Learning path 1: Identity Governance and Access Control
The Standing Access Problem
Privileged Identity Management (PIM)
Entra Agent IDs and Managed Identity
Conditional Access — Beyond Security Defaults
Entra ID Protection and Sign-In Risk
Risk-Based CA Policy Structure
App Registration Model
Learning Path 2: Securing Azure Key Vault
The AI secrets problem and risk model
Key Vault object types: secrets, keys, certificates
RBAC versus access policies
Managed identity secret access flow
Network controls, soft delete, and purge protection
Defender for Key Vault and mention-only exam topics
Learning Path 3: Security Governance and Role Management
Compliance audit scenario and governance goals
Azure Policy model and policy effects
Compliance dashboard and policy deployment via Bicep
RBAC scope hierarchy and role assignment model
Built-in versus custom roles
Overprivileged access detection and resource locks
Learning Path 4: Security for Azure Storage Accounts
Storage Accounts – default configuration
Storage Firewall
Data plane versus Management plane
SAS tokens
Stored access policies
Storage service encryption
Defender for Storage
Learning Path 5: Security for Azure Databases
Common Database security faults
SQL Authentication versus Microsoft Entra ID Authentication
Migration to Entra Authentication
Azure SQL Firewall
Azure Private Link
Azure SQL auditing
Microsoft Sentinel Events logging
Defender for Databases
Learning Path 6: Security for Azure Networking
Common issue – Subnet sitting on the Internet
Network Security Groups (NSG)
NSG – Defaults and Rule Sets
Application Security Groups (ASG)
Azure Firewall
Hub and Spoke Topology
Service Endpoints versus Private Endpoints
Microsoft Entra Private Access versus VPN
Network Watcher
Learning Path 7: Security for Servers and Virtual Machines
Common security scenario with Servers and VMs
Just-in-Time (JIT)
Azure Arc
Defender for Servers
Agent based versus Agentless scanning
Finding vulnerabilities
Server disk encryption
Other exam related topics
Learning path 8: AI data risk and exposure with Microsoft Purview DSPM
Learning Path 9: AI agent identity and access security in Microsoft Entra
Common security scenario with AI Agents
Defining Microsoft Entra Agent ID
Agent ID versus Workload ID
What happens if an Agent ID is compromised?
Defender XDR
Specific Agent Identity concepts
MFA and Agent ID?
What Conditional Access covers
Entra Agent ID governance and Microsoft 365
Learning Path 10: Microsoft Foundry and AI Gateway Security
Common security issues with Microsoft Foundry
API risks to AI Endpoints
Prompt injection attacks
API Gateway
Two layer defense model
Gateway controls and Foundry guardrails
Defender for AI Services
Supplemental exam topics
Learning Path 11: AI Security Monitoring with Defender for Cloud
Defender for Cloud – Security Dashboard
Risks and Recommendations
Interpret Severity
Monitoring Posture
AI Focused dashboard versus Unified Defender for Cloud dashboard
Learning Path 12: Security for Application Platform Services
Common security scenario with container – monitoring
Container threat model
Defender for Containers
Container registry security
Container network security
AKS process flow for security implementation
Common security scenario – API exposure
Web Application Firewall (WAF)
Shared security controls for Apps and APIs
Gateway policies for Apps and APIs
Other exam related topics discussion
Learning Path 13: Defender for Cloud Security Posture Management
Security dashboard
Secure Score
Alerts versus Recommendations
Regulatory Dashboard and Standards
Key Vault security value
CSPM Secret Scanning
Remediation
Secure Score for AWS and GCP
CSPM depth plans versus security defaults
Other exam related topics
Learning Path 14: Microsoft Sentinel Data Collection and Configuration
Microsoft Sentinel architecture
What is a connector
Connect health and status
Defender XDR connector
Automation rules
Sentinel Playbooks and Azure Logic Apps
Sentinel configuration process
Other exam related topics
Learning Path 15: Microsoft Security Copilot Configuration
Security Copilot – Standalone versus Embedded Experience
What is a Security Compute Unit (SCU)
Least Privileged – Security Copilot Roles
Data and Privacy settings
Security PlugIns
Automate Security Copilot tasks
Other exam related topics