This month MS-102 received a minor update. This follows an update late last year that made some big changes, including a new section on Microsoft Defender for Cloud Apps, which I’ll focus on a bit more below. There are also changes to weightings of three sections of the exam, so let’s start off with that.
New weightings
Percentages in green are increases, percentages in red are decreases
- Deploy and manage a Microsoft 365 tenant (25–30%)
- Implement and manage Microsoft Entra identity and access (25–30%)
- Manage security and threats by using Microsoft Defender XDR (30–35%)
- Manage compliance by using Microsoft Purview (10–15%)
Old weightings
- Deploy and manage a Microsoft 365 tenant (15–20%)
- Implement and manage Microsoft Entra identity and access (25–30%)
- Manage security and threats by using Microsoft Defender XDR (35–40%)
- Manage compliance by using Microsoft Purview (15–20%)
Looking at the weighting changes, my thoughts on the changes are as follows. Increasing the weighting for the basics – deploying and managing a Microsoft 365 tenant, seems to align with what the core focus of this exam should be. There are other exams that focus more heavily on the reduced sections – Defender XDR (SC-200) and Purview (SC-401), so I don’t really see any issues with these changes.
Now, what about there being no change to the Entra ID section weighting, am I being hypocritical if I say that I’m glad it wasn’t reduced. even though it also dominates another exam (SC-300)? I’d argue no. My reason being that Entra ID skills are more of a core Microsoft 365 skill that I would expect people sitting this exam to have. Your opinion may differ, and that’s okay, this is just my opion.
As mentioned above, the major change introduced last year was the inclusion of a new section for Microsoft Defender for Cloud Apps. Some of these overlap with what you might see in a few of the SC-x00 exams, as well as what you may have seen previously in MS-500 before it was retired. An important point to note here is that if you haven’t worked with Defender for Cloud Apps previously, you may be overwhelmed by the features it has, so it’s important to focus on what the exam covers, rather than spreading yourself too thin with other capabilities that it provides. Here is the list for this exam.
- Implement, and manage Microsoft Defender for Cloud Apps
- Configure the app connector for Microsoft 365
- Configure Microsoft Defender for Cloud Apps policies
- Review and respond to Microsoft Defender for Cloud Apps alerts
- Interpret activity log
- Configure Cloud App Discovery
- Review and respond to issues identified in Cloud App Discovery
In terms of other new additions, or items that have been mentioned explicitly versus alluded to, here is a summary of what was included in the major update, as well as some of the minor changes introduced since then
- Network connectivity insights
- Microsoft 365 backup (make sure you have a basic understanding of core Azure terminology)
- Shared mailboxes
- Entra custom roles
- MFA via Conditional Access policies
- Purview label usage monitoring
- Defender XDR branding used more consistently
- Restricted entities
- Exposure management
- Troubleshoot Entra sync
- Software updates
With all this preamble out of the way, let’s get into the latest resource guide.
Deploy and manage a Microsoft 365 tenant (25–30%)
Implement and manage a Microsoft 365 tenant
- Create a tenant
- Implement and manage domains
- Configure org settings, including Security & privacy and Organizational profile
- Monitor the health of Microsoft 365 services by using Service Health, including configuration of notifications
- Configure and review Network connectivity insights
- Configure and monitor software updates by using the Microsoft 365 admin center
- Monitor Microsoft 365 adoption and usage
- Configure and manage Microsoft 365 Backup
Manage users and groups
- Create and manage users in Microsoft Entra, including external users
- Create and manage contacts in the Microsoft 365 admin center
- Create and manage groups, including Microsoft 365 groups and shared mailboxes
- Manage and monitor Microsoft 365 licenses, including group-based licensing
- Perform bulk user management, including PowerShell
Manage roles and role groups
- Implement and manage roles in Microsoft 365 and Microsoft Entra
- Implement and manage custom roles in Microsoft Entra admin center
- Manage role groups in Microsoft Defender XDR, Microsoft Purview, and Microsoft 365 workloads
- Manage delegation by using administrative units
- Manage Microsoft Entra roles in Microsoft Entra privileged identity management (PIM)
Implement and manage Microsoft Entra identity and access (25–30%)
Implement and manage identity synchronization with Microsoft Entra tenant
- Prepare for identity synchronization by using IdFix
- Implement and manage directory synchronization by using Microsoft Entra Connect Sync or Microsoft Entra Cloud Sync
- Monitor synchronization by using Microsoft Entra Connect Health
- Troubleshoot synchronization, including Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync
Implement and manage authentication
- Implement and manage authentication methods
- Implement and manage self-service password reset (SSPR)
- Implement and manage Microsoft Entra Password Protection
- Investigate and resolve authentication issues
Implement and manage secure access
- Plan for identity protection
- Implement and manage Microsoft Entra ID Protection
- Plan Conditional Access policies
- Implement and manage Conditional Access policies
- Implement and manage multifactor authentication (MFA) by using conditional access policies
Manage security and threats by using Microsoft Defender XDR (30–35%)
Review and respond to security reports and alerts generated by Microsoft Defender XDR
- Review and respond to threats by using Exposure Management, including the Microsoft Secure Score
- Review and respond to incidents and alerts generated by Microsoft Defender XDR, including guided hunting
- Review and respond to issues identified in Microsoft Defender XDR reports
- Review and respond to threats identified by Threat intelligence
Implement and manage email and collaboration protection by using Microsoft Defender for Office 365
- Implement threat policies and rules in Microsoft Defender for Office 365
- Configure alert policies in Microsoft Defender for Office 365
- Investigate and respond to email and collaboration threats by using Microsoft Defender for Office 365
- Manage attack simulations, including training campaigns
- Manage restricted entities, including blocked users
Implement and manage endpoint protection by using Microsoft Defender for Endpoint
- Onboard devices to Defender for Endpoint
- Configure endpoint settings
- Review and respond to vulnerabilities identified in the Microsoft Defender Vulnerability Management dashboard
Implement, and manage Microsoft Defender for Cloud Apps
- Configure the app connector for Microsoft 365
- Configure Microsoft Defender for Cloud Apps policies, including triggering alerts
- Interpret activity log
- Configure Cloud App Discovery
- Review and respond to issues identified in Cloud App Discovery
Manage compliance by using Microsoft Purview (10–15%)
Implement Microsoft Purview information protection and data lifecycle management
- Implement and manage sensitive information types by using keywords, keyword lists, or regular expressions
- Implement retention labels, retention label policies, and retention policies
- Implement sensitivity labels and sensitivity label policies
- Monitor label usage by using Content explorer, Activity explorer, and label reports
Implement Microsoft Purview data loss prevention (DLP)
- Configure DLP policies for Exchange, SharePoint, OneDrive, and Teams
- Configure Endpoint DLP
- Review and respond to DLP alerts, events, and reports
intunedin.net 