Study Guide: MS-500: Microsoft 365 Security Administration
Recently I prepared for the Microsoft 365 Security exam, the MS-500: Microsoft 365 Security Administration, which has new content since June 8, 2020.
On the one hand, the MS-500 isn’t a new exam, but on the other hand, the exam has been renewed, and it has new content, so you might prepare with the new content with the new exam material preparation that provides the v2 guides.
To prepare and learn for the exam, I normally use the material from the Microsoft Learn platform, GitHub (labs and exercises), Linkedin learning, and courses on Pluralsight.
If you are an expert in security and your job role is to manage, monitor, and compliance solutions for Microsoft 365 security and hybrid environments. This certification path for you is to get your Security Administrator Associate certification path.
By taking the MS-500 Microsoft 365 Security Administration Exam, you get a step closer to being a certified Microsoft 365 Enterprise Administrator, an expert level certification in Microsoft 365.
MS-500: Microsoft 365 Security Administration Study Guide
First, you must get familiar with the exam objectives and skills measured, which is why it’s recommended to read the exam description.
Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 Security Administrator proactively secures Microsoft 365 enterprise environments, responds to threats, performs investigations, and enforces data governance.
The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.
Candidates for this exam are familiar with Microsoft 365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the Microsoft 365 environment and includes hybrid environments.
Domains Objective and Skills Measured
The high-level view of the skills measured in the exam is:
- Implement and manage identity and access (30-35%)
- Implement and manage threat protection (20-25%)
- Implement and manage information protection (15-20%)
- Manage governance and compliance features in Microsoft 365 (20-25%)
The study guide for the MS-500 exam can become better with an outline of the subtopics covered for each objective. Here are the subtopics you can find in the different objectives for the MS-500 certification exam.
Implement and manage identity and access (30-35%)
Secure Microsoft 365 hybrid environments
- Plan Azure AD authentication options
- Plan Azure AD synchronization options
- Monitor and troubleshoot Azure AD Connect events
Secure Identities
- Implement Azure AD group membership
- implement password management
- Configure and manage identity governance
Implement authentication methods
- Plan sign-on security
- Implement multi-factor authentication (MFA)
- Manage and monitor MFA
- Plan and implement device authentication methods like Windows Hello
- Configure and manage Azure AD user authentication options
Implement conditional access
- Plan for compliance and conditional access policies
- Configure and manage device compliance for endpoint security
- Implement and manage conditional access
Implement role-based access control (RBAC)
Implement Azure AD Privileged Identity Management (PIM)
Implement Azure AD Identity Protection
- Implement user risk policy
- Implement sign-in risk policy
- Configure Identity Protection alerts
- Review and respond to risk events
Implement and manage threat protection (20-25%)
Implement an enterprise hybrid threat protection solution
Implement device threat protection
- Plan a Microsoft Defender ATP solution
- Implement Microsoft Defender ATP
- Manage and monitor Microsoft Defender ATP
Implement and manage device and application protection
- Plan for device and application protection
- Configure and manage Windows Defender Application Guard
- Configure and manage Windows Defender Application Control
- Configure and manage Windows Defender Exploit Guard
- Configure Secure Boot
- Configure and manage Windows device encryption
- Configure and manage non-Windows device encryption
- Plan for securing applications data on devices
- Implement application protection policies
Implement and manage Office 365 ATP
Implement Azure Sentinel for Microsoft 365
- Plan and implement Azure Sentinel
- Configure playbooks in Azure Sentinel
- Manage and monitor Azure Sentinel
- Respond to threats in Azure Sentinel
Implement and manage information protection (15-20%)
Secure data access within Office 365
- Implement and manage Customer Lockbox
- Configure data access in Office 365 collaboration workloads
- Configure B2B sharing for external users
Manage Azure Information Protection (AIP)
- Plan an AIP solution
- Configure Sensitivity labels and policies
- Deploy the RMS connector
- Manage tenant keys
- Deploy the AIP client
- Integrate AIP with Office 365 Services
Manage Data Loss Prevention (DLP)
- Plan a DLP solution
- Create and manage DLP policies
- Create and manage sensitive information types
- Monitor DLP reports
- Manage DLP notifications
Implement and manage Microsoft Cloud App Security
- Plan Cloud App Security implementation
- Configure Microsoft Cloud App Security
- Manage cloud app discovery
- Manage entries in the Cloud app catalog
- Manage apps in Cloud App Security
- Manage Microsoft Cloud App Security
- Configure Cloud App Security connectors and Oauth apps
- Configure Cloud App Security policies and templates
- Review, interpret and respond to Cloud App Security alerts, reports, dashboards, and logs
Manage governance and compliance features in Microsoft 365 (25-30%)
Configure and analyze security reporting
- Monitor and manage device security status using Microsoft Endpoint Manager Admin
Center - Manage and monitor security reports and dashboards using Microsoft 365 Security
Center - Plan for custom security reporting with Graph Security API
- Use secure score dashboards to review actions and recommendations
- Configure alert policies in the Security & Compliance admin center
Manage and analyze audit logs and reports
- Plan for auditing and reporting
- Perform an audit log search
- Review and interpret compliance reports and dashboards
- Configure audit alert policy
Manage data governance and retention
- Plan for data governance and retention
- Review and interpret data governance reports and dashboards
- Configure retention policies
- Define data governance event types
- Define data governance supervision policies
- Configure Information holds
- Find and recover deleted Office 365 data
- Configure data archiving
- Manage inactive mailboxes
Manage search and investigation
- Plan for content search and eDiscovery
- Search for personal data
- Monitor for leaks of personal data
- Delegate permissions to use search and discovery tools
- Use search and investigation tools to perform content searches
- Export content search results
- Manage eDiscovery cases
Manage data privacy regulation compliance
- Plan for regulatory compliance in Microsoft 365
- Review and interpret GDPR dashboards and reports
- Manage Data Subject Requests (DSRs)
- Administer Compliance Manager
- Review Compliance Manager reports
- Create and perform Compliance Manager assessments and action items
Free Online Resources for Microsoft MS-500 Exam
Many platforms provide valuable content to prepare for the MS-500: Microsoft 365 Security Administration, and there are platforms such as Microsoft Learn, GitHub, Pluralsight, Linkedin learning, and other exam braindumps.
Microsoft Learn for MS-500
as usual, the Microsoft Learn platform provides great content with specific material to prepare for the Exam MS-500: Microsoft 365 Security Administration with Learning paths to gain the skills needed to become certified.
The Exam MS-500: Microsoft 365 Security Administration on Microsoft Learn provides the course with many modules:
- Protect identity and access with Azure Active Directory
- Defend against threats with Microsoft Threat Protection
- Protect enterprise information with Microsoft 365
- Manage security with Microsoft 365
Pluralsight for MS-500
There are currently 180 million monthly active users on Office 365, and over 90% of the Fortune 500 are using at least one Microsoft cloud service. In this course, you will cover the different security and management services part of Microsoft 365.
The pluralsight includes few courses for most MS-500 exam topics.
MS-500-Microsoft-365-Security Labs on GitHub
GitHub has many content and labs for the Azure and Microsoft exam, and for the MS-500 exam, there’s a lot of labs for most of the exam topics. The labs allow you to understand how they manage many aspects of Microsoft 365 and, of course, allow you to prepare for the exam.
/MS-500-Microsoft-365-Security
Points to Prepare for Exam
Like any other Microsoft or Azure exam, there are important points that allow you to prepare and pass the exam:
Understand the Exam Domains and Subtopics – As evident from the information presented in this discussion on MS-500 exam preparation, the exam content of MS-500 matters significantly for your preparations. Therefore, candidates should prepare a reliable MS-500 study guide by outlining the different exam domains and subtopics. The content of the study guide should be the foundation on which you develop your preparation schedule.
Recommended Learning Paths by Microsoft – The free learning paths providing the initial boost to start your preparations and cover the fundamentals of exam objectives.
You can dive into your MS-500 exam preparation with Microsoft resources’ official learning resources, especially Microsoft Learn. After obtaining a thorough impression of the exam content and focusing on domains and subtopics, you can choose the free Microsoft Azure learning paths for the MS-500 certification exam.
Online Training Courses – Training is a requirement for any exam preparation, and Online certification training courses for MS-500 certification by reputable platforms could help you prepare for the exam.
Hands-on Experience – Part of the preparation for the MS-500 exam is a hands-on experience. Hands-on experience is a mandatory requirement for all Azure certification exams.
Practice Tests – The most effective tool that can pick up your MS-500 exam preparation efficiency in practice. You must practice for the MS-500 exam through exam sets. The different practice test questions test your knowledge of concepts in the MS-500 exam and your ability to implement them in real-time scenarios.
More Study guide > Study Guide: MS-900 Microsoft 365 Fundamentals
GOOD LUCK!
Great, summary of resources. I’m at the practice exam stage myself, but I noticed that the official measure up exam seems out of date. I haven’t come across any sentinel questions for examples but plenty on safe links or safe attachments. Did you notice the same? or do you recommend any other practice tests?