The MS-500 exam received a major update this month, so let’s take a look at what’s been changed. The first change to note is that the section weightings have changed. The identity component has been reduced, and threat protection and information protection increased. This balances the exams out quite a bit, but means that if identity is your strength, then the change means the exam might be a little bit tougher for you. I don’t think it’s enough of a difference to make that much of a change though.

Functional groupOld
Implement and manage identity and access35–40%25–30%
Implement and manage threat protection25–30%30–35%
Implement and manage information protection10-15%15–20%
Manage governance and compliance features in Microsoft 36520–25%20–25%

What’s new or more of a focus? Here are some of the changes.

  • Hybrid authentication referencing password hash sync and pass-through authentication, indicating that federation isn’t a focus
  • Self service password reset and Azure AD Password Protection
  • FIDO and passwordless
  • Use of Microsoft 365 Defender portal for Defender for Identity and Defender for Cloud Apps
  • App Governance in Defender for Cloud Apps
  • Content Explorer
  • Purview Data Map
  • Subject Rights Requests in Microsoft Priva
  • Adaptive scopes

This is a very broad exam, and the traditional approach I would have recommended would have been to work your way through MS-100, MS-101 and MD-101 before attempting this exam. Why? Each of those three exams covers something that this exam includes, and it means that by the time you get to this exam after you are mostly doing revision, and focusing your preparation on addressing weaknesses rather than learning lots of new things.

However, the addition of the exams in the Security and Compliance track (SC-900, SC-200, SC-300 and SC-400) means that you have additional, more focused exams you could take prior to MS-500. There isn’t really an approach that’s right for everyone, but I would still recommend starting off with exams that focus on your strengths before moving on the ones you know you will find more challenging.

Even if you aren’t planning on sitting any of these other exams prior to sitting MS_500, make sure you take a look at the preparation guides for these exams as they might provide additional content related to the topics you might be struggling with.

Plenty of people do get through this exam without doing the others first, because perhaps that’s all that they want or need for work related purposes, but if you are struggling with the breadth of what this exam includes, it might be worth at least going through the prep material for those exams to fill in some of the fundamentals this exam expects you to know.

Implement and manage identity and access (25-30%)

Plan and implement identity and access for Microsoft 365 hybrid environments

Plan and implement identities in Azure AD

Implement authentication methods

Implement conditional access

Configure and manage identity governance

Implement Azure AD Identity Protection

Implement and manage threat protection (30-35%)

Secure identity by using Microsoft Defender for Identity

Secure endpoints by using Microsoft Defender for Endpoint

Secure endpoints by using Microsoft Endpoint Manager

Secure collaboration by using Microsoft Defender for Office 365

Detect and respond to threats in Microsoft 365 by using Microsoft Sentinel

Secure connections to cloud apps by using Microsoft Defender for Cloud Apps

Implement and manage information protection (15-20%)

Manage sensitive information

Implement and manage Microsoft Purview Data Loss Prevention (DLP)

Plan and implement Microsoft Purview Data lifecycle management

Manage compliance in Microsoft 365 (20–25%)

Manage and analyze audit logs and reports in Microsoft Purview

Plan for, conduct, and manage eDiscovery cases

Manage regulatory and privacy requirements

Manage insider risk solutions in Microsoft 365