The skills required for MS-500 gets a minor update today, so let’s focus on what’s new. Most of the changes are really just naming updates, good news for those of you who have already been preparing. There’s also some other minor corrections, but there aren’t any topics that have been added or removed.

This is a very broad exam, and if you are attempting it without having completed exams MS-100, MS-101 and MD-101, it is going to make this exam tougher. Why? Each of those three exams covers something that this exam includes, and it means that by the time you get to this exam after the ones I just mentioned you are mostly doing revision rather than learning lots of new things.

There are also other exams in the Security and Compliance (SC-900, SC-200, SC-300 and SC-400) family now that focus more on particular areas of this exam as well. Even if you aren’t planning on doing other exams prior to these, make sure you take a look at the preparation guides for these exams as they might provide additional content related to the topics you might be struggling with.

Plenty of people do get through this exam without doing the others first, because perhaps that’s all that they want or need for work related purposes, but if you are struggling with the breadth of what this exam includes, it might be worth at least going through the prep material for those exams to fill in some of the fundamentals this exam expects you to know.

Implement and manage identity and access (35-40%)

Secure Microsoft 365 hybrid environments

Secure Identities

Implement authentication methods

Implement conditional access

Implement roles and role groups

Configure and manage identity governance

Implement Azure AD Identity Protection

Implement and manage threat protection (25-30%)

Implement an enterprise hybrid threat protection solution

Implement device threat protection

Implement and manage device and application protection

Implement and manage Microsoft Defender for Office 365

Monitor Microsoft 365 Security with Microsoft Sentinel

Implement and manage Microsoft Defender for Cloud Apps

Implement and manage information protection (10-15%)

Manage sensitive information

Manage Data Loss Prevention (DLP)

Manage data governance and retention

Manage governance and compliance features in Microsoft 365 (20-25%)

Configure and analyze security reporting

Manage and analyze audit logs and reports

Discover and respond to compliance queries in Microsoft 365

Manage regulatory compliance

Manage insider risk solutions in Microsoft 365