The exam description for MS-101 recently had a minor update, with no real changes to the exam topics, instead it’s a fit and finish update fixing some minor errors and introducing Microsoft Entra branding into the audience profile. It received a major update recently though, so let’s take a look at those changes.

What was added in the previous update? The Intune/Endpoint Manager topics now include App Configuration Policies and Windows subscription based activation. App Configuration Policies assist with the initial configuration of apps on mobile devices, so it’s easy to understand why it’s now included. What about Windows subscription based activation? This is mostly going to be used for Windows 10/11 Pro to Windows 10/11 Enterprise, so it’s inclusion makes sense with the additional security capabilities being added. Desktop Analytics has been removed from the exam description, as it’s being retired in November 2022.

Up next there’s been a major overhaul of the Microsoft 365 Defender topics. The biggest one is the removal of Microsoft Defender for Identity, which makes sense to me because for anyone who works in a cloud only environment without traditional Active Directory exposure this was something that pushed them into understanding what to them might be viewed as legacy technologies. Defender for Endpoint, Defender for Office 365 and Defender for Cloud Apps have all been expanded, which again is something that makes sense to me.

Where things change quite a bit is in the compliance section. If you were to ask me what I think about the compliance section being part of this exam, I do question it’s inclusion based on the name of the exam. The exam name includes mobility and security, and there are so many technologies in those areas that could be included instead of having around one third of the exam covering what could be argued is off topic. I make the same argument with MS-500 – it has security in the name but still includes a considerable amount of compliance content. My personal preference for both of these exams is to either better align them with the exam name, by changing their names to include compliance or governance or to drop the compliance content. My suspicion here is that this is more of a remnant of “security and compliance” being grouped together as if they are one thing, and I’m sure some of you have some opinions on that.

You may notice that there’s no reference to Purview in any of the topics yet. Technologies that fall under the Purview banner are definitely included, with new references add in for Content Explorer, Activity Explorer, and label reports, but there have also been some removals. References to Privileged Access Management, Azure Information Protection, Information Rights Management and Windows Information Protection have been removed. While some of these technologies might still be covered under existing topics in the exam, Windows Information Protection’s removal makes a great deal of sense due to Microsoft actively recommending moving on to other Purview technologies to provide similar functionality.

One of the weirder inclusions in the compliance section is Azure Active Directory auditing. It’s not the topic itself, rather it’s where it’s situated amongst Purview functionality. As there isn’t an identity section in the exam for this to be a more comfortable fit, I’ll just assume this was the best location to place it. In order to fully understand this topic it’s best if you have an Azure subscription in your Microsoft 365 tenant so that you can take a look at the different options about sending your log data into Log Analytics or Storage Accounts, for example.

When you start preparing for this exam it’s important to remember what I called out above, it’s not just a mobility and security exam, it also includes a section on compliance. It’s going to include more detailed questions on Intune, Endpoint Manager and Windows than the more recently introduced SC-x00 exams . However, once you move past this difference, there are many topics that overlap with the SC-x00 series exams, but that doesn’t mean that preparing for this exam will completely prepare you for those exams.

If you have passed MS-100 and MS-101 you are going to be in pretty good shape to prepare for MS-500 and the SC-300 identity exam. If governance and compliance are what you are more passionate about, it would make sense to look at SC-400 as your next exam, as the base knowledge in this exam puts you in a good starting position as far as knowledge is concerned.

Some of the SC-x00 exams do have an Azure component, or in the case of the SC-200 Security Operations exam have a very heavy Azure focus due to Microsoft Defender for Cloud and Microsoft Sentinel making up a large portion of the exam. There is similar overlap with this exam and MS-500, so it could be a good exam to take after this one if you were planning out what’s next.

Plan and implement device services (35ā€”40%)

Plan and implement device management by using Microsoft Endpoint Manager

Plan and implement device security and compliance by using Microsoft Endpoint Manager

Deploy and manage applications by using Microsoft Endpoint Manager

Plan for Windows client deployment and management

Plan and implement device enrollment

Manage security and threats by using Microsoft 365 Defender (25ā€”30%)

Manage security reports and alerts by using the Microsoft 365 Defender portal

Plan, implement, and manage email and collaboration protection by using Microsoft Defender for Office 365

Plan, implement, and manage endpoint protection by using Microsoft Defender for Endpoint

Plan, implement, and manage Microsoft Defender for Cloud Apps

Manage Microsoft 365 compliance (30ā€”35%)

Plan and implement information governance

Plan and implement information protection

Plan and implement data loss prevention (DLP)

Manage search and investigation