Required Studying Material to become a Azure Security Engineer

Manage Identity and Access (20-25%)

Configure Microsoft Azure Active Directory for workloads

Configure Multi-Factor Authentication settings

Manage Microsoft Azure AD directory groups

Manage Microsoft Azure AD users

Install and configure Microsoft Azure AD Connect, configure authentication methods

Implement Conditional Access policies

Configure Microsoft Azure AD identity protection

Configure Microsoft Azure AD Privileged Identity Management

Monitor privileged access, configure Access Reviews, activate Privileged Identity Management

Configure Microsoft Azure tenant security

Transfer Microsoft Azure subscriptions between Microsoft Azure AD  tenants, manage API access to Microsoft Azure subscriptions and  resources

Implement Platform Protection (35-40%)

Implement network security

Configure virtual network connectivity

Configure Network Security Groups (NSGs)

Create and configure Microsoft Azure Firewall

Create and configure application security groups

Configure remote access management

Configure baseline

Configure resource firewall

Implement host security

Configure endpoint security within the VM

Configure VM security

Harden VMs in Microsoft Azure

Configure system updates for VMs in Microsoft Azure

Configure Baseline

Configure container security

Configure network

Configure authentication

Configure container isolation

Configure AKS security

Configure container registry

Configure container instance security

Implement vulnerability management

Implement Microsoft Azure Resource management security

Create Microsoft Azure resource locks

Manage resource group security

Configure Microsoft Azure policies

Configure custom RBAC roles

Configure subscription and resource permissions

Manage Security Operations (15-20%)

Configure security services

Configure Microsoft Azure Monitor

Configure Microsoft Azure Log Analytics

Configure diagnostic logging and log retention

Configure vulnerability scanning

Configure security policies

Configure centralized policy management by using Microsoft Azure Security Center

Configure Just in Time VM access by using Microsoft Azure Security Center

Manage security alerts

Create and customize alerts

Review and respond to alerts and recommendations

Configure a playbook for a security event by using Microsoft Azure Security Center

Investigate escalated security incidents

Secure Data and Applications (30-35%)

Configure security policies to manage data

Configure data classification

Configure data retention

Configure data sovereignty

Configure security for data infrastructure

Enable database authentication

Enable database auditing

Configure Microsoft Azure SQL Database threat detection

Configure access control for storage accounts

Configure key management for storage accounts

Create and manage Shared Access Signatures (SAS)

Configure security for HDInsights

Configure security for Cosmos DB

Configure security for Microsoft Azure Data Lake

Configure encryption for data at rest

Implement Microsoft Azure SQL Database Always Encrypted

Implement database encryption

Implement Storage Service Encryption

Implement disk encryption

Implement backup encryption

Implement security for application delivery

Implement security validations for application development

Configure synthetic security transactions

Configure application security

Configure SSL/TLS certs

Configure Microsoft Azure services to protect web apps

Create an application security baseline

Configure and manage Key Vault

Manage access to Key Vault

Manage permissions to secrets, certificates, and keys

Manage certificates, manage secrets, configure key rotation