MS-102 just received a minor update to reflect recent name changes of some of the technologies it includes due to the announcement of Entra ID, along with the previous Entra changes that occurred..
Last year MS-100 and MS-101 were retired in favor of MS-102, reducing the number of exams required to earn the Microsoft 365 Certified: Administrator Expert certification by one. Unlike the MD-102 exam which similarly replaces the MD-100 and MD-101 exams by mostly including MD-101 topics, MS-102 is fairly balanced in terms of balancing content from the two previous exams.
Let’s start off with major items in MS-100 that didn’t make their way into MS-102. The first section that didn’t survive is the Plan identity synchronization section. My prediction here is even though it’s not listed in the new exams, I’m going to assume that many of the topics will still be covered by the topics in Implement and manage identity synchronization with Microsoft Entra ID. What does this mean in terms of exam preparation? Make sure you look at the removed section, as I think it might just fall into the category of assumed skills you should have for this exam that don’t need to be specifically mentioned.
Also falling by the wayside is Plan and implement application access. There are two main reasons why I can think of as to why this isn’t part of MS-102. The first is that while you could argue that this is mostly covering Entra functionality, therefore it could be in a Microsoft 365 exam, you could also argue that maybe it starts to get a little bit too identity admin specifc, or even starting to lean heavily on skills that an Entra app admin would have. The other though is that the topics are already covered in other exams such as SC-300 and AZ-500, for example. That doesn’t quite explain the removal of Microsoft Defender for Cloud Apps objective, but I’ll get back to that in the MS-101 conversation in a few paragraphs.
Up next we have an entire section being removed – Plan Microsoft 365 workloads and applications. This includes Plan and implement Microsoft 365 Apps deployment, Plan and implement Exchange Online deployments and Plan and implement Microsoft SharePoint Online, OneDrive, and Microsoft Teams. Overall I’m very happy with these items being removed, let me explain why. Microsoft 365 apps deployment is going to be covered in MD-102, so there’s less overlap. The others, which I’ll summarize as the Office 365 workloads, are things that I didn’t think should have been as much of a focus in MS-100.
My reasoning is that even though there was a small amount of Office 365 in the original version of this exam when it was released four years ago, it continued to expand and started shifting the exam to include way too much of it, and I preferred the identity heavy focus of the exam as it originally existed. There are already three Teams exams, two Exchange exams and a SharePoint exam, so it wasn’t like people couldn’t prove those skills elsewhere. I should also disclose that I’m much more passionate about non-productivity components of Microsoft 365, so I am quite biased.
Let’s move on to the casualties of MS-101 in the brave new world of MS-102. Once again we have entire section being retired – Plan and implement device services. This section includes Plan and implement device management by using Microsoft Endpoint Manager, Plan and implement device security and compliance by using Microsoft Endpoint Manager, Deploy and manage applications by using Microsoft Endpoint Manager, Plan for Windows client deployment and management and Plan and implement device enrollment. MS-101 has “Devices” in its name, so there obviously had to be Intune content, but now with the exam consolidations that are taking place, it’s easy to understand why all things Intune are now going only to be part of MD-102.
If we continue on to other items that aren’t moving forward from MS-101, we have Microsoft Defender for Cloud Apps. We saw this with MS-100 as well, so what can we interpret about the lack of Microsoft Defender for Cloud Apps in this exam? My best guess is based on Microsoft Defender for Identity not having been part of MS-101, they are focused on the Microsoft 365 Defender workloads that protect Microsoft 365 workloads directly rather than indirectly. Even though we can definitely argue that Microsoft Defender for Cloud Apps does provide additional protection to Microsoft 365, it’s not necssarily the same level of direct application of protection like we see with Defender for Office 365 and Defender for Endpoint. If only two of the Microsoft 365 Defender technologies could be included, I think the right choice has been made.
The two final culled objective areas are from the Manage Microsoft 365 compliance section, and they are Plan and implement information governance and Manage search and investigation. The big takeaway here is that if someone is focused on compliance, governance and/or information protection, then they should be looking at SC-400 instead. The retirement of MS-500 also supports this line of thinking. There is still Purview content though, so don’t miss that.
Deploy and manage a Microsoft 365 tenant (25–30%)
Implement and manage a Microsoft 365 tenant
- Create a tenant
- Implement and manage domains
- Configure organizational settings, including security, privacy, and profile
- Identify and respond to service health issues
- Configure notifications in service health
- Monitor adoption and usage
Manage users and groups
- Create and manage users
- Create and manage guest users
- Create and manage contacts
- Create and manage groups, including Microsoft 365 groups
- Manage and monitor Microsoft 365 license allocations
- Perform bulk user management, including PowerShell
Manage roles in Microsoft 365
- Manage roles in Microsoft 365 and Microsoft Entra
- Manage role groups for Microsoft Defender, Microsoft Purview, and Microsoft 365 workloads
- Manage delegation by using administrative units
- Implement privileged identity management for Microsoft Entra roles
Implement and manage Microsoft Entra identity and access (25–30%)
Implement and manage identity synchronization with Microsoft Entra tenant
- Prepare for identity synchronization by using IdFix
- Implement and manage directory synchronization by using Microsoft Entra Connect cloud sync
- Implement and manage directory synchronization by using Microsoft Entra Connect
- Monitor synchronization by using Microsoft Entra Connect Health
- Troubleshoot synchronization, including Microsoft Entra Connect and Microsoft Entra Connect cloud sync
Implement and manage authentication
- Implement and manage authentication methods, including Windows Hello for Business, passwordless, tokens, and the Microsoft Authenticator app
- Implement and manage self-service password reset (SSPR)
- Implement and manage Microsoft Entra Password Protection
- Implement and manage multi-factor authentication (MFA)
- Investigate and resolve authentication issues
Implement and manage secure access
- Plan for identity protection
- Implement and manage Microsoft Entra ID Protection
- Plan Conditional Access policies
- Implement and manage Conditional Access policies
Manage security and threats by using Microsoft 365 Defender (25– 30%)
Manage security reports and alerts by using the Microsoft 365 Defender portal
- Review and take actions to improve the Microsoft Secure Score in the Microsoft 365 Defender portal
- Review and respond to security incidents and alerts in Microsoft 365 Defender
- Review and respond to issues identified in security and compliance reports in Microsoft 365 Defender
- Review and respond to threats identified in threat analytics
Implement and manage email and collaboration protection by using Microsoft Defender for Office 365
- Implement policies and rules in Defender for Office 365
- Review and respond to threats identified in Defender for Office 365, including threats and investigations
- Create and run campaigns, such as attack simulation
- Unblock users
Implement and manage endpoint protection by using Microsoft Defender for Endpoint
- Onboard devices to Defender for Endpoint
- Configure Defender for Endpoint settings
- Review and respond to endpoint vulnerabilities
- Review and respond to risks identified in the Microsoft Defender Vulnerability Management dashboard
Manage compliance by using Microsoft Purview (15–20%)
Implement Microsoft Purview information protection and data lifecycle management
- Implement and manage sensitive info types by using keywords, keyword lists, or regular expressions
- Implement retention labels, retention label policies, and retention policies
- Implement sensitivity labels and sensitivity label policies
Implement Microsoft Purview data loss prevention (DLP)
- Implement DLP for workloads
- Implement Endpoint DLP
- Review and respond to DLP alerts, events, and reports