Boost your exam-day confidence with an Exam Replay or an Exam Replay with Practice Test.

Exam
MS-500

Microsoft logo

Microsoft 365 Security Administration (beta)

  • Image of Azure badge

    Part of requirements for Microsoft 365 Certified Security Administrator Associate

    With Microsoft Certification, technology professionals are more likely to get hired, demonstrate clear business impact, and advance their careers.

    About the certification
* Pricing does not reflect any promotional offers or reduced pricing for Microsoft Imagine Academy program members, Microsoft Certified Trainers, and Microsoft Partner Network program members. Pricing is subject to change without notice. Pricing does not include applicable taxes. Please confirm exact pricing with the exam provider before registering to take an exam.

Skills measured

This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

Implement and manage identity and access (30-25%)
  • Secure Microsoft 365 hybrid environments
    • May include but is not limited to: Configure and manage security integration components in Microsoft 365 hybrid environments, including connectivity, synchronization services, and authentication, plan Azure AD authentication options, plan Azure AD synchronization options, monitor and interpret Azure AD Connect events
  • Secure user accounts
    • May include but is not limited to: Implement Azure AD dynamic group membership, implement Azure AD Self-service password reset, manage Azure AD access reviews
  • Implement authentication methods
    • May include but is not limited to: Plan sign-on security, implement multi-factor authentication (MFA), manage and monitor MFA, implement device sign-on methods, manage authentication methods, monitor authentication methods
  • Implement conditional access
    • May include but is not limited to: Plan for compliance and conditional access policies, configure and manage device compliance policy, configure and manage conditional access policy, monitor Conditional Access and Device Compliance
  • Implement role-based access control (RBAC)
    • May include but is not limited to: Plan for RBAC, configure RBAC, monitor RBAC usage
  • Implement Azure AD Privileged Identity Management (PIM)
    • May include but is not limited to: Plan for Azure PIM, configure and manage Azure PIM, monitor Azure PIM
  • Implement Azure AD Identity Protection
    • May include but is not limited to: Implement user risk policy, implement sign-in risk policy, configure Identity Protection alerts, review and respond to risk events
Implement and manage threat protection (20-25%)
  • Implement an enterprise hybrid threat protection solution
    • May include but is not limited to: Plan an Azure Advanced Threat Protection (ATP) solution, install and configure Azure ATP, manage Azure ATP workspace health, generate Azure ATP reports, integrate Azure ATP with Windows Defender ATP, monitor Azure ATP, manage suspicious activities
  • Implement device threat protection
    • May include but is not limited to: Plan and implement a Windows Defender ATP solution, manage Windows Defender ATP, monitor Windows Defender ATP
  • Implement and manage device and application protection
    • May include but is not limited to: Plan for device protection, configure and manage Windows Defender Application Guard, configure and manage Windows Defender Application Control, configure and manage Windows Defender Exploit Guard, configure Secure Boot, configure and manage Windows 10 device encryption, configure and manage non-Windows device encryption, plan for securing applications data on devices, define managed apps for Mobile Application Management (MAM), protect your enterprise data using Windows Information Protection (WIP), configure WIP policies, configure Intune App Protection policies for non-Windows devices
  • Implement and manage Office 365 messaging protection
    • May include but is not limited to: Configure Office 365 ATP anti-phishing protection, configure Office 365 ATP anti-phishing policies, define users and domains to protect with Office 365 ATP Anti-phishing, configure Office 365 ATP anti-spoofing, configure actions against impersonation, configure Office 365 ATP anti-spam protection, enable Office 365 ATP Safe-Attachments, configure Office 365 ATP Safe Attachments policies, configure Office 365 ATP Safe Attachments options, configure Office 365 ATP Safe Links options, configure Office 365 ATP Safe Links blocked URLs, configure Office 365 ATP Safe Links policies
  • Implement and manage Office 365 threat protection
    • May include but is not limited to: Configure Office 365 Threat Intelligence, integrate Office 365 Threat Intelligence with Office 365 services, integrate Office 365 Threat Intelligence with Windows Defender ATP, review threats and malware trends on the Office 365 ATP Threat Management dashboard, review threats and malware trends with Office 365 ATP Threat Explorer and Threat Tracker, create and review Office 365 ATP incidents, review quarantined items in ATP including Microsoft SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams, monitor online anti-malware solutions using Office 365 ATP reports, perform tests using Attack Simulator
Implement and manage information protection (15-20%)
  • Secure data access within Office 365
    • May include but is not limited to: Plan secure data access within Office 365, implement and manage Customer Lockbox, configure data access in Office 365 collaboration workloads, configure B2B sharing for external users
  • Manage Azure information Protection (AIP)
    • May include but is not limited to: Plan an AIP solution, activate Azure Rights Management, configure usage rights, configure and manage super users, customize policy settings, create and configure labels and conditions, create and configure templates, configure languages, configure and use the AIP scanner, deploy the RMS connector, manage tenant keys, deploy the AIP client, track and revoke protected documents, integrate AIP with Microsoft Online Services
  • Manage Data Loss Prevention (DLP)
    • May include but is not limited to: Plan a DLP solution, create and manage DLP policies, create and manage sensitive information types, monitor DLP reports, manage DLP notifications, create queries to locate sensitive data
  • Implement and manage Microsoft Cloud App Security
    • May include but is not limited to: Plan Cloud App Security implementation, configure Office 365 Cloud App Security, perform productivity app discovery using Cloud App Security, manage entries in the Cloud app catalog, manage third-party apps in Office 365 Cloud App Security, manage Microsoft Cloud App Security, configure Cloud App Security connectors, configure Cloud App Security policies, configure and manage Cloud App Security templates, configure Cloud App Security users and permissions, review and respond to Cloud App Security alerts, review and interpret Cloud App Security dashboards and reports, review and interpret Cloud App Security activity log and governance log
Manage governance and compliance features in Microsoft 365 (25-30%)
  • Configure and analyze security reporting
    • May include but is not limited to: Interpret Windows Analytics, configure Windows Telemetry options, configure Office Telemetry options, review and interpret security reports and dashboards, plan for custom security reporting with Intelligent Security Graph, review Office 365 secure score action and recommendations, configure reports and dashboards in Azure Log Analytics, review and interpret reports and dashboards in Azure Log Analytics, configure alert policies in the Office 365 Security and Compliance Center
  • Manage and analyze audit logs and reports
    • May include but is not limited to: Plan for auditing and reporting, configure Office 365 auditing and reporting, perform audit log search, review and interpret compliance reports and dashboards, configure audit alert policy
  • Configure Office 365 classification and labeling
    • May include but is not limited to: Plan for data governance classification and labels, search for personal data, apply labels to personal data, monitor for leaks of personal data, create and publish Office 365 labels, configure label policies
  • Manage data governance and retention
    • May include but is not limited to: Plan for data governance and retention, review and interpret data governance reports and dashboards, configure retention policies, define data governance event types, define data governance supervision policies, configure Information holds, find and recover deleted Office 365 data, import data in the Security and Compliance Center, configure data archiving, manage inactive mailboxes
  • Manage search and investigation
    • May include but is not limited to: Plan for content search and eDiscovery, delegate permissions to use search and discovery tools, use search and investigation tools to perform content searches, export content search results, manage eDiscovery cases
  • Manage data privacy regulation compliance
    • May include but is not limited to: Plan for regulatory compliance in Microsoft 365, review and interpret GDPR dashboards and reports, manage Data Subject Requests (DSRs), review Compliance Manager reports, create and perform Compliance Manager assessments and action items

Who should take this exam?

Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 Security Administrator proactively secures M365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 Security Administrator collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.

Candidates for this exam are familiar with M365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the M365 environment and includes hybrid environments.

More information about exams


Preparing for an exam

We recommend that you review this exam preparation guide in its entirety and familiarize yourself with the resources on this website before you schedule your exam. See the Microsoft Certification exam overview for information about registration, videos of typical exam question formats, and other preparation resources. For information on exam policies and scoring, see the Microsoft Certification exam policies and FAQs.


Note

This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format. To help you prepare for this exam, Microsoft recommends that you have hands-on experience with the product and that you use the specified training resources. These training resources do not necessarily cover all topics listed in the "Skills measured" section.

Study Group

Updated on - Last reply by

All topics
View by

first pageprevious pagenext pagelast page

loaderLoading