Preparing for the MS-100 Microsoft 365 Identity and Services Exam (July 2020 Update)

It’s been over a year and a half since I published the initial version of this prep guide, so I thought it’s about time I update it and discuss where this fits in the Microsoft 365 exam world. Additional exams have been announced and released since this exam first went into beta, moving the conversation away from comparisons with the exams that were being replaced.

What are the two main exams that have changed this landscape? MS-900 Microsoft 365 Fundamentals and MS-500 Microsoft 365 Security Administration were both introduced as exams that would give you a certification as opposed to this exam which also requires you to to pass multiple exams to get a certification. What I’ve learned, and been somewhat surprised by over the last couple of years is that for many people the exam to certification ratio drives behaviors in ways I wouldn’t have believed, even when it leads to people following a path that will lead to better skills.

I still recommend MS-100 as the starting exam exam for someone who wants to get Microsoft 365 certifications, as the skills required really have moved into being expected skills in many organizations. Once you’ve done MS-100 and MS-101, there really isn’t a huge amount of effort for you to sit MS-900 and MS-500 if you are in certification acquisition mode.

Design and implement Microsoft 365 services (25-30%)

Manage domains

• add and configure additional domains
  • Add domain
• configure user identities for new domain name
  • Domains FAQ
• configure workloads for new domain name
  • DNS basics
• design domain name configuration
  • Can I add custom subdomains or multiple domains to Microsoft 365?
• set primary domain name
  • How do I change the default domain in Microsoft 365?
• verify custom domain
  • Can I pilot Microsoft 365 with just a few email addresses from my custom domain?

Plan a Microsoft 365 implementation

• plan for Microsoft 365 on-premises Infrastructure
  • Prepare your organization’s network for Teams
  • Office 365 URLs and IP address ranges
• plan identity and authentication solution
  • Assign users to admin roles
  • Hybrid identity documentation
  • Authentication methods
  • Understanding Microsoft 365 identity and Azure Active Directory

Setup Microsoft 365 tenancy and subscription

• configure subscription and tenant roles and workload settings
  • Assign roles to users
• evaluate Microsoft 365 for organization
  • Base Configuration dev/test environment
• plan and create tenant
  • Plan your setup
  • Deployment planning checklist for Microsoft 365
• upgrade existing subscriptions to Microsoft 365
  • Subscriptions, licenses, and tenants
• monitor license allocations
  • Manage user accounts and licenses

Manage Microsoft 365 subscription and tenant health

• manage service health alerts
  • Service Health and Continuity
• create & manage service requests
  • Contact support for business products
• create internal service health response plan
  • Service Health and Continuity
• monitor service health
  • Service health
• configure and review reports, including BI, OMS, and Microsoft 365 reporting
  • Activity reports and analytics
  • Office 365 management solution in Azure
• schedule and review security and compliance reports
  • View the DLP reports
  • View the data governance reports
  • View Microsoft Defender for Office 365 reports
  • Manage schedules for multiple reports
• schedule and review usage metrics
  • Usage analytics

Plan migration of users and data

• identify data to be migrated and method
  • Migrate to Microsoft 365 – Migrate to SharePoint and OneDrive
• identify users and mailboxes to be migrated and method
  • Migrate email to Microsoft 365
  • Exchange Deployment Assistant
• plan migration of on-prem users and groups
  • Plan for directory synchronization
• import PST Files
  • Overview of importing your organization PST files to Office 365

Manage user identity and roles (35-40%)

Design identity strategy

• evaluate requirements and solution for synchronization
  • Hybrid Identity Design Considerations Overview
  • Install and run the IdFix tool
• evaluate requirements and solution for identity management
  • Understanding Microsoft 365 identity and Azure Active Directory
• evaluate requirements and solution for authentication
  • Determine identity requirements

Plan identity synchronization by using Azure AD Connect

• design directory synchronization
  • Hybrid Identity Design Considerations Overview
• implement directory synchronization with directory services, federation services, and Azure endpoints
  • Managing federation with Azure AD Connect

Manage identity synchronization by using Azure AD Connect

• monitor Azure AD Connect Health
  • Azure AD Connect Health Operations
• manage Azure AD Connect synchronization
  • What is Azure AD Connect Sync?
• configure object filters
  • Configure filtering
• configure password sync
  • What is password hash synchronization?
• implement multi-forest AD Connect scenarios
  • Multiple forests, single Azure AD tenant

Manage Azure AD identities

• plan Azure AD identities
  • What is hybrid identity?
• implement and manage Azure AD self-service password reset
  • Deploy self-service password reset
• manage access reviews
  • Manage user access with access reviews
  • Manage guest access with access reviews
• manage groups
  • Groups and access management
  • Group-based licensing
• manage passwords
  • Reset a user’s password
• manage product licenses
  • Manage user accounts and licenses
• manage users
  • Add or delete a new user
• perform bulk user management
  • Connect to all Microsoft 365 services in a single Windows PowerShell window
  • Overview

Manage user roles

• plan user roles
  • About admin roles
• allocate roles in workloads
  • Assign admin roles
• configure administrative accounts
  • Protect your Microsoft 365 global administrator accounts
• configure RBAC within Azure AD
  • Portal
  • PowerShell
• delegate admin rights
  • Offer delegated administration
  • Delegate Azure AD admin roles
• manage admin roles
  • View and assign roles
• manage role allocations by using Azure AD
  • Assign users to admin roles
• plan security and compliance roles for Microsoft 365
  • Role security planning
  • Least-privileged roles by task

Manage access and authentication (20-25%)

Manage authentication

• design authentication method
  • Azure Active Directory deployment plans
• configure authentication
  • How it works: Azure Multi-Factor Authentication
  • How it works: Azure AD self-service password reset
  • How it works: Azure Multi-Factor Authentication
• implement authentication method
  • Authentication methods
• manage authentication
  • Authentication methods
• monitor authentication
  • Sign-in logs
  • What are Azure AD reports?
  • What is Azure AD monitoring?

Implement Multi-Factor Authentication (MFA)

• design an MFA solution
  • Determine multi-factor auth requirements
• configure MFA for apps or users
  • How modern authentication works for Office 2013 and Office 2016 client apps
  • Modern authentication
• administer MFA users
  • User and device settings
  • Per user MFA
• report MFA utilization
  • MFA Reports

Configure application access

• configure application registration in Azure AD
  • Register an app
• configure Azure AD application proxy
  • Enable Application Proxy
• publish enterprise apps in Azure AD
  • Add a non-gallery app

Implement access for external users of Microsoft 365 workloads

• create guest accounts
  • Add guest users in the portal
  • Add guest users with PowerShell
  • Admins adding B2B users
  • Information workers adding B2B users
• design solutions for external access
  • Understand the B2B user
• manage external collaboration settings
  • Configure external collaboration settings

Plan Office 365 workloads and applications (10-15%)

Plan for Office 365 workload deployment

• identify hybrid requirements
  • Hybrid Modern Authentication and prereqs for Skype for Business Server and Exchange Server
  • How to configure Exchange Server on-premises to use Hybrid Modern Authentication
  • How to configure Skype for Business on-premises to use Hybrid Modern Authentication
  • Removing or disabling Hybrid Modern Authentication from Skype for Business and Exchange
• plan connectivity and data flow for each workload
  • Exchange Hybrid deployment prerequisites
  • Plan hybrid connectivity for Skype for Business
  • Plan SharePoint Server hybrid
• plan for Microsoft 365 workload connectivity
  • Microsoft 365 Network Connectivity Principles
  • Network planning and performance tuning for Office 365
• plan migration strategy for workloads
  • Migrate your content to Microsoft 365
• prepare workloads for new deployments and migrations
  • Migrate to Microsoft Teams
  • Migrate your content to SharePoint, OneDrive, and Teams
  • Migrate multiple email accounts to Microsoft 365

Plan Microsoft 365 Apps deployment

• manage Office software downloads
  • Deploy Microsoft 365 Apps from the cloud
  • Deploy Microsoft 365 Apps from a local source
• plan for Microsoft 365 apps for Enterprise
  • Deploy and manage mobile apps
• plan for Microsoft 365 apps for Enterprise updates
  • Overview of update channels
• plan for Microsoft 365 apps for Enterprise connectivity
  • Assess your environment and requirements
• plan for Office for the web
  • Office Online Service Description
• plan Microsoft 365 apps for Enterprise deployment
  • Deployment guide
  • Overview of the Office Deployment Tool

One of the things you probably noticed on the list is that the exam objectives haven’t been updated yet to reflect some of the name changes such as Microsoft 365 apps for Enterprise instead of Office 365 ProPlus for example. Expect a transition to the updated names over time, but these changes can take a while.