Preparing for the MS-500 Microsoft 365 Security Administration Exam (BETA)

The MS-500 Microsoft 365 Security Administration exam is currently available in beta, and as you can see if you scroll down, this exam expects you to have very broad exposure across the security capabilities of the Microsoft 365 E5 suite. This guide is effectively the fifth post in this series, and if you have already taken the exams listed below you will find that some of the preparation for those exam will help out here.

There’s a huge amount of content to work through in the links below, and I’ll publish an updated version once the exam goes live in order to incorporate any changes with the final exam.

Implement and manage identity and access (30-25%) (look at those numbers, not my typo!)

• Secure Microsoft 365 hybrid environments
  May include but is not limited to:
  • Configure and manage security integration components in Microsoft 365 hybrid environments including connectivity, synchronization services, and authentication
    • Determine identity requirements
  • Plan Azure AD authentication options
    • Azure Active Directory deployment plans
  • Plan Azure AD synchronization options
    • Hybrid Identity Design Considerations Overview
  • Monitor and interpret Azure AD Connect events
    • Azure AD Connect Health Operations
• Secure user accounts
  May include but is not limited to:
  • Implement Azure AD dynamic group membership
    • Create a dynamic group
  • Implement Azure AD Self-service password reset
    • Deploy self-service password reset
  • Manage Azure AD access reviews
    • Manage user access with access reviews

• Implement authentication methods
  May include but is not limited to:
  • Plan sign-on security
    • Determine multi-factor auth requirements
  • Implement multi-factor authentication (MFA)
    • How it works: Azure Multi-Factor Authentication
  • Manage and monitor MFA
    • MFA Reports
  • Implement device sign-on methods
    • User and device settings
  • Manage authentication methods
    • Authentication methods
  • Monitor authentication methods
    • What are Azure AD reports?

• Implement conditional access
  May include but is not limited to:
  • Plan for compliance and conditional access policies
    • Common ways to use conditional access
  • Configure and manage device compliance policy
    • Create a device compliance policy
  • Configure and manage conditional access policy
    • Create and assign conditional access policy
  • Monitor Conditional Access and Device Compliance
    • Monitor conditional access
• Implement role-based access control (RBAC)
  May include but is not limited to
  • Plan for RBAC
    • What is RBAC?
  • Configure RBAC
    • Portal
    • PowerShell
  • Monitor RBAC usage
    • View activity logs
• Implement Azure AD Privileged Identity Management (PIM)
  May include but is not limited to:
  • Plan for Azure PIM
    • What is Azure AD PIM?
  • Configure and manage Azure PIM
    • Start using PIM
  • Monitor Azure PIM
    • View audit history
• Implement Azure AD Identity Protection
  May include but is not limited to:
  • Implement user risk policy
    • Configure the user risk policy
  • Implement sign-in risk policy
    • Configure the sign-in risk policy
  • Configure Identity Protection alerts
    • Close active risk events
  • Review and respond to risk events
    • Simulate risk events

Implement and manage threat protection (20-25%)

• Implement an enterprise hybrid threat protection solution
  May include but is not limited to:
  • Plan an Azure Advanced Threat Protection (ATP) solution
    • Create your Azure ATP instance
  • Install and configure Azure ATP
    • Configure the Azure ATP sensor
  • Manage Azure ATP workspace health
    • Work with Azure ATP health center
  • Generate Azure ATP reports
    • Reports
  • Integrate Azure ATP with Windows Defender ATP
    • Integrate with Windows Defender ATP
  • Monitor Azure ATP
    • Monitored activities
  • Manage suspicious activities
    • Understanding security alerts
• Implement device threat protection
  May include but is not limited to:
  • Plan and implement a Windows Defender ATP solution
    • Get started
  • Manage Windows Defender ATP
    • Configure and manage capabilities
  • Monitor Windows Defender ATP
    • Enable and configure always-on protection and monitoring
• Implement and manage device and application protection
  May include but is not limited to:
  • Plan for device protection
    • Windows 10
  • Configure and manage Windows Defender Application Guard
    • Windows Defender Application Guard
  • Configure and manage Windows Defender Application Control
    • Windows Defender Application Control design guide
  • Configure and manage Windows Defender Exploit Guard
    • Windows Defender Exploit Guard
  • Configure Secure Boot
    • Secure the Windows 10 boot process
  • Configure and manage Windows 10 device encryption
    • BitLocker
  • Configure and manage non-Windows device encryption
    • Use app protection policies
  • Plan for securing applications data on devices
    • Determine requirements
  • Define managed apps for Mobile Application Management (MAM)
    • Prevent data leaks on non-managed devices
  • Protect your enterprise data using Windows Information Protection (WIP)
    • Protect your enterprise data using Windows Information Protection (WIP)
  • Configure WIP policies
    • Configure Windows Information Protection settings
  • Configure Intune App Protection policies for non-Windows devices
    • Create app protection policies
• Implement and manage Office 365 messaging protection
  May include but is not limited to
  • Configure Office 365 ATP anti-phishing protection
    • Anti-phishing protection in Office 365
  • Configure Office 365 ATP anti-phishing policies
    • Set up anti-phishing and ATP anti-phishing policies
  • Define users and domains to protect with Office 365 ATP Anti-phishing
    • Learn about ATP anti-phishing policy options
  • Configure Office 365 ATP anti-spoofing
    • Anti-spoofing protection in Office 365
  • Configure actions against impersonation
    • Set up anti-phishing and ATP anti-phishing policies
  • Configure Office 365 ATP anti-spam protection
    • Review the prerequisites
  • Enable Office 365 ATP Safe-Attachments
    • Set up ATP Safe Attachments policies
  • Configure Office 365 ATP Safe Attachments policies
    • Set up (or edit) an ATP Safe Attachments policy
  • Configure Office 365 ATP Safe Attachments options
    • Learn about ATP Safe Attachments policy options
  • Configure Office 365 ATP Safe Links options
    • Review the prerequisites
  • Configure Office 365 ATP Safe Links blocked URLs
    • Set up a custom blocked URLs list
  • Configure Office 365 ATP Safe Links policies
    • Set up ATP Safe Links policies
• Implement and manage Office 365 threat protection
  May include but is not limited to
  • Configure Office 365 Threat Intelligence
    • Get started with Office 365 Threat Intelligence
  • Integrate Office 365 Threat Intelligence with Office 365 services
    • Turn on ATP for SharePoint, OneDrive, and Microsoft Teams
  • Integrate Office 365 Threat Intelligence with Windows Defender ATP
    • Integrate Office 365 Threat Intelligence with Windows Defender Advanced Threat Protection
  • Review threats and malware trends on the Office 365 ATP Threat Management dashboard
    • View reports for Office 365 Advanced Threat Protection
  • Review threats and malware trends with Office 365 ATP Threat Explorer and Threat Tracker
    • Threat Trackers – New and Noteworthy
  • Create and review Office 365 ATP incidents
    • How to view and use threat management in the Security & Compliance Center
  • Review quarantined items in ATP including Microsoft SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams
    • Manage quarantined messages and files as an administrator
  • Monitor online anti-malware solutions using Office 365 ATP reports
    • View ATP reports
  • Perform tests using Attack Simulator
    • Attack Simulator in Office 365

Implement and manage information protection (15-20%)

• Secure data access within Office 365
  May include but is not limited to:
  • Plan secure data access within Office 365
    • Protect access to data and services in Office 365
  • Implement and manage Customer Lockbox
    • Customer Lockbox Requests
  • Configure data access in Office 365 collaboration workloads
    • Protect access to data and services in Office 365
  • Configure B2B sharing for external users
    • B2B and Office 365 external sharing
• Manage Azure information Protection (AIP)
  May include but is not limited to:
  • Plan an AIP solution
    • Plan & Design
  • Activate Azure Rights Management
    • Activating the service
  • Configure usage rights
    • Configuring usage rights
  • Configure and manage super users
    • Configuring super users for discovery services or data recovery
  • Customize policy settings
    • Configuring the Azure Information Protection policy
  • Create and configure labels and conditions
    • Create a new label
  • Create and configure templates
    • Configure and manage templates
  • Configure languages
    • Configure languages
  • Configure and use the AIP scanner
    • Deploying the Azure Information Protection scanner
  • Deploy the RMS connector
    • Deploying the RMS connector
  • Manage tenant keys
    • HYOK
  • Deploy the AIP client
    • Azure Information Protection client
  • Track and revoke protected documents
    • Track and revoke your documents
  • Integrate AIP with Microsoft Online Services
    • Configuring applications
• Manage Data Loss Prevention (DLP)
  May include but is not limited to:
  • Plan a DLP solution
    • Plan & Design
  • Create and manage DLP policies
    • Create, test, and tune a DLP policy
  • Create and manage sensitive information types
    • Quickstart: Configure a label for users to easily protect emails that contain sensitive information
  • Monitor DLP reports
    • View the DLP reports
  • Manage DLP notifications
    • What the DLP functions look for
  • Create queries to locate sensitive data
    • Create, test, and tune a DLP policy
• Implement and manage Microsoft Cloud App Security
  May include but is not limited to:
  • Plan Cloud App Security implementation
    • Compare MCAS and OCAS
  • Configure Office 365 Cloud App Security
    • Basic set up
  • Perform productivity app discovery using Cloud App Security
    • Create app discovery reports using Office 365 Cloud App Security
  • Manage entries in the Cloud app catalog
    • Add custom apps to Cloud Discovery
  • Manage third-party apps in Office 365 Cloud App Security
    • Connect apps
  • Manage Microsoft Cloud App Security
    • Control cloud apps with policies
  • Configure Cloud App Security connectors
    • Azure Information Protection integration
    • SIEM integration
    • External DLP integration
    • Integrate with Microsoft Flow
    • API tokens
  • Configure Cloud App Security policies
    • Control cloud apps with policies
  • Configure and manage Cloud App Security templates
    • Policy template reference
  • Configure Cloud App Security users and permissions
    • User groups
  • Review and respond to Cloud App Security alerts
    • Manage alerts
  • Review and interpret Cloud App Security dashboards and reports
    • Generate data management reports
  • Review and interpret Cloud App Security activity log and governance log
    • Activity filters and queries

Manage governance and compliance features in Microsoft 365 (25-30%)

• Configure and analyze security reporting
  May include but is not limited to:
  • Interpret Windows Analytics
    • Windows Analytics in the Azure Portal
  • Configure Windows Telemetry options
    • Configure Windows diagnostic data in your organization
  • Configure Office Telemetry options
    • Compatibility and telemetry in Office
  • Review and interpret security reports and dashboards
    • Security Dashboard overview
  • Plan for custom security reporting with Intelligent Security Graph
    • Use the Microsoft Graph Security API
  • Review Office 365 secure score action and recommendations
    • Office 365 Secure Score
  • Configure reports and dashboards in Azure Log Analytics
    • Install and use the Log Analytics views for Azure AD
  • Review and interpret reports and dashboards in Azure Log Analytics
    • Analyze activity logs in Log Analytics
  • Configure alert policies in the Office 365 Security and Compliance Center
    • Alert policies in the Office 365 Security & Compliance Center
• Manage and analyze audit logs and reports
  May include but is not limited to:
  • Plan for auditing and reporting
    • Auditing and Reporting in Office 365
  • Configure Office 365 auditing and reporting
    • Turn audit log search on or off
  • Perform audit log search
    • Search the audit log in the Office 365 Security & Compliance Center
  • Review and interpret compliance reports and dashboards
    • Reports in the Office 365 Security & Compliance Center
  • Configure audit alert policy
    • Default alert policies
• Configure Office 365 classification and labeling
  May include but is not limited to:
  • Plan for data governance classification and labels
    • Customize or create new sensitive information types for GDPR
  • Search for personal data
    • Search for and find personal data
  • Apply labels to personal data
    • Apply labels to personal data in Office 365
  • Monitor for leaks of personal data
    • Monitor for leaks of personal data
  • Create and publish Office 365 labels
    • Retention labels
  • Configure label policies
    • Quickstarts
• Manage data governance and retention
  May include but is not limited to:
  • Plan for data governance and retention
    • Retention policies
  • Review and interpret data governance reports and dashboards
    • View the data governance reports
  • Configure retention policies
    • Office 365 retention policies
  • Define data governance event types
    • View label activity for documents
  • Define data governance supervision policies
    • Configure supervision policies for your organization
  • Configure Information holds
    • In-Place and Litigation Holds
  • Find and recover deleted Office 365 data
    • Delete or restore user mailboxes in Exchange Online
    • Restore a deleted Office 365 Group
    • Restore a deleted OneDrive
  • Import data in the Security and Compliance Center
    • Import data
  • Configure data archiving
    • Archiving third-party data in Office 365
    • Overview of unlimited archiving
  • Manage inactive mailboxes
    • Manage inactive mailboxes
• Manage search and investigation
  May include but is not limited to:
  • Plan for content search and eDiscovery
    • Manage legal investigations
  • Delegate permissions to use search and discovery tools
    • Assign eDiscovery permissions
  • Use search and investigation tools to perform content searches
    • Create and manage eDiscovery cases
  • Export content search results
    • Export Content Search results 
  • Manage eDiscovery cases
    • eDiscovery cases
• Manage data privacy regulation compliance
  May include but is not limited to:
  • Plan for regulatory compliance in Microsoft 365
    • Recommended action plan for GDPR
    • Compliance[ServiceDesc]
  • Review and interpret GDPR dashboards and reports
    • Office 365
  • Manage Data Subject Requests (DSRs)
    • Office 365 Data Service Requests
  • Review Compliance Manager reports
    • Compliance Manager
  • Create and perform Compliance Manager assessments and action items
    • Assessments in Compliance Manager