Study Guide Series – Exam MS-500: Microsoft 365 Security Administration

Microsoft certification is a great way to validate your skills in a particular area. With many organizations seeking official certification as a prerequisite for a particular role, it’s a fantastic time to dive into the certification paths Microsoft have available. For experienced Microsoft 365 Administrators, the MS-500 exam (Microsoft 365 Security Administration) is a fantastic path to take to bring your experience to the next level. It is also the only required exam for the Microsoft 365 Certified Security Administrator Associate certification.

Over the next few weeks, I will be uploading a series of blog posts where I will dive into the exam blueprint, focusing on the relevant topics and going through some of the things you will need to know to prepare for this exam.

Exam Blueprint

The Official Microsoft Exam Skills Outline for the MS-500 exam is available on the Microsoft Certification site. The breakdown of the exam is listed below (as of December 2020). In the coming weeks, I will update the below list with links to the relevant posts and by the end, you should be able to follow the study guide from this page.

It’s important to note that I have no insider information on the exam questions or structure so I will interpret and explain the topics as I best I can. There may be things that I don’t address specifically that will appear on the exam.

Finally, I will be providing examples from my lab environment, it will help massively to follow along in your own environment if possible.

Implement and manage identity and access (30-35%)

Secure Microsoft 365 hybrid environments

Secure Identities

Implement authentication methods

Implement conditional access

Implement role-based access control (RBAC)

Implement Azure AD Privileged Identity Management (PIM)

Implement Azure AD Identity Protection

Implement and manage threat protection (20-25%)

Implement an enterprise hybrid threat protection solution

Implement device threat protection

Implement and manage device and application protection

Implement and manage Office 365 ATP

  • Configure Office 365 ATP
  • Monitor Office 365 ATP
  • Conduct simulated attacks using Attack Simulator

Monitor Microsoft 365 Security with Azure Sentinel

  • Plan and implement Azure Sentinel
  • Configure playbooks in Azure Sentinel
  • Manage and monitor Azure Sentinel
  • Respond to threats in Azure Sentinel

Implement and manage information protection (15-20%)

Secure data access within Office 365

  • Implement and manage Customer Lockbox
  • Configure data access in Office 365 collaboration workloads
  • Configure B2B sharing for external users

Manage sensitivity labels

  • Plan a sensitivity label solution
  • Configure sensitivity labels and policies
  • Configure and use label analytics
  • Use sensitivity labels with Teams, Sharepoint, OneDrive and Office apps

Manage Data Loss Prevention (DLP)

  • Plan a DLP solution
  • Create and manage DLP policies
  • Create and manage sensitive information types
  • Monitor DLP reports
  • Manage DLP notifications

Implement and manage Microsoft Cloud App Security

  • Plan Cloud App Security implementation
  • Configure Microsoft Cloud App Security
  • Manage cloud app discovery
  • Manage entries in the Cloud app catalog
  • Manage apps in Cloud App Security
  • Manage Microsoft Cloud App Security
  • Configure Cloud App Security connectors and Oauth apps
  • Configure Cloud App Security policies and templates
  • Review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs

Manage governance and compliance features in Microsoft 365 (25-
30%)

Configure and analyze security reporting

  • Monitor and manage device security status using Microsoft Endpoint Manager Admin Center
  • Manage and monitor security and dashboards using Microsoft 365 Security Center
  • Plan for custom security reporting with Graph Security API
  • Use secure score dashboards to review actions and recommendations
  • Configure alert policies in the Security & Compliance admin center

Manage and analyze audit logs and reports

  • Plan for auditing and reporting
  • Perform audit log search
  • Review and interpret compliance reports and dashboards
  • Configure audit alert policy

Manage data governance and retention

  • Plan for data governance and retention
  • Review and interpret data governance reports and dashboards
  • Configure retention policies
  • Define data governance event types
  • Define and manage communication compliance policies
  • Configure Information holds
  • Find and recover deleted Office 365 data
  • Configure data archiving
  • Manage inactive mailboxes

Manage search and investigation

  • Plan for content search and eDiscovery
  • Delegate permissions to use search and discovery tools
  • Use search and investigation tools to perform content searches
  • Export content search results
  • Manage eDiscovery cases

Manage data privacy regulation compliance

  • Plan for regulatory compliance in Microsoft 365
  • Review and interpret GDPR dashboards and reports
  • Manage Data Subject Requests (DSRs)
  • Administer Compliance Manager
  • Review Compliance Manager reports
  • Create and perform Compliance Manager assessments and action items

21 thoughts on “Study Guide Series – Exam MS-500: Microsoft 365 Security Administration

  1. Pingback: Study Guide Series: Exam MS-500 – Plan Azure AD Authentication Options – Sean McAvinue

  2. Pingback: Study Guide Series: Exam MS-500 – Plan Azure AD Synchronization Options – Sean McAvinue

  3. Pingback: Study Guide Series: Exam MS-500 – Monitor and Troubleshoot Azure AD Connect Events – Sean McAvinue

  4. Pingback: Study Guide Series: Exam MS-500 – Implement Password Management – Sean McAvinue

  5. Pingback: Study Guide Series: Exam MS-500 – Implement Azure AD Group Membership – Sean McAvinue

  6. Pingback: Study Guide Series: Exam MS-500 – Configure and Manage Identity Governance – Sean McAvinue

  7. Pingback: Study Guide Series: Exam MS-500 – Plan Sign-on Security – Sean McAvinue

  8. Pingback: Study Guide Series: Exam MS-500 – Implement Multi-Factor Authentication (MFA) – Sean McAvinue

  9. Pingback: Study Guide Series: Exam MS-500 – Manage and Monitor MFA – Sean McAvinue

  10. Pingback: Study Guide Series: Exam MS-500 – Plan and Implement Device Authentication Methods like Windows Hello – Sean McAvinue

  11. Pingback: Study Guide Series – Exam MS-500: Configure and Manage Azure AD User Authentication Options and Self-Service Password Management – Sean McAvinue

  12. Pingback: Study Guide Series: Exam MS-500 – Implement Conditional Access – Sean McAvinue

  13. Pingback: Study Guide Series: Exam MS-500 – Implement Role-Based Access Control (RBAC) – Sean McAvinue

  14. Pingback: Study Guide Series: Exam MS-500 – Implement Azure AD Privileged Identity Management (PIM) – Sean McAvinue

  15. Pingback: Study Guide Series: Exam MS-500 – Implement Azure AD Identity Protection – Sean McAvinue

  16. Pingback: Study Guide Series: Exam MS-500 – Implement an Enterprise Hybrid Threat Protection Solution – Sean McAvinue

  17. Pingback: Study Guide Series: Exam MS-500 – Monitor and Manage Azure ATP – Sean McAvinue

  18. Pingback: Study Guide Series: Exam MS-500 – Plan a Microsoft Defender ATP solution – Sean McAvinue

  19. Pingback: Study Guide Series: Exam MS-500 – Implement Microsoft Defender ATP – Sean McAvinue

  20. Pingback: Study Guide Series: Exam MS-500 – Manage and Monitor Microsoft Defender ATP – Sean McAvinue

  21. Pingback: Study Guide Series: Exam MS-500 – Implement and Manage Device and Application Protection (Part 1) – Sean McAvinue

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s