AZ-500 in 2026: Scoring Trends, Passing Score, Timing, and What Changed

  • What is the passing score for the AZ-500 exam?
  • Published by: André Hammer on Feb 08, 2024
Blog Alt EN

First introduced as part of Microsoft’s role-based Azure certification model, AZ-500 has become the security-focused associate exam for professionals who protect Azure workloads. In 2026, the important question is still practical: what score is enough, and how should preparation change once the scoring model is understood?

The passing score for AZ-500 is 700 on Microsoft’s scaled scoring system. That does not mean a candidate must answer exactly 70% of questions correctly, because Microsoft uses scaled scoring to account for differences in exam forms and item difficulty. A candidate sees a numeric result after the exam, along with domain-level performance information that helps explain where the result came from.

What the AZ-500 Exam Measures

AZ-500 is the exam for the Microsoft Certified: Azure Security Engineer Associate certification. It measures the ability to implement security controls, protect Azure resources, manage identity and access, secure networks and workloads, and use Microsoft security tools to monitor and respond to threats.

The exam is aimed at professionals who work with Azure security in practice rather than at candidates looking for a fundamentals-level introduction. Familiarity with Microsoft Entra ID, Microsoft Defender for Cloud, Microsoft Sentinel, Azure Policy, networking controls, compute security, storage protection, and database security all matter because exam scenarios often combine more than one service.

Microsoft currently organises AZ-500 around four skill areas on Microsoft Learn. The exact wording and weighting can change, so the official exam page should be checked before booking, but the current structure is broadly as follows:

Skill area What candidates should expect to demonstrate
Manage identity and access Securing users, groups, roles, privileged access, conditional access, and identity governance in Microsoft Entra ID.
Secure networking Applying network segmentation, private connectivity, firewall controls, network security groups, and related monitoring.
Secure compute, storage, and databases Protecting virtual machines, containers, storage accounts, databases, keys, secrets, and workload configurations.
Manage security operations Using Microsoft Defender for Cloud, Microsoft Sentinel, alerts, incidents, analytics rules, automation, and posture management.

One preparation mistake is treating these domains as separate study silos. In practice, an Azure security scenario might involve identity permissions, network isolation, storage encryption, and Sentinel detection logic in the same case study. Candidates who practise only short factual questions often struggle when the exam asks them to choose the best configuration for a real environment.

AZ-500 Passing Score: What 700 Really Means

A score of 700 is the minimum passing score on Microsoft’s 1–1000 scale. The score is scaled, meaning it is adjusted so that different versions of the exam can be compared fairly. Two candidates may see different sets of questions, and the raw number of correct answers needed to reach 700 can vary depending on the difficulty of those questions.

This is why 700 should not be read as 70%. It is better understood as Microsoft’s threshold for demonstrating the required competence across the measured skills. There is no penalty for guessing, so every question should be answered even when the candidate is uncertain.

AZ-500 score report example
Scaled score: 682 / 1000
Result: Not passed

Domain performance
Manage identity and access          ███████░░░
Secure networking                   █████░░░░░
Secure compute, storage, databases  ████████░░
Manage security operations          ████░░░░░░
A score report should be read as a retake plan, not merely as a pass or fail notice. The scaled score shows the overall result, while the domain bars indicate where preparation should be adjusted.

The domain bars are especially useful after an unsuccessful attempt. A candidate who scores near 700 with weak performance in security operations should not restart preparation from the beginning. A better plan is to spend focused time in Microsoft Sentinel, Defender for Cloud recommendations, incident workflows, automation rules, and analytics rule logic, then use practice questions to confirm that the weak area has improved.

Question Count, Timing, and Exam Experience

AZ-500 commonly includes around 40–60 questions. The format can include multiple-choice items, multi-select questions, drag-and-drop tasks, case studies, and scenario-based items that require several decisions from the same background information. Microsoft may also include unscored items for exam development, and candidates are not told which items are unscored.

Timing should be treated carefully because exam time and seat time are not the same thing. The appointment can include check-in, identification, the non-disclosure agreement, tutorial screens, the exam itself, and post-exam survey steps. The scheduling experience may show the current seat duration for the selected delivery method and location, so candidates should budget extra time rather than planning around the test timer alone.

During the exam, case studies and lab-style scenarios can consume more time than expected. A practical approach is to answer straightforward questions efficiently, flag uncertain items where the interface allows it, and avoid spending too long on one complex scenario before enough of the exam has been seen.

Current Microsoft Product Names Matter

Preparation material for AZ-500 can become outdated quickly because Microsoft product names and portals change. Candidates should expect current terminology such as Microsoft Entra ID rather than Azure Active Directory, Microsoft Sentinel rather than Azure Sentinel, and Microsoft Defender for Cloud rather than Azure Security Center.

The naming is more than cosmetic. Exam questions often reflect how services appear in the Azure portal and Microsoft security portals. A candidate using older study notes may understand the concept but lose time mapping old names to current interfaces, especially under exam pressure.

When AZ-500 Is the Right Next Step

AZ-500 is a strong fit for professionals whose work centres on securing Azure resources and implementing security controls. It is particularly relevant to Azure administrators moving into security engineering, cloud security engineers formalising their Microsoft skills, and security professionals who are responsible for protecting Azure workloads.

AZ-104 is not a required prerequisite for AZ-500, although administrator-level Azure knowledge is useful. AZ-104 is the better first target when the candidate’s daily work is broad Azure administration across compute, storage, networking, identity, and governance. SC-200 is usually a closer match for security operations analysts who spend more time investigating incidents across the Microsoft security stack, working with SIEM/SOAR processes, and responding to alerts across tools such as Microsoft Sentinel and Microsoft Defender.

The decision should follow the role rather than the certification sequence. If the main responsibility is configuring and hardening Azure environments, AZ-500 is the more direct path. If the main responsibility is operating detections, incidents, and response workflows across Microsoft security products, SC-200 may be more aligned.

How to Prepare for the Scoring Model

Good AZ-500 preparation starts with the exam skills outline, but it should not stop there. Because the exam rewards applied judgement, hands-on practice is more useful than memorising interface labels or isolated service facts. Candidates should build and secure resources, review misconfigurations, test policies, and understand why one control is better than another in a given scenario.

Three practice areas tend to connect multiple domains. Azure Policy helps candidates understand governance, compliance, and policy-as-code patterns. Microsoft Entra ID identity governance reinforces access reviews, privileged access, conditional access, and role assignment decisions. Microsoft Sentinel practice develops security operations judgement through analytics rules, incidents, automation, workbooks, and investigation workflows.

Practice exams are useful when they are used diagnostically. A low score should point to a specific technical weakness, not simply trigger another round of passive reading. After each practice attempt, candidates should map missed questions back to the Microsoft Learn skill areas and rebuild the weak configuration in a lab environment.

Some candidates benefit from structured training when they need guided labs, feedback, and a fixed study rhythm. Readynez covers the exam through its Microsoft Certified Azure Security Engineer course, while broader Microsoft skills can be explored through its Microsoft training catalogue. The useful question is not whether a course exists, but whether the candidate needs structured practice to close gaps that self-study has not solved.

Retake Rules and How to Use a Failed Attempt

A failed attempt does not mean the preparation was wasted. Microsoft’s retake policy allows another attempt after a waiting period, and that time is best used to act on the score report rather than repeat the same study plan.

After a first failed attempt, candidates must wait 24 hours before retaking the exam. After a second failed attempt, the waiting period becomes 14 days for subsequent attempts. Microsoft also limits candidates to five attempts within a 12-month period, so retakes should be planned carefully rather than used as trial runs.

The most productive retake plan starts with the weakest domain and then checks whether the weakness is conceptual, procedural, or caused by lack of hands-on familiarity. For example, weak networking performance may come from not understanding private endpoints, firewall routing, network security groups, or how security monitoring fits across the network path. Each cause calls for different practice.

Cost, Validity, and Renewal

The exam fee can vary by country, currency, taxes, and delivery method, so candidates should confirm the current price during registration. The larger investment is usually preparation time, lab access, and any training materials chosen before the appointment.

Microsoft role-based certifications, including Azure Security Engineer Associate, require renewal to remain active. Renewal is handled through Microsoft Learn, is available before the certification expires, and does not require scheduling the full exam again. Candidates should check Microsoft Learn for the current renewal window and process because certification policies can change.

Preparing With the Score Report in Mind

The key takeaway is that AZ-500 preparation should mirror the way the exam is scored and reported. A candidate needs enough breadth to handle all four skill areas and enough depth to make secure configuration choices under scenario pressure. The passing score is 700, but the better target is consistent performance across identity, networking, workload protection, and security operations.

Readynez also offers Unlimited Microsoft Training for learners planning more than one Microsoft certification route. Questions about the AZ-500 path, training options, or team planning can be directed through the contact page.

FAQ

What is the passing score for AZ-500?

The passing score for AZ-500 is 700 on Microsoft’s 1–1000 scaled score system. A score of 700 is not the same as answering exactly 70% of questions correctly, because Microsoft scales results to account for differences in exam difficulty.

How many questions are on the AZ-500 exam?

AZ-500 typically contains around 40–60 questions. The number can vary because Microsoft uses different exam forms and may include several question types, including case studies and scenario-based items.

Does Microsoft show the actual AZ-500 score?

Yes. Candidates receive a numeric scaled score and domain-level performance information. The score report is useful for retake planning because it shows which skill areas need the most attention.

Do candidates need AZ-104 before taking AZ-500?

No prerequisite exam is required before AZ-500. AZ-104 knowledge can help because Azure administration skills support security engineering work, but Microsoft does not require AZ-104 as a preceding certification.

What happens if a candidate fails AZ-500?

The candidate does not receive the certification, but the exam can be retaken under Microsoft’s retake rules. The first retake requires a 24-hour wait, and from the second failed attempt onward the wait is 14 days. Microsoft also limits attempts to five within a 12-month period.

How should candidates prepare for AZ-500?

Preparation should combine the official Microsoft Learn skills outline, hands-on Azure security practice, and diagnostic practice exams. Strong areas to practise include Microsoft Entra ID governance, Azure Policy, Defender for Cloud recommendations, secure networking, workload protection, and Microsoft Sentinel operations.

A group of people discussing the latest Microsoft Azure news

Unlimited Microsoft Training

Get Unlimited access to ALL the LIVE Instructor-led Microsoft courses you want - all for the price of less than one course. 

  • 60+ LIVE Instructor-led courses
  • Money-back Guarantee
  • Access to 50+ seasoned instructors
  • Trained 50,000+ IT Pro's

Basket

{{item.CourseTitle}}

Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}