Preparing for the MS-100 Microsoft 365 Identity and Services Exam (February 2021 Update)

This month MS-100, MS-101 are both being updated, and MS-500 has just been updated. As I view these as a series of exams that you should have traditionally started with MS-100 before proceeding to the others, it makes sense to update this guide first. Why MS-100 first? It’s the gaps that preparation for this is exam are going to start to fill that are very closely related, if not identical to topics that you will see in MS-101 and MS-500.

Now, I know that many people chase MS-500 first because it’s a single exam that gives you a certification – Microsoft 365 Certified: Security Administrator Associate, but something I’ve seen happen way too many times is people failing this exam on topics that the other two exams would have more than prepared them for. However, with this update the MS-100 has really expanded the areas it can test you on, with much more of an emphasis on the Office 365 workloads and less overall on the pure Azure Active Directory side, and this is even reflected in the weightings.

So, what’s my current recommendation? If you have a good Office 365 and AAD base, start with this exam, and then MS-101 will start pulling in more Microsoft 365 security and compliance topics, and then MS-500 is going to be a natural third exam in this series. However, if you are already mostly focused on just the security and compliance capabilities of the workloads, without too much care or focus on the workloads themselves, then maybe MS-500 might be an easier first exam for you.

For the latest updates to exam prep guides please check https://intunedin.net/exams

Design and implement Microsoft 365 services (25-30%)

Plan Architecture

• plan integration of Microsoft 365 and on-premises environments
  • Prepare your organization’s network for Teams
  • Office 365 URLs and IP address ranges
• identify deployment workloads team
  • Deployment planning checklist for Microsoft 365
• plan an identity and authentication solution
  • Assign users to admin roles
  • Hybrid identity documentation
  • Authentication methods
  • Understanding Microsoft 365 identity and Azure Active Directory
• plan enterprise application modernization
  • Authentication methods

Deploy a Microsoft 365 tenant

• manage domains
  • Add domain
  • Can I pilot Microsoft 365 with just a few email addresses from my custom domain?
  • Domains FAQ
  • DNS basics
  • Can I add custom subdomains or multiple domains to Microsoft 365?
  • How do I change the default domain in Microsoft 365?
• configure organizational settings
  • Customize your organization theme
  • Customize Sign-in page
• complete the organizational profile
  • Change your organization’s address, technical contact, and more
• add a Microsoft partner or work with Microsoft FastTrack
  • Add, change, or delete a subscription advisor partner
• complete the subscription setup wizard
  • Try or buy Microsoft 365
• plan and create a tenant
  • Plan your setup
• edit an organizational profile
  • Change your organization’s address, technical contact, and more
• plan and create subscription(s)
  • Subscriptions, licenses, and tenants
• configure tenant-wide workload settings
  • About the Microsoft 365 admin center

Manage Microsoft 365 subscription and tenant health

• manage service health alerts
  • Service Health and Continuity
• create & manage service requests
  • Contact support for business products
• create internal service health response plan
  • Service Health and Continuity
• monitor service health
  • Service health
• monitor license allocations
  • Manage user accounts and licenses
• configure and review reports, including BI, Operations Management Suite (OMS), and Microsoft 365 reporting
  • Activity reports and analytics
  • Plan an Azure Active Directory reporting and monitoring deployment
  • Connect Office 365 Logs to Azure Sentinel
• schedule and review security and compliance reports
  • View the DLP reports
  • View the data governance reports
  • View Microsoft Defender for Office 365 reports
  • Manage schedules for multiple reports
• schedule and review usage metrics
  • Usage analytics

Plan migration of users and data

• identify data to be migrated and migration methods
  • Migrate to Microsoft 365 – Migrate to SharePoint and OneDrive
• identify users and mailboxes to be migrated and migration methods
  • Migrate email to Microsoft 365
  • Exchange Deployment Assistant
• plan migration of on-premises users and groups
  • Plan for directory synchronization
• import PST Files
  • Overview of importing your organization PST files to Office 365

Manage user identity and roles (25-30%)

Design identity strategy

• evaluate requirements and solutions for synchronization
  • Hybrid Identity Design Considerations Overview
  • Install and run the IdFix tool
• evaluate requirements and solutions for identity management
  • Understanding Microsoft 365 identity and Azure Active Directory
• evaluate requirements and solutions for authentication
  • Determine identity requirements

Plan identity synchronization

• design directory synchronization
  • Hybrid Identity Design Considerations Overview
• implement directory synchronization with directory services, federation services, and Azure endpoints by using Azure AD Connect
  • Managing federation with Azure AD Connect

Manage identity synchronization with Azure Active Directory (Azure AD)

• configure directory synchronization by using Azure AD Connect
  • Set up directory synchronization for Microsoft 365
• monitor Azure AD Connect Health
  • Azure AD Connect Health Operations
• manage Azure AD Connect synchronization
  • What is Azure AD Connect Sync?
• configure object filters
  • Configure filtering
• configure password synchronization
  • What is password hash synchronization?
• implement multi-forest AD Connect scenarios
  • Multiple forests, single Azure AD tenant

Manage Azure AD identities

• plan Azure AD identities
  • What is hybrid identity?
• implement and manage self-service password reset (SSPR)
  • Deploy self-service password reset
• manage access reviews
  • Manage user access with access reviews
  • Manage guest access with access reviews
• manage groups
  • Groups and access management
  • Group-based licensing
• manage passwords
  • Reset a user’s password
• manage product licenses
  • Manage user accounts and licenses
• manage users
  • Add or delete a new user
• perform bulk user management
  • Connect to all Microsoft 365 services in a single Windows PowerShell window
  • Overview

Manage roles

• plan user roles
  • About admin roles
• manage admin roles
  • View and assign roles
  • Protect your Microsoft 365 global administrator accounts
  • Offer delegated administration
  • Delegate Azure AD admin roles
• allocate roles for workloads
  • Assign admin roles
  • Role security planning
  • Least-privileged roles by task
• manage role allocations by using Azure AD
  • Assign users to admin roles
  • Portal
  • PowerShell

Manage access and authentication (15-20%)

Manage authentication

• design an authentication method
  • Azure Active Directory deployment plans
  • Determine multi-factor auth requirements
• configure authentication
  • How it works: Azure Multi-Factor Authentication
  • How it works: Azure AD self-service password reset
  • How it works: Azure Multi-Factor Authentication
• implement an authentication method
  • Authentication methods
• manage authentication
  • Authentication methods
• monitor authentication
  • Sign-in logs
  • What are Azure AD reports?
  • What is Azure AD monitoring?

Plan and implement secure access

• design a conditional access solution
  • Common ways to use conditional access
• implement entitlement packages
  • What is Azure AD entitlement management?
• implement Azure AD Identity Protection
  • Configure the user risk policy
  • Configure the sign-in risk policy
• manage identity protection
  • Simulate risk events
• implement conditional access
  • Create and assign conditional access policy
• manage conditional access
  • Create a device compliance policy
  • Monitor conditional access
• implement and secure access for guest and external users
  • Add guest users to your directory in the Azure portal
  • Add a guest user with PowerShell
  • Manage access to Azure resources for external guest users using RBAC

Configure application access

• configure application registration in Azure AD
  • Register an app
• configure Azure AD application proxy
  • Enable Application Proxy
• publish enterprise apps in Azure AD
  • Add a non-gallery app

Plan Office 365 workloads and applications (25-30%)

Plan for Microsoft 365 Apps deployment

• plan for Microsoft connectivity
  • Assess your environment and requirements
• manage Microsoft 365 Apps
  • Deployment guide
• plan for Office online
  • Office Online Service Description
• assess readiness using Microsoft analytics
  • About usage analytics
• plan Microsoft 365 App compatibility
  • App compatability & readiness assessment tools
• manage Office software downloads
  • Deploy Microsoft 365 Apps from the cloud
  • Deploy Microsoft 365 Apps from a local source
  • Overview of the Office Deployment Tool
• plan for Microsoft 365 apps updates
  • Overview of update channels

Plan for messaging deployments

• plan migration strategy
  • Migrate your content to Microsoft 365
  • Migrate multiple email accounts to Microsoft 365
• plan messaging deployment
  • How to configure Exchange Server on-premises to use Hybrid Modern Authentication
• identify hybrid requirements
  • Exchange Hybrid deployment prerequisites
• plan for connectivity
  • Microsoft 365 Network Connectivity Principles
  • Network planning and performance tuning for Office 365
• plan for mail routing
  • Transport routing in Exchange hybrid deployments
  • Mail flow best practices
• plan email domains
  • Manage accepted domains

Plan for Microsoft SharePoint Online and OneDrive for Business

• plan migration strategy
  • Migrate your content to Microsoft 365
  • Migrate your content to SharePoint, OneDrive, and Teams
• plan external share settings
  • Add guest users in the portal
  • Add guest users with PowerShell
  • Admins adding B2B users
  • Information workers adding B2B users
  • Configure external collaboration settings
• identify hybrid requirements
  • Plan SharePoint Server hybrid
• manage access configurations
  • Permissions and sharing
• manage Microsoft groups
  • Overview of Microsoft 365 Groups for administrators
• manage SharePoint tenant and site settings
  • Manage sites in the new SharePoint admin center

Plan for Microsoft Teams infrastructure

• plan for communication and call quality and capacity
  • Monitor and improve call quality for Microsoft Teams
  • Set up Call Quality Dashboard (CQD)
  • Microsoft 365 Network Connectivity Principles
  • Network planning and performance tuning for Microsoft 365
• plan for Phone System
  • Understand calling in Microsoft Teams
  • What is Phone System?
• plan Microsoft Teams deployment
  • Migrate to Microsoft Teams
  • Migrate your content to Microsoft 365
• plan Microsoft Teams organizational settings
  • Manage Microsoft Teams settings for your organization
• plan for guest and external access
  • Manage External Access in Microsoft Teams
• plan for Microsoft Teams hybrid connectivity and co-existence
  • Migration and interoperability guidance for organizations using Teams together with Skype for Business
  • Understand Microsoft Teams and Skype for Business coexistence and interoperability

Plan Microsoft Power Platform integration

• implement Microsoft Power Platform Center of Excellence (CoE) starter kit
  • Center of Excellence (CoE) overview
• plan for Power Platform workload deployments
  • Power Apps enterprise deployment whitepaper
• plan resource deployment
  • Plan for deployment and administration
• plan for connectivity (and data flow)
  • Create and use dataflows in Microsoft Power Platform
• manage environments
  • Working with the admin portals
• manage resources
  • Resource overview

For the latest updates to exam prep guides please check https://intunedin.net/exams