MS-500 Microsoft 365 Security Administration Exam Study Guide

This summer, Microsoft announced changes to the MS-500 exam objectives. Below you’ll find the updated listing for June 2020 and beyond with links to relevant documentation. The best way to use this study guide is to find the topics you’re least familiar with and focus on those. In any remaining time, you can always review those you’re familiar with to make sure nothing has changed significantly.

As stated on the MS-500 exam page, potential candidates for the MS-500 exam implement, manage and monitor security and compliance solutions for Microsoft 365 and hybrid environments. Professionals familiar with the content of the exam are well-positioned to secure their Microsoft 365 environments by responding to threats, performing investigations, enforcing data governance, and collaborating with other enterprise professionals on security and compliance topics.

Register for the MS-500 exam

• For non-students interested in technology
• For job seekers impacted by COVID-19

Skills measured

• Implement and manage identity and access (30-35%)
• Implement and manage threat protection (20-25%)
• Implement and manage information protection (15-20%)
• Manage governance and compliance features in Microsoft 365 (20-25%)

MS-500 Study Guides

Objectives with online documentation for study

Implement and manage identity and access (30-35%)

Secure Microsoft 365 hybrid environments

• Plan Azure AD authentication options
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-hybrid-identity-design-considerations-business-needs
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
  • https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-plans
• Plan Azure AD synchronization options
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-express
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-hybrid-identity-design-considerations-overview
• Monitor and troubleshoot Azure AD Connect events
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-scheduler
  • https://docs.microsoft.com/en-us/office365/enterprise/fix-problems-with-directory-synchronization
  • https://evertoncollins.com/azure-fix-unhealthy-identity-synchronization/
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect#what-is-azure-ad-connect-health

Secure Identities

• Implement Azure AD group membership
  • https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal
  • https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-create-rule
• Implement password management
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
• Configure and manage identity governance
  • https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-user-access-with-access-reviews
  • https://docs.microsoft.com/en-us/azure/active-directory/governance/identity-governance-overview

Implement authentication methods

• Plan sign-on security
  • https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-hybrid-identity-design-considerations-multifactor-auth-requirements
  • https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
• Implement multi-factor authentication (MFA)
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa
• Manage and monitor MFA
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting
• Plan and implement device authentication methods like Windows Hello
  • https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide
  • https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-manage-in-organization
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-deployment
• Configure and manage Azure AD user authentication options
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone
  • https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-reports
  • https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure

Implement conditional access

• plan for compliance and conditional access policies
• configure and manage device compliance for endpoint security
• implement and manage conditional access

Implement role-based access control (RBAC)

• plan for roles
• Configure roles
  • https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
  • https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell
• audit roles

Implement Azure AD Privileged Identity Management (PIM)

• plan for Azure PIM
• implement and configure Azure PIM roles
• Manage Azure PIM role assignments
  • https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-use-the-audit-log
  • https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-add-role-to-user

Implement Azure AD Identity Protection

• implement user risk policy
• implement sign-in risk policy
• configure Identity Protection alerts
• review and respond to risk events

Implement and manage threat protection (20-25%)

Implement an enterprise hybrid threat protection solution

• plan an Azure ATP solution
• install and configure Azure ATP
• monitor and manage Azure ATP
  • https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-health-center
  • https://docs.microsoft.com/en-us/azure-advanced-threat-protection/monitored-activities

Implement device threat protection

• plan a Microsoft Defender ATP solution
• implement Microsoft Defender ATP
• manage and monitor Microsoft Defender ATP
  • https://docs.microsoft.com/en-au/windows/security/threat-protection/windows-defender-atp/onboard
  • https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus

Implement and manage device and application protection

• plan for device and application protection
• configure and manage Windows Defender Application Guard
• configure and manage Windows Defender Application Control
• configure and manage Windows Defender Exploit Guard
• configure Secure Boot
• configure and manage Windows device encryption
• configure and manage non-Windows device encryption
• plan for securing applications data on devices
• implement application protection policies

Implement and manage Office 365 ATP

• configure Office 365 ATP
• monitor Office 365 ATP
• conduct simulated attacks using Attack Simulator

Implement Azure Sentinel for Microsoft 365

• plan and implement Azure Sentinel
  • https://docs.microsoft.com/en-us/azure/sentinel/
  • https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard
• manage and monitor Azure Sentinel
• respond to threats in Azure Sentinel

Implement and manage information protection (15-20%)

Secure data access within Office 365

• implement and manage Customer Lockbox
• Configure data access in Office 365 collaboration workloads
  • https://docs.microsoft.com/en-us/office365/enterprise/office-365-inter-tenant-collaboration
  • https://docs.microsoft.com/en-us/office365/securitycompliance/protect-access-to-data-and-services
  • https://docs.microsoft.com/en-us/office365/securitycompliance/secure-sharepoint-online-sites-and-files
  • https://docs.microsoft.com/en-us/microsoftteams/security-compliance-overview
  • https://docs.microsoft.com/en-us/Yammer/manage-security-and-compliance/security-and-compliance
• Configure B2B sharing for external users
  • https://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2b
  • https://docs.microsoft.com/en-us/azure/active-directory/b2b/o365-external-user
  • https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator
  • https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-information-worker

Manage Azure information Protection (AIP)

• plan an AIP solution
• configure Sensitivity labels and policies
• deploy the RMS connector
• manage tenant keys
• deploy the AIP client
• integrate AIP with Office 365 Services

Manage Data Loss Prevention (DLP)

• plan a DLP solution
• create and manage DLP policies
• create and manage sensitive information types
• monitor DLP reports
• manage DLP notifications

Implement and manage Microsoft Cloud App Security

• plan Cloud App Security implementation
• configure Microsoft Cloud App Security
• manage cloud app discovery
• manage entries in the Cloud app catalog
• manage apps in Cloud App Security
• manage Microsoft Cloud App Security
• configure Cloud App Security connectors and Oauth apps
  • https://docs.microsoft.com/en-us/cloud-app-security/azip-integration
  • https://docs.microsoft.com/en-us/cloud-app-security/siem
  • https://docs.microsoft.com/en-us/cloud-app-security/icap-stunnel
  • https://docs.microsoft.com/en-us/cloud-app-security/flow-integration
  • https://docs.microsoft.com/en-us/cloud-app-security/api-tokens
• configure Cloud App Security policies and templates
• review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs
  • https://docs.microsoft.com/en-us/cloud-app-security/managing-alerts
  • https://docs.microsoft.com/en-us/cloud-app-security/built-in-reports
  • https://docs.microsoft.com/en-us/cloud-app-security/activity-filters-queries

Manage governance and compliance features in Microsoft 365 (25-30%)

Configure and analyze security reporting

• monitor and manage device security status using Microsoft Endpoint Manager Admin Center
• manage and monitor security reports and dashboards using Microsoft 365 Security Center
• use secure score dashboards to review actions and recommendations
• configure alert policies in the Security & Compliance admin center

Manage and analyze audit logs and reports

• plan for auditing and reporting
• perform audit log search
• review and interpret compliance reports and dashboards
• configure audit alert policy

Manage data governance and retention

• plan for data governance and retention
• review and interpret data governance reports and dashboards
• configure retention policies
• define data governance event types
• define data governance supervision policies
• configure Information holds
• find and recover deleted Office 365 data
  • https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/delete-or-restore-mailboxes
  • https://docs.microsoft.com/en-us/office365/admin/create-groups/restore-deleted-group
  • https://docs.microsoft.com/en-us/onedrive/restore-deleted-onedrive
• configure data archiving
  • https://docs.microsoft.com/en-us/office365/securitycompliance/archiving-third-party-data
  • https://docs.microsoft.com/en-us/office365/securitycompliance/unlimited-archiving
• manage inactive mailboxes

Manage search and investigation

• plan for content search and eDiscovery
• search for personal data
• monitor for leaks of personal data
• delegate permissions to use search and discovery tools
• use search and investigation tools to perform content searches
• export content search results
• manage eDiscovery cases

Manage data privacy regulation compliance

• plan for regulatory compliance in Microsoft 365
  • https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr-action-plan
  • https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/compliance-servicedesc
• review and interpret GDPR dashboards and reports
• manage Data Subject Requests (DSRs)
• administer Compliance Manager
• review Compliance Manager reports
• create and perform Compliance Manager assessments and action items