This exam will be updated July 29, 2020. Following the current exam guide, we have included the new guide that will take effect July 29, 2020 as well as the marked-up guide along with a comparison table in the final portion of this document. Audience Profile Candidates for this exam should have subject matter expertise implementing security controls and threat protection, managing identity and access, and protecting data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure. Responsibilities for an Azure Security Engineer include maintaining the security posture, identifying and remediating vulnerabilities by using a variety of security tools, implementing threat protection, and responding to security incident escalations. Azure Security Engineers often serve as part of a larger team dedicated to cloud-based management and security or hybrid environments as part of an end-to-end infrastructure. A candidate for this exam should be familiar with scripting and automation, should have a deep understanding of networking and virtualization. A candidate should also have a strong familiarity with cloud capabilities, Azure products and services, and other Microsoft products and services. Skills Measured NOTE: The bullets that appear below each of the skills measured are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive. NOTE: In most cases, exams do NOT cover preview features, and some features will only be added to an exam when they are GA (General Availability). Manage identity and access (20-25%) Configure Azure Active Directory for workloads  create App Registration  configure App Registration permission scopes  manage App Registration permission consent  configure Multi-Factor Authentication settings  manage Azure AD directory groups  manage Azure AD users  install and configure Azure AD Connect  configure authentication methods  implement Conditional Access policies  configure Azure AD identity protection Configure Azure AD Privileged Identity Management  monitor privileged access  configure Access Reviews  activate Privileged Identity Management Configure Azure tenant security  transfer Azure subscriptions between Azure AD tenants  manage API access to Azure subscriptions and resources Implement platform protection (35-40%) Implement network security  configure virtual network connectivity  configure Network Security Groups (NSGs)  create and configure Azure Firewall  create and configure Azure Front Door service  create and configure application security groups  configure remote access management  configure baseline  configure resource firewall Implement host security  configure endpoint security within the VM  configure VM security  harden VMs in Azure  configure system updates for VMs in Azure  configure baseline Configure container security  configure network  configure authentication  configure container isolation  configure AKS security  configure container registry  implement vulnerability management