES (VMs, apps). Both eliminate credential storage, but they serve completely different identity scenarios. SC-500 tests both.

Purview DSPM for AI vs Defender for AI Service

Use Purview DSPM for AI when…

Data security posture management. Identifies data overexposure risks in SharePoint used by Copilot, monitors AI activity, and provides policies to prevent data loss through AI prompts.

Use Defender for AI Service when…

Cloud workload protection for AI services in Defender for Cloud. Detects threats against AI workloads in Azure AI Foundry with real-time security alerts and threat intelligence.

Exam trap

DSPM for AI protects DATA used by AI (overexposure, data loss prevention). Defender for AI protects AI WORKLOADS (threat detection, runtime security). Different protection targets: data vs infrastructure.

Top Mistakes to Avoid

Confusing Private Endpoints (consumer-side private IP for PaaS) with Service Endpoints (optimized routing that keeps the public IP) -- both provide network security but work very differently
Mixing up Defender CSPM (proactive posture assessment) with Defender workload protection plans (reactive threat detection) -- one finds misconfigurations, the other detects active threats
Thinking NSGs and Azure Firewall are interchangeable -- NSGs are free L3/L4 filters at subnet/NIC level, Azure Firewall is a paid centralized L3-L7 service with advanced capabilities
Confusing PIM eligible assignments (require activation) with active assignments (always on) -- eligible assignments provide just-in-time access with optional approval workflows
Treating Entra Agent ID and managed identities as the same thing -- Agent ID is for AI agents, managed identities are for Azure resources like VMs and App Services
Confusing Purview DSPM for AI (protects data used by Copilot) with Defender for AI Service (protects AI workloads from threats) -- different protection targets and different services
Mixing up Sentinel automation rules (simple incident actions) with playbooks (Logic App-based orchestrated responses) -- automation rules are lightweight, playbooks are complex workflows
Thinking Azure Bastion and JIT VM access do the same thing -- Bastion is HOW you connect (secure RDP/SSH), JIT controls WHEN management ports are open
Confusing system-assigned managed identities (tied to resource, auto-deleted) with user-assigned (standalone, shareable) -- using the wrong type leads to either orphaned identities or lost access
Not knowing that Security Copilot plugins must be explicitly enabled -- without enabling the Sentinel, Defender, or Purview plugins, Copilot cannot access those data sources

Exam-Ready Checklist

Can explain all 4 exam domains and their relative weights (22%, 28%, 25%, 25%)
Know how to configure PIM: eligible vs active assignments, activation workflows, approval settings, and access reviews
Can configure conditional access policies including the new extension for Entra Agent ID
Understand Azure Key Vault access models (access policies vs RBAC), firewall configuration, and Defender for Key Vault
Can differentiate NSGs, Azure Firewall, WAF, and when to use each for network security
Know Private Endpoints vs Private Link Services vs Service Endpoints and their appropriate use cases
Understand all AI security services: Purview DSPM for AI, Entra Agent ID, Copilot Studio real-time protection, Defender for AI, AI Gateway, and Foundry guardrails
Can configure Microsoft Sentinel: workspace creation, data connectors, content hub, automation rules, playbooks, and data retention
Know Microsoft Security Copilot setup: workspaces, role assignments, plugin enablement, and agent configuration
Understand Defender for Cloud: CSPM vs workload protection plans, multi-cloud connectors (AWS/GCP), and security recommendations
Can explain disk encryption options: ADE (BitLocker/DM-Crypt) vs SSE (platform-managed vs customer-managed keys)
Know container security: Defender for Containers, AKS security controls, Container Registry scanning, and runtime protection
Understand multi-cloud security posture management across Azure, AWS, and GCP environments
Scored 75%+ on at least two full practice exams (700/1000 passing score)

Recommended Resources

Free & Official Resources

Paid Courses & Practice Exams

These are recommended if you prefer a structured learning path. They can save time but are not required to pass.

Frequently Asked Questions