
It’s been over a year and a half since I wrote my original guide for this exam, and that was while it was in beta, so this update is long overdue. Just like with MS-100, the exam objectives haven’t really changed much, but in this exam it means the objectives are, let’s be polite and say a little bit stale in places.
What do I mean by stale? The main area that jumps out at me are some of the client related areas. it still refers to Windows Defender Advanced Threat Protection, which was renamed over a year ago. The other area is with Windows 10 and Upgrade Analyzer, which is also something that has been phased out. MS-500 however, has been updated to reflect the name change from WDATP to MDATP, but I think that’s probably more of a sign that the MS-500 exam gets a bit more attention due to it being a standalone exam that also gets you a certification.
These are fairly minor issues to call out though, and I could nitpick over some of the others, but they don’t really change what you need to know for the exam to the point where the inaccuracies would cause you to fail the exam. The reality is that over the last year and a half since the exam was released there are many more people familiar with many of these technologies, so you may not have as steep a learning learning curve for this exam today.
One of the things that also stands is that Conditional Access policies are lumped in under device management rather than being AAD associated, which is a bit of a dated view, but again, it shouldn’t cause problems in the exam. I’m sure you might notice a few other things in here that you would like more clarity on, such as whether or not protection.office.com is what you should know how to navigate versus security.microsoft.com and compliance.microsoft.com, but again at this stage it shouldn’t really have an impact on your results.
For the latest updates to exam prep guides please check https://intunedin.net/exams
Implement Modern Device Services (40-45%)
Plan device management
- plan device monitoring
- plan Microsoft Endpoint Manager implementation and integration with Azure AD
- plan for configuration profiles
Manage device compliance
- plan for device compliance
- plan for attack surface reduction
- configure security baselines
- configure device compliance policy
- plan and configure conditional access policies
Plan for apps
- create and configure Microsoft Store for Business
- plan app deployment
- plan for mobile application management (MAM)
Plan Windows 10 deployment
- plan for Windows as a Service (WaaS)
- plan for managing Windows quality and feature updates
- plan Windows 10 Enterprise deployment methods
- analyze upgrade readiness for Windows 10 by using services such as Desktop Analytics
- evaluate and deploy additional Windows 10 Enterprise security features
Enroll devices
- plan for device join to Azure Active Directory (Azure AD)
- plan for manual and automated device enrollment
- enable device enrollment
Implement Microsoft 365 Security and Threat Management (20-25%)
Manage security reports and alerts
- evaluate and manage Microsoft Office 365 tenant security by using Secure Score
- manage incident investigation
- review and manage Microsoft 365 security alerts
Plan and implement threat protection with Microsoft Defender
- plan Microsoft Defender for Endpoint
- design Microsoft Defender for Office 365 policies
- implement Microsoft Defender for Identity
Plan Microsoft Cloud App Security
- plan information protection by using Cloud App Security
- plan policies to manage access to cloud apps
- plan for application connectors
- configure Cloud App Security policies
- review and respond to Cloud App Security alerts
- monitor for unauthorized cloud applications
Manage Microsoft 365 Governance and Compliance (35-40%)
Plan for compliance requirements
- plan compliance solutions
- assess compliance
- plan for legislative and regional or industry requirements and drive implementation
Manage information governance
- plan data classification
- plan for classification labeling
- plan for restoring deleted content
- implement records management
- design data retention labels and policies in Microsoft 365
Implement Information protection
- plan an information protection solution
- plan and implement sensitivity labels and policies
- monitor label alerts and analytics
- deploy Azure Information Protection unified labels clients
- configure Information Rights Management (IRM) for workloads
- plan for Windows information Protection (WIP) implementation
Plan and implement data loss prevention (DLP)
- plan for DLP
- configure DLP policies
- monitor DLP
Manage search and investigation
- plan for auditing
- plan for eDiscovery
- implement insider risk management
- design a Content Search solution
For the latest updates to exam prep guides please check https://intunedin.net/exams