The first part of your organization's secure Azure tenant is set up, but you need to monitor and maintain it. Enterprise Governance is the process of setting strategic tools, systems, and process into motion to keep your systems secure and running well.


A security engineer uses enterprise governance tools and policies to manage and maintain a secure Azure solution; some common tasks are:

  • Designing an Azure secure access hierarchy.
  • Using RBAC and Azure Policy to control and manage access.
  • Creating blueprints of secure deployments that can be reused.

Skills measured

Azure Active Directory is a part of Exam AZ-500: Microsoft Azure Security Engineer.

Manage identity and access (30-35%)

  • Manage access control
    • configure subscription and resource permissions
    • configure resource group permissions
    • configure custom RBAC roles
    • identify the appropriate role
    • interpret permissions

Learning objectives

In this module, you will:

  • Explain the shared responsibility model and how it impacts your security configuration
  • Create Azure policies to protect your solutions
  • Configure and deploy access to services using RBAC