MS-500 Exam Study Guide (Microsoft 365 Security Administration)
You can access MS-500 Exam Microsoft official page here
Preparing for the MS-500 Microsoft 365 Security Administration exam to achieve the Microsoft 365 Certification for Security Administrator Associate? Don’t know where to start? This post is the MS-500 Certificate Study Guide (with links to each exam objective).
I have curated a list of articles from Microsoft documentation for each objective of the MS-500 exam. Please share the post within your circles so it helps them to prepare for the exam.
Skills Measured
- Implement and Manage Identity and Access (30-35%)
- Implement and Manage Threat Protection (20-25%)
- Implement and Manage Information Protection (15-20%)
- Manage Governance and Compliance Features in Microsoft 365 (20-25%)
MS-500 Exam Free Study Guide
For each test objective, I’ve compiled a thorough collection of articles from Microsoft documentation. Please feel free to forward this page to your friends and coworkers in order to assist them in preparing for the test .
Implement and Manage Identity and Access (30-35%)
Secure Microsoft 365 Hybrid Environments
- Plan Azure AD authentication options
- Authentication methods available in Azure Active Directory
- How to choose the right authentication option in Azure AD?
- Choose the right authentication method for Azure AD hybrid identity
- Plan Azure AD synchronization options
- Azure AD Connect sync: Understand and customize synchronization
- Deploy Microsoft 365 Directory Synchronization in Microsoft Azure
- How does synchronization work in Azure Active Directory Domain Services?
- Set up directory synchronization for Microsoft 365
- Implement password hash synchronization with Azure AD Connect sync
- Monitor and troubleshoot Azure AD Connect events
- Troubleshoot Azure AD connectivity
- Troubleshoot object synchronization with Azure AD Connect sync
- Azure Active Directory Connect Health: Monitoring the sync engine
- Monitor AD FS using Azure AD Connect Health
Secure Identities
- Implement Azure AD group membership
- Create a basic group and add members using Azure Active Directory
- Create or update a dynamic group in Azure Active Directory
- Implement password management
- Plan an Azure Active Directory self-service password reset deployment
- Enable users to unlock their account or reset passwords
- Azure AD Password Protection is now generally available!
- Configure and manage identity governance
- What is Azure AD Identity Governance?
- Manage identities and governance in Azure
Implement Authentication Methods
- Plan sign-on security
- What is single sign-on (SSO)?
- Set up SSO for an application in your Azure Active Directory tenant
- Implement multi-factor authentication (MFA)
- How it works: Azure Multi-Factor Authentication
- Enable per-user Azure MFA to secure sign-in events
- Configure Azure Multi-Factor Authentication settings
- Manage and monitor MFA
- Manage user settings for Azure Multi-Factor Authentication
- Use the sign-ins report to review Azure MFA events
- Plan and implement device authentication methods like Windows Hello
- How Windows Hello for Business works
- Planning a Windows Hello for Business Deployment
- Windows Hello for Business Deployment Guide
- Configure and manage Azure AD user authentication options and self-service password management
- Primary & secondary authentication methods in Azure AD
- Configure & manage Azure AD authentication (Example Azure SQL)
- Azure AD self-service password management
- How it works: Azure AD self-service password reset
- Plan an Azure AD self-service password reset deployment
- Enable self-service password reset
Implement Conditional Access
- Plan for compliance and conditional access policies
- What is Conditional Access in Azure AD?
- Conditional Access: Require compliant devices
- Plan a Conditional Access deployment
- Configure and manage device compliance for endpoint security
- Manage endpoint security in Microsoft Intune
- Create a compliance policy in Intune
- Implement and manage conditional access
- Building a Conditional access policy
- Create a device-based Conditional access policy
- Secure user sign-in events with Azure MFA
Implement Role-based Access Control (RBAC)
- Plan for roles
- What is Azure role-based access control (Azure RBAC)?
- Best practices for Azure role-based access control
- Configure roles
- Add or remove Azure role assignments using the Azure portal
- Add/remove role assignments using Azure PowerShell
- Add or remove Azure role assignments using Azure CLI
- Audit roles
- View activity logs for Azure RBAC changes
Implement Azure AD Privileged Identity Management (PIM)
- Plan for Azure PIM
- What is Azure AD Privileged Identity Management?
- Start using Privileged Identity Management
- Assign eligibility and activate admin roles
- Activate my Azure resource roles in PIM
- Assign Azure resource roles in Privileged Identity Management
- Configure Azure resource role settings in PIM
- Manage Azure PIM role requests and assignments
- Extend or renew role assignments in Privileged Identity Management
- Approve or deny requests for Azure resource roles in PIM
- Monitor PIM history and alerts
- View audit history for Azure AD roles in PIM
- Configure security alerts for Azure AD roles in PIM
Implement Azure AD Identity Protection
- Implement user risk policy
- User risk policy in Identity Protection
- How to configure and enable user risk policies?
- Implement sign-in risk policy
- Sign-in risk policy in Identity Protection
- How to configure and enable sign-in risk policy?
- Configure Identity Protection alerts
- What is Identity Protection?
- Azure Active Directory Identity Protection notifications
- Review and respond to risk events
- Remediate risks and unblock users
Implement and Manage Threat Protection (20-25%)
Implement an Enterprise Hybrid Threat Protection Solution
- Plan an Azure ATP solution
- What is Azure Advanced Threat Protection?
- Azure Advanced Threat Protection prerequisites
- Quickstart: Plan capacity for Azure ATP
- Install and configure Azure ATP
- Download the Azure ATP sensor setup package
- Quickstart: Install the Azure ATP sensor
- Quickstart: Create your Azure ATP instance
- Monitor and manage Azure ATP
- Understanding Azure ATP sensor health alerts
- Monitoring your domain controller coverage
- Manage Azure ATP security alerts
- Manage Azure ATP health alerts
Implement Device Threat Protection
- Plan a Microsoft Defender ATP solution
- What is Microsoft Defender Advanced Threat Protection?
- Plan your Microsoft Defender ATP deployment strategy
- Implement Microsoft Defender ATP
- Prepare Microsoft Defender ATP deployment
- Set up Microsoft Defender ATP deployment
- Onboard to the Microsoft Defender ATP service
- Manage and monitor Microsoft Defender ATP
- Manage Microsoft Defender ATP capabilities
Implement and Manage Device and Application Protection
- Plan for device and application protection
- Protect devices from exploits
- Prevent threats from removable storage
- Microsoft Defender Application Guard overview
- Configure and manage Windows Defender Application Guard
- Configure Microsoft Defender Application Guard policy settings
- Application Guard testing scenarios
- Configure and manage Windows Defender Application Control
- Application Control for Windows
- Deploy Windows Defender Application Control policies by using Intune
- Manage WDAC with Configuration Manager
- Configure and manage exploit protection
- Evaluate exploit protection
- Enable exploit protection
- Configure Secure Boot
- Security considerations for OEMs: Secure boot
- Secure the Windows 10 boot process
- Configure and manage Windows device encryption
- Device encryption in Windows 10
- Turn on Windows 10 device encryption
- Configure and manage non-Windows device encryption
- How to Encrypt Drive with BitLocker in Linux?
- Plan for securing applications data on devices
- Protect your data in files, apps, and devices
- Requirements for use-case in mobile device
- Prevent data leaks on non-managed devices using Microsoft Intune
- Implement application protection policies
- App protection policies overview
- How to create and assign app protection policies
Implement and Manage Office 365 ATP
- Configure Office 365 ATP
- Office 365 Advanced Threat Protection (ATP)
- Monitor Office 365 ATP
- View reports for Office 365 Advanced Threat Protection
- Conduct simulated attacks using Attack Simulator
- Attack Simulator in ATP
Implement Azure Sentinel for Microsoft 365
- Plan and implement Azure Sentinel
- Azure Sentinel, intelligent security analytics for your enterprise
- Connect Office 365 Logs to Azure Sentinel
- Azure Sentinel & Microsoft 365 Threat Protection
- Configure playbooks in Azure Sentinel
- Use playbooks in Sentinel to set automated threat responses
- Manage and monitor Azure Sentinel
- Monitor data using the Azure Sentinel
- Respond to threats in Azure Sentinel
- Set up automated threat responses in Azure Sentinel
Implement and Manage Information Protection (15-20%)
Secure Data Access within Office 365
- Implement and manage Customer Lockbox
- Customer Lockbox in Office 365
- What is Customer Lockbox and How to Enable it
- Configure data access in Office 365 collaboration workloads
- Microsoft 365 inter-tenant collaboration
- Set up secure collaboration with Microsoft 365
- Protect user and device access
- Configure B2B sharing for external users
- Office 365 external sharing and Azure AD B2B collaboration
Manage Azure Information Protection (AIP)
- Plan an AIP solution
- What is Azure Information Protection?
- Azure Information Protection requirements
- Additional Azure AD requirements for Azure Information Protection
- Configure Sensitivity labels and policies
- Learn about sensitivity labels
- Create & configure sensitivity labels and their policies
- Deploy the RMS connector
- Deploying the Azure Rights Management connector
- Install & configure the Rights Management connector
- Manage tenant keys
- Plan & implement your Azure Information Protection tenant key
- Microsoft-managed: Tenant key life cycle operations
- Deploy the AIP client
- Azure Information Protection client administrator guide
- Install the Azure Information Protection client for users
- Integrate AIP with Office 365 Services
- Configuration for online services to use Azure RMS
Manage Data Loss Prevention (DLP)
- Plan a DLP solution
- Overview of data loss prevention
- Create and manage DLP policies
- Create, test, and tune a DLP policy
- Create a DLP policy from a template
- Create and manage sensitive information types
- Sensitive information type entity definitions
- Create a custom sensitive information type
- Monitor DLP reports
- View the reports for data loss prevention
- Manage DLP notifications
- Send email notifications & show policy tips for DLP policies
Implement and Manage Microsoft Cloud App Security
- Plan Cloud App Security implementation
- Microsoft Cloud App Security overview
- Configure Microsoft Cloud App Security
- Basic setup for Cloud App Security
- Get started with Microsoft Cloud App Security
- Manage cloud app discovery
- Set up Cloud Discovery
- Manage entries in the Cloud app catalog
- Add custom apps to Cloud Discovery
- Manage apps in Cloud App Security
- Connect apps to get visibility & protection
- Manage Microsoft Cloud App Security
- Manage admin access to cloud app security
- Configure Cloud App Security connectors and Oauth apps
- Control which cloud OAuth apps get permissions
- Configure Cloud App Security policies and templates
- Control cloud apps with policies
- Policy template reference
- Review, interpret and respond to Cloud App Security alerts, reports, dashboards, and logs
- How to investigate anomaly detection alerts?
- Manage Cloud App Security alerts
- Monitor alerts in Cloud App Security
- Generate data management reports
- Create snapshot Cloud Discovery reports
- Working with the dashboard
- Configure automatic log upload for continuous reports
Manage Governance and Compliance Features in Microsoft 365 (20-25%)
Configure and Analyze Security Reporting
- Monitor and manage device security status using Microsoft Endpoint Manager Admin Center
- Microsoft Endpoint Manager overview
- Walkthrough Intune in Microsoft Endpoint Manager
- Manage devices with endpoint security in Microsoft Intune
- Manage and monitor security reports and dashboards using Microsoft 365 Security Center
- Microsoft 365 security dashboards
- Smart reports and insights in the Security Center
- Plan for custom security reporting with Graph Security API
- Microsoft Graph Security API overview
- Use the Microsoft Graph Security API
- Use secure score dashboards to review actions
- Microsoft Secure Score
- Office 365 Secure Score is now Microsoft Secure Score
- Configure alert policies in the Security & Compliance admin center
- Alert policies in the security and compliance center
Manage and Analyze Audit Logs and Reports
- Plan for auditing and reporting
- Auditing and Reporting in Microsoft cloud services
- Perform audit log search
- Search the audit log in the Security & Compliance Center
- Review and interpret compliance reports and dashboards
- Reports in the Security & Compliance Center
- Security Dashboard overview
- Configure audit alert policy
- Alert policies in the security and compliance center
Manage Data Governance and Retention
- Plan for data governance and retention
- Data governance and retention in your Microsoft 365 tenant
- Review and interpret data governance reports and dashboards
- View the data governance reports
- Configure retention policies
- Create and configure retention policies
- Define data governance event types
- Start retention when an event occurs
- Define and manage communication compliance policies
- Learn about communication compliance in Microsoft 365
- Configure Information holds
- In-Place Hold and Litigation Hold
- Place a mailbox on Litigation Hold
- Find and recover deleted Office 365 data
- Recover deleted items in a user mailbox
- Configure data archiving
- Enable archive mailboxes in the Security & Compliance Center
- Set up an archive & deletion policy for mailboxes in your organization
- Manage inactive mailboxes
- Overview of inactive mailboxes
- Create and manage inactive mailboxes
Manage Search and Investigation
- Plan for content search and eDiscovery
- Content Search in Microsoft 365
- eDiscovery in Microsoft 365
- Get started with Core eDiscovery
- Search for personal data
- Search for and find personal data
- Monitor for leaks of personal data
- Monitor for leaks of personal data
- Delegate permissions to use search and discovery tools
- Permissions in the Security & Compliance Center
- Assign eDiscovery permissions in the Security & Compliance Center
- Use search and investigation tools to perform content searches
- Use content search
- Export content search results
- Export Content Search results
- Manage eDiscovery cases
- Get started with Core eDiscovery
Manage Data Privacy Regulation Compliance
- Plan for regulatory compliance in Microsoft 365
- Microsoft 365 recommended action plan for GDPR
- Review and interpret GDPR dashboards and reports
- GDPR dashboard
- O365 / Data Privacy GDPR dashboard
- Manage Data Subject Requests (DSRs)
- Data Subject Requests and the GDPR and CCPA
- Office 365 Data Subject Requests for the GDPR and CCPA
- Manage GDPR DSR with the DSR case tool in the Compliance Center
- Administer Compliance Manager in Microsoft 365 compliance center
- Administrative functions of global admins are:
- Assigning Compliance Manager roles to users
- Turn on and off automatic Secure Score updates
- Configuring user privacy settings
- Review Compliance Manager reports
- Compliance manager reports
- Export a report of account data history
- Create and perform Compliance Manager assessments and action items
- Assessments in Compliance Manager
- Add an Assessment to Compliance Manager
- Managing action items
This brings us to the end of the MS-500 Microsoft 365 Security Administration Study Guide.
Follow Me to Receive Updates on MS-500 Exam
Share the MS-500 Study Guide in Your Network
Share on facebook
Share on twitter
Share on linkedin
