SC-500 training - Implement end‑to‑end security controls for cloud and AI workloads

4 days Classroom Nederlands

Sharpest price in just 2 steps

Requesting more information and/or the current price of this training is easy. We take into account any ongoing promotions, subsidies, or relationship discounts.

Why SC-500 training - Implement end‑to‑end security controls for cloud and AI workloads at TSTC?

Temporarily includes a free 2-day Ethical Hacking Foundation training (check our promotions)
Practical hands-on training instead of pure PowerPoint training -> acquired knowledge is directly applicable in the workplace and less theoretical.
100% passing guarantee: any necessary retakes are included, and the training can be taken again free of charge within 1 year.
Possibility to prepare for training, you receive study materials upon registration which reduces level differences in the group.
Classroom or Live Online training in small groups of up to 10 participants with dedicated experienced instructors.

Training Summary

Vendor:

Microsoft
Training Language:

Nederlands
Duration:

4 days
Category:

Microsoft Trainings

MS Security training courses

Description

In the Microsoft SC-500 training, you will learn how to design, implement, and manage security measures for Microsoft Azure and Microsoft 365 environments. There is also a focus on the rapidly growing world of AI applications and autonomous AI agents.

In a balanced combination of theory and practical labs, you will develop skills in identity security, protecting cloud infrastructures, detecting cyber threats, and improving the overall security posture of an organization. With the knowledge gained, you will be able to effectively apply Microsoft security solutions in modern cloud, hybrid, and AI-driven IT environments.

During the training, you will cover the following topics:

Securing access to systems and data using Microsoft Entra ID and Azure Key Vault.
Implementing security measures to comply with laws, regulations, and compliance requirements.
Protecting storage environments, databases, and networks against security risks.
Securing compute environments, such as virtual machines and other cloud resources.
Safely designing, implementing, and managing AI solutions and the associated infrastructure.
Monitoring and improving the security posture of an organization and identifying potential threats.

Working method

Classroom training in a fun, open atmosphere with a focus on relevant hands-on practice labs, small group sizes, skilled, engaged trainers, and quickly getting your certification! You will receive the corresponding SC-500 study material well before the training to prepare for the training. This way, you can note all your specific questions for the instructor so that you get the maximum result from the classroom days. After the training, you can practice extensively with the included practice questions before scheduling your exam. If you happen to fail, all necessary retakes are included within a year, and you can attend the training again for free at our location or online if you wish.

The Microsoft SC-500 training is classroom-based but can also be attended Live Online. You will then follow the training live remotely with our own instructor, view the notes on the whiteboard, participate in all labs, and can ask questions to both the trainer and your fellow participants. So, it’s basically just like being present at the classroom training, but from your own location. If the Live Online training does not meet your expectations, you may attend it again in person with us at a later date for free.

Certification

This training prepares you for the 'Performance-based' SC-500 - Cloud and AI Security Engineer Associate exam, which you can schedule with us at a time of your choice after the training. In Performance-based exams, you are tested more than ever on your actual ability to work as a Security Engineer rather than just being able to answer multiple-choice questions about it. Only at TSTC do you receive a 100% pass guarantee on the SC-500 exam, meaning that all possible retakes are included for up to one year after completing the full 4-day training. You will earn the Microsoft Certified: Cloud and AI Security Engineer Associate certification/title when you pass the SC-500 - Cloud and AI Security Engineer exam after this training.

Training Requirements

Hybride systeembeheerders - om hybride Windows Server-, Azure- en AI-omgevingen veilig te beheren en moderne beveiligingsmaatregelen toe te passen.
Azure Administrators - om hun kennis van Azure uit te breiden met geavanceerde beveiliging van cloudinfrastructuur, workloads en AI-diensten.
Cloud Engineers - om veilige cloud- en hybride oplossingen te implementeren en beveiligingsrisico's proactief te beperken.
Senior Infrastructure Engineers - om complexe hybride omgevingen te beschermen en beveiliging integraal mee te nemen in beheer en implementaties.
Security Engineers - om hun expertise te verdiepen in Microsoft Cloud Security, hybride infrastructuren en de beveiliging van AI-workloads.
IT Security Consultants - om organisaties te adviseren over de implementatie en optimalisatie van Microsoft cloud-, hybride en AI-beveiligingsoplossingen.
Benodigde voorkennis: Je hebt praktische ervaring met het beheren van Microsoft Azure- en hybride omgevingen, inclusief compute-, netwerk- en storagecomponenten. Daarnaast beschik je over een goede kennis van Microsoft Entra ID en heb je basiskennis van Microsoft 365-beheer.

Materials

Toegang tot de bijbehorende Microsoft online modules en video's
Toegang tot labomgeving waarin je de theorie direct in de praktijk brengt
180 dagen toegang tot SC-500 MeasureUp oefenexamens
Microsoft SC-500 examenvoucher
Alle eventueel benodigde herexamens (binnen 1 jaar na de training)

Training Content

Beveilig toegang tot resources met Microsoft Entra

Je past een beveiligde vault-configuratie toe, dwingt least-privilege toegang af met just-in-time activatie, beheert de volledige levenscyclus van sleutels, secrets en certificaten, en gebruikt Microsoft Defender for Cloud om blootgestelde credentials en kwaadaardige toegangspatronen te detecteren die gericht zijn op je vaults.

Beveilig Azure Key Vault met defense-in-depth voor cloud- en AI-workloads

Je hebt een praktische, defense-in-depth aanpak voor toegangsbeveiliging, met aandacht voor credential hardening, privileged access governance en identity-aware AI applicatieontwerp.

Dwing security governance en naleving van regelgeving af

Je dwingt security governance en compliance af binnen Azure-omgevingen. Je configureert Azure Policy en resource locks om niet-conforme deployments te blokkeren. Daarna beheer je security standards en los je aanbevelingen op in Defender for Cloud, beoordeel je de compliance-status ten opzichte van regelgeving, beheer je RBAC-rollen op schaal, bescherm je backupdata tegen ransomware en verwijdering, en veranker je security controls in Bicep pipelines voordat resources in productie komen.

Implementeer beveiliging voor Azure Storage voor de cloud en AI security engineer

Je implementeert een defense-in-depth beveiligingsstrategie voor Azure Storage. Je beveiligt storage accounts tegen veelvoorkomende aanvalsvectoren en beheert toegang met Microsoft Entra ID managed identities en stored access policies. Daarna configureer je netwerkperimetercontrols met firewallregels en private endpoints, en activeer je Microsoft Defender for Storage om bedreigingen zoals kwaadaardige uploads en gecompromitteerde AI agent credentials te detecteren.

Implementeer beveiliging voor Azure SQL databases

Je implementeert end-to-end beveiliging voor Azure SQL Database en SQL Managed Instance. Je configureert Entra ID-authenticatie met managed identity access, implementeert private endpoints en past encryptie en toegangscontrole toe om gevoelige financiële data te beschermen. Je richt audit trails in en activeert Microsoft Defender for Databases om SQL injection, afwijkende toegang en kwetsbaarheden te detecteren.

Implementeer netwerkbeveiligingscontrols in Azure

Je implementeert defense-in-depth netwerkbeveiliging in Azure. Je segmenteert workloads en dwingt least-privilege toegang af met NSG’s, ASG’s en Azure Virtual Network Manager. Je inspecteert en stuurt verkeer centraal met Azure Firewall. Je beveiligt remote en hybride connectiviteit en vervangt brede VPN-toegang door Zero Trust applicatietoegang met Microsoft Entra Private Access. Je voorkomt publieke blootstelling van PaaS- en AI-services met private endpoints en Azure Private Link.

Implementeer beveiliging voor AI

Je begint met het ontdekken en beoordelen van AI-datarisico’s met Microsoft Purview Data Security Posture Management (DSPM). Daarna beveilig je agent-identiteiten met Microsoft Entra Agent ID en Conditional Access, en analyseer je AI identity blast radius en aanvalspaden in Microsoft Defender XDR. Vervolgens configureer je runtime protection voor Copilot Studio agents met Microsoft Defender for Cloud Apps en beveilig je AI modelverkeer met AI Gateway in Microsoft Foundry. Tot slot stel je guardrails in in Microsoft Foundry, bescherm je AI-workloads met Microsoft Defender for Cloud en beheer je deployed agents met Microsoft Agent 365.

Implementeer beveiliging voor servers en virtuele machines

Je implementeert gelaagde security controls voor Azure virtual machines en Arc-enabled hybride servers. Je configureert disk encryption-opties zoals encryption at host met customer-managed keys en confidential disk encryption. Je activeert Trusted Launch features—Secure Boot, vTPM en integrity monitoring—om boot-level dreigingen te voorkomen. Je elimineert publieke RDP- en SSH-toegang met Azure Bastion. Je breidt Azure security governance uit naar on-premises en multicloud servers met Azure Arc. Je implementeert Microsoft Defender for Servers voor vulnerability scanning, endpoint detection, agentless scanning en File Integrity Monitoring. Je dwingt just-in-time VM access af om permanent open management ports te voorkomen. Je gebruikt Azure Machine Configuration om OS security baselines te auditen en af te dwingen over je serverlandschap.

Beveilig Azure application platform services voor de cloud en AI security engineer

Je implementeert security controls over Azure application platform services, van container workloads tot de API-laag. Je configureert Microsoft Defender for Containers om risico’s in AKS en ACR te detecteren en dwingt AKS security baselines af. Je hardent container registries en runtime-omgevingen. Daarna pas je authentication, netwerktoegang en policy controls toe op Azure Functions, Logic Apps, App Services, Web Application Firewall en Azure API Management.

Beheer security posture met Microsoft Defender for Cloud

Je bouwt en onderhoudt een sterke security posture over je hybride en multicloud-omgeving met Microsoft Defender for Cloud. Je koppelt on-premises, AWS en GCP om uniforme zichtbaarheid te creëren. Je identificeert en prioriteert risico’s met Cloud Security Posture Management (CSPM), inclusief Secure Score, attack path analysis en Cloud Security Explorer. Je breidt dit uit met Microsoft Defender External Attack Surface Management (EASM) om onbekende internet-exposed assets te ontdekken. Je beoordeelt compliance tegen frameworks en genereert audit-ready rapportages. Vervolgens activeer je Cloud Workload Protection Platform (CWPP) om servers, storage, databases en AI workloads te beschermen. Je configureert daarnaast Microsoft Defender Vulnerability Management om kwetsbaarheden op Azure VM’s te scannen en te remediëren.

Implementeer activiteits- en event-collectie in Microsoft Sentinel

Je bouwt een complete event-collectie- en response-architectuur in Microsoft Sentinel. Je zet een Sentinel workspace op en beveiligt deze, implementeert Content Hub-oplossingen en koppelt Azure resource data. Daarna verzamel je Linux- en Windows-security events via data collection rules en automatiseer je respons met Logic Apps playbooks. Tot slot beheer je dataretentie en audit log access om aan compliance-eisen te voldoen.

Deploy en beheer Microsoft Security Copilot

Je bouwt een basis en groeit door naar enterprise deployment en operationeel beheer van Microsoft Security Copilot. Je verkent kernconcepten zoals natural language prompting, effectieve promptstructuren en het activeren van de oplossing binnen je organisatie. Daarna configureer je workspaces met Security Compute Units, data residency instellingen en roltoewijzingen voor enterprise segmentatie. Tot slot beheer je plugin-toegang en de volledige lifecycle van Microsoft- en partneragents om een stabiele en veilige omgeving te garanderen.

Description

During the training, you will cover the following topics:

Securing access to systems and data using Microsoft Entra ID and Azure Key Vault.
Implementing security measures to comply with laws, regulations, and compliance requirements.
Protecting storage environments, databases, and networks against security risks.
Securing compute environments, such as virtual machines and other cloud resources.
Safely designing, implementing, and managing AI solutions and the associated infrastructure.
Monitoring and improving the security posture of an organization and identifying potential threats.

Working method

Certification

Training Requirements

Hybride systeembeheerders - om hybride Windows Server-, Azure- en AI-omgevingen veilig te beheren en moderne beveiligingsmaatregelen toe te passen.
Azure Administrators - om hun kennis van Azure uit te breiden met geavanceerde beveiliging van cloudinfrastructuur, workloads en AI-diensten.
Cloud Engineers - om veilige cloud- en hybride oplossingen te implementeren en beveiligingsrisico's proactief te beperken.
Senior Infrastructure Engineers - om complexe hybride omgevingen te beschermen en beveiliging integraal mee te nemen in beheer en implementaties.
Security Engineers - om hun expertise te verdiepen in Microsoft Cloud Security, hybride infrastructuren en de beveiliging van AI-workloads.
IT Security Consultants - om organisaties te adviseren over de implementatie en optimalisatie van Microsoft cloud-, hybride en AI-beveiligingsoplossingen.
Benodigde voorkennis: Je hebt praktische ervaring met het beheren van Microsoft Azure- en hybride omgevingen, inclusief compute-, netwerk- en storagecomponenten. Daarnaast beschik je over een goede kennis van Microsoft Entra ID en heb je basiskennis van Microsoft 365-beheer.

Materials

Toegang tot de bijbehorende Microsoft online modules en video's
Toegang tot labomgeving waarin je de theorie direct in de praktijk brengt
180 dagen toegang tot SC-500 MeasureUp oefenexamens
Microsoft SC-500 examenvoucher
Alle eventueel benodigde herexamens (binnen 1 jaar na de training)

Training Content

Beveilig toegang tot resources met Microsoft Entra

Beveilig Azure Key Vault met defense-in-depth voor cloud- en AI-workloads

Je hebt een praktische, defense-in-depth aanpak voor toegangsbeveiliging, met aandacht voor credential hardening, privileged access governance en identity-aware AI applicatieontwerp.

Dwing security governance en naleving van regelgeving af

Implementeer beveiliging voor Azure Storage voor de cloud en AI security engineer

Implementeer beveiliging voor Azure SQL databases

Implementeer netwerkbeveiligingscontrols in Azure

Implementeer beveiliging voor AI

Implementeer beveiliging voor servers en virtuele machines

Beveilig Azure application platform services voor de cloud en AI security engineer

Beheer security posture met Microsoft Defender for Cloud

Implementeer activiteits- en event-collectie in Microsoft Sentinel

Deploy en beheer Microsoft Security Copilot

I am taking this next step in my lifelong learning journey.

What Can I Learn After The SC-500 training - Implement end‑to‑end security controls for cloud and AI workloads?

Secure access to resources with Microsoft Entra.
API plugin authentication for declarative agents with secure APIs.
Managing keys and secrets in Azure Key Vault.
Enforcing governance with Azure Policy and resource locks.
Manage RBAC role assignments and right-size for least privilege.
Describe Azure Storage services.
Implementing Microsoft Defender for Storage.
Implementing Microsoft Defender for Databases.
Securing remote and hybrid connectivity with VPN gateways and Microsoft Entra Private Access.
Analyzing AI identity risks with Microsoft Defender XDR.
Managing and configuring guardrails in Microsoft Foundry.
Agents manage Microsoft Agent 365.
Configure Trusted Launch security features for Azure virtual machines.
Implementing Microsoft Defender for Servers.
Detecting container risks with Microsoft Defender for Containers.
Implementing security controls for Azure Function apps and Logic apps.
Connecting hybrid and multicloud environments with Microsoft Defender for Cloud.
Evaluate compliance in Defender for Cloud.
Create and manage Microsoft Sentinel workspaces.
Connect Syslog data sources with Microsoft Sentinel.
Implementing automation rules and playbooks in Microsoft Sentinel.
Configuring workspaces for Microsoft Security Copilot.

Manage and implement authentication methods in Microsoft Entra ID.
Secure Azure Key Vault with defense in depth for cloud and AI workloads.
Manage certificates and monitor Azure Key Vault.
Configure security controls and resolve recommendations in Defender for Cloud.
Protect backup data with Azure Backup security features.
Implementing and managing security and access for Azure Storage.
Configuring platform-level security for Azure SQL.
Segmenting and isolating Azure workloads with network security controls.
Eliminate public network exposure of Azure PaaS services.
Activate real-time protection for Copilot Studio agents.
Protect AI workloads with Microsoft Defender for Cloud.
Identifying AI data risks with Microsoft Purview Data Security Posture Management.
Plan and implement Azure Bastion.
Activate and enforce Just-in-time VM access.
Implementing security controls for Azure Kubernetes Service.
Implementing security controls for Azure App Services and Web Application Firewall.
Identifying security risks with Cloud Security Posture Management.
Activate and configure workload protection plans in Microsoft Defender for Cloud.
Manage content in Microsoft Sentinel.
Connect Common Event Format logs with Microsoft Sentinel.
Manage data storage and audit log queries in Microsoft Sentinel.
Manage plugins and agents in Microsoft Security Copilot.

Implementing and configuring Privileged Identity Management (PIM).
Configure and secure Azure Key Vault.
Protect Azure Key Vault with Microsoft Defender for Cloud.
Evaluate compliance in Defender for Cloud.
Implementing security controls in infrastructure as code.
Configure network security for Azure Storage.
Configuring auditing for Azure SQL Database and SQL Managed Instance.
Centralizing and enforcing traffic inspection with Azure Firewall.
Secure access with Microsoft Entra Agent Identity.
Configure AI Gateway security in Microsoft Foundry.
Activate Defender for AI Services workload protection in Microsoft Defender for Cloud.
Implement disk encryption for Azure virtual machines.
Managing security for Arc-enabled hybrid servers.
Enforcing VM security configuration with Azure Machine Configuration.
Implementing security controls for Azure Container Registry, Container Instances, and Container Apps.
Implementing API backend security with Azure API Management.
Discover unprotected assets and vulnerabilities with Microsoft Defender External Attack Surface Management.
Configure Microsoft Defender Vulnerability Management for Azure VMs.
Connect Microsoft services with Microsoft Sentinel.
Connect Windows hosts with Microsoft Sentinel.
Describe Microsoft Security Copilot.

Schedules

This training is scheduled as follows in the coming period. Missing a date? Feel free to contact us.

Date: 2 - 5 november 2026

Location: TSTC Veenendaal - Klassikaal & Live Online

Price: € 2.350,- (ex BTW)

Date: In overleg

Location: —

Request current price

Learning paths

This training can also be taken as part of the below learning path(s). If you want to follow multiple titles from a learning path, please contact our advisors for a suitable bundle offer.

Expert

Intermediate

Fundamentals