It’s been over a year and a half since I wrote my original guide for this exam, and that was while it was in beta, so this update is long overdue. Just like with MS-100, the exam objectives haven’t really changed much, but in this exam it means the objectives are, let’s be polite and say a little bit stale in places.

What do I mean by stale? The main area that jumps out at me are some of the client related areas. it still refers to Windows Defender Advanced Threat Protection, which was renamed over a year ago. The other area is with Windows 10 and Upgrade Analyzer, which is also something that has been phased out. MS-500 however, has been updated to reflect the name change from WDATP to MDATP, but I think that’s probably more of a sign that the MS-500 exam gets a bit more attention due to it being a standalone exam that also gets you a certification.

These are fairly minor issues to call out though, and I could nitpick over some of the others, but they don’t really change what you need to know for the exam to the point where the inaccuracies would cause you to fail the exam. The reality is that over the last year and a half since the exam was released there are many more people familiar with many of these technologies, so you may not have as steep a learning learning curve for this exam today.

One of the things that also stands is that Conditional Access policies are lumped in under device management rather than being AAD associated, which is a bit of a dated view, but again, it shouldn’t cause problems in the exam. I’m sure you might notice a few other things in here that you would like more clarity on, such as whether or not protection.office.com is what you should know how to navigate versus security.microsoft.com and compliance.microsoft.com, but again at this stage it shouldn’t really have an impact on your results.

Implement Modern Device Services (30-35%)

Implement Microsoft 365 Security and Threat Management (30-35%)

Manage Microsoft 365 Governance and Compliance (35-40%)