MS-102: Microsoft 365 Administrator Exam Resource Guide (beta)

Earlier this month MS-102 was announced as the replacement for the MS-100 and MS-101 exams, reducing the number of exams required to attain the Microsoft 365 Certified: Enterprise Administrator Expert certification by one. Unlike the MD-102 exam which similarly replaces the MD-100 and MD-101 exams by mostly including MD-101 topics, MS-102 is fairly balanced in terms of balancing content from the two previous.

Let’s start off with major items in MS-100 that didn’t make their way into MS-102. The first section that didn’t survive is the Plan identity synchronization section. My prediction here is even though it’s not listed in the new exams, I’m going to assume that many of the topics will still be covered by the topics in Implement and manage identity synchronization with Azure AD. What does this mean in terms of exam preparation? Make sure you look at the removed section, as I think it might just fall into the category of assumed skills you should have for this exam that don’t need to be specifically mentioned.

Also falling by the wayside is Plan and implement application access. There are two main reasons why I can think of as to why this isn’t part of MS-102. The first is that while you could argue that this is mostly covering Azure AD functionality, therefore it could be in a Microsoft 365 exam, you could also argue that maybe it starts to get a little bit too identity admin specifc, or even starting to lean heavily on skills that an Azure app admin would have. The other though is that the topics are already covered in other exams such as SC-300 and AZ-500, for example. That doesn’t quite explain the removal of Microsoft Defender for Cloud Apps objective, but I’ll get back to that in the MS-101 conversation in a few paragraphs.

Up next we have an entire section being removed – Plan Microsoft 365 workloads and applications. This includes Plan and implement Microsoft 365 Apps deployment, Plan and implement Exchange Online deployments and Plan and implement Microsoft SharePoint Online, OneDrive, and Microsoft Teams. Overall I’m very happy with these items being removed, let me explain why. Microsoft 365 apps deployment is going to be covered in MD-102, so there’s less overlap. The others, which I’ll summarize as the Office 365 workloads, are things that I didn’t think should have been as much of a focus in MS-100.

My reasoning is that even though there was a small amount of Office 365 in the original version of this exam when it was released four years ago, it continued to expand and started shifting the exam to include way too much of it, and I preferred the identity heavy focus of the exam as it originally existed. There are already three Teams exams, two Exchange exams and a SharePoint exam, so it wasn’t like people couldn’t prove those skills elsewhere. I should also disclose that I’m much more passionate about non-productivity components of Microsoft 365, so I am quite biased.

Let’s move on to the casualties of MS-101 in the brave new world of MS-102. Once again we have entire section being retired – Plan and implement device services. This section includes Plan and implement device management by using Microsoft Endpoint Manager, Plan and implement device security and compliance by using Microsoft Endpoint Manager, Deploy and manage applications by using Microsoft Endpoint Manager, Plan for Windows client deployment and management and Plan and implement device enrollment. MS-101 has “Devices” in its name, so there obviously had to be Intune content, but now with the exam consolidations that are taking place, it’s easy to understand why all things Intune are now going only to be part of MD-102.

If we continue on to other items that aren’t moving forward from MS-101, we have Microsoft Defender for Cloud Apps. We saw this with MS-100 as well, so what can we interpret about the lack of Microsoft Defender for Cloud Apps in this exam? My best guess is based on Microsoft Defender for Identity not having been part of MS-101, they are focused on the Microsoft 365 Defender workloads that protect Microsoft 365 workloads directly rather than indirectly. Even though we can definitely argue that Microsoft Defender for Cloud Apps does provide additional protection to Microsoft 365, it’s not necssarily the same level of direct application of protection like we see with Defender for Office 365 and Defender for Endpoint. If only two of the Microsoft 365 Defender technologies could be included, I think the right choice has been made.

The two final culled objective areas are from the Manage Microsoft 365 compliance section, and they are Plan and implement information governance and Manage search and investigation. The big takeaway here is that if someone is focused on compliance, governance and/or information protection, then they should be looking at SC-400 instead. The retirement of MS-500 also supports this line of thinking.

This brings us to the final discussion before the exam resource section, should this change your exam plans? There are several ways we can approach this conversation, but let’s try to focus on it from a pure technology perspective. This means that other considerations such as the cost of multiple exams, the stress of multiple exams, differences in preparation time, existing certification deadlines for work etc. aren’t going to be part of this discussion. If these are things you want me to discuss, drop a comment below.

Exam weightings, strikethrough highlights either most of, or the entire objective domain doesn’t make it into MS-102.

MS-100

• Deploy and manage a Microsoft 365 tenant (15–20%)
• Plan and manage user identity and roles (30–35%)
• Manage access and authentication (20–25%)
• Plan Microsoft 365 workloads and applications (20–25%)

MS-101

• Plan and implement device services (35–40%)
• Manage security and threats by using Microsoft 365 Defender (25–30%)
• Manage Microsoft 365 compliance (30–35%)

MS-102

• Deploy and manage a Microsoft 365 tenant (25–30%)
• Implement and manage identity and access in Azure AD (25–30%)
• Manage security and threats by using Microsoft 365 Defender (25–30%)
• Manage compliance by using Microsoft Purview (15–20%)

If the areas that are being retired are for technologies that are your weaknesses, it might be a good idea to go straight to MS-102. What this suggests, based on the objectives that carry forward is that you are comfortable with much of the Microsoft 365 security stack.

The opposite also applies – if the retiring objectives are your strengths, it makes more sense to do the current exams instead of waiting. Where this is most easily explainable is if we look at MS-101 removing all the device related content. If Intune is your strength, and your skills in the other two secions are average to good, you have a pretty chance of passing that exam because the device section is 40% of the exam.

Applying the same logic to MS-100, if your Microsoft 365 skills are mostly based on your exposure to Office 365 productivity workloads, it might be a good idea to do this exam. Even though the Office 365 section weighting is only 20-25%, your Office 365 skills should help you substantially in other parts of the exam. Just make sure that if you only with Office 365 environments with no additional AAD Premium licensing, that you spend time getting up to speed with the relevant Azure AD Premium P1 and P2 features.

Deploy and manage a Microsoft 365 tenant (25–30%)

Implement and manage a Microsoft 365 tenant

• Create a tenant
  • Plan your setup
  • Try or buy Microsoft 365
• Implement and manage domains
  • Add domain
  • Can I pilot Microsoft 365 with just a few email addresses from my custom domain?
  • Domains FAQ
  • DNS basics
  • Can I add custom subdomains or multiple domains to Microsoft 365?
  • How do I change the default domain in Microsoft 365?
• Configure organizational settings, including security, privacy, and profile
  • Customize your organization theme
  • Customize Sign-in page
  • Change your organization’s address, technical contact, and more
  • About the Microsoft 365 admin center
• Identify and respond to service health issues
  • Service Health and Continuity
• Configure notifications in service health
  • Service health
• Monitor adoption and usage
  • Activity reports and analytics

Manage users and groups

• Create and manage users
  • Add or delete a new user
  • Reset a user’s password
• Create and manage guest users
  • Add guest users to your directory in the Azure portal
  • Add a guest user with PowerShell
• Create and manage contacts
  • Manage mail contacts
• Create and manage groups, including Microsoft 365 groups
  • Overview of Microsoft 365 Groups for administrators
  • Groups and access management
• Manage and monitor Microsoft 365 license allocations
  • Manage user accounts and licenses
  • Group-based licensing
• Perform bulk user management, including PowerShell
  • Connect to all Microsoft 365 services in a single Windows PowerShell window
  • Overview

Manage roles in Microsoft 365

• Manage roles in Microsoft 365 and Azure AD
  • View and assign roles
  • Assign admin roles
  • Assign users to admin roles
• Manage role groups for Microsoft Defender, Microsoft Purview, and Microsoft 365 workloads
  • Roles and role groups in the Defender for Office 365 and Purview compliance
• Manage delegation by using administrative units
  • Administrative units
• Implement privileged identity management for Azure AD roles
  • Deploy PIM
  • Assign Azure AD roles in Privileged Identity Management
  • Management capabilities for Azure AD roles in Privileged Identity Management

Implement and manage identity and access in Azure AD (25–30%)

Implement and manage identity synchronization with Azure AD

• Prepare for identity synchronization by using IdFix
  • Install and run the IdFix tool
• Implement and manage directory synchronization by using Azure AD Connect cloud sync
  • What is Azure AD Connect Sync?
  • Cloud sync configuration
• Implement and manage directory synchronization by using Azure AD Connect
  • Set up directory synchronization for Microsoft 365
• Monitor synchronization by using Azure AD Connect Health
  • Azure AD Connect Health Operations
• Troubleshoot synchronization, including Azure AD Connect and Azure AD Connect cloud sync
  • Errors during synchronization

Implement and manage authentication

• Implement and manage authentication methods, including Windows Hello for Business, passwordless, tokens, and the Microsoft Authenticator app
  • Authentication methods
  • Windows Hello for Business Deployment Overview
• Implement and manage self-service password reset (SSPR)
  • How it works: Azure AD self-service password reset
  • Deploy self-service password reset
• Implement and manage Azure AD Password Protection
  • Eliminate bad passwords using Azure Active Directory Password Protection
  • Prevent attacks using smart lockout
• Implement and manage multi-factor authentication (MFA)
  • Determine multi-factor auth requirements
  • How it works: Azure Multi-Factor Authentication
• Investigate and resolve authentication issues
  • Sign-in logs
  • What are Azure AD reports?
  • What is Azure AD monitoring?

Implement and manage secure access

• Plan for identity protection
  • What is Identity Protection?
• Implement and manage Azure AD Identity Protection
  • Configure the user risk policy
  • Configure the sign-in risk policy
  • Simulate risk events
• Plan Conditional Access policies
  • Common ways to use conditional access
• Implement and manage Conditional Access policies
  • Create and assign conditional access policy
  • Create a device compliance policy
  • Monitor conditional access

Manage security and threats by using Microsoft 365 Defender (25– 30%)

Manage security reports and alerts by using the Microsoft 365 Defender portal

• Review and take actions to improve the Microsoft Secure Score in the Microsoft 365 Defender portal
  • Secure score and security controls
• Review and respond to security incidents and alerts in Microsoft 365 Defender
  • Investigate alerts in Microsoft 365 Defender
• Review and respond to issues identified in security and compliance reports in Microsoft 365 Defender
  • Overview
  • Manage incidents
• Review and respond to threats identified in threat analytics
  • Threat analytics in Microsoft 365 Defender

Implement and manage email and collaboration protection by using Microsoft Defender for Office 365

• Implement policies and rules in Defender for Office 365
  • Set up anti-phishing and Microsoft Defender for Office 365 anti-phishing policies
  • Set up Microsoft Defender for Office 365 Safe Attachments policies
  • Set up Microsoft Defender for Office 365 Safe Links policies
• Review and respond to threats identified in Defender for Office 365, including threats and investigations
  • View and read your Microsoft Defender for Office 365 reports
• Create and run campaigns, such as attack simulation
  • Attack Simulator in Microsoft Defender for Office 365
• Unblock users
  • Remove blocked users

Implement and manage endpoint protection by using Microsoft Defender for Endpoint

• Onboard devices to Defender for Endpoint
  • Set up Microsoft Defender for Endpoint deployment
  • Onboard devices to the service
• Configure Defender for Endpoint settings
  • Configure capabilities of the service
  • Configure conditional access
  • Enable Microsoft Defender for Cloud Apps in Microsoft Defender for Endpoint
• Review and respond to endpoint vulnerabilities
  • Endpoint detection and response overview
• Review and respond to risks identified in the Microsoft Defender Vulnerability Management dashboard
  • Investigate devices

Manage compliance by using Microsoft Purview (15–20%)

Implement Microsoft Purview information protection and data lifecycle management

• Implement and manage sensitive info types by using keywords, keyword lists, or regular expressions
  • Learn about sensitive information types
  • Customize a built-in sensitive information type
  • Create custom sensitive information types with Exact Data Match based classification
• Implement retention labels, retention label policies, and retention policies
  • Retention policies and labels
• Implement sensitivity labels and sensitivity label policies
  • Learn about sensitivity labels
  • Create and publish sensitivity labels
  • Enable sensitivity labels for Office files in SharePoint and OneDrive
  • Retention policies and labels

Implement Microsoft Purview data loss prevention (DLP)

• Implement DLP for workloads
  • Learn about data loss prevention
• Implement Endpoint DLP
  • Create a DLP policy from a template
  • Create, test, and tune a DLP policy
• Review and respond to DLP alerts, events, and reports
  • View the DLP reports
  • What the DLP functions look for