MS-101 or Microsoft 365 Mobility and Security is one of two exams that make up the Microsoft 365 Certified Enterprise Administrator Expert certification. The certification also requires you to pass & hold a valid Microsoft 365 Associate level certification in addition to passing the MS-100 and MS-101.
The Microsoft 365 Certified: Enterprise Administrator Expert is the only Expert level certification for Microsoft 365. Whilst the Associate certification in Microsoft 365 require Administrator level knowledge and skills, this is the next step up. You could consider this the consultant level skillset. You need an in-depth understanding of all features, the configuration options, pros/cons of the options PLUS hands on administration skills across the full set of Microsoft 365 workloads. Tradition system administrator skills are also helpful as you should also understand DNS, Active Directory (on-prem), networking and on-prem server admin. The on-prem skills and knowledge is needed to design and configure Microsoft 365 in Hybrid to work in harmony with existing environments as well as to understand requirements of organisations moving to the cloud.
That said, regular visitors to my blog will know that I consider myself a ‘born in the cloud’ admin and as such the traditional system administrator skills are my personal weak area. Please don’t let that put you off going for this certification, if that also describes you. You can use your Microsoft 365 knowledge to answer migration and hybrid questions and remember you don’t have to get all 1000 availalbe points to pass.
This exam focuses on device management plus the security & compliance tools whilst the MS-100 focuses on identity & access (Azure AD) plus workload security & configuration.
Disclaimer: All these links were correct at the time of posting. But the Cloud changes regularly, so the referenced articles my change/be removed. Please do post a comment if you spot a broken link or have suggestions to add so others can benefit too.
General References
- MS-101 Exam page https://docs.microsoft.com/en-us/learn/certifications/exams/ms-101
- MeasureUp Official Practice Test https://www.measureup.com/catalogsearch/result/?cat=&q=MS-101
- Microsoft Learn. Provides searchable learning paths and modules for a variety of roles and levels. https://docs.microsoft.com/en-us/learn/
- Learn TV. Digital content so you can always keep updated on the latest announcements, features, and products from Microsoft. https://docs.microsoft.com/en-us/learn/tv/
- Microsoft 365 Blog https://techcommunity.microsoft.com/t5/microsoft-365-blog/bg-p/microsoft_365blog
- Channel 9. Informational videos, shows, and events on variety of technical topics. https://channel9.msdn.com/
- Microsoft Learning Community Blog. Get the latest information about the certification tests and exam study groups. https://www.microsoft.com/en-us/learning/community-blog.aspx
- Microsoft 365 Documentation https://docs.microsoft.com/en-us/microsoft-365
- Portals for Administrators https://msportals.xyz/
Taking a Microsoft Professional Exam
There are a number of blogs about taking MCP exams. My personal favourites are:
- Certification process overview | Microsoft Docs
- Microsoft Certification Routes https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWtQJJ?keywords=Microsoft%20365%20Certified%20Teamwork%20Administrator%20Associate
- Microsoft Certifications – Microsoft Exam duration and question types – tiagocosta.com
- An MCT’s perspective on taking a Microsoft Fundamentals Exam (FAQ’s) – @Microsoft365Pro
- How to take a Microsoft Certification Exam Online – Thomas Maurer
Pre-study References
Before attending an MS-101 course you should have day-to-day admin experience managing multiple workloads in Microsoft 365 and have a good understanding of the availalbe tools and services in Microsoft 365 PLUS licencing of Microsoft 365.
- Complete an Associate Level Course & Exam – I recommend MS-500 Microsoft 365 Security Administration if you have no preference
- Microsoft 365 licensing guidance for security & compliance https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-barriers
- License Comparisons https://github.com/AaronDinnage/Licensing
- Service Trust Portal https://servicetrust.microsoft.com/
- Compare Azure AD licenses https://azure.microsoft.com/en-gb/pricing/details/active-directory/
Microsoft Learn Learning Paths (MS-101)
- All the MS-101 Learning Paths in one collection
References by Exam Objectives
Based on the objectives as at 3rd August 2022
This is an Expert level qualification, so please view these links as a starting point and explore each topic in full.
Plan and implement device services (35-40%)
Plan device management by using Microsoft Endpoint Manager
See also https://docs.microsoft.com/en-us/mem/?WT.mc_id=M365-MVP-5004583
- plan co-management between Endpoint Configuration Manager and Intune
- plan and implement configuration profiles for Windows and MacOS clients
- Plan and implement configuration profiles for iOS and Android
- Review and respond to issues identified in Microsoft Endpoint Manager
Below this paragraph yet to be updated to Aug 2022 objectives – will be completed by end Friday 7th October 2022, please check back then
Manage device compliance
- plan for device compliance
- plan for attack surface reduction
- configure security baselines
- configure device compliance policy
- plan and configure conditional access policies
Plan for apps
- create and configure Microsoft Store for Business
- plan app deployment
- plan for mobile application management (MAM)
Plan Windows 10 deployment
Although this link refers to Windows 11, the concepts apply to Windows 10 too. The documentation has moved on faster than the exam objectives https://docs.microsoft.com/windows/whats-new/windows-11-plan?WT.mc_id=M365-MVP-5004583
- plan for Windows as a Service (WaaS)
- plan for managing Windows quality and feature updates
- plan Windows 10 Enterprise deployment methods
- analyze upgrade readiness for Windows 10 by using services such as Desktop Analytics
- evaluate and deploy additional Windows 10 Enterprise security features
Enroll devices
https://docs.microsoft.com/mem/intune/enrollment/?WT.mc_id=M365-MVP-5004583
- plan for device join or device registration to Azure Active Directory (Azure AD)
- plan for manual and automated device enrollment into Intune
- enable device enrollment into Intune
Implement Microsoft 365 security and threat management (20-25%)
Manage security reports and alerts
- evaluate and manage Microsoft Office 365 tenant security by using Secure Score
- manage incident investigation
- review and manage Microsoft 365 security alerts
Plan and implement threat protection with Microsoft 365 Defender
- plan Microsoft Defender for Endpoint
- design Microsoft Defender for Office 365 policies
- implement Microsoft Defender for Identity
Plan Microsoft Defender for Cloud Apps
- plan information protection by using Microsoft Defender for Cloud Apps
- plan policies to manage access to cloud apps
- plan for application connectors
- configure Cloud App Security policies
- review and respond to Cloud App Security alerts
- monitor for unauthorized cloud applications
Manage Microsoft 365 governance and compliance (35-40%)
https://docs.microsoft.com/purview/?WT.mc_id=M365-MVP-5004583
Plan for compliance requirements
- plan compliance solutions
- assess compliance
- plan for and implement privileged access management
- plan for legislative and regional or industry requirements and drive implementation
Manage information governance
- plan data classification
- plan for classification labeling
- plan for restoring deleted content
- implement records management
- design data retention labels and policies in Microsoft 365
Implement Information protection
- plan an information protection solution
- plan and implement sensitivity labels and policies
- monitor label alerts and analytics
- deploy Azure Information Protection unified labels clients
- NOTE: AIP client is no longer recommended but use the Microsoft 365 App embedded Sensitivity Labelling instead. https://docs.microsoft.com/azure/information-protection/rms-client/aip-clientv2?WT.mc_id=M365-MVP-5004583
- configure Information Rights Management (IRM) for workloads
- plan for Windows information Protection (WIP) implementation
Plan and implement data loss prevention (DLP)
- plan for DLP
- configure DLP policies
- monitor DLP
Manage search and investigation
- plan and configure auditing
- plan and configure eDiscovery
- implement and manage insider risk management
- design a Content Search solution
Sara Fennah's Blog 