MS-500 Study Guide Microsoft 365 Security Administration

In this MS-500 Study Guide, I will share both free and paid options, whether books, video training or simply links to articles and blog posts.

Watch the MS-500 Study Guide Microsoft 365 Security Administration Video. 👇🏾

MS-500 Microsoft Learning Path

Don’t miss these free, self-paced online resources to help you gain the skills needed to earn your certification. MS-500 online learning paths

MS-500 Instructor-led training (Microsoft Official Courses)

Take a four-day instructor-led course. The course combines lectures with practical, hands-on exercises. $1400 Course MS- 500T00-A: Microsoft 365 Security Administration

MS-500 Video Training

This learning path is designed to help you prepare for the MS-500 Microsoft 365 Security Administration. $39 subscription to Cloud AcademyMS-500 Exam Prep

MS-500 Practice Exams

Microsoft Official Practice Tests are self-study tools that prepare candidates for the Microsoft required exams. $99.00 - $109.00 Microsoft Official Practice Test Fundamentals - Microsoft Official Practice Test

Another practice test and sample questions. Free Examtopics.com Microsoft MS-500 Exam

Audience Profile for the Exam

Candidates for this exam are familiar with Microsoft 365 workloads and have strong skills and experience with identity protection, information protection, threat protection, security management, and data governance. This role focuses on the Microsoft 365 environment and includes hybrid environments.

About Exam MS-500: Microsoft 365 Security Administration

Candidates for this exam implement, manage, and monitor security and compliance solutions for Microsoft 365 and hybrid environments. The Microsoft 365 security administrator proactively secures Microsoft 365 enterprise environments, responds to threats, performs investigations, and enforces data governance. The Microsoft 365 security administrator collaborates with the Microsoft 365 enterprise administrator, business stakeholders, and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.

Skills Measured

For the full list of the skills that the exam measures, along with the level of experience and expertise that you’ll need as an exam candidate, check out the Skills measured.

Objective domains

This section itemizes the topics covered in the Exam Prep session and links to Microsoft documentation so you can review the topics in detail.

• Implement and manage identity and access (30–35%)

• Implement and manage threat protection (20–25%)

• Implement and manage information protection (15–20%)

• Manage governance and compliance features in Microsoft 365 (25–30%)

MS-500 Articles / Blog Posts Per Objective

Implement and manage identity and access (30–35%)

Secure Microsoft 365 hybrid environments

Plan Azure AD authentication options

1. Choose the right authentication method for your Azure Active Directory hybrid identity solution

2. What authentication and verification methods are available in Azure Active Directory?

3. What is a hybrid identity with Azure Active Directory?

4. Determine identity requirements for your hybrid identity solution

Plan Azure AD synchronization options

1. Azure AD Connect sync: Understand and customize synchronization

2. Getting started with Azure AD Connect using express settings

3. Custom installation of Azure AD Connect

4. Hybrid identity and directory synchronization for Microsoft 365

5. Azure Active Directory Hybrid Identity Design Considerations

6. Deploy Microsoft 365 Directory Synchronization in Microsoft Azure

7. How objects and credentials are synchronized in an Azure Active Directory Domain Services managed domain

8. Set up directory synchronization for Microsoft 365

Monitor and troubleshoot Azure AD Connect events

1. Troubleshoot Azure AD connectivity

2. Troubleshoot object synchronization with Azure AD Connect sync

3. Azure Active Directory Connect Health operations

Secure Identities

Implement Azure AD group membership

1. Create a basic group and add members using Azure Active Directory

2. Create or update a dynamic group in Azure Active Directory

3. Dynamic membership rules for groups in Azure Active Directory

4. Create a dynamic group and check status

Implement password management

1. Plan an Azure Active Directory self-service password reset deployment

2. Tutorial: Enable users to unlock their account or reset passwords using Azure Active Directory self-service password reset

3. Let users reset their own passwords

4. How it works: Azure AD self-service password reset

5. Password policies and account restrictions in Azure Active Directory

Configure and manage identity governance

1. What is Azure AD Identity Governance?

2. Manage user access with Azure AD access reviews

Implement authentication methods

Plan sign-on security

1. What are security defaults?

2. What is single sign-on (SSO)?

3. Determine multi-factor authentication requirements for your hybrid identity solution

Implement multi-factor authentication (MFA)

1. Overview of Azure Multi-Factor Authentication for your organization

2. Set up multi-factor authentication

3. Tutorial: Secure user sign-in events with Azure Multi-Factor Authentication

4. Features and licenses for Azure Multi-Factor Authentication

Manage and monitor MFA

1. Manage user settings for Azure Multi-Factor Authentication

2. Use the sign-ins report to review Azure Multi-Factor Authentication events

3. Change your two-factor verification method and settings

4. Monitor identity and access

Plan and implement device authentication methods like Windows Hello

1. Plan a passwordless authentication deployment in Azure Active Directory

2. Planning a Windows Hello for Business Deployment

3. Move away from passwords, deploy Windows Hello. Today!

Configure and manage Azure AD user authentication options

1. What authentication and verification methods are available in Azure Active Directory?

2. Azure Active Directory Authentication documentation

Implement conditional access

Plan for compliance and conditional access policies

1. Plan a Conditional Access deployment

2. What are common ways to use Conditional Access with Intune?

3. What are conditions in Azure Active Directory Conditional Access?

4. Building a Conditional Access policy

5. Best practices for Conditional Access in Azure Active Directory

Configure and manage device compliance for endpoint security

1. Manage endpoint security in Microsoft Intune

2. Use compliance policies to set rules for devices you manage with Intune

3. Manage devices with endpoint security in Microsoft Intune

4. Create a compliance policy in Microsoft Intune

Implement and manage conditional access

1. Common Conditional Access policies

Implement role-based access control (RBAC)

Plan for roles

1. What is Azure role-based access control (Azure RBAC)?

2. Best practices for Azure RBAC

Configure roles

1. Create or update Azure custom roles using the Azure portal

2. Assign Azure roles using the Azure portal

3. Assign Azure roles using Azure PowerShell

4. Azure built-in roles

5. Azure custom roles

Audit roles

1. View activity logs for Azure RBAC changes

Implement Azure AD Privileged Identity Management (PIM)

Plan for Azure PIM

1. Deploy Azure AD Privileged Identity Management (PIM)

2. What is Azure AD Privileged Identity Management?

3. Securing privileged access for hybrid and cloud deployments in Azure AD

4. Start using Privileged Identity Management

Implement and configure Azure PIM roles

1. Configure Azure AD role settings in Privileged Identity Management

2. Configure Azure resource role settings in Privileged Identity Management

3. Delegate access to Privileged Identity Management

Manage Azure PIM role assignments

1. Assign Azure AD roles in Privileged Identity Management

2. Assign Azure resource roles in Privileged Identity Management

3. Management capabilities for Azure AD roles in Privileged Identity Management

4. Activate my Azure AD roles in PIM

Implement Azure AD Identity Protection

Implement a user risk policy

1. How To: Configure and enable risk policies

2. Identity Protection policies

3. Tutorial: Use risk detections for user sign-ins to trigger Azure Multi-Factor Authentication or password changes

4. Conditional Access: Sign-in risk-based Conditional Access

5. Remediate risks and unblock users

Implement a sign-in risk policy

1. How To: Configure and enable risk policies

Configure Identity Protection alerts

1. How To: Configure risk policies in Azure Active Directory identity protection

2. Quickstart: Block access when a session risk is detected with Azure Active Directory Identity Protection

3. Azure Active Directory Identity Protection notifications

Review and respond to risk events

1. Users flagged for risk report in the Azure portal

2. Simulating risk detections in Identity Protection

3. Remediate risks and unblock users

Implement and manage threat protection (20-25%)

Implement an enterprise hybrid threat protection solution

Plan a Microsoft Defender for Identity solution

1. What is Microsoft Defender for Identity?

2. Microsoft Defender for Identity documentation

3. Microsoft Defender for Identity prerequisites

4. Plan capacity for Microsoft Defender for Identity

Install and configure Microsoft Defender for Identity

1. Quickstart: Create your Microsoft Defender for Identity instance

2. Quickstart: Connect to your Active Directory Forest

3. Quickstart: Download the Microsoft Defender for Identity sensor setup package

4. Quickstart: Install the Microsoft Defender for Identity sensor

Monitor and manage Microsoft Defender for Identity

1. Work with Microsoft Defender for Identity health and events

2. Working with the Microsoft Defender for Identity portal

Implement device threat protection

Plan a Microsoft Defender for Endpoint solution

1. Microsoft Defender for Endpoint

2. Prepare Microsoft Defender for Endpoint deployment

3. Minimum requirements for Microsoft Defender for Endpoint

4. Plan your Microsoft Defender for Endpoint deployment

Implement Microsoft Defender for Endpoint

1. Set up Microsoft Defender for Endpoint deployment

2. Configure advanced features in Defender for Endpoint

Manage and monitor Microsoft For Endpoint

1. Manage Microsoft Defender for Endpoint alerts

2. Check the Microsoft Defender for Endpoint service health

Implement and manage device and application protection

Plan for device and application protection

1. What are app protection policies?

2. App protection policies overview

3. How to create and assign app protection policies

Configure and manage Windows Defender Application Guard

1. Microsoft Defender Application Guard overview

2. Create and deploy Microsoft Defender Application Guard policy

3. Configure Microsoft Defender Application Guard policy settings

4. System requirements for Microsoft Defender Application Guard

5. Application Guard testing scenarios

Configure and manage Windows Defender Application Control

1. Windows Defender Application Control

2. Windows Defender Application Control and virtualization-based protection of code integrity

3. Deploy Windows Defender Application Control policies by using Group Policy

4. Application Control for Windows

5. Windows Defender Application Control management with Configuration Manager

6. Deploy Windows Defender Application Control policies by using Microsoft Intune

7. Manage Packaged Apps with Windows Defender Application Control

Configure and manage Windows Defender Exploit Guard

1. Create and deploy an Exploit Guard policy

2. Protect devices from exploits

3. Import, export, and deploy exploit protection configurations

Configure Secure Boot

1. Secure boot

2. Secure the Windows 10 boot process

Configure and manage Windows device encryption

1. Overview of BitLocker Device Encryption in Windows 10

2. BitLocker

Plan for securing applications data on devices

1. Protect your data in files, apps, and devices

2. Prevent data leaks on non-managed devices using Microsoft Intune

3. Microsoft Intune planning guide

Implement application protection policies

1. App protection policies overview

2. Frequently asked questions about MAM and app protection

3. Data protection framework using app protection policies

4. Android app protection policy settings in Microsoft Intune

5. Application protection policies and work profiles on Android Enterprise devices in Intune

Implement and manage Microsoft Defender for Office 365

Configure Microsoft Defender for Office 365

1. Microsoft 365 Defender

2. Office 365 Security overview

3. Set up Safe Attachments policies in Microsoft Defender for Office 365

4. Set up Safe Links policies in Microsoft Defender for Office 365

5. Recommended settings for EOP and Microsoft Defender for Office 365 security

Monitor Microsoft Defender for Office 365

1. Security Dashboard

Conduct simulated attacks using Attack Simulator

1. Attack Simulator in Microsoft Defender for Office 365

Monitor Microsoft 365 Security with Azure Sentinel

Plan and implement Azure Sentinel

1. Microsoft Azure Sentinel overview

2. What is Azure Sentinel?

3. Quickstart: On-board Azure Sentinel

Configure playbooks in Azure Sentinel

1. Tutorial: Use playbooks with automation rules in Azure Sentinel

Manage and monitor Azure Sentinel

1. Tutorial: Visualize and monitor your data

Respond to threats in Azure Sentinel

1. Tutorial: Detect threats out-of-the-box

2. Tutorial: Create custom analytics rules to detect threats

3. Tutorial: Use playbooks with automation rules in Azure Sentinel

Implement and manage information protection (15-20%)

Secure data access within Office 365

Implement and manage Customer Lockbox

1. Customer Lockbox in Office 365

Configure data access in Office 365 collaboration workloads

1. Microsoft 365 inter-tenant collaboration

2. Office 365 external sharing and Azure Active Directory (Azure AD) B2B collaboration

Configure B2B sharing for external users

1. What is guest user access in Azure Active Directory B2B?

2. Enable B2B external collaboration and manage who can invite guests

Manage Azure information Protection (AIP)

Plan a sensitivity label solution

1. What is Azure Information Protection?

2. Requirements for Azure Information Protection

3. Azure Information Protection requirements

4. Azure Information Protection deployment roadmap

5. Tutorial: Configure Azure Information Protection policy settings and create a new label

Configure Sensitivity labels and policies

1. Learn about sensitivity labels

2. Use sensitivity labels in Office apps

3. How to migrate Azure Information Protection labels to unified sensitivity labels

4. Enable sensitivity labels for Office files in SharePoint and OneDrive

5. Create and configure sensitivity labels and their policies

6. Get started with sensitivity labels

7. Restrict access to content by using sensitivity labels to apply encryption

8. Apply a sensitivity label to content automatically

Deploy the RMS connector

1. Deploying the Azure Rights Management connector

2. Installing and configuring the Azure Rights Management connector

3. Configuring servers for the Azure Rights Management connector

Manage tenant keys

1. Operations for your Azure Information Protection tenant key

2. Microsoft-managed: Tenant key life cycle operations

3. Customer-managed: Tenant key life cycle operations

4. Bring your own key (BYOK) details for Azure Information Protection

Configure and use label analytics

1. Analytics and central reporting for Azure Information Protection

Use sensitivity labels with Teams, Sharepoint, OneDrive and Office apps

1. Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365 groups, and SharePoint sites

Manage Data Loss Prevention (DLP)

Plan a DLP solution

1. Overview of data loss prevention

Create and manage DLP policies

1. Get started with the default DLP policy

2. Create a DLP policy from a template

3. Create, test, and tune a DLP policy

4. Get started with the data loss prevention on-premises scanner

Create and manage sensitive information types

1. Custom sensitive information types

2. Create a custom sensitive information type in the Security & Compliance Center

3. Create a custom sensitive information type in Security & Compliance Center PowerShell

4. Sensitive information type entity definitions

5. Create custom sensitive information types with Exact Data Match based classification

6. Customize a built-in sensitive information type

7. Create a sensitive information type policy for your organization using Message Encryption

Monitor DLP reports

1. View the reports for data loss prevention

Manage DLP notifications

1. Send email notifications and show policy tips for DLP policies

Implement and manage Microsoft Cloud App Security

Plan Cloud App Security implementation

1. Quickstart: Get started with Microsoft Cloud App Security

2. Basic setup for Cloud App Security

3. What are the differences between Microsoft Cloud App Security and Office 365 Cloud App Security?

4. Connect Microsoft 365 to Microsoft Cloud App Security

Configure Microsoft Cloud App Security

1. Security configuration overview

Manage cloud app discovery

1. Set up Cloud Discovery

2. Working with discovered apps

3. Discovered app filters and queries

4. Create Cloud Discovery policies

Manage entries in the Cloud app catalog

1. Add custom apps to Cloud Discovery

Manage apps in Cloud App Security

1. Connect apps

2. Control cloud apps with policies

Configure Cloud App Security connectors and Oauth apps

1. Manage OAuth apps

2. Tutorial: Investigate risky OAuth apps

3. OAuth app policies

Configure Cloud App Security policies and templates

1. Policy template reference

2. Access policies

3. Activity policies

4. File policies

5. Information protection policies

Review, interpret and respond to Cloud App Security alerts, reports, dashboards and logs

1. Monitor alerts in Cloud App Security

2. Get behavioral analytics and anomaly detection

3. Create snapshot Cloud Discovery reports

4. Generate data management reports

Manage governance and compliance features in Microsoft 365 (25-30%)

Configure and analyze security reporting

Monitor and manage device security status using Microsoft Endpoint Manager Admin Center

1. Monitor security baselines and profiles in Microsoft Intune

2. Device management overview

Manage and monitor security reports and dashboards using Microsoft 365 Security Center

1. Overview of the Microsoft 365 security center

2. Reports in the Security & Compliance Center

3. Security Dashboard

4. Smart reports and insights in the Security & Compliance Center

5. App monitoring and reporting in the Microsoft 365 security center

6. View email security reports in the Security & Compliance Center

Plan for custom security reporting with Graph Security API

1. Use the Microsoft Graph Security API

Use secure score dashboards to review actions and recommendations

1. Microsoft Secure Score

2. Assess your security posture with Microsoft Secure Score

Configure alert policies in the Security & Compliance admin center

1. Alert policies in the security and compliance center

Manage and analyze audit logs and reports

Plan for auditing and reporting

1. Auditing and Reporting in Microsoft cloud services

2. Auditing in Office 365 (for Admins)

3. Turn audit log search on or off

Perform audit log search

1. Turn audit log search on or off

2. Search the audit log to investigate common support issues

3. Detailed properties in the audit log

4. Search the audit log for events in Microsoft Teams

Review and interpret compliance reports and dashboards

1. Microsoft Compliance Manager

2. Reports in the Security & Compliance Center

Configure audit alert policy

1. Alert policies in the security and compliance center

2. Manage audit log retention policies

Manage data governance and retention

Plan for data governance and retention

1. Data governance and retention in your Microsoft 365 tenant—a secure and highly capable solution

2. Microsoft Information Governance in Microsoft 365

3. Get started with retention policies and retention labels

Review and interpret data governance reports and dashboards

1. View the data governance reports

2. Smart reports and insights in the Security & Compliance Center

Configure retention policies

1. Create and configure retention policies

2. Set up an archive and deletion policy for mailboxes in your organization

3. Retention policies in Microsoft Teams

4. Learn about retention for Microsoft Teams

Define data governance event types

1. Start retention when an event occurs

Define data governance supervision policies

1. Learn about communication compliance in Microsoft 365

2. Get started with communication compliance

Configure Information holds

1. In-Place Hold and Litigation Hold

2. How to identify the type of hold placed on an Exchange Online mailbox

3. Create a Litigation Hold

4. Manage holds in Advanced eDiscovery

Find and recover deleted Office 365 data

1. Recover deleted items in a user mailbox

Configure data archiving

1. Enable archive mailboxes in the Security & Compliance Center

2. Archive features in Exchange Online Archiving

3. Overview of unlimited archiving

4. Enable unlimited archiving – Admin Help

Manage inactive mailboxes

1. Create and manage inactive mailboxes

2. Overview of inactive mailboxes

3. Recover an inactive mailbox

4. Delete an inactive mailbox

5. Restore an inactive mailbox

Manage search and investigation

Plan for content search and eDiscovery

1. eDiscovery in Microsoft 365

2. Content Search

3. Limits for Content Search in the Security & Compliance Center

Search for personal data

1. Search for and find personal data

Monitor for leaks of personal data

1. Monitor for leaks of personal data

Delegate permissions to use search and discovery tools

1. Assign eDiscovery permissions in the Security & Compliance Center

Use search and investigation tools to perform content searches

1. Overview of Microsoft 365 Advanced eDiscovery

2. Conduct an eDiscovery investigation of content in Microsoft Teams

3. Content Search

Export content search results

1. Export Content Search results

2. Export a Content Search report

3. Export content from a Core eDiscovery case

Manage eDiscovery cases

1. Get started with Core eDiscovery

2. Set up Microsoft 365 Advanced eDiscovery

3. Manage legal investigations in Microsoft 365

4. Create an eDiscovery hold

5. Close, reopen, and delete a Core eDiscovery case

6. Add custodians to an Advanced eDiscovery case

Manage data privacy regulation compliance

Plan for regulatory compliance in Microsoft 365

1. Microsoft compliance offerings

Review and interpret GDPR dashboards and reports

1. GDPR discovery, protection, and reporting in the dev/test environment

2. New Microsoft 365 features to accelerate GDPR compliance

Manage Data Subject Requests (DSRs)

1. Data Subject Requests and the GDPR and CCPA

Administer Compliance Manager

1. Compliance Manager quickstart

Review Compliance Manager reports

1. Use Compliance Manager to manage improvement actions

Create and perform Compliance Manager assessments and action items

1. Build and manage assessments in Compliance Manager

Additional Study Resources

In addition to the documentation listed in the previous sections, we offer several resources to help you prepare for the exam and to stay up to speed and engaged with the Azure community. These resources range from formal training to blogs and even interviews with Microsoft team members.

MS-500 online learning paths - Don’t miss these free, self-paced online resources to help you gain the skills needed to earn your certification.