MS-500 Exam Study Guide (Microsoft 365 Security Administration)

MS-500 Microsoft 365 Security Administration Certificate Study Guide

How to Prepare for the MS-500 Exam?

Preparing for the MS-500 Microsoft 365 Security Administration exam to achieve the Microsoft 365 Certification for Security Administrator Associate? Don’t know where to start? This post is the MS-500 Certificate Study Guide (with links to each exam objective).

I have curated a list of articles from Microsoft documentation for each objective of the MS-500 exam. Please share the post within your circles so it helps them to prepare for the exam.

Exam Voucher for MS-500 with 1 Retake

Get 40% OFF with the combo

MS-500 M365 Security Administrator Course

Pluralsight (Free trial)Microsoft 365 Security Administration
UdemyMicrosoft 365 Security Admin Lectures & Sims

MS-500 Microsoft 365 Security Admin Test

Whizlabs Exam QuestionsMicrosoft 365 Security Administrator Test
Udemy Exam QuestionsM365 Security Administration Exam
Amazon e-book (PDF)Microsoft 365 Security Admin Exam Guide

Looking for MS-500 Dumps? Read This!

Using ms-500 exam dumps can get you permanently banned from taking any future Microsoft certificate exam. Read the FAQ page for more information. However, I strongly suggest you validate your understanding with practice questions.

Check out all the other Microsoft 365 certificate study guides

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Implement and Manage Identity and Access (30-35%)

Secure Microsoft 365 Hybrid Environments

Plan Azure AD authentication options

Authentication methods available in Azure Active Directory

How to choose the right authentication option in Azure AD?

Choose the right authentication method for Azure AD hybrid identity

Plan Azure AD synchronization options

Azure AD Connect sync: Understand and customize synchronization

Deploy Microsoft 365 Directory Synchronization in Microsoft Azure

How does synchronization work in Azure Active Directory Domain Services?

Set up directory synchronization for Microsoft 365

Implement password hash synchronization with Azure AD Connect sync

Monitor and troubleshoot Azure AD Connect events

Troubleshoot Azure AD connectivity

Troubleshoot object synchronization with Azure AD Connect sync

Azure Active Directory Connect Health: Monitoring the sync engine

Monitor AD FS using Azure AD Connect Health

Secure Identities

Implement Azure AD group membership

Create a basic group and add members using Azure Active Directory

Create or update a dynamic group in Azure Active Directory

Implement password management

Plan an Azure Active Directory self-service password reset deployment

Enable users to unlock their account or reset passwords

Azure AD Password Protection is now generally available!

Configure and manage identity governance

What is Azure AD Identity Governance?

Manage identities and governance in Azure

Implement Authentication Methods

Plan sign-on security

What is single sign-on (SSO)?

Set up SSO for an application in your Azure Active Directory tenant

Implement multi-factor authentication (MFA)

How it works: Azure Multi-Factor Authentication

Enable per-user Azure MFA to secure sign-in events

Configure Azure Multi-Factor Authentication settings

Manage and monitor MFA

Manage user settings for Azure Multi-Factor Authentication

Use the sign-ins report to review Azure MFA events

Plan and implement device authentication methods like Windows Hello

How Windows Hello for Business works

Planning a Windows Hello for Business Deployment

Windows Hello for Business Deployment Guide

Configure and manage Azure AD user authentication options and self-service password management

Primary & secondary authentication methods in Azure AD

Configure & manage Azure AD authentication (Example Azure SQL)

Implement Conditional Access

Plan for compliance and conditional access policies

What is Conditional Access in Azure AD?

Conditional Access: Require compliant devices

Plan a Conditional Access deployment

Configure and manage device compliance for endpoint security

Manage endpoint security in Microsoft Intune

Create a compliance policy in Intune

Implement and manage conditional access

Building a Conditional access policy

Create a device-based Conditional access policy

Secure user sign-in events with Azure MFA

Implement Role-based Access Control (RBAC)

Plan for roles

What is Azure role-based access control (Azure RBAC)?

Best practices for Azure role-based access control

Configure roles

Add or remove Azure role assignments using the Azure portal

Add/remove role assignments using Azure PowerShell

Add or remove Azure role assignments using Azure CLI

Audit roles

View activity logs for Azure RBAC changes

MS-500 Microsoft 365 Security Administration Exam Reference

Amazon link (affiliate)

Implement Azure AD Privileged Identity Management (PIM)

Plan for Azure PIM

What is Azure AD Privileged Identity Management?

Start using Privileged Identity Management

Assign eligibility and activate admin roles

Activate my Azure resource roles in PIM

Assign Azure resource roles in Privileged Identity Management

Configure Azure resource role settings in PIM

Manage Azure PIM role requests and assignments

Extend or renew role assignments in Privileged Identity Management

Approve or deny requests for Azure resource roles in PIM

Monitor PIM history and alerts

View audit history for Azure AD roles in PIM

Configure security alerts for Azure AD roles in PIM

Implement Azure AD Identity Protection

Implement user risk policy

User risk policy in Identity Protection

How to configure and enable user risk policies?

Implement sign-in risk policy

risk policy in Identity Protection

How to configure and enable a sign-in risk policy?

Configure Identity Protection alerts

What is Identity Protection?

Azure Active Directory Identity Protection notifications

Review and respond to risk events

Remediate risks and unblock users

Implement and Manage Threat Protection (20-25%)

Implement an Enterprise Hybrid Threat Protection Solution

Plan an Azure ATP solution

What is Azure Advanced Threat Protection?

Azure Advanced Threat Protection prerequisites

Quickstart: Plan capacity for Azure ATP

Install and configure Azure ATP

Download the Azure ATP sensor setup package

Quickstart: Install the Azure ATP sensor

Quickstart: Create your Azure ATP instance

Monitor and manage Azure ATP

Understanding Azure ATP sensor health alerts

Monitoring your domain controller coverage

Manage Azure ATP security alerts

Manage Azure ATP health alerts

Implement Device Threat Protection

Plan a Microsoft Defender ATP solution

What is Microsoft Defender Advanced Threat Protection?

Plan your Microsoft Defender ATP deployment strategy

Implement Microsoft Defender ATP

Prepare Microsoft Defender ATP deployment

Set up Microsoft Defender ATP deployment

Onboard to the Microsoft Defender ATP service

Manage and monitor Microsoft Defender ATP

Manage Microsoft Defender ATP capabilities

Implement and Manage Device and Application Protection

Plan for device and application protection

Protect devices from exploits

Prevent threats from removable storage

Microsoft Defender Application Guard overview

Configure and manage Windows Defender Application Guard

Configure Microsoft Defender Application Guard policy settings

Application Guard testing scenarios

Configure and manage Windows Defender Application Control

Application Control for Windows

Deploy Windows Defender Application Control policies by using Intune

Manage WDAC with Configuration Manager

Configure and manage exploit protection

Evaluate exploit protection

Enable exploit protection

Configure Secure Boot

Security considerations for OEMs: Secure boot

Secure the Windows 10 boot process

Configure and manage Windows device encryption

Device encryption in Windows 10

Turn on Windows 10 device encryption

Configure and manage non-Windows device encryption

How to Encrypt Drive with BitLocker in Linux?

Plan for securing applications data on devices

Protect your data in files, apps, and devices

Requirements for use-case in mobile device

Prevent data leaks on non-managed devices using Microsoft Intune

Implement application protection policies

App protection policies overview

How to create and assign app protection policies

Implement and Manage Office 365 ATP

Configure Office 365 ATP

Office 365 Advanced Threat Protection (ATP)

Monitor Office 365 ATP

View reports for Office 365 Advanced Threat Protection

Conduct simulated attacks using Attack Simulator

Attack Simulator in ATP

Implement Azure Sentinel for Microsoft 365

Plan and implement Azure Sentinel

Azure Sentinel, intelligent security analytics for your enterprise

Connect Office 365 Logs to Azure Sentinel

Azure Sentinel & Microsoft 365 Threat Protection

Configure playbooks in Azure Sentinel

Use playbooks in Sentinel to set automated threat responses

Manage and monitor Azure Sentinel

Monitor data using the Azure Sentinel

Respond to threats in Azure Sentinel

Set up automated threat responses in Azure Sentinel

Implement and Manage Information Protection (15-20%)

Secure Data Access within Office 365

Implement and manage Customer Lockbox

Customer Lockbox in Office 365

What is Customer Lockbox and How to Enable it

Configure data access in Office 365 collaboration workloads

Microsoft 365 inter-tenant collaboration

Set up secure collaboration with Microsoft 365

Protect user and device access

Configure B2B sharing for external users

Office 365 external sharing and Azure AD B2B collaboration

Manage Azure Information Protection (AIP)

Plan an AIP solution

What is Azure Information Protection?

Azure Information Protection requirements

Additional Azure AD requirements for Azure Information Protection

Configure Sensitivity labels and policies

Learn about sensitivity labels

Create & configure sensitivity labels and their policies

Deploy the RMS connector

Deploying the Azure Rights Management connector

Install & configure the Rights Management connector

Manage tenant keys

Plan & implement your Azure Information Protection tenant key

Microsoft-managed: Tenant key life cycle operations

Deploy the AIP client

Azure Information Protection client administrator guide

Install the Azure Information Protection client for users

Integrate AIP with Office 365 Services

Configuration for online services to use Azure RMS

Manage Data Loss Prevention (DLP)

Plan a DLP solution

Overview of data loss prevention

Create and manage DLP policies

Create, test, and tune a DLP policy

Create a DLP policy from a template

Create and manage sensitive information types

Sensitive information type entity definitions

Create a custom sensitive information type

Monitor DLP reports

View the reports for data loss prevention

Manage DLP notifications

Send email notifications & show policy tips for DLP policies

Implement and Manage Microsoft Cloud App Security

Plan Cloud App Security implementation

Microsoft Cloud App Security overview

Configure Microsoft Cloud App Security

Basic setup for Cloud App Security

Get started with Microsoft Cloud App Security

Manage cloud app discovery

Set up Cloud Discovery

Manage entries in the Cloud app catalog

Add custom apps to Cloud Discovery

Manage apps in Cloud App Security

Connect apps to get visibility & protection

Manage Microsoft Cloud App Security

Manage admin access to cloud app security

Configure Cloud App Security connectors and Oauth apps

Control which cloud OAuth apps get permissions

Configure Cloud App Security policies and templates

Control cloud apps with policies

Policy template reference

Review, interpret and respond to Cloud App Security alerts, reports, dashboards, and logs

How to investigate anomaly detection alerts?

Manage Cloud App Security alerts

Monitor alerts in Cloud App Security

Generate data management reports

Create snapshot Cloud Discovery reports

Working with the dashboard

Configure automatic log upload for continuous reports

Manage Governance and Compliance Features in Microsoft 365 (20-25%)

Configure and Analyze Security Reporting

Monitor and manage device security status using Microsoft Endpoint Manager Admin Center

Microsoft Endpoint Manager overview

Walkthrough Intune in Microsoft Endpoint Manager

Manage devices with endpoint security in Microsoft Intune

Manage and monitor security reports and dashboards using Microsoft 365 Security Center

Microsoft 365 security dashboards

Smart reports and insights in the Security Center

Plan for custom security reporting with Graph Security API

Microsoft Graph Security API overview

Use the Microsoft Graph Security API

Use secure score dashboards to review actions

Microsoft Secure Score

Office 365 Secure Score is now Microsoft Secure Score

Configure alert policies in the Security & Compliance admin center

Alert policies in the security and compliance center

Manage and Analyze Audit Logs and Reports

Plan for auditing and reporting

Auditing and Reporting in Microsoft cloud services

Perform audit log search

Search the audit log in the Security & Compliance Center

Review and interpret compliance reports and dashboards

Reports in the Security & Compliance Center

Security Dashboard overview

Configure audit alert policy

Alert policies in the security and compliance center

Manage Data Governance and Retention

Plan for data governance and retention

Data governance and retention in your Microsoft 365 tenant

Review and interpret data governance reports and dashboards

View the data governance reports

Configure retention policies

Create and configure retention policies

Define data governance event types

Start retention when an event occurs

Define and manage communication compliance policies

Learn about communication compliance in Microsoft 365

Configure Information holds

In-Place Hold and Litigation Hold

Place a mailbox on Litigation Hold

Find and recover deleted Office 365 data

Recover deleted items in a user mailbox

Configure data archiving

Enable archive mailboxes in the Security & Compliance Center

Set up an archive & deletion policy for mailboxes in your organization

Manage inactive mailboxes

Overview of inactive mailboxes

Create and manage inactive mailboxes

Manage Search and Investigation

Plan for content search and eDiscovery

Content Search in Microsoft 365

eDiscovery in Microsoft 365

Get started with Core eDiscovery

Search for personal data

Search for and find personal data

Monitor for leaks of personal data

Monitor for leaks of personal data

Delegate permissions to use search and discovery tools

Permissions in the Security & Compliance Center

Assign eDiscovery permissions in the Security & Compliance Center

Use search and investigation tools to perform content searches

Use content search

Export content search results

Export Content Search results

Manage eDiscovery cases

Get started with Core eDiscovery

Manage Data Privacy Regulation Compliance

Plan for regulatory compliance in Microsoft 365

Microsoft 365 recommended action plan for GDPR

Review and interpret GDPR dashboards and reports

GDPR dashboard

O365 / Data Privacy GDPR dashboard

Manage Data Subject Requests (DSRs)

Data Subject Requests and the GDPR and CCPA

Office 365 Data Subject Requests for the GDPR and CCPA

Manage GDPR DSR with the DSR case tool in the Compliance Center

Administer Compliance Manager in Microsoft 365 compliance center

Review Compliance Manager reports

Compliance manager reports

Export a report of account data history

Create and perform Compliance Manager assessments and action items

Assessments in Compliance Manager

Add an Assessment to Compliance Manager

Managing action items

This brings us to the end of the MS-500 Microsoft 365 Security Administration Study Guide.

What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you how your MS-500 certification preparation is going on!

In case you are preparing for other Microsoft 365 certification exams, check out the Microsoft 365 study guide for those exams.

Follow Me to Receive Updates on MS-500 Exam

Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the MS-500 Study Guide in Your Network

You may also like