It’s time to revisit MS-500, and the good news is that there has only been a minor changes so any of your study to date shouldn’t be affected. The change is to align with the existing recommendation of using Conditional Access to drive user registration for MFA, but now it’s specifically called out.

My final bit of advice here before we get to the exam resources is that this is a very broad exam, and if you are attempting it without having completed exams MS-100, MS-101 and MD-101, it is going to make this exam tougher. Why? Each of those three exams covers something that this exam includes, and it means that by the time you get to this exam after the ones I just mentioned you are mostly doing revision rather than learning lots of new things. Plenty of people do get through this exam without doing the others first, because perhaps that’s all that they want or need for work related purposes, but if you are struggling with the breadth of what this exam includes, it might be worth at least going through the prep material for those exams to fill in some of the fundamentals this exam expects you to know.

Implement and manage identity and access (30-35%)

Secure Microsoft 365 hybrid environments

• plan Azure AD authentication options
  • Azure Active Directory deployment plans
  • Determine identity requirements
• plan Azure AD synchronization options
  • Hybrid Identity Design Considerations Overview
• monitor and troubleshoot Azure AD Connect events
  • Azure AD Connect Health Operations

Secure Identities

• implement Azure AD membership
  • Create a dynamic group
• implement password management
  • Deploy self-service password reset
• configure and manage identity governance
  • Manage user access with access reviews

Implement authentication methods

• plan sign-on security
  • Determine multi-factor auth requirements
• implement multi-factor authentication (MFA) by using conditional access policy
  • Conditional Access – Require MFA for all users
  • How it works: Azure Multi-Factor Authentication
• manage and monitor MFA
  • MFA Reports
• plan and implement device authentication methods like Windows Hello
  • User and device settings
• configure and manage Azure AD user authentication options and self-service password management
  • Authentication methods
  • What are Azure AD reports?
  • How it works: Azure AD self-service password reset

Implement conditional access

• plan for compliance and conditional access policies
  • Common ways to use conditional access
• configure and manage device compliance for endpoint security
  • Create a device compliance policy
• implement and manage conditional access
  • Create and assign conditional access policy
  • Monitor conditional access

Implement role-based access control (RBAC)

• plan for roles
  • What is RBAC?
• configure roles
  • Portal
  • PowerShell
• audit roles
  • View activity logs

Implement Azure AD Privileged Identity Management (PIM)

• plan for Azure PIM
  • What is Azure PIM?
• assign eligibility and activate admin roles
  • Start using PIM
• manage Azure PIM role requests and assignments
  • Assign roles
• monitor PIM history and alerts
  • View audit history

Implement Azure AD Identity Protection

• implement user risk policy
  • Configure the user risk policy
• implement sign-in risk policy
  • Configure the sign-in risk policy
• configure Identity Protection alerts
  • Close active risk events
• review and respond to risk events
  • Simulate risk events

Implement and manage threat protection (20-25%)

Implement an enterprise hybrid threat protection solution

• plan an Microsoft Defender for Identity solution
  • Create your Microsoft Defender for Identity instance
• install and configure Microsoft Defender for Identity
  • Configure the Microsoft Defender for Identity sensor
  • Integrate with Microsoft Defender for Identity
• monitor and manage Microsoft Defender for Identity
  • Work with Microsoft Defender for Identity health center
  • Reports
  • Monitored activities
  • Understanding security alerts

Implement device threat protection

• plan a Microsoft Defender for Endpoint solution
  • Get started
• implement Microsoft Defender for Endpoint
  • Configure and manage capabilities
• manage and monitor Microsoft Defender for Endpoint
  • Enable and configure always-on protection and monitoring

Implement and manage device and application protection

• plan for device and application protection
  • Windows 10
• configure and manage Windows Defender Application Guard
  • Windows Defender Application Guard
• configure and manage Windows Defender Application Control
  • Windows Defender Application Control design guide
• configure and manage exploit protection
  • Enable exploit protection
• configure Secure Boot
  • Secure the Windows 10 boot process
• configure and manage Windows device encryption
  • BitLocker
• configure and manage non-Windows device encryption
  • Use app protection policies
• plan for securing applications data on devices
  • Determine requirements
  • Prevent data leaks on non-managed devices
• implement application protection policies
  • Protect your enterprise data using Windows Information Protection (WIP)
  • Configure Windows Information Protection settings
  • Create app protection policies

Implement and manage Microsoft Defender for Office 365

• configure Microsoft Defender for Office 365
  • Set up anti-phishing and Microsoft Defender for Office 365 anti-phishing policies
  • Set up Microsoft Defender for Office 365 Safe Attachments policies
  • Set up Microsoft Defender for Office 365 Safe Links policies
• monitor Microsoft Defender for Office 365
  • View and read your Microsoft Defender for Office 365 reports
• conduct simulated attacks using Attack Simulator
  • Attack Simulator in Microsoft Defender for Office 365

Implement Azure Sentinel for Microsoft 365

• plan and implement Azure Sentinel
  • Onboard Azure Sentinel
• configure playbooks in Azure Sentinel
  • Respond to threats
• manage and monitor Azure Sentinel
  • Monitor your data
• respond to threats in Azure Sentinel
  • Respond to threats

Implement and manage information protection (15-20%)

Secure data access within Office 365

• implement and manage Customer Lockbox
  • Customer Lockbox Requests
• configure data access in Office 365 collaboration workloads
  • Protect access to data and services in Office 365
• configure B2B sharing for external users
  • B2B and Office 365 external sharing

Manage sensitivity labels

• plan an sensitivity labels solution
  • Plan & Design
• configure Sensitivity labels and policies
  • Create and publish sensitivity labels
• configure sensitivity labels and policies
  • Get started with sensitivity labels
  • Create and publish sensitivity labels
• configure and use label analytics
  • Using Azure Information Protection reports
• use sensitivity labels with Teams, SharePoint, OneDrive and Office apps
  • Use sensitivity labels with teams, groups, and sites
  • Manage sensitivity labels in Office apps

Manage Data Loss Prevention (DLP)

• plan a DLP solution
  • Plan & Design
• create and manage DLP policies
  • Create, test, and tune a DLP policy
• create and manage sensitive information types
  • Quickstart: Configure a label for users to easily protect emails that contain sensitive information
• monitor DLP reports
  • View the DLP reports
• manage DLP notifications
  • What the DLP functions look for

Implement and manage Microsoft Cloud App Security

• plan Cloud App Security implementation
  • Compare MCAS and OCAS
• configure Microsoft Cloud App Security
  • Basic set up
• manage cloud app discovery
  • Create app discovery reports using Office 365 Cloud App Security
• manage entries in the Cloud app catalog
  • Add custom apps to Cloud Discovery
• manage apps in Cloud App Security
  • Connect apps
• manage Microsoft Cloud App Security
  • Control cloud apps with policies
• configure Cloud App Security connectors and Oauth apps
  • Azure Information Protection integration
  • SIEM integration
  • External DLP integration
  • Integrate with PowerAutomate
  • API tokens
• configure Cloud App Security policies and templates
  • Policy template reference
  • Control cloud apps with policies
• review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs
  • Manage alerts
  • Generate data management reports
  • Activity filters and queries

Manage governance and compliance features in Microsoft 365 (25-30%)

Configure and analyze security reporting

• monitor and manage device security status using Microsoft Endpoint Manager Admin Center
  • Manage devices with endpoint security in Microsoft Intune
• manage and monitor security reports and dashboards using Microsoft 365 Security Center
  • Security Dashboard overview
• plan for custom security reporting with Graph Security API
  • Use the Microsoft Graph Security API
• use secure score dashboards to review actions and recommendations
  • Secure Score overview
• configure alert policies
  • Alert policies

Manage and analyze audit logs and reports

• plan for auditing and reporting
  • Auditing and Reporting
• perform audit log search
  • Search the audit log in Security & Compliance Center
• review and interpret compliance reports and dashboards
  • Reports in the Security & Compliance Center
• configure audit alert policy
  • Default alert policies

Manage data governance and retention

• plan for data governance and retention
  • Retention policies
• review and interpret data governance reports and dashboards
  • View the data governance reports
• configure retention policies
  • Retention policies
• define data governance event types
  • View label activity for documents
• define and manage communication compliance policies
  • Communication compliance in Microsoft 365
  • Configure supervision policies for your organization
  • Information barriers
• configure Information holds
  • In-Place and Litigation Holds
• find and recover deleted Office 365 data
  • Delete or restore user mailboxes in Exchange Online
  • Restore a deleted Office 365 Group‘
  • Restore a deleted OneDrive
• configure data archiving
  • Archiving third-party data in Office 365
  • Overview of unlimited archiving
• manage inactive mailboxes
  • Manage inactive mailboxes

Manage search and investigation

• plan for content search and eDiscovery
  • Manage legal investigations
• search for personal data
  • Search for and find personal data
• monitor for leaks of personal data
  • Customize or create new sensitive information types for GDPR
• delegate permissions to use search and discovery tools
  • Assign eDiscovery permissions
• use search and investigation tools to perform content searches
  • Create and manage eDiscovery cases
• export content search results
  • Export Content Search results 
• manage eDiscovery cases
  • Search for content in a case

Manage data privacy regulation compliance

• plan for regulatory compliance in Microsoft 365
  • Recommended action plan for GDPR
• review and interpret GDPR dashboards and reports
  • Office 365 Data Subject Requests for the GDPR and CCPA
• manage Data Subject Requests (DSRs)
  • Office 365 Data Service Requests
• administer Compliance Manager in Microsoft 365 compliance center
  • Get started with Compliance Manager
• review Compliance Manager reports
  • Build and manage assessments
• create and perform Compliance Manager assessments and action items
  • Assign and complete improvement actions

For the latest updates to exam prep guides please check https://intunedin.net/exams