This blog is part of a series. For more exam prep guides check back in the future
I must admit I enjoyed the security administration exam. I enjoyed studying for it. In fact, I congratulate Microsoft for introducing a Security certification which is so much more than a fundamentals exam (98-367).
However – for anyone looking to take this I would recommend taking the fundamentals first. I would also consider taking MS-900, MS-101 and MD-101 first if you have the time, resources and opportunities to do so. But if you haven’t – or you just decide to go for it, then I would offer a single piece of advice if only to save you money and avoid one or multiple failures. If you are not familiar with Windows Defender ATP, Office 365 ATP, AIP & Unified Labeling, DLP, PIM, Intune or Cloud App Security then, if you have access to one, spin up a Microsoft E5 demo tenant (demos.microsoft.com) for a few months and get into the detail because this exam is deep and, IMHO, more aimed at an expert level rather than an associate. It’s not for an administrator or a consultant who has a passing interest on security which begins and ends with a bit of MFA and conditional access. This is all about implementing security across the breadth and depth of a Microsoft 365 enterprise E5 roll out.
So for all those who study hard, get into – as you will see – the hefty amount of content and pass – congratulations this is a great one to get and a tough one – I’m sure you’ll be joining me in taking the AZ-500 in the future.
Like the questions on most Microsoft security exams, it’s black and white, direct and granular. Ultimately, that’s why I think I like them. When you sit there in that exam room you either know it or you don’t. No hair splitting. No trying to fool you.
I like that. The very best of luck!
Link to Exam: Here
Released: 7th January 2019
Practice Test: Available later in 2019
MOC Course: MS-500T01A/T02A/T03A/T04A
Important Note: this exam prep guide should be used to supplement your own resources and should not be used for the whole of your learning. Some of the resources may be not completely cover the requirements especially if the requirement is vague. If you find better articles than the ones below, please feel free to reach out and I’ll amend.
Status: I passed this exam in April shortly after it came out of Beta. I had the short type exam (43 questions) and from what I can remember it was a pretty even spread across all four areas.
——————————————————————————-
Implement and Manage Identity and Access (30-35%)
Secure Microsoft 365 hybrid environments
Configure and manage security integration components in Microsoft 365 hybrid environments, including connectivity, synchronization services, and authentication
Plan Azure AD authentication options
Plan Azure AD synchronization options
Monitor and interpret Azure AD Connect events
Secure user accounts
Implement Azure AD dynamic group membership
Implement Azure AD Self-service password reset
Manage Azure AD access reviews
Implement authentication methods
Plan sign-on security
Implement multi-factor authentication (MFA)
Manage and monitor MFA
Implement device sign-on methods
Manage authentication methods
Monitor authentication methods
Implement conditional access
Plan for compliance and conditional access policies
- How To: Plan your conditional access deployment in Azure Active Directory
- What are common ways to use Conditional Access with Intune?
Configure and manage device compliance policy
- How To: Require managed devices for cloud app access with conditional access
- Create a device based conditional access policy
Configure and manage conditional access policy
- Best practices for conditional access in Azure Active Directory
- Create and Assign conditional access policy
Monitor Conditional Access and Device Compliance
Implement role-based access control (RBAC)
Plan for RBAC
- What is RBAC for Azure Resources?
- About Office 365 Admin Roles
- Administer Role Permissions in Azure Active Directory
- Administrator Roles for Microsoft 365 workloads
- Permissions in the Office 365 Security and Compliance Centre
Configure RBAC
Monitor RBAC usage
Implement Azure AD Privileged Identity Management (PIM)
Plan for Azure PIM
Configure and manage Azure PIM
- Deploy Azure AD PIM
- Start using PIM
- Configure Azure AD Role Settings
- Configure Azure Resource Role Settings
- Start an Access Review for Azure AD Roles
- Start an Access Review for Azure Resource Roles
Monitor Azure PIM
Implement Azure AD Identity Protection
Implement user risk policy
- How To: Configure risk policies in Azure Active Directory identity protection
- Sign In Experience with Azure AD Identity Protection
Implement sign-in risk policy
- How To: Configure risk policies in Azure Active Directory identity protection
- Sign In Experience with Azure AD Identity Protection
Configure Identity Protection alerts
Review and respond to risk events
- Azure AD Risk Events
- How To: Investigate risky users and sign-ins
- How To: Improve the detection accuracy
- Azure AD Identity Protection Notifications
Implement and Manage Threat Protection (20-25%)
Implement an enterprise hybrid threat protection solution
Plan an Azure Advanced Threat Protection (ATP) solution
Install and configure Azure ATP
- Create your Azure ATP instance
- Connect to AD
- Download the Azure ATP Sensor Package
- Install the Azure ATP Sensor
- Configure the Azure ATP Sensor
Manage Azure ATP workspace health
Generate Azure ATP reports
Integrate Azure ATP with Windows Defender ATP
Monitor Azure ATP
Manage suspicious activities
Implement device threat protection
Plan and implement a Windows Defender ATP solution
- Overview of Windows Defender ATP Capabilities
- Minimum Requirements
- Onboard machines
- Manage Portal Access with RBAC
Manage Windows Defender ATP
Monitor Windows Defender ATP
- Monitor Windows Defender ATP
- Pull Alerts to your SIEM Tools
- Build Power BI reports with WDATP Data
- Threat Protection Report
- Machine Health
Implement and manage device and application protection
Plan for device protection
Configure and manage Windows Defender Application Guard
Configure and manage Windows Defender Application Control
Configure and manage Windows Defender Exploit Guard
Configure Secure Boot
Configure and manage Windows 10 device encryption
Configure and manage non-Windows device encryption
Plan for securing applications data on devices
Define managed apps for Mobile Application Management (MAM)
Protect your enterprise data using Windows Information Protection (WIP)
Configure WIP policies
- Create a WIP Policy using Intune
- Create a WIP Policy using SCCM
- Get ready to configure app protection policies for Windows 10
- Create and deploy Windows Information Protection (WIP) app protection policy with Intune
Configure Intune App Protection policies for non-Windows devices
Implement and manage Office 365 messaging protection
Configure Office 365 ATP anti-phishing protection
Configure Office 365 ATP anti-phishing policies
Define users and domains to protect with Office 365 ATP Anti-phishing
Configure Office 365 ATP anti-spoofing
Configure actions against impersonation
Configure Office 365 ATP anti-spam protection
Enable Office 365 ATP Safe-Attachments
Configure Office 365 ATP Safe Attachments policies
Configure Office 365 ATP Safe Attachments options
Configure Office 365 ATP Safe Links options
Configure Office 365 ATP Safe Links blocked URLs
Configure Office 365 ATP Safe Links policies
Implement and manage Office 365 threat protection
Configure Office 365 Threat Intelligence
Integrate Office 365 Threat Intelligence with Office 365 services
Integrate Office 365 Threat Intelligence with Windows Defender ATP
Review threats and malware trends on the Office 365 ATP Threat Management dashboard
Review threats and malware trends with Office 365 ATP Threat Explorer and Threat Tracker
Create and review Office 365 ATP incidents
Review quarantined items in ATP including Microsoft SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams
Monitor online anti-malware solutions using Office 365 ATP reports
Perform tests using Attack Simulator
Implement and Manage Information Protection (15-20%)
Secure data access within Office 365
Plan secure data access within Office 365
Implement and manage Customer Lockbox
Configure data access in Office 365 collaboration workloads
- Protect access to data and services in Office 365
- Secure SharePoint sites and files
- Overview of Security and Compliance in Teams
- Overview of Security and Compliance in Yammer
Configure B2B sharing for external users
- What is guest user access in Azure Active Directory B2B
- Office 365 external sharing and Azure Active Directory B2B collaboration
- Add Azure Active Directory B2B collaboration users in the Azure portal
- How users in your organization can invite guest users to an app
Manage Azure information Protection (AIP)
Plan an AIP solution
Activate Azure Rights Management
Configure usage rights
Configure and manage super users
Customize policy settings
Create and configure labels and conditions
- How to create a new label for Azure Information Protection
- Add or remove a label to or from an Azure Information Protection policy
- How to delete or reorder a label for Azure Information Protection
- How to change or customize an existing label for Azure Information Protection
Create and configure templates
Configure languages
Configure and use the AIP scanner
Deploy the RMS connector
Manage tenant keys
Deploy the AIP client
Track and revoke protected documents
Integrate AIP with Microsoft Online Services
Manage Data Loss Prevention (DLP)
Plan a DLP solution
Create and manage DLP policies
- Get started with the default DLP policy
- Create Test and Tune a DLP Policy
- Create a DLP Policy from a Template
Create and manage sensitive information types
- Create a custom sensitive information type
- Customise a Built in sensitive information type
- What the DLP Functions Look for
Monitor DLP reports
Manage DLP notifications
Create queries to locate sensitive data
Implement and manage Microsoft Cloud App Security
Plan Cloud App Security implementation
- Microsoft Cloud App Security overview
- Microsoft Cloud App Security data security and privacy
- Network Requirements
Configure Office 365 Cloud App Security
Perform productivity app discovery using Cloud App Security
- Set up Cloud Discovery
- Add custom apps to Cloud Discovery
- Create app discovery reports using Office 365 Cloud App Security
Manage entries in the Cloud app catalogue
Manage third-party apps in Office 365 Cloud App Security
Manage Microsoft Cloud App Security
Configure Cloud App Security connectors
Configure Cloud App Security policies
Configure and manage Cloud App Security templates
Configure Cloud App Security users and permissions
Review and respond to Cloud App Security alerts
Review and interpret Cloud App Security dashboards and reports
Review and interpret Cloud App Security activity log and governance log
Manage governance and compliance features in Microsoft 365 (25-30%)
Configure and analyse security reporting
Interpret Windows Analytics
Configure Windows Telemetry options
Configure Office Telemetry options
Review and interpret security reports and dashboards
Plan for custom security reporting with Intelligent Security Graph
Review Office 365 secure score action and recommendations
Configure reports and dashboards in Azure Log Analytics
Review and interpret reports and dashboards in Azure Log Analytics
Configure alert policies in the Office 365 Security and Compliance Centre
Manage and analyse audit logs and reports
Plan for auditing and reporting
Configure Office 365 auditing and reporting
- Auditing in Office 365 (for Admins)
- Turn Office 365 audit log search on or off
- Manage Mailbox auditing
- Monitor and report security status in Microsoft 365 security center
- Configure your Office 365 tenant for increased security
- Reports in the Security & Compliance Center
Perform audit log search
Review and interpret compliance reports and dashboards
Configure audit alert policy
Configure Office 365 classification and labelling
Plan for data governance classification and labels
Search for personal data
Apply labels to personal data
Monitor for leaks of personal data
Create and publish Office 365 labels
Configure label policies
Manage data governance and retention
Plan for data governance and retention
Review and interpret data governance reports and dashboards
Configure retention policies
Define data governance event types
Define data governance supervision policies
Configure Information holds
Find and recover deleted Office 365 data
import data in the Security and Compliance Centre
Configure data archiving
- Enable archive mailboxes in the Security & Compliance Center
- Overview of unlimited archival in Office 365
Manage inactive mailboxes
Manage search and investigation
Plan for content search and eDiscovery
Delegate permissions to use search and discovery tools
Use search and investigation tools to perform content searches
Export content search results
Manage eDiscovery cases
Manage data privacy regulation compliance
Plan for regulatory compliance in Microsoft 365
- Microsoft 365 GDPR action plan — Top priorities for your first 30 days, 90 days, and beyond
- Use Compliance Manager to help meet data protection and regulatory requirements when using Microsoft cloud services
Review and interpret GDPR dashboards and reports
Manage Data Subject Requests (DSRs)
Review Compliance Manager reports
Create and perform Compliance Manager assessments and action items
@Microsoft365Pro 
2 thoughts on “Microsoft 365: Security Administration (MS-500) Exam Prep Guide”
Comments are closed.