Badge

Microsoft 365 Certified: Enterprise Administrator Expert

Microsoft 365 Enterprise Administrators evaluate, plan, migrate, deploy, and manage Microsoft 365 services.

Required exams: Exam MS-100 and Exam MS-101

Prerequisite: 1 certification | See details

Skills measured

Design and implement Microsoft 365 services

Manage domains

  • add and configure additional domains
  • configure user identities for new domain name
  • configure workloads for new domain name
  • design domain name configuration
  • set primary domain name
  • verify custom domain

Plan a Microsoft 365 implementation

  • plan for Microsoft 365 on-premises Infrastructure
  • plan identity and authentication solution

Setup Microsoft 365 tenancy and subscription

  • configure subscription and tenant roles and workload settings
  • evaluate Microsoft 365 for organization
  • plan and create tenant
  • upgrade existing subscriptions to Microsoft 365
  • monitor license allocations

Manage Microsoft 365 subscription and tenant health

  • manage service health alerts
  • create & manage service requests
  • create internal service health response plan
  • monitor service health
  • configure and review reports, including BI, OMS, and Microsoft 365 reporting
  • schedule and review security and compliance reports
  • schedule and review usage metrics

Plan migration of users and data

  • identify data to be migrated and method
  • identify users and mailboxes to be migrated and method
  • plan migration of on-prem users and groups
  • import PST Files

Manage user identity and roles

Design identity strategy

  • evaluate requirements and solution for synchronization
  • evaluate requirements and solution for identity management
  • evaluate requirements and solution for authentication

Plan identity synchronization by using Azure AD Connect

  • design directory synchronization
  • implement directory synchronization with directory services, federation services, and Azure endpoints

Manage identity synchronization by using Azure AD Connect

  • monitor Azure AD Connect Health
  • manage Azure AD Connect synchronization
  • configure object filters
  • configure password sync
  • implement multi-forest AD Connect scenarios

Manage Azure AD identities

  • plan Azure AD identities
  • implement and manage Azure AD self-service password reset
  • manage access reviews
  • manage groups
  • manage passwords
  • manage product licenses
  • manage users
  • perform bulk user management

Manage user roles

  • plan user roles
  • allocate roles in workloads
  • configure administrative accounts
  • configure RBAC within Azure AD
  • delegate admin rights
  • manage admin roles
  • manage role allocations by using Azure AD
  • plan security and compliance roles for Microsoft 365

Manage access and authentication 

Manage authentication

  • design authentication method
  • configure authentication
  • implement authentication method
  • manage authentication
  • monitor authentication

Implement Multi-Factor Authentication (MFA)

  • design an MFA solution
  • configure MFA for apps or users
  • administer MFA users
  • report MFA utilization

Configure application access

  • configure application registration in Azure AD
  • configure Azure AD application proxy
  • publish enterprise apps in Azure AD

Implement access for external users of Microsoft 365 workloads

  • create B2B accounts
  • create guest accounts
  • design solutions for external access

Plan Office 365 workloads and applications

Plan for Office 365 workload deployment

  • identify hybrid requirements
  • plan connectivity and data flow for each workload
  • plan for Microsoft 365 workload connectivity
  • plan migration strategy for workloads

Plan Office 365 applications deployment

  • manage Office 365 software downloads
  • plan for Office 365 apps
  • plan for Office 365 Pro plus apps updates
  • plan for Office 365 Pro plus connectivity
  • plan for Office online
  • plan Office 365 Pro plus deployment

Implement modern device services

Implement Mobile Device Management (MDM)

  • plan for MDM
  • configure MDM integration with Azure AD
  • set an MDM authority
  • set device enrollment limit for users

Manage device compliance

  • plan for device Compliance
  • design Conditional Access Policies
  • create Conditional Access Policies
  • configure device compliance policy
  • manage Conditional Access Policies

Plan for devices and apps

  • create and configure Microsoft Store for Business
  • plan app deployment
  • plan device co-management
  • plan device monitoring
  • plan for device profiles
  • plan for Mobile Application Management
  • plan mobile device security

Plan Windows 10 deployment

  • plan for Windows as a Service (WaaS)
  • plan the appropriate Windows 10 Enterprise deployment method
  • analyze upgrade readiness for Windows 10
  • evaluate and deploy additional Windows 10 Enterprise security features

Implement Microsoft 365 security and threat management

Implement Cloud App Security (CAS)

  • configure Cloud App Security (CAS)
  • configure Cloud App Security (CAS) policies
  • configure Connected apps
  • design cloud app security (CAS) Solution
  • manage Cloud App Security (CAS) alerts
  • upload cloud app security (CAS) traffic logs

Implement threat management

  • plan a threat management solution
  • design Azure Advanced Threat Protection (ATP) Policies
  • design Microsoft 365 ATP Policies
  • configure Azure ATP Policies
  • configure Microsoft 365 ATP Policies
  • monitor Advanced Threat Analytics (ATA) incidents

Implement Windows Defender Advanced Threat Protection (ATP)

  • plan Windows Defender ATP Solution
  • configure preferences
  • implement Windows Defender ATP Policies
  • enable and configure security features of Windows 10 Enterprise

Manage security reports and alerts

  • manage service assurance dashboard
  • manage tracing and reporting on Azure AD Identity Protection
  • configure and manage Microsoft 365 security alerts
  • configure and manage Azure Identity Protection dashboard and alerts

Manage Microsoft 365 governance and compliance

Configure Data Loss Prevention (DLP)

  • configure DLP Policies
  • design data retention policies in Microsoft 365
  • manage DLP exceptions
  • monitor DLP policy matches
  • manage DLP policy matches

Implement Azure Information Protection (AIP)

  • plan AIP solution
  • plan for deployment On-Prem rights management Connector
  • plan for Windows information Protection (WIP) implementation
  • plan for classification labeling
  • configure Information Rights Management (IRM) for Workloads
  • configure Super User
  • deploy AIP Clients
  • implement Azure Information Protection policies
  • implement AIP tenant key

Manage data governance

  • configure information retention
  • plan for Microsoft 365 backup
  • plan for restoring deleted content
  • plan information Retention Policies

Manage auditing

  • configure audit log retention
  • configure audit policy
  • monitor Unified Audit Logs

Manage eDiscovery

  • search content by using Security and Compliance Center
  • plan for in-place and legal hold
  • configure eDiscovery

Prerequisite

To become a Microsoft 365 Certified Enterprise Administrator Expert, you must earn one of these Microsoft 365 workload administrator certifications: Microsoft 365 Certified: Modern Desktop Administrator Associate, Microsoft 365 Certified: Teamwork Administrator, Microsoft 365 Certified: Security Administrator Associate, or Microsoft 365 Certified: Messaging Administrator Associate.

If you have your MCSE: Productivity certification and you pass Exam MS-100 and Exam MS-101, you will earn the Microsoft 365 Certified: Enterprise Administrator Expert certification.

Microsoft 365 Certified: Modern Desktop Administrator Associate

Option 1: Prerequisite certification

Modern Desktop Administrators deploy, configure, secure, manage, and monitor devices and client applications in an enterprise environment.

Microsoft 365 Certified: Teamwork Administrator

Option 2: Prerequisite certification

Microsoft 365 Teamwork Administrators configure, deploy, and manage Office 365 workloads that focus on efficient and effective collaboration, such as SharePoint (online, on-premises, and hybrid), OneDrive, and Teams.

Microsoft 365 Certified: Security Administrator Associate

Option 3: Prerequisite certification

Microsoft 365 Security Administrators proactively secure M365 enterprise and hybrid environments, implement and manage security and compliance solutions, respond to threats, and enforce data governance.

Microsoft 365 Certified: Messaging Administrator Associate

Option 4: Prerequisite certification

Microsoft 365 Messaging Administrators deploy, configure, manage, and monitor messaging infrastructure, permissions, client access, mail protection, and mail flow in both on-premises, hybrid, and cloud enterprise environments.

MCSE Productivity

Option 5: Prerequisite certification

This certification validates that you have the skills needed to move your company to the cloud, increase user productivity and flexibility, reduce data loss, and improve data security for your organization. If you have your MCSE: Productivity certification and you pass Exam MS-100 and Exam MS-101, you will earn the Microsoft 365 Certified: Enterprise Administrator Expert certification.

Prepare for certification

Self-paced

Free
Microlearning
Interactive
In-browser access
Start learning

Instructor-led

Paid
Personalized
In-person
On-demand
Explore courses

Exam MS-100

Exam MS-100: Microsoft 365 Identity and Services

Languages: English

This exam measures your ability to accomplish the following technical tasks: design and implement Microsoft 365 services; manage user identity and roles; manage access and authentication; and plan Office 365 workloads and applications. Learn more.

Schedule exam

Official Practice Test for Exam MS-100

All objectives of the exam are covered in depth so you’ll be ready for any question on the exam.

Exam MS-101

Exam MS-101: Microsoft 365 Mobility and Security

Languages: English

This exam measures your ability to accomplish the following technical tasks: implement modern device services; implement Microsoft 365 security and threat management; and manage Microsoft 365 governance and compliance. Learn more.

Schedule exam

*Pricing does not reflect any promotional offers or reduced pricing for Microsoft Imagine Academy program members, Microsoft Certified Trainers, and Microsoft Partner Network program members. Pricing is subject to change without notice. Pricing does not include applicable taxes. Please confirm exact pricing with the exam provider before registering to take an exam.

Additional resources

Guides to Training and Certifications

Explore all certifications in a concise training and certifications guide or the Training and Certifications poster.

Exam Replay

See two great offers to help boost your odds of success.

Support for certifications

Get help through Microsoft Certification support forums. A forum moderator will respond in one business day.