Use this quick start guide to collect all the information about Microsoft 365 Security Administration (MS-500) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the MS-500 Microsoft 365 Security Administration exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Microsoft 365 Security Administration certification exam.
The Microsoft 365 Security Administration certification is mainly targeted to those candidates who want to build their career in Microsoft 365 domain. The Microsoft 365 Certified - Security Administrator Associate exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Microsoft 365 Security Administration.
Microsoft 365 Security Administration Exam Summary:
| Exam Name | Microsoft 365 Certified - Security Administrator Associate |
| Exam Code | MS-500 |
| Exam Price | $165 (USD) |
| Duration | 120 mins |
| Number of Questions | 40-60 |
| Passing Score | 700 / 1000 |
| Books / Training | Course MS-500T00-A: Microsoft 365 Security Administration |
| Schedule Exam | Pearson VUE |
| Sample Questions | Microsoft 365 Security Administration Sample Questions |
| Practice Exam | Microsoft MS-500 Certification Practice Exam |
Microsoft MS-500 Exam Syllabus Topics:
| Topic | Details |
|---|---|
Implement and manage identity and access (25-30%) |
|
| Plan and implement identity and access for Microsoft 365 hybrid environments |
- Choose an authentication method to connect to a hybrid environment - Plan and implement pass-through authentication and password hash sync - Plan and implement Azure AD synchronization for hybrid environments - Monitor and troubleshoot Azure AD Connect events |
| Plan and implement identities in Azure AD |
- Implement Azure AD group membership - Implement password management, including self-service password reset and Azure AD Password Protection - Manage external identities in Azure AD and Microsoft 365 workloads - Plan and implement roles and role groups - Audit Azure AD |
| Implement authentication methods |
- Implement multi-factor authentication (MFA) by using conditional access policies - Manage and monitor MFA - Plan and implement Windows Hello for Business, FIDO, and passwordless authentication |
| Plan and implement conditional access |
- Plan and implement conditional access policies - Plan and implement device compliance policies - Test and troubleshoot conditional access policies |
| Configure and manage identity governance |
- Implement Azure AD Privileged Identity Management - Implement and manage entitlement management - Implement and manage access reviews |
| Implement Azure AD Identity Protection |
- Implement user risk policy - Implement sign-in risk policy - Configure Identity Protection alerts - Review and respond to risk events |
Implement and manage threat protection (30-35%) |
|
| Secure identity by using Microsoft Defender for Identity |
- Plan a Microsoft Defender for Identity solution - Install and configure Microsoft Defender for Identity - Manage and monitor Microsoft Defender for Identity - Secure score - Analyze identity-related threats and risks identified in Microsoft 365 Defender |
| Secure endpoints by using Microsoft Defender for Endpoint |
- Plan a Microsoft Defender for Endpoint solution - Implement Microsoft Defender for Endpoint - Manage and monitor Microsoft Defender for Endpoint - Analyze and remediate threats and risks to endpoints identified in Microsoft 365 Defender |
| Secure endpoints by using Microsoft Endpoint Manager |
- Plan for device and application protection - configure and manage Microsoft Defender Application Guard - Configure and manage Windows Defender Application Control - configure and manage exploit protection - Configure and manage device encryption - Configure and manage application protection policies - Monitor and manage device security status using Microsoft Endpoint Manager admin center - Analyze and remediate threats and risks to endpoints identified in Microsoft Endpoint Manager |
| Secure collaboration by using Microsoft Defender for Office 365 |
- Plan a Microsoft Defender for Office 365 solution - Configure Microsoft Defender for Office 365 - Monitor for threats by using Microsoft Defender for Office 365 - Analyze and remediate threats and risks to collaboration workloads identified in Microsoft 365 Defender - Conduct simulated attacks by using Attack simulation training |
| Detect and respond to threats in Microsoft 365 by using Microsoft Sentinel |
- Plan a Microsoft Sentinel solution for Microsoft 365 - Implement and configure Microsoft Sentinel for Microsoft 365 - Manage and monitor Microsoft 365 security by using Microsoft Sentinel - Respond to threats using built-in playbooks in Microsoft Sentinel |
| Secure connections to cloud apps by using Microsoft Defender for Cloud Apps |
- Plan Microsoft Defender for Cloud Apps implementation - Configure Microsoft Defender for Cloud Apps - Manage cloud app discovery - Manage entries in the Microsoft Defender for Cloud Apps catalog - Manage apps in Microsoft Defender for Cloud Apps - Configure Microsoft Defender for Cloud Apps connectors and OAuth apps - Configure Microsoft Defender for Cloud Apps policies and templates - Analyze and remediate threats and risks relating to cloud app connections identified in Microsoft 365 Defender - Manage App governance in Microsoft Defender for Cloud Apps |
Implement and manage information protection (15-20%) |
|
| Manage sensitive information |
- Plan a sensitivity label solution - Create and manage sensitive information types - Configure Sensitivity labels and policies - Publish sensitivity labels to Microsoft 365 workloads - Monitor data classification and label usage by using Content explorer and Activity explorer - Apply labels to files and schematized data assets in Microsoft Purview Data Map |
| Implement and manage Microsoft Purview Data Loss Prevention (DLP) |
- Plan a DLP solution - Create and manage DLP policies for Microsoft 365 workloads - Implement and manage Endpoint DLP - Monitor DLP - Respond to DLP alerts and notifications |
| Plan and implement Microsoft Purview Data lifecycle management |
- Plan for data lifecycle management - Review and interpret data lifecycle management reports and dashboards - Configure retention labels, policies, and label policies - Plan and implement adaptive scopes - Configure retention in Microsoft 365 workloads - Find and recover deleted Office 365 data |
Manage compliance in Microsoft 365 (20-25%) |
|
| Manage and analyze audit logs and reports in Microsoft Purview |
- Plan for auditing and reporting - Investigate compliance activities by using audit logs - Review and interpret compliance reports and dashboards - Configure alert policies - Configure audit retention policies |
| Plan for, conduct, and manage eDiscovery cases |
- Recommend eDiscovery Standard or Premium - Plan for content search and eDiscovery - Delegate permissions to use search and discovery tools - Use search and investigation tools to discover and respond - Manage eDiscovery cases |
| Manage regulatory and privacy requirements |
- Plan for regulatory compliance in Microsoft 365 - Manage regulatory compliance in the Microsoft Purview Compliance Manager - Implement privacy risk management in Microsoft Priva - Implement and manage Subject Rights Requests in Microsoft Priva |
| Manage insider risk solutions in Microsoft 365 |
- Implement and manage Customer Lockbox - Implement and manage Communication compliance policies - Implement and manage Insider risk management policies - Implement and manage Information barrier policies - Implement and manage Privileged access management |
To ensure success in Microsoft 365 Security Administration certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Microsoft 365 Security Administration (MS-500) exam.