It’s time to revisit MS-500, and the good news is that the objectives have only had some minor changes, so any of your study to date shouldn’t be affected. The biggest change that needs to be discussed is the change in the Microsoft security exam ecosystem and how that could affect you, rather than anything inside of this exam.

If your role is mostly or completely Microsoft 365 focused, with little or no Azure (outside of Azure Active Directory), then you can mostly view the exam ecosystem changes as things you can deal with later. However, you do have a few new exams that might align with what you are more heavily focused on, such as the SC-300 identity exam (it does have some Azure though), and the SC-400 compliance exam, which is currently a pure Microsoft 365 workload focused exam. If you need to pass MS-500 for work requirements, whether they just be internal objectives, or perhaps you work for a Microsoft partner and need this exam for competency requirements, nothing really changes in how you should think about the different Microsoft security exams.

Things start to get more complex with the other new security exams that are on offer, SC-900 for security and compliance fundamentals, and SC-200 for security operations, because they expect knowledge of additional Azure workloads. What you will find is that after you prepare for this exam, and successfully pass it, there are going to be some areas in these new exams you won’t need to do much preparation for, so that when the time comes to take the new exams you will be focused on filling in the items that weren’t covered in this exam.

My final bit of advice here before we get to the exam resources is that this is a very broad exam, and if you are attempting it without having completed exams MS-100, MS-101 and MD-101, it is going to make this exam tougher. Why? Each of those three exams covers something that this exam includes, and it means that by the time you get to this exam after the ones I just mentioned you are mostly doing revision rather than learning lots of new things. Plenty of people do get through this exam without doing the others first, because perhaps that’s all that they want or need for work related purposes, but if you are struggling with the breadth of what this exam includes, it might be worth at least going through the prep material for those exams to fill in some of the fundamentals this exam expects you to know.

Implement and manage identity and access (30-35%)

Secure Microsoft 365 hybrid environments

Secure Identities

Implement authentication methods

Implement conditional access

Implement role-based access control (RBAC)

Implement Azure AD Privileged Identity Management (PIM)

Implement Azure AD Identity Protection

Implement and manage threat protection (20-25%)

Implement an enterprise hybrid threat protection solution

Implement device threat protection

Implement and manage device and application protection

Implement and manage Microsoft Defender for Office 365

Implement Azure Sentinel for Microsoft 365

Implement and manage information protection (15-20%)

Secure data access within Office 365

Manage sensitivity labels

Manage Data Loss Prevention (DLP)

Implement and manage Microsoft Cloud App Security

Manage governance and compliance features in Microsoft 365 (25-30%)

Configure and analyze security reporting

Manage and analyze audit logs and reports

Manage data governance and retention

Manage search and investigation

Manage data privacy regulation compliance

For the latest updates to exam prep guides please check