Why This Cheat Sheet Matters for AZ-500
This cheat sheet covers the most important Entra ID & Conditional Access concepts tested on the AZ-500 (Azure Security Engineer Associate) certification exam. It contains 2 sections with 8 key points that you should memorize before exam day. Use this as a quick-reference guide during your final review sessions.
2Sections
8Key Points
Conditional Access
- Signals: user/group, location, device state, application, sign-in risk, user risk.
- Grant controls: require MFA, compliant device, approved app, password change.
- Session controls: sign-in frequency, persistent browser, app-enforced restrictions.
- Report-only mode: test policies without enforcing; review impact in sign-in logs.
Privileged Access
- PIM: just-in-time activation with approval, time-limited, and audited.
- Access reviews: periodic certification of role assignments.
- Emergency access accounts: break-glass accounts excluded from conditional access.
- Managed identities: system or user-assigned; eliminate credential management.
Practice Entra ID & Conditional Access Questions
Put your knowledge to the test with practice questions.
Azure Quick Reference Tips
Azure services follow consistent naming patterns that help with exam recall. Resource Manager (ARM) templates use JSON, while Bicep provides a cleaner DSL for infrastructure as code. Remember that Azure resources are organised in a hierarchy: Management Groups → Subscriptions → Resource Groups → Resources.