The exam description for MS-101 has just been refreshed again, and this time it’s really more of maintenance update rather than anything drastic. The structure of the objectives, especially in the Implement Modern Device Services section has had a bit of an overhaul, but the overall topic areas haven’t changed all that much once you map the old against the new. What’s worth covering though is where does this exam complement or compete with the new Security and Compliance exams.
The first thing to note here is that this exam is a mobility and security exam, so it’s going to be covering items related to MDM and Windows that the new exams don’t cover. However, once you move past this difference, there are many topics that overlap with the SC-x00 series exams, but that doesn’t mean that preparing for this exam will completely prepare you for those exams.
Some of those exams do have an Azure component, or in the case of the SC-200 Security Operations exam have a very heavy Azure focus due to Azure Defender and Azure Sentinel making up a large portion of the exam. There is similar overlap with this exam and MS-500, so it could be a good exam to take after this one if you were planning out what’s next.
Implement Modern Device Services (40-45%)
Plan device management
- plan device monitoring
- plan Microsoft Endpoint Manager implementation and integration with Azure AD
- plan for configuration profiles
Manage device compliance
- plan for device compliance
- plan for attack surface reduction
- configure security baselines
- configure device compliance policy
- plan and configure conditional access policies
Plan for apps
- create and configure Microsoft Store for Business
- plan app deployment
- plan for mobile application management (MAM)
Plan Windows 10 deployment
- plan for Windows as a Service (WaaS)
- plan for managing Windows quality and feature updates
- plan Windows 10 Enterprise deployment methods
- analyze upgrade readiness for Windows 10 by using services such as Desktop Analytics
- evaluate and deploy additional Windows 10 Enterprise security features
Enroll devices
- plan for device join to Azure Active Directory (Azure AD)
- plan for manual and automated device enrollment
- enable device enrollment
Implement Microsoft 365 Security and Threat Management (20-25%)
Manage security reports and alerts
- evaluate and manage Microsoft Office 365 tenant security by using Secure Score
- manage incident investigation
- review and manage Microsoft 365 security alerts
Plan and implement threat protection with Microsoft Defender
- plan Microsoft Defender for Endpoint
- design Microsoft Defender for Office 365 policies
- implement Microsoft Defender for Identity
Plan Microsoft Cloud App Security
- plan information protection by using Cloud App Security
- plan policies to manage access to cloud apps
- plan for application connectors
- configure Cloud App Security policies
- review and respond to Cloud App Security alerts
- monitor for unauthorized cloud applications
Manage Microsoft 365 Governance and Compliance (35-40%)
Plan for compliance requirements
- plan compliance solutions
- assess compliance
- plan for legislative and regional or industry requirements and drive implementation
Manage information governance
- plan data classification
- plan for classification labeling
- plan for restoring deleted content
- implement records management
- design data retention labels and policies in Microsoft 365
Implement Information protection
- plan an information protection solution
- plan and implement sensitivity labels and policies
- monitor label alerts and analytics
- deploy Azure Information Protection unified labels clients
- configure Information Rights Management (IRM) for workloads
- plan for Windows information Protection (WIP) implementation
Plan and implement data loss prevention (DLP)
- plan for DLP
- configure DLP policies
- monitor DLP
Manage search and investigation
- plan for auditing
- plan for eDiscovery
- implement insider risk management
- design a Content Search solution
intunedin.net 