3tallah's Blog

The Point is to understand

Sunday, June 14, 2020

MS-500 Microsoft 365 Security Administration Exam Preparation

MS-500 Microsoft 365 Security Administration Exam Preparation

I’ve recently joined a Facebook group for Microsoft cloud technologies and notice that many people are looking to take this exam (MS-500: Microsoft 365 Security Administration Certification) which has just passed and added a new badge to my Acclaim (Microsoft 365 Certified: Security Administrator Associate), while the original preparation guide available on the exam registration page (link) as well as my previous blog about (Microsoft 365 Fundamentals 4 hours Learning Path), I thought that I can add some more deep insights to target the core exam objectives that needed to be addressed. Below I’m sharing with you the preparation notes and the current objectives as of the time of posting exam, along with resources that should help you prepare.

However, for starters, I would recommend taking the fundamentals first. by considering MS-900 and MS-101 if you have the time, But if you haven’t – or you just decide to go for it, then better to give it a try by hands-on experiences on Microsoft E5 security bundle like (Windows Defender ATP, Office 365 ATPs, AIP & Unified Labeling, DLP, PIM, Intune or Cloud App Security just get your Microsoft E5 trial tenant using this (link) and get into the deep dive and technologies details

Domains Covered in MS-500 Exam 

This exam measures your ability to accomplish the following technical tasks:

  • Implement and manage identity and access (30-35%)
  • Implement and manage threat protection (20-25%)
  • Implement and manage information protection (15-20%)
  • Manage governance and compliance features in Microsoft 365 (25-30%)

Exam Core topics 





Configure Azure Multi-Factor Authentication - Azure Active Directory

Learn how to configure settings for Azure Multi-Factor Authentication in the Azure portal


Location condition in Azure Active Directory Conditional Access

Learn how to use the location condition to control access to your cloud apps based on a user's network location.


How to manage devices using the Azure portal

Learn how to use the Azure portal to manage devices.


Azure AD Connect: Enabling device writeback

This document details how to enable device writeback using Azure AD Connect


Risk policies - Azure Active Directory Identity Protection

Enable and configure risk policies in Azure Active Directory Identity Protection


activity reports in the Azure Active Directory portal

Introduction to sign-in activity reports in the Azure Active Directory portal


Set expiration for Office 365 groups - Azure Active Directory

How to set up expiration for Office 365 groups in Azure Active Directory


Configure an Azure Information Protection label for protection - AIP

You can protect your most sensitive documents and emails when you configure a label to use Rights Management protection.


Prepare users and groups for Azure Information Protection

Check that you have the user and group accounts that you need to start classifying, labeling, and protecting your organization's documents and emails.


Secure your Azure AD identity infrastructure - Azure Active Directory

This document outlines a list of important actions administrators should implement to help them secure their organization using Azure AD capabilities


In-Place eDiscovery in Exchange Server

Summary: Learn about In-Place eDiscovery in Exchange Server 2016 and Exchange Server 2019.


Apply a retention policy to mailboxes

You can use retention policies to group one or more retention tags and apply them to mailboxes to enforce message retention settings. A mailbox can't have more than one retention policy.


Create a Retention Policy

In Exchange Online, you can use retention policies to manage email lifecycle. Retention policies are applied by creating retention tags, adding them to a retention policy, and applying the policy to mailbox users.


App protection policies overview - Microsoft Intune

Learn how Microsoft Intune app protection policies help protect your company data and prevent data loss.


Device restriction settings for Windows 10 in Microsoft Intune - Azure

See a list of all the settings and their descriptions for creating device restrictions on Windows 10 and later devices. Use these settings in a configuration profile to control screenshots, password requirements, kiosk settings, apps in the store, Microsoft Edge browser, Microsoft Defender, access to the cloud, start menu, and more in Microsoft Intune.


Use Microsoft Defender ATP in Microsoft Intune - Azure

Use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) with Intune, including setup and configuration, onboarding of your Intune devices with ATP, and then use a devices ATP risk assessment with your Intune device compliance and conditional access policies to protect network resources.


Integrate Jamf Pro with Microsoft Intune for compliance - Microsoft Intune

Use Microsoft Intune compliance policies with Azure Active Directory Conditional Access to help integrate and secure Jamf-managed devices.


Protection settings for Windows 10 devices in Microsoft Intune - Azure

On Windows 10 devices, use or configure endpoint protection settings to enable Microsoft Defender features, including Application Guard, Firewall, SmartScreen, encryption and BitLocker, Exploit Guard, Application Control, Security Center, and security on local devices in Microsoft Intune.


Set up multi-factor authentication for users - Microsoft 365 admin

Learn how to set up multi-factor authentication for your organization.


Supervision policies - Microsoft 365 Compliance

Learn about using supervision policies in Microsoft 365 to capture employee communications for examination by designated reviewers.


Use your free Azure Active Directory subscription - Microsoft 365 Compliance

Learn how to access Azure Active Directory, which is included in your organization's paid subscription.


What the DLP policy templates include - Microsoft 365 Compliance

Data loss prevention (DLP) in the Security & Compliance Center includes ready-to-use policy templates that address common compliance requirements, such as helping you to protect sensitive information subject to the U.S. Health Insurance Act (HIPAA), U.S. Gramm-Leach-Bliley Act (GLBA), or U.S. Patriot Act. This topic lists all of the policy templates, what types of sensitive information they look for, and what the default conditions and actions are.


Work with Microsoft Compliance Manager (Preview) - Microsoft 365 Compliance

Microsoft Compliance Manager is a free workflow-based risk assessment tool. Use it to track, assign, and verify regulatory compliance activities related to Microsoft products.


Attack Simulator in ATP - Office 365

Learn how to use Attack Simulator to run simulated phishing and password attacks in your Microsoft 365 E5 or ATP Plan 2 organization.


Dynamic Delivery and previewing with ATP Safe Attachments - Office 365

When you set up your ATP safe attachments policies, you choose Dynamic Delivery to avoid message delays and enable people to preview attachments that are being scanned.


Integrate Office 365 ATP with Microsoft Defender ATP - Office 365

Integrate Office 365 Advanced Threat Protection with Microsoft Defender Advanced Threat Protection to see more detailed threat management information.


Manage quarantined messages and files as an admin - Office 365

Admins can learn how to view and manage quarantined messages for all users in Exchange Online Protection (EOP). Admins in organizations with Office 365 Advanced Threat Protection (Office 365 ATP) can also manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams.


Permissions - Microsoft 365 Security & Compliance Center - Office 365

Admins can learn about the permissions that are available in the Microsoft 365 Security & Compliance Center.


Set up a custom blocked URLs list using ATP Safe Links - Office 365

Learn how to set up a list of blocked URLs for your organization using Office 365 Advanced Threat Protection.


Anti-phishing policies - Office 365

Admins can learn about the anti-phishing policies that are available in Exchange Online Protection (EOP) and Office 365 Advanced Threat Protection (Office 365 ATP).


Set up Office 365 ATP Safe Links policies - Office 365

Set up Safe Links policies to protect your organization from malicious links in Word, Excel, PowerPoint, and Visio files, as well as in email messages.


View reports for Advanced Threat Protection - Office 365

Find and use reports for Office 365 Advanced Threat Protection in the Security & Compliance Center.


Fixing problems with directory synchronization for Microsoft 365

Describes common causes of problems with directory synchronization in Office 365 and provides a few methods to help troubleshoot and resolve them.


How to check Microsoft 365 service health

View the health status of Microsoft 365 services before you call support to see if there is an active service interruption.


Change the external sharing setting for a user's OneDrive - OneDrive

Learn how to change the OneDrive external sharing setting for a user in the Microsoft 365 admin center.



You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center.



You can use this cmdlet for one mailbox at a time. To perform bulk management, you can pipeline the output of various Get- cmdlets (for example, the Get-Mailbox or Get-User cmdlets) and configure several mailboxes in a single-line command. You can also use the Set-Mailbox cmdlet in scripts. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.


How to set a Retention Policy on a SharePoint site - SharePoint Maven

If you are looking for an explanation and instructions on how to set up a Retention Policy on a SharePoint site - this article will help.


Create and manage sensitivity labels - Office Support

Sensitivity labels allow you to classify and protect content that is sensitive to your business. Learn how to create a sensitivity label and make it available to your users.


Overview of data loss prevention in SharePoint Server 2016 - SharePoint

Learn how you can use data loss prevention (DLP) features such as DLP queries and DLP policies to identify, monitor, and automatically protect your sensitive information from inadvertent leaks.


Protect against phishing attempts in Microsoft 365 - Office Support

Protect your email from phishing attacks by setting up ATP anti-phishing in Microsoft 365 Business and Enterprise.


PingOne: How to troubleshoot an AD Connect Instance

Helpful information for an Administrator that is troubleshooting AD Connect. Includes information on how to review the log data in Event Viewer and how to use the config.aspx page.


Office 365: Classification and Retention Labels - O365 Mike Office 365: Classification and Retention Labels - O365 Mike


Azure Advanced Threat Protection Advanced Audit Policy check

This article provides an overview of Azure ATP's Advanced Audit Policy check.


Configure Windows Event Forwarding in Azure Advanced Threat Protection

Describes your options for configuring Windows Event Forwarding with Azure ATP


Configure Port Mirroring when deploying Azure Advanced Threat Protection

Describes port mirroring options and how to configure them for Azure ATP


Configure Azure ATP sensor settings conceptual

Step five of installing Azure ATP helps you configure settings for your Azure ATP standalone sensor.


Install Azure Advanced Threat Protection VPN Integration

Collect accounting information for Azure ATP by integrating a VPN.


Understanding the Azure Advanced Threat Protection portal

Describes how to log into the Azure ATP portal and the components of the portal


Visibility into cloud app activities - Cloud App Security

This article provides a list of activities, filters and match parameters that can be applied to activity policies.


Understanding file data and filters available in Cloud App Security

This reference article provides information about the types of files and file filters used by Cloud App Security.


Create session policies in Cloud App Security

This article describes the procedure for setting up a Cloud App Security Conditional Access App Control session policy gain deep visibility into user session activities and block downloads using reverse proxy capabilities.


Permissions in Exchange Online

Exchange Online in Office 365 includes a large set of predefined permissions, based on the Role Based Access Control (RBAC) permissions model, which you can use right away to easily grant permissions to your administrators and users. You can use the permissions features in Exchange Online so that you can get your new organization up and running quickly.


Alert policies in the security and compliance centers - Microsoft 365 Compliance

Create alert policies in the security and compliance center in Office 365 and Microsoft 365 to monitor potential threats, data loss, and permissions issues.


Apply labels to personal data - Microsoft 365 Compliance

Learn how to use Office labels as part of your General Data Protection Regulation (GDPR) protection plan.


Apply a sensitivity label to content automatically - Microsoft 365 Compliance

When you create a sensitivity label, you can automatically assign a label to a document or email, or you can prompt users to select the label that you recommend.


Assign eDiscovery permissions in the Security & Compliance Center - Microsoft 365 Compliance

Assign the permissions required to perform eDiscovery-related tasks using the Security & Compliance Center.


Content Search - Microsoft 365 Compliance

Use the Content Search tool in the compliance center in Office 365 or Microsoft 365 to search for content in a variety of Office 365 services.


Create activity alerts - Microsoft 365 Compliance

Add and manage activity alerts in the Security & Compliance Center so that Microsoft 365 will send you email notifications when users perform specific activities


Create, report on, and delete multiple Content Searches - Microsoft 365 Compliance

Learn how to automate Content Search tasks like creating searches and running reports via PowerShell scripts in the Security & Compliance Center in Office 365.


Create, test, and tune a DLP policy - Microsoft 365 Compliance

In this article, you'll learn how to create, test, and tune a DLP policy according to your organizational needs.


Overview of data loss prevention - Microsoft 365 Compliance

With a data loss prevention (DLP) policy in the Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.


Manage mailbox auditing - Microsoft 365 Compliance

Mailbox audit logging is turned on by default (also called default mailbox auditing or mailbox auditing on by default). This means that certain actions performed by mailbox owners, delegates, and admins are automatically logged in a mailbox audit log, where you can search for activities performed on the mailbox.



You can use the Set-SPOTenant cmdlet to enable external services and to specify the versions in which site collections can be created. You can also use the Set-SPOSite cmdlet together with the Set-SPOTenant cmdlet to block access to a site in your organization and redirect traffic to another site. You must be a SharePoint Online administrator or Global Administrator to run the cmdlet.


Control access from unmanaged devices - SharePoint in Microsoft 365

Learn how to block or limit access to SharePoint and OneDrive content on devices that aren't compliant or joined to a domain.


Manage sharing settings - SharePoint in Microsoft 365

Learn how global and SharePoint admins can change the organization-level sharing settings for SharePoint and OneDrive in Microsoft 365.


Create and manage machine groups in Microsoft Defender ATP - Windows security

Create machine groups and set automated remediation levels on them by confiring the rules that apply on the group


Conditional access for VPN connectivity using Azure AD

In this optional step, you can fine-tune how authorized VPN users access your resources using Azure Active Directory (Azure AD) conditional access.


Configure Data Loss Prevention policies in Exchange Online in Office 365 - Collab365 Events


azure-docs/pim-how-to-change-default-settings.md at master · MicrosoftDocs/azure-docs · GitHub

Open source documentation of Microsoft Azure. Contribute to MicrosoftDocs/azure-docs development by creating an account on GitHub.


azure-docs/groups-dynamic-membership.md at master · MicrosoftDocs/azure-docs · GitHub

Open source documentation of Microsoft Azure. Contribute to MicrosoftDocs/azure-docs development by creating an account on GitHub.


How do I assign the elevated admin role 'Organization Management' to the account that is performing a Public Folder migration? – BitTitan Help Center

​How do I assign the elevated admin role 'Organization Management' to the administrative account that is performing a Public Folder...


How-to Setup Multi-Factor Authentication in Office 365 — LazyAdmin

Howto enable Office 365 MFA, tips on rolling it out in your organisation and Office 365 MFA License details explained.


Export Content Search results - Microsoft 365 Compliance

Export the search results from a Content Search in the Security & Compliance Center to a local computer. Email results are exported as PST files. Content from SharePoint and OneDrive for Business sites are exported as native Office documents.


Get started with core eDiscovery cases in Microsoft 365 - Microsoft 365 Compliance

This article describes how to get started using core eDiscovery in Microsoft 365. After you assign eDiscovery permissions and create a case, you can add members, create eDiscovery holds, and then search for and export data that's relevant to your investigation.


Get started with core eDiscovery cases in Microsoft 365 - Microsoft 365 Compliance

This article describes how to get started using core eDiscovery in Microsoft 365. After you assign eDiscovery permissions and create a case, you can add members, create eDiscovery holds, and then search for and export data that's relevant to your investigation.


Keyword queries and search conditions for Content Search - Microsoft 365 Compliance

Learn about email and file properties that you can search in Exchange Online mailboxes and in SharePoint or OneDrive for Business sites using the Content Search tool in the Security & Compliance Center.


Learn about retention labels - Microsoft 365 Compliance

Learn how retention labels classify data across your organization for governance, and enforce retention rules based on that classification. You can also use retention labels to implement a records management solution for Microsoft 365.


Manage GDPR data subject requests with DSR case tool in Security & Compliance Center - Microsoft 365 Compliance

The GDPR gives EU citizens (called data subjects) specific rights to their personal data; these rights include obtaining copies of it, requesting changes to it, restricting the processing of it, deleting it, or receiving it in an electronic format. A formal request by a data subject to take an action on their personal data is called a Data Subject Request or DSR. You can use DSR Cases in the compliance center in Office 365 and Microsoft 365 to manage your organization's DSR investigations.


Meet data protection and regulatory requirements with Compliance Manager for Microsoft cloud services - Microsoft 365 Compliance

The Compliance Manager in the Microsoft Service Trust Portal provides tools to track, implement, and manage the controls to help your organization reach compliance with security and data protection industry standards (such as GDPR, ISO 27001 and 27018, and HIPAA) when measured against Microsoft cloud services, such as Office 365 and Microsoft Azure. The Compliance Manager helps the person who oversees the data protection and privacy strategy for your organization manage your compliance and risk assessment process.


Learn about retention policies to automatically retain or delete content - Microsoft 365 Compliance

Use a retention policy to decide proactively whether to retain content, delete content, or both - retain and then delete the content; apply a single policy to the entire organization or specific locations or users; and apply a policy to all content or content meeting specific conditions.


Search the audit log in the Security & Compliance Center - Microsoft 365 Compliance

Use the Security & Compliance Center to search the unified audit log to view user and administrator activity in your organization.


Learn about sensitivity labels - Microsoft 365 Compliance

Use sensitivity labels from the Microsoft Information Protection framework to classify and protect your organization's data, without hindering user productivity and collaboration.

Also, please share the post within your circles so it helps them to prepare for the exam.

The free online CSS cleaner tool helps you to organize style files for websites.

No comments:

Post a Comment