MS-500 Overview & My Tips
MS-500 or Microsoft 365 Security Administration is an Associate level certification. Associate level certifications in Microsoft 365 require Administrator level knowledge and skills, and is targeted at those in roles which are hands on with the administration of a Microsoft 365 workload. In this case security & compliance. Tradition system administrator skills are also helpful as you should also understand DNS, Active Directory (on-prem), networking and on-prem server admin. The on-prem skills and knowledge is needed to design and configure Microsoft 365 in Hybrid to work in harmony with existing environments as well as to understand requirements of organisations moving to the cloud.
That said, regular visitors to my blog will know that I consider myself a ‘born in the cloud’ admin and as such the traditional system administrator skills are my personal weak area. Please don’t let that put you off going for this certification, if that also describes you. You can use your Microsoft 365 knowledge to answer migration and hybrid questions and remember you don’t have to get all 1000 availalbe points to pass.
This exam focuses on protecting and securing Microsoft 365 tenants and the data within them. It covers Azure AD as well the Microsoft Defender (Security) and Purview (Compliance) products, though may not use the new purview names as yet.
There are also a series of SC numbered certifications and courses which look at security, compliance and privacy features across the Microsoft Cloud. Those courses and certifications overlap with this one.
Disclaimer: All these links were correct at the time of posting. But the Cloud changes regularly, so the referenced articles my change/be removed. Please do post a comment if you spot a broken link or have suggestions to add so others can benefit too.
General References
- MS-500 Exam page https://docs.microsoft.com/learn/certifications/exams/ms-500?WT.mc_id=M365-MVP-5004583
- MeasureUp Official Practice Test https://www.measureup.com/catalogsearch/result/?cat=&q=MS-100
- Microsoft Learn. Provides searchable learning paths and modules for a variety of roles and levels. https://docs.microsoft.com/en-us/learn/
- Learn TV. Digital content so you can always keep updated on the latest announcements, features, and products from Microsoft. https://docs.microsoft.com/en-us/learn/tv/
- Microsoft 365 Blog https://techcommunity.microsoft.com/t5/microsoft-365-blog/bg-p/microsoft_365blog
- Channel 9. Informational videos, shows, and events on variety of technical topics. https://channel9.msdn.com/
- Microsoft Learning Community Blog. Get the latest information about the certification tests and exam study groups. https://www.microsoft.com/en-us/learning/community-blog.aspx
- Microsoft 365 Documentation https://docs.microsoft.com/en-us/microsoft-365
- Portals for Administrators https://msportals.xyz/
Taking a Microsoft Professional Exam
There are a number of blogs about taking MCP exams. My personal favourites are:
- Certification process overview | Microsoft Docs
- Exam Sandbox
- Microsoft Certifications – Microsoft Exam duration and question types – tiagocosta.com
- An MCT’s perspective on taking a Microsoft Fundamentals Exam (FAQ’s) – @Microsoft365Pro
- How to take a Microsoft Certification Exam Online – Thomas Maurer
Pre-study References
Before attending an MS-100 course you should have a good understanding of what Microsoft 365 is and the features it includes. You should also be comfortable with what Microsoft Teams is and how to use it. These resources can help.
- My MS-900 Extras Page MS-900 Course Extras – Sara Fennah’s Blog (m365train.co.uk)
- MS-900 Microsoft Learn Collection https://docs.microsoft.com/users/sarafennah-1210/collections/7pma6m7m5dqeg?WT.mc_id=M365-MVP-5004583
- Microsoft 365 licensing guidance for security & compliance https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-barriers
- License Comparisons https://github.com/AaronDinnage/Licensing
- Service Trust Portal https://servicetrust.microsoft.com/
- Compare Azure AD licenses https://azure.microsoft.com/en-gb/pricing/details/active-directory/
- Teams on MS Learn https://docs.microsoft.com/en-us/learn/teams/
- Microsoft Teams help & learning – Microsoft Support
- An Introduction to PowerShell Introduction to PowerShell – Learn | Microsoft Docs
Microsoft Learn Learning Paths (MS-500)
Microsoft Learn MS-500 Collection https://docs.microsoft.com/users/sarafennah-1210/collections/kkqam3wpyd4kk?WT.mc_id=M365-MVP-5004583
References by Exam Objectives
Based on the objectives as at 4 May 2022
Implement and manage identity and access (35-40%)
Secure Microsoft 365 hybrid environments
- plan Azure AD authentication options
- plan Azure AD synchronization options
- monitor and troubleshoot Azure AD Connect events
Secure Identities
- implement Azure AD group membership
- implement password management
- manage external identities in Azure AD and Microsoft 365 workloads
- https://docs.microsoft.com/en-us/azure/active-directory/external-identities/
- https://docs.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite
- https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users
- See also External User in Teams
Implement authentication methods
- implement multi-factor authentication (MFA) by using conditional access policy
- manage and monitor MFA
- plan and implement device authentication methods like Windows Hello
Implement conditional access
- plan for compliance and conditional access policies
- configure and manage device compliance policies
- implement and manage conditional access
- test and troubleshoot conditional access policies
- https://docs.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access?WT.mc_id=M365-MVP-5004583#troubleshoot-conditional-access-policy
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access?WT.mc_id=M365-MVP-5004583#evaluate-the-policy-impact
Implement roles and role groups
- plan for roles and role groups
- configure roles and role groups
- audit roles for least privileged access
Configure and manage identity governance
- implement Azure AD Privileged Identity Management
- implement and manage entitlement management
- implement and manage access reviews
Implement Azure AD Identity Protection
https://docs.microsoft.com/azure/active-directory/identity-protection/?WT.mc_id=M365-MVP-5004583
- implement user risk policy
- https://docs.microsoft.com/azure/active-directory/identity-protection/concept-identity-protection-policies?WT.mc_id=M365-MVP-5004583#user-risk-policy
- https://docs.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies?WT.mc_id=M365-MVP-5004583#user-risk-with-conditional-access
- implement sign-in risk policy
- https://docs.microsoft.com/azure/active-directory/identity-protection/concept-identity-protection-policies?WT.mc_id=M365-MVP-5004583#sign-in-risk-policy
- https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies?WT.mc_id=M365-MVP-5004583#sign-in-risk-with-conditional-access
- configure Identity Protection alerts
- review and respond to risk events
Implement and manage threat protection (25-30%)
Implement and manage Microsoft Defender for Identity
- plan a Microsoft Defender for Identity solution
- install and configure Microsoft Defender for Identity
- monitor and manage Microsoft Defender for Identity
Implement device threat protection
- plan a Microsoft Defender for Endpoint solution
- implement Microsoft Defender for Endpoint
- manage and monitor Microsoft Defender for Endpoint
Implement and manage device and application protection
- plan for device and application protection
- configure and manage Microsoft Defender Application Guard
- configure and manage Microsoft Defender Application Control
- configure and manage exploit protection
- configure and manage Windows device encryption
- configure and manage non-Windows device encryption
- implement application protection policies
- configure and manage device compliance for endpoint security
Implement and manage Microsoft Defender for Office 365
- configure Microsoft Defender for Office 365
- https://docs.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-worldwide&WT.mc_id=M365-MVP-5004583
- https://docs.microsoft.com/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365?view=o365-worldwide&WT.mc_id=M365-MVP-5004583
- monitor for and remediate threats using Microsoft Defender for Office 365
- conduct simulated attacks using Attack simulation training
Monitor Microsoft 365 Security with Microsoft Sentinel
https://docs.microsoft.com/azure/sentinel/overview?WT.mc_id=M365-MVP-5004583
- plan and implement Microsoft Sentinel
- configure playbooks in Microsoft Sentinel
- manage and monitor with Microsoft Sentinel
- respond to threats using built-in playbooks in Microsoft Sentinel
Implement and manage Microsoft Defender for Cloud Apps
https://docs.microsoft.com/defender-cloud-apps/?WT.mc_id=M365-MVP-5004583
- plan Microsoft Defender for Cloud Apps implementation
- configure Microsoft Defender for Cloud Apps
- manage cloud app discovery
- manage entries in the Microsoft Defender for Cloud Apps catalog
- manage apps in Microsoft Defender for Cloud Apps
- configure Microsoft Defender Cloud Apps connectors and OAuth apps
- configure Microsoft Defender for Cloud Apps policies and templates
- review, interpret and respond to Microsoft Defender for Cloud Apps alerts, reports, dashboards, and logs
Implement and manage information protection (10-15%)
Manage sensitive information
- plan a sensitivity label solution
- create and manage sensitive information types
- configure sensitivity labels and policies
- configure and use Activity Explorer
- use sensitivity labels with Teams, SharePoint, OneDrive and Office apps
Manage Data Loss Prevention (DLP)
- plan a DLP solution
- create and manage DLP policies for Microsoft 365 workloads
- create and manage sensitive information types
- monitor DLP reports
- manage DLP notifications
- implement Endpoint DLP
Manage data governance and retention
- plan for data governance and retention
- https://docs.microsoft.com/microsoft-365/compliance/manage-data-governance?view=o365-worldwide&WT.mc_id=M365-MVP-5004583
- https://docs.microsoft.com/microsoft-365/compliance/get-started-with-data-lifecycle-management?view=o365-worldwide&WT.mc_id=M365-MVP-5004583
- https://docs.microsoft.com/microsoft-365/compliance/get-started-with-records-management?view=o365-worldwide&WT.mc_id=M365-MVP-5004583
- review and interpret data governance reports and dashboards
- configure retention labels and policies
- configure retention in Microsoft 365 workloads
- find and recover deleted Office 365 data
- https://docs.microsoft.com/microsoft-365/compliance/retention-flowchart?view=o365-worldwide&WT.mc_id=M365-MVP-5004583
- https://docs.microsoft.com/microsoft-365/compliance/content-search?view=o365-worldwide&WT.mc_id=M365-MVP-5004583
- https://docs.microsoft.com/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview?WT.mc_id=M365-MVP-5004583
- configure and use Microsoft 365 Records Management
Manage governance and compliance features in Microsoft 365 (20-25%)
Configure and analyze security reporting
- monitor and manage device security status using Microsoft Endpoint Manager admin center
- manage and monitor security reports and dashboards using Microsoft 365 Defender portal
- plan for custom security reporting with Graph Security API
- use secure score dashboards to review actions and recommendations
Manage and analyze audit logs and reports
- plan for auditing and reporting
- perform audit log search
- review and interpret compliance reports and dashboards
- configure alert policies
Discover and respond to compliance queries in Microsoft 365
- plan for content search and eDiscovery
- delegate permissions to use search and discovery tools
- use search and investigation tools to discover and respond
- manage eDiscovery cases
Manage regulatory compliance
- plan for regulatory compliance in Microsoft 365
- manage Data Subject Requests (DSRs)
- https://docs.microsoft.com/compliance/regulatory/gdpr-data-subject-requests?WT.mc_id=M365-MVP-5004583
- (Not yet in MS-500 but DSR is also in Microsoft Priva – https://docs.microsoft.com/privacy/priva/subject-rights-requests?view=o365-worldwide&WT.mc_id=M365-MVP-5004583)
- administer Compliance Manager in Microsoft 365 compliance center
- use Compliance Manager
Manage insider risk solutions in Microsoft 365
- implement and manage Customer Lockbox
- implement and manage communication compliance policies
- implement and manage Insider risk management policies
- implement and manage information barrier policies
- implement and manage privileged access management
Videos and Interactive Guides
User and Group Management
- Azure AD conditional access enabling Zero Trust networks https://youtu.be/XruceejcCKQ?list=PLXtHYVsvn_b8dbRbnL19GUPcBH1UQ7c4x
- Identity models and authentication for Microsoft 365 https://www.microsoft.com/en-us/videoplayer/embed/RE2Pjwu
- Azure Active Directory: Choosing the right authentication for your organization https://youtu.be/oPeKXefxEgg
- Azure Active Directory explained https://youtu.be/6MSrkUDOqsE
- Identity models and authentication for Microsoft 365 https://www.microsoft.com/en-us/videoplayer/embed/RE2Pjwu
- Add users in Office 365 https://youtu.be/zDs3VltTJps
- Introducing Groups in Office 365 https://youtu.be/t3OLvYXepvE
- Demonstration: Implement Multi-factor authentication https://youtu.be/SN-J7L1na34
- How to set up self-service password reset for Microsoft 365 https://www.youtube.com/watch?v=Jppfvl95DvE
- Guided demo Self service Password Reset: https://aka.ms/AA6xlpx
- Demonstration: Password-less Auth using Azure AD https://youtu.be/YFvAbr-Qsm4?list=PLXtHYVsvn_b8dbRbnL19GUPcBH1UQ7c4x
- Windows Hello Explained https://youtu.be/ASe5HiCr71I
- Demonstration: Windows Hello https://youtu.be/NHPDj_eVCvs
- Describing Smart Lockout https://youtu.be/aeuFaG8ZJnY
Identity synchronization and protection
- Azure AD Pass-through Authentication https://youtu.be/PyeAC85Gm7w
- PHS and PTA Authentication https://youtu.be/DpqpGSI02M0
- Interactive Guide: Establish hybrid identity https://www.microsoft.com/videoplayer/embed/RE44DnV
- Azure Active Directory Connect Health for AD Federated Services https://youtu.be/-V0qIrNNKtU
- Azure Active Directory Connect Health for AD Domain Services https://youtu.be/8btc5qHq9Ms
Azure AD Identity Protection
- What is Azure Active Directory Identity Protection? https://youtu.be/1REQYdZ6364
- Azure Active Directory Identity Protection https://youtu.be/zI3jn_G0_Ns
- Demonstration: Using Identity Protection https://youtu.be/zvCMpkOwRPs
Identity & Access Management
- Deploy Seamless Single-On https://youtu.be/kSfiDDNg14U
- What is Azure AD Application Proxy? https://youtu.be/-Iv9I9duEGY
- Interactive guide: Provide secure remote access to on-premises apps with Azure AD Application Proxy (12 minute interaction) https://aka.ms/AADandAppProxy_InteractiveGuide
- Demonstration: Deploying Azure Active Directory Application Proxy https://youtu.be/bfamp4fkesQ
- Demonstration: Rolling out Azure Active Directory Application Proxy https://youtu.be/E4_5Lxm3u7w
- What is Identity Governance: https://youtu.be/VzEn_7Kkv38
- What is Conditional Access? https://www.youtube.com/watch?v=ffMAw2IVO7A
- Security Benefits of Conditional Access https://youtu.be/5NLBNtEhGB8
- Demonstration: How to deploy Conditional Access policies https://youtu.be/c_izIRNJNuk
- What are Azure AD Access Reviews? https://www.youtube.com/watch?v=kDRjQQ22Wkk&t=32s
- Demonstration: Creating Azure AD Access Reviews https://youtu.be/zwXOulPOb7g
- Demonstration: Enabling Azure AD Access Reviews https://youtu.be/YF6JUL16mc4
- Conditional access device controls https://youtu.be/NcONUf-jeS4
- Interactive guide: Configure Conditional Access in Azure AD https://www.microsoft.com/videoplayer/embed/RE44laI
- Device-based Conditional Access with Intune https://youtu.be/AdM0zYB-3WQ
- Guided demo Conditional Access with Intune: https://aka.ms/AA6xdu0
- Identity and Access Management in Azure https://youtu.be/nRk1_koNBB8
- Azure AD B2B explained https://youtu.be/xxQWEQ1NnlY
- Azure AD B2B Collaboration demonstration https://youtu.be/AhwrweCBdsc
- Interactive guide: Enable B2B collaboration in Azure AD (22 minute interaction) http://aka.ms/AADandB2B_InteractiveGuide
- Guided demo Azure B2B Collaboration: https://aka.ms/AA6y80m
- Interactive Guide: Reduce security risk with Azure AD Privileged Identity Management https://www.microsoft.com/videoplayer/embed/RE44vAQ
- Azure Active Directory: Identity Management and Protection https://youtu.be/9LGIJ2-FKIM
- Azure Active Directory Identity Protection https://youtu.be/zI3jn_G0_Ns
Security in M365
- State of Security at Microsoft https://youtu.be/2o48CuW8ojQ
- Demonstration: Microsoft Defender – Extended Detection and Response (XDR) https://youtu.be/klGmsu3LK4M
- Interactive Guide: Protect your organization with Microsoft 365 Defender https://aka.ms/M365Defender-InteractiveGuide
- Interactive guide: Safeguard your organization with Microsoft Defender for Office 365 https://aka.ms/MSDO-IG
- Demonstration: Microsoft Defender for Office 365 https://youtu.be/idqTS6-_2t8
- Demonstration: Microsoft Defender for Endpoint https://youtu.be/lkMr4lbN1HE
- Interactive Guide: Remediate threats with Microsoft Defender for Endpoint https://aka.ms/MSDE-IG
- Interactive Guide: Detect suspicious activities and potential attacks with Microsoft Defender for Identity https://aka.ms/MSDefenderforIdentity-IG
- Secure Score explained https://youtu.be/FvD8T1WDvg4
- Demonstration: Secure Score https://youtu.be/jzfpDJ9Kg-A
- Demonstration: Secure Score Dashboard https://youtu.be/DNh9E3MWa7o
- How to Use the Microsoft Secure Score API https://youtu.be/vg3QKQWVD6Y
Threat Protection
- Demonstration: Exchange Online Protection https://youtu.be/uyIyT6aVcdQ
- Microsoft Defender for Office 365 explained https://youtu.be/QyNg6pdx1zw
- Demonstration: Stepping through Spoof Intelligence https://youtu.be/J2lI9Du4W0U
- Demonstration: Microsoft Defender for Office 365 https://youtu.be/idqTS6-_2t8
- Demonstration: Safe links https://youtu.be/ZEi8D1J9gh8 (Topic starts: 1:20, Video end: 3:45)
- Interactive Guide: Create Office 365 ATP Policies https://www.microsoft.com/videoplayer/embed/RE44izH
- Demonstration: Enabling Safe Attachments https://youtu.be/W0DjYfzumJA
- Enabling Safe Links https://youtu.be/A5LItgIcwYE
- What is Microsoft Defender for Identity https://youtu.be/DCfdNC2m4YI
- Demonstration of Microsoft Defender for Identity https://youtu.be/EGY2m8yU_KE
- Interactive Guide: Investigate and respond to attacks with Microsoft Defender for Identity https://aka.ms/MSDI.IG
- Microsoft Defender for Endpoint explained https://youtu.be/DFsJisQc_Oo
- Demonstration: Microsoft Defender for Endpoint alert and investigation https://youtu.be/qxeGa3pxIwg
- Interactive Guide: Reduce organizational risk with Threat & Vulnerability Management https://aka.ms/MSDE_TVM_IG
- Guided demo Microsoft Defender for Endpoint Threat and Vulnerability Management: https://aka.ms/MDATP_TVM_InteractiveGuide
- Application Guard https://youtu.be/McP8ZGAInwI
Threat Management
- Demonstration: Office 365 Security Dashboard https://www.microsoft.com/en-us/videoplayer/embed/RE1VV3o
- Microsoft Security Community https://youtu.be/kHUEVUKXbBM
- Demonstration: Threat Dashboard and Explorer https://youtu.be/krFAjIkD66M
- Attack Simulator in Office 365 https://youtu.be/5jWGU2VM3SI
- Microsoft Graph Security API https://youtu.be/oYXPGwH9Ho0
- Using the Microsoft Intelligent Security Graph https://youtu.be/-Q_G3yF9ZL4
- Interactive Guide: Modernize your security operations with Microsoft Azure Sentinel https://aka.ms/AzureSentinel_SOC_InteractiveGuide
- Overview of ATA Deployment https://youtu.be/UvhozhWq25I
Microsoft Defender for Cloud Apps (Cloud Application Security)
- Microsoft Cloud Application Security https://youtu.be/D0m4M4NFrx0
- Demonstration: Cloud Application Security https://youtu.be/ff4AR3GIR00
- Discover, protect, and control your apps with Microsoft Cloud App Security (cloudguides.com)
- Protect and control information with Microsoft Cloud App Security (cloudguides.com)
- Detect threats and manage alerts with Microsoft Cloud App Security (cloudguides.com)
- Automate alerts management with Microsoft Power Automate and Cloud App Security (cloudguides.com)
- Discover and manage cloud app usage with Microsoft Cloud App Security (cloudguides.com)
- Microsoft Cybersecurity Reference Architectures (MCRA) – Zero Trust User Access (cloudguides.com)
- Microsoft Cybersecurity Reference Architectures (MCRA) – People (cloudguides.com)
- Microsoft Cybersecurity Reference Architectures (MCRA) – Capabilities (cloudguides.com)
Mobility
- Mobile Application Management explained and demonstrated https://youtu.be/y2ILNKwsaI0
- Interactive guide: Manage and protect mobile and desktop applications with Microsoft Endpoint Manager (16 minute interaction) https://aka.ms/ManageProtectApps_InteractiveGuide
- Mobile Application Management with Microsoft Intune https://youtu.be/XBMJZnUMpx8
- Demonstration: Mobile Application Management without enrollment https://youtu.be/c_1kVBXtoA0
- Demonstration: Setup Office apps and email on a mobile device https://youtu.be/zm4pJLmX0j0
- Interactive guide: Manage devices with Microsoft Endpoint Manager (18 minute interaction) https://aka.ms/ManageDevices_InteractiveGuide
- Guided demo Intune remote actions: https://aka.ms/AA6wt8u
Information Protection & Governance
- Information Protection in Microsoft 365 https://youtu.be/UI0p9xqMNfI?list=PLXtHYVsvn_b8dbRbnL19GUPcBH1UQ7c4x
- Interactive Guide: Create retention policies in Microsoft 365 https://www.microsoft.com/videoplayer/embed/RE44izI
- Demonstration: Create a universal retention policy https://youtu.be/g_vXQRr0eEk
- Demonstration: Create retention policy for SharePoint https://youtu.be/basH02hOKgI
- Demonstration: Create Retention Policy for OneDrive https://youtu.be/-W4HwDj-qqM
- Demonstration: Create a deletion action policy https://youtu.be/dBjg_ZKlv-c
- Demonstration: Create labels and publish a retention action to Exchange https://youtu.be/b0q0jj1k0Cw
- Demonstration: Enable MRM retention policies in Exchange (part 2 of 2) https://youtu.be/EQRjaiPPXvA
Sara Fennah's Blog 