Microsoft 365: Security Administration (MS-500) Exam Prep Guide

This blog is part of a series. For more exam prep guides check back in the future

I must admit I enjoyed the security administration exam. I enjoyed studying for it. In fact, I congratulate Microsoft for introducing a Security certification which is so much more than a fundamentals exam (98-367).

However – for anyone looking to take this I would recommend taking the fundamentals first. I would also consider taking MS-900, MS-101 and MD-101 first if you have the time, resources and opportunities to do so. But if you haven’t – or you just decide to go for it, then I would offer a single piece of advice if only to save you money and avoid one or multiple failures. If you are not familiar with Windows Defender ATP, Office 365 ATP, AIP, DLP, PIM, Intune or Cloud App Security then, if you have access to one, spin up a Microsoft E5 demo tenant for a few months and get into the detail because this exam is deep and, IMHO, more aimed at an expert level rather than an associate. It’s not for an administrator or a consultant who has a passing interest on security which begins and ends with a bit of MFA and conditional access. This is all about implementing security across the breadth and depth of a Microsoft 365 enterprise E5 roll out.

So for all those who study hard, get into – as you will see – the hefty amount of content and pass – congratulations this is a great one to get and a tough one – I’m sure you’ll be joining me in taking the AZ-500 in the future.

Like the questions on most Microsoft security exams, it’s black and white, direct and granular. Ultimately, that’s why I think I like them. When you sit there in that exam room you either know it or you don’t. No hair splitting. No trying to fool you.

I like that. The very best of luck!

Link to Exam: Here
Released: 7th January 2019
Practice Test: Available later in 2019
MOC Course: MS-500T01A/T02A/T03A/T04A

Important Note: this exam prep guide should be used to supplement your own resources and should not be used for the whole of your learning. Some of the resources may be not completely cover the requirements especially if the requirement is vague. If you find better articles than the ones below, please feel free to reach out and I’ll amend.

Status: I passed this exam in April shortly after it came out of Beta. I had the short type exam (43 questions) and from what I can remember it was a pretty even spread across all four areas.


Implement and Manage Identity and Access (30-35%)

Secure Microsoft 365 hybrid environments

Secure user accounts

Implement authentication methods

Implement conditional access

Implement role-based access control (RBAC)

Implement Azure AD Privileged Identity Management (PIM)

Implement Azure AD Identity Protection

Implement and Manage Threat Protection (20-25%)

Implement an enterprise hybrid threat protection solution

Implement device threat protection

Implement and manage device and application protection

Implement and manage Office 365 messaging protection

Implement and manage Office 365 threat protection

  • review threats and malware trends on the Office 365 ATP Threat Management dashboard
  • monitor online anti-malware solutions using Office 365 ATP reports

Implement and Manage Information Protection (15-20%)

Secure data access within Office 365

Manage Azure information Protection (AIP)

Manage Data Loss Prevention (DLP)

Implement and manage Microsoft Cloud App Security

  • manage third-party apps in Office 365 Cloud App Security

Manage governance and compliance features in Microsoft 365 (25-30%)

Configure and analyse security reporting

  • plan for custom security reporting with Intelligent Security Graph

Manage and analyse audit logs and reports

Configure Office 365 classification and labelling

Manage data governance and retention

Manage search and investigation

Manage data privacy regulation compliance

One thought on “Microsoft 365: Security Administration (MS-500) Exam Prep Guide

Comments are closed.