Defender for Cloud: AZ-500 Exam Guide
Defender for Cloud is the AZ-500 exam's primary CSPM and workload protection service. Understand Secure Score, the difference between CSPM and CWPP, and which Defender plans protect which resource types.
What Is Defender for Cloud?
Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) service. These two capabilities are distinct:
- CSPM (Foundry/Free tier): Assesses your configuration against security baselines, generates recommendations, and computes a Secure Score. CSPM is always free.
- CWPP (Defender plans): Active threat detection for specific workload types. Each plan costs money and must be enabled per subscription.
Secure Score
Secure Score is a percentage that measures how well your environment meets the security recommendations in Defender for Cloud. Each recommendation has a max score contribution. Implementing a recommendation increases your score. Exam trap: Secure Score reflects recommendations, not actual security. You can improve the score by accepting risk or excluding resources without making the environment more secure.
Defender Plans (CWPP)
| Plan | Protects |
|---|---|
| Defender for Servers | VMs (Windows and Linux) |
| Defender for Storage | Storage Accounts |
| Defender for SQL | SQL databases (Azure SQL, SQL on VMs, PostgreSQL, MySQL) |
| Defender for Containers | AKS clusters and container registries |
| Defender for Key Vault | Key Vault (unusual access patterns) |
| Defender for App Service | Azure App Service |
Security Recommendations vs Alerts
Recommendations = CSPM findings. "Enable MFA for accounts with owner permissions." These reduce your attack surface. Alerts = CWPP detections. "Suspicious PowerShell execution detected on VM." These indicate active threats.The exam tests that recommendations are proactive (posture) while alerts are reactive (detection).
Regulatory Compliance
Defender for Cloud maps recommendations to compliance frameworks (NIST, CIS, PCI DSS, ISO 27001). The Regulatory Compliance dashboard shows which controls you pass and fail: useful for audit evidence.
Get weekly security insights
Cloud security, zero trust, and identity guides — straight to your inbox.
Microsoft Cloud Solution Architect
Cloud Solution Architect with deep expertise in Microsoft Azure and a strong background in systems and IT infrastructure. Passionate about cloud technologies, security best practices, and helping organizations modernize their infrastructure.
Questions & Answers
Related Articles
Need Help with Your Security?
Our team of security experts can help you implement the strategies discussed in this article.
Contact Us