Preparing for the MS-101 Microsoft 365 Mobility and Security Exam (August 2020 Update)

It’s been over a year and a half since I wrote my original guide for this exam, and that was while it was in beta, so this update is long overdue. Just like with MS-100, the exam objectives haven’t really changed much, but in this exam it means the objectives are, let’s be polite and say a little bit stale in places.

What do I mean by stale? The main area that jumps out at me are some of the client related areas. it still refers to Windows Defender Advanced Threat Protection, which was renamed over a year ago. The other area is with Windows 10 and Upgrade Analyzer, which is also something that has been phased out. MS-500 however, has been updated to reflect the name change from WDATP to MDATP, but I think that’s probably more of a sign that the MS-500 exam gets a bit more attention due to it being a standalone exam that also gets you a certification.

These are fairly minor issues to call out though, and I could nitpick over some of the others, but they don’t really change what you need to know for the exam to the point where the inaccuracies would cause you to fail the exam. The reality is that over the last year and a half since the exam was released there are many more people familiar with many of these technologies, so you may not have as steep a learning learning curve for this exam today.

One of the things that also stands is that Conditional Access policies are lumped in under device management rather than being AAD associated, which is a bit of a dated view, but again, it shouldn’t cause problems in the exam. I’m sure you might notice a few other things in here that you would like more clarity on, such as whether or not protection.office.com is what you should know how to navigate versus security.microsoft.com and compliance.microsoft.com, but again at this stage it shouldn’t really have an impact on your results.

Implement Modern Device Services (30-35%)

• Implement Mobile Device Management (MDM)
  • Plan for MDM
    • Planning guide
  • Configure MDM integration with Azure AD
    • What is device management in Azure AD?
    • Set up automatic enrollment
  • Set an MDM authority
    • Set the MDM authority
  • Set device enrollment limit for users
    • Restrictions
• Manage device compliance
  • Plan for device Compliance
    • Create a device compliance policy
  • Design Conditional Access Policies
    • Common ways to use conditional access
  • Create Conditional Access Policies
    • Device-based Conditional Access policy
    • App-based Conditional Access
  • Configure device compliance policy
    • Get started with device compliance policies in Intune
  • Manage Conditional Access Policies
    • Reassign Conditional Access policies from Intune classic portal
• Plan for devices and apps
  • Create and configure Microsoft Store for Business
    • Microsoft Store for Business and Microsoft Store for Education overview
  • Plan app deployment
    • Distribute apps with a management tool
    • Distribute apps using your private store
    • Assign apps to employees
  • Plan device co-management
    • What is co-management?
  • Plan device monitoring
    • Intune reports
  • Plan for device profiles
    • Assign profiles
  • Plan for Mobile Application Management
    • Compare MDM and MAM
  • Plan mobile device security
    • Protect device data
• Plan Windows 10 deployment
  • Plan for Windows as a Service (WaaS)
    • Overview of Windows as a service
  • Plan the appropriate Windows 10 Enterprise deployment method
    • Windows 10 deployment considerations
  • Analyze upgrade readiness for Windows 10
    • Get started with Upgrade Readiness
  • Evaluate and deploy additional Windows 10 Enterprise security features
    • Windows 10 Enterprise Security

Implement Microsoft 365 Security and Threat Management (30-35%)

• Implement Cloud App Security (CAS)
  • Configure Cloud App Security (CAS)
    • Basic set up
  • Configure Cloud App Security (CAS) policies
    • Control cloud apps with policies
  • Configure Connected apps
    • Connect apps
  • Design cloud app security (CAS) Solution
    • Compare MCAS and OCAS
  • Manage Cloud App Security (CAS) alerts
    • Manage alerts
  • Upload cloud app security (CAS) traffic logs
    • Configure automatic log upload for continuous reports
• Implement threat management
  • Plan a threat management solution
    • Protect against threats
  • Design Azure Advanced Threat Protection (ATP) Policies
    • Create your Azure ATP instance
  • Design Microsoft 365 ATP Policies
    • Turn on Microsoft Threat Protection
  • Configure Azure ATP
    • Configure the Azure ATP sensor
  • Configure Microsoft 365 ATP Policies
    • Overview
  • Monitor Advanced Threat Analytics (ATA) incidents
    • ATA reports
• Implement Windows Defender Advanced Threat Protection (ATP)
  • Plan Windows Defender ATP Solution
    • Get started
  • Configure preferences
    • Configure and manage capabilities
    • Configure conditional access
    • Configure Microsoft Cloud App Security integration
  • Implement Windows Defender ATP Policies
    • Microsoft Defender ATP
  • Enable and configure security features of Windows 10 Enterprise
    • Configure attack surface reduction
    • Configure next generation protection
• Manage security reports and alerts
  • Manage service assurance dashboard
    • Service assurance in the Office 365 Security & Compliance Center
  • Manage tracing and reporting on Azure AD Identity Protection
    • What is Azure AD Identity Protection?
  • Configure and manage Microsoft 365 security alerts
    • Alerts in the Office 365 Security Compliance Center
  • Configure and manage Azure Identity Protection dashboard and alerts
    • Close active risk events

Manage Microsoft 365 Governance and Compliance (35-40%)

• Configure Data Loss Prevention (DLP)
  • Configure DLP Policies
    • Get started with DLP policy recommendations
  • Design data retention policies in Microsoft 365
    • Retention policies
  • Manage DLP exceptions
    • Create, test, and tune a DLP policy
  • Monitor DLP policy matches
    • View the DLP reports
  • Manage DLP policy matches
    • What the DLP functions look for
• Implement Azure Information Protection (AIP)
  • Plan AIP solution
    • Plan & Design
  • Plan for deployment On-Prem rights management Connector
    • Deploying the RMS connector
  • Plan for Windows information Protection (WIP) implementation
    • Get ready for WIP app protection policies
  • Plan for classification labeling
    • Quickstart: Configure a label for users to easily protect emails that contain sensitive information
  • Configure Information Rights Management (IRM) for Workloads
    • How applications support Azure Rights Management protection
  • Configure Super User
    • Configuring super users for discovery services or data recovery
  • Deploy AIP Clients
    • Azure Information Protection client
  • Implement Azure Information Protection policies
    • Configuring the Azure Information Protection policy
  • Implement AIP tenant key
    • Planning and implementing your tenant key
• Manage data governance
  • Configure information retention
    • Retention policies
  • Plan for Microsoft 365 backup
    • Back up data before switching plans
  • Plan for restoring deleted content
    • Restore items in the Recycle Bin of a SharePoint site
    • Restore deleted items from the Site collection recycle bin 
    • Manage inactive mailboxes
  • Plan information Retention Policies
    • Retention policies
• Manage auditing
  • Configure audit log retention
    • Turn audit log search on or off
  • Configure audit policy
    • Configure your Microsoft 365 tenant for increased security
    • Enable mailbox auditing
  • Monitor Unified Audit Logs
    • Search the audit log in the Office 365 Security & Compliance Center
• Manage eDiscovery
  • Search content by using Security and Compliance Center
    • Use Content Search
  • Plan for in-place and legal hold
    • In-Place and Litigation Holds
    • Retention policies and labels
  • Configure eDiscovery and create cases
    • Create and manage eDiscovery cases
    • Assign eDiscovery permissions